aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@woody.linux-foundation.org>2007-03-10 01:04:27 -0500
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-03-10 01:04:27 -0500
commitf47273e5c8f679220091335e0bed79e46237cfda (patch)
tree6a6e3d37210e723524deae2991e399e2c15d4d79
parentf4cd87aabb51fcc709b0dacc05b718c400c64172 (diff)
parentd2b02ed9487ed25832d19534575052e43f8e0c4f (diff)
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [IPV6] fix ipv6_getsockopt_sticky copy_to_user leak [IPV6]: Fix for ipv6_setsockopt NULL dereference [DCCP]: Initialise write_xmit_timer also on passive sockets [IPV4]: Fix rtm_to_ifaddr() error handling.
Diffstat
-rw-r--r--net/dccp/dccp.h1
-rw-r--r--net/dccp/output.c16
-rw-r--r--net/dccp/timer.c25
-rw-r--r--net/ipv4/devinet.c4
-rw-r--r--net/ipv6/ipv6_sockglue.c4
5 files changed, 31 insertions, 19 deletions
diff --git a/net/dccp/dccp.h b/net/dccp/dccp.h
index e33a9edb4036..a0e7cd183a5d 100644
--- a/net/dccp/dccp.h
+++ b/net/dccp/dccp.h
@@ -191,6 +191,7 @@ extern void dccp_send_sync(struct sock *sk, const u64 seq,
191 const enum dccp_pkt_type pkt_type); 191 const enum dccp_pkt_type pkt_type);
192 192
193extern void dccp_write_xmit(struct sock *sk, int block); 193extern void dccp_write_xmit(struct sock *sk, int block);
194extern void dccp_write_xmit_timer(unsigned long data);
194extern void dccp_write_space(struct sock *sk); 195extern void dccp_write_space(struct sock *sk);
195 196
196extern void dccp_init_xmit_timers(struct sock *sk); 197extern void dccp_init_xmit_timers(struct sock *sk);
diff --git a/net/dccp/output.c b/net/dccp/output.c
index 3282f2f2291b..aa21cc4de37f 100644
--- a/net/dccp/output.c
+++ b/net/dccp/output.c
@@ -213,19 +213,6 @@ do_interrupted:
213 goto out; 213 goto out;
214} 214}
215 215
216static void dccp_write_xmit_timer(unsigned long data) {
217 struct sock *sk = (struct sock *)data;
218 struct dccp_sock *dp = dccp_sk(sk);
219
220 bh_lock_sock(sk);
221 if (sock_owned_by_user(sk))
222 sk_reset_timer(sk, &dp->dccps_xmit_timer, jiffies+1);
223 else
224 dccp_write_xmit(sk, 0);
225 bh_unlock_sock(sk);
226 sock_put(sk);
227}
228
229void dccp_write_xmit(struct sock *sk, int block) 216void dccp_write_xmit(struct sock *sk, int block)
230{ 217{
231 struct dccp_sock *dp = dccp_sk(sk); 218 struct dccp_sock *dp = dccp_sk(sk);
@@ -434,9 +421,6 @@ static inline void dccp_connect_init(struct sock *sk)
434 dp->dccps_gar = dp->dccps_iss; 421 dp->dccps_gar = dp->dccps_iss;
435 422
436 icsk->icsk_retransmits = 0; 423 icsk->icsk_retransmits = 0;
437 init_timer(&dp->dccps_xmit_timer);
438 dp->dccps_xmit_timer.data = (unsigned long)sk;
439 dp->dccps_xmit_timer.function = dccp_write_xmit_timer;
440} 424}
441 425
442int dccp_connect(struct sock *sk) 426int dccp_connect(struct sock *sk)
diff --git a/net/dccp/timer.c b/net/dccp/timer.c
index 41ea0f6594c4..b038a0a3ad40 100644
--- a/net/dccp/timer.c
+++ b/net/dccp/timer.c
@@ -261,8 +261,33 @@ out:
261 sock_put(sk); 261 sock_put(sk);
262} 262}
263 263
264/* Transmit-delay timer: used by the CCIDs to delay actual send time */
265void dccp_write_xmit_timer(unsigned long data)
266{
267 struct sock *sk = (struct sock *)data;
268 struct dccp_sock *dp = dccp_sk(sk);
269
270 bh_lock_sock(sk);
271 if (sock_owned_by_user(sk))
272 sk_reset_timer(sk, &dp->dccps_xmit_timer, jiffies+1);
273 else
274 dccp_write_xmit(sk, 0);
275 bh_unlock_sock(sk);
276 sock_put(sk);
277}
278
279static void dccp_init_write_xmit_timer(struct sock *sk)
280{
281 struct dccp_sock *dp = dccp_sk(sk);
282
283 init_timer(&dp->dccps_xmit_timer);
284 dp->dccps_xmit_timer.data = (unsigned long)sk;
285 dp->dccps_xmit_timer.function = dccp_write_xmit_timer;
286}
287
264void dccp_init_xmit_timers(struct sock *sk) 288void dccp_init_xmit_timers(struct sock *sk)
265{ 289{
290 dccp_init_write_xmit_timer(sk);
266 inet_csk_init_xmit_timers(sk, &dccp_write_timer, &dccp_delack_timer, 291 inet_csk_init_xmit_timers(sk, &dccp_write_timer, &dccp_delack_timer,
267 &dccp_keepalive_timer); 292 &dccp_keepalive_timer);
268} 293}
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index e10794dc5f64..98a00d0edc76 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -502,8 +502,10 @@ static struct in_ifaddr *rtm_to_ifaddr(struct nlmsghdr *nlh)
502 goto errout; 502 goto errout;
503 503
504 ifm = nlmsg_data(nlh); 504 ifm = nlmsg_data(nlh);
505 if (ifm->ifa_prefixlen > 32 || tb[IFA_LOCAL] == NULL) 505 if (ifm->ifa_prefixlen > 32 || tb[IFA_LOCAL] == NULL) {
506 err = -EINVAL;
506 goto errout; 507 goto errout;
508 }
507 509
508 dev = __dev_get_by_index(ifm->ifa_index); 510 dev = __dev_get_by_index(ifm->ifa_index);
509 if (dev == NULL) { 511 if (dev == NULL) {
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 4e0561a082d0..f5f9582a8d39 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -413,7 +413,7 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
413 } 413 }
414 414
415 /* routing header option needs extra check */ 415 /* routing header option needs extra check */
416 if (optname == IPV6_RTHDR && opt->srcrt) { 416 if (optname == IPV6_RTHDR && opt && opt->srcrt) {
417 struct ipv6_rt_hdr *rthdr = opt->srcrt; 417 struct ipv6_rt_hdr *rthdr = opt->srcrt;
418 switch (rthdr->type) { 418 switch (rthdr->type) {
419 case IPV6_SRCRT_TYPE_0: 419 case IPV6_SRCRT_TYPE_0:
@@ -804,7 +804,7 @@ static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt,
804 return 0; 804 return 0;
805 hdr = opt->hopopt; 805 hdr = opt->hopopt;
806 806
807 len = min_t(int, len, ipv6_optlen(hdr)); 807 len = min_t(unsigned int, len, ipv6_optlen(hdr));
808 if (copy_to_user(optval, hdr, ipv6_optlen(hdr))) 808 if (copy_to_user(optval, hdr, ipv6_optlen(hdr)))
809 return -EFAULT; 809 return -EFAULT;
810 return len; 810 return len;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-15 19:05:16 -0500