[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/kernel/FC-3 patch-2.6.12.6pre.patch, NONE, 1.1 kernel-2.6.spec, 1.869, 1.870 linux-2.6-net-restrict-socket-policy-loading.patch, 1.1, NONE



Author: davej

Update of /cvs/dist/rpms/kernel/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv4399

Modified Files:
	kernel-2.6.spec 
Added Files:
	patch-2.6.12.6pre.patch 
Removed Files:
	linux-2.6-net-restrict-socket-policy-loading.patch 
Log Message:
Merge patches proposed for 2.6.12.6


patch-2.6.12.6pre.patch:
 drivers/scsi/sg.c           |   15 ++++++++-------
 drivers/usb/net/usbnet.c    |    2 +-
 kernel/signal.c             |    2 +-
 lib/zlib_inflate/inftrees.c |    2 +-
 net/ipv4/icmp.c             |   12 ++++++------
 net/ipv4/ip_sockglue.c      |    3 +++
 net/ipv6/ip6_input.c        |    9 +++++----
 net/ipv6/ipv6_sockglue.c    |    3 +++
 8 files changed, 28 insertions(+), 20 deletions(-)

--- NEW FILE patch-2.6.12.6pre.patch ---

The interface needs much redesigning if we wish to allow
normal users to do this in some way.

Signed-off-by: Herbert Xu <herbert gondor apana org au>
Signed-off-by: "David S. Miller" <davem davemloft net>
Signed-off-by: Chris Wright <chrisw osdl org>
---
 net/ipv4/ip_sockglue.c   |    3 +++
 net/ipv6/ipv6_sockglue.c |    3 +++
 2 files changed, 6 insertions(+)

Index: linux-2.6.12.y/net/ipv4/ip_sockglue.c
===================================================================
--- linux-2.6.12.y.orig/net/ipv4/ip_sockglue.c
+++ linux-2.6.12.y/net/ipv4/ip_sockglue.c
@@ -848,6 +848,9 @@ mc_msf_out:
  
 		case IP_IPSEC_POLICY:
 		case IP_XFRM_POLICY:
+			err = -EPERM;
+			if (!capable(CAP_NET_ADMIN))
+				break;
 			err = xfrm_user_policy(sk, optname, optval, optlen);
 			break;
 
Index: linux-2.6.12.y/net/ipv6/ipv6_sockglue.c
===================================================================
--- linux-2.6.12.y.orig/net/ipv6/ipv6_sockglue.c
+++ linux-2.6.12.y/net/ipv6/ipv6_sockglue.c
@@ -503,6 +503,9 @@ done:
 		break;
 	case IPV6_IPSEC_POLICY:
 	case IPV6_XFRM_POLICY:
+		retv = -EPERM;
+		if (!capable(CAP_NET_ADMIN))
+			break;
 		retv = xfrm_user_policy(sk, optname, optval, optlen);
 		break;
 


This bug is quite subtle and only happens in a very interesting
situation where a real-time threaded process is in the middle of a
coredump when someone whacks it with a SIGKILL. However, this deadlock
leaves the system pretty hosed and you have to reboot to recover.

Not good for real-time priority-preemption applications like our
telephony application, with 90+ real-time (SCHED_FIFO and SCHED_RR)
processes, many of them multi-threaded, interacting with each other for
high volume call processing.

Acked-by: Roland McGrath <roland redhat com>
Signed-off-by: Linus Torvalds <torvalds osdl org>
Signed-off-by: Chris Wright <chrisw osdl org>
---
 kernel/signal.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

Index: linux-2.6.12.y/kernel/signal.c
===================================================================
--- linux-2.6.12.y.orig/kernel/signal.c
+++ linux-2.6.12.y/kernel/signal.c
@@ -686,7 +686,7 @@ static void handle_stop_signal(int sig, 
 {
 	struct task_struct *t;
 
-	if (p->flags & SIGNAL_GROUP_EXIT)
+	if (p->signal->flags & SIGNAL_GROUP_EXIT)
 		/*
 		 * The process is in the middle of dying already.
 		 */


It turns out that empty distance code tables are not an error, and that
a compressed block with only literals can validly have an empty table
and should not be flagged as a data error.

Some old versions of gzip had problems with this case, but it does not
affect the zlib code in the kernel.

