<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/net/sctp/socket.c, branch v3.2.37</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>sctp: fix -ENOMEM result with invalid user space pointer in sendto() syscall</title>
<updated>2013-01-03T03:33:50+00:00</updated>
<author>
<name>Tommi Rantala</name>
<email>tt.rantala@gmail.com</email>
</author>
<published>2012-11-22T03:23:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1d8aa66c08211b4d889b57f42f7b2fa22a2d6291'/>
<id>1d8aa66c08211b4d889b57f42f7b2fa22a2d6291</id>
<content type='text'>
[ Upstream commit 6e51fe7572590d8d86e93b547fab6693d305fd0d ]

Consider the following program, that sets the second argument to the
sendto() syscall incorrectly:

 #include &lt;string.h&gt;
 #include &lt;arpa/inet.h&gt;
 #include &lt;sys/socket.h&gt;

 int main(void)
 {
         int fd;
         struct sockaddr_in sa;

         fd = socket(AF_INET, SOCK_STREAM, 132 /*IPPROTO_SCTP*/);
         if (fd &lt; 0)
                 return 1;

         memset(&amp;sa, 0, sizeof(sa));
         sa.sin_family = AF_INET;
         sa.sin_addr.s_addr = inet_addr("127.0.0.1");
         sa.sin_port = htons(11111);

         sendto(fd, NULL, 1, 0, (struct sockaddr *)&amp;sa, sizeof(sa));

         return 0;
 }

We get -ENOMEM:

 $ strace -e sendto ./demo
 sendto(3, NULL, 1, 0, {sa_family=AF_INET, sin_port=htons(11111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ENOMEM (Cannot allocate memory)

Propagate the error code from sctp_user_addto_chunk(), so that we will
tell user space what actually went wrong:

 $ strace -e sendto ./demo
 sendto(3, NULL, 1, 0, {sa_family=AF_INET, sin_port=htons(11111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EFAULT (Bad address)

Noticed while running Trinity (the syscall fuzzer).

Signed-off-by: Tommi Rantala &lt;tt.rantala@gmail.com&gt;
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 6e51fe7572590d8d86e93b547fab6693d305fd0d ]

Consider the following program, that sets the second argument to the
sendto() syscall incorrectly:

 #include &lt;string.h&gt;
 #include &lt;arpa/inet.h&gt;
 #include &lt;sys/socket.h&gt;

 int main(void)
 {
         int fd;
         struct sockaddr_in sa;

         fd = socket(AF_INET, SOCK_STREAM, 132 /*IPPROTO_SCTP*/);
         if (fd &lt; 0)
                 return 1;

         memset(&amp;sa, 0, sizeof(sa));
         sa.sin_family = AF_INET;
         sa.sin_addr.s_addr = inet_addr("127.0.0.1");
         sa.sin_port = htons(11111);

         sendto(fd, NULL, 1, 0, (struct sockaddr *)&amp;sa, sizeof(sa));

         return 0;
 }

We get -ENOMEM:

 $ strace -e sendto ./demo
 sendto(3, NULL, 1, 0, {sa_family=AF_INET, sin_port=htons(11111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ENOMEM (Cannot allocate memory)

Propagate the error code from sctp_user_addto_chunk(), so that we will
tell user space what actually went wrong:

 $ strace -e sendto ./demo
 sendto(3, NULL, 1, 0, {sa_family=AF_INET, sin_port=htons(11111), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EFAULT (Bad address)

Noticed while running Trinity (the syscall fuzzer).

Signed-off-by: Tommi Rantala &lt;tt.rantala@gmail.com&gt;
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>sctp: Fix list corruption resulting from freeing an association on a list</title>
<updated>2012-08-19T17:15:22+00:00</updated>
<author>
<name>Neil Horman</name>
<email>nhorman@tuxdriver.com</email>
</author>
<published>2012-07-16T09:13:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e44b8b47d096751cb15a81b4c0f83a05fc1f49c8'/>
<id>e44b8b47d096751cb15a81b4c0f83a05fc1f49c8</id>
<content type='text'>
[ Upstream commit 2eebc1e188e9e45886ee00662519849339884d6d ]

A few days ago Dave Jones reported this oops:

