Bug#500472: maybe patch

2008-10-05 Thread Alexandre Rossi 
tag 500472 patch
thanks

My box has been running with this patch applied for a while now, and I
cannot reproduce, so I'd say this fixes the issue for me.

For the record, those fixes went into 2.6.27 :
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4dd7972d1204c3851a4092cecd2207e05eb29b09
and
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2a5b82751f73a0bf6f604ce56d34adba6da1b246

Cheers,

Alex



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Processed: Re: Bug#500472: maybe patch

2008-10-05 Thread Debian Bug Tracking System 
Processing commands for [EMAIL PROTECTED]:

> tag 500472 patch
Bug#500472: linux-image-2.6.26-1-openvz-amd64: NULL pointer dereference in 
tcp_v4_send_ack
Tags were: fixed-upstream patch
Bug#500963: [linux-image-2.6.26-1-openvz-686] reproducible panic while using 
network intensively
Tags added: patch

> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#500472: maybe patch

2008-09-30 Thread Alexandre Rossi 
>> Subject: Bug#500472: linux-image-2.6.26-1-openvz-amd64: NULL pointer
>> dereference in tcp_v4_send_ack
>
> Thanks! It is a mainstream bug. Fixed patch was sent to [EMAIL PROTECTED]

The patch is there : http://www.spinics.net/lists/netdev/msg76471.html

But it does not apply to 2.6.26 so I tried to backport it. Here is
what I could come up with (clearly not understanding what I was doing,
and taking into account the fact that a follow-up says ipv6 codepath
is similar) :

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index ffe869a..fffc708 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -687,7 +687,7 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk,
if (twsk)
arg.bound_dev_if = twsk->tw_sk.tw_bound_dev_if;

-   ip_send_reply(dev_net(skb->dev)->ipv4.tcp_sock, skb,
+   ip_send_reply(dev_net(skb->dst->dev)->ipv4.tcp_sock, skb,
  &arg, arg.iov[0].iov_len);

TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 40ea9c3..6d8e350 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1094,7 +1094,7 @@ static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
struct tcphdr *th = tcp_hdr(skb), *t1;
struct sk_buff *buff;
struct flowi fl;
-   struct net *net = dev_net(skb->dev);
+   struct net *net = dev_net(skb->dst->dev);
struct sock *ctl_sk = net->ipv6.tcp_sk;
unsigned int tot_len = sizeof(struct tcphdr);
__be32 *topt;



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]