From b9ac86727fc02cc7117ef3fe518a4d51cd573c82 Mon Sep 17 00:00:00 2001 From: Sridhar Samudrala Date: Mon, 28 Aug 2006 13:53:01 -0700 Subject: [PATCH 1/7] [SCTP]: Fix sctp_primitive_ABORT() call in sctp_close(). With the recent fix, the callers of sctp_primitive_ABORT() need to create an ABORT chunk and pass it as an argument rather than msghdr that was passed earlier. Signed-off-by: Sridhar Samudrala Signed-off-by: David S. Miller --- net/sctp/socket.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index fde3f55bfd4b..dab15949958e 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1289,9 +1289,13 @@ SCTP_STATIC void sctp_close(struct sock *sk, long timeout) } } - if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) - sctp_primitive_ABORT(asoc, NULL); - else + if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) { + struct sctp_chunk *chunk; + + chunk = sctp_make_abort_user(asoc, NULL, 0); + if (chunk) + sctp_primitive_ABORT(asoc, chunk); + } else sctp_primitive_SHUTDOWN(asoc, NULL); } From 8fb6f732c389847dece403b7470d6d3d2778804a Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Mon, 28 Aug 2006 22:12:54 -0700 Subject: [PATCH 2/7] [E100]: Add module option to ignore bad EEPROM checksums. Several people run into the situation where the E100 EEPROM contents are fine, but the checksum hasn't been set properly. This renders the device useless for them even though it would function correctly. The default is off, which retains the current behavior. Signed-off-by: David S. Miller --- drivers/net/e100.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/e100.c b/drivers/net/e100.c index 91ef5f2fd768..ce850f1078b5 100644 --- a/drivers/net/e100.c +++ b/drivers/net/e100.c @@ -173,8 +173,11 @@ MODULE_LICENSE("GPL"); MODULE_VERSION(DRV_VERSION); static int debug = 3; +static int eeprom_bad_csum_allow = 0; module_param(debug, int, 0); +module_param(eeprom_bad_csum_allow, int, 0); MODULE_PARM_DESC(debug, "Debug level (0=none,...,16=all)"); +MODULE_PARM_DESC(eeprom_bad_csum_allow, "Allow bad eeprom checksums"); #define DPRINTK(nlevel, klevel, fmt, args...) \ (void)((NETIF_MSG_##nlevel & nic->msg_enable) && \ printk(KERN_##klevel PFX "%s: %s: " fmt, nic->netdev->name, \ @@ -756,7 +759,8 @@ static int e100_eeprom_load(struct nic *nic) checksum = le16_to_cpu(0xBABA - checksum); if(checksum != nic->eeprom[nic->eeprom_wc - 1]) { DPRINTK(PROBE, ERR, "EEPROM corrupted\n"); - return -EAGAIN; + if (!eeprom_bad_csum_allow) + return -EAGAIN; } return 0; From 76d0cc1b64e1686b2b53e081c94142dd99f01ec5 Mon Sep 17 00:00:00 2001 From: Lv Liangying Date: Tue, 29 Aug 2006 00:00:47 -0700 Subject: [PATCH 3/7] [IPV6]: SNMPv2 "ipv6IfStatsInAddrErrors" counter error When I tested Linux kernel 2.6.17.7 about statistics "ipv6IfStatsInAddrErrors", found that this counter couldn't increase correctly. The criteria is RFC2465: ipv6IfStatsInAddrErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of input datagrams discarded because the IPv6 address in their IPv6 header's destination field was not a valid address to be received at this entity. This count includes invalid addresses (e.g., ::0) and unsupported addresses (e.g., addresses with unallocated prefixes). For entities which are not IPv6 routers and therefore do not forward datagrams, this counter includes datagrams discarded because the destination address was not a local address." ::= { ipv6IfStatsEntry 5 } When I send packet to host with destination that is ether invalid address(::0) or unsupported addresses(1::1), the Linux kernel just discard the packet, and the counter doesn't increase(in the function ip6_pkt_discard). Signed-off-by: Lv Liangying Signed-off-by: David S. Miller --- net/ipv6/route.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 4b163711f3a8..d9baca062d24 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -1532,6 +1532,10 @@ int ipv6_route_ioctl(unsigned int cmd, void __user *arg) static int ip6_pkt_discard(struct sk_buff *skb) { + int type = ipv6_addr_type(&skb->nh.ipv6h->daddr); + if (type == IPV6_ADDR_ANY || type == IPV6_ADDR_RESERVED) + IP6_INC_STATS(IPSTATS_MIB_INADDRERRORS); + IP6_INC_STATS(IPSTATS_MIB_OUTNOROUTES); icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_NOROUTE, 0, skb->dev); kfree_skb(skb); From 3fdf3f0c99e90e167f0d0643fcc8739e27456697 Mon Sep 17 00:00:00 2001 From: Daikichi Osuga Date: Tue, 29 Aug 2006 02:01:44 -0700 Subject: [PATCH 4/7] [TCP]: Two RFC3465 Appropriate Byte Count fixes. 