[22766.294255] general protection fault: 0000 [#1] PREEMPT SMP
[22766.295376] CPU 0
[22766.295384] Modules linked in:
[22766.387137]  ffffffffa169f292 6b6b6b6b6b6b6b6b ffff880147c03a90
ffff880147c03a74
[22766.387135] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 00000000000
[22766.387136] Process trinity-watchdo (pid: 10896, threadinfo ffff88013e7d2000,
[22766.387137] Stack:
[22766.387140]  ffff880147c03a10
[22766.387140]  ffffffffa169f2b6
[22766.387140]  ffff88013ed95728
[22766.387143]  0000000000000002
[22766.387143]  0000000000000000
[22766.387143]  ffff880003fad062
[22766.387144]  ffff88013c120000
[22766.387144]
[22766.387145] Call Trace:
[22766.387145]  &lt;IRQ&gt;
[22766.387150]  [&lt;ffffffffa169f292&gt;] ? __sctp_lookup_association+0x62/0xd0
[sctp]
[22766.387154]  [&lt;ffffffffa169f2b6&gt;] __sctp_lookup_association+0x86/0xd0 [sctp]
[22766.387157]  [&lt;ffffffffa169f597&gt;] sctp_rcv+0x207/0xbb0 [sctp]
[22766.387161]  [&lt;ffffffff810d4da8&gt;] ? trace_hardirqs_off_caller+0x28/0xd0
[22766.387163]  [&lt;ffffffff815827e3&gt;] ? nf_hook_slow+0x133/0x210
[22766.387166]  [&lt;ffffffff815902fc&gt;] ? ip_local_deliver_finish+0x4c/0x4c0
[22766.387168]  [&lt;ffffffff8159043d&gt;] ip_local_deliver_finish+0x18d/0x4c0
[22766.387169]  [&lt;ffffffff815902fc&gt;] ? ip_local_deliver_finish+0x4c/0x4c0
[22766.387171]  [&lt;ffffffff81590a07&gt;] ip_local_deliver+0x47/0x80
[22766.387172]  [&lt;ffffffff8158fd80&gt;] ip_rcv_finish+0x150/0x680
[22766.387174]  [&lt;ffffffff81590c54&gt;] ip_rcv+0x214/0x320
[22766.387176]  [&lt;ffffffff81558c07&gt;] __netif_receive_skb+0x7b7/0x910
[22766.387178]  [&lt;ffffffff8155856c&gt;] ? __netif_receive_skb+0x11c/0x910
[22766.387180]  [&lt;ffffffff810d423e&gt;] ? put_lock_stats.isra.25+0xe/0x40
[22766.387182]  [&lt;ffffffff81558f83&gt;] netif_receive_skb+0x23/0x1f0
[22766.387183]  [&lt;ffffffff815596a9&gt;] ? dev_gro_receive+0x139/0x440
[22766.387185]  [&lt;ffffffff81559280&gt;] napi_skb_finish+0x70/0xa0
[22766.387187]  [&lt;ffffffff81559cb5&gt;] napi_gro_receive+0xf5/0x130
[22766.387218]  [&lt;ffffffffa01c4679&gt;] e1000_receive_skb+0x59/0x70 [e1000e]
[22766.387242]  [&lt;ffffffffa01c5aab&gt;] e1000_clean_rx_irq+0x28b/0x460 [e1000e]
[22766.387266]  [&lt;ffffffffa01c9c18&gt;] e1000e_poll+0x78/0x430 [e1000e]
[22766.387268]  [&lt;ffffffff81559fea&gt;] net_rx_action+0x1aa/0x3d0
[22766.387270]  [&lt;ffffffff810a495f&gt;] ? account_system_vtime+0x10f/0x130
[22766.387273]  [&lt;ffffffff810734d0&gt;] __do_softirq+0xe0/0x420
[22766.387275]  [&lt;ffffffff8169826c&gt;] call_softirq+0x1c/0x30
[22766.387278]  [&lt;ffffffff8101db15&gt;] do_softirq+0xd5/0x110
[22766.387279]  [&lt;ffffffff81073bc5&gt;] irq_exit+0xd5/0xe0
[22766.387281]  [&lt;ffffffff81698b03&gt;] do_IRQ+0x63/0xd0
[22766.387283]  [&lt;ffffffff8168ee2f&gt;] common_interrupt+0x6f/0x6f
[22766.387283]  &lt;EOI&gt;
[22766.387284]
[22766.387285]  [&lt;ffffffff8168eed9&gt;] ? retint_swapgs+0x13/0x1b
[22766.387285] Code: c0 90 5d c3 66 0f 1f 44 00 00 4c 89 c8 5d c3 0f 1f 00 55 48
89 e5 48 83
ec 20 48 89 5d e8 4c 89 65 f0 4c 89 6d f8 66 66 66 66 90 &lt;0f&gt; b7 87 98 00 00 00
48 89 fb
49 89 f5 66 c1 c0 08 66 39 46 02
[22766.387307]
[22766.387307] RIP
[22766.387311]  [&lt;ffffffffa168a2c9&gt;] sctp_assoc_is_match+0x19/0x90 [sctp]
[22766.387311]  RSP &lt;ffff880147c039b0&gt;
[22766.387142]  ffffffffa16ab120
[22766.599537] ---[ end trace 3f6dae82e37b17f5 ]---
[22766.601221] Kernel panic - not syncing: Fatal exception in interrupt

