1. 10 1月, 2012 22 次提交
  2. 24 12月, 2011 9 次提交
  3. 23 12月, 2011 9 次提交
    • F
      netfilter: xt_connbytes: handle negation correctly · 0354b48f
      Florian Westphal 提交于
      "! --connbytes 23:42" should match if the packet/byte count is not in range.
      
      As there is no explict "invert match" toggle in the match structure,
      userspace swaps the from and to arguments
      (i.e., as if "--connbytes 42:23" were given).
      
      However, "what <= 23 && what >= 42" will always be false.
      
      Change things so we use "||" in case "from" is larger than "to".
      
      This change may look like it breaks backwards compatibility when "to" is 0.
      However, older iptables binaries will refuse "connbytes 42:0",
      and current releases treat it to mean "! --connbytes 0:42",
      so we should be fine.
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      0354b48f
    • A
      Btrfs: call d_instantiate after all ops are setup · 08c422c2
      Al Viro 提交于
      This closes races where btrfs is calling d_instantiate too soon during
      inode creation.  All of the callers of btrfs_add_nondir are updated to
      instantiate after the inode is fully setup in memory.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NChris Mason <chris.mason@oracle.com>
      08c422c2
    • C
      Btrfs: fix worker lock misuse in find_worker · 8d532b2a
      Chris Mason 提交于
      Dan Carpenter noticed that we were doing a double unlock on the worker
      lock, and sometimes picking a worker thread without the lock held.
      
      This fixes both errors.
      Signed-off-by: NChris Mason <chris.mason@oracle.com>
      Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
      8d532b2a
    • E
      net: relax rcvbuf limits · 0fd7bac6
      Eric Dumazet 提交于
      skb->truesize might be big even for a small packet.
      
      Its even bigger after commit 87fb4b7b (net: more accurate skb
      truesize) and big MTU.
      
      We should allow queueing at least one packet per receiver, even with a
      low RCVBUF setting.
      Reported-by: NMichal Simek <monstr@monstr.eu>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0fd7bac6
    • X
      rps: fix insufficient bounds checking in store_rps_dev_flow_table_cnt() · a0a129f8
      Xi Wang 提交于
      Setting a large rps_flow_cnt like (1 << 30) on 32-bit platform will
      cause a kernel oops due to insufficient bounds checking.
      
      	if (count > 1<<30) {
      		/* Enforce a limit to prevent overflow */
      		return -EINVAL;
      	}
      	count = roundup_pow_of_two(count);
      	table = vmalloc(RPS_DEV_FLOW_TABLE_SIZE(count));
      
      Note that the macro RPS_DEV_FLOW_TABLE_SIZE(count) is defined as:
      
      	... + (count * sizeof(struct rps_dev_flow))
      
      where sizeof(struct rps_dev_flow) is 8.  (1 << 30) * 8 will overflow
      32 bits.
      
      This patch replaces the magic number (1 << 30) with a symbolic bound.
      Suggested-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NXi Wang <xi.wang@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a0a129f8
    • E
      net: introduce DST_NOPEER dst flag · e688a604
      Eric Dumazet 提交于
      Chris Boot reported crashes occurring in ipv6_select_ident().
      
      [  461.457562] RIP: 0010:[<ffffffff812dde61>]  [<ffffffff812dde61>]
      ipv6_select_ident+0x31/0xa7
      
      [  461.578229] Call Trace:
      [  461.580742] <IRQ>
      [  461.582870]  [<ffffffff812efa7f>] ? udp6_ufo_fragment+0x124/0x1a2
      [  461.589054]  [<ffffffff812dbfe0>] ? ipv6_gso_segment+0xc0/0x155
      [  461.595140]  [<ffffffff812700c6>] ? skb_gso_segment+0x208/0x28b
      [  461.601198]  [<ffffffffa03f236b>] ? ipv6_confirm+0x146/0x15e
      [nf_conntrack_ipv6]
      [  461.608786]  [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77
      [  461.614227]  [<ffffffff81271d64>] ? dev_hard_start_xmit+0x357/0x543
      [  461.620659]  [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111
      [  461.626440]  [<ffffffffa0379745>] ? br_parse_ip_options+0x19a/0x19a
      [bridge]
      [  461.633581]  [<ffffffff812722ff>] ? dev_queue_xmit+0x3af/0x459
      [  461.639577]  [<ffffffffa03747d2>] ? br_dev_queue_push_xmit+0x72/0x76
      [bridge]
      [  461.646887]  [<ffffffffa03791e3>] ? br_nf_post_routing+0x17d/0x18f
      [bridge]
      [  461.653997]  [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77
      [  461.659473]  [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge]
      [  461.665485]  [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111
      [  461.671234]  [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge]
      [  461.677299]  [<ffffffffa0379215>] ?
      nf_bridge_update_protocol+0x20/0x20 [bridge]
      [  461.684891]  [<ffffffffa03bb0e5>] ? nf_ct_zone+0xa/0x17 [nf_conntrack]
      [  461.691520]  [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge]
      [  461.697572]  [<ffffffffa0374812>] ? NF_HOOK.constprop.8+0x3c/0x56
      [bridge]
      [  461.704616]  [<ffffffffa0379031>] ?
      nf_bridge_push_encap_header+0x1c/0x26 [bridge]
      [  461.712329]  [<ffffffffa037929f>] ? br_nf_forward_finish+0x8a/0x95
      [bridge]
      [  461.719490]  [<ffffffffa037900a>] ?
      nf_bridge_pull_encap_header+0x1c/0x27 [bridge]
      [  461.727223]  [<ffffffffa0379974>] ? br_nf_forward_ip+0x1c0/0x1d4 [bridge]
      [  461.734292]  [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77
      [  461.739758]  [<ffffffffa03748cc>] ? __br_deliver+0xa0/0xa0 [bridge]
      [  461.746203]  [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111
      [  461.751950]  [<ffffffffa03748cc>] ? __br_deliver+0xa0/0xa0 [bridge]
      [  461.758378]  [<ffffffffa037533a>] ? NF_HOOK.constprop.4+0x56/0x56
      [bridge]
      
      This is caused by bridge netfilter special dst_entry (fake_rtable), a
      special shared entry, where attaching an inetpeer makes no sense.
      
      Problem is present since commit 87c48fa3 (ipv6: make fragment
      identifications less predictable)
      
      Introduce DST_NOPEER dst flag and make sure ipv6_select_ident() and
      __ip_select_ident() fallback to the 'no peer attached' handling.
      Reported-by: NChris Boot <bootc@bootc.net>
      Tested-by: NChris Boot <bootc@bootc.net>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e688a604
    • T
      mqprio: Avoid panic if no options are provided · 7838f2ce
      Thomas Graf 提交于
      Userspace may not provide TCA_OPTIONS, in fact tc currently does
      so not do so if no arguments are specified on the command line.
      Return EINVAL instead of panicing.
      Signed-off-by: NThomas Graf <tgraf@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7838f2ce
    • E
      bridge: provide a mtu() method for fake_dst_ops · a13861a2
      Eric Dumazet 提交于
      Commit 618f9bc7 (net: Move mtu handling down to the protocol
      depended handlers) forgot the bridge netfilter case, adding a NULL
      dereference in ip_fragment().
      Reported-by: NChris Boot <bootc@bootc.net>
      CC: Steffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Acked-by: NSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a13861a2
    • L
      Merge branch 'for-linus' of git://neil.brown.name/md · ad1fca20
      Linus Torvalds 提交于
      * 'for-linus' of git://neil.brown.name/md:
        md/bitmap: It is OK to clear bits during recovery.
        md: don't give up looking for spares on first failure-to-add
        md/raid5: ensure correct assessment of drives during degraded reshape.
        md/linear: fix hot-add of devices to linear arrays.
      ad1fca20