Analysis and explanations thanks to Sergey Vlasov <vsu altlinux ru>

Cc: Sergey Vlasov <vsu altlinux ru>
Cc: Tavis Ormandy <taviso gentoo org>
Cc: Tim Yamin <plasmaroo gentoo org>
Signed-off-by: Linus Torvalds <torvalds osdl org>
Signed-off-by: Chris Wright <chrisw osdl org>
---
 lib/zlib_inflate/inftrees.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

Index: linux-2.6.12.y/lib/zlib_inflate/inftrees.c
===================================================================
--- linux-2.6.12.y.orig/lib/zlib_inflate/inftrees.c
+++ linux-2.6.12.y/lib/zlib_inflate/inftrees.c
@@ -141,7 +141,7 @@ static int huft_build(
   {
     *t = NULL;
     *m = 0;
-    return Z_DATA_ERROR;
+    return Z_OK;
   }
 
 

Based upon a bug report and initial patch by
Ollie Wild.

Signed-off-by: Patrick McHardy <kaber trash net>
Signed-off-by: "David S. Miller" <davem davemloft net>
Signed-off-by: Chris Wright <chrisw osdl org>
---
 net/ipv4/icmp.c |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

Index: linux-2.6.12.y/net/ipv4/icmp.c
===================================================================
--- linux-2.6.12.y.orig/net/ipv4/icmp.c
+++ linux-2.6.12.y/net/ipv4/icmp.c
@@ -349,12 +349,12 @@ static void icmp_push_reply(struct icmp_
 {
 	struct sk_buff *skb;
 
-	ip_append_data(icmp_socket->sk, icmp_glue_bits, icmp_param,
-		       icmp_param->data_len+icmp_param->head_len,
-		       icmp_param->head_len,
-		       ipc, rt, MSG_DONTWAIT);
-
-	if ((skb = skb_peek(&icmp_socket->sk->sk_write_queue)) != NULL) {
+	if (ip_append_data(icmp_socket->sk, icmp_glue_bits, icmp_param,
+		           icmp_param->data_len+icmp_param->head_len,
+		           icmp_param->head_len,
+		           ipc, rt, MSG_DONTWAIT) < 0)
+		ip_flush_pending_frames(icmp_socket->sk);
+	else if ((skb = skb_peek(&icmp_socket->sk->sk_write_queue)) != NULL) {
 		struct icmphdr *icmph = skb->h.icmph;
 		unsigned int csum = 0;
 		struct sk_buff *skb1;


I think there is a type error when port genelink driver to 2.6..
With this error, a linux host will panic when it link with a windows
host.

Cc: David Brownell <david-b pacbell net>
Signed-off-by: Chris Wright <chrisw osdl org>
---
 drivers/usb/net/usbnet.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

Index: linux-2.6.12.y/drivers/usb/net/usbnet.c
===================================================================
--- linux-2.6.12.y.orig/drivers/usb/net/usbnet.c
+++ linux-2.6.12.y/drivers/usb/net/usbnet.c
@@ -1922,7 +1922,7 @@ static int genelink_rx_fixup (struct usb
 
 			// copy the packet data to the new skb
 			memcpy(skb_put(gl_skb, size), packet->packet_data, size);
-			skb_return (dev, skb);
+			skb_return (dev, gl_skb);
 		}
 
 		// advance to the next packet



I know that scsi procfs is legacy code but this is a fix for a memory leak.

While reading through sg.c I realized that the implementation of
/proc/scsi/sg/devices with seq_file is leaking memory due to freeing the
pointer returned by the next() iterator method. Since next() might
return NULL or an error this is wrong. This patch fixes it through using
the seq_files private field for holding the reference to the iterator
object.

Here is a small bash script to trigger the leak. Use slabtop to watch
the size-32 usage grow and grow.

#!/bin/sh

while true; do
	cat /proc/scsi/sg/devices > /dev/null
done

Signed-off-by: Jan Blunck <j blunck tu-harburg de>
Signed-off-by: Chris Wright <chrisw osdl org>
---
 drivers/scsi/sg.c |   15 ++++++++-------
 1 files changed, 8 insertions(+), 7 deletions(-)

Index: linux-2.6.12.y/drivers/scsi/sg.c
===================================================================
--- linux-2.6.12.y.orig/drivers/scsi/sg.c
+++ linux-2.6.12.y/drivers/scsi/sg.c
@@ -2969,23 +2969,22 @@ static void * dev_seq_start(struct seq_f
 {
 	struct sg_proc_deviter * it = kmalloc(sizeof(*it), GFP_KERNEL);
 
