Author: arekm Date: Fri Sep 30 07:07:08 2011 GMT Module: packages Tag: LINUX_2_6_39 ---- Log message: - updated
---- Files affected: packages/kernel: kernel-apparmor.patch (1.11 -> 1.11.2.1) , kernel-routes.patch (1.13 -> 1.13.2.1) , kernel-small_fixes.patch (1.28 -> 1.28.2.1) , kernel-xfs-delaylog.patch (1.2 -> NONE) (REMOVED) ---- Diffs: ================================================================ Index: packages/kernel/kernel-apparmor.patch diff -u packages/kernel/kernel-apparmor.patch:1.11 packages/kernel/kernel-apparmor.patch:1.11.2.1 --- packages/kernel/kernel-apparmor.patch:1.11 Tue Nov 9 09:31:04 2010 +++ packages/kernel/kernel-apparmor.patch Fri Sep 30 09:07:03 2011 @@ -1,4 +1,4 @@ -From 6ab924a333c81d552eb92900509113bdf2fccb2e Mon Sep 17 00:00:00 2001 +From 0ae314bc92d8b22250f04f85e4bd36ee9ed30890 Mon Sep 17 00:00:00 2001 From: John Johansen <[email protected]> Date: Mon, 4 Oct 2010 15:03:36 -0700 Subject: [PATCH 1/3] AppArmor: compatibility patch for v5 network controll @@ -8,14 +8,14 @@ Signed-off-by: John Johansen <[email protected]> --- include/linux/lsm_audit.h | 4 + - security/apparmor/Makefile | 6 +- + security/apparmor/Makefile | 19 ++++- security/apparmor/include/net.h | 40 +++++++++ security/apparmor/include/policy.h | 3 + security/apparmor/lsm.c | 112 +++++++++++++++++++++++ security/apparmor/net.c | 170 ++++++++++++++++++++++++++++++++++++ security/apparmor/policy.c | 1 + security/apparmor/policy_unpack.c | 48 ++++++++++- - 8 files changed, 382 insertions(+), 2 deletions(-) + 8 files changed, 394 insertions(+), 3 deletions(-) create mode 100644 security/apparmor/include/net.h create mode 100644 security/apparmor/net.c @@ -35,32 +35,47 @@ } apparmor_audit_data; #endif diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile -index f204869..a9a1db0 100644 +index 2dafe50..7cefef9 100644 --- a/security/apparmor/Makefile +++ b/security/apparmor/Makefile -@@ -4,17 +4,21 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o +@@ -4,9 +4,9 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ - resource.o sid.o file.o + resource.o sid.o file.o net.o - clean-files: capability_names.h af_names.h +-clean-files := capability_names.h rlim_names.h ++clean-files := capability_names.h rlim_names.h af_names.h - quiet_cmd_make-caps = GEN $@ - cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ + # Build a lower case string table of capability names +@@ -44,9 +44,24 @@ cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ;\ + sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\ + echo "};" >> $@ + ++# Build a lower case string table of address family names. ++# Transform lines from ++# #define AF_INET 2 /* Internet IP Protocol */ ++# to ++# [2] = "inet", +quiet_cmd_make-af = GEN $@ -+cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ; sed -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e "s/^\#define[ \\t]\\+AF_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ++cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\ ++ sed $< >> $@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e \ ++ 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+).