linux-toradex.git/include/net, branch v2.6.33.1 Linux kernel for Apalis and Colibri modules netfilter: nf_conntrack: fix hash resizing with namespaces 2010-02-08T19:18:07+00:00 Patrick McHardy kaber@trash.net 2010-02-08T19:18:07+00:00 d696c7bdaa55e2208e56c6f98e6bc1599f34286d As noticed by Jon Masters <jonathan@jonmasters.org>, the conntrack hash size is global and not per namespace, but modifiable at runtime through /sys/module/nf_conntrack/hashsize. Changing the hash size will only resize the hash in the current namespace however, so other namespaces will use an invalid hash size. This can cause crashes when enlarging the hashsize, or false negative lookups when shrinking it. Move the hash size into the per-namespace data and only use the global hash size to initialize the per-namespace value when instanciating a new namespace. Additionally restrict hash resizing to init_net for now as other namespaces are not handled currently. Cc: stable@kernel.org Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
As noticed by Jon Masters <jonathan@jonmasters.org>, the conntrack hash
size is global and not per namespace, but modifiable at runtime through
/sys/module/nf_conntrack/hashsize. Changing the hash size will only
resize the hash in the current namespace however, so other namespaces
will use an invalid hash size. This can cause crashes when enlarging
the hashsize, or false negative lookups when shrinking it.

Move the hash size into the per-namespace data and only use the global
hash size to initialize the per-namespace value when instanciating a
new namespace. Additionally restrict hash resizing to init_net for
now as other namespaces are not handled currently.

Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
netfilter: nf_conntrack: per netns nf_conntrack_cachep 2010-02-08T19:16:56+00:00 Eric Dumazet eric.dumazet@gmail.com 2010-02-08T19:16:56+00:00 5b3501faa8741d50617ce4191c20061c6ef36cb3 nf_conntrack_cachep is currently shared by all netns instances, but because of SLAB_DESTROY_BY_RCU special semantics, this is wrong. If we use a shared slab cache, one object can instantly flight between one hash table (netns ONE) to another one (netns TWO), and concurrent reader (doing a lookup in netns ONE, 'finding' an object of netns TWO) can be fooled without notice, because no RCU grace period has to be observed between object freeing and its reuse. We dont have this problem with UDP/TCP slab caches because TCP/UDP hashtables are global to the machine (and each object has a pointer to its netns). If we use per netns conntrack hash tables, we also *must* use per netns conntrack slab caches, to guarantee an object can not escape from one namespace to another one. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> [Patrick: added unique slab name allocation] Cc: stable@kernel.org Signed-off-by: Patrick McHardy <kaber@trash.net> 
nf_conntrack_cachep is currently shared by all netns instances, but
because of SLAB_DESTROY_BY_RCU special semantics, this is wrong.

If we use a shared slab cache, one object can instantly flight between
one hash table (netns ONE) to another one (netns TWO), and concurrent
reader (doing a lookup in netns ONE, 'finding' an object of netns TWO)
can be fooled without notice, because no RCU grace period has to be
observed between object freeing and its reuse.

We dont have this problem with UDP/TCP slab caches because TCP/UDP
hashtables are global to the machine (and each object has a pointer to
its netns).

If we use per netns conntrack hash tables, we also *must* use per netns
conntrack slab caches, to guarantee an object can not escape from one
namespace to another one.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
[Patrick: added unique slab name allocation]
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
netns xfrm: deal with dst entries in netns 2010-01-25T06:47:53+00:00 Alexey Dobriyan adobriyan@gmail.com 2010-01-25T06:47:53+00:00 d7c7544c3d5f59033d1bf3236bc7b289f5f26b75 GC is non-existent in netns, so after you hit GC threshold, no new dst entries will be created until someone triggers cleanup in init_net. Make xfrm4_dst_ops and xfrm6_dst_ops per-netns. This is not done in a generic way, because it woule waste (AF_MAX - 2) * sizeof(struct dst_ops) bytes per-netns. Reorder GC threshold initialization so it'd be done before registering XFRM policies. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
GC is non-existent in netns, so after you hit GC threshold, no new
dst entries will be created until someone triggers cleanup in init_net.

Make xfrm4_dst_ops and xfrm6_dst_ops per-netns.
This is not done in a generic way, because it woule waste
(AF_MAX - 2) * sizeof(struct dst_ops) bytes per-netns.

