<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/net, branch linux-2.6.11.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>[PATCH] netem: duplication fix</title>
<updated>2005-06-12T02:45:27+00:00</updated>
<author>
<name>Stephen Hemminger</name>
<email>shemminger@osdl.org</email>
</author>
<published>2005-06-08T16:30:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=03cc725bc4846ac0f9ed6203b6ac150980763359'/>
<id>03cc725bc4846ac0f9ed6203b6ac150980763359</id>
<content type='text'>
Netem duplication can cause infinite loop in qdisc_run
because the qlen of the parent qdisc is not affected by the duplication.

Signed-off-by: Stephen Hemminger &lt;shemminger@osdl.org&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Netem duplication can cause infinite loop in qdisc_run
because the qlen of the parent qdisc is not affected by the duplication.

Signed-off-by: Stephen Hemminger &lt;shemminger@osdl.org&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[PATCH] prevent bad forwarding table updates</title>
<updated>2005-06-12T02:45:26+00:00</updated>
<author>
<name>Stephen Hemminger</name>
<email>shemminger@osdl.org</email>
</author>
<published>2005-06-08T16:30:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c5187a40291642ae66928dd54bc83117286067d3'/>
<id>c5187a40291642ae66928dd54bc83117286067d3</id>
<content type='text'>
Avoid poisoning of the bridge forwarding table by frames that have been
dropped by filtering. This prevents spoofed source addresses on hostile
side of bridge from causing packet leakage, a small but possible security
risk.

Signed-off-by: Stephen Hemminger &lt;shemminger@osdl.org&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Avoid poisoning of the bridge forwarding table by frames that have been
dropped by filtering. This prevents spoofed source addresses on hostile
side of bridge from causing packet leakage, a small but possible security
risk.

Signed-off-by: Stephen Hemminger &lt;shemminger@osdl.org&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[PATCH] Fix deadlock with ip_queue and tcp local input path.</title>
<updated>2005-06-12T02:45:22+00:00</updated>
<author>
<name>Harald Welte</name>
<email>laforge@netfilter.org</email>
</author>
<published>2005-05-30T22:38:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=839c2379a6ed8ea9dd669d4c3206b85c5dff674e'/>
<id>839c2379a6ed8ea9dd669d4c3206b85c5dff674e</id>
<content type='text'>
When we have ip_queue being used from LOCAL_IN, then we end up with a
situation where the verdicts coming back from userspace traverse the TCP
input path from syscall context.  While this seems to work most of the
time, there's an ugly deadlock:

syscall context is interrupted by the timer interrupt.  When the timer
interrupt leaves, the timer softirq get's scheduled and calls
tcp_delack_timer() and alike.  They themselves do bh_lock_sock(sk),
which is already held from somewhere else -&gt; boom.

I've now tested the suggested solution by Patrick McHardy and Herbert Xu to
simply use local_bh_{en,dis}able().

Signed-off-by: Harald Welte &lt;laforge@netfilter.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When we have ip_queue being used from LOCAL_IN, then we end up with a
situation where the verdicts coming back from userspace traverse the TCP
input path from syscall context.  While this seems to work most of the
time, there's an ugly deadlock:

syscall context is interrupted by the timer interrupt.  When the timer
interrupt leaves, the timer softirq get's scheduled and calls
tcp_delack_timer() and alike.  They themselves do bh_lock_sock(sk),
which is already held from somewhere else -&gt; boom.

I've now tested the suggested solution by Patrick McHardy and Herbert Xu to
simply use local_bh_{en,dis}able().

Signed-off-by: Harald Welte &lt;laforge@netfilter.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[PATCH] Fix minor security hole</title>
<updated>2005-05-27T04:20:06+00:00</updated>
<author>
<name>ralf@linux-mips.org</name>
<email>ralf@linux-mips.org</email>
</author>
<published>2005-03-11T03:47:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=87127723a58fe970177ce087e079f2fffac2adce'/>
<id>87127723a58fe970177ce087e079f2fffac2adce</id>
<content type='text'>
ROSE wasn't verifying the ndigis argument of a new route resulting in a
minor security hole.

Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
ROSE wasn't verifying the ndigis argument of a new route resulting in a
minor security hole.

Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[PATCH] Fix smp race.</title>
<updated>2005-05-27T04:20:02+00:00</updated>
<author>
<name>bdschuym@pandora.be</name>
<email>bdschuym@pandora.be</email>
</author>
<published>2005-03-15T05:22:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5ba07d5c81af64d42937a4027ea7c930bdd8bf9e'/>
<id>5ba07d5c81af64d42937a4027ea7c930bdd8bf9e</id>
<content type='text'>
The patch below fixes an smp race that happens on such systems under
heavy load.
This bug was reported and solved by Steve Herrell
&lt;steve_herrell@yahoo.ca&gt;

Signed-off-by: Bart De Schuymer &lt;bdschuym@pandora.be&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The patch below fixes an smp race that happens on such systems under
heavy load.
This bug was reported and solved by Steve Herrell
&lt;steve_herrell@yahoo.ca&gt;

Signed-off-by: Bart De Schuymer &lt;bdschuym@pandora.be&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[PATCH] Fix BIC congestion avoidance algorithm error</title>
<updated>2005-05-12T17:00:20+00:00</updated>
<author>
<name>davem@davemloft.net</name>
<email>davem@davemloft.net</email>
</author>
<published>2005-04-07T18:45:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a4e879009d8be23efd79e4f18fcdbcfa9fcc83e1'/>
<id>a4e879009d8be23efd79e4f18fcdbcfa9fcc83e1</id>
<content type='text'>
Since BIC is the default congestion control algorithm
enabled in every 2.6.x kernel out there, fixing errors
in it becomes quite critical.

