1. 04 3月, 2008 1 次提交
  2. 29 2月, 2008 3 次提交
  3. 24 2月, 2008 1 次提交
  4. 20 2月, 2008 1 次提交
  5. 18 2月, 2008 1 次提交
  6. 13 2月, 2008 1 次提交
    • D
      [NDISC]: Fix race in generic address resolution · 69cc64d8
      David S. Miller 提交于
      Frank Blaschka provided the bug report and the initial suggested fix
      for this bug.  He also validated this version of this fix.
      
      The problem is that the access to neigh->arp_queue is inconsistent, we
      grab references when dropping the lock lock to call
      neigh->ops->solicit() but this does not prevent other threads of
      control from trying to send out that packet at the same time causing
      corruptions because both code paths believe they have exclusive access
      to the skb.
      
      The best option seems to be to hold the write lock on neigh->lock
      during the ->solicit() call.  I looked at all of the ndisc_ops
      implementations and this seems workable.  The only case that needs
      special care is the IPV4 ARP implementation of arp_solicit().  It
      wants to take neigh->lock as a reader to protect the header entry in
      neigh->ha during the emission of the soliciation.  We can simply
      remove the read lock calls to take care of that since holding the lock
      as a writer at the caller providers a superset of the protection
      afforded by the existing read locking.
      
      The rest of the ->solicit() implementations don't care whether the
      neigh is locked or not.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      69cc64d8
  7. 29 1月, 2008 12 次提交
  8. 21 1月, 2008 1 次提交
  9. 10 1月, 2008 1 次提交
    • P
      [NEIGH]: Fix race between neigh_parms_release and neightbl_fill_parms · 9cd40029
      Pavel Emelyanov 提交于
      The neightbl_fill_parms() is called under the write-locked tbl->lock
      and accesses the parms->dev. The negh_parm_release() calls the
      dev_put(parms->dev) without this lock. This creates a tiny race window
      on which the parms contains potentially stale dev pointer.
      
      To fix this race it's enough to move the dev_put() upper under the
      tbl->lock, but note, that the parms are held by neighbors and thus can
      live after the neigh_parms_release() is called, so we still can have a
      parm with bad dev pointer.
      
      I didn't find where the neigh->parms->dev is accessed, but still think
      that putting the dev is to be done in a place, where the parms are
      really freed. Am I right with that?
      Signed-off-by: NPavel Emelyanov <xemul@openvz.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9cd40029
  10. 07 11月, 2007 1 次提交
    • A
      [NET]: Remove /proc/net/stat/*_arp_cache upon module removal · 3f192b5c
      Alexey Dobriyan 提交于
      neigh_table_init_no_netlink() creates them, but they aren't removed anywhere.
      
      Steps to reproduce:
      
