1. 08 10月, 2008 1 次提交
  2. 01 10月, 2008 1 次提交
    • A
      XFRM,IPv6: initialize ip6_dst_blackhole_ops.kmem_cachep · 5dc121e9
      Arnaud Ebalard 提交于
      ip6_dst_blackhole_ops.kmem_cachep is not expected to be NULL (i.e. to
      be initialized) when dst_alloc() is called from ip6_dst_blackhole().
      Otherwise, it results in the following (xfrm_larval_drop is now set to
      1 by default):
      
      [   78.697642] Unable to handle kernel paging request for data at address 0x0000004c
      [   78.703449] Faulting instruction address: 0xc0097f54
      [   78.786896] Oops: Kernel access of bad area, sig: 11 [#1]
      [   78.792791] PowerMac
      [   78.798383] Modules linked in: btusb usbhid bluetooth b43 mac80211 cfg80211 ehci_hcd ohci_hcd sungem sungem_phy usbcore ssb
      [   78.804263] NIP: c0097f54 LR: c0334a28 CTR: c002d430
      [   78.809997] REGS: eef19ad0 TRAP: 0300   Not tainted  (2.6.27-rc5)
      [   78.815743] MSR: 00001032 <ME,IR,DR>  CR: 22242482  XER: 20000000
      [   78.821550] DAR: 0000004c, DSISR: 40000000
      [   78.827278] TASK = eef0df40[3035] 'mip6d' THREAD: eef18000
      [   78.827408] GPR00: 00001032 eef19b80 eef0df40 00000000 00008020 eef19c30 00000001 00000000
      [   78.833249] GPR08: eee5101c c05a5c10 ef9ad500 00000000 24242422 1005787c 00000000 1004f960
      [   78.839151] GPR16: 00000000 10024e90 10050040 48030018 0fe44150 00000000 00000000 eef19c30
      [   78.845046] GPR24: eef19e44 00000000 eef19bf8 efb37c14 eef19bf8 00008020 00009032 c0596064
      [   78.856671] NIP [c0097f54] kmem_cache_alloc+0x20/0x94
      [   78.862581] LR [c0334a28] dst_alloc+0x40/0xc4
      [   78.868451] Call Trace:
      [   78.874252] [eef19b80] [c03c1810] ip6_dst_lookup_tail+0x1c8/0x1dc (unreliable)
      [   78.880222] [eef19ba0] [c0334a28] dst_alloc+0x40/0xc4
      [   78.886164] [eef19bb0] [c03cd698] ip6_dst_blackhole+0x28/0x1cc
      [   78.892090] [eef19be0] [c03d9be8] rawv6_sendmsg+0x75c/0xc88
      [   78.897999] [eef19cb0] [c038bca4] inet_sendmsg+0x4c/0x78
      [   78.903907] [eef19cd0] [c03207c8] sock_sendmsg+0xac/0xe4
      [   78.909734] [eef19db0] [c03209e4] sys_sendmsg+0x1e4/0x2a0
      [   78.915540] [eef19f00] [c03220a8] sys_socketcall+0xfc/0x210
      [   78.921406] [eef19f40] [c0014b3c] ret_from_syscall+0x0/0x38
      [   78.927295] --- Exception: c01 at 0xfe2d730
      [   78.927297]     LR = 0xfe2d71c
      [   78.939019] Instruction dump:
      [   78.944835] 91640018 9144001c 900a0000 4bffff44 9421ffe0 7c0802a6 bf810010 7c9d2378
      [   78.950694] 90010024 7fc000a6 57c0045e 7c000124 <83e3004c> 8383005c 2f9f0000 419e0050
      [   78.956464] ---[ end trace 05fa1ed7972487a1 ]---
      
      As commented by Benjamin Thery, the bug was introduced by
      f2fc6a54, while adding network
      namespaces support to ipv6 routes.
      Signed-off-by: NArnaud Ebalard <arno@natisbad.org>
      Acked-by: NBenjamin Thery <benjamin.thery@bull.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5dc121e9
  3. 11 9月, 2008 1 次提交
    • D
      ipv6: On interface down/unregister, purge icmp routes too. · 1e493d19
      David S. Miller 提交于
      Johannes Berg reported that occaisionally, bringing an interface
      down or unregistering it would hang for up to 30 seconds.  Using
      debugging output he provided it became clear that ICMP6 routes
      were the culprit.
      
      The problem is that ICMP6 routes live in their own world totally
      separate from normal ipv6 routes.  So there are all kinds of special
      cases throughout the ipv6 code to handle this.
      
      While we should really try to unify all of this stuff somehow,
      for the time being let's fix this by purging the ICMP6 routes
      that match the device in question during rt6_ifdown().
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1e493d19
  4. 15 8月, 2008 1 次提交
  5. 13 8月, 2008 1 次提交
    • B
      ipv6: Fix OOPS, ip -f inet6 route get fec0::1, linux-2.6.26, ip6_route_output, rt6_fill_node+0x175 · 5e0115e5
      Brian Haley 提交于
      Alexey Dobriyan wrote:
      > On Thu, Aug 07, 2008 at 07:00:56PM +0200, John Gumb wrote:
      >> Scenario: no ipv6 default route set.
      > 
      >> # ip -f inet6 route get fec0::1
      >>
      >> BUG: unable to handle kernel NULL pointer dereference at 00000000
      >> IP: [<c0369b85>] rt6_fill_node+0x175/0x3b0
      >> EIP is at rt6_fill_node+0x175/0x3b0
      > 
      > 0xffffffff80424dd3 is in rt6_fill_node (net/ipv6/route.c:2191).
      > 2186                    } else
      > 2187    #endif
      > 2188                            NLA_PUT_U32(skb, RTA_IIF, iif);
      > 2189            } else if (dst) {
      > 2190                    struct in6_addr saddr_buf;
      > 2191      ====>         if (ipv6_dev_get_saddr(ip6_dst_idev(&rt->u.dst)->dev,
      >					       ^^^^^^^^^^^^^^^^^^^^^^^^
      >											NULL
      > 
      > 2192                                           dst, 0, &saddr_buf) == 0)
      > 2193                            NLA_PUT(skb, RTA_PREFSRC, 16, &saddr_buf);
      > 2194            }
      
      The commit that changed this can't be reverted easily, but the patch
      below works for me.
      
      Fix NULL de-reference in rt6_fill_node() when there's no IPv6 input
      device present in the dst entry.
      Signed-off-by: NBrian Haley <brian.haley@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5e0115e5
  6. 06 8月, 2008 1 次提交
  7. 23 7月, 2008 1 次提交
  8. 20 7月, 2008 1 次提交
  9. 18 7月, 2008 2 次提交
  10. 03 7月, 2008 2 次提交
  11. 28 6月, 2008 1 次提交
  12. 12 6月, 2008 2 次提交
  13. 05 6月, 2008 1 次提交
  14. 21 5月, 2008 1 次提交
    • H
      ipsec: Use the correct ip_local_out function · 1ac06e03
      Herbert Xu 提交于
      Because the IPsec output function xfrm_output_resume does its
      own dst_output call it should always call __ip_local_output
      instead of ip_local_output as the latter may invoke dst_output
      directly.  Otherwise the return values from nf_hook and dst_output
      may clash as they both use the value 1 but for different purposes.
      
      When that clash occurs this can cause a packet to be used after
      it has been freed which usually leads to a crash.  Because the
      offending value is only returned from dst_output with qdiscs
      such as HTB, this bug is normally not visible.
      
      Thanks to Marco Berizzi for his perseverance in tracking this
      down.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1ac06e03
  15. 20 5月, 2008 3 次提交
  16. 05 5月, 2008 1 次提交
  17. 22 4月, 2008 1 次提交
  18. 21 4月, 2008 1 次提交
  19. 16 4月, 2008 1 次提交
  20. 12 4月, 2008 1 次提交
    • Y
      [IPV6]: Make address arguments const. · 9acd9f3a
      YOSHIFUJI Hideaki 提交于
      - net/ipv6/addrconf.c:
      	ipv6_get_ifaddr(), ipv6_dev_get_saddr()
      - net/ipv6/mcast.c:
      	ipv6_sock_mc_join(), ipv6_sock_mc_drop(),
      	inet6_mc_check(),
      	ipv6_dev_mc_inc(), __ipv6_dev_mc_dec(), ipv6_dev_mc_dec(),
      	ipv6_chk_mcast_addr()
      - net/ipv6/route.c:
      	rt6_lookup(), icmp6_dst_alloc()
      - net/ipv6/ip6_output.c:
      	ip6_nd_hdr()
      - net/ipv6/ndisc.c:
      	ndisc_send_ns(), ndisc_send_rs(), ndisc_send_redirect(),
      	ndisc_get_neigh(), __ndisc_send()
      Signed-off-by: NYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
      9acd9f3a
  21. 05 4月, 2008 1 次提交
  22. 03 4月, 2008 1 次提交
  23. 27 3月, 2008 1 次提交
  24. 26 3月, 2008 2 次提交
  25. 25 3月, 2008 2 次提交
  26. 08 3月, 2008 1 次提交
  27. 06 3月, 2008 2 次提交
  28. 05 3月, 2008 5 次提交