05 Oct, 2010
1 commit
-
skb_headroom() is unsigned so "skb_headroom(skb) + toff" is also
unsigned and can't be less than zero. This test was added in 66d50d25:
"u32: negative offset fix" It was supposed to fix a regression.Signed-off-by: Dan Carpenter
Signed-off-by: David S. Miller
13 Sep, 2010
1 commit
-
The list_head conversion unearther an unnecessary flow
check. Since flow is always NULL here we don't need to
see if a matching flow exists already.Reported-by: Jiri Slaby
Signed-off-by: David S. Miller
02 Sep, 2010
2 commits
-
This patch fixes init_vf() function, so on each new backlog period parent's
cl_cfmin is properly updated (including further propgation towards the root),
even if the activated leaf has no upperlimit curve defined.Signed-off-by: Michal Soltys
Signed-off-by: David S. Miller -
While reviewing commit 1c40be12f7d8ca1d387510d39787b12e512a7ce8, I
audited other users of tc_action_ops->dump for information leaks.That commit covered almost all of them but act_police still had a leak.
opt.limit and opt.capab aren't zeroed out before the structure is
passed out.This patch uses the C99 initializers to zero everything unused out.
Signed-off-by: Jeff Mahoney
Acked-by: Jeff Mahoney
Signed-off-by: David S. Miller
18 Aug, 2010
1 commit
-
We leak at least 32bits of kernel memory to user land in tc dump,
because we dont init all fields (capab ?) of the dumped structure.Use C99 initializers so that holes and non explicit fields are zeroed.
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
11 Aug, 2010
2 commits
-
Require qdisc class ops .walk and .leaf for classful qdisc in
register_qdisc(). The checks could be done later insted, but these
ops are really needed and used by most of classful qdiscs.Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller -
sch_sfq as a classful qdisc needs the .leaf handler. Otherwise, there
is an oops possible in tc_modify_qdisc()/check_loop().Fixes commit 7d2681a6ff4f9ab5e48d02550b4c6338f1638998
Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller
10 Aug, 2010
3 commits
-
This is based on work originally done by Patric McHardy.
Signed-off-by: Ben Greear
Signed-off-by: David S. Miller -
…mmy bind/unbind handles
Verify in register_qdisc() some basic qdisc class handlers are present.
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net> -
…dummy bind/unbind handles
Add dummy .unbind_tcf and .put qdisc class ops for easier verification.
(All other schedulers have it like this.)Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
08 Aug, 2010
1 commit
-
Since there was added ->tcf_chain() method without ->bind_tcf() to
sch_sfq class options, there is oops when a filter is added with
the classid parameter.Fixes commit 7d2681a6ff4f9ab5e48d02550b4c6338f1638998
netdev thread: null pointer at cls_api.cSigned-off-by: Jarek Poplawski
Reported-by: Franchoze Eric
Signed-off-by: David S. Miller
05 Aug, 2010
4 commits
-
The packet length should be checked before the packet data is dereferenced.
Signed-off-by: Changli Gao
Signed-off-by: David S. Miller -
The packet length should be checked before the packet data is dereferenced.
Signed-off-by: Changli Gao
Signed-off-by: David S. Miller -
The packet length should be checked before the packet data is dereferenced.
Signed-off-by: Changli Gao
Acked-by: Patrick McHardy
Signed-off-by: David S. Miller -
On the TX path, skb->data points to the ethernet header, not the network
header. So when validating the packet length for accessing we should
take the ethernet header into account.Signed-off-by: Changli Gao
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
03 Aug, 2010
2 commits
-
Conflicts:
drivers/net/e1000e/hw.h
net/bridge/br_device.c
net/bridge/br_input.c -
It was possible to use a negative offset in a u32 match to reference
the ethernet header or other parts of the link layer header.
This fixes the regression caused by:commit fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d
Author: Changli Gao
Date: Wed Jun 2 07:32:42 2010 -0700cls_u32: use skb_header_pointer() to dereference data safely
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
01 Aug, 2010
2 commits
-
after updating the value of the ICMP payload, inet_proto_csum_replace4() should
be called with zero pseudohdr.Signed-off-by: Changli Gao
Acked-by: Herbert Xu
Signed-off-by: David S. Miller -
pskb_may_pull() may change skb pointers, so adjust icmph after pskb_may_pull().
