We (the -stable team) are announcing the release of the 2.6.25.13
kernel.
It contains lots of networking-related bugfixes, all over the map. Any
users of the 2.6.25 kernel series should upgrade to this version. For
details on the fixes, see the changelog entries and the diffstat below.
I'll also be replying to this message with a copy of the patch between
2.6.25.12 and 2.6.25.13
The updated 2.6.25.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6.25.y.git
and can be browsed at the normal kernel.org git web browser:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=summary
thanks,
greg k-h
-------------
Documentation/networking/udplite.txt | 2 -
Makefile | 2 -
drivers/net/hamradio/hdlcdrv.c | 1
drivers/net/pppoe.c | 37 ++++++++++++++++++-----------------
drivers/net/pppol2tp.c | 20 +++++++++++-------
include/linux/ipv6.h | 2 +
include/linux/kernel.h | 1
net/ipv4/raw.c | 2 -
net/ipv4/udp.c | 4 +++
net/ipv4/xfrm4_mode_tunnel.c | 2 -
net/ipv6/ip6_fib.c | 4 +--
11 files changed, 46 insertions(+), 31 deletions(-)
David S. Miller (1):
ipv6: __KERNEL__ ifdef struct ipv6_devconf
Eric Dumazet (1):
raw: Restore /proc/net/raw correct behavior
Gerrit Renker (1):
udplite: Protection against coverage value wrap-around
Greg Kroah-Hartman (1):
Linux 2.6.25.13
Herbert Xu (2):
net pppoe: Check packet length on all receive paths
pppoe: Unshare skb before anything else
James Chapman (1):
l2tp: Fix potential memory corruption in pppol2tp_recvmsg()
Micah Dowty (1):
hdlcdrv: Fix CRC calculation.
Steffen Klassert (1):
xfrm: fix fragmentation for ipv4 xfrm tunnel
Stephen Hemminger (1):
ipv6: use timer pending
diff --git a/Documentation/networking/udplite.txt b/Documentation/networking/udplite.txt
index 3870f28..855d8da 100644
--- a/Documentation/networking/udplite.txt
+++ b/Documentation/networking/udplite.txt
@@ -148,7 +148,7 @@
getsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK, &value, ...);
is meaningless (as in TCP). Packets with a zero checksum field are
- illegal (cf. RFC 3828, sec. 3.1) will be silently discarded.
+ illegal (cf. RFC 3828, sec. 3.1) and will be silently discarded.
4) Fragmentation
diff --git a/Makefile b/Makefile
index febc946..dfc5a88 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 25
-EXTRAVERSION = .12
+EXTRAVERSION = .13
NAME = Funky Weasel is Jiggy wit it
# *DOCUMENTATION*
diff --git a/drivers/net/hamradio/hdlcdrv.c b/drivers/net/hamradio/hdlcdrv.c
index ae9629f..c258a05 100644
--- a/drivers/net/hamradio/hdlcdrv.c
+++ b/drivers/net/hamradio/hdlcdrv.c
@@ -88,6 +88,7 @@
static inline void append_crc_ccitt(unsigned char *buffer, int len)
{
unsigned int crc = crc_ccitt(0xffff, buffer, len) ^ 0xffff;
+ buffer += len;
*buffer++ = crc;
*buffer++ = crc >> 8;
}
diff --git a/drivers/net/pppoe.c b/drivers/net/pppoe.c
index ac0ac98..6bc58dd 100644
--- a/drivers/net/pppoe.c
+++ b/drivers/net/pppoe.c
@@ -341,12 +341,6 @@ static int pppoe_rcv_core(struct sock *sk, struct sk_buff *skb)
struct pppox_sock *relay_po;
if (sk->sk_state & PPPOX_BOUND) {
- struct pppoe_hdr *ph = pppoe_hdr(skb);