It appears from his analysis and some staring at the code that this is likely
occuring because an association is getting freed while still on the
sctp_assoc_hashtable.  As a result, we get a gpf when traversing the hashtable
while a freed node corrupts part of the list.

Nominally I would think that an mibalanced refcount was responsible for this,
but I can't seem to find any obvious imbalance.  What I did note however was
that the two places where we create an association using
sctp_primitive_ASSOCIATE (__sctp_connect and sctp_sendmsg), have failure paths
which free a newly created association after calling sctp_primitive_ASSOCIATE.
sctp_primitive_ASSOCIATE brings us into the sctp_sf_do_prm_asoc path, which
issues a SCTP_CMD_NEW_ASOC side effect, which in turn adds a new association to
the aforementioned hash table.  the sctp command interpreter that process side
effects has not way to unwind previously processed commands, so freeing the
association from the __sctp_connect or sctp_sendmsg error path would lead to a
freed association remaining on this hash table.

I've fixed this but modifying sctp_[un]hash_established to use hlist_del_init,
which allows us to proerly use hlist_unhashed to check if the node is on a
hashlist safely during a delete.  That in turn alows us to safely call
sctp_unhash_established in the __sctp_connect and sctp_sendmsg error paths
before freeing them, regardles of what the associations state is on the hash
list.

I noted, while I was doing this, that the __sctp_unhash_endpoint was using
hlist_unhsashed in a simmilar fashion, but never nullified any removed nodes
pointers to make that function work properly, so I fixed that up in a simmilar
fashion.

I attempted to test this using a virtual guest running the SCTP_RR test from
netperf in a loop while running the trinity fuzzer, both in a loop.  I wasn't
able to recreate the problem prior to this fix, nor was I able to trigger the
failure after (neither of which I suppose is suprising).  Given the trace above
however, I think its likely that this is what we hit.

Signed-off-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Reported-by: davej@redhat.com
CC: davej@redhat.com
CC: "David S. Miller" &lt;davem@davemloft.net&gt;
CC: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
CC: Sridhar Samudrala &lt;sri@us.ibm.com&gt;
CC: linux-sctp@vger.kernel.org
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 2eebc1e188e9e45886ee00662519849339884d6d ]

A few days ago Dave Jones reported this oops:

[22766.294255] general protection fault: 0000 [#1] PREEMPT SMP
[22766.295376] CPU 0
[22766.295384] Modules linked in:
[22766.387137]  ffffffffa169f292 6b6b6b6b6b6b6b6b ffff880147c03a90
ffff880147c03a74
[22766.387135] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 00000000000
[22766.387136] Process trinity-watchdo (pid: 10896, threadinfo ffff88013e7d2000,
[22766.387137] Stack:
[22766.387140]  ffff880147c03a10
[22766.387140]  ffffffffa169f2b6
[22766.387140]  ffff88013ed95728
[22766.387143]  0000000000000002
[22766.387143]  0000000000000000
[22766.387143]  ffff880003fad062
[22766.387144]  ffff88013c120000
[22766.387144]
[22766.387145] Call Trace:
[22766.387145]  &lt;IRQ&gt;
[22766.387150]  [&lt;ffffffffa169f292&gt;] ? __sctp_lookup_association+0x62/0xd0
[sctp]
[22766.387154]  [&lt;ffffffffa169f2b6&gt;] __sctp_lookup_association+0x86/0xd0 [sctp]
[22766.387157]  [&lt;ffffffffa169f597&gt;] sctp_rcv+0x207/0xbb0 [sctp]
[22766.387161]  [&lt;ffffffff810d4da8&gt;] ? trace_hardirqs_off_caller+0x28/0xd0
[22766.387163]  [&lt;ffffffff815827e3&gt;] ? nf_hook_slow+0x133/0x210
[22766.387166]  [&lt;ffffffff815902fc&gt;] ? ip_local_deliver_finish+0x4c/0x4c0
[22766.387168]  [&lt;ffffffff8159043d&gt;] ip_local_deliver_finish+0x18d/0x4c0
[22766.387169]  [&lt;ffffffff815902fc&gt;] ? ip_local_deliver_finish+0x4c/0x4c0
[22766.387171]  [&lt;ffffffff81590a07&gt;] ip_local_deliver+0x47/0x80
[22766.387172]  [&lt;ffffffff8158fd80&gt;] ip_rcv_finish+0x150/0x680
[22766.387174]  [&lt;ffffffff81590c54&gt;] ip_rcv+0x214/0x320
[22766.387176]  [&lt;ffffffff81558c07&gt;] __netif_receive_skb+0x7b7/0x910
[22766.387178]  [&lt;ffffffff8155856c&gt;] ? __netif_receive_skb+0x11c/0x910
[22766.387180]  [&lt;ffffffff810d423e&gt;] ? put_lock_stats.isra.25+0xe/0x40
[22766.387182]  [&lt;ffffffff81558f83&gt;] netif_receive_skb+0x23/0x1f0
[22766.387183]  [&lt;ffffffff815596a9&gt;] ? dev_gro_receive+0x139/0x440
[22766.387185]  [&lt;ffffffff81559280&gt;] napi_skb_finish+0x70/0xa0
[22766.387187]  [&lt;ffffffff81559cb5&gt;] napi_gro_receive+0xf5/0x130
[22766.387218]  [&lt;ffffffffa01c4679&gt;] e1000_receive_skb+0x59/0x70 [e1000e]
[22766.387242]  [&lt;ffffffffa01c5aab&gt;] e1000_clean_rx_irq+0x28b/0x460 [e1000e]
[22766.387266]  [&lt;ffffffffa01c9c18&gt;] e1000e_poll+0x78/0x430 [e1000e]
[22766.387268]  [&lt;ffffffff81559fea&gt;] net_rx_action+0x1aa/0x3d0
[22766.387270]  [&lt;ffffffff810a495f&gt;] ? account_system_vtime+0x10f/0x130
[22766.387273]  [&lt;ffffffff810734d0&gt;] __do_softirq+0xe0/0x420
[22766.387275]  [&lt;ffffffff8169826c&gt;] call_softirq+0x1c/0x30
[22766.387278]  [&lt;ffffffff8101db15&gt;] do_softirq+0xd5/0x110
[22766.387279]  [&lt;ffffffff81073bc5&gt;] irq_exit+0xd5/0xe0
[22766.387281]  [&lt;ffffffff81698b03&gt;] do_IRQ+0x63/0xd0
[22766.387283]  [&lt;ffffffff8168ee2f&gt;] common_interrupt+0x6f/0x6f
[22766.387283]  &lt;EOI&gt;
[22766.387284]
[22766.387285]  [&lt;ffffffff8168eed9&gt;] ? retint_swapgs+0x13/0x1b
[22766.387285] Code: c0 90 5d c3 66 0f 1f 44 00 00 4c 89 c8 5d c3 0f 1f 00 55 48
89 e5 48 83
ec 20 48 89 5d e8 4c 89 65 f0 4c 89 6d f8 66 66 66 66 90 &lt;0f&gt; b7 87 98 00 00 00
48 89 fb
49 89 f5 66 c1 c0 08 66 39 46 02
[22766.387307]
[22766.387307] RIP
[22766.387311]  [&lt;ffffffffa168a2c9&gt;] sctp_assoc_is_match+0x19/0x90 [sctp]
[22766.387311]  RSP &lt;ffff880147c039b0&gt;
[22766.387142]  ffffffffa16ab120
[22766.599537] ---[ end trace 3f6dae82e37b17f5 ]---
[22766.601221] Kernel panic - not syncing: Fatal exception in interrupt

It appears from his analysis and some staring at the code that this is likely
occuring because an association is getting freed while still on the
sctp_assoc_hashtable.  As a result, we get a gpf when traversing the hashtable
while a freed node corrupts part of the list.