Signed-off-by: Changli Gao
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
28 Jul, 2010
1 commit
-
Conflicts:
drivers/net/bnx2x_main.cMerge bnx2x bug fixes in by hand... :-/
Signed-off-by: David S. Miller
25 Jul, 2010
1 commit
-
This fixes hang when target device of mirred packet classifier
action is removed.If a mirror or redirection action is configured to cause packets
to go to another device, the classifier holds a ref count, but was assuming
the adminstrator cleaned up all redirections before removing. The fix
is to add a notifier and cleanup during unregister.The new list is implicitly protected by RTNL mutex because
it is held during filter add/delete as well as notifier.Signed-off-by: Stephen Hemminger
Acked-by: Jamal Hadi Salim
Signed-off-by: David S. Miller
21 Jul, 2010
1 commit
-
Conflicts:
drivers/vhost/net.c
net/bridge/br_device.cFix merge conflict in drivers/vhost/net.c with guidance from
Stephen Rothwell.Revert the effects of net-2.6 commit 573201f36fd9c7c6d5218cdcd9948cee700b277d
since net-next-2.6 has fixes that make bridge netpoll work properly thus
we don't need it disabled.Signed-off-by: David S. Miller
20 Jul, 2010
1 commit
-
Use modern this_cpu_xxx() api, saving few bytes on x86
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
19 Jul, 2010
1 commit
-
Signed-off-by: David S. Miller
15 Jul, 2010
1 commit
-
The reset_policy() does:
memset(d->tcfd_defdata, 0, SIMP_MAX_DATA);
strlcpy(d->tcfd_defdata, defdata, SIMP_MAX_DATA);In the original code, the size of d->tcfd_defdata wasn't fixed and if
strlen(defdata) was less than 31, reset_policy() would cause memory
corruption.Please Note: The original alloc_defdata() assumes defdata is 32
characters and a NUL terminator while reset_policy() assumes defdata is
31 characters and a NUL. This patch updates alloc_defdata() to match
reset_policy() (ie a shorter string). I'm not very familiar with this
code so please review carefully.Signed-off-by: Dan Carpenter
Acked-by: Jamal Hadi Salim
Signed-off-by: David S. Miller
13 Jul, 2010
1 commit
-
not all of the ICMP packets need an IP header payload, so we check the length
of the skbs only when the packets should have an IP header payload.Based upon analysis and initial patch by Rodrigo Partearroyo González.
Signed-off-by: Changli Gao
Acked-by: Herbert Xu
----
net/sched/act_nat.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
Signed-off-by: David S. Miller
01 Jul, 2010
2 commits
-
act_nat: use stack variable
structure tc_nat isn't too big for stack, so we can put it in stack.
Signed-off-by: Changli Gao
----
net/sched/act_nat.c | 31 ++++++++++---------------------
1 file changed, 10 insertions(+), 21 deletions(-)
Signed-off-by: David S. Miller -
act_mirred: combine duplicate code
tcf_bstats is updated in any way, so we can do it earlier to reduce the size of
the code.Signed-off-by: Changli Gao
Signed-off-by: Jamal Hadi Salim
----
net/sched/act_mirred.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
Signed-off-by: David S. Miller
29 Jun, 2010
1 commit
-
don't clone skb when skb isn't shared
When the tcf_action is TC_ACT_STOLEN, and the skb isn't shared, we don't need
to clone a new skb. As the skb will be freed after this function returns, we
can use it freely once we get a reference to it.Signed-off-by: Changli Gao
----
include/net/sch_generic.h | 11 +++++++++--
net/sched/act_mirred.c | 6 +++---
2 files changed, 12 insertions(+), 5 deletions(-)
Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller
24 Jun, 2010
1 commit
-
Conflicts:
net/ipv4/ip_output.c
17 Jun, 2010
1 commit
-
https://bugzilla.kernel.org/show_bug.cgi?id=16183
The sch_teql module, which can be used to load balance over a set of
underlying interfaces, stopped working after 2.6.30 and has been
broken in all kernels since then for any underlying interface which
requires the addition of link level headers.The problem is that the transmit routine relies on being able to
access the destination address in the skb in order to do address
resolution once it has decided which underlying interface it is going
to transmit through.In 2.6.31 the IFF_XMIT_DST_RELEASE flag was introduced, and set by
default for all interfaces, which causes the destination address to be
released before the transmit routine for the interface is called.The solution is to clear that flag for teql interfaces.
