11 May, 2010
1 commit
-
Restore the rcu_dereference() calls in conntrack/expectation notifier
and logger registration/unregistration, but use the _protected variant,
which will be required by the upcoming __rcu annotations.Based on patch by Eric Dumazet
Signed-off-by: Patrick McHardy
09 Apr, 2010
1 commit
-
The CONFIG_PROVE_RCU option discovered a few invalid uses of
rcu_dereference() in netfilter. In all these cases, the code code
intends to check whether a pointer is already assigned when
performing registration or whether the assigned pointer matches
when performing unregistration. The entire registration/
unregistration is protected by a mutex, so we don't need the
rcu_dereference() calls.Reported-by: Valdis Kletnieks
Tested-by: Valdis Kletnieks
Signed-off-by: Patrick McHardy
08 Dec, 2009
1 commit
-
* git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6: (43 commits)
security/tomoyo: Remove now unnecessary handling of security_sysctl.
security/tomoyo: Add a special case to handle accesses through the internal proc mount.
sysctl: Drop & in front of every proc_handler.
sysctl: Remove CTL_NONE and CTL_UNNUMBERED
sysctl: kill dead ctl_handler definitions.
sysctl: Remove the last of the generic binary sysctl support
sysctl net: Remove unused binary sysctl code
sysctl security/tomoyo: Don't look at ctl_name
sysctl arm: Remove binary sysctl support
sysctl x86: Remove dead binary sysctl support
sysctl sh: Remove dead binary sysctl support
sysctl powerpc: Remove dead binary sysctl support
sysctl ia64: Remove dead binary sysctl support
sysctl s390: Remove dead sysctl binary support
sysctl frv: Remove dead binary sysctl support
sysctl mips/lasat: Remove dead binary sysctl support
sysctl drivers: Remove dead binary sysctl support
sysctl crypto: Remove dead binary sysctl support
sysctl security/keys: Remove dead binary sysctl support
sysctl kernel: Remove binary sysctl logic
...
20 Nov, 2009
1 commit
-
[ 171.925285] BUG: sleeping function called from invalid context at kernel/mutex.c:280
[ 171.925296] in_atomic(): 1, irqs_disabled(): 0, pid: 671, name: grep
[ 171.925306] 2 locks held by grep/671:
[ 171.925312] #0: (&p->lock){+.+.+.}, at: [] seq_read+0x25/0x36c
[ 171.925340] #1: (rcu_read_lock){.+.+..}, at: [] seq_start+0x0/0x44
[ 171.925372] Pid: 671, comm: grep Not tainted 2.6.31.6-4-netbook #3
[ 171.925380] Call Trace:
[ 171.925398] [] ? __debug_show_held_locks+0x1e/0x20
[ 171.925414] [] __might_sleep+0xfb/0x102
[ 171.925430] [] mutex_lock_nested+0x1c/0x2ad
[ 171.925444] [] seq_show+0x74/0x127
[ 171.925456] [] seq_read+0x1b4/0x36c
[ 171.925469] [] ? seq_read+0x0/0x36c
[ 171.925483] [] proc_reg_read+0x60/0x74
[ 171.925496] [] ? proc_reg_read+0x0/0x74
[ 171.925510] [] vfs_read+0x87/0x110
[ 171.925523] [] sys_read+0x3b/0x60
[ 171.925538] [] syscall_call+0x7/0xbFix it by replacing RCU with nf_log_mutex.
Reported-by: "Yin, Kangkai"
Signed-off-by: Wu Fengguang
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
12 Nov, 2009
1 commit
-
Now that sys_sysctl is a compatiblity wrapper around /proc/sys
all sysctl strategy routines, and all ctl_name and strategy
entries in the sysctl tables are unused, and can be
revmoed.In addition neigh_sysctl_register has been modified to no longer
take a strategy argument and it's callers have been modified not
to pass one.Cc: "David Miller"
Cc: Hideaki YOSHIFUJI
Cc: netdev@vger.kernel.org
Signed-off-by: Eric W. Biederman
24 Sep, 2009
1 commit
-
It's unused.
It isn't needed -- read or write flag is already passed and sysctl
shouldn't care about the rest.It _was_ used in two places at arch/frv for some reason.
