1. 20 11月, 2015 7 次提交
  2. 19 11月, 2015 1 次提交
  3. 18 11月, 2015 8 次提交
  4. 17 11月, 2015 7 次提交
  5. 16 11月, 2015 12 次提交
  6. 11 11月, 2015 5 次提交
    • P
      netfilter: nf_tables: add clone interface to expression operations · 086f3321
      Pablo Neira Ayuso 提交于
      With the conversion of the counter expressions to make it percpu, we
      need to clone the percpu memory area, otherwise we crash when using
      counters from flow tables.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      086f3321
    • A
      netfilter: fix xt_TEE and xt_TPROXY dependencies · 74ec4d55
      Arnd Bergmann 提交于
      Kconfig is too smart for its own good: a Kconfig line that states
      
      	select NF_DEFRAG_IPV6 if IP6_NF_IPTABLES
      
      means that if IP6_NF_IPTABLES is set to 'm', then NF_DEFRAG_IPV6 will
      also be set to 'm', regardless of the state of the symbol from which
      it is selected. When the xt_TEE driver is built-in and nothing else
      forces NF_DEFRAG_IPV6 to be built-in, this causes a link-time error:
      
      net/built-in.o: In function `tee_tg6':
      net/netfilter/xt_TEE.c:46: undefined reference to `nf_dup_ipv6'
      
      This works around that behavior by changing the dependency to
      'if IP6_NF_IPTABLES != n', which is interpreted as boolean expression
      rather than a tristate and causes the NF_DEFRAG_IPV6 symbol to
      be built-in as well.
      
      The bug only occurs once in thousands of 'randconfig' builds and
      does not really impact real users. From inspecting the other
      surrounding Kconfig symbols, I am guessing that NETFILTER_XT_TARGET_TPROXY
      and NETFILTER_XT_MATCH_SOCKET have the same issue. If not, this
      change should still be harmless.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      74ec4d55
    • A
      netfilter: nfnetlink_log: work around uninitialized variable warning · c872a2d9
      Arnd Bergmann 提交于
      After a recent (correct) change, gcc started warning about the use
      of the 'flags' variable in nfulnl_recv_config()
      
      net/netfilter/nfnetlink_log.c: In function 'nfulnl_recv_config':
      net/netfilter/nfnetlink_log.c:320:14: warning: 'flags' may be used uninitialized in this function [-Wmaybe-uninitialized]
      net/netfilter/nfnetlink_log.c:828:6: note: 'flags' was declared here
      
      The warning first shows up in ARM s3c2410_defconfig with gcc-4.3 or
      higher (including 5.2.1, which is the latest version I checked) I
      tried working around it by rearranging the code but had no success
      with that.
      
      As a last resort, this initializes the variable to zero, which shuts
      up the warning, but means that we don't get a warning if the code
      is ever changed in a way that actually causes the variable to be
      used without first being written.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Fixes: 8cbc8708 ("netfilter: nfnetlink_log: validate dependencies to avoid breaking atomicity")
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      c872a2d9
    • J
      svcrpc: document lack of some memory barriers · 0442f14b
      J. Bruce Fields 提交于
      We're missing memory barriers in net/sunrpc/svcsock.c in some spots we'd
      expect them.  But it doesn't appear they're necessary in our case, and
      this is likely a hot path--for now just document the odd behavior.
      
      Kosuke Tatsukawa found this issue while looking through the linux source
      code for places calling waitqueue_active() before wake_up*(), but
      without preceding memory barriers, after sending a patch to fix a
      similar issue in drivers/tty/n_tty.c  (Details about the original issue
      can be found here: https://lkml.org/lkml/2015/9/28/849).
      Reported-by: NKosuke Tatsukawa <tatsu@ab.jp.nec.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      0442f14b
    • V
      Revert "bridge: Allow forward delay to be cfgd when STP enabled" · 8a921265
      Vlad Yasevich 提交于
      This reverts commit 34c2d9fb.
      
      There are 2 reasons for this revert:
       1)  The commit in question doesn't do what it says it does.  The
           description reads: "Allow bridge forward delay to be configured
           when Spanning Tree is enabled."  This was already the case before
           the commit was made.  What the commit actually do was disallow
           invalid values or 'forward_delay' when STP was turned off.
      
       2)  The above change was actually a change in the user observed
           behavior and broke things like libvirt and other network configs
           that set 'forward_delay' to 0 without enabling STP.  The value
           of 0 is actually used when STP is turned off to immediately mark
           the bridge as forwarding.
      Signed-off-by: NVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8a921265