Signed-off-by: Tom Hughes
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller
12 Jun, 2010
1 commit
-
gen_kill_estimator() API is incomplete or not well documented, since
caller should make sure an RCU grace period is respected before
freeing stats_lock.This was partially addressed in commit 5d944c640b4
(gen_estimator: deadlock fix), but same problem exist for all
gen_kill_estimator() users, if lock they use is not already RCU
protected.A code review shows xt_RATEEST.c, act_api.c, act_police.c have this
problem. Other are ok because they use qdisc lock, already RCU
protected.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
07 Jun, 2010
3 commits
-
Now that the core path doesnt set OK to munge we detect
writable skbs by looking to see if they are cloned.Signed-off-by: Jamal Hadi Salim
Signed-off-by: David S. Miller -
remove two unnecessary assignments
we don't need to assign NULL when initialize structure objects.
Signed-off-by: Changli Gao
----
net/sched/sch_htb.c | 2 --
1 file changed, 2 deletions(-)
Signed-off-by: David S. Miller -
Conflicts:
drivers/net/sfc/net_driver.h
drivers/net/sfc/siena.c
03 Jun, 2010
1 commit
-
access skb->data safely
we should use skb_header_pointer() and skb_store_bits() to access skb->data to
handle small or non-linear skbs.Signed-off-by: Changli Gao
----
net/sched/act_pedit.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
Signed-off-by: David S. Miller
02 Jun, 2010
4 commits
-
use skb_header_pointer() to dereference data safely
the original skb->data dereference isn't safe, as there isn't any skb->len or
skb_is_nonlinear() check. skb_header_pointer() is used instead in this patch.
And when the skb isn't long enough, we terminate the function u32_classify()
immediately with -1.Signed-off-by: Changli Gao
Signed-off-by: David S. Miller -
fix the wrong checksum when addr isn't in old_addr/mask
For TCP and UDP packets, when addr isn't in old_addr/mask we don't do SNAT or
DNAT, and we should not update layer 4 checksum.Signed-off-by: Changli Gao
----
net/sched/act_nat.c | 4 ++++
1 file changed, 4 insertions(+)
Signed-off-by: David S. Miller -
When many cpus compete for sending frames on a given qdisc, the qdisc
spinlock suffers from very high contention.The cpu owning __QDISC_STATE_RUNNING bit has same priority to acquire
the lock, and cannot dequeue packets fast enough, since it must wait for
this lock for each dequeued packet.One solution to this problem is to force all cpus spinning on a second
lock before trying to get the main lock, when/if they see
__QDISC_STATE_RUNNING already set.The owning cpu then compete with at most one other cpu for the main
lock, allowing for higher dequeueing rate.Based on a previous patch from Alexander Duyck. I added the heuristic to
avoid the atomic in fast path, and put the new lock far away from the
cache line used by the dequeue worker. Also try to release the busylock
lock as late as possible.Tests with following script gave a boost from ~50.000 pps to ~600.000
pps on a dual quad core machine (E5450 @3.00GHz), tg3 driver.
(A single netperf flow can reach ~800.000 pps on this platform)for j in `seq 0 3`; do
for i in `seq 0 7`; do
netperf -H 192.168.0.1 -t UDP_STREAM -l 60 -N -T $i -- -m 6 &
done
doneSigned-off-by: Eric Dumazet
Acked-by: Alexander Duyck
Signed-off-by: David S. Miller -
Define three helpers to manipulate QDISC_STATE_RUNNIG flag, that a
second patch will move on another location.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller