From ca983cefd950ec929582dd95ba6e46d12c2c6959 Mon Sep 17 00:00:00 2001 From: YOSHIFUJI Hideaki Date: Tue, 24 Jul 2007 15:27:30 -0700 Subject: [TCPv6] MD5SIG: Ensure to reset allocation count to avoid panic. After clearing all passwords for IPv6 peers, we need to set allocation count to zero as well as we free the storage. Otherwise, we panic when a user trys to (re)add a password. Discovered and fixed by MIYAJIMA Mitsuharu . Signed-off-by: YOSHIFUJI Hideaki Signed-off-by: David S. Miller --- net/ipv6/tcp_ipv6.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index d67fb1ef751..f10f3689d67 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -633,6 +633,7 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer) if (tp->md5sig_info->entries6 == 0) { kfree(tp->md5sig_info->keys6); tp->md5sig_info->keys6 = NULL; + tp->md5sig_info->alloced6 = 0; tcp_free_md5sig_pool(); -- cgit v1.2.3 From 7e2acc7e2711d51705373ac201333c9a0ebd3950 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 24 Jul 2007 15:29:55 -0700 Subject: [NETFILTER]: Fix logging regression Loading one of the LOG target fails if a different target has already registered itself as backend for the same family. This can affect the ipt_LOG and ipt_ULOG modules when both are loaded. Reported and tested by: Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/bridge/netfilter/ebt_log.c | 6 ++---- net/bridge/netfilter/ebt_ulog.c | 8 ++------ net/ipv4/netfilter/ipt_LOG.c | 6 ++---- net/ipv6/netfilter/ip6t_LOG.c | 6 ++---- 4 files changed, 8 insertions(+), 18 deletions(-) diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index 031bfa4a51f..984e9c64fb8 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c @@ -196,10 +196,8 @@ static int __init ebt_log_init(void) ret = ebt_register_watcher(&log); if (ret < 0) return ret; - ret = nf_log_register(PF_BRIDGE, &ebt_log_logger); - if (ret < 0 && ret != -EEXIST) - ebt_unregister_watcher(&log); - return ret; + nf_log_register(PF_BRIDGE, &ebt_log_logger); + return 0; } static void __exit ebt_log_fini(void) diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index 9411db62591..6fec3522569 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c @@ -308,12 +308,8 @@ static int __init ebt_ulog_init(void) else if ((ret = ebt_register_watcher(&ulog))) sock_release(ebtulognl->sk_socket); - if (nf_log_register(PF_BRIDGE, &ebt_ulog_logger) < 0) { - printk(KERN_WARNING "ebt_ulog: not logging via ulog " - "since somebody else already registered for PF_BRIDGE\n"); - /* we cannot make module load fail here, since otherwise - * ebtables userspace would abort */ - } + if (ret == 0) + nf_log_register(PF_BRIDGE, &ebt_ulog_logger); return ret; } diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index 5937ad150b9..127a5e89bf1 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c @@ -479,10 +479,8 @@ static int __init ipt_log_init(void) ret = xt_register_target(&ipt_log_reg); if (ret < 0) return ret; - ret = nf_log_register(PF_INET, &ipt_log_logger); - if (ret < 0 && ret != -EEXIST) - xt_unregister_target(&ipt_log_reg); - return ret; + nf_log_register(PF_INET, &ipt_log_logger); + return 0; } static void __exit ipt_log_fini(void) diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index b05327ebd33..6ab99001dcc 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c @@ -493,10 +493,8 @@ static int __init ip6t_log_init(void) ret = xt_register_target(&ip6t_log_reg); if (ret < 0) return ret; - ret = nf_log_register(PF_INET6, &ip6t_logger); - if (ret < 0 && ret != -EEXIST) - xt_unregister_target(&ip6t_log_reg); - return ret; + nf_log_register(PF_INET6, &ip6t_logger); + return 0; } static void __exit ip6t_log_fini(void) -- cgit v1.2.3 From 62c7931873f203ce4ad8f62942b43a1126b37378 Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Tue, 24 Jul 2007 15:30:30 -0700 Subject: [NETFILTER]: Clean up duplicate includes in net/bridge/ This patch cleans up duplicate includes in net/bridge/ Signed-off-by: Jesper Juhl Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/bridge/netfilter/ebt_log.c | 1 - net/bridge/netfilter/ebt_ulog.c | 1 - 2 files changed, 2 deletions(-) diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index 984e9c64fb8..457815fb558 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c @@ -9,7 +9,6 @@ * */ -#include #include #include #include diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index 6fec3522569..204c968fa86 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c @@ -36,7 +36,6 @@ #include #include #include -#include #include #include #include -- cgit v1.2.3 From 85ccc365e91de9f0053c94de4cbc6ce97f8170e7 Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Tue, 24 Jul 2007 15:31:05 -0700 Subject: [NETFILTER]: Clean up duplicate includes in net/netfilter/ This patch cleans up duplicate includes in net/netfilter/ Signed-off-by: Jesper Juhl Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/nf_conntrack_proto_tcp.c | 1 - net/netfilter/nf_conntrack_proto_udp.c | 1 - net/netfilter/nf_conntrack_proto_udplite.c | 1 - net/netfilter/xt_physdev.c | 1 - 4 files changed, 4 deletions(-) diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 87ad3ccf8af..eb3fe740146 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c @@ -8,7 +8,6 @@ #include #include -#include #include #include #include diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c index 13d94a02572..2a2fd1a764e 100644 --- a/net/netfilter/nf_conntrack_proto_udp.c +++ b/net/netfilter/nf_conntrack_proto_udp.c @@ -9,7 +9,6 @@ #include #include #include -#include #include #include #include diff --git a/net/netfilter/nf_conntrack_proto_udplite.c b/net/netfilter/nf_conntrack_proto_udplite.c index 93e747b5396..b906b413997 100644 --- a/net/netfilter/nf_conntrack_proto_udplite.c +++ b/net/netfilter/nf_conntrack_proto_udplite.c @@ -10,7 +10,6 @@ #include #include #include -#include #include #include #include diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c index f47cab7a696..a4bab043a6d 100644 --- a/net/netfilter/xt_physdev.c +++ b/net/netfilter/xt_physdev.c @@ -13,7 +13,6 @@ #include #include #include -#include MODULE_LICENSE("GPL"); MODULE_AUTHOR("Bart De Schuymer "); -- cgit v1.2.3 From 79dc4386aec655ad829f320ab90888bacbc7037b Mon Sep 17 00:00:00 2001 From: Thomas Graf Date: Tue, 24 Jul 2007 15:32:46 -0700 Subject: [GENETLINK]: Fix race in genl_unregister_mc_groups() family->mcast_groups is protected by genl_lock so it must be held while accessing the list in genl_unregister_mc_groups(). Requires adding a non-locking variant of genl_unregister_mc_group(). Signed-off-by: Thomas Graf Signed-off-by: David S. Miller --- net/netlink/genetlink.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index e146531faf1..61d65569e2b 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -200,6 +200,18 @@ int genl_register_mc_group(struct genl_family *family, } EXPORT_SYMBOL(genl_register_mc_group); +static void __genl_unregister_mc_group(struct genl_family *family, + struct genl_multicast_group *grp) +{ + BUG_ON(grp->family != family); + netlink_clear_multicast_users(genl_sock, grp->id); + clear_bit(grp->id, mc_groups); + list_del(&grp->list); + genl_ctrl_event(CTRL_CMD_DELMCAST_GRP, grp); + grp->id = 0; + grp->family = NULL; +} + /** * genl_unregister_mc_group - unregister a multicast group * @@ -217,14 +229,8 @@ EXPORT_SYMBOL(genl_register_mc_group); void genl_unregister_mc_group(struct genl_family *family, struct genl_multicast_group *grp) { - BUG_ON(grp->family != family); genl_lock(); - netlink_clear_multicast_users(genl_sock, grp->id); - clear_bit(grp->id, mc_groups); - list_del(&grp->list); - genl_ctrl_event(CTRL_CMD_DELMCAST_GRP, grp); - grp->id = 0; - grp->family = NULL; + __genl_unregister_mc_group(family, grp); genl_unlock(); } @@ -232,8 +238,10 @@ static void genl_unregister_mc_groups(struct genl_family *family) { struct genl_multicast_group *grp, *tmp; + genl_lock(); list_for_each_entry_safe(grp, tmp, &family->mcast_groups, list) - genl_unregister_mc_group(family, grp); + __genl_unregister_mc_group(family, grp); + genl_unlock(); } /** -- cgit v1.2.3 From 2c04ddb707b4d50c314186249f466b6720ee4289 Mon Sep 17 00:00:00 2001 From: Thomas Graf Date: Tue, 24 Jul 2007 15:33:51 -0700 Subject: [GENETLINK]: Fix adjustment of number of multicast groups The current calculation of the maximum number of genetlink multicast groups seems odd, fix it. Signed-off-by: Thomas Graf Signed-off-by: David S. Miller --- net/netlink/genetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index 61d65569e2b..457a2873bb0 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -184,7 +184,7 @@ int genl_register_mc_group(struct genl_family *family, } err = netlink_change_ngroups(genl_sock, - sizeof(unsigned long) * NETLINK_GENERIC); + mc_groups_longs * BITS_PER_LONG); if (err) goto out; -- cgit v1.2.3 From 79d310d01ec2a55e0ac1810aee56886ebee58c53 Mon Sep 17 00:00:00 2001 From: Thomas Graf Date: Tue, 24 Jul 2007 15:34:53 -0700 Subject: [GENETLINK]: Correctly report errors while registering a multicast group Signed-off-by: Thomas Graf Signed-off-by: David S. Miller --- net/netlink/genetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index 457a2873bb0..8c11ca4a212 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -196,7 +196,7 @@ int genl_register_mc_group(struct genl_family *family, genl_ctrl_event(CTRL_CMD_NEWMCAST_GRP, grp); out: genl_unlock(); - return 0; + return err; } EXPORT_SYMBOL(genl_register_mc_group); -- cgit v1.2.3 From 3f5f4346b6d3c8bc33780a941da2473c4be2c989 Mon Sep 17 00:00:00 2001 From: Andrew Morton Date: Tue, 24 Jul 2007 15:37:11 -0700 Subject: [8021Q]: vlan_ioctl_handler: fix return value net/8021q/vlan.c: In function 'vlan_ioctl_handler': net/8021q/vlan.c:700: warning: 'err' may be used uninitialized in this function The warning is incorrect, but from my reading this ioctl will return -EINVAL on success. Signed-off-by: Andrew Morton Signed-off-by: David S. Miller --- net/8021q/vlan.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c index cda936b77d2..1583c5ef963 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c @@ -810,6 +810,7 @@ static int vlan_ioctl_handler(void __user *arg) err = -EINVAL; break; case GET_VLAN_REALDEV_NAME_CMD: + err = 0; vlan_dev_get_realdev_name(dev, args.u.device2); if (copy_to_user(arg, &args, sizeof(struct vlan_ioctl_args))) { @@ -818,6 +819,7 @@ static int vlan_ioctl_handler(void __user *arg) break; case GET_VLAN_VID_CMD: + err = 0; vlan_dev_get_vid(dev, &vid); args.u.VID = vid; if (copy_to_user(arg, &args, -- cgit v1.2.3