From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, bunk@kernel.org,
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>,
"David S. Miller" <davem@davemloft.net>
Subject: [38/50] Fix IPV6 append OOPS.
Date: Mon, 24 Sep 2007 09:22:10 -0700 [thread overview]
Message-ID: <20070924162210.GM13510@kroah.com> (raw)
In-Reply-To: <20070924161733.GA13510@kroah.com>
[-- Attachment #1: fix-ipv6-append-oops.patch --]
[-- Type: text/plain, Size: 1580 bytes --]
From: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
commit e1f52208bb968291f7d9142eff60b62984b4a511 in mainline.
[IPv6]: Fix NULL pointer dereference in ip6_flush_pending_frames
Some of skbs in sk->write_queue do not have skb->dst because
we do not fill skb->dst when we allocate new skb in append_data().
BTW, I think we may not need to (or we should not) increment some stats
when using corking; if 100 sendmsg() (with MSG_MORE) result in 2 packets,
how many should we increment?
If 100, we should set skb->dst for every queued skbs.
If 1 (or 2 (*)), we increment the stats for the first queued skb and
we should just skip incrementing OutDiscards for the rest of queued skbs,
adn we should also impelement this semantics in other places;
e.g., we should increment other stats just once, not 100 times.
*: depends on the place we are discarding the datagram.
I guess should just increment by 1 (or 2).
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/ipv6/ip6_output.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1423,8 +1423,9 @@ void ip6_flush_pending_frames(struct soc
struct sk_buff *skb;
while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
- IP6_INC_STATS(ip6_dst_idev(skb->dst),
- IPSTATS_MIB_OUTDISCARDS);
+ if (skb->dst)
+ IP6_INC_STATS(ip6_dst_idev(skb->dst),
+ IPSTATS_MIB_OUTDISCARDS);
kfree_skb(skb);
}
--
next prev parent reply other threads:[~2007-09-24 16:39 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20070924161246.983665021@mini.kroah.org>
2007-09-24 16:17 ` [00/50] 2.6.22-stable review Greg KH
2007-09-24 16:19 ` [01/50] V4L: ivtv: fix VIDIOC_S_FBUF: new OSD values were never set Greg KH
2007-09-24 16:19 ` [02/50] DVB: get_dvb_firmware: update script for new location of sp8870 firmware Greg KH
2007-09-24 16:19 ` [03/50] DVB: get_dvb_firmware: update script for new location of tda10046 firmware Greg KH
2007-09-24 16:19 ` [04/50] DVB: b2c2-flexcop: fix Airstar HD5000 tuning regression Greg KH
2007-09-24 16:20 ` [05/50] setpgid(child) fails if the child was forked by sub-thread Greg KH
2007-09-24 16:20 ` [06/50] sigqueue_free: fix the race with collect_signal() Greg KH
2007-09-24 16:20 ` [07/50] kconfig: oldconfig shall not set symbols if it does not need to Greg KH
2007-09-24 16:20 ` [08/50] MTD: Makefile fix for mtdsuper Greg KH
2007-09-24 16:20 ` [09/50] USB: fix linked list insertion bugfix for usb core Greg KH
2007-09-24 16:20 ` [10/50] ACPI: Validate XSDT, use RSDT if XSDT fails Greg KH
2007-09-24 16:20 ` [11/50] POWERPC: Flush registers to proper task context Greg KH
2007-09-24 16:20 ` [12/50] 3w-9xxx: Fix dma mask setting Greg KH
2007-09-24 16:20 ` [13/50] MTD: Initialise s_flags in get_sb_mtd_aux() Greg KH
2007-09-24 16:20 ` [14/50] JFFS2: fix write deadlock regression Greg KH
