bk://kernel.bkbits.net/davem/net-2.6 herbert@gondor.apana.org.au|ChangeSet|20050331005816|28260 herbert # This is a BitKeeper generated diff -Nru style patch. # # ChangeSet # 2005/03/30 16:58:16-08:00 herbert@gondor.apana.org.au # [NETLINK]: Fix sk_rmem_alloc assertion failure. # # In netlink_dump we're operating on sk after dropping the cb lock. # This is racy because the owner of the socket could close it after # we drop the cb lock. # # This is possible because netlink_dump isn't always called from the # context of the process that owns the socket. For instance, if there # is contention on rtnl then rtnetlink requests will be processed by # the process that owns the rtnl. # # The solution is to hold a ref count on the socket before we drop # the cb lock. # # Signed-off-by: Herbert Xu # Signed-off-by: David S. Miller # # net/netlink/af_netlink.c # 2005/03/30 16:58:04-08:00 herbert@gondor.apana.org.au +2 -0 # [NETLINK]: Fix sk_rmem_alloc assertion failure. # # In netlink_dump we're operating on sk after dropping the cb lock. # This is racy because the owner of the socket could close it after # we drop the cb lock. # # This is possible because netlink_dump isn't always called from the # context of the process that owns the socket. For instance, if there # is contention on rtnl then rtnetlink requests will be processed by # the process that owns the rtnl. # # The solution is to hold a ref count on the socket before we drop # the cb lock. # # Signed-off-by: Herbert Xu # Signed-off-by: David S. Miller # # ChangeSet # 2005/03/30 16:35:41-08:00 yoshfuji@linux-ipv6.org # [AF_UNIX]: unix_mkname comment # # Resurrect an old comment, explaining why this isn't an off-by-one error. # # Signed-off-by: Hideaki YOSHIFUJI # Signed-off-by: Andrew Morton # Signed-off-by: David S. Miller # # net/unix/af_unix.c # 2005/03/30 16:35:29-08:00 yoshfuji@linux-ipv6.org +7 -0 # [AF_UNIX]: unix_mkname comment # # Resurrect an old comment, explaining why this isn't an off-by-one error. # # Signed-off-by: Hideaki YOSHIFUJI # Signed-off-by: Andrew Morton # Signed-off-by: David S. Miller # # ChangeSet # 2005/03/30 16:35:08-08:00 yoshfuji@linux-ipv6.org # [IPV6]: Fix address/interface handling according to the scoping architecture # # I think this has been there for long time (maybe since 2.4...). # # With the following patch, I can connect local link-local address. # - Change incoming interface according to the scoping architecture # - Choose source address on appropriate interface, according to the # scoping architecture. # # Signed-off-by: Hideaki YOSHIFUJI # Signed-off-by: Andrew Morton # Signed-off-by: David S. Miller # # net/ipv6/ip6_input.c # 2005/03/30 16:34:56-08:00 yoshfuji@linux-ipv6.org +11 -3 # [IPV6]: Fix address/interface handling according to the scoping architecture # # I think this has been there for long time (maybe since 2.4...). # # With the following patch, I can connect local link-local address. # - Change incoming interface according to the scoping architecture # - Choose source address on appropriate interface, according to the # scoping