- 21 8月, 2008 7 次提交
-
-
由 Clement Calmels 提交于
This addresses http://bugzilla.kernel.org/show_bug.cgi?id=11318 In function show_map (file: fs/proc/task_mmu.c), if vma->vm_pgoff > 2^20 than (vma->vm_pgoff << PAGE_SIZE) is greater than 2^32 (with PAGE_SIZE equal to 4096 (i.e. 2^12). The next seq_printf use an unsigned long for the conversion of (vma->vm_pgoff << PAGE_SIZE), as a result the offset value displayed in /proc/self/maps is truncated if the page offset is greater than 2^20. A test that shows this issue: #define _GNU_SOURCE #include <sys/types.h> #include <sys/stat.h> #include <sys/mman.h> #include <stdlib.h> #include <stdio.h> #include <fcntl.h> #include <unistd.h> #include <string.h> #define PAGE_SIZE (getpagesize()) #if __i386__ # define U64_STR "%llx" #elif __x86_64 # define U64_STR "%lx" #else # error "Architecture Unsupported" #endif int main(int argc, char *argv[]) { int fd; char *addr; off64_t offset = 0x10000000; char *filename = "/dev/zero"; fd = open(filename, O_RDONLY); if (fd < 0) { perror("open"); return 1; } offset *= 0x10; printf("offset = " U64_STR "\n", offset); addr = (char*)mmap64(NULL, PAGE_SIZE, PROT_READ, MAP_PRIVATE, fd, offset); if ((void*)addr == MAP_FAILED) { perror("mmap64"); return 1; } { FILE *fmaps; char *line = NULL; size_t len = 0; ssize_t read; size_t filename_len = strlen(filename); fmaps = fopen("/proc/self/maps", "r"); if (!fmaps) { perror("fopen"); return 1; } while ((read = getline(&line, &len, fmaps)) != -1) { if ((read > filename_len + 1) && (strncmp(&line[read - filename_len - 1], filename, filename_len) == 0)) printf("%s", line); } if (line) free(line); fclose(fmaps); } close(fd); return 0; } [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: NClement Calmels <cboulte@gmail.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Andreas Herrmann 提交于
"bootmem_debug" is not mentioned in kernel-parameters.txt. Recently I had to use that kernel option and I think it should be documented. Signed-off-by: NAndreas Herrmann <andreas.herrmann3@amd.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Randy Dunlap <randy.dunlap@oracle.com> Cc: Johannes Weiner <hannes@saeurebad.de> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Matthew Garrett 提交于
eeepc-laptop uses the hwmon struct after unregistering the device, causing an oops on module unload. Flip the ordering to fix. Signed-off-by: NMatthew Garrett <mjg@redhat.com> Cc: Henrique de Moraes Holschuh <hmh@hmh.eng.br> Cc: Corentin Chary <corentincj@iksaif.net> Cc: Karol Kozimor <sziwan@users.sourceforge.net> Cc: <stable@kernel.org> [2.6.26.x] Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 David Howells 提交于
Provide ioremap_wc() for FRV. Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 David Howells 提交于
Supply ioremap_wc() for MN10300. Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 David Woodhouse 提交于
Purely cosmetic for now, but we might as well get it merged ASAP. Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 David Woodhouse 提交于
I won't say 'fix', because they still look broken, although this will at least allow 'make ARCH=CRIS headers_install' to _complete_. For headers which are exported, we should probably choose between asm/arch-v10 and asm/arch-v32 by something that GCC defines -- we can't rely on a generated symlink. And we certainly can't export an arch/ directory which doesn't even exist. And the only thing that we seem to include from the arch/ directory is <asm/arch/ptrace.h> from <asm/ptrace.h> ... and that isn't exported in either arch-v10 or arch-v32 _anyway_. Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 20 8月, 2008 19 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6由 Linus Torvalds 提交于
* 'sh/for-2.6.27' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6: sh: Provide a FLAT_PLAT_INIT() definition. binfmt_flat: Stub in a FLAT_PLAT_INIT(). video: export sh_mobile_lcdc panel size sh: select memchunk size using kernel cmdline sh: export sh7723 VEU as VEU2H input: migor_ts compile and detection fix sh: remove MSTPCR defines from Migo-R header file sh: Update sh7763rdp defconfig sh: Add support sh7760fb to sh7763rdp board sh: Add support sh_eth to sh7763rdp board sh: Disable 64kB hugetlbpage size when using 64kB PAGE_SIZE. sh: Don't export __{s,u}divsi3_i4i from SH-2 libgcc. fix SH7705_CACHE_32KB compilation sh: mach-x3proto: Fix up smc91x platform data.
