1. 27 4月, 2009 2 次提交
  2. 20 4月, 2009 2 次提交
  3. 17 4月, 2009 3 次提交
    • E
      [PATCH] net: remove superfluous call to synchronize_net() · 573636cb
      Eric Dumazet 提交于
      inet_register_protosw() function is responsible for adding a new
      inet protocol into a global table (inetsw[]) that is used with RCU rules.
      
      As soon as the store of the pointer is done, other cpus might see
      this new protocol in inetsw[], so we have to make sure new protocol
      is ready for use. All pending memory updates should thus be committed
      to memory before setting the pointer.
      This is correctly done using rcu_assign_pointer()
      
      synchronize_net() is typically used at unregister time, after
      unsetting the pointer, to make sure no other cpu is still using
      the object we want to dismantle. Using it at register time
      is only adding an artificial delay that could hide a real bug,
      and this bug could popup if/when synchronize_rcu() can proceed
      faster than now.
      
      This saves about 13 ms on boot time on a HZ=1000 8 cpus machine  ;) 
      (4 calls to inet_register_protosw(), and about 3200 us per call)
      Signed-off-by: NEric Dumazet <dada1@cosmosbay.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      573636cb
    • H
      gro: Fix use after free in tcp_gro_receive · a0a69a01
      Herbert Xu 提交于
      After calling skb_gro_receive skb->len can no longer be relied
      on since if the skb was merged using frags, then its pages will
      have been removed and the length reduced.
      
      This caused tcp_gro_receive to prematurely end merging which
      resulted in suboptimal performance with ixgbe.
      
      The fix is to store skb->len on the stack.
      Reported-by: NMark Wagner <mwagner@redhat.com>
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a0a69a01
    • P
      netfilter: nf_nat: add support for persistent mappings · 98d500d6
      Patrick McHardy 提交于
      The removal of the SAME target accidentally removed one feature that is
      not available from the normal NAT targets so far, having multi-range
      mappings that use the same mapping for each connection from a single
      client. The current behaviour is to choose the address from the range
      based on source and destination IP, which breaks when communicating
      with sites having multiple addresses that require all connections to
      originate from the same IP address.
      
      Introduce a IP_NAT_RANGE_PERSISTENT option that controls whether the
      destination address is taken into account for selecting addresses.
      
      http://bugzilla.kernel.org/show_bug.cgi?id=12954Signed-off-by: NPatrick McHardy <kaber@trash.net>
      98d500d6
  4. 14 4月, 2009 1 次提交
  5. 11 4月, 2009 1 次提交
    • V
      ipv6: Fix NULL pointer dereference with time-wait sockets · 499923c7
      Vlad Yasevich 提交于
      Commit b2f5e7cd
      (ipv6: Fix conflict resolutions during ipv6 binding)
      introduced a regression where time-wait sockets were
      not treated correctly.  This resulted in the following:
      
      BUG: unable to handle kernel NULL pointer dereference at 0000000000000062
      IP: [<ffffffff805d7d61>] ipv4_rcv_saddr_equal+0x61/0x70
      ...
      Call Trace:
      [<ffffffffa033847b>] ipv6_rcv_saddr_equal+0x1bb/0x250 [ipv6]
      [<ffffffffa03505a8>] inet6_csk_bind_conflict+0x88/0xd0 [ipv6]
      [<ffffffff805bb18e>] inet_csk_get_port+0x1ee/0x400
      [<ffffffffa0319b7f>] inet6_bind+0x1cf/0x3a0 [ipv6]
      [<ffffffff8056d17c>] ? sockfd_lookup_light+0x3c/0xd0
      [<ffffffff8056ed49>] sys_bind+0x89/0x100
      [<ffffffff80613ea2>] ? trace_hardirqs_on_thunk+0x3a/0x3c
      [<ffffffff8020bf9b>] system_call_fastpath+0x16/0x1b
      Tested-by: NBrian Haley <brian.haley@hp.com>
      Tested-by: NEd Tomlinson <edt@aei.ca>
      Signed-off-by: NVlad Yasevich <vladislav.yasevich@hp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      499923c7
  6. 03 4月, 2009 2 次提交
  7. 02 4月, 2009 1 次提交
  8. 01 4月, 2009 1 次提交
  9. 28 3月, 2009 2 次提交
    • P
      netlabel: Label incoming TCP connections correctly in SELinux · 389fb800
      Paul Moore 提交于
      The current NetLabel/SELinux behavior for incoming TCP connections works but
      only through a series of happy coincidences that rely on the limited nature of
      standard CIPSO (only able to convey MLS attributes) and the write equality
      imposed by the SELinux MLS constraints.  The problem is that network sockets
      created as the result of an incoming TCP connection were not on-the-wire
      labeled based on the security attributes of the parent socket but rather based
      on the wire label of the remote peer.  The issue had to do with how IP options
      were managed as part of the network stack and where the LSM hooks were in
      relation to the code which set the IP options on these newly created child
      sockets.  While NetLabel/SELinux did correctly set the socket's on-the-wire
      label it was promptly cleared by the network stack and reset based on the IP
      options of the remote peer.
      
      This patch, in conjunction with a prior patch that adjusted the LSM hook
      locations, works to set the correct on-the-wire label format for new incoming
      connections through the security_inet_conn_request() hook.  Besides the
      correct behavior there are many advantages to this change, the most significant
      is that all of the NetLabel socket labeling code in SELinux now lives in hooks
      which can return error codes to the core stack which allows us to finally get
      ride of the selinux_netlbl_inode_permission() logic which greatly simplfies
      the NetLabel/SELinux glue code.  In the process of developing this patch I
      also ran into a small handful of AF_INET6 cleanliness issues that have been
      fixed which should make the code safer and easier to extend in the future.
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Acked-by: NCasey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      389fb800
    • P
      lsm: Relocate the IPv4 security_inet_conn_request() hooks · 284904aa
      Paul Moore 提交于
      The current placement of the security_inet_conn_request() hooks do not allow
      individual LSMs to override the IP options of the connection's request_sock.
      This is a problem as both SELinux and Smack have the ability to use labeled
      networking protocols which make use of IP options to carry security attributes
      and the inability to set the IP options at the start of the TCP handshake is
      problematic.
      