architecture. # # Signed-off-by: Hideaki YOSHIFUJI # Signed-off-by: Andrew Morton # Signed-off-by: David S. Miller # # net/ipv6/addrconf.c # 2005/03/30 16:34:56-08:00 yoshfuji@linux-ipv6.org +1 -1 # [IPV6]: Fix address/interface handling according to the scoping architecture # # I think this has been there for long time (maybe since 2.4...). # # With the following patch, I can connect local link-local address. # - Change incoming interface according to the scoping architecture # - Choose source address on appropriate interface, according to the # scoping architecture. # # Signed-off-by: Hideaki YOSHIFUJI # Signed-off-by: Andrew Morton # Signed-off-by: David S. Miller # # ChangeSet # 2005/03/30 16:34:22-08:00 herbert@gondor.apana.org.au # [PKT_SCHED]: Memory leak in ipt.c # # Signed-off-by: Herbert Xu # Signed-off-by: Andrew Morton # Signed-off-by: David S. Miller # # net/sched/ipt.c # 2005/03/30 16:34:10-08:00 herbert@gondor.apana.org.au +2 -0 # [PKT_SCHED]: Memory leak in ipt.c # # Signed-off-by: Herbert Xu # Signed-off-by: Andrew Morton # Signed-off-by: David S. Miller # # ChangeSet # 2005/03/30 16:33:25-08:00 rusty@rustcorp.com.au # [NETFILTER]: Restore ports module parameter for ip_nat_{ftp,irq} # # There is no 'ports' parameter for the ip_nat_ftp and ip_nat_irc modules in # 2.6.11: the ports parameter supplied to the # ip_conntrack_ftp/ip_conntrack_irc module defines the ports. It was # unfortunate that we were lazy in the original implementation, and forced # the user to duplicate the arguments. # # Even more unfortunate, the removal of the parameter caused autoloading to # break for various setups, with an 'Unknown parameter' message. The # solution is to restore the parameter as a dummy, with a polite warning # message that it is no longer neccessary. # # Signed-off-by: Rusty Russell # Signed-off-by: Andrew Morton # Signed-off-by: David S. Miller # # net/ipv4/netfilter/ip_nat_irc.c # 2005/03/30 16:33:13-08:00 rusty@rustcorp.com.au +9 -0 # [NETFILTER]: Restore ports module parameter for ip_nat_{ftp,irq} # # There is no 'ports' parameter for the ip_nat_ftp and ip_nat_irc modules in # 2.6.11: the ports parameter supplied to the # ip_conntrack_ftp/ip_conntrack_irc module defines the ports. It was # unfortunate that we were lazy in the original implementation, and forced # the user to duplicate the arguments. # # Even more unfortunate, the removal of the parameter caused autoloading to # break for various setups, with an 'Unknown parameter' message. The # solution is to restore the parameter as a dummy, with a polite warning # message that it is no longer neccessary. # # Signed-off-by: Rusty Russell # Signed-off-by: Andrew Morton # Signed-off-by: David S. Miller # # net/ipv4/netfilter/ip_nat_ftp.c # 2005/03/30 16:33:13-08:00 rusty@rustcorp.com.au +9 -0 # [NETFILTER]: Restore ports module parameter for ip_nat_{ftp,irq} # # There is no 'ports' parameter for the ip_nat_ftp and ip_nat_irc modules in # 2.6.11: the ports parameter supplied to the # ip_conntrack_ftp/ip_conntrack_irc module defines the ports. It was # unfortunate that