-
git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc由 Linus Torvalds 提交于
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: powerpc: Fix vio_bus_probe oops on probe error powerpc/ibmebus: Restore "name" sysfs attribute on ibmebus devices powerpc: Fix /dev/oldmem interface for kdump powerpc/spufs: Remove invalid semicolon after if statement powerpc/spufs: reference context while dropping state mutex in scheduler powerpc/spufs: fix npc setting for NOSCHED contexts
-
git://git.kernel.org/pub/scm/linux/kernel/git/frob/linux-2.6-utrace由 Linus Torvalds 提交于
* 'tracehook' of git://git.kernel.org/pub/scm/linux/kernel/git/frob/linux-2.6-utrace: tracehook: fix SA_NOCLDWAIT
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6: (22 commits) [SCSI] ibmvfc: Driver version 1.0.2 [SCSI] ibmvfc: Add details to async event log [SCSI] ibmvfc: Sanitize response lengths [SCSI] ibmvfc: Fix for lost async events [SCSI] ibmvfc: Fixup host state during reinit [SCSI] ibmvfc: Fix another hang on module removal [SCSI] ibmvscsi: Fixup desired DMA value for shared memory partitions [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions [SCSI] qla2xxx: Update version number to 8.02.01-k7. [SCSI] qla2xxx: Explicitly tear-down vports during PCI remove_one(). [SCSI] qla2xxx: Reference proper ha during SBR handling. [SCSI] qla2xxx: Set npiv_supported flag for FCoE HBAs. [SCSI] qla2xxx: Don't leak SG-DMA mappings while aborting commands. [SCSI] qla2xxx: Correct vport-state management issues during ISP-ABORT. [SCSI] qla2xxx: Correct synchronization of software/firmware fcport states. [SCSI] scsi_dh: Initialize lun_state in check_ownership() [SCSI] scsi_dh: Do not use scsilun in rdac hardware handler [SCSI] megaraid_sas: version and Documentation Update [SCSI] megaraid_sas: add new controllers (0x78 0x79) [SCSI] megaraid_sas: add the shutdown DCMD cmd to driver shutdown routine ...
-
由 Linus Torvalds 提交于
There was another FAT BKL conversion deadlock reported by Bart Trojanowski due to the BKL being used as a recursive lock by FAT, which was missed because it only triggers with 'sync' (or 'dirsync') mounts. The recursion worked for the BKL, but after the conversion to lock_super (which uses a mutex), it just deadlocks. Thanks to Bart for debugging this and testing the fix. The lock debugging information from the original report: ============================================= [ INFO: possible recursive locking detected ] 2.6.27-rc3-bisect-00448-ga7f5aaf3 #16 --------------------------------------------- mv/4020 is trying to acquire lock: (&type->s_lock_key#9){--..}, at: [<c01a90fe>] lock_super+0x1e/0x20 but task is already holding lock: (&type->s_lock_key#9){--..}, at: [<c01a90fe>] lock_super+0x1e/0x20 other info that might help us debug this: 3 locks held by mv/4020: #0: (&sb->s_type->i_mutex_key#9/1){--..}, at: [<c01b2336>] do_unlinkat+0x66/0x140 #1: (&sb->s_type->i_mutex_key#9){--..}, at: [<c01b0954>] vfs_unlink+0x84/0x110 #2: (&type->s_lock_key#9){--..}, at: [<c01a90fe>] lock_super+0x1e/0x20 stack backtrace: Pid: 4020, comm: mv Not tainted 2.6.27-rc3-bisect-00448-ga7f5aaf3 #16 [<c014e694>] validate_chain+0x984/0xea0 [<c0108d70>] ? native_sched_clock+0x0/0xf0 [<c014ee9c>] __lock_acquire+0x2ec/0x9b0 [<c014f5cf>] lock_acquire+0x6f/0x90 [<c01a90fe>] ? lock_super+0x1e/0x20 [<c044e5fd>] mutex_lock_nested+0xad/0x300 [<c01a90fe>] ? lock_super+0x1e/0x20 [<c01a90fe>] ? lock_super+0x1e/0x20 [<c01a90fe>] lock_super+0x1e/0x20 [<f8b3a700>] fat_write_inode+0x60/0x2b0 [fat] [<c0450878>] ? _spin_unlock_irqrestore+0x48/0x80 [<f8b3a953>] ? fat_sync_inode+0x3/0x20 [fat] [<f8b3a962>] fat_sync_inode+0x12/0x20 [fat] [<f8b37c7e>] fat_remove_entries+0xbe/0x120 [fat] [<f8b422ef>] vfat_unlink+0x5f/0x90 [vfat] [<f8b42290>] ? vfat_unlink+0x0/0x90 [vfat] [<c01b0968>] vfs_unlink+0x98/0x110 [<c01b2400>] do_unlinkat+0x130/0x140 [<c016a8f5>] ? audit_syscall_entry+0x105/0x150 [<c01b253b>] sys_unlinkat+0x3b/0x40 [<c01040d3>] sysenter_do_call+0x12/0x3f ======================= where the deadlock is due to the nesting of lock_super from vfat_unlink to fat_write_inode: - do_unlinkat - vfs_unlink - vfat_unlink * lock_super - fat_remove_entries - fat_sync_inode - fat_write_inode * lock_super and the fix is to simply remove the use of lock_super() in fat_write_inode. The lock_super() there had been just an automatic conversion of the kernel lock to the superblock lock, but no locking was actually needed there, since the code in fat_write_inode already protected all relevant accesses with a spinlock (sbi->inode_hash_lock to be exact). The only code inside the BKL (and thus the superblock lock) was accesses tp local variables or calls to functions that have long been SMP-safe (i.e. sb_bread, mark_buffe_dirty and brlese). Bart reports: "Looks good. I ran 10 parallel processes creating 1M files truncating them, writing to them again and then deleting them. This patch fixes the issue I ran into. Signed-off-by: Bart Trojanowski <bart@jukie.net>" Reported-and-tested-by: NBart Trojanowski <bart@jukie.net> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Roland McGrath 提交于
I outwitted myself again in commit 2b2a1ff6, and broke the SA_NOCLDWAIT behavior so it leaks zombies. This fixes it. Reported-by: NAndi Kleen <andi@firstfloor.org> Signed-off-by: NRoland McGrath <roland@redhat.com>
-
由 Brian King 提交于
When CMO is enabled and booted on a non CMO system and the VIO device's probe function fails, an oops can result since vio_cmo_bus_remove is called when it should not. This fixes it by avoiding the vio_cmo_bus_remove call on platforms that don't implement CMO. cpu 0x0: Vector: 300 (Data Access) at [c00000000e13b3d0] pc: c000000000020d34: .vio_cmo_bus_remove+0xc0/0x1f4 lr: c000000000020ca4: .vio_cmo_bus_remove+0x30/0x1f4 sp: c00000000e13b650 msr: 8000000000009032 dar: 0 dsisr: 40000000 current = 0xc00000000e0566c0 paca = 0xc0000000006f9b80 pid = 2428, comm = modprobe enter ? for help [c00000000e13b6e0] c000000000021d94 .vio_bus_probe+0x2f8/0x33c [c00000000e13b7a0] c00000000029fc88 .driver_probe_device+0x13c/0x200 [c00000000e13b830] c00000000029fdac .__driver_attach+0x60/0xa4 [c00000000e13b8c0] c00000000029f050 .bus_for_each_dev+0x80/0xd8 [c00000000e13b980] c00000000029f9ec .driver_attach+0x28/0x40 [c00000000e13ba00] c00000000029f630 .bus_add_driver+0xd4/0x284 [c00000000e13baa0] c0000000002a01bc .driver_register+0xc4/0x198 [c00000000e13bb50] c00000000002168c .vio_register_driver+0x40/0x5c [c00000000e13bbe0] d0000000003b3f1c .ibmvfc_module_init+0x70/0x109c [ibmvfc] [c00000000e13bc70] c0000000000acf08 .sys_init_module+0x184c/0x1a10 [c00000000e13be30] c000000000008748 syscall_exit+0x0/0x40 Signed-off-by: NBrian King <brking@linux.vnet.ibm.com> Signed-off-by: NPaul Mackerras <paulus@samba.org>
-
由 Joachim Fenkes 提交于
Recent of_platform changes made of_bus_type_init() overwrite the bus type's .dev_attrs list, meaning that the "name" attribute that ibmebus devices previously had is no longer present. This is a user-visible regression which breaks the userspace eHCA support, since the eHCA userspace driver relies on the name attribute to check for valid adapters. This fixes it by providing the "name" attribute in the generic OF device code instead. Tested on POWER. Signed-off-by: NJoachim Fenkes <fenkes@de.ibm.com> Signed-off-by: NPaul Mackerras <paulus@samba.org>