+	s->private = it;
 	if (! it)
 		return NULL;
+
 	if (NULL == sg_dev_arr)
-		goto err1;
+		return NULL;
 	it->index = *pos;
 	it->max = sg_last_dev();
 	if (it->index >= it->max)
-		goto err1;
+		return NULL;
 	return it;
-err1:
-	kfree(it);
-	return NULL;
 }
 
 static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos)
 {
-	struct sg_proc_deviter * it = (struct sg_proc_deviter *) v;
+	struct sg_proc_deviter * it = s->private;
 
 	*pos = ++it->index;
 	return (it->index < it->max) ? it : NULL;
@@ -2993,7 +2992,9 @@ static void * dev_seq_next(struct seq_fi
 
 static void dev_seq_stop(struct seq_file *s, void *v)
 {
-	kfree (v);
+	struct sg_proc_deviter * it = s->private;
+
+	kfree (it);
 }
 
 static int sg_proc_open_dev(struct inode *inode, struct file *file)



Changing it to how ip_input handles should fix it.

Signed-off-by: Patrick McHardy <kaber trash net>
Signed-off-by: "David S. Miller" <davem davemloft net>
Signed-off-by: Chris Wright <chrisw osdl org>
---
 net/ipv6/ip6_input.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

Index: linux-2.6.12.y/net/ipv6/ip6_input.c
===================================================================
--- linux-2.6.12.y.orig/net/ipv6/ip6_input.c
+++ linux-2.6.12.y/net/ipv6/ip6_input.c
@@ -198,12 +198,13 @@ resubmit:
 		if (!raw_sk) {
 			if (xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
 				IP6_INC_STATS_BH(IPSTATS_MIB_INUNKNOWNPROTOS);
-				icmpv6_param_prob(skb, ICMPV6_UNK_NEXTHDR, nhoff);
+				icmpv6_send(skb, ICMPV6_PARAMPROB,
+				            ICMPV6_UNK_NEXTHDR, nhoff,
+				            skb->dev);
 			}
-		} else {
+		} else
 			IP6_INC_STATS_BH(IPSTATS_MIB_INDELIVERS);
-			kfree_skb(skb);
-		}
+		kfree_skb(skb);
 	}
 	rcu_read_unlock();
 	return 0;




Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-3/kernel-2.6.spec,v
retrieving revision 1.869
retrieving revision 1.870
diff -u -r1.869 -r1.870
--- kernel-2.6.spec	26 Aug 2005 08:26:20 -0000	1.869
+++ kernel-2.6.spec	26 Aug 2005 20:28:32 -0000	1.870
@@ -195,6 +195,7 @@
 # Patches 0 through 100 are meant for core subsystem upgrades
 #
 Patch1: patch-2.6.12.5.bz2
+Patch2: patch-2.6.12.6pre.patch
 
 # Patches 100 through 500 are meant for architecture patches
 
@@ -316,7 +317,6 @@
 Patch1910: linux-2.6.12-ns558-nodev-rmmod.patch
 Patch1930: linux-2.6-appletouch-update.patch
 Patch1950: linux-2.6-selinux-addrlen-checks.patch
-Patch1960: linux-2.6-net-restrict-socket-policy-loading.patch
 
 Patch2000: linux-2.6.11-vm-taint.patch
 Patch2001: linux-2.6.9-vm-oomkiller-debugging.patch
@@ -411,6 +411,7 @@
 # Patches 0 through 100 are meant for core subsystem upgrades
 # 
 %patch1 -p1
+%patch2 -p1
 
 #
 # Patches to back out
@@ -643,8 +644,6 @@
 %patch1930 -p1
 # Fix addrlen checks in selinux_socket_connect
 %patch1950 -p1
-# Restrict socket policy loading to CAP_NET_ADMIN.
-%patch1960 -p1
 
 #
 # VM related fixes.
@@ -985,6 +984,7 @@
 - Fix up sleeping in invalid context in sym2 driver. (#164995)
 - Fix 'semaphore is not ready' error in snd-intel8x0m.
 - Restore hwclock functionality on some systems. (#144894)
+- Merge patches proposed for 2.6.12.6
 
 * Tue Aug 23 2005 Dave Jones <davej redhat com> [2.6.12-1.1375_FC3]
 - Work around AMD x86-64 errata 122.


--- linux-2.6-net-restrict-socket-policy-loading.patch DELETED ---


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]