1. 04 1月, 2012 3 次提交
  2. 31 12月, 2011 2 次提交
  3. 28 12月, 2011 1 次提交
  4. 25 12月, 2011 3 次提交
  5. 23 12月, 2011 7 次提交
    • F
      netfilter: xt_connbytes: handle negation correctly · 0354b48f
      Florian Westphal 提交于
      "! --connbytes 23:42" should match if the packet/byte count is not in range.
      
      As there is no explict "invert match" toggle in the match structure,
      userspace swaps the from and to arguments
      (i.e., as if "--connbytes 42:23" were given).
      
      However, "what <= 23 && what >= 42" will always be false.
      
      Change things so we use "||" in case "from" is larger than "to".
      
      This change may look like it breaks backwards compatibility when "to" is 0.
      However, older iptables binaries will refuse "connbytes 42:0",
      and current releases treat it to mean "! --connbytes 0:42",
      so we should be fine.
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      0354b48f
    • E
      net: relax rcvbuf limits · 0fd7bac6
      Eric Dumazet 提交于
      skb->truesize might be big even for a small packet.
      
      Its even bigger after commit 87fb4b7b (net: more accurate skb
      truesize) and big MTU.
      
      We should allow queueing at least one packet per receiver, even with a
      low RCVBUF setting.
      Reported-by: NMichal Simek <monstr@monstr.eu>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0fd7bac6
    • X
      rps: fix insufficient bounds checking in store_rps_dev_flow_table_cnt() · a0a129f8
      Xi Wang 提交于
      Setting a large rps_flow_cnt like (1 << 30) on 32-bit platform will
      cause a kernel oops due to insufficient bounds checking.
      
      	if (count > 1<<30) {
      		/* Enforce a limit to prevent overflow */
      		return -EINVAL;
      	}
      	count = roundup_pow_of_two(count);
      	table = vmalloc(RPS_DEV_FLOW_TABLE_SIZE(count));
      
      Note that the macro RPS_DEV_FLOW_TABLE_SIZE(count) is defined as:
      
      	... + (count * sizeof(struct rps_dev_flow))
      
      where sizeof(struct rps_dev_flow) is 8.  (1 << 30) * 8 will overflow
      32 bits.
      
      This patch replaces the magic number (1 << 30) with a symbolic bound.
      Suggested-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NXi Wang <xi.wang@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a0a129f8
    • E
      net: introduce DST_NOPEER dst flag · e688a604
      Eric Dumazet 提交于
      Chris Boot reported crashes occurring in ipv6_select_ident().
      
      [  461.457562] RIP: 0010:[<ffffffff812dde61>]  [<ffffffff812dde61>]
      ipv6_select_ident+0x31/0xa7
      
      [  461.578229] Call Trace:
      [  461.580742] <IRQ>
      [  461.582870]  [<ffffffff812efa7f>] ? udp6_ufo_fragment+0x124/0x1a2
      [  461.589054]  [<ffffffff812dbfe0>] ? ipv6_gso_segment+0xc0/0x155
      [  461.595140]  [<ffffffff812700c6>] ? skb_gso_segment+0x208/0x28b
      [  461.601198]  [<ffffffffa03f236b>] ? ipv6_confirm+0x146/0x15e
      [nf_conntrack_ipv6]
      [  461.608786]  [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77
      [  461.614227]  [<ffffffff81271d64>] ? dev_hard_start_xmit+0x357/0x543
      [  461.620659]  [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111
      [  461.626440]  [<ffffffffa0379745>] ? br_parse_ip_options+0x19a/0x19a
      [bridge]
      [  461.633581]  [<ffffffff812722ff>] ? dev_queue_xmit+0x3af/0x459
      [  461.639577]  [<ffffffffa03747d2>] ? br_dev_queue_push_xmit+0x72/0x76
      [bridge]
      [  461.646887]  [<ffffffffa03791e3>] ? br_nf_post_routing+0x17d/0x18f
      [bridge]
      [  461.653997]  [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77
      [  461.659473]  [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge]
      [  461.665485]  [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111
      [  461.671234]  [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge]
      [  461.677299]  [<ffffffffa0379215>] ?
      nf_bridge_update_protocol+0x20/0x20 [bridge]
      [  461.684891]  [<ffffffffa03bb0e5>] ? nf_ct_zone+0xa/0x17 [nf_conntrack]
      [  461.691520]  [<ffffffffa0374760>] ? br_flood+0xfa/0xfa [bridge]
      [  461.697572]  [<ffffffffa0374812>] ? NF_HOOK.constprop.8+0x3c/0x56
      [bridge]
      [  461.704616]  [<ffffffffa0379031>] ?
      nf_bridge_push_encap_header+0x1c/0x26 [bridge]
      [  461.712329]  [<ffffffffa037929f>] ? br_nf_forward_finish+0x8a/0x95
      [bridge]
      [  461.719490]  [<ffffffffa037900a>] ?
      nf_bridge_pull_encap_header+0x1c/0x27 [bridge]
      [  461.727223]  [<ffffffffa0379974>] ? br_nf_forward_ip+0x1c0/0x1d4 [bridge]
      [  461.734292]  [<ffffffff81291c4d>] ? nf_iterate+0x41/0x77
      [  461.739758]  [<ffffffffa03748cc>] ? __br_deliver+0xa0/0xa0 [bridge]
      [  461.746203]  [<ffffffff81291cf6>] ? nf_hook_slow+0x73/0x111
      [  461.751950]  [<ffffffffa03748cc>] ? __br_deliver+0xa0/0xa0 [bridge]
      [  461.758378]  [<ffffffffa037533a>] ? NF_HOOK.constprop.4+0x56/0x56
      [bridge]
      
      This is caused by bridge netfilter special dst_entry (fake_rtable), a
      special shared entry, where attaching an inetpeer makes no sense.
      
      Problem is present since commit 87c48fa3 (ipv6: make fragment
      identifications less predictable)
      
      Introduce DST_NOPEER dst flag and make sure ipv6_select_ident() and
      __ip_select_ident() fallback to the 'no peer attached' handling.
      Reported-by: NChris Boot <bootc@bootc.net>
      Tested-by: NChris Boot <bootc@bootc.net>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e688a604
    • T
      mqprio: Avoid panic if no options are provided · 7838f2ce
      Thomas Graf 提交于
      Userspace may not provide TCA_OPTIONS, in fact tc currently does
      so not do so if no arguments are specified on the command line.
      Return EINVAL instead of panicing.
      Signed-off-by: NThomas Graf <tgraf@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7838f2ce
    • E
      bridge: provide a mtu() method for fake_dst_ops · a13861a2
      Eric Dumazet 提交于
      Commit 618f9bc7 (net: Move mtu handling down to the protocol
      depended handlers) forgot the bridge netfilter case, adding a NULL
      dereference in ip_fragment().
      Reported-by: NChris Boot <bootc@bootc.net>
      CC: Steffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Acked-by: NSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a13861a2
    • S
  6. 22 12月, 2011 2 次提交
  7. 21 12月, 2011 2 次提交
    • G
      net: have ipconfig not wait if no dev is available · cd7816d1
      Gerlando Falauto 提交于
      previous commit 3fb72f1e
      makes IP-Config wait for carrier on at least one network device.
      
      Before waiting (predefined value 120s), check that at least one device
      was successfully brought up. Otherwise (e.g. buggy bootloader
      which does not set the MAC address) there is no point in waiting
      for carrier.
      
      Cc: Micha Nelissen <micha@neli.hopto.org>
      Cc: Holger Brunck <holger.brunck@keymile.com>
      Signed-off-by: NGerlando Falauto <gerlando.falauto@keymile.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cd7816d1
    • T
      sctp: Do not account for sizeof(struct sk_buff) in estimated rwnd · a76c0adf
      Thomas Graf 提交于
      When checking whether a DATA chunk fits into the estimated rwnd a
      full sizeof(struct sk_buff) is added to the needed chunk size. This
      quickly exhausts the available rwnd space and leads to packets being
      sent which are much below the PMTU limit. This can lead to much worse
      performance.
      
      The reason for this behaviour was to avoid putting too much memory
      pressure on the receiver. The concept is not completely irational
      because a Linux receiver does in fact clone an skb for each DATA chunk
      delivered. However, Linux also reserves half the available socket
      buffer space for data structures therefore usage of it is already
      accounted for.
      
      When proposing to change this the last time it was noted that this
      behaviour was introduced to solve a performance issue caused by rwnd
      overusage in combination with small DATA chunks.
      
      Trying to reproduce this I found that with the sk_buff overhead removed,
      the performance would improve significantly unless socket buffer limits
      are increased.
      
      The following numbers have been gathered using a patched iperf
      supporting SCTP over a live 1 Gbit ethernet network. The -l option
      was used to limit DATA chunk sizes. The numbers listed are based on
      the average of 3 test runs each. Default values have been used for
      sk_(r|w)mem.
      
      Chunk
      Size    Unpatched     No Overhead
      -------------------------------------
         4    15.2 Kbit [!]   12.2 Mbit [!]
         8    35.8 Kbit [!]   26.0 Mbit [!]
        16    95.5 Kbit [!]   54.4 Mbit [!]
        32   106.7 Mbit      102.3 Mbit
        64   189.2 Mbit      188.3 Mbit
       128   331.2 Mbit      334.8 Mbit
       256   537.7 Mbit      536.0 Mbit
       512   766.9 Mbit      766.6 Mbit
      1024   810.1 Mbit      808.6 Mbit
      Signed-off-by: NThomas Graf <tgraf@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a76c0adf
  8. 20 12月, 2011 2 次提交
  9. 19 12月, 2011 3 次提交
  10. 14 12月, 2011 1 次提交
  11. 13 12月, 2011 5 次提交
    • E
      sch_gred: should not use GFP_KERNEL while holding a spinlock · 3f1e6d3f
      Eric Dumazet 提交于
      gred_change_vq() is called under sch_tree_lock(sch).
      