      This patch moves the IPv4 security_inet_conn_request() hooks past the code
      where the request_sock's IP options are set/reset so that the LSM can safely
      manipulate the IP options as needed.  This patch intentionally does not change
      the related IPv6 hooks as IPv6 based labeling protocols which use IPv6 options
      are not currently implemented, once they are we will have a better idea of
      the correct placement for the IPv6 hooks.
      Signed-off-by: NPaul Moore <paul.moore@hp.com>
      Acked-by: NDavid S. Miller <davem@davemloft.net>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      284904aa
  10. 26 3月, 2009 4 次提交
  11. 25 3月, 2009 2 次提交
  12. 24 3月, 2009 1 次提交
    • V
      udp: Wrong locking code in udp seq_file infrastructure · 30842f29
      Vitaly Mayatskikh 提交于
      Reading zero bytes from /proc/net/udp or other similar files which use
      the same seq_file udp infrastructure panics kernel in that way:
      
      =====================================
      [ BUG: bad unlock balance detected! ]
      -------------------------------------
      read/1985 is trying to release lock (&table->hash[i].lock) at:
      [<ffffffff81321d83>] udp_seq_stop+0x27/0x29
      but there are no more locks to release!
      
      other info that might help us debug this:
      1 lock held by read/1985:
       #0:  (&p->lock){--..}, at: [<ffffffff810eefb6>] seq_read+0x38/0x348
      
      stack backtrace:
      Pid: 1985, comm: read Not tainted 2.6.29-rc8 #9
      Call Trace:
       [<ffffffff81321d83>] ? udp_seq_stop+0x27/0x29
       [<ffffffff8106dab9>] print_unlock_inbalance_bug+0xd6/0xe1
       [<ffffffff8106db62>] lock_release_non_nested+0x9e/0x1c6
       [<ffffffff810ef030>] ? seq_read+0xb2/0x348
       [<ffffffff8106bdba>] ? mark_held_locks+0x68/0x86
       [<ffffffff81321d83>] ? udp_seq_stop+0x27/0x29
       [<ffffffff8106dde7>] lock_release+0x15d/0x189
       [<ffffffff8137163c>] _spin_unlock_bh+0x1e/0x34
       [<ffffffff81321d83>] udp_seq_stop+0x27/0x29
       [<ffffffff810ef239>] seq_read+0x2bb/0x348
       [<ffffffff810eef7e>] ? seq_read+0x0/0x348
       [<ffffffff8111aedd>] proc_reg_read+0x90/0xaf
       [<ffffffff810d878f>] vfs_read+0xa6/0x103
       [<ffffffff8106bfac>] ? trace_hardirqs_on_caller+0x12f/0x153
       [<ffffffff810d88a2>] sys_read+0x45/0x69
       [<ffffffff8101123a>] system_call_fastpath+0x16/0x1b
      BUG: scheduling while atomic: read/1985/0xffffff00
      INFO: lockdep is turned off.
      Modules linked in: cpufreq_ondemand acpi_cpufreq freq_table dm_multipath kvm ppdev snd_hda_codec_analog snd_hda_intel snd_hda_codec snd_hwdep snd_seq_dummy snd_seq_oss snd_seq_midi_event arc4 snd_s
      eq ecb thinkpad_acpi snd_seq_device iwl3945 hwmon sdhci_pci snd_pcm_oss sdhci rfkill mmc_core snd_mixer_oss i2c_i801 mac80211 yenta_socket ricoh_mmc i2c_core iTCO_wdt snd_pcm iTCO_vendor_support rs
      rc_nonstatic snd_timer snd lib80211 cfg80211 soundcore snd_page_alloc video parport_pc output parport e1000e [last unloaded: scsi_wait_scan]
      Pid: 1985, comm: read Not tainted 2.6.29-rc8 #9
      Call Trace:
       [<ffffffff8106b456>] ? __debug_show_held_locks+0x1b/0x24
       [<ffffffff81043660>] __schedule_bug+0x7e/0x83
       [<ffffffff8136ede9>] schedule+0xce/0x838
       [<ffffffff810d7972>] ? fsnotify_access+0x5f/0x67
       [<ffffffff810112d0>] ? sysret_careful+0xb/0x37
       [<ffffffff8106be9c>] ? trace_hardirqs_on_caller+0x1f/0x153
       [<ffffffff8137127b>] ? trace_hardirqs_on_thunk+0x3a/0x3f
       [<ffffffff810112f6>] sysret_careful+0x31/0x37
      read[1985]: segfault at 7fffc479bfe8 ip 0000003e7420a180 sp 00007fffc479bfa0 error 6
      Kernel panic - not syncing: Aiee, killing interrupt handler!
      
      udp_seq_stop() tries to unlock not yet locked spinlock. The lock was lost
      during splitting global udp_hash_lock to subsequent spinlocks.
      
      Signed-off by: Vitaly Mayatskikh <v.mayatskih@gmail.com>
      Acked-by: NEric Dumazet <dada1@cosmosbay.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      30842f29
  13. 23 3月, 2009 1 次提交
  14. 22 3月, 2009 1 次提交
  15. 19 3月, 2009 2 次提交
  16. 16 3月, 2009 11 次提交
  17. 14 3月, 2009 3 次提交