16 Nov, 2007
2 commits
-
Reported by Chuck Ebbert as:
https://bugzilla.redhat.com/show_bug.cgi?id=259501#c14
This routine is called each time hash should be replaced, nf_conn has
extension list which contains pointers to connection tracking users
(like nat, which is right now the only such user), so when replace takes
place it should copy own extensions. Loop above checks for own
extension, but tries to move higer-layer one, which can lead to above
oops.Signed-off-by: Evgeniy Polyakov
Signed-off-by: David S. Miller -
It should pass opt to the ->get/->set functions, not ops.
Tested-by: Luca Tettamanti
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
15 Nov, 2007
9 commits
-
The request_sock_queue's listen_opt is either vmalloc-ed or
kmalloc-ed depending on the number of table entries. Thus it
is expected to be handled properly on free, which is done in
the reqsk_queue_destroy().However the error path in inet_csk_listen_start() calls
the lite version of reqsk_queue_destroy, called
__reqsk_queue_destroy, which calls the kfree unconditionally.Fix this and move the __reqsk_queue_destroy into a .c file as
it looks too big to be inline.As David also noticed, this is an error recovery path only,
so no locking is required and the lopt is known to be not NULL.reqsk_queue_yank_listen_sk is also now only used in
net/core/request_sock.c so we should move it there too.Signed-off-by: Pavel Emelyanov
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller -
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NET]: rt_check_expire() can take a long time, add a cond_resched()
[ISDN] sc: Really, really fix warning
[ISDN] sc: Fix sndpkt to have the correct number of arguments
[TCP] FRTO: Clear frto_highmark only after process_frto that uses it
[NET]: Remove notifier block from chain when register_netdevice_notifier fails
[FS_ENET]: Fix module build.
[TCP]: Make sure write_queue_from does not begin with NULL ptr
[TCP]: Fix size calculation in sk_stream_alloc_pskb
[S2IO]: Fixed memory leak when MSI-X vector allocation fails
[BONDING]: Fix resource use after free
[SYSCTL]: Fix warning for token-ring from sysctl checker
[NET] random : secure_tcp_sequence_number should not assume CONFIG_KTIME_SCALAR
[IWLWIFI]: Not correctly dealing with hotunplug.
[TCP] FRTO: Plug potential LOST-bit leak
[TCP] FRTO: Limit snd_cwnd if TCP was application limited
[E1000]: Fix schedule while atomic when called from mii-tool.
[NETX]: Fix build failure added by 2.6.24 statistics cleanup.
[EP93xx_ETH]: Build fix after 2.6.24 NAPI changes.
[PKT_SCHED]: Check subqueue status before calling hard_start_xmit -
Fix an obvious use-after-free spotted by the Coverity checker.
Signed-off-by: Adrian Bunk
Cc: Trond Myklebust
Cc: "J. Bruce Fields"
Cc: Neil Brown
Cc: "David S. Miller"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This patch fixes scanning for specific ssid's which is broken due to the
scan being queued up without respecting the ssid to scan for.Signed-off-by: Helmut Schaa
Signed-off-by: Jiri Benc
Signed-off-by: John W. Linville -
On commit 39c90ece7565f5c47110c2fa77409d7a9478bd5b:
[IPV4]: Convert rt_check_expire() from softirq processing to workqueue.
we converted rt_check_expire() from softirq to workqueue, allowing the
function to perform all work it was supposed to do.When the IP route cache is big, rt_check_expire() can take a long time
to run. (default settings : 20% of the hash table is scanned at each
invocation)Adding cond_resched() helps giving cpu to higher priority tasks if
necessary.Using a "if (need_resched())" test before calling "cond_resched();" is
necessary to avoid spending too much time doing the resched check.
(My tests gave a time reduction from 88 ms to 25 ms per
rt_check_expire() run on my i686 test machine)Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
I broke this in commit 3de96471bd7fb76406e975ef6387abe3a0698149:
[TCP]: Wrap-safed reordering detection FRTO check
tcp_process_frto should always see a valid frto_highmark. An invalid
frto_highmark (zero) is very likely what ultimately caused a seqno
compare in tcp_frto_enter_loss to do the wrong leading to the LOST-bit
leak.Having LOST-bits integry ensured like done after commit
23aeeec365dcf8bc87fae44c533e50d0bb4f23cc:[TCP] FRTO: Plug potential LOST-bit leak
won't hurt. It may still be useful in some other, possibly legimate,
scenario.Reported by Chazarain Guillaume .
Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller -
Commit fcc5a03ac42564e9e255c1134dda47442289e466:
[NET]: Allow netdev REGISTER/CHANGENAME events to fail
makes the register_netdevice_notifier() handle the error from the
NETDEV_REGISTER event, sent to the registering block.The bad news is that in this case the notifier block is
not removed from the list, but the error is returned to the
caller. In case the caller is in module init function and
handles this error this can abort the module loading. The
notifier block will be then removed from the kernel, but
will be left in the list. Oops :(I think that the notifier block should be removed from the
chain in case of error, regardless whether this error is
handled by the caller or not. In the worst case (the error
is _not_ handled) module will not receive the events any
longer.Signed-off-by: Pavel Emelyanov
Acked-by: Herbert Xu
Signed-off-by: David S. Miller -
NULL ptr can be returned from tcp_write_queue_head to cached_skb
and then assigned to skb if packets_out was zero. Without this,
system is vulnerable to a carefully crafted ACKs which obviously
is remotely triggerable.Besides, there's very little that needs to be done in sacktag
if there weren't any packets outstanding, just skipping the rest
doesn't hurt.Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller
14 Nov, 2007
3 commits
-
It might be possible that, in some extreme scenario that
I just cannot now construct in my mind, end_seq .Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller -
Otherwise TCP might violate packet ordering principles that FRTO
is based on. If conventional recovery path is chosen, this won't
be significant at all. In practice, any small enough value will
be sufficient to provide proper operation for FRTO, yet other
users of snd_cwnd might benefit from a "close enough" value.FRTO's formula is now equal to what tcp_enter_cwr() uses.
FRTO used to check application limitedness a bit differently but
I changed that in commit 575ee7140dabe9b9c4f66f4f867039b97e548867
and as a result checking for application limitedness became
completely non-existing.Signed-off-by: Ilpo Järvinen
Signed-off-by: David S. Miller -
The only qdiscs that check subqueue state before dequeue'ing are PRIO
and RR. The other qdiscs, including the default pfifo_fast qdisc,
will allow traffic bound for subqueue 0 through to hard_start_xmit.
The check for netif_queue_stopped() is done above in pkt_sched.h, so
it is unnecessary for qdisc_restart(). However, if the underlying
driver is multiqueue capable, and only sets queue states on subqueues,
this will allow packets to enter the driver when it's currently unable
to process packets, resulting in expensive requeues and driver
entries. This patch re-adds the check for the subqueue status before
calling hard_start_xmit, so we can try and avoid the driver entry when
the queues are stopped.Signed-off-by: Peter P Waskiewicz Jr
Signed-off-by: David S. Miller
13 Nov, 2007
13 commits
-
It is not correct to assume one can get nsec from a ktime directly by
using .tv64 field.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
This patch reverts Eric's commit 2b008b0a8e96b726c603c5e1a5a7a509b5f61e35
It diets .text & .data section of the kernel if CONFIG_NET_NS is not set.
This is safe after list operations cleanup.Signed-of-by: Denis V. Lunev
Signed-off-by: David S. Miller -
If CONFIG_NET_NS is not set, the only namespace is possible.
This patch removes list of pernet_operations and cleanups code a bit.
This list is not needed if there are no namespaces. We should just call
->init method.Additionally, the ->exit will be called on module unloading only. This
case is safe - the code is not discarded. For the in/kernel code, ->exit
should never be called.Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller -
Packets routed between bridges have the POST_ROUTING hook invoked
twice since bridging mistakes them for bridged packets because
they have skb->nf_bridge set.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Both lookup the nf_sockopt_ops object to call the get/set callbacks
from, but they perform it in a completely similar way.Introduce the helper for finding the ops.
Signed-off-by: Pavel Emelyanov
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The size passing to memset is the size of a pointer.
Signed-off-by: Li Zefan
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The inetpeer.c tracks the LRU list of inet_perr-s, but makes
it by hands. Use the list_head-s for this.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
This patch removes the following unused EXPORT_SYMBOL's:
- ip_vs_try_bind_dest
- ip_vs_find_destSigned-off-by: Adrian Bunk
Signed-off-by: David S. Miller -
sysctl_{r,w}mem_max can now be unexported.
Signed-off-by: Adrian Bunk
Signed-off-by: David S. Miller -
Simplify some code by eliminating duplicate if-else clauses in
packet_do_bind().Signed-off-by: Urs Thuermann
Signed-off-by: David S. Miller -
...and fix a couple of bugs in the NBD, CIFS and OCFS2 socket handlers.