A flaw in the loss handling caused it to not perform
the binary search regimen of the BIC algorithm
properly.

The fix below from Stephen Hemminger has been heavily
verified.

[TCP]: BIC not binary searching correctly

While redoing BIC for the split up version, I discovered that the existing
2.6.11 code doesn't really do binary search. It ends up being just a slightly
modified version of Reno.  See attached graphs to see the effect over simulated
1mbit environment.

The problem is that BIC is supposed to reset the cwnd to the last loss value
rather than ssthresh when loss is detected.  The correct code (from the BIC
TCP code for Web100) is in this patch.

Signed-off-by: Stephen Hemminger &lt;shemminger@osdl.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Since BIC is the default congestion control algorithm
enabled in every 2.6.x kernel out there, fixing errors
in it becomes quite critical.

A flaw in the loss handling caused it to not perform
the binary search regimen of the BIC algorithm
properly.

The fix below from Stephen Hemminger has been heavily
verified.

[TCP]: BIC not binary searching correctly

While redoing BIC for the split up version, I discovered that the existing
2.6.11 code doesn't really do binary search. It ends up being just a slightly
modified version of Reno.  See attached graphs to see the effect over simulated
1mbit environment.

The problem is that BIC is supposed to reset the cwnd to the last loss value
rather than ssthresh when loss is detected.  The correct code (from the BIC
TCP code for Web100) is in this patch.

Signed-off-by: Stephen Hemminger &lt;shemminger@osdl.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[PATCH] Do not hold state lock while checking size</title>
<updated>2005-05-12T17:00:19+00:00</updated>
<author>
<name>kaber@trash.net</name>
<email>kaber@trash.net</email>
</author>
<published>2005-04-07T18:31:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=92ef2364e62254d5a36d30ffc7f447ac5358b06e'/>
<id>92ef2364e62254d5a36d30ffc7f447ac5358b06e</id>
<content type='text'>
This patch from Herbert Xu fixes a deadlock with IPsec.
When an ICMP frag. required is sent and the ICMP message
needs the same SA as the packet that caused it the state
will be locked twice.

[IPSEC]: Do not hold state lock while checking size.

This can elicit ICMP message output and thus result in a
deadlock.

Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch from Herbert Xu fixes a deadlock with IPsec.
When an ICMP frag. required is sent and the ICMP message
needs the same SA as the packet that caused it the state
will be locked twice.

[IPSEC]: Do not hold state lock while checking size.

This can elicit ICMP message output and thus result in a
deadlock.

Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[PATCH] Fix signedness problem at socket creation</title>
<updated>2005-05-12T17:00:16+00:00</updated>
<author>
<name>Marcel Holtmann</name>
<email>marcel@holtmann.org</email>
</author>
<published>2005-03-26T01:49:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ff8b1b95f7ed208ce29b7c1d9d33abbd7ca447d7'/>
<id>ff8b1b95f7ed208ce29b7c1d9d33abbd7ca447d7</id>
<content type='text'>
CAN-2005-0750 is assigned to this issue

ilja &lt;ilja@suresec.org&gt; discovered potential local root exploit in
bluetooth socket creation.

This patch fixes a small signedness problem when creating the
socket.

Signed-off-by: Marcel Holtmann &lt;marcel@holtmann.org&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
CAN-2005-0750 is assigned to this issue

ilja &lt;ilja@suresec.org&gt; discovered potential local root exploit in
bluetooth socket creation.

This patch fixes a small signedness problem when creating the
socket.

Signed-off-by: Marcel Holtmann &lt;marcel@holtmann.org&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[PATCH] Fix __xfrm_find_acq_byseq()</title>
<updated>2005-05-12T17:00:13+00:00</updated>
<author>
<name>davem@davemloft.net</name>
<email>davem@davemloft.net</email>
</author>
<published>2005-03-19T05:39:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ebf0f01a315493367b4c069cca0b06b99b387fb3'/>
<id>ebf0f01a315493367b4c069cca0b06b99b387fb3</id>
<content type='text'>
This function, as it's name implies, is supposed to only
return IPSEC objects which are in the XFRM_STATE_ACQ
("acquire") state.  But it returns any object with the
matching sequence number.

This is wrong and confuses IPSEC daemons to no end.

[XFRM]: xfrm_find_acq_byseq should only return XFRM_STATE_ACQ states.

Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This function, as it's name implies, is supposed to only
return IPSEC objects which are in the XFRM_STATE_ACQ
("acquire") state.  But it returns any object with the
matching sequence number.

This is wrong and confuses IPSEC daemons to no end.

[XFRM]: xfrm_find_acq_byseq should only return XFRM_STATE_ACQ states.

Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>[PATCH] Fix crash while reading /proc/net/route</title>
<updated>2005-05-12T17:00:13+00:00</updated>
<author>
<name>kaber@trash.net</name>
<email>kaber@trash.net</email>
</author>
<published>2005-03-19T05:37:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1b1530aa9b161a2f9f077f075853063bece4e008'/>
<id>1b1530aa9b161a2f9f077f075853063bece4e008</id>
<content type='text'>
[IPV4]: Fix crash while reading /proc/net/route caused by stale pointers

Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[IPV4]: Fix crash while reading /proc/net/route caused by stale pointers

Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Chris Wright &lt;chrisw@osdl.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</pre>
</div>
</content>
</entry>
</feed>