-
由 Michael Ellerman 提交于
A change to __ioremap() broke reading /dev/oldmem because we're no longer able to ioremap pfn 0 (d177c207, "[PATCH] powerpc: IOMMU: don't ioremap null addresses"). We actually don't need to ioremap for anything that's part of the linear mapping, so just read it directly. Also make sure we're only reading one page or less at a time. Signed-off-by: NMichael Ellerman <michael@ellerman.id.au> Signed-off-by: NSachin Sant <sachinp@in.ibm.com> Signed-off-by: NPaul Mackerras <paulus@samba.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: firewire: Kconfig help update ieee1394: sbp2: let nodemgr retry node updates during bus reset series ieee1394: don't drop nodes during bus reset series ieee1394: regression in 2.6.25: updates should happen before probes
-
git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6: PCI: add acpi_find_root_bridge_handle PCI: acpi_pcihp: run _OSC on a root bridge x86/PCI: irq and pci_ids patch for Intel Ibex Peak PCHs x86/PCI: allow scanning of 255 PCI busses x86, pci: detect end_bus_number according to acpi/e820 reserved, v2 pci: debug extra pci bus resources pci: debug extra pci resources range
-
由 Linus Torvalds 提交于
This reverts commit 34ae7f35, which has been reported to cause a number of problems. During suspend and resume, it apparently causes a crash in a CPU hotplug notifier to happen, although the exact details are sketchy because of the inability to get good traces during the suspend sequence. See buzilla entries http://bugzilla.kernel.org/show_bug.cgi?id=11296 http://bugzilla.kernel.org/show_bug.cgi?id=11339 for more examples and details. [ Mark: "Revert the patch for now. I'm still looking into getting a reliable reproduction and I do not have a fix at this time." ] Requested-by: NRafael J. Wysocki <rjw@sisk.pl> Acked-by: NMark Langsdorf <mark.langsdorf@amd.com> Acked-by: NDave Jones <davej@redhat.com> Signed-off-by: NLinus Torvalds <torvalds@inux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: evdev - fix printf() format for sizeof Input: remove version.h from drivers that don't need it Input: cobalt_btns - add missing MODULE_LICENSE
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (94 commits) pkt_sched: Prevent livelock in TX queue running. Revert "pkt_sched: Add BH protection for qdisc_stab_lock." Revert "pkt_sched: Protect gen estimators under est_lock." pkt_sched: remove bogus block (cleanup) nf_nat: use secure_ipv4_port_ephemeral() for NAT port randomization netfilter: ctnetlink: sleepable allocation with spin lock bh netfilter: ctnetlink: fix sleep in read-side lock section netfilter: ctnetlink: fix double helper assignation for NAT'ed conntracks netfilter: ipt_addrtype: Fix matching of inverted destination address type dccp: Fix panic caused by too early termination of retransmission mechanism pkt_sched: Don't hold qdisc lock over qdisc_destroy(). pkt_sched: Add lockdep annotation for qdisc locks pkt_sched: Never schedule non-root qdiscs. removed unused #include <version.h> rt2x00: Fix txdone_entry_desc_flags b43: Fix for another Bluetooth Coexistence SPROM Programming error for BCM4306 mac80211: remove kdoc references to IEEE80211_HW_HOST_GEN_BEACON_TEMPLATE p54u: reset skb's data/tail pointer on requeue p54: move p54_vdcf_init to the right place. iwlwifi: fix printk newlines ...