*/[\2] = "\L\1",/p';\ ++ echo "};" >> $@ ++ + - quiet_cmd_make-rlim = GEN $@ - cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@ - $(obj)/capability.o : $(obj)/capability_names.h -+$(obj)/net.o : $(obj)/af_names.h $(obj)/resource.o : $(obj)/rlim_names.h ++$(obj)/net.o : $(obj)/af_names.h $(obj)/capability_names.h : $(srctree)/include/linux/capability.h $(call cmd,make-caps) + $(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h + $(call cmd,make-rlim) ++$(obj)/af_names.h : $(srctree)/include/linux/socket.h ++ $(call cmd,make-af) +\ No newline at end of file diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h new file mode 100644 index 0000000..3c7d599 @@ -136,10 +151,10 @@ }; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index cf1de44..324ab91 100644 +index ae3a698..05c018b 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c -@@ -31,6 +31,7 @@ +@@ -32,6 +32,7 @@ #include "include/context.h" #include "include/file.h" #include "include/ipc.h" @@ -147,7 +162,7 @@ #include "include/path.h" #include "include/policy.h" #include "include/procattr.h" -@@ -607,6 +608,103 @@ static int apparmor_setprocattr(struct t +@@ -620,6 +621,104 @@ static int apparmor_task_setrlimit(struct task_struct *task, return error; } @@ -248,10 +263,11 @@ + + return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk); +} - static int apparmor_task_setrlimit(struct task_struct *task, - unsigned int resource, struct rlimit *new_rlim) - { -@@ -650,6 +749,19 @@ static struct security_operations apparmor_ops = { ++ + static struct security_operations apparmor_ops = { + .name = "apparmor", + +@@ -651,6 +750,19 @@ static struct security_operations apparmor_ops = { .getprocattr = apparmor_getprocattr, .setprocattr = apparmor_setprocattr, @@ -448,7 +464,7 @@ + return error; +} diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c -index 52cc865..3b5da44 100644 +index 4f0eade..4d5ce13 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -745,6 +745,7 @@ static void free_profile(struct aa_profile *profile) @@ -460,7 +476,7 @@ aa_free_sid(profile->sid); diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c -index eb3700e..c2b6225 100644 +index e33aaf7..fa3f1b4 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -190,6 +190,19 @@ fail: @@ -533,9 +549,9 @@ profile->file.dfa = unpack_dfa(e); if (IS_ERR(profile->file.dfa)) { -- -1.7.1 +1.7.0.4 -From 5f034900aa447abea213c434d6d262d28fd168e7 Mon Sep 17 00:00:00 2001 +From cdc6b35345e5bcfe92bb2b52ef003f94ceedd40d Mon Sep 17 00:00:00 2001 From: John Johansen <[email protected]> Date: Thu, 22 Jul 2010 02:32:02 -0700 Subject: [PATCH 2/3] AppArmor: compatibility patch for v5 interface @@ -543,11 +559,11 @@ Signed-off-by: John Johansen <[email protected]> --- security/apparmor/Kconfig | 9 + - security/apparmor/Makefile | 2 + + security/apparmor/Makefile | 1 + security/apparmor/apparmorfs-24.c | 287 ++++++++++++++++++++++++++++++++ security/apparmor/apparmorfs.c | 18 ++- security/apparmor/include/apparmorfs.h | 6 + - 5 files changed, 320 insertions(+), 2 deletions(-) + 5 files changed, 319 insertions(+), 2 deletions(-) create mode 100644 security/apparmor/apparmorfs-24.c diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig @@ -568,18 +584,17 @@ + recommended if compatability with older versions of AppArmor + is desired. diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile -index a9a1db0..e5e8968 100644 +index 7cefef9..0bb604b 100644 --- a/security/apparmor/Makefile +++ b/security/apparmor/Makefile -@@ -6,6 +6,8 @@ apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ +@@ -5,6 +5,7 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o + apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ resource.o sid.o file.o net.o - +apparmor-$(CONFIG_SECURITY_APPARMOR_COMPAT_24) += apparmorfs-24.o -+ - clean-files: capability_names.h af_names.h - quiet_cmd_make-caps = GEN $@ + clean-files := capability_names.h rlim_names.h af_names.h + diff --git a/security/apparmor/apparmorfs-24.c b/security/apparmor/apparmorfs-24.c new file mode 100644 index 0000000..dc8c744 @@ -874,10 +889,10 @@ + .release = profiles_release, +}; diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c -index 7320331..0e27449 100644 +index 0848292..28c52ac 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c -@@ -182,7 +182,11 @@ void __init aa_destroy_aafs(void) +@@ -187,7 +187,11 @@ void __init aa_destroy_aafs(void) aafs_remove(".remove"); aafs_remove(".replace"); aafs_remove(".load"); @@ -890,7 +905,7 @@ securityfs_remove(aa_fs_dentry); aa_fs_dentry = NULL; } -@@ -213,7 +217,17 @@ int __init aa_create_aafs(void) +@@ -218,7 +222,17 @@ int __init aa_create_aafs(void) aa_fs_dentry = NULL; goto error; } @@ -925,5 +940,5 @@ + #endif /* __AA_APPARMORFS_H */ -- -1.7.1 +1.7.0.4 ================================================================ Index: packages/kernel/kernel-routes.patch diff -u packages/kernel/kernel-routes.patch:1.13 packages/kernel/kernel-routes.patch:1.13.2.1 --- packages/kernel/kernel-routes.patch:1.13 Mon Mar 21 20:03:58 2011 +++ packages/kernel/kernel-routes.patch Fri Sep 30 09:07:03 2011 @@ -1,6 +1,6 @@ -diff -urp v2.6.38/linux/include/linux/rtnetlink.h linux/include/linux/rtnetlink.h ---- v2.6.38/linux/include/linux/rtnetlink.h 2011-03-20 12:05:41.000000000 +0200 -+++ linux/include/linux/rtnetlink.h 2011-03-20 12:12:11.107248055 +0200 +diff -urp v2.6.39/linux/include/linux/rtnetlink.h linux/include/linux/rtnetlink.h +--- v2.6.39/linux/include/linux/rtnetlink.h 2011-01-05 13:07:10.000000000 +0200 ++++ linux/include/linux/rtnetlink.h 2011-07-23 02:03:45.682382297 +0300 @@ -312,6 +312,8 @@ struct rtnexthop { #define RTNH_F_DEAD 1 /* Nexthop is dead (used by multipath) */ #define RTNH_F_PERVASIVE 2 /* Do recursive gateway lookup */ @@ -10,31 +10,21 @@ /* Macros to handle hexthops */ -diff -urp v2.6.38/linux/include/net/flow.h linux/include/net/flow.h ---- v2.6.38/linux/include/net/flow.h 2011-03-20 12:01:11.000000000 +0200 -+++ linux/include/net/flow.h 2011-03-20 12:13:20.139247270 +0200 -@@ -19,6 +19,8 @@ struct flowi { - struct { - __be32 daddr; - __be32 saddr; -+ __be32 lsrc; -+ __be32 gw; - __u8 tos; - __u8 scope; - } ip4_u; -@@ -43,6 +45,8 @@ struct flowi { - #define fl6_flowlabel nl_u.ip6_u.flowlabel - #define fl4_dst nl_u.ip4_u.daddr - #define fl4_src nl_u.ip4_u.saddr -+#define fl4_lsrc nl_u.ip4_u.lsrc -+#define fl4_gw nl_u.ip4_u.gw - #define fl4_tos nl_u.ip4_u.tos - #define fl4_scope nl_u.ip4_u.scope - -diff -urp v2.6.38/linux/include/net/ip_fib.h linux/include/net/ip_fib.h ---- v2.6.38/linux/include/net/ip_fib.h 2011-03-20 12:05:50.000000000 +0200 -+++ linux/include/net/ip_fib.h 2011-03-20 12:12:11.107248055 +0200 -@@ -210,6 +210,8 @@ extern int fib_lookup(struct net *n, str +diff -urp v2.6.39/linux/include/net/flow.h linux/include/net/flow.h +--- v2.6.39/linux/include/net/flow.h 2011-05-19 13:12:43.000000000 +0300 ++++ linux/include/net/flow.h 2011-07-23 02:03:45.683380922 +0300 +@@ -68,6 +68,7 @@ struct flowi4 { + #define fl4_ipsec_spi uli.spi + #define fl4_mh_type uli.mht.type + #define fl4_gre_key uli.gre_key ++ __be32 fl4_gw; + }; + + struct flowi6 { +diff -urp v2.6.39/linux/include/net/ip_fib.h linux/include/net/ip_fib.h +--- v2.6.39/linux/include/net/ip_fib.h 2011-05-19 13:12:43.000000000 +0300 ++++ linux/include/net/ip_fib.h 2011-07-23 02:03:45.683380922 +0300 +@@ -222,6 +222,8 @@ extern int