Eric Lee / smarc-fsl-linux-kernel

07 Dec, 2006

1 commit

  • 5c804bfdc   [NET_SCHED]: cls_fw: fix NULL pointer dereference ... Browse Code »

    When the first fw classifier is initialized, there is a small window
    between the ->init() and ->change() calls, during which the classifier
    is active but not entirely set up and tp->root is still NULL (->init()
    does nothing).

    When a packet is queued during this window a NULL pointer dereference
    occurs in fw_classify() when trying to dereference head->mask;

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     

03 Dec, 2006

14 commits

  • a163148c1   [PKT_SCHED] act_gact: division by zero ... Browse Code »

    Not returning -EINVAL, because someone might want to use the value
    zero in some future gact_prob algorithm?

    Signed-off-by: Kim Nordlund
    Signed-off-by: David S. Miller

    Kim Nordlund
     
  • 1e9b3d533   [NET_SCHED]: policer: restore compatibility with old iproute binaries ... Browse Code »

    The tc actions increased the size of struct tc_police, which broke
    compatibility with old iproute binaries since both the act_police
    and the old NET_CLS_POLICE code check for an exact size match.

    Since the new members are not even used, the simple fix is to also
    accept the size of the old structure. Dumping is not affected since
    old userspace will receive a bigger structure, which is handled fine.

    Signed-off-by: Patrick McHardy
    Acked-by: Jamal Hadi Salim
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • 5f68e4c07   [PKT_SCHED]: Remove unused exports. ... Browse Code »

    This patch removes the following unused EXPORT_SYMBOL's:
    - sch_api.c: qdisc_lookup
    - sch_generic.c: __netdev_watchdog_up
    - sch_generic.c: noop_qdisc_ops
    - sch_generic.c: qdisc_alloc

    Signed-off-by: Adrian Bunk
    Signed-off-by: David S. Miller

    Adrian Bunk
     
  • e488eafcc   [NET_SCHED]: Fix endless loops (part 5): netem/tbf/hfsc ->requeue failures ... Browse Code »

    When peeking at the next packet in a child qdisc by calling dequeue/requeue,
    the upper qdisc qlen counter may get out of sync in case the requeue fails.
    The qdisc and the child qdisc both have their counter decremented, but since
    no packet is given to the upper qdisc it won't decrement its counter itself.

    requeue should not fail, so this is mostly for "correctness".

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • 256d61b87   [NET_SCHED]: Fix endless loops (part 4): HTB ... Browse Code »

    Convert HTB to use qdisc_tree_decrease_len() and add a callback
    for deactivating a class when its child queue becomes empty.

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • f973b913e   [NET_SCHED]: Fix endless loops (part 3): HFSC ... Browse Code »

    Convert HFSC to use qdisc_tree_decrease_len() and add a callback
    for deactivating a class when its child queue becomes empty.

    All queue purging goes through hfsc_purge_queue(), which is used in
    three cases: grafting, class creation (when a leaf class is turned
    into an intermediate class by attaching a new class) and class
    deletion. In all cases qdisc_tree_decrease_len() is needed.

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • 5e50da01d   [NET_SCHED]: Fix endless loops (part 2): "simple" qdiscs ... Browse Code »

    Convert the "simple" qdiscs to use qdisc_tree_decrease_qlen() where
    necessary:

    - all graft operations
    - destruction of old child qdiscs in prio, red and tbf change operation
    - purging of queue in sfq change operation

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • 43effa1e5   [NET_SCHED]: Fix endless loops caused by inaccurate qlen counters (part 1) ... Browse Code »

    There are multiple problems related to qlen adjustment that can lead
    to an upper qdisc getting out of sync with the real number of packets
    queued, leading to endless dequeueing attempts by the upper layer code.

    All qdiscs must maintain an accurate q.qlen counter. There are basically
    two groups of operations affecting the qlen: operations that propagate
    down the tree (enqueue, dequeue, requeue, drop, reset) beginning at the
    root qdisc and operations only affecting a subtree or single qdisc
    (change, graft, delete class). Since qlen changes during operations from
    the second group don't propagate to ancestor qdiscs, their qlen values
    become desynchronized.

    This patch adds a function to propagate qlen changes up the qdisc tree,
    optionally calling a callback function to perform qdisc-internal
    maintenance when the child qdisc becomes empty. The follow-up patches
    will convert all qdiscs to use this function where necessary.

    Noticed by Timo Steinbach .

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • 9f9afec48   [NET_SCHED]: Set parent classid in default qdiscs ... Browse Code »

    Set parent classids in default qdiscs to allow walking up the tree
    from outside the qdiscs. This is needed by the next patch.

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • 814a175e7   [NET_SCHED]: sch_htb: perform qlen adjustment immediately in ->delete ... Browse Code »

    qlen adjustment should happen immediately in ->delete and not in the
    class destroy function because the reference count will not hit zero in
    ->delete (sch_api holds a reference) but in ->put. Since the qdisc
    lock is released between deletion of the class and final destruction
    this creates an externally visible error in the qlen counter.

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • c7b1b2497   [SCHED]: Use kmemdup & kzalloc where appropriate ... Browse Code »

    Signed-off-by: Arnaldo Carvalho de Melo

    Arnaldo Carvalho de Melo
     
  • 66c6f529c   [NET]: net/sched annotations. ... Browse Code »

    Signed-off-by: Al Viro
    Signed-off-by: David S. Miller

    Al Viro
     
  • 3c62f75aa   [PKT_SCHED]: Make sch_fifo.o available when CONFIG_NET_SCHED is not set. ... Browse Code »

    Based on patch by Patrick McHardy.