-
由 Stefan Richter 提交于
Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
-
由 Stefan Richter 提交于
sbp2 was too quick to report .update() to the ieee1394 core as failed. (Logged as "Failed to reconnect to sbp2 device!".) The core would then unbind sbp2 from the device. This is not justified if the .update() failed because another bus reset happened. We check this and tell the ieee1394 that .update() succeeded, and the core will call sbp2's .update() for the new bus reset as well. This improves reconnection/re-login especially on buses with several disks as they may issue bus resets in close succession when they come online. Tested by Damien Benoist. Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
-
由 Stefan Richter 提交于
nodemgr_node_probe checked for generation increments too late and therefore prematurely reported nodes as "suspended". Fixes http://bugzilla.kernel.org/show_bug.cgi?id=11349. Reported and tested by Damien Benoist. Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
-
由 Stefan Richter 提交于
Regression since commit 73cf6023, "ieee1394: use class iteration api": The two loops for (1.) driver updates and (2.) driver probes were replaced by a single loop with bogus needs_probe checks. Hence updates and probes were now intermixed, and especially sbp2 updates (reconnects) held up longer than necessary. While we fix it, change the needs_probe flag to bool type for clarity. Tested by Damien Benoist. Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
-
- 19 8月, 2008 14 次提交
-
-
由 Geert Uytterhoeven 提交于
commit f2afa771 ("Input: paper over a bug in Synaptics X driver") introduced a compiler warning on 64-bit platforms, as sizeof() returns a size_t, not an (unsigned) int: | drivers/input/evdev.c: In function 'handle_eviocgbit': | drivers/input/evdev.c:684: warning: format '%d' expects type 'int', but argument 3 has type 'long unsigned int' Use the proper `z' modifier for size_t, and make the printf() formats for the sizes unsigned while we're at it. Signed-off-by: NGeert Uytterhoeven <Geert.Uytterhoeven@sonycom.com> Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Ilpo Järvinen 提交于
Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: NJeremy Kerr <jk@ozlabs.org>
-
由 David S. Miller 提交于
If dev_deactivate() is trying to quiesce the queue, it is theoretically possible for another cpu to livelock trying to process that queue. This happens because dev_deactivate() grabs the queue spinlock as it checks the queue state, whereas net_tx_action() does a trylock and reschedules the qdisc if it hits the lock. This breaks the livelock by adding a check on __QDISC_STATE_DEACTIVATED to net_tx_action() when the trylock fails. Based upon feedback from Herbert Xu and Jarek Poplawski. Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
This reverts commit 1cfa2666. qdisc_destroy() runs fully under RTNL again and not from softint any longer, so this change is no longer needed. Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
This reverts commit d4766692. qdisc_destroy() now runs in RTNL fully again, so this change is no longer needed. Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Ilpo Järvinen 提交于
...Last block local var got just deleted. Signed-off-by: NIlpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Stephen Hemminger 提交于
Use incoming network tuple as seed for NAT port randomization. This avoids concerns of leaking net_random() bits, and also gives better port distribution. Don't have NAT server, compile tested only. Signed-off-by: NStephen Hemminger <shemminger@vyatta.com> [ added missing EXPORT_SYMBOL_GPL ] Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pablo Neira Ayuso 提交于
This patch removes a GFP_KERNEL allocation while holding a spin lock with bottom halves disabled in ctnetlink_change_helper(). This problem was introduced in 2.6.23 with the netfilter extension infrastructure. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pablo Neira Ayuso 提交于
Fix allocation with GFP_KERNEL in ctnetlink_create_conntrack() under read-side lock sections. This problem was introduced in 2.6.25. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Pablo Neira Ayuso 提交于
If we create a conntrack that has NAT handlings and a helper, the helper is assigned twice. This happens because nf_nat_setup_info() - via nf_conntrack_alter_reply() - sets the helper before ctnetlink, which indeed does not check if the conntrack already has a helper as it thinks that it is a brand new conntrack. The fix moves the helper assignation before the set of the status flags. This avoids a bogus assertion in __nf_ct_ext_add (if netfilter assertions are enabled) which checks that the conntrack must not be confirmed. This problem was introduced in 2.6.23 with the netfilter extension infrastructure. Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NPatrick McHardy <kaber@trash.net>
-
由 Anders Grafström 提交于
This patch fixes matching of inverted destination address type. Signed-off-by: NAnders Grafström <grfstrm@users.sourceforge.net> Signed-off-by: NPatrick McHardy <kaber@trash.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Gerrit Renker 提交于
Thanks is due to Wei Yongjun for the detailed analysis and description of this bug at http://marc.info/?l=dccp&m=121739364909199&w=2 The problem is that invalid packets received by a client in state REQUEST cause the retransmission timer for the DCCP-Request to be reset. This includes freeing the Request-skb ( in dccp_rcv_request_sent_state_process() ). As a consequence, * the arrival of further packets cause a double-free, triggering a panic(), * the connection then may hang, since further retransmissions are blocked. This patch changes the order of statements so that the retransmission timer is reset, and the pending Request freed, only if a valid Response has arrived (or the number of sysctl-retries has been exhausted). Further changes: ---------------- To be on the safe side, replaced __kfree_skb with kfree_skb so that if due to unexpected circumstances the sk_send_head is NULL the WARN_ON is used instead. Signed-off-by: NGerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-