Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=linux-2.6.22.y 2007-11-02T15:44:11+00:00 2007-11-02T15:44:11+00:00 Eric Dumazet dada1@cosmosbay.com 2007-10-10T10:28:33+00:00 urn:sha1:dec0da2c0b439daf394957660e62824987f9b021 changeset 162f6690a65075b49f242d3c8cdb5caaa959a060 in mainline. TCP V4 sequence numbers are 32bits, and RFC 793 assumed a 250 KHz clock. In order to follow network speed increase, we can use a faster clock, but we should limit this clock so that the delay between two rollovers is greater than MSL (TCP Maximum Segment Lifetime : 2 minutes) Choosing a 64 nsec clock should be OK, since the rollovers occur every 274 seconds. Problem spotted by Denys Fedoryshchenko [ This bug was introduced by f85958151900f9d30fa5ff941b0ce71eaa45a7de ] Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2007-08-15T16:25:09+00:00 Matt Mackall mpm@selenic.com 2007-07-16T00:10:14+00:00 urn:sha1:c712842ef701361ed3ee0f50f15797d7369b6628 If root raised the default wakeup threshold over the size of the output pool, the pool transfer function could overflow the stack with RNG bytes, causing a DoS or potential privilege escalation. (Bug reported by the PaX Team <pageexec@freemail.hu>) Cc: Theodore Tso <tytso@mit.edu> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: Matt Mackall <mpm@selenic.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 2007-06-16T20:16:16+00:00 Matt Mackall mpm@selenic.com 2007-06-16T17:16:11+00:00 urn:sha1:679ce0ace6b1a07043bc3b405a34ddccad808886 (As reported by linux@horizon.com) Folding is done to minimize the theoretical possibility of systematic weakness in the particular bits of the SHA1 hash output. The result of this bug is that 16 out of 80 bits are un-folded. Without a major new vulnerability being found in SHA1, this is harmless, but still worth fixing. Signed-off-by: Matt Mackall <mpm@selenic.com> Cc: <linux@horizon.com> Cc: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2007-05-30T03:09:34+00:00 Matt Mackall mpm@selenic.com 2007-05-30T02:58:10+00:00 urn:sha1:7f397dcdb78d699a20d96bfcfb595a2411a5bbd2 Add data from zero-entropy random_writes directly to output pools to avoid accounting difficulties on machines without entropy sources. Tested on lguest with all entropy sources disabled. Signed-off-by: Matt Mackall <mpm@selenic.com> Acked-by: "Theodore Ts'o" <tytso@mit.edu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2007-05-30T03:09:34+00:00 Matt Mackall mpm@selenic.com 2007-05-30T02:54:27+00:00 urn:sha1:602b6aeefe8932dd8bb15014e8fe6bb25d736361 Fix cast error in entropy extraction. Add comments explaining the magic 16. Remove extra confusing loop variable. Signed-off-by: Matt Mackall <mpm@selenic.com> Acked-by: "Theodore Ts'o" <tytso@mit.edu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2007-04-26T05:28:25+00:00 Eric Dumazet dada1@cosmosbay.com 2007-03-28T21:22:33+00:00 urn:sha1:f85958151900f9d30fa5ff941b0ce71eaa45a7de In order to get more randomness for secure_tcpv6_sequence_number(), secure_tcp_sequence_number(), secure_dccp_sequence_number() functions, we can use the high resolution time services, providing nanosec resolution. I've also done two kmalloc()/kzalloc() conversions. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-04-26T05:24:03+00:00 Adrian Bunk bunk@stusta.de 2007-03-08T03:33:52+00:00 urn:sha1:cb69cc52364690d7789940c480b3a9490784b680 This patch removes the following not or no longer used exports: - drivers/char/random.c: secure_tcp_sequence_number - net/dccp/options.c: sysctl_dccp_feat_sequence_window - net/netlink/af_netlink.c: netlink_set_err Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-02-12T17:48:45+00:00 Arjan van de Ven arjan@linux.intel.com 2007-02-12T08:55:32+00:00 urn:sha1:2b8693c0617e972fc0b2fd1ebf8de97e15b656c3 Many struct file_operations in the kernel can be "const". Marking them const moves these to the .rodata section, which avoids false sharing with potential dirty data. In addition it'll catch accidental writes at compile time to these shared resources. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2006-12-10T17:55:41+00:00 Alexey Dobriyan adobriyan@gmail.com 2006-12-10T10:19:10+00:00 urn:sha1:1f29bcd739972f71f2fd5d5d265daf3e1208fa5e Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Andi Kleen <ak@suse.de> Cc: "David S. Miller" <davem@davemloft.net> Cc: David Howells <dhowells@redhat.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 2006-12-08T16:28:44+00:00 Josef Sipek jsipek@fsl.cs.sunysb.edu 2006-12-08T10:36:55+00:00 urn:sha1:a7113a966241b700aecc7b8cb326cecb62e3c4b2 Signed-off-by: Josef Sipek <jsipek@fsl.cs.sunysb.edu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>