fib_lookup(struct net *n, str extern struct fib_table *fib_new_table(struct net *net, u32 id); extern struct fib_table *fib_get_table(struct net *net, u32 id); @@ -43,17 +33,37 @@ #endif /* CONFIG_IP_MULTIPLE_TABLES */ /* Exported by fib_frontend.c */ -@@ -270,4 +272,6 @@ static inline void fib_proc_exit(struct +@@ -230,7 +232,8 @@ extern void ip_fib_init(void); + extern int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif, + struct net_device *dev, __be32 *spec_dst, + u32 *itag, u32 mark); +-extern void fib_select_default(struct fib_result *res); ++extern void fib_select_default(const struct flowi4 *flp, ++ struct fib_result *res); + + /* Exported by fib_semantics.c */ + extern int ip_fib_check_default(__be32 gw, struct net_device *dev); +@@ -238,7 +241,8 @@ extern int fib_sync_down_dev(struct net_ + extern int fib_sync_down_addr(struct net *net, __be32 local); + extern void fib_update_nh_saddrs(struct net_device *dev); + extern int fib_sync_up(struct net_device *dev); +-extern void fib_select_multipath(struct fib_result *res); ++extern void fib_select_multipath(const struct flowi4 *flp, ++ struct fib_result *res); + + /* Exported by fib_trie.c */ + extern void fib_trie_init(void); +@@ -281,4 +285,6 @@ static inline void fib_proc_exit(struct } #endif +extern rwlock_t fib_nhflags_lock; + #endif /* _NET_FIB_H */ -diff -urp v2.6.38/linux/include/net/netfilter/nf_nat.h linux/include/net/netfilter/nf_nat.h ---- v2.6.38/linux/include/net/netfilter/nf_nat.h 2011-03-20 12:01:11.000000000 +0200 -+++ linux/include/net/netfilter/nf_nat.h 2011-03-20 12:13:20.140246808 +0200 -@@ -73,6 +73,13 @@ struct nf_conn_nat { +diff -urp v2.6.39/linux/include/net/netfilter/nf_nat.h linux/include/net/netfilter/nf_nat.h +--- v2.6.39/linux/include/net/netfilter/nf_nat.h 2011-05-19 13:12:43.000000000 +0300 ++++ linux/include/net/netfilter/nf_nat.h 2011-07-23 02:03:45.684381521 +0300 +@@ -75,6 +75,13 @@ struct nf_conn_nat { #endif }; @@ -67,10 +77,19 @@ /* Set up the info structure to map into this range. */ extern unsigned int nf_nat_setup_info(struct nf_conn *ct, const struct nf_nat_range *range, -diff -urp v2.6.38/linux/include/net/route.h linux/include/net/route.h ---- v2.6.38/linux/include/net/route.h 2011-03-20 12:01:11.000000000 +0200 -+++ linux/include/net/route.h 2011-03-20 12:13:20.141248044 +0200 -@@ -134,6 +134,7 @@ static inline int ip_route_input_noref(s +diff -urp v2.6.39/linux/include/net/route.h linux/include/net/route.h +--- v2.6.39/linux/include/net/route.h 2011-05-19 13:12:43.000000000 +0300 ++++ linux/include/net/route.h 2011-07-23 02:03:45.684381521 +0300 +@@ -56,6 +56,8 @@ struct rtable { + /* Lookup key. */ + __be32 rt_key_dst; + __be32 rt_key_src; ++ __be32 rt_key_lsrc; ++ __be32 rt_key_gw; + + int rt_genid; + unsigned rt_flags; +@@ -196,6 +198,7 @@ static inline int ip_route_input_noref(s return ip_route_input_common(skb, dst, src, tos, devin, true); } @@ -78,10 +97,10 @@ extern unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph, unsigned short new_mtu, struct net_device *dev); extern void ip_rt_send_redirect(struct sk_buff *skb); -diff -urp v2.6.38/linux/net/bridge/br_netfilter.c linux/net/bridge/br_netfilter.c ---- v2.6.38/linux/net/bridge/br_netfilter.c 2011-03-20 12:01:11.000000000 +0200 -+++ linux/net/bridge/br_netfilter.c 2011-03-20 12:13:20.142247890 +0200 -@@ -405,6 +405,9 @@ static int br_nf_pre_routing_finish(stru +diff -urp v2.6.39/linux/net/bridge/br_netfilter.c linux/net/bridge/br_netfilter.c +--- v2.6.39/linux/net/bridge/br_netfilter.c 2011-05-19 13:12:44.000000000 +0300 ++++ linux/net/bridge/br_netfilter.c 2011-07-23 02:03:45.685381742 +0300 +@@ -403,6 +403,9 @@ static int br_nf_pre_routing_finish(stru struct rtable *rt; int err; @@ -91,9 +110,9 @@ if (nf_bridge->mask & BRNF_PKT_TYPE) { skb->pkt_type = PACKET_OTHERHOST; nf_bridge->mask ^= BRNF_PKT_TYPE; -diff -urp v2.6.38/linux/net/ipv4/fib_frontend.c linux/net/ipv4/fib_frontend.c ---- v2.6.38/linux/net/ipv4/fib_frontend.c 2011-03-20 12:05:50.000000000 +0200 -+++ linux/net/ipv4/fib_frontend.c 2011-03-20 12:12:11.109247911 +0200 +diff -urp v2.6.39/linux/net/ipv4/fib_frontend.c linux/net/ipv4/fib_frontend.c +--- v2.6.39/linux/net/ipv4/fib_frontend.c 2011-05-19 13:12:44.000000000 +0300 ++++ linux/net/ipv4/fib_frontend.c 2011-07-23 02:04:19.850382525 +0300 @@ -47,6 +47,8 @@ #ifndef CONFIG_IP_MULTIPLE_TABLES @@ -112,19 +131,9 @@ struct fib_table *fib_new_table(struct net *net, u32 id) { struct fib_table *tb; -@@ -125,7 +129,8 @@ void fib_select_default(struct net *net, - table = res->r->table; - #endif - tb = fib_get_table(net, table); -- if (FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) -+ if ((FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) || -+ FIB_RES_NH(*res).nh_scope == RT_SCOPE_HOST) - fib_table_select_default(tb, flp, res); - } - -@@ -256,6 +261,9 @@ int fib_validate_source(__be32 src, __be - .iif = oif - }; +@@ -195,6 +199,9 @@ int fib_validate_source(__be32 src, __be + struct in_device *in_dev; + struct flowi4 fl4; struct fib_result res; + int table; + unsigned char prefixlen; @@ -132,27 +141,33 @@ int no_addr, rpf, accept_local; bool dev_match; int ret; -@@ -302,19 +310,26 @@ int fib_validate_source(__be32 src, __be - ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST; - return ret; +@@ -207,6 +214,7 @@ int fib_validate_source(__be32 src, __be + fl4.saddr = dst; + fl4.flowi4_tos = tos; + fl4.flowi4_scope = RT_SCOPE_UNIVERSE; ++ fl4.fl4_gw = 0; + + no_addr = rpf = accept_local = 0; + in_dev = __in_dev_get_rcu(dev); +@@ -251,17 +259,24 @@ int fib_validate_source(__be32 src, __be } -+ table = FIB_RES_TABLE(&res); -+ prefixlen = res.prefixlen; -+ scope = res.scope; if (no_addr) goto last_resort; - if (rpf == 1) - goto e_rpf; - fl.oif = dev->ifindex; ++ table = FIB_RES_TABLE(&res); ++ prefixlen = res.prefixlen; ++ scope = res.scope; + fl4.flowi4_oif = dev->ifindex; ret = 0; - if (fib_lookup(net, &fl, &res) == 0) { + if (fib_lookup(net, &fl4, &res) == 0) { - if (res.type == RTN_UNICAST) { + if (res.type == RTN_UNICAST && + ((table == FIB_RES_TABLE(&res) && + res.prefixlen >= prefixlen && res.scope >= scope) || + !rpf)) { - *spec_dst = FIB_RES_PREFSRC(res); + *spec_dst = FIB_RES_PREFSRC(net, res); ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST; + return ret; } @@ -162,180 +177,29 @@ return ret; last_resort: -@@ -942,9 +957,7 @@ static int fib_inetaddr_event(struct not +@@ -965,9 +980,7 @@ static int fib_inetaddr_event(struct not switch (event) { case NETDEV_UP: fib_add_ifaddr(ifa); -#ifdef CONFIG_IP_ROUTE_MULTIPATH fib_sync_up(dev); -#endif + atomic_inc(&net->ipv4.dev_addr_genid); rt_cache_flush(dev_net(dev), -1); break; - case NETDEV_DOWN: -@@ -980,9 +993,7 @@ static int fib_netdev_event(struct notif +@@ -1006,9 +1019,7 @@ static int fib_netdev_event(struct notif for_ifa(in_dev) { fib_add_ifaddr(ifa); } endfor_ifa(in_dev); -#ifdef CONFIG_IP_ROUTE_MULTIPATH fib_sync_up(dev); -#endif + atomic_inc(&net->ipv4.dev_addr_genid); rt_cache_flush(dev_net(dev), -1); break; - case