Reorder GC threshold initialization so it'd be done before registering
XFRM policies.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
netns xfrm: fix "ip xfrm state|policy count" misreport 2010-01-24T07:10:42+00:00 Alexey Dobriyan adobriyan@gmail.com 2010-01-23T13:37:10+00:00 e071041be037eca208b62b84469a06bdfc692bea "ip xfrm state|policy count" report SA/SP count from init_net, not from netns of caller process. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 
"ip xfrm state|policy count" report SA/SP count from init_net,
not from netns of caller process.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Merge branch 'master' of /home/davem/src/GIT/linux-2.6/ 2010-01-23T06:45:46+00:00 David S. Miller davem@davemloft.net 2010-01-23T06:45:46+00:00 6be325719b3e54624397e413efd4b33a997e55a3 






ax25: netrom: rose: Fix timer oopses
2010-01-16T09:04:04+00:00

Jarek Poplawski
jarkao2@gmail.com

2010-01-16T09:04:04+00:00

d00c362f1b0ff54161e0a42b4554ac621a9ef92d

Wrong ax25_cb refcounting in ax25_send_frame() and by its callers can
cause timer oopses (first reported with 2.6.29.6 kernel).

Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=14905

Reported-by: Bernard Pidoux <bpidoux@free.fr>
Tested-by: Bernard Pidoux <bpidoux@free.fr>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>





Wrong ax25_cb refcounting in ax25_send_frame() and by its callers can
cause timer oopses (first reported with 2.6.29.6 kernel).

Fixes: http://bugzilla.kernel.org/show_bug.cgi?id=14905

Reported-by: Bernard Pidoux <bpidoux@free.fr>
Tested-by: Bernard Pidoux <bpidoux@free.fr>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>







Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
2010-01-14T16:36:15+00:00

Linus Torvalds
torvalds@linux-foundation.org

2010-01-14T16:36:15+00:00

4a24eef671614aea479eac6c9ce5fa2cf590ee76

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (34 commits)
  net: fix build erros with CONFIG_BUG=n, CONFIG_GENERIC_BUG=n
  ipv6: skb_dst() can be NULL in ipv6_hop_jumbo().
  tg3: Update copyright and driver version
  tg3: Disable 5717 serdes and B0 support
  tg3: Add reliable serdes detection for 5717 A0
  tg3: Fix std rx prod ring handling
  tg3: Fix std prod ring nicaddr for 5787 and 57765
  sfc: Fix conditions for MDIO self-test
  sfc: Fix polling for slow MCDI operations
  e1000e: workaround link issues on busy hub in half duplex on 82577/82578
  e1000e: MDIO slow mode should always be done for 82577
  ixgbe: update copyright dates
  ixgbe: Do not attempt to perform interrupts in netpoll when down
  cfg80211: fix refcount imbalance when wext is disabled
  mac80211: fix queue selection for data frames on monitor interfaces
  iwlwifi: silence buffer overflow warning
  iwlwifi: disable tx on beacon update notification
  iwlwifi: fix iwl_queue_used bug when read_ptr == write_ptr
  mac80211: fix endian error
  mac80211: add missing sanity checks for action frames
  ...





* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (34 commits)
  net: fix build erros with CONFIG_BUG=n, CONFIG_GENERIC_BUG=n
  ipv6: skb_dst() can be NULL in ipv6_hop_jumbo().
  tg3: Update copyright and driver version
  tg3: Disable 5717 serdes and B0 support
  tg3: Add reliable serdes detection for 5717 A0
  tg3: Fix std rx prod ring handling
  tg3: Fix std prod ring nicaddr for 5787 and 57765
  sfc: Fix conditions for MDIO self-test
  sfc: Fix polling for slow MCDI operations
  e1000e: workaround link issues on busy hub in half duplex on 82577/82578
  e1000e: MDIO slow mode should always be done for 82577
  ixgbe: update copyright dates
  ixgbe: Do not attempt to perform interrupts in netpoll when down
  cfg80211: fix refcount imbalance when wext is disabled
  mac80211: fix queue selection for data frames on monitor interfaces
  iwlwifi: silence buffer overflow warning
  iwlwifi: disable tx on beacon update notification
  iwlwifi: fix iwl_queue_used bug when read_ptr == write_ptr
  mac80211: fix endian error
  mac80211: add missing sanity checks for action frames
  ...







net: fix build erros with CONFIG_BUG=n, CONFIG_GENERIC_BUG=n
2010-01-14T02:10:36+00:00

Octavian Purdila
opurdila@ixiacom.com

2010-01-14T02:10:36+00:00

cd65c3c7d1081290b7365897c2290a84aa967d4d

Fixed build errors introduced by commit 7ad6848c (ip: fix mc_loop
checks for tunnels with multicast outer addresses)

Signed-off-by: Octavian Purdila <opurdila@ixiacom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>





