1. 30 Sep, 2008 3 commits
    • Wei Yongjun's avatar
      sctp: Fix kernel panic while process protocol violation parameter · ba016670
      Wei Yongjun authored
      Since call to function sctp_sf_abort_violation() need paramter 'arg' with
      'struct sctp_chunk' type, it will read the chunk type and chunk length from
      the chunk_hdr member of chunk. But call to sctp_sf_violation_paramlen()
      always with 'struct sctp_paramhdr' type's parameter, it will be passed to
      sctp_sf_abort_violation(). This may cause kernel panic.
      
         sctp_sf_violation_paramlen()
           |-- sctp_sf_abort_violation()
              |-- sctp_make_abort_violation()
      
      This patch fixed this problem. This patch also fix two place which called
      sctp_sf_violation_paramlen() with wrong paramter type.
      Signed-off-by: default avatarWei Yongjun <yjwei@cn.fujitsu.com>
      Signed-off-by: default avatarVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ba016670
    • Heiko Carstens's avatar
      iucv: Fix mismerge again. · 8b122efd
      Heiko Carstens authored
      fb65a7c0 ("iucv: Fix bad merging.") fixed
      a merge error, but in a wrong way. We now end up with the bug below.
      This patch corrects the mismerge like it was intended.
      
      BUG: scheduling while atomic: swapper/1/0x00000000
      Modules linked in:
      CPU: 1 Not tainted 2.6.27-rc7-00094-gc0f4d6d4 #9
      Process swapper (pid: 1, task: 000000003fe7d988, ksp: 000000003fe838c0)
      0000000000000000 000000003fe839b8 0000000000000002 0000000000000000
             000000003fe83a58 000000003fe839d0 000000003fe839d0 0000000000390de6
             000000000058acd8 00000000000000d0 000000003fe7dcd8 0000000000000000
             000000000000000c 000000000000000d 0000000000000000 000000003fe83a28
             000000000039c5b8 0000000000015e5e 000000003fe839b8 000000003fe83a00
      Call Trace:
      ([<0000000000015d6a>] show_trace+0xe6/0x134)
       [<0000000000039656>] __schedule_bug+0xa2/0xa8
       [<0000000000391744>] schedule+0x49c/0x910
       [<0000000000391f64>] schedule_timeout+0xc4/0x114
       [<00000000003910d4>] wait_for_common+0xe8/0x1b4
       [<00000000000549ae>] call_usermodehelper_exec+0xa6/0xec
       [<00000000001af7b8>] kobject_uevent_env+0x418/0x438
       [<00000000001d08fc>] bus_add_driver+0x1e4/0x298
       [<00000000001d1ee4>] driver_register+0x90/0x18c
       [<0000000000566848>] netiucv_init+0x168/0x2c8
       [<00000000000120be>] do_one_initcall+0x3e/0x17c
       [<000000000054a31a>] kernel_init+0x1ce/0x248
       [<000000000001a97a>] kernel_thread_starter+0x6/0xc
       [<000000000001a974>] kernel_thread_starter+0x0/0xc
       iucv: NETIUCV driver initialized
      initcall netiucv_init+0x0/0x2c8 returned with preemption imbalance
      Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8b122efd
    • Herbert Xu's avatar
      ipsec: Fix pskb_expand_head corruption in xfrm_state_check_space · d01dbeb6
      Herbert Xu authored
      We're never supposed to shrink the headroom or tailroom.  In fact,
      shrinking the headroom is a fatal action.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d01dbeb6
  2. 29 Sep, 2008 18 commits
  3. 28 Sep, 2008 1 commit
  4. 27 Sep, 2008 13 commits
  5. 26 Sep, 2008 5 commits