15 Jan, 2012
1 commit
-
* 'for-linus' of git://selinuxproject.org/~jmorris/linux-security:
capabilities: remove __cap_full_set definition
security: remove the security_netlink_recv hook as it is equivalent to capable()
ptrace: do not audit capability check when outputing /proc/pid/stat
capabilities: remove task_ns_* functions
capabitlies: ns_capable can use the cap helpers rather than lsm call
capabilities: style only - move capable below ns_capable
capabilites: introduce new has_ns_capabilities_noaudit
capabilities: call has_ns_capability from has_capability
capabilities: remove all _real_ interfaces
capabilities: introduce security_capable_noaudit
capabilities: reverse arguments to security_capable
capabilities: remove the task from capable LSM hook entirely
selinux: sparse fix: fix several warnings in the security server cod
selinux: sparse fix: fix warnings in netlink code
selinux: sparse fix: eliminate warnings for selinuxfs
selinux: sparse fix: declare selinux_disable() in security.h
selinux: sparse fix: move selinux_complete_init
selinux: sparse fix: make selinux_secmark_refcount static
SELinux: Fix RCU deref check warning in sel_netport_insert()Manually fix up a semantic mis-merge wrt security_netlink_recv():
- the interface was removed in commit fd7784615248 ("security: remove
the security_netlink_recv hook as it is equivalent to capable()")- a new user of it appeared in commit a38f7907b926 ("crypto: Add
userspace configuration API")causing no automatic merge conflict, but Eric Paris pointed out the
issue.
13 Jan, 2012
1 commit
-
commit a9b3cd7f32 (rcu: convert uses of rcu_assign_pointer(x, NULL) to
RCU_INIT_POINTER) did a lot of incorrect changes, since it did a
complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x,
y).We miss needed barriers, even on x86, when y is not NULL.
Signed-off-by: Eric Dumazet
CC: Stephen Hemminger
CC: Paul E. McKenney
Signed-off-by: David S. Miller
10 Jan, 2012
3 commits
-
> net/core/sock.c: In function 'sk_update_clone':
> net/core/sock.c:1278:3: error: implicit declaration of function 'sock_update_memcg'Reported-by: Randy Dunlap
Signed-off-by: David S. Miller -
dev_uc_sync() and dev_mc_sync() are acquiring netif_addr_lock for
destination device of synchronization. Since netif_addr_lock is
already held at the time for source device, this triggers lockdep
deadlock warning.There's no way this deadlock can happen so use spin_lock_nested() to
silence the warning.Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller -
Signed-off-by: Jiri Pirko
Signed-off-by: David S. Miller
09 Jan, 2012
1 commit
-
so move it there. Fixes build errors when CONFIG_INET is not defined:
In file included from include/linux/tcp.h:211:0,
from include/linux/ipv6.h:221,
from include/net/ipv6.h:16,
from include/linux/sunrpc/clnt.h:26,
from include/linux/nfs_fs.h:50,
from init/do_mounts.c:20:
include/net/sock.h: In function 'sk_update_clone':
include/net/sock.h:1109:3: error: implicit declaration of function 'sock_update_memcg' [-Werror=implicit-function-declaration]Signed-off-by: Stephen Rothwell
Signed-off-by: David S. Miller
08 Jan, 2012
2 commits
-
In 882716604ec "pktgen: fix multiple queue warning" we added special
logic to handle the case where ntxq is zero. It's not clear to me that
ntxq can actually be zero. But if it were then we would set
->queue_map_min and ->queue_map_max to USHRT_MAX when probably we want
to set them to zero?Signed-off-by: David S. Miller
-
Sockets can also be created through sock_clone. Because it copies
all data in the sock structure, it also copies the memcg-related pointer,
and all should be fine. However, since we now use reference counts in
socket creation, we are left with some sockets that have no reference
counts. It matters when we destroy them, since it leads to a mismatch.Signed-off-by: Glauber Costa
CC: David S. Miller
CC: Greg Thelen
CC: Hiroyouki Kamezawa
CC: Laurent Chavey
Signed-off-by: David S. Miller
06 Jan, 2012
1 commit
-
Once upon a time netlink was not sync and we had to get the effective
capabilities from the skb that was being received. Today we instead get
the capabilities from the current task. This has rendered the entire
purpose of the hook moot as it is now functionally equivalent to the
capable() call.Signed-off-by: Eric Paris
05 Jan, 2012
2 commits
-
All implementations have been converted to implement set_rxnfc
instead.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller -
Define special location values for RX NFC that request the driver to
select the actual rule location. This allows for implementation on
devices that use hash-based filter lookup, whereas currently the API is
more suited to devices with TCAM lookup or linear search.In ethtool_set_rxnfc() and the compat wrapper ethtool_ioctl(), copy
the structure back to user-space after insertion so that the actual
location is returned.Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller
31 Dec, 2011
1 commit
-
Add a routine that dumps memory-related values of a socket.