Fixed build errors introduced by commit 7ad6848c (ip: fix mc_loop
checks for tunnels with multicast outer addresses)

Signed-off-by: Octavian Purdila <opurdila@ixiacom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>







Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
2010-01-13T04:53:29+00:00

Linus Torvalds
torvalds@linux-foundation.org

2010-01-13T04:53:29+00:00

597d8c717856f6094837850f3eb4850820b36451

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (56 commits)
  sky2: Fix oops in sky2_xmit_frame() after TX timeout
  Documentation/3c509: document ethtool support
  af_packet: Don't use skb after dev_queue_xmit()
  vxge: use pci_dma_mapping_error to test return value
  netfilter: ebtables: enforce CAP_NET_ADMIN
  e1000e: fix and commonize code for setting the receive address registers
  e1000e: e1000e_enable_tx_pkt_filtering() returns wrong value
  e1000e: perform 10/100 adaptive IFS only on parts that support it
  e1000e: don't accumulate PHY statistics on PHY read failure
  e1000e: call pci_save_state() after pci_restore_state()
  netxen: update version to 4.0.72
  netxen: fix set mac addr
  netxen: fix smatch warning
  netxen: fix tx ring memory leak
  tcp: update the netstamp_needed counter when cloning sockets
  TI DaVinci EMAC: Handle emac module clock correctly.
  dmfe/tulip: Let dmfe handle DM910x except for SPARC on-board chips
  ixgbe: Fix compiler warning about variable being used uninitialized
  netfilter: nf_ct_ftp: fix out of bounds read in update_nl_seq()
  mv643xx_eth: don't include cache padding in rx desc buffer size
  ...

Fix trivial conflict in drivers/scsi/cxgb3i/cxgb3i_offload.c





* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (56 commits)
  sky2: Fix oops in sky2_xmit_frame() after TX timeout
  Documentation/3c509: document ethtool support
  af_packet: Don't use skb after dev_queue_xmit()
  vxge: use pci_dma_mapping_error to test return value
  netfilter: ebtables: enforce CAP_NET_ADMIN
  e1000e: fix and commonize code for setting the receive address registers
  e1000e: e1000e_enable_tx_pkt_filtering() returns wrong value
  e1000e: perform 10/100 adaptive IFS only on parts that support it
  e1000e: don't accumulate PHY statistics on PHY read failure
  e1000e: call pci_save_state() after pci_restore_state()
  netxen: update version to 4.0.72
  netxen: fix set mac addr
  netxen: fix smatch warning
  netxen: fix tx ring memory leak
  tcp: update the netstamp_needed counter when cloning sockets
  TI DaVinci EMAC: Handle emac module clock correctly.
  dmfe/tulip: Let dmfe handle DM910x except for SPARC on-board chips
  ixgbe: Fix compiler warning about variable being used uninitialized
  netfilter: nf_ct_ftp: fix out of bounds read in update_nl_seq()
  mv643xx_eth: don't include cache padding in rx desc buffer size
  ...

Fix trivial conflict in drivers/scsi/cxgb3i/cxgb3i_offload.c







ip: fix mc_loop checks for tunnels with multicast outer addresses
2010-01-07T04:37:01+00:00

Octavian Purdila
opurdila@ixiacom.com

2010-01-07T04:37:01+00:00

7ad6848c7e81a603605fad3f3575841aab004eea

When we have L3 tunnels with different inner/outer families
(i.e. IPV4/IPV6) which use a multicast address as the outer tunnel
destination address, multicast packets will be loopbacked back to the
sending socket even if IP*_MULTICAST_LOOP is set to disabled.

The mc_loop flag is present in the family specific part of the socket
(e.g. the IPv4 or IPv4 specific part).  setsockopt sets the inner
family mc_loop flag. When the packet is pushed through the L3 tunnel
it will eventually be processed by the outer family which if different
will check the flag in a different part of the socket then it was set.

Signed-off-by: Octavian Purdila <opurdila@ixiacom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>





When we have L3 tunnels with different inner/outer families
(i.e. IPV4/IPV6) which use a multicast address as the outer tunnel
destination address, multicast packets will be loopbacked back to the
sending socket even if IP*_MULTICAST_LOOP is set to disabled.

The mc_loop flag is present in the family specific part of the socket
(e.g. the IPv4 or IPv4 specific part).  setsockopt sets the inner
family mc_loop flag. When the packet is pushed through the L3 tunnel
it will eventually be processed by the outer family which if different
will check the flag in a different part of the socket then it was set.

Signed-off-by: Octavian Purdila <opurdila@ixiacom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>