Nominally I would think that an mibalanced refcount was responsible for this,
but I can't seem to find any obvious imbalance.  What I did note however was
that the two places where we create an association using
sctp_primitive_ASSOCIATE (__sctp_connect and sctp_sendmsg), have failure paths
which free a newly created association after calling sctp_primitive_ASSOCIATE.
sctp_primitive_ASSOCIATE brings us into the sctp_sf_do_prm_asoc path, which
issues a SCTP_CMD_NEW_ASOC side effect, which in turn adds a new association to
the aforementioned hash table.  the sctp command interpreter that process side
effects has not way to unwind previously processed commands, so freeing the
association from the __sctp_connect or sctp_sendmsg error path would lead to a
freed association remaining on this hash table.

I've fixed this but modifying sctp_[un]hash_established to use hlist_del_init,
which allows us to proerly use hlist_unhashed to check if the node is on a
hashlist safely during a delete.  That in turn alows us to safely call
sctp_unhash_established in the __sctp_connect and sctp_sendmsg error paths
before freeing them, regardles of what the associations state is on the hash
list.

I noted, while I was doing this, that the __sctp_unhash_endpoint was using
hlist_unhsashed in a simmilar fashion, but never nullified any removed nodes
pointers to make that function work properly, so I fixed that up in a simmilar
fashion.

I attempted to test this using a virtual guest running the SCTP_RR test from
netperf in a loop while running the trinity fuzzer, both in a loop.  I wasn't
able to recreate the problem prior to this fix, nor was I able to trigger the
failure after (neither of which I suppose is suprising).  Given the trace above
however, I think its likely that this is what we hit.

Signed-off-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Reported-by: davej@redhat.com
CC: davej@redhat.com
CC: "David S. Miller" &lt;davem@davemloft.net&gt;
CC: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
CC: Sridhar Samudrala &lt;sri@us.ibm.com&gt;
CC: linux-sctp@vger.kernel.org
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>sctp: Allow struct sctp_event_subscribe to grow without breaking binaries</title>
<updated>2012-05-11T12:14:18+00:00</updated>
<author>
<name>Thomas Graf</name>
<email>tgraf@infradead.org</email>
</author>
<published>2012-04-03T22:17:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a13e640b8d17e0a5ab4b388431f877e2feef7abf'/>
<id>a13e640b8d17e0a5ab4b388431f877e2feef7abf</id>
<content type='text'>
[ Upstream commit acdd5985364f8dc511a0762fab2e683f29d9d692 ]

getsockopt(..., SCTP_EVENTS, ...) performs a length check and returns
an error if the user provides less bytes than the size of struct
sctp_event_subscribe.

Struct sctp_event_subscribe needs to be extended by an u8 for every
new event or notification type that is added.

This obviously makes getsockopt fail for binaries that are compiled
against an older versions of &lt;net/sctp/user.h&gt; which do not contain
all event types.

This patch changes getsockopt behaviour to no longer return an error
if not enough bytes are being provided by the user. Instead, it
returns as much of sctp_event_subscribe as fits into the provided buffer.

This leads to the new behavior that users see what they have been aware
of at compile time.

The setsockopt(..., SCTP_EVENTS, ...) API is already behaving like this.

Signed-off-by: Thomas Graf &lt;tgraf@suug.ch&gt;
Acked-by: Vlad Yasevich &lt;vladislav.yasevich@hp.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit acdd5985364f8dc511a0762fab2e683f29d9d692 ]

getsockopt(..., SCTP_EVENTS, ...) performs a length check and returns
an error if the user provides less bytes than the size of struct
sctp_event_subscribe.

Struct sctp_event_subscribe needs to be extended by an u8 for every
new event or notification type that is added.

This obviously makes getsockopt fail for binaries that are compiled
against an older versions of &lt;net/sctp/user.h&gt; which do not contain
all event types.

This patch changes getsockopt behaviour to no longer return an error
if not enough bytes are being provided by the user. Instead, it
returns as much of sctp_event_subscribe as fits into the provided buffer.

This leads to the new behavior that users see what they have been aware
of at compile time.

The setsockopt(..., SCTP_EVENTS, ...) API is already behaving like this.

