From 811c71de4975edd133af3447a2449bc29d29cc09 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Fri, 23 Nov 2007 15:12:17 -0500 Subject: [PATCH] Import 2.0.38pre1 --- Makefile | 2 +- arch/i386/config.in | 2 +- arch/i386/kernel/head.S | 2 +- include/asm-i386/pgtable.h | 4 ++++ net/ipv4/tcp.c | 2 +- net/ipv4/tcp_input.c | 13 +++++++++++-- 6 files changed, 19 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 9d0963147027..87529f0f05c4 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ VERSION = 2 PATCHLEVEL = 0 -SUBLEVEL = 37 +SUBLEVEL = 38 ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/) diff --git a/arch/i386/config.in b/arch/i386/config.in index 8ccfa0f41983..15294eb2bcfe 100644 --- a/arch/i386/config.in +++ b/arch/i386/config.in @@ -28,7 +28,7 @@ choice 'Memory configuration' \ Custom CONFIG_MEM_SPECIAL" Standard if [ "$CONFIG_MEM_SPECIAL" = "y" ]; then - int ' Max physical memory in MB' CONFIG_MAX_MEMSIZE 1024 + int ' Max physical memory in MB (must be a multiple of 4)' CONFIG_MAX_MEMSIZE 1024 fi if [ "$CONFIG_MEM_ENT" = "y" ]; then define_int CONFIG_MAX_MEMSIZE 2048 diff --git a/arch/i386/kernel/head.S b/arch/i386/kernel/head.S index 6cd3e73062b3..cba3b49af0f0 100644 --- a/arch/i386/kernel/head.S +++ b/arch/i386/kernel/head.S @@ -491,7 +491,7 @@ gdt_descr: #define lower_seg(type,dpl,base,limit) \ (((base) & 0x0000ffff)<<16) | \ - ((limit) & 0x0ffff) + (((limit)>>12) & 0x0ffff) #define x86_seg(type,dpl,base,limit) \ .long lower_seg(type,dpl,base,limit); \ diff --git a/include/asm-i386/pgtable.h b/include/asm-i386/pgtable.h index 1ee83471941f..0a077bb49a3e 100644 --- a/include/asm-i386/pgtable.h +++ b/include/asm-i386/pgtable.h @@ -210,6 +210,10 @@ static inline void flush_tlb_range(struct mm_struct *mm, * pgd entries used up by user/kernel: */ +#if CONFIG_MAX_MEMSIZE & 3 +#error Invalid max physical memory size requested +#endif + #define USER_PGD_PTRS ((unsigned long)__PAGE_OFFSET >> PGDIR_SHIFT) #define KERNEL_PGD_PTRS (PTRS_PER_PGD-USER_PGD_PTRS) #define __USER_PGD_PTRS (__PAGE_OFFSET >> PGDIR_SHIFT) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index ab57b0591a45..a5245004302e 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -1236,7 +1236,7 @@ static int do_tcp_sendmsg(struct sock *sk, * this frame. */ - if (copy <= 0) + if (tcp_size >= sk->mss) { /* * Send the now forced complete frame out. diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 13f8c2376c33..d62149079634 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -1759,7 +1759,14 @@ uninteresting_ack: if(sk->ip_xmit_timeout==TIME_KEEPOPEN) tcp_reset_xmit_timer(sk, TIME_KEEPOPEN, TCP_TIMEOUT_LEN); } - return 1; + + /* + * A zero return from tcp_ack(), while in SYN_RECV, means that the + * handshake has failed, and an RST packet should be generated. We + * really have to generate an RST here, or a blind spoofing attack + * would be possible. + */ + return sk->state != TCP_SYN_RECV; } @@ -2297,6 +2304,7 @@ int tcp_rcv(struct sk_buff *skb, struct device *dev, struct options *opt, struct tcphdr *th; struct sock *sk; __u32 seq; + int was_ack; #ifdef CONFIG_IP_TRANSPARENT_PROXY int r; #endif @@ -2308,6 +2316,7 @@ int tcp_rcv(struct sk_buff *skb, struct device *dev, struct options *opt, * etc). */ th = skb->h.th; + was_ack = th->ack; /* Remember for later when we've freed the skb */ sk = skb->sk; #ifdef CONFIG_RST_COOKIES if (th->rst && secure_tcp_probe_number(saddr,daddr,ntohs(th->source),ntohs(th->dest),ntohl(th->seq),1)) { @@ -2789,7 +2798,7 @@ rfc_step6: * If we had a partial packet being help up due to * application of Nagle's rule we are now free to send it. */ - if (th->ack + if (was_ack && sk->packets_out == 0 && sk->partial != NULL && skb_queue_empty(&sk->write_queue) -- 2.39.5