we were lazy in the original implementation, and forced # the user to duplicate the arguments. # # Even more unfortunate, the removal of the parameter caused autoloading to # break for various setups, with an 'Unknown parameter' message. The # solution is to restore the parameter as a dummy, with a polite warning # message that it is no longer neccessary. # # Signed-off-by: Rusty Russell # Signed-off-by: Andrew Morton # Signed-off-by: David S. Miller # # ChangeSet # 2005/03/30 16:32:22-08:00 jan.kiszka@web.de # [NET]: NULL pointer bug in netpoll.c # # It seems that there is a gremlin sleeping in net/core/netpoll.c:find_skb(). # Even if no more buffers are available through skbs, skb is # dereferenced anyway. The tiny patch should fix it. # # Signed-off-by: Andrew Morton # Signed-off-by: David S. Miller # # net/core/netpoll.c # 2005/03/30 16:32:11-08:00 jan.kiszka@web.de +4 -3 # [NET]: NULL pointer bug in netpoll.c # # It seems that there is a gremlin sleeping in net/core/netpoll.c:find_skb(). # Even if no more buffers are available through skbs, skb is # dereferenced anyway. The tiny patch should fix it. # # Signed-off-by: Andrew Morton # Signed-off-by: David S. Miller # # ChangeSet # 2005/03/30 01:34:30+02:00 tgraf@suug.ch # [PKT_SCHED]: Fix action statistics dumping in compatibility mode # # Extends the action dumping function by a parameter to differ between # regular calls and the one supposed to add the backward compatiblity # bits for old userspace applications. # # Signed-off-by: Thomas Graf # Signed-off-by: David S. Miller # # net/sched/cls_api.c # 2005/03/30 01:34:14+02:00 tgraf@suug.ch +1 -1 # [PKT_SCHED]: Fix action statistics dumping in compatibility mode # # net/sched/act_api.c # 2005/03/30 01:34:14+02:00 tgraf@suug.ch +12 -7 # [PKT_SCHED]: Fix action statistics dumping in compatibility mode # # include/net/act_api.h # 2005/03/30 01:34:14+02:00 tgraf@suug.ch +1 -1 # [PKT_SCHED]: Fix action statistics dumping in compatibility mode # # ChangeSet # 2005/03/29 02:55:11+02:00 tgraf@suug.ch # [NET]: Make primary TLV type optional # # Allows the use of the gnet_stats API for backward compatiblity # cases where no "modern" TLV structure is needed. # # Signed-off-by: Thomas Graf # Signed-off-by: David S. Miller # # net/core/gen_stats.c # 2005/03/29 02:54:56+02:00 tgraf@suug.ch +7 -3 # [NET]: Make primary TLV type optional # # ChangeSet # 2005/03/29 02:45:52+02:00 tgraf@suug.ch # Cset exclude: hadi@cyberus.ca|ChangeSet|20050325173452|50562 # # net/sched/cls_u32.c # 2005/03/29 02:45:46+02:00 tgraf@suug.ch +0 -0 # Exclude # # net/sched/cls_tcindex.c # 2005/03/29 02:45:46+02:00 tgraf@suug.ch +0 -0 # Exclude # # net/sched/cls_route.c # 2005/03/29 02:45:46+02:00 tgraf@suug.ch +0 -0 # Exclude # # net/sched/cls_fw.c # 2005/03/29 02:45:46+02:00 tgraf@suug.ch +0 -0 # Exclude # diff -Nru a/include/net/act_api.h b/include/net/act_api.h --- a/include/net/act_api.h 2005-03-30 17:19:39 -08:00 +++ b/include/net/act_api.h 2005-03-30 17:19:39 -08:00 @@ -81,7 +81,7 @@ extern int tcf_action_dump(struct sk_buff *skb, struct tc_action *a, int, int); extern int tcf_action_dump_old(struct sk_buff *skb, struct tc_action *a, int, int); extern int tcf_action_dump_1(struct sk_buff *skb, struct tc_action *a, int, int); -extern int tcf_action_copy_stats (struct sk_buff *,struct tc_action *); +extern int tcf_action_copy_stats (struct sk_buff *,struct tc_action *, int); #endif /* CONFIG_NET_CLS_ACT */ extern int tcf_police(struct sk_buff *skb, struct tcf_police *p); diff -Nru a/net/core/gen_stats.c b/net/core/gen_stats.c --- a/net/core/gen_stats.c 2005-03-30 17:19:39 -08:00 +++ b/net/core/gen_stats.c 2005-03-30 17:19:39 -08:00 @@ -26,7 +26,9 @@ static inline int gnet_stats_copy(struct gnet_dump *d, int type, void *buf, int size) { - RTA_PUT(d->skb, type, size, buf); + if (type) + RTA_PUT(d->skb, type, size, buf); + return 0; rtattr_failure: @@ -58,7 +60,8 @@ { spin_lock_bh(lock); d->lock = lock; - d->tail = (struct rtattr *) skb->tail; + if (type) + d->tail = (struct rtattr *) skb->tail; d->skb = skb; d->compat_tc_stats = tc_stats_type; d->compat_xstats = xstats_type; @@ -194,7 +197,8 @@ int gnet_stats_finish_copy(struct gnet_dump *d) { - d->tail->rta_len = d->skb->tail - (u8 *) d->tail; + if (d->tail) + d->tail->rta_len = d->skb->tail - (u8 *) d->tail; if (d->compat_tc_stats) if (gnet_stats_copy(d, d->compat_tc_stats, &d->tc_stats, diff -Nru a/net/core/netpoll.c b/net/core/netpoll.c --- a/net/core/netpoll.c 2005-03-30 17:19:39 -08:00 +++ b/net/core/netpoll.c 2005-03-30 17:19:39 -08:00 @@ -219,10 +219,11 @@ if (!skb) { spin_lock_irqsave(&skb_list_lock, flags); skb = skbs; - if (skb) + if (skb) { skbs = skb->next; - skb->next = NULL; - nr_skbs--; + skb->next = NULL; + nr_skbs--; + } spin_unlock_irqrestore(&skb_list_lock, flags); } diff -Nru a/net/ipv4/netfilter/ip_nat_ftp.c b/net/ipv4/netfilter/ip_nat_ftp.c --- a/net/ipv4/netfilter/ip_nat_ftp.c 2005-03-30 17:19:39 -08:00 +++ b/net/ipv4/netfilter/ip_nat_ftp.c 2005-03-30 17:19:39 -08:00 @@ -170,5 +170,14 @@ return 0; } +/* Prior to 2.6.11, we had a ports param. No longer, but don't break users. */ +static int warn_set(const char *val, struct kernel_param *kp) +{ + printk(KERN_INFO __stringify(KBUILD_MODNAME) + ": kernel >= 2.6.10 only uses 'ports' for conntrack modules\n"); + return 0; +} +module_param_call(ports, warn_set, NULL, NULL, 0); + module_init(init); module_exit(fini); diff -Nru a/net/ipv4/netfilter/ip_nat_irc.c b/net/ipv4/netfilter/ip_nat_irc.c --- a/net/ipv4/netfilter/ip_nat_irc.c 2005-03-30 17:19:39 -08:00 +++ b/net/ipv4/netfilter/ip_nat_irc.c 2005-03-30 17:19:39 -08:00 @@ -112,5 +112,14 @@ return 0; } +/* Prior to 2.6.11, we had a ports param. No longer, but don't break users. */ +static int warn_set(const char *val, struct kernel_param *kp) +{ + printk(KERN_INFO __stringify(KBUILD_MODNAME) + ": kernel >= 2.6.10 only uses 'ports' for conntrack modules\n"); + return 0; +} +module_param_call(ports, warn_set, NULL, NULL, 0); + module_init(init); module_exit(fini); diff -Nru a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c --- a/net/ipv6/addrconf.c 2005-03-30 17:19:39 -08:00 +++ b/net/ipv6/addrconf.c 2005-03-30 