Documentation/RCU/rculist_nulls.txt | 7 +++++- debian/changelog | 33 ++++++++++++++++++++++++++++++ drivers/net/8139too.c | 1 drivers/net/arm/ixp4xx_eth.c | 4 ++- drivers/net/ehea/ehea_main.c | 2 + drivers/net/gianfar.c | 2 + drivers/net/plip.c | 3 ++ drivers/net/ps3_gelic_net.c | 1 drivers/net/ps3_gelic_wireless.c | 1 drivers/net/smc91x.c | 1 drivers/net/smsc911x.c | 1 drivers/net/sunvnet.c | 2 + drivers/net/usb/kaweth.c | 3 ++ drivers/net/usb/pegasus.c | 3 ++ drivers/net/via-rhine.c | 1 drivers/net/wireless/orinoco/main.c | 3 +- include/net/netfilter/nf_conntrack.h | 4 +-- net/ipv4/netfilter/nf_nat_helper.c | 17 ++++++++++----- net/netfilter/nf_conntrack_core.c | 36 +++++++++++++++++++++++++++------ net/netfilter/nf_conntrack_proto_tcp.c | 6 ++--- net/netfilter/nf_log.c | 22 ++++++++++++-------- net/netfilter/xt_quota.c | 1 net/netfilter/xt_rateest.c | 2 - 23 files changed, 127 insertions(+), 29 deletions(-)
New commits: commit f821235437480d0e964072f79e8ab59e5fb77812 Author: Stephen Hemminger <[email protected]> Date: Fri Jul 31 09:08:22 2009 -0700 2.6.30-1+vyatta+11+jenner6 commit 3be46c007b1205f7134a2c09dd585b89ba8002ba Author: Eric Dumazet <[email protected]> Date: Thu Jul 23 16:15:34 2009 +0200 nf_conntrack: nf_conntrack_alloc() fixes commit 941297f443f871b8c3372feccf27a8733f6ce9e9 upstream. When a slab cache uses SLAB_DESTROY_BY_RCU, we must be careful when allocating objects, since slab allocator could give a freed object still used by lockless readers. In particular, nf_conntrack RCU lookups rely on ct->tuplehash[xxx].hnnode.next being always valid (ie containing a valid 'nulls' value, or a valid pointer to next object in hash chain.) kmem_cache_zalloc() setups object with NULL values, but a NULL value is not valid for ct->tuplehash[xxx].hnnode.next. Fix is to call kmem_cache_alloc() and do the zeroing ourself. As spotted by Patrick, we also need to make sure lookup keys are committed to memory before setting refcount to 1, or a lockless reader could get a reference on the old version of the object. Its key re-check could then pass the barrier. Signed-off-by: Eric Dumazet <[email protected]> Signed-off-by: Patrick McHardy <[email protected]> Acked-by: Paul E. McKenney <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> commit 0b2c144e6971f8b2e78895d6731c367ffa3c96a3 Author: Patrick McHardy <[email protected]> Date: Mon Jun 29 14:07:56 2009 +0200 netfilter: tcp conntrack: fix unacknowledged data detection with NAT commit a3a9f79e361e864f0e9d75ebe2a0cb43d17c4272 upstream. When NAT helpers change the TCP packet size, the highest seen sequence number needs to be corrected. This is currently only done upwards, when the packet size is reduced the sequence number is unchanged. This causes TCP conntrack to falsely detect unacknowledged data and decrease the timeout. Fix by updating the highest seen sequence number in both directions after packet mangling. Tested-by: Krzysztof Piotr Oledzki <[email protected]> Signed-off-by: Patrick McHardy <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> commit d67658ded4e1ef090207fe758e603cf31a20df9a Author: Patrick McHardy <[email protected]> Date: Mon Jun 22 14:17:12 2009 +0200 netfilter: xt_rateest: fix comparison with self commit 4d900f9df5f0569c2dc536701e2c11b6d50ebebf upstream. As noticed by Török Edwin <[email protected]>: Compiling the kernel with clang has shown this warning: net/netfilter/xt_rateest.c:69:16: warning: self-comparison always results in a constant value ret &= pps2 == pps2; ^ Looking at the code: if (info->flags & XT_RATEEST_MATCH_BPS) ret &= bps1 == bps2; if (info->flags & XT_RATEEST_MATCH_PPS) ret &= pps2 == pps2; Judging from the MATCH_BPS case it seems to be a typo, with the intention of comparing pps1 with pps2. http://bugzilla.kernel.org/show_bug.cgi?id=13535 Signed-off-by: Patrick McHardy <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> commit c033272d1159e6374c87344734f54cd3bd0e5994 Author: Jan Engelhardt <[email protected]> Date: Mon Jun 22 14:16:45 2009 +0200 netfilter: xt_quota: fix incomplete initialization commit 6d62182fea6cc6bbc8d82a691ad0608d68a54aeb upstream. Commit v2.6.29-rc5-872-gacc738f ("xtables: avoid pointer to self") forgot to copy the initial quota value supplied by iptables into the private structure, thus counting from whatever was in the memory kmalloc returned. Signed-off-by: Jan Engelhardt <[email protected]> Signed-off-by: Patrick McHardy <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> commit 8a27406888ee77f7eb7f40423fd57b06a471ba16 Author: Patrick McHardy <[email protected]> Date: Mon Jun 22 14:15:30 2009 +0200 netfilter: nf_log: fix direct userspace memory access in proc handler commit 249556192859490b6280552d4b877064f9f5ee48 upstream. Signed-off-by: Patrick McHardy <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> commit 579a8568abe41cd20c2ad4fe9331b29c614a9106 Author: Patrick McHardy <[email protected]> Date: Mon Jun 22 14:14:41 2009 +0200 netfilter: nf_conntrack: fix conntrack lookup race commit 8d8890b7751387f58ce0a6428773de2fbc0fd596 upstream. The RCU protected conntrack hash lookup only checks whether the entry has a refcount of zero to decide whether it is stale. This is not sufficient, entries are explicitly removed while there is at least one reference left, possibly more. Explicitly check whether the entry has been marked as dying to fix this. Signed-off-by: Patrick McHardy <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> commit 6c13e7d698536708072be11fed2579c9c20dd2a9 Author: Patrick McHardy <[email protected]> Date: Mon Jun 22 14:14:16 2009 +0200 netfilter: nf_conntrack: fix confirmation race condition commit 5c8ec910e789a92229978d8fd1fce7b62e8ac711 upstream. New connection tracking entries are inserted into the hash before they are fully set up, namely the CONFIRMED bit is not set and the timer not started yet. This can theoretically lead to a race with timer, which would set the timeout value to a relative value, most likely already in the past. Perform hash insertion as the final step to fix this. Signed-off-by: Patrick McHardy <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> commit 4598b5d5ebda98d1289b5732898df01ba4c8f102 Author: Patrick McHardy <[email protected]> Date: Sat Jun 13 12:21:10 2009 +0200 netfilter: nf_log: fix sleeping function called from invalid context commit 266d07cb1c9a0c345d7d3aea889f92062894059e upstream. Fix regression introduced by 17625274 "netfilter: sysctl support of logger choice": BUG: sleeping function called from invalid context at /mnt/s390test/linux-2.6-tip/arch/s390/include/asm/uaccess.h:234 in_atomic(): 1, irqs_disabled(): 0, pid: 3245, name: sysctl CPU: 1 Not tainted 2.6.30-rc8-tipjun10-02053-g39ae214 #1 Process sysctl (pid: 3245, task: 000000007f675da0, ksp: 000000007eb17cf0) 0000000000000000 000000007eb17be8 0000000000000002 0000000000000000 000000007eb17c88 000000007eb17c00 000000007eb17c00 0000000000048156 00000000003e2de8 000000007f676118 000000007eb17f10 0000000000000000 0000000000000000 000000007eb17be8 000000000000000d 000000007eb17c58 00000000003e2050 000000000001635c 000000007eb17be8 000000007eb17c30 Call Trace: (Ý<00000000000162e6>¨ show_trace+0x13a/0x148) Ý<00000000000349ea>¨ __might_sleep+0x13a/0x164 Ý<0000000000050300>¨ proc_dostring+0x134/0x22c Ý<0000000000312b70>¨ nf_log_proc_dostring+0xfc/0x188 Ý<0000000000136f5e>¨ proc_sys_call_handler+0xf6/0x118 Ý<0000000000136fda>¨ proc_sys_read+0x26/0x34 Ý<00000000000d6e9c>¨ vfs_read+0xac/0x158 Ý<00000000000d703e>¨ SyS_read+0x56/0x88 Ý<0000000000027f42>¨ sysc_noemu+0x10/0x16 Use the nf_log_mutex instead of RCU to fix this. Reported-and-tested-by: Maran Pakkirisamy <[email protected]> Signed-off-by: Patrick McHardy <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> commit db69fd49b4ad01799df199e45d1e9e51a8c0b2fe Author: Ben Hutchings <[email protected]> Date: Sun Jul 12 23:56:27 2009 +0100 netdev: restore MTU change operation commit 635ecaa70e862f85f652581305fe0074810893be upstream netdev: restore MTU change operation alloc_etherdev() used to install a default implementation of this operation, but it must now be explicitly installed in struct net_device_ops. Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> commit 3a4606b5231e1c071641c9bd8fcb94c3345f0d68 Author: Ben Hutchings <[email protected]> Date: Thu Jul 9 17:54:35 2009 +0000 netdev: restore MAC address set and validate operations commit 240c102d9c54fee7fdc87a4ef2fabc7eb539e00a upstream. alloc_etherdev() used to install default implementations of these operations, but they must now be explicitly installed in struct net_device_ops. Signed-off-by: Ben Hutchings <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=f821235437480d0e964072f79e8ab59e5fb77812 http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=3be46c007b1205f7134a2c09dd585b89ba8002ba http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=0b2c144e6971f8b2e78895d6731c367ffa3c96a3 http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=d67658ded4e1ef090207fe758e603cf31a20df9a http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=c033272d1159e6374c87344734f54cd3bd0e5994 http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=8a27406888ee77f7eb7f40423fd57b06a471ba16 http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=579a8568abe41cd20c2ad4fe9331b29c614a9106 http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=6c13e7d698536708072be11fed2579c9c20dd2a9 http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=4598b5d5ebda98d1289b5732898df01ba4c8f102 http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=db69fd49b4ad01799df199e45d1e9e51a8c0b2fe http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=3a4606b5231e1c071641c9bd8fcb94c3345f0d68
_______________________________________________ svn mailing list [email protected] http://mailman.vyatta.com/mailman/listinfo/svn
