1. 25 3月, 2013 3 次提交
    • H
      bridge: fix crash when set mac address of br interface · 9b46922e
      Hong zhi guo 提交于
      When I tried to set mac address of a bridge interface to a mac
      address which already learned on this bridge, I got system hang.
      
      The cause is straight forward: function br_fdb_change_mac_address
      calls fdb_insert with NULL source nbp. Then an fdb lookup is
      performed. If an fdb entry is found and it's local, it's OK. But
      if it's not local, source is dereferenced for printk without NULL
      check.
      Signed-off-by: NHong Zhiguo <honkiko@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9b46922e
    • C
      8021q: fix a potential use-after-free · 4a7df340
      Cong Wang 提交于
      vlan_vid_del() could possibly free ->vlan_info after a RCU grace
      period, however, we may still refer to the freed memory area
      by 'grp' pointer. Found by code inspection.
      
      This patch moves vlan_vid_del() as behind as possible.
      
      Cc: Patrick McHardy <kaber@trash.net>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: NCong Wang <amwang@redhat.com>
      Acked-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4a7df340
    • E
      net: remove a WARN_ON() in net_enable_timestamp() · 9979a55a
      Eric Dumazet 提交于
      The WARN_ON(in_interrupt()) in net_enable_timestamp() can get false
      positive, in socket clone path, run from softirq context :
      
      [ 3641.624425] WARNING: at net/core/dev.c:1532 net_enable_timestamp+0x7b/0x80()
      [ 3641.668811] Call Trace:
      [ 3641.671254]  <IRQ>  [<ffffffff80286817>] warn_slowpath_common+0x87/0xc0
      [ 3641.677871]  [<ffffffff8028686a>] warn_slowpath_null+0x1a/0x20
      [ 3641.683683]  [<ffffffff80742f8b>] net_enable_timestamp+0x7b/0x80
      [ 3641.689668]  [<ffffffff80732ce5>] sk_clone_lock+0x425/0x450
      [ 3641.695222]  [<ffffffff8078db36>] inet_csk_clone_lock+0x16/0x170
      [ 3641.701213]  [<ffffffff807ae449>] tcp_create_openreq_child+0x29/0x820
      [ 3641.707663]  [<ffffffff807d62e2>] ? ipt_do_table+0x222/0x670
      [ 3641.713354]  [<ffffffff807aaf5b>] tcp_v4_syn_recv_sock+0xab/0x3d0
      [ 3641.719425]  [<ffffffff807af63a>] tcp_check_req+0x3da/0x530
      [ 3641.724979]  [<ffffffff8078b400>] ? inet_hashinfo_init+0x60/0x80
      [ 3641.730964]  [<ffffffff807ade6f>] ? tcp_v4_rcv+0x79f/0xbe0
      [ 3641.736430]  [<ffffffff807ab9bd>] tcp_v4_do_rcv+0x38d/0x4f0
      [ 3641.741985]  [<ffffffff807ae14a>] tcp_v4_rcv+0xa7a/0xbe0
      
      Its safe at this point because the parent socket owns a reference
      on the netstamp_needed, so we cant have a 0 -> 1 transition, which
      requires to lock a mutex.
      
      Instead of refining the check, lets remove it, as all known callers
      are safe. If it ever changes in the future, static_key_slow_inc()
      will complain anyway.
      Reported-by: NLaurent Chavey <chavey@google.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9979a55a
  2. 22 3月, 2013 8 次提交
  3. 21 3月, 2013 27 次提交
  4. 20 3月, 2013 2 次提交
    • D
      Merge branch 'master' of git://1984.lsi.us.es/nf · 90b2621f
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      The following patchset contains 7 Netfilter/IPVS fixes for 3.9-rc, they are:
      
      * Restrict IPv6 stateless NPT targets to the mangle table. Many users are
        complaining that this target does not work in the nat table, which is the
        wrong table for it, from Florian Westphal.
      
      * Fix possible use before initialization in the netns init path of several
        conntrack protocol trackers (introduced recently while improving conntrack
        netns support), from Gao Feng.
      
      * Fix incorrect initialization of copy_range in nfnetlink_queue, spotted
        by Eric Dumazet during the NFWS2013, patch from myself.
      
      * Fix wrong calculation of next SCTP chunk in IPVS, from Julian Anastasov.
      
      * Remove rcu_read_lock section in IPVS while calling ipv4_update_pmtu
        not required anymore after change introduced in 3.7, again from Julian.
      
      * Fix SYN looping in IPVS state sync if the backup is used a real server
        in DR/TUN modes, this required a new /proc entry to disable the director
        function when acting as backup, also from Julian.
      
      * Remove leftover IP_NF_QUEUE Kconfig after ip_queue removal, noted by
        Paul Bolle.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      90b2621f
    • P
      netfilter: remove unused "config IP_NF_QUEUE" · 3dd6664f
      Paul Bolle 提交于
      Kconfig symbol IP_NF_QUEUE is unused since commit
      d16cf20e ("netfilter: remove ip_queue
      support"). Let's remove it too.
      Signed-off-by: NPaul Bolle <pebolle@tiscali.nl>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      3dd6664f