[NET]: Fix socket bitop damage

The socket flag cleanups that went into 2.6.12-rc1 are basically oring
the flags of an old socket into the socket just being created.
Unfortunately that one was just initialized by sock_init_data(), so already
has SOCK_ZAPPED set.  As the result zapped sockets are created and all
incoming connection will fail due to this bug which again was carefully
replicated to at least AX.25, NET/ROM or ROSE.

In order to keep the abstraction alive I've introduced sock_copy_flags()
to copy the socket flags from one sockets to another and used that
instead of the bitwise copy thing.  Anyway, the idea here has probably
been to copy all flags, so sock_copy_flags() should be the right thing.
With this the ham radio protocols are usable again, so I hope this will
make it into 2.6.13.

Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/sock.h b/include/net/sock.h
index a1042d08becd538c4bb330d32ee64cd550ca2f39..e9b1dbab90d007fec58e666d98205c1b8ca6a114 100644 (file)
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -384,6 +384,11 @@ enum sock_flags {
        SOCK_QUEUE_SHRUNK, /* write queue has been shrunk recently */
 };
 
+static inline void sock_copy_flags(struct sock *nsk, struct sock *osk)
+{
+       nsk->sk_flags = osk->sk_flags;
+}
+
 static inline void sock_set_flag(struct sock *sk, enum sock_flags flag)
 {
        __set_bit(flag, &sk->sk_flags);

diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 707097deac3deb4957741204c7944e01521f3c0f..7d8ecadba668bbcdb2b9aca64b5bfdf71b61d911 100644 (file)
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -875,12 +875,7 @@ struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
        sk->sk_sndbuf   = osk->sk_sndbuf;
        sk->sk_state    = TCP_ESTABLISHED;
        sk->sk_sleep    = osk->sk_sleep;
-
-       if (sock_flag(osk, SOCK_DBG))
-               sock_set_flag(sk, SOCK_DBG);
-
-       if (sock_flag(osk, SOCK_ZAPPED))
-               sock_set_flag(sk, SOCK_ZAPPED);
+       sock_copy_flags(sk, osk);
 
        oax25 = ax25_sk(osk);
 

diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 31ed4a9a1d066c0cdef1c3e5b6371fa3678037d4..5385835e92678ef34e8ff8fb4f237a710975a890 100644 (file)
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -459,12 +459,7 @@ static struct sock *nr_make_new(struct sock *osk)
        sk->sk_sndbuf   = osk->sk_sndbuf;
        sk->sk_state    = TCP_ESTABLISHED;
        sk->sk_sleep    = osk->sk_sleep;
-
-       if (sock_flag(osk, SOCK_ZAPPED))
-               sock_set_flag(sk, SOCK_ZAPPED);
-
-       if (sock_flag(osk, SOCK_DBG))
-               sock_set_flag(sk, SOCK_DBG);
+       sock_copy_flags(sk, osk);
 
        skb_queue_head_init(&nr->ack_queue);
        skb_queue_head_init(&nr->reseq_queue);

diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 7eb6a5bf93ea1961bc0c35e70843a646c106596f..3fe7e562125a0fc64951ee67525ecd5d229b597e 100644 (file)
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -556,12 +556,7 @@ static struct sock *rose_make_new(struct sock *osk)
        sk->sk_sndbuf   = osk->sk_sndbuf;
        sk->sk_state    = TCP_ESTABLISHED;
        sk->sk_sleep    = osk->sk_sleep;
-
-       if (sock_flag(osk, SOCK_ZAPPED))
-               sock_set_flag(sk, SOCK_ZAPPED);
-
-       if (sock_flag(osk, SOCK_DBG))
-               sock_set_flag(sk, SOCK_DBG);
+       sock_copy_flags(sk, osk);
 
        init_timer(&rose->timer);
        init_timer(&rose->idletimer);