1. 20 4月, 2007 11 次提交
  2. 19 4月, 2007 5 次提交
    • A
      KVM: Fix off-by-one when writing to a nonpae guest pde · 6b8d0f9b
      Avi Kivity 提交于
      Nonpae guest pdes are shadowed by two pae ptes, so we double the offset
      twice: once to account for the pte size difference, and once because we
      need to shadow pdes for a single guest pde.
      
      But when writing to the upper guest pde we also need to truncate the
      lower bits, otherwise the multiply shifts these bits into the pde index
      and causes an access to the wrong shadow pde.  If we're at the end of the
      page (accessing the very last guest pde) we can even overflow into the
      next host page and oops.
      Signed-off-by: NAvi Kivity <avi@qumranet.com>
      6b8d0f9b
    • D
      [NETLINK]: Don't attach callback to a going-away netlink socket · ac57b3a9
      Denis Lunev 提交于
      There is a race between netlink_dump_start() and netlink_release()
      that can lead to the situation when a netlink socket with non-zero
      callback is freed.
      
      Here it is:
      
      CPU1:                           CPU2
      netlink_release():              netlink_dump_start():
      
                                      sk = netlink_lookup(); /* OK */
      
      netlink_remove();
      
      spin_lock(&nlk->cb_lock);
      if (nlk->cb) { /* false */
        ...
      }
      spin_unlock(&nlk->cb_lock);
      
                                      spin_lock(&nlk->cb_lock);
                                      if (nlk->cb) { /* false */
                                               ...
                                      }
                                      nlk->cb = cb;
                                      spin_unlock(&nlk->cb_lock);
                                      ...
      sock_orphan(sk);
      /*
       * proceed with releasing
       * the socket
       */
      
      The proposal it to make sock_orphan before detaching the callback
      in netlink_release() and to check for the sock to be SOCK_DEAD in
      netlink_dump_start() before setting a new callback.
      Signed-off-by: NDenis Lunev <den@openvz.org>
      Signed-off-by: NKirill Korotaev <dev@openvz.org>
      Signed-off-by: NPavel Emelianov <xemul@openvz.org>
      Acked-by: NPatrick McHardy <kaber@trash.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ac57b3a9
    • O
      [IrDA]: Correctly handling socket error · bfb6709d
      Olaf Kirch 提交于
      This patch fixes an oops first reported in mid 2006 - see
      http://lkml.org/lkml/2006/8/29/358 The cause of this bug report is that
      when an error is signalled on the socket, irda_recvmsg_stream returns
      without removing a local wait_queue variable from the socket's sk_sleep
      queue. This causes havoc further down the road.
      
      In response to this problem, a patch was made that invoked sock_orphan on
      the socket when receiving a disconnect indication. This is not a good fix,
      as this sets sk_sleep to NULL, causing applications sleeping in recvmsg
      (and other places) to oops.
      
      This is against the latest net-2.6 and should be considered for -stable
      inclusion. 
      Signed-off-by: NOlaf Kirch <olaf.kirch@oracle.com>
      Signed-off-by: NSamuel Ortiz <samuel@sortiz.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bfb6709d
    • V
      [SCTP]: Do not interleave non-fragments when in partial delivery · d0cf0d99
      Vlad Yasevich 提交于
      The way partial delivery is currently implemnted, it is possible to
      intereleave a message (either from another steram, or unordered) that
      is not part of partial delivery process.  The only way to this is for
      a message to not be a fragment and be 'in order' or unorderd for a
      given stream.  This will result in bypassing the reassembly/ordering
      queues where things live duing partial delivery, and the
      message will be delivered to the socket in the middle of partial delivery.
      
      This is a two-fold problem, in that:
      1.  the app now must check the stream-id and flags which it may not
      be doing.
      2.  this clearing partial delivery state from the association and results
      in ulp hanging.
      
      This patch is a band-aid over a much bigger problem in that we
      don't do stream interleave.
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d0cf0d99
    • D
      [IPSEC] af_key: Fix thinko in pfkey_xfrm_policy2msg() · fefaa75e
      David S. Miller 提交于
      Make sure to actually assign the determined mode to
      rq->sadb_x_ipsecrequest_mode.
      
      Noticed by Joe Perches.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fefaa75e
  3. 18 4月, 2007 24 次提交