It's made as an array to make it possible to add more stuff
here later without breaking compatibility.Since v1: The SK_MEMINFO_ constants are in userspace
visible part of sock_diag.h, the rest is under __KERNEL__.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller
29 Dec, 2011
1 commit
-
In order to perform a proper universal hash on a vector of integers,
we have to use different universal hashes on each vector element.Which means we need 4 different hash randoms for ipv6.
Signed-off-by: David S. Miller
25 Dec, 2011
1 commit
-
Aim of this patch is to provide full range of rps_flow_cnt on 64bit arches.
Theorical limit on number of flows is 2^32
Fix some buggy RPS/RFS macros as well.
Signed-off-by: Eric Dumazet
CC: Tom Herbert
CC: Xi Wang
CC: Laurent Chavey
Signed-off-by: David S. Miller
24 Dec, 2011
1 commit
-
Conflicts:
net/bluetooth/l2cap_core.cJust two overlapping changes, one added an initialization of
a local variable, and another change added a new local variable.Signed-off-by: David S. Miller
23 Dec, 2011
2 commits
-
skb->truesize might be big even for a small packet.
Its even bigger after commit 87fb4b7b533 (net: more accurate skb
truesize) and big MTU.We should allow queueing at least one packet per receiver, even with a
low RCVBUF setting.Reported-by: Michal Simek
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
Setting a large rps_flow_cnt like (1 << 30) on 32-bit platform will
cause a kernel oops due to insufficient bounds checking.if (count > 1<<< 30) * 8 will overflow
32 bits.This patch replaces the magic number (1 << 30) with a symbolic bound.
Suggested-by: Eric Dumazet
Signed-off-by: Xi Wang
Signed-off-by: David S. Miller
22 Dec, 2011
1 commit
-
flow_cach_flush() might sleep but can be called from
atomic context via the xfrm garbage collector. So add
a flow_cache_flush_deferred() function and use this if
the xfrm garbage colector is invoked from within the
packet path.Signed-off-by: Steffen Klassert
Acked-by: Timo Teräs
Signed-off-by: David S. Miller
20 Dec, 2011
1 commit
-
This reverts commit 5c3ddec73d01a1fae9409c197078cb02c42238c3.
S390 qeth driver actually still uses the setup ops.
Reported-by: Frank Blaschka
Signed-off-by: David S. Miller
17 Dec, 2011
6 commits
-
Use IS_ENABLED(CONFIG_FOO)
instead of defined(CONFIG_FOO) || defined (CONFIG_FOO_MODULE)Signed-off-by: Igor Maravić
Signed-off-by: David S. Miller -
We can't scan the proto_list to initialize sock cgroups, as it
holds a rwlock, and we also want to keep the code generic enough to
avoid calling the initialization functions of protocols directly,Convert proto_list_lock into a mutex, so we can sleep and do the
necessary allocations. This lock is seldom taken, so there shouldn't
be any performance penalties associated with thatSigned-off-by: Glauber Costa
CC: Hiroyouki Kamezawa
CC: David S. Miller
CC: Eric Dumazet
CC: Stephen Rothwell
CC: Randy Dunlap
Signed-off-by: David S. Miller -
All drivers that support modification of the RX flow hash indirection
table initialise it in the same way: RX rings are assigned to table
entries in rotation. Make that default policy explicit by having them
call a ethtool_rxfh_indir_default() function.In the ethtool core, add support for a zero size value for
ETHTOOL_SRXFHINDIR, which resets the table to this default.Partly-suggested-by: Matt Carlson
Signed-off-by: Ben Hutchings
Acked-by: Shreyas N Bhatewara
Signed-off-by: David S. Miller -
Add a new ethtool operation (get_rxfh_indir_size) to get the
indirectional table size. Use this to validate the user buffer size
before calling get_rxfh_indir or set_rxfh_indir. Use get_rxnfc to get
the number of RX rings, and validate the contents of the new
indirection table before calling set_rxfh_indir. Remove this
validation from drivers.Signed-off-by: Ben Hutchings
Acked-by: Dimitris Michailidis
Signed-off-by: David S. Miller -
The sk address is used as a cookie between dump/get_exact calls.
