Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[IPV6] fix ipv6_getsockopt_sticky copy_to_user leak
[IPV6]: Fix for ipv6_setsockopt NULL dereference
[DCCP]: Initialise write_xmit_timer also on passive sockets
[IPV4]: Fix rtm_to_ifaddr() error handling.
+1
net/dccp/dccp.h
+1
net/dccp/dccp.h
···
191
191
const enum dccp_pkt_type pkt_type);
192
192
193
193
extern void dccp_write_xmit(struct sock *sk, int block);
194
+
extern void dccp_write_xmit_timer(unsigned long data);
194
195
extern void dccp_write_space(struct sock *sk);
195
196
196
197
extern void dccp_init_xmit_timers(struct sock *sk);
-16
net/dccp/output.c
-16
net/dccp/output.c
···
213
213
goto out;
214
214
}
215
215
216
-
static void dccp_write_xmit_timer(unsigned long data) {
217
-
struct sock *sk = (struct sock *)data;
218
-
struct dccp_sock *dp = dccp_sk(sk);
219
-
220
-
bh_lock_sock(sk);
221
-
if (sock_owned_by_user(sk))
222
-
sk_reset_timer(sk, &dp->dccps_xmit_timer, jiffies+1);
223
-
else
224
-
dccp_write_xmit(sk, 0);
225
-
bh_unlock_sock(sk);
226
-
sock_put(sk);
227
-
}
228
-
229
216
void dccp_write_xmit(struct sock *sk, int block)
230
217
{
231
218
struct dccp_sock *dp = dccp_sk(sk);
···
421
434
dp->dccps_gar = dp->dccps_iss;
422
435
423
436
icsk->icsk_retransmits = 0;
424
-
init_timer(&dp->dccps_xmit_timer);
425
-
dp->dccps_xmit_timer.data = (unsigned long)sk;
426
-
dp->dccps_xmit_timer.function = dccp_write_xmit_timer;
427
437
}
428
438
429
439
int dccp_connect(struct sock *sk)
+25
net/dccp/timer.c
+25
net/dccp/timer.c
···
261
261
sock_put(sk);
262
262
}
263
263
264
+
/* Transmit-delay timer: used by the CCIDs to delay actual send time */
265
+
void dccp_write_xmit_timer(unsigned long data)
266
+
{
267
+
struct sock *sk = (struct sock *)data;
268
+
struct dccp_sock *dp = dccp_sk(sk);
269
+
270
+
bh_lock_sock(sk);
271
+
if (sock_owned_by_user(sk))
272
+
sk_reset_timer(sk, &dp->dccps_xmit_timer, jiffies+1);
273
+
else
274
+
dccp_write_xmit(sk, 0);
275
+
bh_unlock_sock(sk);
276
+
sock_put(sk);
277
+
}
278
+
279
+
static void dccp_init_write_xmit_timer(struct sock *sk)
280
+
{
281
+
struct dccp_sock *dp = dccp_sk(sk);
282
+
283
+
init_timer(&dp->dccps_xmit_timer);
284
+
dp->dccps_xmit_timer.data = (unsigned long)sk;
285
+
dp->dccps_xmit_timer.function = dccp_write_xmit_timer;
286
+
}
287
+
264
288
void dccp_init_xmit_timers(struct sock *sk)
265
289
{
290
+
dccp_init_write_xmit_timer(sk);
266
291
inet_csk_init_xmit_timers(sk, &dccp_write_timer, &dccp_delack_timer,
267
292
&dccp_keepalive_timer);
268
293
}
+3
-1
net/ipv4/devinet.c
+3
-1
net/ipv4/devinet.c
···
502
502
goto errout;
503
503
504
504
ifm = nlmsg_data(nlh);
505
-
if (ifm->ifa_prefixlen > 32 || tb[IFA_LOCAL] == NULL)
505
+
if (ifm->ifa_prefixlen > 32 || tb[IFA_LOCAL] == NULL) {
506
+
err = -EINVAL;
506
507
goto errout;
508
+
}
507
509
508
510
dev = __dev_get_by_index(ifm->ifa_index);
509
511
if (dev == NULL) {
+2
-2
net/ipv6/ipv6_sockglue.c
+2
-2
net/ipv6/ipv6_sockglue.c
···
413
413
}
414
414
415
415
/* routing header option needs extra check */
416
-
if (optname == IPV6_RTHDR && opt->srcrt) {
416
+
if (optname == IPV6_RTHDR && opt && opt->srcrt) {
417
417
struct ipv6_rt_hdr *rthdr = opt->srcrt;
418
418
switch (rthdr->type) {
419
419
case IPV6_SRCRT_TYPE_0:
···
804
804
return 0;
805
805
hdr = opt->hopopt;
806
806
807
-
len = min_t(int, len, ipv6_optlen(hdr));
807
+
len = min_t(unsigned int, len, ipv6_optlen(hdr));
808
808
if (copy_to_user(optval, hdr, ipv6_optlen(hdr)))
809
809
return -EFAULT;
810
810
return len;