1) fix slow start after retransmit timeout 2) fix case of L=2*SMSS acked bytes comparison Signed-off-by: Daikichi Osuga Signed-off-by: David S. Miller --- net/ipv4/tcp_cong.c | 2 +- net/ipv4/tcp_input.c | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c index 5765f9d03174..7ff2e4273a7c 100644 --- a/net/ipv4/tcp_cong.c +++ b/net/ipv4/tcp_cong.c @@ -189,7 +189,7 @@ void tcp_slow_start(struct tcp_sock *tp) return; /* We MAY increase by 2 if discovered delayed ack */ - if (sysctl_tcp_abc > 1 && tp->bytes_acked > 2*tp->mss_cache) { + if (sysctl_tcp_abc > 1 && tp->bytes_acked >= 2*tp->mss_cache) { if (tp->snd_cwnd < tp->snd_cwnd_clamp) tp->snd_cwnd++; } diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 104af5d5bcbc..111ff39a08c5 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -2505,8 +2505,13 @@ static int tcp_ack(struct sock *sk, struct sk_buff *skb, int flag) if (before(ack, prior_snd_una)) goto old_ack; - if (sysctl_tcp_abc && icsk->icsk_ca_state < TCP_CA_CWR) - tp->bytes_acked += ack - prior_snd_una; + if (sysctl_tcp_abc) { + if (icsk->icsk_ca_state < TCP_CA_CWR) + tp->bytes_acked += ack - prior_snd_una; + else if (icsk->icsk_ca_state == TCP_CA_Loss) + /* we assume just one segment left network */ + tp->bytes_acked += min(ack - prior_snd_una, tp->mss_cache); + } if (!(flag&FLAG_SLOWPATH) && after(ack, prior_snd_una)) { /* Window is constant, pure forward advance. From fab2caf62ed03d83bd3a3598b859c3c345a8e8b5 Mon Sep 17 00:00:00 2001 From: Akinobu Mita Date: Tue, 29 Aug 2006 02:15:24 -0700 Subject: [PATCH 5/7] [NETLINK]: Call panic if nl_table allocation fails This patch makes crash happen if initialization of nl_table fails in initcalls. It is better than getting use after free crash later. Signed-off-by: Akinobu Mita Signed-off-by: David S. Miller --- net/netlink/af_netlink.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index b85c1f9f1288..8b85036ba8e3 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1273,8 +1273,7 @@ netlink_kernel_create(int unit, unsigned int groups, struct netlink_sock *nlk; unsigned long *listeners = NULL; - if (!nl_table) - return NULL; + BUG_ON(!nl_table); if (unit<0 || unit>=MAX_LINKS) return NULL; @@ -1745,11 +1744,8 @@ static int __init netlink_proto_init(void) netlink_skb_parms_too_large(); nl_table = kcalloc(MAX_LINKS, sizeof(*nl_table), GFP_KERNEL); - if (!nl_table) { -enomem: - printk(KERN_CRIT "netlink_init: Cannot allocate nl_table\n"); - return -ENOMEM; - } + if (!nl_table) + goto panic; if (num_physpages >= (128 * 1024)) max = num_physpages >> (21 - PAGE_SHIFT); @@ -1769,7 +1765,7 @@ static int __init netlink_proto_init(void) nl_pid_hash_free(nl_table[i].hash.table, 1 * sizeof(*hash->table)); kfree(nl_table); - goto enomem; + goto panic; } memset(hash->table, 0, 1 * sizeof(*hash->table)); hash->max_shift = order; @@ -1786,6 +1782,8 @@ static int __init netlink_proto_init(void) rtnetlink_init(); out: return err; +panic: + panic("netlink_init: Cannot allocate nl_table\n"); } core_initcall(netlink_proto_init); From 57f5f544f58ffa1d6c38630d0522c9c0be67c533 Mon Sep 17 00:00:00 2001 From: Keir Fraser Date: Tue, 29 Aug 2006 02:43:49 -0700 Subject: [PATCH 6/7] [IPV6]: ipv6_add_addr should install dstentry earlier ipv6_add_addr allocates a struct inet6_ifaddr and a dstentry, but it doesn't install the dstentry in ifa->rt until after it releases the addrconf_hash_lock. This means other CPUs will be able to see the new address while it hasn't been initialized completely yet. One possible fix would be to grab the ifp->lock spinlock when creating the address struct; a simpler fix is to just move the assignment. Acked-by: jbeulich@novell.com Acked-by: okir@suse.de Acked-by: YOSHIFUJI Hideaki Signed-off-by: David S. Miller --- net/ipv6/addrconf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 0c5042e7380d..c7852b38e03e 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -578,6 +578,8 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen, ifa->flags = flags | IFA_F_TENTATIVE; ifa->cstamp = ifa->tstamp = jiffies; + ifa->rt = rt; + ifa->idev = idev; in6_dev_hold(idev); /* For caller */ @@ -603,8 +605,6 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen, } #endif - ifa->rt = rt; - in6_ifa_hold(ifa); write_unlock(&idev->lock); out2: From ee1377c3eef4238d89b2f99fa4d0bbbad3078b64 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 29 Aug 2006 21:18:45 -0700 Subject: [PATCH 7/7] [STRIP]: Fix neighbour table refcount leak. Found by inspection. The STRIP driver does neigh_lookup() but never releases. This driver shouldn't being doing gratuitous arp anyway. Untested, obviously, because of lack of hardware. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller --- drivers/net/wireless/strip.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/strip.c b/drivers/net/wireless/strip.c index fd31885c6844..ccaf28e8db0a 100644 --- a/drivers/net/wireless/strip.c +++ b/drivers/net/wireless/strip.c @@ -467,6 +467,7 @@ static int arp_query(unsigned char *haddr, u32 paddr, struct net_device *dev) { struct neighbour *neighbor_entry; + int ret = 0; neighbor_entry = neigh_lookup(&arp_tbl, &paddr, dev); @@ -474,10 +475,11 @@ static int arp_query(unsigned char *haddr, u32 paddr, neighbor_entry->used = jiffies; if (neighbor_entry->nud_state & NUD_VALID) { memcpy(haddr, neighbor_entry->ha, dev->addr_len); - return 1; + ret = 1; } + neigh_release(neighbor_entry); } - return 0; + return ret; } static void DumpData(char *msg, struct strip *strip_info, __u8 * ptr,