Signed-off-by: Thomas Graf &lt;tgraf@suug.ch&gt;
Acked-by: Vlad Yasevich &lt;vladislav.yasevich@hp.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>sctp: fix incorrect overflow check on autoclose</title>
<updated>2011-12-19T21:25:46+00:00</updated>
<author>
<name>Xi Wang</name>
<email>xi.wang@gmail.com</email>
</author>
<published>2011-12-16T12:44:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2692ba61a82203404abd7dd2a027bda962861f74'/>
<id>2692ba61a82203404abd7dd2a027bda962861f74</id>
<content type='text'>
Commit 8ffd3208 voids the previous patches f6778aab and 810c0719 for
limiting the autoclose value.  If userspace passes in -1 on 32-bit
platform, the overflow check didn't work and autoclose would be set
to 0xffffffff.

This patch defines a max_autoclose (in seconds) for limiting the value
and exposes it through sysctl, with the following intentions.

1) Avoid overflowing autoclose * HZ.

2) Keep the default autoclose bound consistent across 32- and 64-bit
   platforms (INT_MAX / HZ in this patch).

3) Keep the autoclose value consistent between setsockopt() and
   getsockopt() calls.

Suggested-by: Vlad Yasevich &lt;vladislav.yasevich@hp.com&gt;
Signed-off-by: Xi Wang &lt;xi.wang@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Commit 8ffd3208 voids the previous patches f6778aab and 810c0719 for
limiting the autoclose value.  If userspace passes in -1 on 32-bit
platform, the overflow check didn't work and autoclose would be set
to 0xffffffff.

This patch defines a max_autoclose (in seconds) for limiting the value
and exposes it through sysctl, with the following intentions.

1) Avoid overflowing autoclose * HZ.

2) Keep the default autoclose bound consistent across 32- and 64-bit
   platforms (INT_MAX / HZ in this patch).

3) Keep the autoclose value consistent between setsockopt() and
   getsockopt() calls.

Suggested-by: Vlad Yasevich &lt;vladislav.yasevich@hp.com&gt;
Signed-off-by: Xi Wang &lt;xi.wang@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules</title>
<updated>2011-10-31T23:30:30+00:00</updated>
<author>
<name>Paul Gortmaker</name>
<email>paul.gortmaker@windriver.com</email>
</author>
<published>2011-07-15T15:47:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=bc3b2d7fb9b014d75ebb79ba371a763dbab5e8cf'/>
<id>bc3b2d7fb9b014d75ebb79ba371a763dbab5e8cf</id>
<content type='text'>
These files are non modular, but need to export symbols using
the macros now living in export.h -- call out the include so
that things won't break when we remove the implicit presence
of module.h from everywhere.

Signed-off-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
These files are non modular, but need to export symbols using
the macros now living in export.h -- call out the include so
that things won't break when we remove the implicit presence
of module.h from everywhere.

Signed-off-by: Paul Gortmaker &lt;paul.gortmaker@windriver.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6</title>
<updated>2011-07-14T14:56:40+00:00</updated>
<author>
<name>David S. Miller</name>
<email>davem@davemloft.net</email>
</author>
<published>2011-07-14T14:56:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=6a7ebdf2fd15417e87b4fd02ff411aeaca34da5f'/>
<id>6a7ebdf2fd15417e87b4fd02ff411aeaca34da5f</id>
<content type='text'>
Conflicts:
	net/bluetooth/l2cap_core.c
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Conflicts:
	net/bluetooth/l2cap_core.c
</pre>
</div>
</content>
</entry>
<entry>
<title>sctp: ABORT if receive, reassmbly, or reodering queue is not empty while closing socket</title>
<updated>2011-07-08T16:53:08+00:00</updated>
<author>
<name>Thomas Graf</name>
<email>tgraf@infradead.org</email>
</author>
<published>2011-07-08T04:37:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=cd4fcc704f30f2064ab30b5300d44d431e46db50'/>
<id>cd4fcc704f30f2064ab30b5300d44d431e46db50</id>
<content type='text'>
Trigger user ABORT if application closes a socket which has data
queued on the socket receive queue or chunks waiting on the
reassembly or ordering queue as this would imply data being lost
which defeats the point of a graceful shutdown.

This behavior is already practiced in TCP.

We do not check the input queue because that would mean to parse
all chunks on it to look for unacknowledged data which seems too
much of an effort. Control chunks or duplicated chunks may also
be in the input queue and should not be stopping a graceful
shutdown.

