releases/2.6.20.2/tcp-fix-minisock-tcp_create_openreq_child-typo.patch - pub/scm/linux/kernel/git/warthog9/stable-queue - Git at Google

 From stable-bounces@linux.kernel.org  Wed Feb 28 11:31:59 2007
 Date: Wed, 28 Feb 2007 11:29:33 -0800 (PST)
 Message-Id: <20070228.112933.41634877.davem@davemloft.net>
 To: stable@kernel.org
 From: David Miller <davem@davemloft.net>
 Cc: bunk@stusta.de
 Subject: TCP: Fix minisock tcp_create_openreq_child() typo.

 From: Arnaldo Carvalho de Melo <acme@redhat.com>

 On 2/28/07, KOVACS Krisztian <hidden@balabit.hu> wrote:
 >
 >   Hi,
 >
 >   While reading TCP minisock code I've found this suspiciously looking
 > code fragment:
 >
 > - 8< -
 > struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req, struct sk_buff *skb)
 > {
 >         struct sock *newsk = inet_csk_clone(sk, req, GFP_ATOMIC);
 >
 >         if (newsk != NULL) {
 >                 const struct inet_request_sock *ireq = inet_rsk(req);
 >                 struct tcp_request_sock *treq = tcp_rsk(req);
 >                 struct inet_connection_sock *newicsk = inet_csk(sk);
 >                 struct tcp_sock *newtp;
 > - 8< -
 >
 >   The above code initializes newicsk to inet_csk(sk), isn't that supposed
 > to be inet_csk(newsk)?  As far as I can tell this might leave
 > icsk_ack.last_seg_size zero even if we do have received data.

 Good catch!

 David, please apply the attached patch.

 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 Signed-off-by: Chris Wright <chrisw@sous-sol.org>

 ---
  net/ipv4/tcp_minisocks.c |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 --- linux-2.6.20.1.orig/net/ipv4/tcp_minisocks.c
 +++ linux-2.6.20.1/net/ipv4/tcp_minisocks.c
 @@ -381,7 +381,7 @@ struct sock *tcp_create_openreq_child(st
  	if (newsk != NULL) {
  		const struct inet_request_sock *ireq = inet_rsk(req);
  		struct tcp_request_sock *treq = tcp_rsk(req);
 -		struct inet_connection_sock *newicsk = inet_csk(sk);
 +		struct inet_connection_sock *newicsk = inet_csk(newsk);
  		struct tcp_sock *newtp;

  		/* Now setup tcp_sock */
	From stable-bounces@linux.kernel.org Wed Feb 28 11:31:59 2007
	Date: Wed, 28 Feb 2007 11:29:33 -0800 (PST)
	Message-Id: <20070228.112933.41634877.davem@davemloft.net>
	To: stable@kernel.org
	From: David Miller <davem@davemloft.net>
	Cc: bunk@stusta.de
	Subject: TCP: Fix minisock tcp_create_openreq_child() typo.

	From: Arnaldo Carvalho de Melo <acme@redhat.com>

	On 2/28/07, KOVACS Krisztian <hidden@balabit.hu> wrote:
	>
	> Hi,
	>
	> While reading TCP minisock code I've found this suspiciously looking
	> code fragment:
	>
	> - 8< -
	> struct sock tcp_create_openreq_child(struct sock sk, struct request_sock req, struct sk_buff skb)
	> {
	> struct sock *newsk = inet_csk_clone(sk, req, GFP_ATOMIC);
	>
	> if (newsk != NULL) {
	> const struct inet_request_sock *ireq = inet_rsk(req);
	> struct tcp_request_sock *treq = tcp_rsk(req);
	> struct inet_connection_sock *newicsk = inet_csk(sk);
	> struct tcp_sock *newtp;
	> - 8< -
	>
	> The above code initializes newicsk to inet_csk(sk), isn't that supposed
	> to be inet_csk(newsk)? As far as I can tell this might leave
	> icsk_ack.last_seg_size zero even if we do have received data.

	Good catch!

	David, please apply the attached patch.

	Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
	Signed-off-by: David S. Miller <davem@davemloft.net>
	Signed-off-by: Chris Wright <chrisw@sous-sol.org>

	---
	net/ipv4/tcp_minisocks.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	--- linux-2.6.20.1.orig/net/ipv4/tcp_minisocks.c
	+++ linux-2.6.20.1/net/ipv4/tcp_minisocks.c
	@@ -381,7 +381,7 @@ struct sock *tcp_create_openreq_child(st
	if (newsk != NULL) {
	const struct inet_request_sock *ireq = inet_rsk(req);
	struct tcp_request_sock *treq = tcp_rsk(req);
	- struct inet_connection_sock *newicsk = inet_csk(sk);
	+ struct inet_connection_sock *newicsk = inet_csk(newsk);
	struct tcp_sock *newtp;

	/* Now setup tcp_sock */