1. 21 9月, 2013 3 次提交
  2. 20 9月, 2013 3 次提交
  3. 19 9月, 2013 1 次提交
  4. 18 9月, 2013 2 次提交
  5. 17 9月, 2013 7 次提交
  6. 16 9月, 2013 2 次提交
  7. 13 9月, 2013 7 次提交
    • M
      Remove GENERIC_HARDIRQ config option · 0244ad00
      Martin Schwidefsky 提交于
      After the last architecture switched to generic hard irqs the config
      options HAVE_GENERIC_HARDIRQS & GENERIC_HARDIRQS and the related code
      for !CONFIG_GENERIC_HARDIRQS can be removed.
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      0244ad00
    • P
      netfilter: nf_nat_proto_icmpv6:: fix wrong comparison in icmpv6_manip_pkt · d830f0fa
      Phil Oester 提交于
      In commit 58a317f1 (netfilter: ipv6: add IPv6 NAT support), icmpv6_manip_pkt
      was added with an incorrect comparison of ICMP codes to types.  This causes
      problems when using NAT rules with the --random option.  Correct the
      comparison.
      
      This closes netfilter bugzilla #851, reported by Alexander Neumann.
      Signed-off-by: NPhil Oester <kernel@linuxace.com>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      d830f0fa
    • H
      bridge: Clamp forward_delay when enabling STP · be4f154d
      Herbert Xu 提交于
      At some point limits were added to forward_delay.  However, the
      limits are only enforced when STP is enabled.  This created a
      scenario where you could have a value outside the allowed range
      while STP is disabled, which then stuck around even after STP
      is enabled.
      
      This patch fixes this by clamping the value when we enable STP.
      
      I had to move the locking around a bit to ensure that there is
      no window where someone could insert a value outside the range
      while we're in the middle of enabling STP.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      
      Cheers,
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      be4f154d
    • C
      resubmit bridge: fix message_age_timer calculation · 9a062013
      Chris Healy 提交于
      This changes the message_age_timer calculation to use the BPDU's max age as
      opposed to the local bridge's max age.  This is in accordance with section
      8.6.2.3.2 Step 2 of the 802.1D-1998 sprecification.
      
      With the current implementation, when running with very large bridge
      diameters, convergance will not always occur even if a root bridge is
      configured to have a longer max age.
      
      Tested successfully on bridge diameters of ~200.
      Signed-off-by: NChris Healy <cphealy@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9a062013
    • S
      memcg: rename RESOURCE_MAX to RES_COUNTER_MAX · 6de5a8bf
      Sha Zhengju 提交于
      RESOURCE_MAX is far too general name, change it to RES_COUNTER_MAX.
      Signed-off-by: NSha Zhengju <handai.szj@taobao.com>
      Signed-off-by: NQiang Huang <h.huangqiang@huawei.com>
      Acked-by: NMichal Hocko <mhocko@suse.cz>
      Cc: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
      Cc: Jeff Liu <jeff.liu@oracle.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6de5a8bf
    • D
      net: sctp: fix ipv6 ipsec encryption bug in sctp_v6_xmit · 95ee6208
      Daniel Borkmann 提交于
      Alan Chester reported an issue with IPv6 on SCTP that IPsec traffic is not
      being encrypted, whereas on IPv4 it is. Setting up an AH + ESP transport
      does not seem to have the desired effect:
      
      SCTP + IPv4:
      
        22:14:20.809645 IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto AH (51), length 116)
          192.168.0.2 > 192.168.0.5: AH(spi=0x00000042,sumlen=16,seq=0x1): ESP(spi=0x00000044,seq=0x1), length 72
        22:14:20.813270 IP (tos 0x2,ECT(0), ttl 64, id 0, offset 0, flags [DF], proto AH (51), length 340)
          192.168.0.5 > 192.168.0.2: AH(spi=0x00000043,sumlen=16,seq=0x1):
      
      SCTP + IPv6:
      
        22:31:19.215029 IP6 (class 0x02, hlim 64, next-header SCTP (132) payload length: 364)
          fe80::222:15ff:fe87:7fc.3333 > fe80::92e6:baff:fe0d:5a54.36767: sctp
          1) [INIT ACK] [init tag: 747759530] [rwnd: 62464] [OS: 10] [MIS: 10]
      
      Moreover, Alan says:
      
        This problem was seen with both Racoon and Racoon2. Other people have seen
        this with OpenSwan. When IPsec is configured to encrypt all upper layer
        protocols the SCTP connection does not initialize. After using Wireshark to
        follow packets, this is because the SCTP packet leaves Box A unencrypted and
        Box B believes all upper layer protocols are to be encrypted so it drops
        this packet, causing the SCTP connection to fail to initialize. When IPsec
        is configured to encrypt just SCTP, the SCTP packets are observed unencrypted.
      
      In fact, using `socat sctp6-listen:3333 -` on one end and transferring "plaintext"
      string on the other end, results in cleartext on the wire where SCTP eventually
      does not report any errors, thus in the latter case that Alan reports, the
      non-paranoid user might think he's communicating over an encrypted transport on
      SCTP although he's not (tcpdump ... -X):
      
        ...
        0x0030: 5d70 8e1a 0003 001a 177d eb6c 0000 0000  ]p.......}.l....
        0x0040: 0000 0000 706c 6169 6e74 6578 740a 0000  ....plaintext...
      
      Only in /proc/net/xfrm_stat we can see XfrmInTmplMismatch increasing on the
      receiver side. Initial follow-up analysis from Alan's bug report was done by
      Alexey Dobriyan. Also thanks to Vlad Yasevich for feedback on this.
      
      SCTP has its own implementation of sctp_v6_xmit() not calling inet6_csk_xmit().
      This has the implication that it probably never really got updated along with
      changes in inet6_csk_xmit() and therefore does not seem to invoke xfrm handlers.
      
      SCTP's IPv4 xmit however, properly calls ip_queue_xmit() to do the work. Since
      a call to inet6_csk_xmit() would solve this problem, but result in unecessary
      route lookups, let us just use the cached flowi6 instead that we got through
      sctp_v6_get_dst(). Since all SCTP packets are being sent through sctp_packet_transmit(),
      we do the route lookup / flow caching in sctp_transport_route(), hold it in
      tp->dst and skb_dst_set() right after that. If we would alter fl6->daddr in
      sctp_v6_xmit() to np->opt->srcrt, we possibly could run into the same effect
      of not having xfrm layer pick it up, hence, use fl6_update_dst() in sctp_v6_get_dst()
      instead to get the correct source routed dst entry, which we assign to the skb.
      
      Also source address routing example from 62503411 ("sctp: fix sctp to work with
      ipv6 source address routing") still works with this patch! Nevertheless, in RFC5095
      it is actually 'recommended' to not use that anyway due to traffic amplification [1].
      So it seems we're not supposed to do that anyway in sctp_v6_xmit(). Moreover, if
      we overwrite the flow destination here, the lower IPv6 layer will be unable to
      put the correct destination address into IP header, as routing header is added in
      ipv6_push_nfrag_opts() but then probably with wrong final destination. Things aside,
      result of this patch is that we do not have any XfrmInTmplMismatch increase plus on
      the wire with this patch it now looks like:
      
      SCTP + IPv6:
      
        08:17:47.074080 IP6 2620:52:0:102f:7a2b:cbff:fe27:1b0a > 2620:52:0:102f:213:72ff:fe32:7eba:
          AH(spi=0x00005fb4,seq=0x1): ESP(spi=0x00005fb5,seq=0x1), length 72
        08:17:47.074264 IP6 2620:52:0:102f:213:72ff:fe32:7eba > 2620:52:0:102f:7a2b:cbff:fe27:1b0a:
          AH(spi=0x00003d54,seq=0x1): ESP(spi=0x00003d55,seq=0x1), length 296
      
      This fixes Kernel Bugzilla 24412. This security issue seems to be present since
      2.6.18 kernels. Lets just hope some big passive adversary in the wild didn't have
      its fun with that. lksctp-tools IPv6 regression test suite passes as well with
      this patch.
      
       [1] http://www.secdev.org/conf/IPv6_RH_security-csw07.pdfReported-by: NAlan Chester <alan.chester@tekelec.com>
      Reported-by: NAlexey Dobriyan <adobriyan@gmail.com>
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
      Acked-by: NVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      95ee6208
    • S
      netpoll: Should handle ETH_P_ARP other than ETH_P_IP in netpoll_neigh_reply · b0dd663b
      Sonic Zhang 提交于
      The received ARP request type in the Ethernet packet head is ETH_P_ARP other than ETH_P_IP.
      
      [ Bug introduced by commit b7394d24
        ("netpoll: prepare for ipv6") ]
      Signed-off-by: NSonic Zhang <sonic.zhang@analog.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b0dd663b
  8. 12 9月, 2013 12 次提交
  9. 11 9月, 2013 1 次提交
    • D
      shrinker: convert remaining shrinkers to count/scan API · 70534a73
      Dave Chinner 提交于
      Convert the remaining couple of random shrinkers in the tree to the new
      API.
      Signed-off-by: NDave Chinner <dchinner@redhat.com>
      Signed-off-by: NGlauber Costa <glommer@openvz.org>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Cc: Gleb Natapov <gleb@redhat.com>
      Cc: Chuck Lever <chuck.lever@oracle.com>
      Cc: J. Bruce Fields <bfields@redhat.com>
      Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
      Cc: "Theodore Ts'o" <tytso@mit.edu>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
      Cc: Arve Hjønnevåg <arve@android.com>
      Cc: Carlos Maiolino <cmaiolino@redhat.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Chuck Lever <chuck.lever@oracle.com>
      Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Gleb Natapov <gleb@redhat.com>
      Cc: Greg Thelen <gthelen@google.com>
      Cc: J. Bruce Fields <bfields@redhat.com>
      Cc: Jan Kara <jack@suse.cz>
      Cc: Jerome Glisse <jglisse@redhat.com>
      Cc: John Stultz <john.stultz@linaro.org>
      Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Cc: Kent Overstreet <koverstreet@google.com>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Steven Whitehouse <swhiteho@redhat.com>
      Cc: Thomas Hellstrom <thellstrom@vmware.com>
      Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      70534a73
  10. 10 9月, 2013 1 次提交
  11. 07 9月, 2013 1 次提交
    • E
      tcp: properly increase rcv_ssthresh for ofo packets · 4e4f1fc2
      Eric Dumazet 提交于
      TCP receive window handling is multi staged.
      
      A socket has a memory budget, static or dynamic, in sk_rcvbuf.
      
      Because we do not really know how this memory budget translates to
      a TCP window (payload), TCP announces a small initial window
      (about 20 MSS).
      
      When a packet is received, we increase TCP rcv_win depending
      on the payload/truesize ratio of this packet. Good citizen
      packets give a hint that it's reasonable to have rcv_win = sk_rcvbuf/2
      
      This heuristic takes place in tcp_grow_window()
      
      Problem is : We currently call tcp_grow_window() only for in-order
      packets.
      
      This means that reorders or packet losses stop proper grow of
      rcv_win, and senders are unable to benefit from fast recovery,
      or proper reordering level detection.
      
      Really, a packet being stored in OFO queue is not a bad citizen.
      It should be part of the game as in-order packets.
      
      In our traces, we very often see sender is limited by linux small
      receive windows, even if linux hosts use autotuning (DRS) and should
      allow rcv_win to grow to ~3MB.
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Acked-by: NNeal Cardwell <ncardwell@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4e4f1fc2