It will be required for unix socket sdumping, so move it from
inet_diag to sock_diag.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
I've made a mistake when fixing the sock_/inet_diag aliases :(
1. The sock_diag layer should request the family-based alias,
not just the IPPROTO_IP one;
2. The inet_diag layer should request for AF_INET+protocol alias,
not just the protocol one.Thus fix this.
Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller
14 Dec, 2011
2 commits
-
Before adding a struct rtnl_link_ops into link_ops list, check it doesnt
clash with a prior one.Based on a previous patch from Alexander Smirnov
Signed-off-by: Eric Dumazet
CC: Alexander Smirnov
Signed-off-by: David S. Miller -
It's simpler to just keep these things out until there is a real user
of them, so we can see what the needs actually are, rather than keep
these things around as useless overhead.Signed-off-by: David S. Miller
13 Dec, 2011
3 commits
-
This patch introduces memory pressure controls for the tcp
protocol. It uses the generic socket memory pressure code
introduced in earlier patches, and fills in the
necessary data in cg_proto struct.Signed-off-by: Glauber Costa
Reviewed-by: KAMEZAWA Hiroyuki
CC: Eric W. Biederman
Signed-off-by: David S. Miller -
The goal of this work is to move the memory pressure tcp
controls to a cgroup, instead of just relying on global
conditions.To avoid excessive overhead in the network fast paths,
the code that accounts allocated memory to a cgroup is
hidden inside a static_branch(). This branch is patched out
until the first non-root cgroup is created. So when nobody
is using cgroups, even if it is mounted, no significant performance
penalty should be seen.This patch handles the generic part of the code, and has nothing
tcp-specific.Signed-off-by: Glauber Costa
Reviewed-by: KAMEZAWA Hiroyuki
CC: Kirill A. Shutemov
CC: David S. Miller
CC: Eric W. Biederman
CC: Eric Dumazet
Signed-off-by: David S. Miller -
This patch replaces all uses of struct sock fields' memory_pressure,
memory_allocated, sockets_allocated, and sysctl_mem to acessor
macros. Those macros can either receive a socket argument, or a mem_cgroup
argument, depending on the context they live in.Since we're only doing a macro wrapping here, no performance impact at all is
expected in the case where we don't have cgroups disabled.Signed-off-by: Glauber Costa
Reviewed-by: Hiroyouki Kamezawa
CC: David S. Miller
CC: Eric W. Biederman
CC: Eric Dumazet
Signed-off-by: David S. Miller
12 Dec, 2011
1 commit
-
Instead of testing defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
10 Dec, 2011
1 commit
-
This reverts commit 865d9f9f748fdc1943679ea65d9ee1dc55e4a6ae.
This commit breaks the build with CONFIG_NETPRIO_CGROUP=y so
revert it. It does build as a module though. The SUBSYS macro
in the cgroup core code automatically defines a subsys structure
as extern. Long term we should fix the macro. And I need to
fully build test things.Tested with CONFIG_NETPRIO_CGROUP={y|m|n} with and without
CONFIG_CGROUPS defined.Signed-off-by: John Fastabend
CC: Neil Horman
Reported-By: Eric Dumazet
Signed-off-by: David S. Miller
09 Dec, 2011
2 commits
-
These tests are off by one because sock_diag_handlers[] only has AF_MAX
elements.Signed-off-by: Dan Carpenter
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
net_prio_subsys can be made static this removes the sparse
warning it was throwing.Signed-off-by: John Fastabend
Acked-by: Neil Horman
Signed-off-by: David S. Miller
07 Dec, 2011
4 commits
-
On a CONFIG_NET=y build
net/core/secure_seq.c:22: warning: 'seq_scale' defined but not
usedSigned-off-by: Stephen Boyd
Signed-off-by: David S. Miller -
This patch moves the sock_ code from inet_diag.c to generic sock_diag.c
file and provides necessary request_module-s calls and a pointer on
inet_diag_compat dumping routine.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Since commit c5ed63d66f24(tcp: fix three tcp sysctls tuning),
sysctl_max_syn_backlog is determined by tcp_hashinfo->ehash_mask,
and the minimal value is 128, and it will increase in proportion to the
memory of machine.
The original description for tcp_max_syn_backlog and sysctl_max_syn_backlog
are out of date.Changelog:
V2: update description for sysctl_max_syn_backlogSigned-off-by: Weiping Pan
Reviewed-by: Shan Wei
Acked-by: Neil Horman
Signed-off-by: David S. Miller
06 Dec, 2011
2 commits
-
netdev_queue_release() should be called even if CONFIG_XPS=n
to properly release device reference.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
To reflect the fact that a refrence is not obtained to the
resulting neighbour entry.Signed-off-by: David S. Miller
Acked-by: Roland Dreier