Signed-off-by: Alexey Dobriyan
Cc: David Howells
Cc: "Eric W. Biederman"
Cc: Al Viro
Cc: Ralf Baechle
Cc: Martin Schwidefsky
Cc: Ingo Molnar
Cc: "David S. Miller"
Cc: James Morris
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
22 Jun, 2009
1 commit
-
Signed-off-by: Patrick McHardy
13 Jun, 2009
1 commit
-
Fix regression introduced by 17625274 "netfilter: sysctl support of
logger choice":BUG: sleeping function called from invalid context at /mnt/s390test/linux-2.6-tip/arch/s390/include/asm/uaccess.h:234
in_atomic(): 1, irqs_disabled(): 0, pid: 3245, name: sysctl
CPU: 1 Not tainted 2.6.30-rc8-tipjun10-02053-g39ae214 #1
Process sysctl (pid: 3245, task: 000000007f675da0, ksp: 000000007eb17cf0)
0000000000000000 000000007eb17be8 0000000000000002 0000000000000000
000000007eb17c88 000000007eb17c00 000000007eb17c00 0000000000048156
00000000003e2de8 000000007f676118 000000007eb17f10 0000000000000000
0000000000000000 000000007eb17be8 000000000000000d 000000007eb17c58
00000000003e2050 000000000001635c 000000007eb17be8 000000007eb17c30
Call Trace:
(ݨ show_trace+0x13a/0x148)
ݨ __might_sleep+0x13a/0x164
ݨ proc_dostring+0x134/0x22c
ݨ nf_log_proc_dostring+0xfc/0x188
ݨ proc_sys_call_handler+0xf6/0x118
ݨ proc_sys_read+0x26/0x34
ݨ vfs_read+0xac/0x158
ݨ SyS_read+0x56/0x88
ݨ sysc_noemu+0x10/0x16Use the nf_log_mutex instead of RCU to fix this.
Reported-and-tested-by: Maran Pakkirisamy
Signed-off-by: Patrick McHardy
15 Apr, 2009
1 commit
-
commit ca735b3aaa945626ba65a3e51145bfe4ecd9e222
'netfilter: use a linked list of loggers'
introduced an array of list_head in "struct nf_logger", but
forgot to initialize it in nf_log_register(). This resulted
in oops when calling nf_log_unregister() at module unload time.Reported-and-tested-by: Mariusz Kozlowski
Signed-off-by: Eric Dumazet
Acked-by: Eric Leblond
Signed-off-by: Patrick McHardy
23 Mar, 2009
1 commit
-
This patchs adds support of modification of the used logger via sysctl.
It can be used to change the logger to module that can not use the bind
operation (ipt_LOG and ipt_ULOG). For this purpose, it creates a
directory /proc/sys/net/netfilter/nf_log which contains a file
per-protocol. The content of the file is the name current logger (NONE if
not set) and a logger can be setup by simply echoing its name to the file.
By echoing "NONE" to a /proc/sys/net/netfilter/nf_log/PROTO file, the
logger corresponding to this PROTO is set to NULL.Signed-off-by: Eric Leblond
Signed-off-by: Patrick McHardy
16 Mar, 2009
2 commits
-
This patch modifies the proc output to add display of registered
loggers. The content of /proc/net/netfilter/nf_log is modified. Instead
of displaying a protocol per line with format:
proto:logger
it now displays:
proto:logger (comma_separated_list_of_loggers)
NONE is used as keyword if no logger is used.Signed-off-by: Eric Leblond
Signed-off-by: Patrick McHardy -
This patch modifies nf_log to use a linked list of loggers for each
protocol. This list of loggers is read and write protected with a
mutex.This patch separates registration and binding. To be used as
logging module, a module has to register calling nf_log_register()
and to bind to a protocol it has to call nf_log_bind_pf().
This patch also converts the logging modules to the new API. For nfnetlink_log,
it simply switchs call to register functions to call to bind function and
adds a call to nf_log_register() during init. For other modules, it just
remove a const flag from the logger structure and replace it with a
__read_mostly.Signed-off-by: Eric Leblond
Signed-off-by: Patrick McHardy
08 Oct, 2008
2 commits
-
The netfilter subsystem only supports a handful of protocols (much
less than PF_*) and even non-PF protocols like ARP and
pseudo-protocols like PF_BRIDGE. By creating NFPROTO_*, we can earn a
few memory savings on arrays that previously were always PF_MAX-sized
and keep the pseudo-protocols to ourselves.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
and (try to) consistently use u_int8_t for the L3 family.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
12 Jun, 2008
1 commit
-
The message "nf_log_packet: can't log since no backend logging module loaded
in! Please either load one, or disable logging explicitly" was displayed for
each logged packet when no userspace application is listening to nflog events.
