1. 26 4月, 2007 30 次提交
  2. 11 2月, 2007 1 次提交
  3. 09 2月, 2007 3 次提交
  4. 26 1月, 2007 1 次提交
    • B
      [TCP]: Fix sorting of SACK blocks. · db3ccdac
      Baruch Even 提交于
      The sorting of SACK blocks actually munges them rather than sort,
      causing the TCP stack to ignore some SACK information and breaking the
      assumption of ordered SACK blocks after sorting.
      
      The sort takes the data from a second buffer which isn't moved causing
      subsequent data moves to occur from the wrong location. The fix is to
      use a temporary buffer as a normal sort does.
      Signed-off-By: NBaruch Even <baruch@ev-en.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      db3ccdac
  5. 24 1月, 2007 1 次提交
    • M
      [TCP]: skb is unexpectedly freed. · fb7e2399
      Masayuki Nakagawa 提交于
      I encountered a kernel panic with my test program, which is a very
      simple IPv6 client-server program.
      
      The server side sets IPV6_RECVPKTINFO on a listening socket, and the
      client side just sends a message to the server.  Then the kernel panic
      occurs on the server.  (If you need the test program, please let me
      know. I can provide it.)
      
      This problem happens because a skb is forcibly freed in
      tcp_rcv_state_process().
      
      When a socket in listening state(TCP_LISTEN) receives a syn packet,
      then tcp_v6_conn_request() will be called from
      tcp_rcv_state_process().  If the tcp_v6_conn_request() successfully
      returns, the skb would be discarded by __kfree_skb().
      
      However, in case of a listening socket which was already set
      IPV6_RECVPKTINFO, an address of the skb will be stored in
      treq->pktopts and a ref count of the skb will be incremented in
      tcp_v6_conn_request().  But, even if the skb is still in use, the skb
      will be freed.  Then someone still using the freed skb will cause the
      kernel panic.
      
      I suggest to use kfree_skb() instead of __kfree_skb().
      Signed-off-by: NMasayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fb7e2399
  6. 07 12月, 2006 1 次提交
    • R
      [NET]: Memory barrier cleanups · e16aa207
      Ralf Baechle 提交于
      I believe all the below memory barriers only matter on SMP so
      therefore the smp_* variant of the barrier should be used.
      
      I'm wondering if the barrier in net/ipv4/inet_timewait_sock.c should be
      dropped entirely.  schedule_work's implementation currently implies a
      memory barrier and I think sane semantics of schedule_work() should imply
      a memory barrier, as needed so the caller shouldn't have to worry.
      It's not quite obvious why the barrier in net/packet/af_packet.c is
      needed; maybe it should be implied through flush_dcache_page?
      Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e16aa207
  7. 03 12月, 2006 3 次提交