linux-toradex.git/net, branch v2.6.19.2 Linux kernel for Apalis and Colibri modules [PATCH] NetLabel: correctly fill in unused CIPSOv4 level and category mappings 2007-01-10T19:05:23+00:00 Paul Moore paul.moore@hp.com 2006-12-18T18:07:29+00:00 ddf14e7a76a071c034aaeb71ed6aab4084c9bf7c Back when the original NetLabel patches were being changed to use Netlink attributes correctly some code was accidentially dropped which set all of the undefined CIPSOv4 level and category mappings to a sentinel value. The result is the mappings data in the kernel contains bogus mappings which always map to zero. Having level and category mappings that map to zero could result in the kernel assigning incorrect security attributes to packets. This patch restores the old/correct behavior by initializing the mapping data to the correct sentinel value. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
Back when the original NetLabel patches were being changed to use Netlink
attributes correctly some code was accidentially dropped which set all of the
undefined CIPSOv4 level and category mappings to a sentinel value.  The result
is the mappings data in the kernel contains bogus mappings which always map to
zero.  Having level and category mappings that map to zero could result in the
kernel assigning incorrect security attributes to packets.

This patch restores the old/correct behavior by initializing the mapping
data to the correct sentinel value.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] IPV4/IPV6: Fix inet{,6} device initialization order. 2007-01-10T19:05:23+00:00 David L Stevens dlstevens@us.ibm.com 2007-01-05T01:07:34+00:00 edfe21a29b1dca9ce5a938317868066d2e21c385 It is important that we only assign dev->ip{,6}_ptr only after all portions of the inet{,6} are setup. Otherwise we can receive packets before the multicast spinlocks et al. are initialized. Signed-off-by: David L Stevens <dlstevens@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
It is important that we only assign dev->ip{,6}_ptr
only after all portions of the inet{,6} are setup.

Otherwise we can receive packets before the multicast
spinlocks et al. are initialized.

Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] ebtables: don't compute gap before checking struct type 2007-01-10T19:05:22+00:00 Chuck Ebbert 76306.1226@compuserve.com 2007-01-04T07:59:56+00:00 ff6173b1de40f8b0341c18a8e12414a59bcf7f52 We cannot compute the gap until we know we have a 'struct ebt_entry' and not 'struct ebt_entries'. Failure to check can cause crash. Tested-by: Santiago Garcia Mantinan <manty@manty.net> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
We cannot compute the gap until we know we have a 'struct ebt_entry'
and not 'struct ebt_entries'.  Failure to check can cause crash.

Tested-by: Santiago Garcia Mantinan <manty@manty.net>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] PKTGEN: Fix module load/unload races. 2007-01-10T19:05:21+00:00 Robert Olsson Robert.Olsson@data.slu.se 2007-01-02T05:04:19+00:00 681f19c638245198eeefc861b10d9b83c313ac26 Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] softmac: Fixed handling of deassociation from AP 2007-01-10T19:05:20+00:00 Ulrich Kunitz kune@deine-taler.de 2006-12-30T21:18:14+00:00 39e06a69f7e3a16415c7e53bad1d7fa9257baaa1 In 2.6.19 a deauthentication from the AP doesn't start a reassociation by the softmac code. It appears that mac->associnfo.associating must be set and the ieee80211softmac_assoc_work function must be scheduled. This patch fixes that. Signed-off-by: Ulrich Kunitz <kune@deine-taler.de> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
In 2.6.19 a deauthentication from the AP doesn't start a
reassociation by the softmac code. It appears that
mac->associnfo.associating must be set and the
ieee80211softmac_assoc_work function must be scheduled. This patch
fixes that.

Signed-off-by: Ulrich Kunitz <kune@deine-taler.de>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] UDP: Fix reversed logic in udp_get_port() 2007-01-10T19:05:20+00:00 David Miller davem@davemloft.net 2006-12-22T19:56:21+00:00 3629bc276335cfc6650c6b7119ea8b1e2518ec6c When this code was converted to use sk_for_each() the logic for the "best hash chain length" code was reversed, breaking everything. The original code was of the form: size = 0; do { if (++size >= best_size_so_far) goto next; } while ((sk = sk->next) != NULL); best_size_so_far = size; best = result; next:; and this got converted into: sk_for_each(sk2, node, head) if (++size < best_size_so_far) { best_size_so_far = size; best = result; } Which does something very very different from the original. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
When this code was converted to use sk_for_each() the
logic for the "best hash chain length" code was reversed,
breaking everything.

The original code was of the form:

			size = 0;
			do {
				if (++size >= best_size_so_far)
					goto next;
			} while ((sk = sk->next) != NULL);
			best_size_so_far = size;
			best = result;
		next:;

and this got converted into:

			sk_for_each(sk2, node, head)
				if (++size < best_size_so_far) {
					best_size_so_far = size;
					best = result;
				}

Which does something very very different from the original.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] Bluetooth: Add packet size checks for CAPI messages (CVE-2006-6106) 2007-01-10T19:05:19+00:00 Marcel Holtmann marcel@holtmann.org 2006-12-11T14:18:24+00:00 d4ea7f9f5554d94dcb8a630f470c724d05e8f112 With malformed packets it might be possible to overwrite internal CMTP and CAPI data structures. This patch adds additional length checks to prevent these kinds of remote attacks. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
With malformed packets it might be possible to overwrite internal
CMTP and CAPI data structures. This patch adds additional length
checks to prevent these kinds of remote attacks.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] ieee80211softmac: Fix mutex_lock at exit of ieee80211_softmac_get_genie 2007-01-10T19:05:17+00:00 Ulrich Kunitz kune@deine-taler.de 2006-12-10T17:39:28+00:00 4ad328ffdcf3d014ff98ff75afcf457387c8bd56 ieee80211softmac_wx_get_genie locks the associnfo mutex at function exit. This patch fixes it. The patch is against Linus' tree (commit af1713e0). Signed-off-by: Ulrich Kunitz <kune@deine-taler.de> Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
ieee80211softmac_wx_get_genie locks the associnfo mutex at
function exit. This patch fixes it. The patch is against Linus'
tree (commit af1713e0).

Signed-off-by: Ulrich Kunitz <kune@deine-taler.de>
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] IrDA: Incorrect TTP header reservation 2006-12-11T19:32:39+00:00 Jeet Chaudhuri jeetlinux@yahoo.co.in 2006-12-07T23:32:22+00:00 d58808bcc7cb732a4f62af1105d46757d3167e57 We must reserve SAR + MAX_HEADER bytes for IrLMP to fit in. This fixes an oops reported (and fixed) by Jeet Chaudhuri, when max_sdu_size is greater than 0. Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
We must reserve SAR + MAX_HEADER bytes for IrLMP to fit in.
This fixes an oops reported (and fixed) by Jeet Chaudhuri, when max_sdu_size
is greater than 0.

Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] IPSEC: Fix inetpeer leak in ipv4 xfrm dst entries. 2006-12-11T19:32:39+00:00 David Miller davem@davemloft.net 2006-12-07T08:40:36+00:00 5bcd4af5fcd996bdd309bf506a60c6217810b1c6 We grab a reference to the route's inetpeer entry but forget to release it in xfrm4_dst_destroy(). Bug discovered by Kazunori MIYAZAWA <kazunori@miyazawa.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org> 
We grab a reference to the route's inetpeer entry but
forget to release it in xfrm4_dst_destroy().

Bug discovered by Kazunori MIYAZAWA <kazunori@miyazawa.org>

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>