rpms/kernel/devel linux-2.6-net-fix-iptables.patch, NONE, 1.1 linux-2.6-net-slab-corruption.patch, NONE, 1.1 kernel-2.6.spec, 1.1873, 1.1874

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Thu Jan 26 16:56:37 UTC 2006 

Author: davej

Update of /cvs/dist/rpms/kernel/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv10924

Modified Files:
	kernel-2.6.spec 
Added Files:
	linux-2.6-net-fix-iptables.patch 
	linux-2.6-net-slab-corruption.patch 
Log Message:
two must-have networking fixes.


linux-2.6-net-fix-iptables.patch:
 x_tables.h |   16 +++++++++++++++-
 1 files changed, 15 insertions(+), 1 deletion(-)

--- NEW FILE linux-2.6-net-fix-iptables.patch ---
[NETFILTER] x_tables: Fix XT_ALIGN() macro on [at least] ppc32

To keep backwards compatibility with old iptables userspace programs,
the new XT_ALIGN macro always has to return the same value as IPT_ALIGN,
IP6T_ALIGN or ARPT_ALIGN in previous kernels.

However, in those kernels the macro was defined in dependency to the
respective layer3 specifi data structures, which we can no longer do with
x_tables.

The fix is an ugly kludge, but it has been tested to solve the problem. Yet
another reason to move away from the current {ip,ip6,arp,eb}tables like
data structures.

Signed-off-by: Harald Welte <laforge at netfilter.org>

---
commit 470faeb379560fe877b685ca69be6a7e4f0e91ed
tree 5732ecd9bcab28469805752514e5c57ba26189a1
parent 44718bbfa186d58477163418d37df173aa2dd079
author Harald Welte <laforge at netfilter.org> Fri, 20 Jan 2006 01:44:24 +0100
committer Harald Welte <laforge at netfilter.org> Fri, 20 Jan 2006 01:44:24 +0100

 include/linux/netfilter/x_tables.h |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 472f048..65f9cd8 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -19,8 +19,22 @@ struct xt_get_revision
 /* For standard target */
 #define XT_RETURN (-NF_REPEAT - 1)
 
-#define XT_ALIGN(s) (((s) + (__alignof__(u_int64_t)-1)) & ~(__alignof__(u_int64_t)-1))
 
+/* this is a dummy structure to find out the alignment requirement for a struct
+ * containing all the fundamental data types that are used in ipt_entry, ip6t_entry
+ * and arpt_entry.  This sucks, and it is a hack.  It will be my personal pleasure
+ * to remove it -HW */
+struct _xt_align
+{
+	u_int8_t u8;
+	u_int16_t u16;
+	u_int32_t u32;
+	u_int64_t u64;
+};
+
+#define XT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) 	\
+			& ~(__alignof__(struct _xt_align)-1))
+ 
 /* Standard return verdict, or do jump. */
 #define XT_STANDARD_TARGET ""
 /* Error verdict. */

linux-2.6-net-slab-corruption.patch:
 skbuff.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

--- NEW FILE linux-2.6-net-slab-corruption.patch ---
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -135,13 +135,15 @@ void skb_under_panic(struct sk_buff *skb
 struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask,
 			    int fclone)
 {
+	kmem_cache_t *cache;
 	struct skb_shared_info *shinfo;
 	struct sk_buff *skb;
 	u8 *data;
 
+	cache = fclone ? skbuff_fclone_cache : skbuff_head_cache;
+
 	/* Get the HEAD */
-	skb = kmem_cache_alloc(fclone ? skbuff_fclone_cache : skbuff_head_cache,
-				gfp_mask & ~__GFP_DMA);
+	skb = kmem_cache_alloc(cache, gfp_mask & ~__GFP_DMA);
 	if (!skb)
 		goto out;
 
@@ -180,7 +182,7 @@ struct sk_buff *__alloc_skb(unsigned int
 out:
 	return skb;
 nodata:
-	kmem_cache_free(skbuff_head_cache, skb);
+	kmem_cache_free(cache, skb);
 	skb = NULL;
 	goto out;
 }


Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/devel/kernel-2.6.spec,v
retrieving revision 1.1873
retrieving revision 1.1874
diff -u -r1.1873 -r1.1874
--- kernel-2.6.spec	26 Jan 2006 16:48:08 -0000	1.1873
+++ kernel-2.6.spec	26 Jan 2006 16:56:35 -0000	1.1874
@@ -353,6 +353,8 @@
 Patch1830: linux-2.6-w1-hush-debug.patch
 Patch1840: linux-2.6-x86-hp-reboot.patch
 Patch1850: linux-2.6-mv643xx-compile-fix.patch
+Patch1860: linux-2.6-net-fix-iptables.patch
+Patch1870: linux-2.6-net-slab-corruption.patch
 
 # Warn about usage of various obsolete functionality that may go away.
 Patch1900: linux-2.6-obsolete-idescsi-warning.patch
@@ -837,6 +839,11 @@
 %patch1840 -p1
 # Fix compilation for MV643xx Ethernet
 %patch1850 -p1
+# Make iptables work again
+%patch1860 -p1
+# Fix netlayer slab corruption
+%patch1870 -p1
+
 # Warn about obsolete functionality usage.
 %patch1900 -p1
 %patch1901 -p1
@@ -1363,6 +1370,8 @@
 %changelog
 * Thu Jan 26 2006 Dave Jones <davej at redhat.com>
 - Fix building of kdump kernels.
+- Fix slab corruption in network layer.
+- Make iptables work again.
 
 * Wed Jan 25 2006 Dave Jones <davej at redhat.com>
 - Disable page allocation debugging again.

More information about the fedora-cvs-commits mailing list