[NET]: Fix socket bitop damage

The socket flag cleanups that went into 2.6.12-rc1 are basically oring
the flags of an old socket into the socket just being created.
Unfortunately that one was just initialized by sock_init_data(), so already
has SOCK_ZAPPED set.  As the result zapped sockets are created and all
incoming connection will fail due to this bug which again was carefully
replicated to at least AX.25, NET/ROM or ROSE.

In order to keep the abstraction alive I've introduced sock_copy_flags()
to copy the socket flags from one sockets to another and used that
instead of the bitwise copy thing.  Anyway, the idea here has probably
been to copy all flags, so sock_copy_flags() should be the right thing.
With this the ham radio protocols are usable again, so I hope this will
make it into 2.6.13.

Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

4 files changed, 8 insertions, 18 deletions

diff --git a/include/net/sock.h b/include/net/sock.h
index a1042d08becd..e9b1dbab90d0 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -384,6 +384,11 @@ enum sock_flags {
         SOCK_QUEUE_SHRUNK, /* write queue has been shrunk recently */
 };
 
+static inline void sock_copy_flags(struct sock *nsk, struct sock *osk)
+{
+        nsk->sk_flags = osk->sk_flags;
+}
+
 static inline void sock_set_flag(struct sock *sk, enum sock_flags flag)
 {
         __set_bit(flag, &sk->sk_flags);
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 707097deac3d..7d8ecadba668 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -875,12 +875,7 @@ struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
         sk->sk_sndbuf   = osk->sk_sndbuf;
         sk->sk_state    = TCP_ESTABLISHED;
         sk->sk_sleep    = osk->sk_sleep;
-
-        if (sock_flag(osk, SOCK_DBG))
-                sock_set_flag(sk, SOCK_DBG);
-
-        if (sock_flag(osk, SOCK_ZAPPED))
-                sock_set_flag(sk, SOCK_ZAPPED);
+        sock_copy_flags(sk, osk);
 
         oax25 = ax25_sk(osk);
 
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 31ed4a9a1d06..5385835e9267 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -459,12 +459,7 @@ static struct sock *nr_make_new(struct sock *osk)
         sk->sk_sndbuf   = osk->sk_sndbuf;
         sk->sk_state    = TCP_ESTABLISHED;
         sk->sk_sleep    = osk->sk_sleep;
-
-        if (sock_flag(osk, SOCK_ZAPPED))
-                sock_set_flag(sk, SOCK_ZAPPED);
-
-        if (sock_flag(osk, SOCK_DBG))
-                sock_set_flag(sk, SOCK_DBG);
+        sock_copy_flags(sk, osk);
 
         skb_queue_head_init(&nr->ack_queue);
         skb_queue_head_init(&nr->reseq_queue);
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 7eb6a5bf93ea..3fe7e562125a 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -556,12 +556,7 @@ static struct sock *rose_make_new(struct sock *osk)
         sk->sk_sndbuf   = osk->sk_sndbuf;
         sk->sk_state    = TCP_ESTABLISHED;
         sk->sk_sleep    = osk->sk_sleep;
-
-        if (sock_flag(osk, SOCK_ZAPPED))
-                sock_set_flag(sk, SOCK_ZAPPED);
-
-        if (sock_flag(osk, SOCK_DBG))
-                sock_set_flag(sk, SOCK_DBG);
+        sock_copy_flags(sk, osk);
 
         init_timer(&rose->timer);
         init_timer(&rose->idletimer);