- int len = ntohs(ph->length);
- skb_pull_rcsum(skb, sizeof(struct pppoe_hdr));
- if (pskb_trim_rcsum(skb, len))
- goto abort_kfree;
-
ppp_input(&po->chan, skb);
} else if (sk->sk_state & PPPOX_RELAY) {
relay_po = get_item_by_addr(&po->pppoe_relay);
@@ -357,7 +351,6 @@ static int pppoe_rcv_core(struct sock *sk, struct sk_buff *skb)
if ((sk_pppox(relay_po)->sk_state & PPPOX_CONNECTED) == 0)
goto abort_put;
- skb_pull(skb, sizeof(struct pppoe_hdr));
if (!__pppoe_xmit(sk_pppox(relay_po), skb))
goto abort_put;
} else {
@@ -388,6 +381,7 @@ static int pppoe_rcv(struct sk_buff *skb,
{
struct pppoe_hdr *ph;
struct pppox_sock *po;
+ int len;
if (!(skb = skb_share_check(skb, GFP_ATOMIC)))
goto out;
@@ -399,10 +393,21 @@ static int pppoe_rcv(struct sk_buff *skb,
goto drop;
ph = pppoe_hdr(skb);
+ len = ntohs(ph->length);
+
+ skb_pull_rcsum(skb, sizeof(*ph));
+ if (skb->len < len)
+ goto drop;
po = get_item(ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
- if (po != NULL)
- return sk_receive_skb(sk_pppox(po), skb, 0);
+ if (!po)
+ goto drop;
+
+ if (pskb_trim_rcsum(skb, len))
+ goto drop;
+
+ return sk_receive_skb(sk_pppox(po), skb, 0);
+
drop:
kfree_skb(skb);
out:
@@ -427,12 +432,12 @@ static int pppoe_disc_rcv(struct sk_buff *skb,
if (dev->nd_net != &init_net)
goto abort;
- if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
- goto abort;
-
if (!(skb = skb_share_check(skb, GFP_ATOMIC)))
goto out;
+ if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
+ goto abort;
+
ph = pppoe_hdr(skb);
if (ph->code != PADT_CODE)
goto abort;
@@ -937,12 +942,10 @@ static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock,
m->msg_namelen = 0;
if (skb) {
- struct pppoe_hdr *ph = pppoe_hdr(skb);
- const int len = ntohs(ph->length);
-
- error = memcpy_toiovec(m->msg_iov, (unsigned char *) &ph->tag[0], len);
+ total_len = min_t(size_t, total_len, skb->len);
+ error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len);
if (error == 0)
- error = len;
+ error = total_len;
}
kfree_skb(skb);
diff --git a/drivers/net/pppol2tp.c b/drivers/net/pppol2tp.c
index a629355..a3e1d22 100644
--- a/drivers/net/pppol2tp.c
+++ b/drivers/net/pppol2tp.c
@@ -783,14 +783,18 @@ static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
err = 0;
skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
flags & MSG_DONTWAIT, &err);
- if (skb) {
- err = memcpy_toiovec(msg->msg_iov, (unsigned char *) skb->data,
- skb->len);
- if (err < 0)
- goto do_skb_free;
- err = skb->len;
- }
-do_skb_free:
+ if (!skb)
+ goto end;
+
+ if (len > skb->len)
+ len = skb->len;
+ else if (len < skb->len)
+ msg->msg_flags |= MSG_TRUNC;
+
+ err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, len);
+ if (likely(err == 0))
+ err = len;
+
kfree_skb(skb);
end:
return err;
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index 134c8e5..2584306 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -123,6 +123,7 @@ struct ipv6hdr {
struct in6_addr daddr;
};
+#ifdef __KERNEL__
/*
* This structure contains configuration options per IPv6 link.