Looking at the sock->op->shutdown() handlers, it looks as if all of them
take a SHUT_RD/SHUT_WR/SHUT_RDWR argument instead of the
RCV_SHUTDOWN/SEND_SHUTDOWN arguments.
Add a helper, and then define the SHUT_* enum to ensure that kernel users
of shutdown() don't get confused.Signed-off-by: Trond Myklebust
Acked-by: Mark Fasheh
Acked-by: David Howells
Signed-off-by: David S. Miller -
Userland neighbor discovery options are typically heavily involved with
the interface on which thay are received: add a missing ifindex field to
the original struct. Thanks to Rémi Denis-Courmont.Signed-off-by: Pierre Ynard
Signed-off-by: David S. Miller
12 Nov, 2007
1 commit
-
In net/sctp/sm_statefuns.c::sctp_sf_abort_violation() we may leak
the storage allocated for 'abort' by returning from the function
without using or freeing it. This happens in case
"sctp_auth_recv_cid(SCTP_CID_ABORT, asoc)" is true and we jump to
the 'discard' label.
Spotted by the Coverity checker.The simple fix is to simply move the creation of the "abort chunk"
to after the possible jump to the 'discard' label. This way we don't
even have to allocate the memory at all in the problem case.Signed-off-by: Jesper Juhl
Signed-off-by: Vlad Yasevich
11 Nov, 2007
12 commits
-
This patch fixes a small memory leak. Default fib rules can be deleted by
the user if the rule does not carry FIB_RULE_PERMANENT flag, f.e. by
ip rule flushSuch a rule will not be freed as the ref-counter has 2 on start and becomes
clearly unreachable after removal.Signed-off-by: Denis V. Lunev
Acked-by: Alexey Kuznetsov
Signed-off-by: David S. Miller -
* it already statically initialized
* reinitializing live global spinlock every time netns is
setup is also wrongSigned-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller -
The unix_nr_socks value is limited with the 2 * get_max_files() value,
as seen from the unix_create1(). However, the check and the actual
increment are separated with the GFP_KERNEL allocation, so this limit
can be exceeded under a memory pressure - task may go to sleep freeing
the pages and some other task will be allowed to allocate a new sock
and so on and so forth.So make the increment before the check (similar thing is done in the
sock_kmalloc) and go to kmalloc after this.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
The scan_inflight() routine scans through the unix sockets and calls
some passed callback. The fact is that all these callbacks work with
the unix_sock objects, not the sock ones, so make this conversion in
the scan_inflight() before calling the callbacks.This removes one unneeded variable from the inc_inflight_move_tail().
Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
This counter is _always_ modified under the unix_gc_lock spinlock,
so its atomicity can be provided w/o additional efforts.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
The socket option for packet sockets to return the original ifindex instead
of the bonded ifindex will not match multicast traffic. Since this socket
option is the most useful for layer 2 traffic and multicast traffic, make
the option multicast-aware.Signed-off-by: Peter P Waskiewicz Jr
Signed-off-by: David S. Miller -
I meant for this to be selectable only with EMBEDDED, not enabled only
with EMBEDDED. This does it that way. Sorry.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Make "decrypt failed" and "have no key" debugging messages compile
conditionally upon CONFIG_MAC80211_DEBUG. They have been useful for
finding certain problems in the past, but in many cases they just
clutter a user's logs.A typical example is an enviornment where multiple SSIDs are using a
single BSSID but with different protection schemes or different keys
for each SSID. In such an environment these messages are just noise.
Let's just leave them for those interested enough to turn-on debugging.Signed-off-by: John W. Linville
-
In the long bug-hunt for why dynamic WEP networks didn't work it
turned out that mac80211 incorrectly uses IW_AUTH_KEY_MGMT while
it should use IW_AUTH_PRIVACY_INVOKED to determine whether to
associate to protected networks or not.This patch changes the behaviour to be that way and clarifies the
existing code.Signed-off-by: Johannes Berg
Cc: Jouni Malinen
Signed-off-by: John W. Linville -
The driver operations set_ieee8021x(), set_port_auth() and
set_privacy_invoked() are not used by any drivers, except
set_privacy_invoked() they aren't even used by mac80211.
Remove them at least until we need to support drivers with
mac80211 that require getting this information.Signed-off-by: Johannes Berg
Acked-by: Michael Wu
Signed-off-by: John W. Linville -
Robert pointed out that I missed this file when removing the management
interface. Do it now.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Signed-off-by: John W. Linville