      This means a spinlock is held, and we are not allowed to sleep in this
      context.
      
      We might pre-allocate memory using GFP_KERNEL before taking spinlock,
      but this is not suitable for stable material.
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3f1e6d3f
    • T
      ipip, sit: copy parms.name after register_netdevice · 72b36015
      Ted Feng 提交于
      Same fix as 731abb9c for ipip and sit tunnel.
      Commit 1c5cae81 removed an explicit call to dev_alloc_name in
      ipip_tunnel_locate and ipip6_tunnel_locate, because register_netdevice
      will now create a valid name, however the tunnel keeps a copy of the
      name in the private parms structure. Fix this by copying the name back
      after register_netdevice has successfully returned.
      
      This shows up if you do a simple tunnel add, followed by a tunnel show:
      
      $ sudo ip tunnel add mode ipip remote 10.2.20.211
      $ ip tunnel
      tunl0: ip/ip  remote any  local any  ttl inherit  nopmtudisc
      tunl%d: ip/ip  remote 10.2.20.211  local any  ttl inherit
      $ sudo ip tunnel add mode sit remote 10.2.20.212
      $ ip tunnel
      sit0: ipv6/ip  remote any  local any  ttl 64  nopmtudisc 6rd-prefix 2002::/16
      sit%d: ioctl 89f8 failed: No such device
      sit%d: ipv6/ip  remote 10.2.20.212  local any  ttl inherit
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NTed Feng <artisdom@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      72b36015
    • L
      ipv6: Fix for adding multicast route for loopback device automatically. · 4af04aba
      Li Wei 提交于
      There is no obvious reason to add a default multicast route for loopback
      devices, otherwise there would be a route entry whose dst.error set to
      -ENETUNREACH that would blocking all multicast packets.
      
      ====================
      
      [ more detailed explanation ]
      
      The problem is that the resulting routing table depends on the sequence
      of interface's initialization and in some situation, that would block all
      muticast packets. Suppose there are two interfaces on my computer
      (lo and eth0), if we initailize 'lo' before 'eth0', the resuting routing
      table(for multicast) would be
      
      # ip -6 route show | grep ff00::
      unreachable ff00::/8 dev lo metric 256 error -101
      ff00::/8 dev eth0 metric 256
      
      When sending multicasting packets, routing subsystem will return the first
      route entry which with a error set to -101(ENETUNREACH).
      
      I know the kernel will set the default ipv6 address for 'lo' when it is up
      and won't set the default multicast route for it, but there is no reason to
      stop 'init' program from setting address for 'lo', and that is exactly what
      systemd did.
      
      I am sure there is something wrong with kernel or systemd, currently I preferred
      kernel caused this problem.
      
      ====================
      Signed-off-by: NLi Wei <lw@cn.fujitsu.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4af04aba
    • D
      nfc: signedness bug in __nci_request() · f8c141c3
      Dan Carpenter 提交于
      wait_for_completion_interruptible_timeout() returns -ERESTARTSYS if
      interrupted so completion_rc needs to be signed.  The current code
      probably returns -ETIMEDOUT if we hit this situation, but after this
      patch is applied it will return -ERESTARTSYS.
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      f8c141c3
    • S
      crush: fix mapping calculation when force argument doesn't exist · f1932fc1
      Sage Weil 提交于
      If the force argument isn't valid, we should continue calculating a
      mapping as if it weren't specified.
      Signed-off-by: NSage Weil <sage@newdream.net>
      f1932fc1
  12. 08 12月, 2011 1 次提交
    • J
      mac80211: fix another race in aggregation start · 15062e6a
      Johannes Berg 提交于
      Emmanuel noticed that when mac80211 stops the queues
      for aggregation that can leave a packet pending. This
      packet will be given to the driver after the AMPDU
      callback, but as a non-aggregated packet which messes
      up the sequence number etc.
      
      I also noticed by looking at the code that if packets
      are being processed while we clear the WANT_START bit,
      they might see it cleared already and queue up on
      tid_tx->pending. If the driver then rejects the new
      aggregation session we leak the packet.
      
      Fix both of these issues by changing this code to not
      stop the queues at all. Instead, let packets queue up
      on the tid_tx->pending queue instead of letting them
      get to the driver, and add code to recover properly
      in case the driver rejects the session.
      
      (The patch looks large because it has to move two
      functions to before their new use.)
      
      Cc: stable@vger.kernel.org
      Reported-by: NEmmanuel Grumbach <emmanuel.grumbach@intel.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      15062e6a
  13. 07 12月, 2011 4 次提交
  14. 06 12月, 2011 1 次提交
  15. 03 12月, 2011 2 次提交
  16. 02 12月, 2011 1 次提交