    Add a new option, NET_SCH_FIFO, which provides a simple fifo qdisc
    without requiring CONFIG_NET_SCHED.

    The d80211 stack needs a generic fifo qdisc for WME. At present it
    uses net/d80211/fifo_qdisc.c which is functionally equivalent to
    sch_fifo.c. This patch will allow the d80211 stack to remove
    net/d80211/fifo_qdisc.c and use sch_fifo.c instead.

    Signed-off-by: David Kimdon
    Signed-off-by: David S. Miller

    David Kimdon
     
  • 82e91ffef   [NET]: Turn nfmark into generic mark ... Browse Code »

    nfmark is being used in various subsystems and has become
    the defacto mark field for all kinds of packets. Therefore
    it makes sense to rename it to `mark' and remove the
    dependency on CONFIG_NETFILTER.

    Signed-off-by: Thomas Graf
    Signed-off-by: David S. Miller

    Thomas Graf
     

08 Nov, 2006

1 commit

01 Nov, 2006

1 commit

23 Oct, 2006

1 commit

12 Oct, 2006

1 commit

04 Oct, 2006

2 commits

29 Sep, 2006

3 commits

  • 85670cc1f   [NET_SCHED]: Fix fallout from dev->qdisc RCU change ... Browse Code »

    The move of qdisc destruction to a rcu callback broke locking in the
    entire qdisc layer by invalidating previously valid assumptions about
    the context in which changes to the qdisc tree occur.

    The two assumptions were:

    - since changes only happen in process context, read_lock doesn't need
    bottem half protection. Now invalid since destruction of inner qdiscs,
    classifiers, actions and estimators happens in the RCU callback unless
    they're manually deleted, resulting in dead-locks when read_lock in
    process context is interrupted by write_lock_bh in bottem half context.

    - since changes only happen under the RTNL, no additional locking is
    necessary for data not used during packet processing (f.e. u32_list).
    Again, since destruction now happens in the RCU callback, this assumption
    is not valid anymore, causing races while using this data, which can
    result in corruption or use-after-free.

    Instead of "fixing" this by disabling bottem halfs everywhere and adding
    new locks/refcounting, this patch makes these assumptions valid again by
    moving destruction back to process context. Since only the dev->qdisc
    pointer is protected by RCU, but ->enqueue and the qdisc tree are still
    protected by dev->qdisc_lock, destruction of the tree can be performed
    immediately and only the final free needs to happen in the rcu callback
    to make sure dev_queue_xmit doesn't access already freed memory.

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • 787e0617e   [NET_SCHED]: HTB: fix incorrect use of RB_EMPTY_NODE ... Browse Code »

    Fix incorrect use of RB_EMPTY_NODE in htb_safe_rb_erase, which makes it
    skip nodes within the rbtree instead of nodes not in the tree, resulting
    in crashes later on.

    The root cause for this seems to be the very counter-intuitive behaviour
    of the RB_EMPTY_NODE macro, which returns _false_ when the node is empty.

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • 658270a0a   [PKT_SCHED] cls_basic: Use unsigned int when generating handle ... Browse Code »

    Prevents filters from being added if the first generated
    handle already exists.

    Signed-off-by: Kim Nordlund
    Signed-off-by: Thomas Graf

    Kim Nordlund
     

23 Sep, 2006

13 commits

18 Sep, 2006

1 commit

  • d7811e623   [NET]: Drop tx lock in dev_watchdog_up ... Browse Code »

    Fix lockdep warning with GRE, iptables and Speedtouch ADSL, PPP over ATM.

    On Sat, Sep 02, 2006 at 08:39:28PM +0000, Krzysztof Halasa wrote:
    >
    > =======================================================
    > [ INFO: possible circular locking dependency detected ]
    > -------------------------------------------------------
    > swapper/0 is trying to acquire lock:
    > (&dev->queue_lock){-+..}, at: [] dev_queue_xmit+0x56/0x290
    >
    > but task is already holding lock:
    > (&dev->_xmit_lock){-+..}, at: [] dev_queue_xmit+0x224/0x290
    >
    > which lock already depends on the new lock.

    This turns out to be a genuine bug. The queue lock and xmit lock are
    intentionally taken out of order. Two things are supposed to prevent
    dead-locks from occuring:

    1) When we hold the queue_lock we're supposed to only do try_lock on the
    tx_lock.

    2) We always drop the queue_lock after taking the tx_lock and before doing
    anything else.

    >
    > the existing dependency chain (in reverse order) is:
    >
    > -> #1 (&dev->_xmit_lock){-+..}:
    > [] lock_acquire+0x76/0xa0
    > [] _spin_lock_bh+0x31/0x40
    > [] dev_activate+0x69/0x120

    This path obviously breaks assumption 1) and therefore can lead to ABBA
    dead-locks.

    I've looked at the history and there seems to be no reason for the lock
    to be held at all in dev_watchdog_up. The lock appeared in day one and
    even there it was unnecessary. In fact, people added __dev_watchdog_up
    precisely in order to get around the tx lock there.

    The function dev_watchdog_up is already serialised by rtnl_lock since
    its only caller dev_activate is always called under it.

    So here is a simple patch to remove the tx lock from dev_watchdog_up.
    In 2.6.19 we can eliminate the unnecessary __dev_watchdog_up and
    replace it with dev_watchdog_up.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

18 Aug, 2006

1 commit

05 Aug, 2006

1 commit