17:19:39 -08:00 @@ -942,7 +942,7 @@ int ipv6_get_saddr(struct dst_entry *dst, struct in6_addr *daddr, struct in6_addr *saddr) { - return ipv6_dev_get_saddr(dst ? dst->dev : NULL, daddr, saddr); + return ipv6_dev_get_saddr(dst ? ((struct rt6_info *)dst)->rt6i_idev->dev : NULL, daddr, saddr); } diff -Nru a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c --- a/net/ipv6/ip6_input.c 2005-03-30 17:19:39 -08:00 +++ b/net/ipv6/ip6_input.c 2005-03-30 17:19:39 -08:00 @@ -71,10 +71,18 @@ goto out; } - /* Store incoming device index. When the packet will - be queued, we cannot refer to skb->dev anymore. + /* + * Store incoming device index. When the packet will + * be queued, we cannot refer to skb->dev anymore. + * + * BTW, when we send a packet for our own local address on a + * non-loopback interface (e.g. ethX), it is being delivered + * via the loopback interface (lo) here; skb->dev = &loopback_dev. + * It, however, should be considered as if it is being + * arrived via the sending interface (ethX), because of the + * nature of scoping architecture. --yoshfuji */ - IP6CB(skb)->iif = dev->ifindex; + IP6CB(skb)->iif = skb->dst ? ((struct rt6_info *)skb->dst)->rt6i_idev->dev->ifindex : dev->ifindex; if (skb->len < sizeof(struct ipv6hdr)) goto err; diff -Nru a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c --- a/net/netlink/af_netlink.c 2005-03-30 17:19:39 -08:00 +++ b/net/netlink/af_netlink.c 2005-03-30 17:19:39 -08:00 @@ -1080,9 +1080,11 @@ len = cb->dump(skb, cb); if (len > 0) { + sock_hold(sk); spin_unlock(&nlk->cb_lock); skb_queue_tail(&sk->sk_receive_queue, skb); sk->sk_data_ready(sk, len); + sock_put(sk); return 0; } diff -Nru a/net/sched/act_api.c b/net/sched/act_api.c --- a/net/sched/act_api.c 2005-03-30 17:19:39 -08:00 +++ b/net/sched/act_api.c 2005-03-30 17:19:39 -08:00 @@ -228,7 +228,7 @@ return err; RTA_PUT(skb, TCA_KIND, IFNAMSIZ, a->ops->kind); - if (tcf_action_copy_stats(skb, a)) + if (tcf_action_copy_stats(skb, a, 0)) goto rtattr_failure; r = (struct rtattr*) skb->tail; RTA_PUT(skb, TCA_OPTIONS, 0, NULL); @@ -380,19 +380,24 @@ return NULL; } -int tcf_action_copy_stats(struct sk_buff *skb, struct tc_action *a) +int tcf_action_copy_stats(struct sk_buff *skb, struct tc_action *a, + int compat_mode) { - int err; + int err = 0; struct gnet_dump d; struct tcf_act_hdr *h = a->priv; if (h == NULL) goto errout; - if (a->type == TCA_OLD_COMPAT) - err = gnet_stats_start_copy_compat(skb, TCA_ACT_STATS, - TCA_STATS, TCA_XSTATS, h->stats_lock, &d); - else + /* compat_mode being true specifies a call that is supposed + * to add additional backward compatiblity statistic TLVs. + */ + if (compat_mode) { + if (a->type == TCA_OLD_COMPAT) + err = gnet_stats_start_copy_compat(skb, 0, + TCA_STATS, TCA_XSTATS, h->stats_lock, &d); + } else err = gnet_stats_start_copy(skb, TCA_ACT_STATS, h->stats_lock, &d); diff -Nru a/net/sched/cls_api.c b/net/sched/cls_api.c --- a/net/sched/cls_api.c 2005-03-30 17:19:39 -08:00 +++ b/net/sched/cls_api.c 2005-03-30 17:19:39 -08:00 @@ -602,7 +602,7 @@ { #ifdef CONFIG_NET_CLS_ACT if (exts->action) - if (tcf_action_copy_stats(skb, exts->action) < 0) + if (tcf_action_copy_stats(skb, exts->action, 1) < 0) goto rtattr_failure; #elif defined CONFIG_NET_CLS_POLICE if (exts->police) diff -Nru a/net/sched/cls_fw.c b/net/sched/cls_fw.c --- a/net/sched/cls_fw.c 2005-03-30 17:19:39 -08:00 +++ b/net/sched/cls_fw.c 2005-03-30 17:19:39 -08:00 @@ -338,9 +338,8 @@ rta->rta_len = skb->tail - b; - if (f->exts.action && f->exts.action->type == TCA_OLD_COMPAT) - if (tcf_exts_dump_stats(skb, &f->exts, &fw_ext_map) < 0) - goto rtattr_failure; + if (tcf_exts_dump_stats(skb, &f->exts, &fw_ext_map) < 0) + goto rtattr_failure; return skb->len; diff -Nru a/net/sched/cls_route.c b/net/sched/cls_route.c --- a/net/sched/cls_route.c 2005-03-30 17:19:39 -08:00 +++ b/net/sched/cls_route.c 2005-03-30 17:19:39 -08:00 @@ -599,9 +599,8 @@ rta->rta_len = skb->tail - b; - if (f->exts.action && f->exts.action->type == TCA_OLD_COMPAT) - if (tcf_exts_dump_stats(skb, &f->exts, &route_ext_map) < 0) - goto rtattr_failure; + if (tcf_exts_dump_stats(skb, &f->exts, &route_ext_map) < 0) + goto rtattr_failure; return skb->len; diff -Nru a/net/sched/cls_tcindex.c b/net/sched/cls_tcindex.c --- a/net/sched/cls_tcindex.c 2005-03-30 17:19:39 -08:00 +++ b/net/sched/cls_tcindex.c 2005-03-30 17:19:39 -08:00 @@ -496,9 +496,8 @@ goto rtattr_failure; rta->rta_len = skb->tail-b; - if (r->exts.action && r->exts.action->type == TCA_OLD_COMPAT) - if (tcf_exts_dump_stats(skb, &r->exts, &tcindex_ext_map) < 0) - goto rtattr_failure; + if (tcf_exts_dump_stats(skb, &r->exts, &tcindex_ext_map) < 0) + goto rtattr_failure; } return skb->len; diff -Nru a/net/sched/cls_u32.c b/net/sched/cls_u32.c --- a/net/sched/cls_u32.c 2005-03-30 17:19:39 -08:00 +++ b/net/sched/cls_u32.c 2005-03-30 17:19:39 -08:00 @@ -775,7 +775,7 @@ } rta->rta_len = skb->tail - b; - if (TC_U32_KEY(n->handle) && n->exts.action && n->exts.action->type == TCA_OLD_COMPAT) + if (TC_U32_KEY(n->handle)) if (tcf_exts_dump_stats(skb, &n->exts, &u32_ext_map) < 0) goto rtattr_failure; return skb->len; diff -Nru a/net/sched/ipt.c b/net/sched/ipt.c --- a/net/sched/ipt.c 2005-03-30 17:19:39 -08:00 +++ b/net/sched/ipt.c 2005-03-30 17:19:39 -08:00 @@ -284,10 +284,12 @@ tm.lastuse = jiffies_to_clock_t(jiffies - p->tm.lastuse); tm.expires = jiffies_to_clock_t(p->tm.expires); RTA_PUT(skb, TCA_IPT_TM, sizeof (tm), &tm); + kfree(t); return skb->len; rtattr_failure: skb_trim(skb, b - skb->data); + kfree(t); return -1; } diff -Nru a/net/unix/af_unix.c b/net/unix/af_unix.c --- a/net/unix/af_unix.c 2005-03-30 17:19:39 -08:00 +++ b/net/unix/af_unix.c 2005-03-30 17:19:39 -08:00 @@ -188,6 +188,13 @@ if (!sunaddr || sunaddr->sun_family != AF_UNIX) return -EINVAL; if (sunaddr->sun_path[0]) { + /* + * This may look like an off by one error but it is a bit more + * subtle. 108 is the longest valid AF_UNIX path for a binding. + * sun_path[108] doesnt as such exist. However in kernel space + * we are guaranteed that it is a valid memory location in our + * kernel address buffer. + */ ((char *)sunaddr)[len]=0; len = strlen(sunaddr->sun_path)+1+sizeof(short); return len;