The message seems to warn for a problem with a kernel module missing but as
said before this is not the case. I thus propose to suppress the message (I
don't see any reason to flood the log because a user application has crashed.)Signed-off-by: Eric Leblond
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
28 Mar, 2008
1 commit
-
This elliminates infamous race during module loading when one could lookup
proc entry without proc_fops assigned.Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller
01 Feb, 2008
1 commit
-
CHECK net/netfilter/nf_conntrack_expect.c
net/netfilter/nf_conntrack_expect.c:429:13: warning: context imbalance in 'exp_seq_start' - wrong count at exit
net/netfilter/nf_conntrack_expect.c:441:13: warning: context imbalance in 'exp_seq_stop' - unexpected unlock
CHECK net/netfilter/nf_log.c
net/netfilter/nf_log.c:105:13: warning: context imbalance in 'seq_start' - wrong count at exit
net/netfilter/nf_log.c:125:13: warning: context imbalance in 'seq_stop' - unexpected unlock
CHECK net/netfilter/nfnetlink_queue.c
net/netfilter/nfnetlink_queue.c:363:7: warning: symbol 'size' shadows an earlier one
net/netfilter/nfnetlink_queue.c:217:9: originally declared here
net/netfilter/nfnetlink_queue.c:847:13: warning: context imbalance in 'seq_start' - wrong count at exit
net/netfilter/nfnetlink_queue.c:859:13: warning: context imbalance in 'seq_stop' - unexpected unlockSigned-off-by: Eric Dumazet
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Jan, 2008
3 commits
-
Whatever that comment tries to say, I don't get it and it looks like
a leftover from the time when RCU wasn't used properly.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
19 Jul, 2007
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
11 Jul, 2007
1 commit
-
Make all initialized struct seq_operations in net/ const
Signed-off-by: Philippe De Muyter
Signed-off-by: David S. Miller
13 Feb, 2007
6 commits
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
- rename nf_logging to nf_loggers since its an array of registered loggers
- rename nf_log_unregister_logger() to nf_log_unregister() to make it
symetrical to nf_log_register() and convert all usersSigned-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The spinlock is only used in process context (register/unregister),
switch to a mutex.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Since the only user of nf_log_unregister_pf (nfnetlink_log) doesn't
check the return value, change it to void and bail out silently when
a non-existant address family is supplied.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Also replace synchronize_net() calls by synchronize_rcu() since the
RCU protected data is also used for sysfs.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Many struct file_operations in the kernel can be "const". Marking them const
moves these to the .rodata section, which avoids false sharing with potential
dirty data. In addition it'll catch accidental writes at compile time to
these shared resources.Signed-off-by: Arjan van de Ven
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
01 Jul, 2006
1 commit
-
Signed-off-by: Jörn Engel
Signed-off-by: Adrian Bunk
30 Aug, 2005
5 commits
-
Signed-off-by: Harald Welte
Signed-off-by: David S. Miller -
Check whether pf is too large in order to prevent array overflow.
Signed-off-by: Harald Welte
Signed-off-by: David S. Miller -
This adds EEXIST to distinguish between the following return values:
0: nobody was registered, registration successful
EEXIST: the exact same handler was already registered, no registration
required
EBUSY: somebody else is registered, registration unsuccessful.Signed-off-by: Harald Welte
Signed-off-by: David S. Miller -
This patch adds a /proc/net/netfilter/nf_queue file, similar to the
recently-added /proc/net/netfilter/nf_log. It indicates which queue
handler is registered to which protocol family. This is useful since
there are now multiple queue handlers in the treee (ip[6]_queue,
nfnetlink_queue).Signed-off-by: Harald Welte
Signed-off-by: David S. Miller -
This patch doesn't introduce any code changes, but merely splits the
core netfilter code into four separate files. It also moves it from
it's old location in net/core/ to the recently-created net/netfilter/
directory.Signed-off-by: Harald Welte
Signed-off-by: David S. Miller