NETDEV_DOWN: -diff -urp v2.6.38/linux/net/ipv4/fib_hash.c linux/net/ipv4/fib_hash.c ---- v2.6.38/linux/net/ipv4/fib_hash.c 2011-03-20 12:05:41.000000000 +0200 -+++ linux/net/ipv4/fib_hash.c 2011-03-20 12:12:11.110247911 +0200 -@@ -305,27 +305,43 @@ out: - void fib_table_select_default(struct fib_table *tb, - const struct flowi *flp, struct fib_result *res) - { -- int order, last_idx; -+ int order, last_idx, last_dflt, last_nhsel, good; -+ struct fib_alias *first_fa; - struct hlist_node *node; - struct fib_node *f; -- struct fib_info *fi = NULL; -+ struct fib_info *fi; - struct fib_info *last_resort; - struct fn_hash *t = (struct fn_hash *)tb->tb_data; -- struct fn_zone *fz = t->fn_zones[0]; -+ struct fn_zone *fz = t->fn_zones[res->prefixlen]; - struct hlist_head *head; -+ __be32 k; -+ unsigned int seq; - - if (fz == NULL) - return; - -+ k = fz_key(flp->fl4_dst, fz); -+ -+ rcu_read_lock(); -+ -+retry: -+ last_dflt = -2; -+ last_nhsel = 0; - last_idx = -1; - last_resort = NULL; - order = -1; -+ fi = NULL; -+ first_fa = NULL; -+ good = 0; - -- rcu_read_lock(); -- head = rcu_dereference(fz->fz_hash); -+ seq = read_seqbegin(&fz->fz_lock); -+ head = rcu_dereference(fz->fz_hash) + fn_hash(k, fz); - hlist_for_each_entry_rcu(f, node, head, fn_hash) { - struct fib_alias *fa; - -+ if (f->fn_key != k) -+ continue; -+ - list_for_each_entry_rcu(fa, &f->fn_alias, fa_list) { - struct fib_info *next_fi = fa->fa_info; - -@@ -333,43 +349,66 @@ void fib_table_select_default(struct fib - fa->fa_type != RTN_UNICAST) - continue; - -+ if (fa->fa_tos && -+ fa->fa_tos != flp->fl4_tos) -+ continue; - if (next_fi->fib_priority > res->fi->fib_priority) - break; -- if (!next_fi->fib_nh[0].nh_gw || -- next_fi->fib_nh[0].nh_scope != RT_SCOPE_LINK) -- continue; - - fib_alias_accessed(fa); - -- if (fi == NULL) { -- if (next_fi != res->fi) -- break; -- } else if (!fib_detect_death(fi, order, &last_resort, -- &last_idx, tb->tb_default)) { -- fib_result_assign(res, fi); -- tb->tb_default = order; -- goto out; -+ if (!first_fa) { -+ last_dflt = fa->fa_last_dflt; -+ first_fa = fa; -+ } -+ if (fi && !fib_detect_death(fi, order, &last_resort, -+ &last_idx, &last_dflt, &last_nhsel, flp)) { -+ good = 1; -+ goto done1; - } - fi = next_fi; - order++; - } -+ break; -+ } -+ -+done1: -+ if (read_seqretry(&fz->fz_lock, seq)) -+ goto retry; -+ -+ if (good) { -+ fib_result_assign(res, fi); -+ first_fa->fa_last_dflt = order; -+ goto out; - } - - if (order <= 0 || fi == NULL) { -- tb->tb_default = -1; -+ if (fi && fi->fib_nhs > 1 && -+ fib_detect_death(fi, order, &last_resort, &last_idx, -+ &last_dflt, &last_nhsel, flp) && -+ last_resort == fi) { -+ read_lock_bh(&fib_nhflags_lock); -+ fi->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT; -+ read_unlock_bh(&fib_nhflags_lock); -+ } -+ if (first_fa) first_fa->fa_last_dflt = -1; - goto out; - } - - if (!fib_detect_death(fi, order, &last_resort, &last_idx, -- tb->tb_default)) { -+ &last_dflt, &last_nhsel, flp)) { - fib_result_assign(res, fi); -- tb->tb_default = order; -+ first_fa->fa_last_dflt = order; - goto out; - } - -- if (last_idx >= 0) -+ if (last_idx >= 0) { <<Diff was trimmed, longer than 597 lines>> ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-apparmor.patch?r1=1.11&r2=1.11.2.1&f=u http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-routes.patch?r1=1.13&r2=1.13.2.1&f=u http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-small_fixes.patch?r1=1.28&r2=1.28.2.1&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