      	modprobe clip
      	rmmod clip
      	cat /proc/net/stat/clip_arp_cache
      
      BUG: unable to handle kernel paging request at virtual address f89d7758
      printing eip: c05a99da *pdpt = 0000000000004001 *pde = 0000000004408067 *pte = 0000000000000000
      Oops: 0000 [#1] PREEMPT SMP
      Modules linked in: atm af_packet ipv6 binfmt_misc sbs sbshc fan dock battery backlight ac power_supply parport loop rtc_cmos rtc_core rtc_lib serio_raw button k8temp hwmon amd_rng sr_mod cdrom shpchp pci_hotplug ehci_hcd ohci_hcd uhci_hcd usbcore
      Pid: 2082, comm: cat Not tainted (2.6.24-rc1-b1d08ac0-bloat #4)
      EIP: 0060:[<c05a99da>] EFLAGS: 00210256 CPU: 0
      EIP is at neigh_stat_seq_next+0x26/0x3f
      EAX: 00000001 EBX: f89d7600 ECX: c587bf40 EDX: 00000000
      ESI: 00000000 EDI: 00000001 EBP: 00000400 ESP: c587bf1c
       DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
      Process cat (pid: 2082, ti=c587b000 task=c5984e10 task.ti=c587b000)
      Stack: c06228cc c5313790 c049e5c0 0804f000 c45a7b00 c53137b0 00000000 00000000
             00000082 00000001 00000000 00000000 00000000 fffffffb c58d6780 c049e437
             c45a7b00 c04b1f93 c587bfa0 00000400 0804f000 00000400 0804f000 c04b1f2f
      Call Trace:
       [<c049e5c0>] seq_read+0x189/0x281
       [<c049e437>] seq_read+0x0/0x281
       [<c04b1f93>] proc_reg_read+0x64/0x77
       [<c04b1f2f>] proc_reg_read+0x0/0x77
       [<c048907e>] vfs_read+0x80/0xd1
       [<c0489491>] sys_read+0x41/0x67
       [<c04080fa>] sysenter_past_esp+0x6b/0xc1
       =======================
      Code: e9 ec 8d 05 00 56 8b 11 53 8b 40 70 8b 58 3c eb 29 0f a3 15 80 91 7b c0 19 c0 85 c0 8d 42 01 74 17 89 c6 c1 fe 1f 89 01 89 71 04 <8b> 83 58 01 00 00 f7 d0 8b 04 90 eb 09 89 c2 83 fa 01 7e d2 31
      EIP: [<c05a99da>] neigh_stat_seq_next+0x26/0x3f SS:ESP 0068:c587bf1c
      Signed-off-by: NAlexey Dobriyan <adobriyan@sw.ru>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3f192b5c
  11. 22 10月, 2007 1 次提交
  12. 19 10月, 2007 1 次提交
  13. 16 10月, 2007 1 次提交
  14. 11 10月, 2007 6 次提交
    • S
      [NET]: Move hardware header operations out of netdevice. · 3b04ddde
      Stephen Hemminger 提交于
      Since hardware header operations are part of the protocol class
      not the device instance, make them into a separate object and
      save memory.
      Signed-off-by: NStephen Hemminger <shemminger@linux-foundation.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3b04ddde
    • S
      [NET]: Wrap netdevice hardware header creation. · 0c4e8581
      Stephen Hemminger 提交于
      Add inline for common usage of hardware header creation, and
      fix bug in IPV6 mcast where the assumption about negative return is
      an errno. Negative return from hard_header means not enough space
      was available,(ie -N bytes).
      Signed-off-by: NStephen Hemminger <shemminger@linux-foundation.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0c4e8581
    • E
      [NET]: Make the device list and device lookups per namespace. · 881d966b
      Eric W. Biederman 提交于
      This patch makes most of the generic device layer network
      namespace safe.  This patch makes dev_base_head a
      network namespace variable, and then it picks up
      a few associated variables.  The functions:
      dev_getbyhwaddr
      dev_getfirsthwbytype
      dev_get_by_flags
      dev_get_by_name
      __dev_get_by_name
      dev_get_by_index
      __dev_get_by_index
      dev_ioctl
      dev_ethtool
      dev_load
      wireless_process_ioctl
      
      were modified to take a network namespace argument, and
      deal with it.
      
      vlan_ioctl_set and brioctl_set were modified so their
      hooks will receive a network namespace argument.
      
      So basically anthing in the core of the network stack that was
      affected to by the change of dev_base was modified to handle
      multiple network namespaces.  The rest of the network stack was
      simply modified to explicitly use &init_net the initial network
      namespace.  This can be fixed when those components of the network
      stack are modified to handle multiple network namespaces.
      
      For now the ifindex generator is left global.
      
      Fundametally ifindex numbers are per namespace, or else
      we will have corner case problems with migration when
      we get that far.
      
      At the same time there are assumptions in the network stack
      that the ifindex of a network device won't change.  Making
      the ifindex number global seems a good compromise until
      the network stack can cope with ifindex changes when
      you change namespaces, and the like.
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      881d966b
    • E
      [NET]: Make /proc/net per network namespace · 457c4cbc
      Eric W. Biederman 提交于
      This patch makes /proc/net per network namespace.  It modifies the global
      variables proc_net and proc_net_stat to be per network namespace.
      The proc_net file helpers are modified to take a network namespace argument,
      and all of their callers are fixed to pass &init_net for that argument.
      This ensures that all of the /proc/net files are only visible and
      usable in the initial network namespace until the code behind them
      has been updated to be handle multiple network namespaces.
      
      Making /proc/net per namespace is necessary as at least some files
      in /proc/net depend upon the set of network devices which is per
      network namespace, and even more files in /proc/net have contents
      that are relevant to a single network namespace.
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      457c4cbc
    • T
      [NEIGH]: Netlink notifications · d961db35
      Thomas Graf 提交于
      Currently neighbour event notifications are limited to update
      notifications and only sent if the ARP daemon is enabled. This
      patch extends the existing notification code by also reporting
      neighbours being removed due to gc or administratively and
      removes the dependency on the ARP daemon. This allows to keep
      track of neighbour states without periodically fetching the
      complete neighbour table.
      Signed-off-by: NThomas Graf <tgraf@suug.ch>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d961db35
    • T
      [NEIGH]: Combine neighbour cleanup and release · 4f494554
      Thomas Graf 提交于
      Introduces neigh_cleanup_and_release() to be used after a
      neighbour has been removed from its neighbour table. Serves
      as preparation to add event notifications.
      Signed-off-by: NThomas Graf <tgraf@suug.ch>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4f494554
  15. 27 8月, 2007 1 次提交
  16. 20 7月, 2007 1 次提交
    • P
      mm: Remove slab destructors from kmem_cache_create(). · 20c2df83
      Paul Mundt 提交于
      Slab destructors were no longer supported after Christoph's
      c59def9f change. They've been
      BUGs for both slab and slub, and slob never supported them
      either.
      
      This rips out support for the dtor pointer from kmem_cache_create()
      completely and fixes up every single callsite in the kernel (there were
      about 224, not including the slab allocator definitions themselves,
      or the documentation references).
      Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
      20c2df83
  17. 08 6月, 2007 1 次提交
  18. 26 4月, 2007 3 次提交
  19. 18 4月, 2007 1 次提交
    • P
      [NET]: Set a separate lockdep class for neighbour table's proxy_queue · c2ecba71
      Pavel Emelianov 提交于
      Otherwise the following calltrace will lead to a wrong
      lockdep warning:
      
        neigh_proxy_process()
          `- lock(neigh_table->proxy_queue.lock);
        arp_redo /* via tbl->proxy_redo */
        arp_process
        neigh_event_ns
        neigh_update
        skb_queue_purge
          `- lock(neighbor->arp_queue.lock);
      
      This is not a deadlock actually, as neighbor table's proxy_queue
      and the neighbor's arp_queue are different queues.
      
      Lockdep thinks there is a deadlock as both queues are initialized
      with skb_queue_head_init() and thus have a common class.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c2ecba71
  20. 26 3月, 2007 1 次提交
    • A
      [NET]: Fix neighbour destructor handling. · ecbb4169
      Alexey Kuznetsov 提交于
      ->neigh_destructor() is killed (not used), replaced with
      ->neigh_cleanup(), which is called when neighbor entry goes to dead
      state. At this point everything is still valid: neigh->dev,
      neigh->parms etc.
      
      The device should guarantee that dead neighbor entries (neigh->dead !=
      0) do not get private part initialized, otherwise nobody will cleanup
      it.
      
      I think this is enough for ipoib which is the only user of this thing.
      Initialization private part of neighbor entries happens in ipib
      start_xmit routine, which is not reached when device is down.  But it
      would be better to add explicit test for neigh->dead in any case.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ecbb4169