Signed-off-by: Thomas Graf &lt;tgraf@infradead.org&gt;
Acked-by: Vlad Yasevich &lt;vladislav.yasevich@hp.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Trigger user ABORT if application closes a socket which has data
queued on the socket receive queue or chunks waiting on the
reassembly or ordering queue as this would imply data being lost
which defeats the point of a graceful shutdown.

This behavior is already practiced in TCP.

We do not check the input queue because that would mean to parse
all chunks on it to look for unacknowledged data which seems too
much of an effort. Control chunks or duplicated chunks may also
be in the input queue and should not be stopping a graceful
shutdown.

Signed-off-by: Thomas Graf &lt;tgraf@infradead.org&gt;
Acked-by: Vlad Yasevich &lt;vladislav.yasevich@hp.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>sctp: fix missing send up SCTP_SENDER_DRY_EVENT when subscribe it</title>
<updated>2011-07-07T11:10:26+00:00</updated>
<author>
<name>Wei Yongjun</name>
<email>yjwei@cn.fujitsu.com</email>
</author>
<published>2011-07-02T09:28:04+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=949123016a2ef578009b6aa3e98d45d1a154ebfb'/>
<id>949123016a2ef578009b6aa3e98d45d1a154ebfb</id>
<content type='text'>
We forgot to send up SCTP_SENDER_DRY_EVENT notification when
user app subscribes to this event, and there is no data to be
sent or retransmit.

This is required by the Socket API and used by the DTLS/SCTP
implementation.

Reported-by: Michael Tüxen &lt;Michael.Tuexen@lurchi.franken.de&gt;
Signed-off-by: Wei Yongjun &lt;yjwei@cn.fujitsu.com&gt;
Tested-by: Robin Seggelmann &lt;seggelmann@fh-muenster.de&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We forgot to send up SCTP_SENDER_DRY_EVENT notification when
user app subscribes to this event, and there is no data to be
sent or retransmit.

This is required by the Socket API and used by the DTLS/SCTP
implementation.

Reported-by: Michael Tüxen &lt;Michael.Tuexen@lurchi.franken.de&gt;
Signed-off-by: Wei Yongjun &lt;yjwei@cn.fujitsu.com&gt;
Tested-by: Robin Seggelmann &lt;seggelmann@fh-muenster.de&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>sctp: Reduce switch/case indent</title>
<updated>2011-07-01T23:11:16+00:00</updated>
<author>
<name>Joe Perches</name>
<email>joe@perches.com</email>
</author>
<published>2011-07-01T09:43:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7fd71b1e0787d4d32c6225ca59e23e522cd67cc3'/>
<id>7fd71b1e0787d4d32c6225ca59e23e522cd67cc3</id>
<content type='text'>
Make the case labels the same indent as the switch.

git diff -w shows useless break;s removed after returns
and a comment added to an unnecessary default: break;
because of a dubious gcc warning.

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Make the case labels the same indent as the switch.

git diff -w shows useless break;s removed after returns
and a comment added to an unnecessary default: break;
because of a dubious gcc warning.

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: Remove casts of void *</title>
<updated>2011-06-17T03:19:27+00:00</updated>
<author>
<name>Joe Perches</name>
<email>joe@perches.com</email>
</author>
<published>2011-06-13T16:21:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ea110733874d5176cb56dcf612a629ffac09dbf0'/>
<id>ea110733874d5176cb56dcf612a629ffac09dbf0</id>
<content type='text'>
Unnecessary casts of void * clutter the code.

These are the remainder casts after several specific
patches to remove netdev_priv and dev_priv.

Done via coccinelle script:

$ cat cast_void_pointer.cocci
@@
type T;
T *pt;
void *pv;
@@

- pt = (T *)pv;
+ pt = pv;

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
Acked-by: Paul Moore &lt;paul.moore@hp.com&gt;
Signed-off-by: David S. Miller &lt;davem@conan.davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Unnecessary casts of void * clutter the code.

These are the remainder casts after several specific
patches to remove netdev_priv and dev_priv.

Done via coccinelle script:

$ cat cast_void_pointer.cocci
@@
type T;
T *pt;
void *pv;
@@

- pt = (T *)pv;
+ pt = pv;

Signed-off-by: Joe Perches &lt;joe@perches.com&gt;
Acked-by: Paul Moore &lt;paul.moore@hp.com&gt;
Signed-off-by: David S. Miller &lt;davem@conan.davemloft.net&gt;
</pre>
</div>
</content>
</entry>
</feed>