*/
@@ -162,6 +163,7 @@ struct ipv6_devconf {
#endif
void *sysctl;
};
+#endif
/* index values for the variables in ipv6_devconf */
enum {
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 2df44e7..6890264 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -20,6 +20,7 @@
extern const char linux_banner[];
extern const char linux_proc_banner[];
+#define USHORT_MAX ((u16)(~0U))
#define INT_MAX ((int)(~0U>>1))
#define INT_MIN (-INT_MAX - 1)
#define UINT_MAX (~0U)
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index a3002fe..37801ae 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -936,7 +936,7 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
srcp = inet->num;
seq_printf(seq, "%4d: %08X:%04X %08X:%04X"
- " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d",
+ " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d\n",
i, src, srcp, dest, destp, sp->sk_state,
atomic_read(&sp->sk_wmem_alloc),
atomic_read(&sp->sk_rmem_alloc),
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 1704c14..9703c87 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1325,6 +1325,8 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname,
return -ENOPROTOOPT;
if (val != 0 && val < 8) /* Illegal coverage: use default (8) */
val = 8;
+ else if (val > USHORT_MAX)
+ val = USHORT_MAX;
up->pcslen = val;
up->pcflag |= UDPLITE_SEND_CC;
break;
@@ -1337,6 +1339,8 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname,
return -ENOPROTOOPT;
if (val != 0 && val < 8) /* Avoid silly minimal values. */
val = 8;
+ else if (val > USHORT_MAX)
+ val = USHORT_MAX;
up->pcrlen = val;
up->pcflag |= UDPLITE_RECV_CC;
break;
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
index 584e6d7..7135279 100644
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -52,7 +52,7 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
IP_ECN_clear(top_iph);
top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
- 0 : XFRM_MODE_SKB_CB(skb)->frag_off;
+ 0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF));
ip_select_ident(top_iph, dst->child, NULL);
top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index bab72b6..dee7fea 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -679,7 +679,7 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
static __inline__ void fib6_start_gc(struct rt6_info *rt)
{
- if (ip6_fib_timer.expires == 0 &&
+ if (!timer_pending(&ip6_fib_timer) &&
(rt->rt6i_flags & (RTF_EXPIRES|RTF_CACHE)))
mod_timer(&ip6_fib_timer, jiffies +
init_net.ipv6.sysctl.ip6_rt_gc_interval);
@@ -687,7 +687,7 @@ static __inline__ void fib6_start_gc(struct rt6_info *rt)
void fib6_force_start_gc(void)
{
- if (ip6_fib_timer.expires == 0)
+ if (!timer_pending(&ip6_fib_timer))
mod_timer(&ip6_fib_timer, jiffies +
init_net.ipv6.sysctl.ip6_rt_gc_interval);
}
* Greg KH <[email protected]> wrote:
> I'll also be replying to this message with a copy of the patch
> between 2.6.25.12 and 2.6.25.13
Given that the official patches are signed, how about signing such
mails as well?
I actually prefer such small diffs in comparison to keeping a copy of
2.6.X and applying the latest patch to it in order to update via a
signed patch. (it's a policy thing.)
--
left blank, right bald
[ please keep people in CC: ]
On Fri, Aug 01, 2008 at 01:22:35AM +0200, markus reichelt wrote:
> * Greg KH <[email protected]> wrote:
>
> > I'll also be replying to this message with a copy of the patch
> > between 2.6.25.12 and 2.6.25.13
>
> Given that the official patches are signed, how about signing such
> mails as well?
It would serve nothing and add more things to take care of on maintainers
side. Eventhough some parts are scripted, releasing a kernel is a tough
work with a long checklist. I'd prefer Greg to continue to release often
when he has good fixes than knowing he wastes his time ensuring everything
is ready to match everyone's specific expectations.
> I actually prefer such small diffs in comparison to keeping a copy of
> 2.6.X and applying the latest patch to it in order to update via a
> signed patch. (it's a policy thing.)
I tend to agree with your policy, but then you can simply download the
signed incremental diffs there :
http://www.kernel.org/pub/linux/kernel/v2.6/incr/
Regards,
Willy
On Fri, Aug 01, 2008 at 07:02:14AM +0200, Willy Tarreau wrote:
>
> [ please keep people in CC: ]
>
> On Fri, Aug 01, 2008 at 01:22:35AM +0200, markus reichelt wrote:
> > * Greg KH <[email protected]> wrote:
> >
> > > I'll also be replying to this message with a copy of the patch
> > > between 2.6.25.12 and 2.6.25.13
> >
> > Given that the official patches are signed, how about signing such
> > mails as well?
With what key?
Do you trust my personal key? If so, why? What trust does it imply to
you that my email message doesn't? Why not trust the signature on the
kernel.org server instead?
Also, it makes actually applying patches in the mail a pain, trust me,
I've tried it in the past.
thanks,
greg k-h