[kernel] r12301 - in dists/sid/linux-2.6/debian: . patches/features/all/openvz
Maximilian Attems
maks at alioth.debian.org
Sun Oct 12 11:44:32 UTC 2008
Author: maks
Date: Sun Oct 12 11:44:30 2008
New Revision: 12301
Log:
add fix from openvz repo
otherwise oopses and locks up on serious net traffic
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/features/all/openvz/openvz.patch
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog (original)
+++ dists/sid/linux-2.6/debian/changelog Sun Oct 12 11:44:30 2008
@@ -1,5 +1,6 @@
linux-2.6 (2.6.26-9) UNRELEASED; urgency=low
+ [ Bastian Blank ]
* Add stable release 2.6.26.6:
- mm owner: fix race between swapoff and exit
- rtc: fix kernel panic on second use of SIGIO nofitication
@@ -73,6 +74,10 @@
- i2c-dev: Return correct error code on class_create() failure
- x86-32: AMD c1e force timer broadcast late
+ [ maximilian attems ]
+ * [openvz] ip: NULL pointer dereferrence in tcp_v(4|6)_send_ack
+ (closes: #500472)
+
-- Bastian Blank <waldi at debian.org> Thu, 09 Oct 2008 15:14:50 +0200
linux-2.6 (2.6.26-8) unstable; urgency=medium
Modified: dists/sid/linux-2.6/debian/patches/features/all/openvz/openvz.patch
==============================================================================
--- dists/sid/linux-2.6/debian/patches/features/all/openvz/openvz.patch (original)
+++ dists/sid/linux-2.6/debian/patches/features/all/openvz/openvz.patch Sun Oct 12 11:44:30 2008
@@ -83821,3 +83821,51 @@
ub_tcpsndbuf_charge_forced(sk, skb);
}
+commit c05b27b57aab530cb3986ea5bba2b876dc6359cd
+Author: Denis V. Lunev <den at openvz.org>
+Date: Tue Sep 30 20:29:11 2008 +0400
+
+ ip: NULL pointer dereferrence in tcp_v(4|6)_send_ack
+
+ The following actions are possible:
+ tcp_v4_rcv
+ skb->dev = NULL;
+ tcp_v4_do_rcv
+ tcp_v4_hnd_req
+ tcp_check_req
+ req->rsk_ops->send_ack == tcp_v4_send_ack
+
+ So, skb->dev can be NULL in tcp_v4_send_ack. We must obtain namespace
+ from dst entry. IPv6 codepath is similar.
+
+ Thanks to Vitaliy Gusev <vgusev at openvz.org> for initial oops decoding.
+
+ Signed-off-by: Denis V. Lunev <den at openvz.org>
+ Signed-off-by: Pavel Emelyanov <xemul at openvz.org>
+
+diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
+index ce9a9cb..d7cddf3 100644
+--- a/net/ipv4/tcp_ipv4.c
++++ b/net/ipv4/tcp_ipv4.c
+@@ -689,7 +689,7 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk,
+ if (twsk)
+ arg.bound_dev_if = twsk->tw_sk.tw_bound_dev_if;
+
+- ip_send_reply(dev_net(skb->dev)->ipv4.tcp_sock, skb,
++ ip_send_reply(dev_net(skb->dst->dev)->ipv4.tcp_sock, skb,
+ &arg, arg.iov[0].iov_len);
+
+ TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
+diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
+index cdc8697..49c9864 100644
+--- a/net/ipv6/tcp_ipv6.c
++++ b/net/ipv6/tcp_ipv6.c
+@@ -1096,7 +1096,7 @@ static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
+ struct tcphdr *th = tcp_hdr(skb), *t1;
+ struct sk_buff *buff;
+ struct flowi fl;
+- struct net *net = dev_net(skb->dev);
++ struct net *net = dev_net(skb->dst->dev);
+ struct sock *ctl_sk = net->ipv6.tcp_sk;
+ unsigned int tot_len = sizeof(struct tcphdr);
+ __be32 *topt;
More information about the Kernel-svn-changes
mailing list