2007-09-24 16:20 ` [15/50] V4L: cx88: Avoid a NULL pointer dereference during mpeg_open() Greg KH
2007-09-24 16:20 ` [16/50] hwmon: End of I/O region off-by-one Greg KH
2007-09-24 16:20 ` [17/50] Fix debug regression in video/pwc Greg KH
2007-09-24 16:20 ` [18/50] splice: fix direct splice error handling Greg KH
2007-09-24 16:21 ` [19/50] rpc: fix garbage in printk in svc_tcp_accept() Greg KH
2007-09-24 16:21 ` [20/50] disable sys_timerfd() Greg KH
2007-09-24 16:21 ` [21/50] afs: mntput called before dput Greg KH
2007-09-24 16:21 ` [22/50] Fix DAC960 driver on machines which dont support 64-bit DMA Greg KH
2007-09-24 16:21 ` [23/50] Fix "Fix DAC960 driver on machines which dont support 64-bit DMA" Greg KH
2007-09-24 16:21 ` [24/50] firewire: fw-ohci: ignore failure of pci_set_power_state (fix suspend regression) Greg KH
2007-09-24 16:21 ` [25/50] futex_compat: fix list traversal bugs Greg KH
2007-09-24 16:21 ` [26/50] Leases can be hidden by flocks Greg KH
2007-09-24 16:21 ` [27/50] ext34: ensure do_split leaves enough free space in both blocks Greg KH
2007-09-24 16:21 ` [28/50] nfs: fix oops re sysctls and V4 support Greg KH
2007-09-24 16:21 ` [29/50] dir_index: error out instead of BUG on corrupt dx dirs Greg KH
2007-09-24 16:21 ` [30/50] ieee1394: ohci1394: fix initialization if built non-modular Greg KH
2007-09-24 16:21 ` [31/50] Correctly close old nfsd/lockd sockets Greg KH
2007-09-24 16:21 ` [32/50] Fix race with shared tag queue maps Greg KH
2007-09-24 16:21 ` [33/50] crypto: blkcipher_get_spot() handling of buffer at end of page Greg KH
2007-09-24 16:21 ` [34/50] fix realtek phy id in forcedeth Greg KH
2007-09-24 16:21 ` [35/50] Fix decnet device address listing Greg KH
2007-09-24 16:22 ` [36/50] Fix device address listing for ipv4 Greg KH
2007-09-24 16:22 ` [37/50] Fix inet_diag OOPS Greg KH
2007-09-24 22:03 ` Dan Merillat
2007-09-25 4:03 ` Patrick McHardy
2007-09-24 16:22 ` Greg KH [this message]
2007-09-24 16:22 ` [39/50] Fix IPSEC AH4 options handling Greg KH
2007-09-24 16:22 ` [40/50] Fix ipv6 double-sock-release with MSG_CONFIRM Greg KH
2007-09-24 16:22 ` [41/50] : Fix IPV6 DAD handling Greg KH
2007-09-24 16:22 ` [42/50] Fix ipv6 source address handling Greg KH
2007-09-24 22:05 ` roel
2007-09-24 16:22 ` [43/50] Fix oops in vlan and bridging code Greg KH
2007-09-24 16:22 ` [44/50] Fix tc_ematch kbuild Greg KH
2007-09-24 16:22 ` [45/50] Handle snd_una in tcp_cwnd_down() Greg KH
2007-09-24 16:22 ` [46/50] Fix TCP DSACK cwnd handling Greg KH
2007-09-24 16:22 ` [47/50] Fix datagram recvmsg NULL iov handling regression Greg KH
2007-09-24 16:22 ` [48/50] Fix pktgen src_mac handling Greg KH
2007-09-24 16:22 ` [49/50] Fix sparc64 v100 platform booting Greg KH
2007-09-24 16:22 ` [50/50] bcm43xx: Fix cancellation of work queue crashes Greg KH
2007-09-24 16:31 ` [00/50] 2.6.22-stable review Greg KH
2007-09-24 16:44 ` Chris Wedgwood
2007-09-24 16:46 ` Chris Wedgwood
2007-09-24 17:14 ` Greg KH
2007-09-24 17:13 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070924162210.GM13510@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bunk@kernel.org \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=yoshfuji@linux-ipv6.org \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox