diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2010-02-10 10:15:21 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-02-10 10:15:21 -0500 |
commit | 0ea457839d050370e0f7c75c81f9abd573e1f420 (patch) | |
tree | 02446fa44f2f20885fe5739c571029fed4d283b7 /net | |
parent | ac73fddfc523bf3c3525d16356b44527c44fae6d (diff) | |
parent | 44bfce5c3ec91baf8ffcd075c66711740f29a949 (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (29 commits)
drivers/net: Correct NULL test
MAINTAINERS: networking drivers - Add git net-next tree
net/sched: Fix module name in Kconfig
cxgb3: fix GRO checksum check
dst: call cond_resched() in dst_gc_task()
netfilter: nf_conntrack: fix hash resizing with namespaces
netfilter: xtables: compat out of scope fix
netfilter: nf_conntrack: restrict runtime expect hashsize modifications
netfilter: nf_conntrack: per netns nf_conntrack_cachep
netfilter: nf_conntrack: fix memory corruption with multiple namespaces
Bluetooth: Keep a copy of each HID device's report descriptor
pktgen: Fix freezing problem
igb: make certain to reassign legacy interrupt vectors after reset
irda: add missing BKL in irnet_ppp ioctl
irda: unbalanced lock_kernel in irnet_ppp
ixgbe: Fix return of invalid txq
ixgbe: Fix ixgbe_tx_map error path
netxen: protect resource cleanup by rtnl lock
netxen: fix tx timeout recovery for NX2031 chip
Bluetooth: Enter active mode before establishing a SCO link.
...
Diffstat (limited to 'net')
-rw-r--r-- | net/bluetooth/hci_conn.c | 3 | ||||
-rw-r--r-- | net/bluetooth/hci_event.c | 1 | ||||
-rw-r--r-- | net/bluetooth/hidp/core.c | 49 | ||||
-rw-r--r-- | net/bluetooth/hidp/hidp.h | 4 | ||||
-rw-r--r-- | net/bluetooth/rfcomm/core.c | 8 | ||||
-rw-r--r-- | net/core/dst.c | 2 | ||||
-rw-r--r-- | net/core/pktgen.c | 1 | ||||
-rw-r--r-- | net/dccp/ccid.c | 2 | ||||
-rw-r--r-- | net/dccp/ccid.h | 8 | ||||
-rw-r--r-- | net/dccp/probe.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_core.c | 22 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 4 | ||||
-rw-r--r-- | net/irda/irnet/irnet_ppp.c | 5 | ||||
-rw-r--r-- | net/key/af_key.c | 15 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 116 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 4 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_helper.c | 2 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 2 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_standalone.c | 7 | ||||
-rw-r--r-- | net/netlink/af_netlink.c | 5 | ||||
-rw-r--r-- | net/sched/Kconfig | 16 |
25 files changed, 162 insertions, 132 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index b7c4224f4e7..b10e3cdb08f 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c | |||
@@ -377,6 +377,9 @@ struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst, __u8 | |||
377 | 377 | ||
378 | if (acl->state == BT_CONNECTED && | 378 | if (acl->state == BT_CONNECTED && |
379 | (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { | 379 | (sco->state == BT_OPEN || sco->state == BT_CLOSED)) { |
380 | acl->power_save = 1; | ||
381 | hci_conn_enter_active_mode(acl); | ||
382 | |||
380 | if (lmp_esco_capable(hdev)) | 383 | if (lmp_esco_capable(hdev)) |
381 | hci_setup_sync(sco, acl->handle); | 384 | hci_setup_sync(sco, acl->handle); |
382 | else | 385 | else |
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 28517bad796..592da5c909c 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c | |||
@@ -1699,6 +1699,7 @@ static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_bu | |||
1699 | break; | 1699 | break; |
1700 | 1700 | ||
1701 | case 0x1c: /* SCO interval rejected */ | 1701 | case 0x1c: /* SCO interval rejected */ |
1702 | case 0x1a: /* Unsupported Remote Feature */ | ||
1702 | case 0x1f: /* Unspecified error */ | 1703 | case 0x1f: /* Unspecified error */ |
1703 | if (conn->out && conn->attempt < 2) { | 1704 | if (conn->out && conn->attempt < 2) { |
1704 | conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | | 1705 | conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) | |
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c index 6cf526d06e2..fc6ec1e7265 100644 --- a/net/bluetooth/hidp/core.c +++ b/net/bluetooth/hidp/core.c | |||
@@ -703,29 +703,9 @@ static void hidp_close(struct hid_device *hid) | |||
703 | static int hidp_parse(struct hid_device *hid) | 703 | static int hidp_parse(struct hid_device *hid) |
704 | { | 704 | { |
705 | struct hidp_session *session = hid->driver_data; | 705 | struct hidp_session *session = hid->driver_data; |
706 | struct hidp_connadd_req *req = session->req; | ||
707 | unsigned char *buf; | ||
708 | int ret; | ||
709 | |||
710 | buf = kmalloc(req->rd_size, GFP_KERNEL); | ||
711 | if (!buf) | ||
712 | return -ENOMEM; | ||
713 | |||
714 | if (copy_from_user(buf, req->rd_data, req->rd_size)) { | ||
715 | kfree(buf); | ||
716 | return -EFAULT; | ||
717 | } | ||
718 | |||
719 | ret = hid_parse_report(session->hid, buf, req->rd_size); | ||
720 | |||
721 | kfree(buf); | ||
722 | |||
723 | if (ret) | ||
724 | return ret; | ||
725 | |||
726 | session->req = NULL; | ||
727 | 706 | ||
728 | return 0; | 707 | return hid_parse_report(session->hid, session->rd_data, |
708 | session->rd_size); | ||
729 | } | 709 | } |
730 | 710 | ||
731 | static int hidp_start(struct hid_device *hid) | 711 | static int hidp_start(struct hid_device *hid) |
@@ -770,12 +750,24 @@ static int hidp_setup_hid(struct hidp_session *session, | |||
770 | bdaddr_t src, dst; | 750 | bdaddr_t src, dst; |
771 | int err; | 751 | int err; |
772 | 752 | ||
753 | session->rd_data = kzalloc(req->rd_size, GFP_KERNEL); | ||
754 | if (!session->rd_data) | ||
755 | return -ENOMEM; | ||
756 | |||
757 | if (copy_from_user(session->rd_data, req->rd_data, req->rd_size)) { | ||
758 | err = -EFAULT; | ||
759 | goto fault; | ||
760 | } | ||
761 | session->rd_size = req->rd_size; | ||
762 | |||
773 | hid = hid_allocate_device(); | 763 | hid = hid_allocate_device(); |
774 | if (IS_ERR(hid)) | 764 | if (IS_ERR(hid)) { |
775 | return PTR_ERR(hid); | 765 | err = PTR_ERR(hid); |
766 | goto fault; | ||
767 | } | ||
776 | 768 | ||
777 | session->hid = hid; | 769 | session->hid = hid; |
778 | session->req = req; | 770 | |
779 | hid->driver_data = session; | 771 | hid->driver_data = session; |
780 | 772 | ||
781 | baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); | 773 | baswap(&src, &bt_sk(session->ctrl_sock->sk)->src); |
@@ -806,6 +798,10 @@ failed: | |||
806 | hid_destroy_device(hid); | 798 | hid_destroy_device(hid); |
807 | session->hid = NULL; | 799 | session->hid = NULL; |
808 | 800 | ||
801 | fault: | ||
802 | kfree(session->rd_data); | ||
803 | session->rd_data = NULL; | ||
804 | |||
809 | return err; | 805 | return err; |
810 | } | 806 | } |
811 | 807 | ||
@@ -900,6 +896,9 @@ unlink: | |||
900 | session->hid = NULL; | 896 | session->hid = NULL; |
901 | } | 897 | } |
902 | 898 | ||
899 | kfree(session->rd_data); | ||
900 | session->rd_data = NULL; | ||
901 | |||
903 | purge: | 902 | purge: |
904 | skb_queue_purge(&session->ctrl_transmit); | 903 | skb_queue_purge(&session->ctrl_transmit); |
905 | skb_queue_purge(&session->intr_transmit); | 904 | skb_queue_purge(&session->intr_transmit); |
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h index faf3d74c358..a4e215d50c1 100644 --- a/net/bluetooth/hidp/hidp.h +++ b/net/bluetooth/hidp/hidp.h | |||
@@ -154,7 +154,9 @@ struct hidp_session { | |||
154 | struct sk_buff_head ctrl_transmit; | 154 | struct sk_buff_head ctrl_transmit; |
155 | struct sk_buff_head intr_transmit; | 155 | struct sk_buff_head intr_transmit; |
156 | 156 | ||
157 | struct hidp_connadd_req *req; | 157 | /* Report descriptor */ |
158 | __u8 *rd_data; | ||
159 | uint rd_size; | ||
158 | }; | 160 | }; |
159 | 161 | ||
160 | static inline void hidp_schedule(struct hidp_session *session) | 162 | static inline void hidp_schedule(struct hidp_session *session) |
diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c index fc5ee3296e2..89f4a59eb82 100644 --- a/net/bluetooth/rfcomm/core.c +++ b/net/bluetooth/rfcomm/core.c | |||
@@ -252,7 +252,6 @@ static void rfcomm_session_timeout(unsigned long arg) | |||
252 | BT_DBG("session %p state %ld", s, s->state); | 252 | BT_DBG("session %p state %ld", s, s->state); |
253 | 253 | ||
254 | set_bit(RFCOMM_TIMED_OUT, &s->flags); | 254 | set_bit(RFCOMM_TIMED_OUT, &s->flags); |
255 | rfcomm_session_put(s); | ||
256 | rfcomm_schedule(RFCOMM_SCHED_TIMEO); | 255 | rfcomm_schedule(RFCOMM_SCHED_TIMEO); |
257 | } | 256 | } |
258 | 257 | ||
@@ -1151,7 +1150,11 @@ static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) | |||
1151 | break; | 1150 | break; |
1152 | 1151 | ||
1153 | case BT_DISCONN: | 1152 | case BT_DISCONN: |
1154 | rfcomm_session_put(s); | 1153 | /* When socket is closed and we are not RFCOMM |
1154 | * initiator rfcomm_process_rx already calls | ||
1155 | * rfcomm_session_put() */ | ||
1156 | if (s->sock->sk->sk_state != BT_CLOSED) | ||
1157 | rfcomm_session_put(s); | ||
1155 | break; | 1158 | break; |
1156 | } | 1159 | } |
1157 | } | 1160 | } |
@@ -1920,6 +1923,7 @@ static inline void rfcomm_process_sessions(void) | |||
1920 | if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { | 1923 | if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) { |
1921 | s->state = BT_DISCONN; | 1924 | s->state = BT_DISCONN; |
1922 | rfcomm_send_disc(s, 0); | 1925 | rfcomm_send_disc(s, 0); |
1926 | rfcomm_session_put(s); | ||
1923 | continue; | 1927 | continue; |
1924 | } | 1928 | } |
1925 | 1929 | ||
diff --git a/net/core/dst.c b/net/core/dst.c index 57bc4d5b8d0..cb1b3488b73 100644 --- a/net/core/dst.c +++ b/net/core/dst.c | |||
@@ -17,6 +17,7 @@ | |||
17 | #include <linux/string.h> | 17 | #include <linux/string.h> |
18 | #include <linux/types.h> | 18 | #include <linux/types.h> |
19 | #include <net/net_namespace.h> | 19 | #include <net/net_namespace.h> |
20 | #include <linux/sched.h> | ||
20 | 21 | ||
21 | #include <net/dst.h> | 22 | #include <net/dst.h> |
22 | 23 | ||
@@ -79,6 +80,7 @@ loop: | |||
79 | while ((dst = next) != NULL) { | 80 | while ((dst = next) != NULL) { |
80 | next = dst->next; | 81 | next = dst->next; |
81 | prefetch(&next->next); | 82 | prefetch(&next->next); |
83 | cond_resched(); | ||
82 | if (likely(atomic_read(&dst->__refcnt))) { | 84 | if (likely(atomic_read(&dst->__refcnt))) { |
83 | last->next = dst; | 85 | last->next = dst; |
84 | last = dst; | 86 | last = dst; |
diff --git a/net/core/pktgen.c b/net/core/pktgen.c index de0c2c72642..2e692afdc55 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c | |||
@@ -3524,6 +3524,7 @@ static int pktgen_thread_worker(void *arg) | |||
3524 | wait_event_interruptible_timeout(t->queue, | 3524 | wait_event_interruptible_timeout(t->queue, |
3525 | t->control != 0, | 3525 | t->control != 0, |
3526 | HZ/10); | 3526 | HZ/10); |
3527 | try_to_freeze(); | ||
3527 | continue; | 3528 | continue; |
3528 | } | 3529 | } |
3529 | 3530 | ||
diff --git a/net/dccp/ccid.c b/net/dccp/ccid.c index 57dfb9c8c4f..ff16e9df196 100644 --- a/net/dccp/ccid.c +++ b/net/dccp/ccid.c | |||
@@ -83,7 +83,7 @@ static struct kmem_cache *ccid_kmem_cache_create(int obj_size, char *slab_name_f | |||
83 | va_list args; | 83 | va_list args; |
84 | 84 | ||
85 | va_start(args, fmt); | 85 | va_start(args, fmt); |
86 | vsnprintf(slab_name_fmt, sizeof(slab_name_fmt), fmt, args); | 86 | vsnprintf(slab_name_fmt, CCID_SLAB_NAME_LENGTH, fmt, args); |
87 | va_end(args); | 87 | va_end(args); |
88 | 88 | ||
89 | slab = kmem_cache_create(slab_name_fmt, sizeof(struct ccid) + obj_size, 0, | 89 | slab = kmem_cache_create(slab_name_fmt, sizeof(struct ccid) + obj_size, 0, |
diff --git a/net/dccp/ccid.h b/net/dccp/ccid.h index 269958bf7fe..6df6f8ac963 100644 --- a/net/dccp/ccid.h +++ b/net/dccp/ccid.h | |||
@@ -19,7 +19,9 @@ | |||
19 | #include <linux/list.h> | 19 | #include <linux/list.h> |
20 | #include <linux/module.h> | 20 | #include <linux/module.h> |
21 | 21 | ||
22 | #define CCID_MAX 255 | 22 | /* maximum value for a CCID (RFC 4340, 19.5) */ |
23 | #define CCID_MAX 255 | ||
24 | #define CCID_SLAB_NAME_LENGTH 32 | ||
23 | 25 | ||
24 | struct tcp_info; | 26 | struct tcp_info; |
25 | 27 | ||
@@ -49,8 +51,8 @@ struct ccid_operations { | |||
49 | const char *ccid_name; | 51 | const char *ccid_name; |
50 | struct kmem_cache *ccid_hc_rx_slab, | 52 | struct kmem_cache *ccid_hc_rx_slab, |
51 | *ccid_hc_tx_slab; | 53 | *ccid_hc_tx_slab; |
52 | char ccid_hc_rx_slab_name[32]; | 54 | char ccid_hc_rx_slab_name[CCID_SLAB_NAME_LENGTH]; |
53 | char ccid_hc_tx_slab_name[32]; | 55 | char ccid_hc_tx_slab_name[CCID_SLAB_NAME_LENGTH]; |
54 | __u32 ccid_hc_rx_obj_size, | 56 | __u32 ccid_hc_rx_obj_size, |
55 | ccid_hc_tx_obj_size; | 57 | ccid_hc_tx_obj_size; |
56 | /* Interface Routines */ | 58 | /* Interface Routines */ |
diff --git a/net/dccp/probe.c b/net/dccp/probe.c index bace1d8cbcf..f5b3464f124 100644 --- a/net/dccp/probe.c +++ b/net/dccp/probe.c | |||
@@ -161,8 +161,8 @@ static __init int dccpprobe_init(void) | |||
161 | if (!proc_net_fops_create(&init_net, procname, S_IRUSR, &dccpprobe_fops)) | 161 | if (!proc_net_fops_create(&init_net, procname, S_IRUSR, &dccpprobe_fops)) |
162 | goto err0; | 162 | goto err0; |
163 | 163 | ||
164 | ret = try_then_request_module((register_jprobe(&dccp_send_probe) == 0), | 164 | try_then_request_module((ret = register_jprobe(&dccp_send_probe)) == 0, |
165 | "dccp"); | 165 | "dccp"); |
166 | if (ret) | 166 | if (ret) |
167 | goto err1; | 167 | goto err1; |
168 | 168 | ||
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 06632762ba5..90203e1b918 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -925,10 +925,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) | |||
925 | if (t && !IS_ERR(t)) { | 925 | if (t && !IS_ERR(t)) { |
926 | struct arpt_getinfo info; | 926 | struct arpt_getinfo info; |
927 | const struct xt_table_info *private = t->private; | 927 | const struct xt_table_info *private = t->private; |
928 | |||
929 | #ifdef CONFIG_COMPAT | 928 | #ifdef CONFIG_COMPAT |
929 | struct xt_table_info tmp; | ||
930 | |||
930 | if (compat) { | 931 | if (compat) { |
931 | struct xt_table_info tmp; | ||
932 | ret = compat_table_info(private, &tmp); | 932 | ret = compat_table_info(private, &tmp); |
933 | xt_compat_flush_offsets(NFPROTO_ARP); | 933 | xt_compat_flush_offsets(NFPROTO_ARP); |
934 | private = &tmp; | 934 | private = &tmp; |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 572330a552e..3ce53cf13d5 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -1132,10 +1132,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) | |||
1132 | if (t && !IS_ERR(t)) { | 1132 | if (t && !IS_ERR(t)) { |
1133 | struct ipt_getinfo info; | 1133 | struct ipt_getinfo info; |
1134 | const struct xt_table_info *private = t->private; | 1134 | const struct xt_table_info *private = t->private; |
1135 | |||
1136 | #ifdef CONFIG_COMPAT | 1135 | #ifdef CONFIG_COMPAT |
1136 | struct xt_table_info tmp; | ||
1137 | |||
1137 | if (compat) { | 1138 | if (compat) { |
1138 | struct xt_table_info tmp; | ||
1139 | ret = compat_table_info(private, &tmp); | 1139 | ret = compat_table_info(private, &tmp); |
1140 | xt_compat_flush_offsets(AF_INET); | 1140 | xt_compat_flush_offsets(AF_INET); |
1141 | private = &tmp; | 1141 | private = &tmp; |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index d171b123a65..d1ea38a7c49 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -210,7 +210,7 @@ static ctl_table ip_ct_sysctl_table[] = { | |||
210 | }, | 210 | }, |
211 | { | 211 | { |
212 | .procname = "ip_conntrack_buckets", | 212 | .procname = "ip_conntrack_buckets", |
213 | .data = &nf_conntrack_htable_size, | 213 | .data = &init_net.ct.htable_size, |
214 | .maxlen = sizeof(unsigned int), | 214 | .maxlen = sizeof(unsigned int), |
215 | .mode = 0444, | 215 | .mode = 0444, |
216 | .proc_handler = proc_dointvec, | 216 | .proc_handler = proc_dointvec, |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c index 8668a3defda..2fb7b76da94 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | |||
@@ -32,7 +32,7 @@ static struct hlist_nulls_node *ct_get_first(struct seq_file *seq) | |||
32 | struct hlist_nulls_node *n; | 32 | struct hlist_nulls_node *n; |
33 | 33 | ||
34 | for (st->bucket = 0; | 34 | for (st->bucket = 0; |
35 | st->bucket < nf_conntrack_htable_size; | 35 | st->bucket < net->ct.htable_size; |
36 | st->bucket++) { | 36 | st->bucket++) { |
37 | n = rcu_dereference(net->ct.hash[st->bucket].first); | 37 | n = rcu_dereference(net->ct.hash[st->bucket].first); |
38 | if (!is_a_nulls(n)) | 38 | if (!is_a_nulls(n)) |
@@ -50,7 +50,7 @@ static struct hlist_nulls_node *ct_get_next(struct seq_file *seq, | |||
50 | head = rcu_dereference(head->next); | 50 | head = rcu_dereference(head->next); |
51 | while (is_a_nulls(head)) { | 51 | while (is_a_nulls(head)) { |
52 | if (likely(get_nulls_value(head) == st->bucket)) { | 52 | if (likely(get_nulls_value(head) == st->bucket)) { |
53 | if (++st->bucket >= nf_conntrack_htable_size) | 53 | if (++st->bucket >= net->ct.htable_size) |
54 | return NULL; | 54 | return NULL; |
55 | } | 55 | } |
56 | head = rcu_dereference(net->ct.hash[st->bucket].first); | 56 | head = rcu_dereference(net->ct.hash[st->bucket].first); |
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index fe1a64479dd..26066a2327a 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
@@ -35,9 +35,6 @@ static DEFINE_SPINLOCK(nf_nat_lock); | |||
35 | 35 | ||
36 | static struct nf_conntrack_l3proto *l3proto __read_mostly; | 36 | static struct nf_conntrack_l3proto *l3proto __read_mostly; |
37 | 37 | ||
38 | /* Calculated at init based on memory size */ | ||
39 | static unsigned int nf_nat_htable_size __read_mostly; | ||
40 | |||
41 | #define MAX_IP_NAT_PROTO 256 | 38 | #define MAX_IP_NAT_PROTO 256 |
42 | static const struct nf_nat_protocol *nf_nat_protos[MAX_IP_NAT_PROTO] | 39 | static const struct nf_nat_protocol *nf_nat_protos[MAX_IP_NAT_PROTO] |
43 | __read_mostly; | 40 | __read_mostly; |
@@ -72,7 +69,7 @@ EXPORT_SYMBOL_GPL(nf_nat_proto_put); | |||
72 | 69 | ||
73 | /* We keep an extra hash for each conntrack, for fast searching. */ | 70 | /* We keep an extra hash for each conntrack, for fast searching. */ |
74 | static inline unsigned int | 71 | static inline unsigned int |
75 | hash_by_src(const struct nf_conntrack_tuple *tuple) | 72 | hash_by_src(const struct net *net, const struct nf_conntrack_tuple *tuple) |
76 | { | 73 | { |
77 | unsigned int hash; | 74 | unsigned int hash; |
78 | 75 | ||
@@ -80,7 +77,7 @@ hash_by_src(const struct nf_conntrack_tuple *tuple) | |||
80 | hash = jhash_3words((__force u32)tuple->src.u3.ip, | 77 | hash = jhash_3words((__force u32)tuple->src.u3.ip, |
81 | (__force u32)tuple->src.u.all, | 78 | (__force u32)tuple->src.u.all, |
82 | tuple->dst.protonum, 0); | 79 | tuple->dst.protonum, 0); |
83 | return ((u64)hash * nf_nat_htable_size) >> 32; | 80 | return ((u64)hash * net->ipv4.nat_htable_size) >> 32; |
84 | } | 81 | } |
85 | 82 | ||
86 | /* Is this tuple already taken? (not by us) */ | 83 | /* Is this tuple already taken? (not by us) */ |
@@ -147,7 +144,7 @@ find_appropriate_src(struct net *net, | |||
147 | struct nf_conntrack_tuple *result, | 144 | struct nf_conntrack_tuple *result, |
148 | const struct nf_nat_range *range) | 145 | const struct nf_nat_range *range) |
149 | { | 146 | { |
150 | unsigned int h = hash_by_src(tuple); | 147 | unsigned int h = hash_by_src(net, tuple); |
151 | const struct nf_conn_nat *nat; | 148 | const struct nf_conn_nat *nat; |
152 | const struct nf_conn *ct; | 149 | const struct nf_conn *ct; |
153 | const struct hlist_node *n; | 150 | const struct hlist_node *n; |
@@ -330,7 +327,7 @@ nf_nat_setup_info(struct nf_conn *ct, | |||
330 | if (have_to_hash) { | 327 | if (have_to_hash) { |
331 | unsigned int srchash; | 328 | unsigned int srchash; |
332 | 329 | ||
333 | srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); | 330 | srchash = hash_by_src(net, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); |
334 | spin_lock_bh(&nf_nat_lock); | 331 | spin_lock_bh(&nf_nat_lock); |
335 | /* nf_conntrack_alter_reply might re-allocate exntension aera */ | 332 | /* nf_conntrack_alter_reply might re-allocate exntension aera */ |
336 | nat = nfct_nat(ct); | 333 | nat = nfct_nat(ct); |
@@ -679,8 +676,10 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct, | |||
679 | 676 | ||
680 | static int __net_init nf_nat_net_init(struct net *net) | 677 | static int __net_init nf_nat_net_init(struct net *net) |
681 | { | 678 | { |
682 | net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size, | 679 | /* Leave them the same for the moment. */ |
683 | &net->ipv4.nat_vmalloced, 0); | 680 | net->ipv4.nat_htable_size = net->ct.htable_size; |
681 | net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&net->ipv4.nat_htable_size, | ||
682 | &net->ipv4.nat_vmalloced, 0); | ||
684 | if (!net->ipv4.nat_bysource) | 683 | if (!net->ipv4.nat_bysource) |
685 | return -ENOMEM; | 684 | return -ENOMEM; |
686 | return 0; | 685 | return 0; |
@@ -703,7 +702,7 @@ static void __net_exit nf_nat_net_exit(struct net *net) | |||
703 | nf_ct_iterate_cleanup(net, &clean_nat, NULL); | 702 | nf_ct_iterate_cleanup(net, &clean_nat, NULL); |
704 | synchronize_rcu(); | 703 | synchronize_rcu(); |
705 | nf_ct_free_hashtable(net->ipv4.nat_bysource, net->ipv4.nat_vmalloced, | 704 | nf_ct_free_hashtable(net->ipv4.nat_bysource, net->ipv4.nat_vmalloced, |
706 | nf_nat_htable_size); | 705 | net->ipv4.nat_htable_size); |
707 | } | 706 | } |
708 | 707 | ||
709 | static struct pernet_operations nf_nat_net_ops = { | 708 | static struct pernet_operations nf_nat_net_ops = { |
@@ -724,9 +723,6 @@ static int __init nf_nat_init(void) | |||
724 | return ret; | 723 | return ret; |
725 | } | 724 | } |
726 | 725 | ||
727 | /* Leave them the same for the moment. */ | ||
728 | nf_nat_htable_size = nf_conntrack_htable_size; | ||
729 | |||
730 | ret = register_pernet_subsys(&nf_nat_net_ops); | 726 | ret = register_pernet_subsys(&nf_nat_net_ops); |
731 | if (ret < 0) | 727 | if (ret < 0) |
732 | goto cleanup_extend; | 728 | goto cleanup_extend; |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 480d7f8c980..8a7e0f52e17 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -1164,10 +1164,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat) | |||
1164 | if (t && !IS_ERR(t)) { | 1164 | if (t && !IS_ERR(t)) { |
1165 | struct ip6t_getinfo info; | 1165 | struct ip6t_getinfo info; |
1166 | const struct xt_table_info *private = t->private; | 1166 | const struct xt_table_info *private = t->private; |
1167 | |||
1168 | #ifdef CONFIG_COMPAT | 1167 | #ifdef CONFIG_COMPAT |
1168 | struct xt_table_info tmp; | ||
1169 | |||
1169 | if (compat) { | 1170 | if (compat) { |
1170 | struct xt_table_info tmp; | ||
1171 | ret = compat_table_info(private, &tmp); | 1171 | ret = compat_table_info(private, &tmp); |
1172 | xt_compat_flush_offsets(AF_INET6); | 1172 | xt_compat_flush_offsets(AF_INET6); |
1173 | private = &tmp; | 1173 | private = &tmp; |
diff --git a/net/irda/irnet/irnet_ppp.c b/net/irda/irnet/irnet_ppp.c index 156020d138b..6b3602de359 100644 --- a/net/irda/irnet/irnet_ppp.c +++ b/net/irda/irnet/irnet_ppp.c | |||
@@ -698,15 +698,18 @@ dev_irnet_ioctl( | |||
698 | 698 | ||
699 | /* Query PPP channel and unit number */ | 699 | /* Query PPP channel and unit number */ |
700 | case PPPIOCGCHAN: | 700 | case PPPIOCGCHAN: |
701 | lock_kernel(); | ||
701 | if(ap->ppp_open && !put_user(ppp_channel_index(&ap->chan), | 702 | if(ap->ppp_open && !put_user(ppp_channel_index(&ap->chan), |
702 | (int __user *)argp)) | 703 | (int __user *)argp)) |
703 | err = 0; | 704 | err = 0; |
705 | unlock_kernel(); | ||
704 | break; | 706 | break; |
705 | case PPPIOCGUNIT: | 707 | case PPPIOCGUNIT: |
706 | lock_kernel(); | 708 | lock_kernel(); |
707 | if(ap->ppp_open && !put_user(ppp_unit_number(&ap->chan), | 709 | if(ap->ppp_open && !put_user(ppp_unit_number(&ap->chan), |
708 | (int __user *)argp)) | 710 | (int __user *)argp)) |
709 | err = 0; | 711 | err = 0; |
712 | unlock_kernel(); | ||
710 | break; | 713 | break; |
711 | 714 | ||
712 | /* All these ioctls can be passed both directly and from ppp_generic, | 715 | /* All these ioctls can be passed both directly and from ppp_generic, |
diff --git a/net/key/af_key.c b/net/key/af_key.c index 76fa6fef647..539f43bc97d 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
@@ -3794,9 +3794,9 @@ static struct pernet_operations pfkey_net_ops = { | |||
3794 | 3794 | ||
3795 | static void __exit ipsec_pfkey_exit(void) | 3795 | static void __exit ipsec_pfkey_exit(void) |
3796 | { | 3796 | { |
3797 | unregister_pernet_subsys(&pfkey_net_ops); | ||
3798 | xfrm_unregister_km(&pfkeyv2_mgr); | 3797 | xfrm_unregister_km(&pfkeyv2_mgr); |
3799 | sock_unregister(PF_KEY); | 3798 | sock_unregister(PF_KEY); |
3799 | unregister_pernet_subsys(&pfkey_net_ops); | ||
3800 | proto_unregister(&key_proto); | 3800 | proto_unregister(&key_proto); |
3801 | } | 3801 | } |
3802 | 3802 | ||
@@ -3807,21 +3807,22 @@ static int __init ipsec_pfkey_init(void) | |||
3807 | if (err != 0) | 3807 | if (err != 0) |
3808 | goto out; | 3808 | goto out; |
3809 | 3809 | ||
3810 | err = sock_register(&pfkey_family_ops); | 3810 | err = register_pernet_subsys(&pfkey_net_ops); |
3811 | if (err != 0) | 3811 | if (err != 0) |
3812 | goto out_unregister_key_proto; | 3812 | goto out_unregister_key_proto; |
3813 | err = sock_register(&pfkey_family_ops); | ||
3814 | if (err != 0) | ||
3815 | goto out_unregister_pernet; | ||
3813 | err = xfrm_register_km(&pfkeyv2_mgr); | 3816 | err = xfrm_register_km(&pfkeyv2_mgr); |
3814 | if (err != 0) | 3817 | if (err != 0) |
3815 | goto out_sock_unregister; | 3818 | goto out_sock_unregister; |
3816 | err = register_pernet_subsys(&pfkey_net_ops); | ||
3817 | if (err != 0) | ||
3818 | goto out_xfrm_unregister_km; | ||
3819 | out: | 3819 | out: |
3820 | return err; | 3820 | return err; |
3821 | out_xfrm_unregister_km: | 3821 | |
3822 | xfrm_unregister_km(&pfkeyv2_mgr); | ||
3823 | out_sock_unregister: | 3822 | out_sock_unregister: |
3824 | sock_unregister(PF_KEY); | 3823 | sock_unregister(PF_KEY); |
3824 | out_unregister_pernet: | ||
3825 | unregister_pernet_subsys(&pfkey_net_ops); | ||
3825 | out_unregister_key_proto: | 3826 | out_unregister_key_proto: |
3826 | proto_unregister(&key_proto); | 3827 | proto_unregister(&key_proto); |
3827 | goto out; | 3828 | goto out; |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 0e98c3282d4..4d79e3c1616 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -30,6 +30,7 @@ | |||
30 | #include <linux/netdevice.h> | 30 | #include <linux/netdevice.h> |
31 | #include <linux/socket.h> | 31 | #include <linux/socket.h> |
32 | #include <linux/mm.h> | 32 | #include <linux/mm.h> |
33 | #include <linux/nsproxy.h> | ||
33 | #include <linux/rculist_nulls.h> | 34 | #include <linux/rculist_nulls.h> |
34 | 35 | ||
35 | #include <net/netfilter/nf_conntrack.h> | 36 | #include <net/netfilter/nf_conntrack.h> |
@@ -63,8 +64,6 @@ EXPORT_SYMBOL_GPL(nf_conntrack_max); | |||
63 | struct nf_conn nf_conntrack_untracked __read_mostly; | 64 | struct nf_conn nf_conntrack_untracked __read_mostly; |
64 | EXPORT_SYMBOL_GPL(nf_conntrack_untracked); | 65 | EXPORT_SYMBOL_GPL(nf_conntrack_untracked); |
65 | 66 | ||
66 | static struct kmem_cache *nf_conntrack_cachep __read_mostly; | ||
67 | |||
68 | static int nf_conntrack_hash_rnd_initted; | 67 | static int nf_conntrack_hash_rnd_initted; |
69 | static unsigned int nf_conntrack_hash_rnd; | 68 | static unsigned int nf_conntrack_hash_rnd; |
70 | 69 | ||
@@ -86,9 +85,10 @@ static u_int32_t __hash_conntrack(const struct nf_conntrack_tuple *tuple, | |||
86 | return ((u64)h * size) >> 32; | 85 | return ((u64)h * size) >> 32; |
87 | } | 86 | } |
88 | 87 | ||
89 | static inline u_int32_t hash_conntrack(const struct nf_conntrack_tuple *tuple) | 88 | static inline u_int32_t hash_conntrack(const struct net *net, |
89 | const struct nf_conntrack_tuple *tuple) | ||
90 | { | 90 | { |
91 | return __hash_conntrack(tuple, nf_conntrack_htable_size, | 91 | return __hash_conntrack(tuple, net->ct.htable_size, |
92 | nf_conntrack_hash_rnd); | 92 | nf_conntrack_hash_rnd); |
93 | } | 93 | } |
94 | 94 | ||
@@ -296,7 +296,7 @@ __nf_conntrack_find(struct net *net, const struct nf_conntrack_tuple *tuple) | |||
296 | { | 296 | { |
297 | struct nf_conntrack_tuple_hash *h; | 297 | struct nf_conntrack_tuple_hash *h; |
298 | struct hlist_nulls_node *n; | 298 | struct hlist_nulls_node *n; |
299 | unsigned int hash = hash_conntrack(tuple); | 299 | unsigned int hash = hash_conntrack(net, tuple); |
300 | 300 | ||
301 | /* Disable BHs the entire time since we normally need to disable them | 301 | /* Disable BHs the entire time since we normally need to disable them |
302 | * at least once for the stats anyway. | 302 | * at least once for the stats anyway. |
@@ -366,10 +366,11 @@ static void __nf_conntrack_hash_insert(struct nf_conn *ct, | |||
366 | 366 | ||
367 | void nf_conntrack_hash_insert(struct nf_conn *ct) | 367 | void nf_conntrack_hash_insert(struct nf_conn *ct) |
368 | { | 368 | { |
369 | struct net *net = nf_ct_net(ct); | ||
369 | unsigned int hash, repl_hash; | 370 | unsigned int hash, repl_hash; |
370 | 371 | ||
371 | hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); | 372 | hash = hash_conntrack(net, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); |
372 | repl_hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); | 373 | repl_hash = hash_conntrack(net, &ct->tuplehash[IP_CT_DIR_REPLY].tuple); |
373 | 374 | ||
374 | __nf_conntrack_hash_insert(ct, hash, repl_hash); | 375 | __nf_conntrack_hash_insert(ct, hash, repl_hash); |
375 | } | 376 | } |
@@ -397,8 +398,8 @@ __nf_conntrack_confirm(struct sk_buff *skb) | |||
397 | if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL) | 398 | if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL) |
398 | return NF_ACCEPT; | 399 | return NF_ACCEPT; |
399 | 400 | ||
400 | hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); | 401 | hash = hash_conntrack(net, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); |
401 | repl_hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); | 402 | repl_hash = hash_conntrack(net, &ct->tuplehash[IP_CT_DIR_REPLY].tuple); |
402 | 403 | ||
403 | /* We're not in hash table, and we refuse to set up related | 404 | /* We're not in hash table, and we refuse to set up related |
404 | connections for unconfirmed conns. But packet copies and | 405 | connections for unconfirmed conns. But packet copies and |
@@ -468,7 +469,7 @@ nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple, | |||
468 | struct net *net = nf_ct_net(ignored_conntrack); | 469 | struct net *net = nf_ct_net(ignored_conntrack); |
469 | struct nf_conntrack_tuple_hash *h; | 470 | struct nf_conntrack_tuple_hash *h; |
470 | struct hlist_nulls_node *n; | 471 | struct hlist_nulls_node *n; |
471 | unsigned int hash = hash_conntrack(tuple); | 472 | unsigned int hash = hash_conntrack(net, tuple); |
472 | 473 | ||
473 | /* Disable BHs the entire time since we need to disable them at | 474 | /* Disable BHs the entire time since we need to disable them at |
474 | * least once for the stats anyway. | 475 | * least once for the stats anyway. |
@@ -503,7 +504,7 @@ static noinline int early_drop(struct net *net, unsigned int hash) | |||
503 | int dropped = 0; | 504 | int dropped = 0; |
504 | 505 | ||
505 | rcu_read_lock(); | 506 | rcu_read_lock(); |
506 | for (i = 0; i < nf_conntrack_htable_size; i++) { | 507 | for (i = 0; i < net->ct.htable_size; i++) { |
507 | hlist_nulls_for_each_entry_rcu(h, n, &net->ct.hash[hash], | 508 | hlist_nulls_for_each_entry_rcu(h, n, &net->ct.hash[hash], |
508 | hnnode) { | 509 | hnnode) { |
509 | tmp = nf_ct_tuplehash_to_ctrack(h); | 510 | tmp = nf_ct_tuplehash_to_ctrack(h); |
@@ -523,7 +524,7 @@ static noinline int early_drop(struct net *net, unsigned int hash) | |||
523 | if (cnt >= NF_CT_EVICTION_RANGE) | 524 | if (cnt >= NF_CT_EVICTION_RANGE) |
524 | break; | 525 | break; |
525 | 526 | ||
526 | hash = (hash + 1) % nf_conntrack_htable_size; | 527 | hash = (hash + 1) % net->ct.htable_size; |
527 | } | 528 | } |
528 | rcu_read_unlock(); | 529 | rcu_read_unlock(); |
529 | 530 | ||
@@ -557,7 +558,7 @@ struct nf_conn *nf_conntrack_alloc(struct net *net, | |||
557 | 558 | ||
558 | if (nf_conntrack_max && | 559 | if (nf_conntrack_max && |
559 | unlikely(atomic_read(&net->ct.count) > nf_conntrack_max)) { | 560 | unlikely(atomic_read(&net->ct.count) > nf_conntrack_max)) { |
560 | unsigned int hash = hash_conntrack(orig); | 561 | unsigned int hash = hash_conntrack(net, orig); |
561 | if (!early_drop(net, hash)) { | 562 | if (!early_drop(net, hash)) { |
562 | atomic_dec(&net->ct.count); | 563 | atomic_dec(&net->ct.count); |
563 | if (net_ratelimit()) | 564 | if (net_ratelimit()) |
@@ -572,7 +573,7 @@ struct nf_conn *nf_conntrack_alloc(struct net *net, | |||
572 | * Do not use kmem_cache_zalloc(), as this cache uses | 573 | * Do not use kmem_cache_zalloc(), as this cache uses |
573 | * SLAB_DESTROY_BY_RCU. | 574 | * SLAB_DESTROY_BY_RCU. |
574 | */ | 575 | */ |
575 | ct = kmem_cache_alloc(nf_conntrack_cachep, gfp); | 576 | ct = kmem_cache_alloc(net->ct.nf_conntrack_cachep, gfp); |
576 | if (ct == NULL) { | 577 | if (ct == NULL) { |
577 | pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n"); | 578 | pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n"); |
578 | atomic_dec(&net->ct.count); | 579 | atomic_dec(&net->ct.count); |
@@ -611,7 +612,7 @@ void nf_conntrack_free(struct nf_conn *ct) | |||
611 | nf_ct_ext_destroy(ct); | 612 | nf_ct_ext_destroy(ct); |
612 | atomic_dec(&net->ct.count); | 613 | atomic_dec(&net->ct.count); |
613 | nf_ct_ext_free(ct); | 614 | nf_ct_ext_free(ct); |
614 | kmem_cache_free(nf_conntrack_cachep, ct); | 615 | kmem_cache_free(net->ct.nf_conntrack_cachep, ct); |
615 | } | 616 | } |
616 | EXPORT_SYMBOL_GPL(nf_conntrack_free); | 617 | EXPORT_SYMBOL_GPL(nf_conntrack_free); |
617 | 618 | ||
@@ -1014,7 +1015,7 @@ get_next_corpse(struct net *net, int (*iter)(struct nf_conn *i, void *data), | |||
1014 | struct hlist_nulls_node *n; | 1015 | struct hlist_nulls_node *n; |
1015 | 1016 | ||
1016 | spin_lock_bh(&nf_conntrack_lock); | 1017 | spin_lock_bh(&nf_conntrack_lock); |
1017 | for (; *bucket < nf_conntrack_htable_size; (*bucket)++) { | 1018 | for (; *bucket < net->ct.htable_size; (*bucket)++) { |
1018 | hlist_nulls_for_each_entry(h, n, &net->ct.hash[*bucket], hnnode) { | 1019 | hlist_nulls_for_each_entry(h, n, &net->ct.hash[*bucket], hnnode) { |
1019 | ct = nf_ct_tuplehash_to_ctrack(h); | 1020 | ct = nf_ct_tuplehash_to_ctrack(h); |
1020 | if (iter(ct, data)) | 1021 | if (iter(ct, data)) |
@@ -1113,9 +1114,12 @@ static void nf_ct_release_dying_list(struct net *net) | |||
1113 | 1114 | ||
1114 | static void nf_conntrack_cleanup_init_net(void) | 1115 | static void nf_conntrack_cleanup_init_net(void) |
1115 | { | 1116 | { |
1117 | /* wait until all references to nf_conntrack_untracked are dropped */ | ||
1118 | while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1) | ||
1119 | schedule(); | ||
1120 | |||
1116 | nf_conntrack_helper_fini(); | 1121 | nf_conntrack_helper_fini(); |
1117 | nf_conntrack_proto_fini(); | 1122 | nf_conntrack_proto_fini(); |
1118 | kmem_cache_destroy(nf_conntrack_cachep); | ||
1119 | } | 1123 | } |
1120 | 1124 | ||
1121 | static void nf_conntrack_cleanup_net(struct net *net) | 1125 | static void nf_conntrack_cleanup_net(struct net *net) |
@@ -1127,15 +1131,14 @@ static void nf_conntrack_cleanup_net(struct net *net) | |||
1127 | schedule(); | 1131 | schedule(); |
1128 | goto i_see_dead_people; | 1132 | goto i_see_dead_people; |
1129 | } | 1133 | } |
1130 | /* wait until all references to nf_conntrack_untracked are dropped */ | ||
1131 | while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1) | ||
1132 | schedule(); | ||
1133 | 1134 | ||
1134 | nf_ct_free_hashtable(net->ct.hash, net->ct.hash_vmalloc, | 1135 | nf_ct_free_hashtable(net->ct.hash, net->ct.hash_vmalloc, |
1135 | nf_conntrack_htable_size); | 1136 | net->ct.htable_size); |
1136 | nf_conntrack_ecache_fini(net); | 1137 | nf_conntrack_ecache_fini(net); |
1137 | nf_conntrack_acct_fini(net); | 1138 | nf_conntrack_acct_fini(net); |
1138 | nf_conntrack_expect_fini(net); | 1139 | nf_conntrack_expect_fini(net); |
1140 | kmem_cache_destroy(net->ct.nf_conntrack_cachep); | ||
1141 | kfree(net->ct.slabname); | ||
1139 | free_percpu(net->ct.stat); | 1142 | free_percpu(net->ct.stat); |
1140 | } | 1143 | } |
1141 | 1144 | ||
@@ -1190,10 +1193,12 @@ int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp) | |||
1190 | { | 1193 | { |
1191 | int i, bucket, vmalloced, old_vmalloced; | 1194 | int i, bucket, vmalloced, old_vmalloced; |
1192 | unsigned int hashsize, old_size; | 1195 | unsigned int hashsize, old_size; |
1193 | int rnd; | ||
1194 | struct hlist_nulls_head *hash, *old_hash; | 1196 | struct hlist_nulls_head *hash, *old_hash; |
1195 | struct nf_conntrack_tuple_hash *h; | 1197 | struct nf_conntrack_tuple_hash *h; |
1196 | 1198 | ||
1199 | if (current->nsproxy->net_ns != &init_net) | ||
1200 | return -EOPNOTSUPP; | ||
1201 | |||
1197 | /* On boot, we can set this without any fancy locking. */ | 1202 | /* On boot, we can set this without any fancy locking. */ |
1198 | if (!nf_conntrack_htable_size) | 1203 | if (!nf_conntrack_htable_size) |
1199 | return param_set_uint(val, kp); | 1204 | return param_set_uint(val, kp); |
@@ -1206,33 +1211,29 @@ int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp) | |||
1206 | if (!hash) | 1211 | if (!hash) |
1207 | return -ENOMEM; | 1212 | return -ENOMEM; |
1208 | 1213 | ||
1209 | /* We have to rehahs for the new table anyway, so we also can | ||
1210 | * use a newrandom seed */ | ||
1211 | get_random_bytes(&rnd, sizeof(rnd)); | ||
1212 | |||
1213 | /* Lookups in the old hash might happen in parallel, which means we | 1214 | /* Lookups in the old hash might happen in parallel, which means we |
1214 | * might get false negatives during connection lookup. New connections | 1215 | * might get false negatives during connection lookup. New connections |
1215 | * created because of a false negative won't make it into the hash | 1216 | * created because of a false negative won't make it into the hash |
1216 | * though since that required taking the lock. | 1217 | * though since that required taking the lock. |
1217 | */ | 1218 | */ |
1218 | spin_lock_bh(&nf_conntrack_lock); | 1219 | spin_lock_bh(&nf_conntrack_lock); |
1219 | for (i = 0; i < nf_conntrack_htable_size; i++) { | 1220 | for (i = 0; i < init_net.ct.htable_size; i++) { |
1220 | while (!hlist_nulls_empty(&init_net.ct.hash[i])) { | 1221 | while (!hlist_nulls_empty(&init_net.ct.hash[i])) { |
1221 | h = hlist_nulls_entry(init_net.ct.hash[i].first, | 1222 | h = hlist_nulls_entry(init_net.ct.hash[i].first, |
1222 | struct nf_conntrack_tuple_hash, hnnode); | 1223 | struct nf_conntrack_tuple_hash, hnnode); |
1223 | hlist_nulls_del_rcu(&h->hnnode); | 1224 | hlist_nulls_del_rcu(&h->hnnode); |
1224 | bucket = __hash_conntrack(&h->tuple, hashsize, rnd); | 1225 | bucket = __hash_conntrack(&h->tuple, hashsize, |
1226 | nf_conntrack_hash_rnd); | ||
1225 | hlist_nulls_add_head_rcu(&h->hnnode, &hash[bucket]); | 1227 | hlist_nulls_add_head_rcu(&h->hnnode, &hash[bucket]); |
1226 | } | 1228 | } |
1227 | } | 1229 | } |
1228 | old_size = nf_conntrack_htable_size; | 1230 | old_size = init_net.ct.htable_size; |
1229 | old_vmalloced = init_net.ct.hash_vmalloc; | 1231 | old_vmalloced = init_net.ct.hash_vmalloc; |
1230 | old_hash = init_net.ct.hash; | 1232 | old_hash = init_net.ct.hash; |
1231 | 1233 | ||
1232 | nf_conntrack_htable_size = hashsize; | 1234 | init_net.ct.htable_size = nf_conntrack_htable_size = hashsize; |
1233 | init_net.ct.hash_vmalloc = vmalloced; | 1235 | init_net.ct.hash_vmalloc = vmalloced; |
1234 | init_net.ct.hash = hash; | 1236 | init_net.ct.hash = hash; |
1235 | nf_conntrack_hash_rnd = rnd; | ||
1236 | spin_unlock_bh(&nf_conntrack_lock); | 1237 | spin_unlock_bh(&nf_conntrack_lock); |
1237 | 1238 | ||
1238 | nf_ct_free_hashtable(old_hash, old_vmalloced, old_size); | 1239 | nf_ct_free_hashtable(old_hash, old_vmalloced, old_size); |
@@ -1271,15 +1272,6 @@ static int nf_conntrack_init_init_net(void) | |||
1271 | NF_CONNTRACK_VERSION, nf_conntrack_htable_size, | 1272 | NF_CONNTRACK_VERSION, nf_conntrack_htable_size, |
1272 | nf_conntrack_max); | 1273 | nf_conntrack_max); |
1273 | 1274 | ||
1274 | nf_conntrack_cachep = kmem_cache_create("nf_conntrack", | ||
1275 | sizeof(struct nf_conn), | ||
1276 | 0, SLAB_DESTROY_BY_RCU, NULL); | ||
1277 | if (!nf_conntrack_cachep) { | ||
1278 | printk(KERN_ERR "Unable to create nf_conn slab cache\n"); | ||
1279 | ret = -ENOMEM; | ||
1280 | goto err_cache; | ||
1281 | } | ||
1282 | |||
1283 | ret = nf_conntrack_proto_init(); | 1275 | ret = nf_conntrack_proto_init(); |
1284 | if (ret < 0) | 1276 | if (ret < 0) |
1285 | goto err_proto; | 1277 | goto err_proto; |
@@ -1288,13 +1280,19 @@ static int nf_conntrack_init_init_net(void) | |||
1288 | if (ret < 0) | 1280 | if (ret < 0) |
1289 | goto err_helper; | 1281 | goto err_helper; |
1290 | 1282 | ||
1283 | /* Set up fake conntrack: to never be deleted, not in any hashes */ | ||
1284 | #ifdef CONFIG_NET_NS | ||
1285 | nf_conntrack_untracked.ct_net = &init_net; | ||
1286 | #endif | ||
1287 | atomic_set(&nf_conntrack_untracked.ct_general.use, 1); | ||
1288 | /* - and look it like as a confirmed connection */ | ||
1289 | set_bit(IPS_CONFIRMED_BIT, &nf_conntrack_untracked.status); | ||
1290 | |||
1291 | return 0; | 1291 | return 0; |
1292 | 1292 | ||
1293 | err_helper: | 1293 | err_helper: |
1294 | nf_conntrack_proto_fini(); | 1294 | nf_conntrack_proto_fini(); |
1295 | err_proto: | 1295 | err_proto: |
1296 | kmem_cache_destroy(nf_conntrack_cachep); | ||
1297 | err_cache: | ||
1298 | return ret; | 1296 | return ret; |
1299 | } | 1297 | } |
1300 | 1298 | ||
@@ -1316,7 +1314,24 @@ static int nf_conntrack_init_net(struct net *net) | |||
1316 | ret = -ENOMEM; | 1314 | ret = -ENOMEM; |
1317 | goto err_stat; | 1315 | goto err_stat; |
1318 | } | 1316 | } |
1319 | net->ct.hash = nf_ct_alloc_hashtable(&nf_conntrack_htable_size, | 1317 | |
1318 | net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net); | ||
1319 | if (!net->ct.slabname) { | ||
1320 | ret = -ENOMEM; | ||
1321 | goto err_slabname; | ||
1322 | } | ||
1323 | |||
1324 | net->ct.nf_conntrack_cachep = kmem_cache_create(net->ct.slabname, | ||
1325 | sizeof(struct nf_conn), 0, | ||
1326 | SLAB_DESTROY_BY_RCU, NULL); | ||
1327 | if (!net->ct.nf_conntrack_cachep) { | ||
1328 | printk(KERN_ERR "Unable to create nf_conn slab cache\n"); | ||
1329 | ret = -ENOMEM; | ||
1330 | goto err_cache; | ||
1331 | } | ||
1332 | |||
1333 | net->ct.htable_size = nf_conntrack_htable_size; | ||
1334 | net->ct.hash = nf_ct_alloc_hashtable(&net->ct.htable_size, | ||
1320 | &net->ct.hash_vmalloc, 1); | 1335 | &net->ct.hash_vmalloc, 1); |
1321 | if (!net->ct.hash) { | 1336 | if (!net->ct.hash) { |
1322 | ret = -ENOMEM; | 1337 | ret = -ENOMEM; |
@@ -1333,15 +1348,6 @@ static int nf_conntrack_init_net(struct net *net) | |||
1333 | if (ret < 0) | 1348 | if (ret < 0) |
1334 | goto err_ecache; | 1349 | goto err_ecache; |
1335 | 1350 | ||
1336 | /* Set up fake conntrack: | ||
1337 | - to never be deleted, not in any hashes */ | ||
1338 | #ifdef CONFIG_NET_NS | ||
1339 | nf_conntrack_untracked.ct_net = &init_net; | ||
1340 | #endif | ||
1341 | atomic_set(&nf_conntrack_untracked.ct_general.use, 1); | ||
1342 | /* - and look it like as a confirmed connection */ | ||
1343 | set_bit(IPS_CONFIRMED_BIT, &nf_conntrack_untracked.status); | ||
1344 | |||
1345 | return 0; | 1351 | return 0; |
1346 | 1352 | ||
1347 | err_ecache: | 1353 | err_ecache: |
@@ -1350,8 +1356,12 @@ err_acct: | |||
1350 | nf_conntrack_expect_fini(net); | 1356 | nf_conntrack_expect_fini(net); |
1351 | err_expect: | 1357 | err_expect: |
1352 | nf_ct_free_hashtable(net->ct.hash, net->ct.hash_vmalloc, | 1358 | nf_ct_free_hashtable(net->ct.hash, net->ct.hash_vmalloc, |
1353 | nf_conntrack_htable_size); | 1359 | net->ct.htable_size); |
1354 | err_hash: | 1360 | err_hash: |
1361 | kmem_cache_destroy(net->ct.nf_conntrack_cachep); | ||
1362 | err_cache: | ||
1363 | kfree(net->ct.slabname); | ||
1364 | err_slabname: | ||
1355 | free_percpu(net->ct.stat); | 1365 | free_percpu(net->ct.stat); |
1356 | err_stat: | 1366 | err_stat: |
1357 | return ret; | 1367 | return ret; |
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index fdf5d2a1d9b..2f25ff61098 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c | |||
@@ -569,7 +569,7 @@ static void exp_proc_remove(struct net *net) | |||
569 | #endif /* CONFIG_PROC_FS */ | 569 | #endif /* CONFIG_PROC_FS */ |
570 | } | 570 | } |
571 | 571 | ||
572 | module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0600); | 572 | module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400); |
573 | 573 | ||
574 | int nf_conntrack_expect_init(struct net *net) | 574 | int nf_conntrack_expect_init(struct net *net) |
575 | { | 575 | { |
@@ -577,7 +577,7 @@ int nf_conntrack_expect_init(struct net *net) | |||
577 | 577 | ||
578 | if (net_eq(net, &init_net)) { | 578 | if (net_eq(net, &init_net)) { |
579 | if (!nf_ct_expect_hsize) { | 579 | if (!nf_ct_expect_hsize) { |
580 | nf_ct_expect_hsize = nf_conntrack_htable_size / 256; | 580 | nf_ct_expect_hsize = net->ct.htable_size / 256; |
581 | if (!nf_ct_expect_hsize) | 581 | if (!nf_ct_expect_hsize) |
582 | nf_ct_expect_hsize = 1; | 582 | nf_ct_expect_hsize = 1; |
583 | } | 583 | } |
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c index 65c2a7bc3af..4b1a56bd074 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c | |||
@@ -192,7 +192,7 @@ static void __nf_conntrack_helper_unregister(struct nf_conntrack_helper *me, | |||
192 | /* Get rid of expecteds, set helpers to NULL. */ | 192 | /* Get rid of expecteds, set helpers to NULL. */ |
193 | hlist_nulls_for_each_entry(h, nn, &net->ct.unconfirmed, hnnode) | 193 | hlist_nulls_for_each_entry(h, nn, &net->ct.unconfirmed, hnnode) |
194 | unhelp(h, me); | 194 | unhelp(h, me); |
195 | for (i = 0; i < nf_conntrack_htable_size; i++) { | 195 | for (i = 0; i < net->ct.htable_size; i++) { |
196 | hlist_nulls_for_each_entry(h, nn, &net->ct.hash[i], hnnode) | 196 | hlist_nulls_for_each_entry(h, nn, &net->ct.hash[i], hnnode) |
197 | unhelp(h, me); | 197 | unhelp(h, me); |
198 | } | 198 | } |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 42f21c01a93..0ffe689dfe9 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
@@ -594,7 +594,7 @@ ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb) | |||
594 | 594 | ||
595 | rcu_read_lock(); | 595 | rcu_read_lock(); |
596 | last = (struct nf_conn *)cb->args[1]; | 596 | last = (struct nf_conn *)cb->args[1]; |
597 | for (; cb->args[0] < nf_conntrack_htable_size; cb->args[0]++) { | 597 | for (; cb->args[0] < init_net.ct.htable_size; cb->args[0]++) { |
598 | restart: | 598 | restart: |
599 | hlist_nulls_for_each_entry_rcu(h, n, &init_net.ct.hash[cb->args[0]], | 599 | hlist_nulls_for_each_entry_rcu(h, n, &init_net.ct.hash[cb->args[0]], |
600 | hnnode) { | 600 | hnnode) { |
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 028aba667ef..e310f1561bb 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c | |||
@@ -51,7 +51,7 @@ static struct hlist_nulls_node *ct_get_first(struct seq_file *seq) | |||
51 | struct hlist_nulls_node *n; | 51 | struct hlist_nulls_node *n; |
52 | 52 | ||
53 | for (st->bucket = 0; | 53 | for (st->bucket = 0; |
54 | st->bucket < nf_conntrack_htable_size; | 54 | st->bucket < net->ct.htable_size; |
55 | st->bucket++) { | 55 | st->bucket++) { |
56 | n = rcu_dereference(net->ct.hash[st->bucket].first); | 56 | n = rcu_dereference(net->ct.hash[st->bucket].first); |
57 | if (!is_a_nulls(n)) | 57 | if (!is_a_nulls(n)) |
@@ -69,7 +69,7 @@ static struct hlist_nulls_node *ct_get_next(struct seq_file *seq, | |||
69 | head = rcu_dereference(head->next); | 69 | head = rcu_dereference(head->next); |
70 | while (is_a_nulls(head)) { | 70 | while (is_a_nulls(head)) { |
71 | if (likely(get_nulls_value(head) == st->bucket)) { | 71 | if (likely(get_nulls_value(head) == st->bucket)) { |
72 | if (++st->bucket >= nf_conntrack_htable_size) | 72 | if (++st->bucket >= net->ct.htable_size) |
73 | return NULL; | 73 | return NULL; |
74 | } | 74 | } |
75 | head = rcu_dereference(net->ct.hash[st->bucket].first); | 75 | head = rcu_dereference(net->ct.hash[st->bucket].first); |
@@ -355,7 +355,7 @@ static ctl_table nf_ct_sysctl_table[] = { | |||
355 | }, | 355 | }, |
356 | { | 356 | { |
357 | .procname = "nf_conntrack_buckets", | 357 | .procname = "nf_conntrack_buckets", |
358 | .data = &nf_conntrack_htable_size, | 358 | .data = &init_net.ct.htable_size, |
359 | .maxlen = sizeof(unsigned int), | 359 | .maxlen = sizeof(unsigned int), |
360 | .mode = 0444, | 360 | .mode = 0444, |
361 | .proc_handler = proc_dointvec, | 361 | .proc_handler = proc_dointvec, |
@@ -421,6 +421,7 @@ static int nf_conntrack_standalone_init_sysctl(struct net *net) | |||
421 | goto out_kmemdup; | 421 | goto out_kmemdup; |
422 | 422 | ||
423 | table[1].data = &net->ct.count; | 423 | table[1].data = &net->ct.count; |
424 | table[2].data = &net->ct.htable_size; | ||
424 | table[3].data = &net->ct.sysctl_checksum; | 425 | table[3].data = &net->ct.sysctl_checksum; |
425 | table[4].data = &net->ct.sysctl_log_invalid; | 426 | table[4].data = &net->ct.sysctl_log_invalid; |
426 | 427 | ||
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index a4957bf2ca6..4c5972ba8c7 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c | |||
@@ -455,9 +455,14 @@ static int netlink_create(struct net *net, struct socket *sock, int protocol, | |||
455 | if (nl_table[protocol].registered && | 455 | if (nl_table[protocol].registered && |
456 | try_module_get(nl_table[protocol].module)) | 456 | try_module_get(nl_table[protocol].module)) |
457 | module = nl_table[protocol].module; | 457 | module = nl_table[protocol].module; |
458 | else | ||
459 | err = -EPROTONOSUPPORT; | ||
458 | cb_mutex = nl_table[protocol].cb_mutex; | 460 | cb_mutex = nl_table[protocol].cb_mutex; |
459 | netlink_unlock_table(); | 461 | netlink_unlock_table(); |
460 | 462 | ||
463 | if (err < 0) | ||
464 | goto out; | ||
465 | |||
461 | err = __netlink_create(net, sock, cb_mutex, protocol); | 466 | err = __netlink_create(net, sock, cb_mutex, protocol); |
462 | if (err < 0) | 467 | if (err < 0) |
463 | goto out_module; | 468 | goto out_module; |
diff --git a/net/sched/Kconfig b/net/sched/Kconfig index 929218a4762..21f9c7678aa 100644 --- a/net/sched/Kconfig +++ b/net/sched/Kconfig | |||
@@ -433,7 +433,7 @@ config NET_ACT_POLICE | |||
433 | module. | 433 | module. |
434 | 434 | ||
435 | To compile this code as a module, choose M here: the | 435 | To compile this code as a module, choose M here: the |
436 | module will be called police. | 436 | module will be called act_police. |
437 | 437 | ||
438 | config NET_ACT_GACT | 438 | config NET_ACT_GACT |
439 | tristate "Generic actions" | 439 | tristate "Generic actions" |
@@ -443,7 +443,7 @@ config NET_ACT_GACT | |||
443 | accepting packets. | 443 | accepting packets. |
444 | 444 | ||
445 | To compile this code as a module, choose M here: the | 445 | To compile this code as a module, choose M here: the |
446 | module will be called gact. | 446 | module will be called act_gact. |
447 | 447 | ||
448 | config GACT_PROB | 448 | config GACT_PROB |
449 | bool "Probability support" | 449 | bool "Probability support" |
@@ -459,7 +459,7 @@ config NET_ACT_MIRRED | |||
459 | other devices. | 459 | other devices. |
460 | 460 | ||
461 | To compile this code as a module, choose M here: the | 461 | To compile this code as a module, choose M here: the |
462 | module will be called mirred. | 462 | module will be called act_mirred. |
463 | 463 | ||
464 | config NET_ACT_IPT | 464 | config NET_ACT_IPT |
465 | tristate "IPtables targets" | 465 | tristate "IPtables targets" |
@@ -469,7 +469,7 @@ config NET_ACT_IPT | |||
469 | classification. | 469 | classification. |
470 | 470 | ||
471 | To compile this code as a module, choose M here: the | 471 | To compile this code as a module, choose M here: the |
472 | module will be called ipt. | 472 | module will be called act_ipt. |
473 | 473 | ||
474 | config NET_ACT_NAT | 474 | config NET_ACT_NAT |
475 | tristate "Stateless NAT" | 475 | tristate "Stateless NAT" |
@@ -479,7 +479,7 @@ config NET_ACT_NAT | |||
479 | netfilter for NAT unless you know what you are doing. | 479 | netfilter for NAT unless you know what you are doing. |
480 | 480 | ||
481 | To compile this code as a module, choose M here: the | 481 | To compile this code as a module, choose M here: the |
482 | module will be called nat. | 482 | module will be called act_nat. |
483 | 483 | ||
484 | config NET_ACT_PEDIT | 484 | config NET_ACT_PEDIT |
485 | tristate "Packet Editing" | 485 | tristate "Packet Editing" |
@@ -488,7 +488,7 @@ config NET_ACT_PEDIT | |||
488 | Say Y here if you want to mangle the content of packets. | 488 | Say Y here if you want to mangle the content of packets. |
489 | 489 | ||
490 | To compile this code as a module, choose M here: the | 490 | To compile this code as a module, choose M here: the |
491 | module will be called pedit. | 491 | module will be called act_pedit. |
492 | 492 | ||
493 | config NET_ACT_SIMP | 493 | config NET_ACT_SIMP |
494 | tristate "Simple Example (Debug)" | 494 | tristate "Simple Example (Debug)" |
@@ -502,7 +502,7 @@ config NET_ACT_SIMP | |||
502 | If unsure, say N. | 502 | If unsure, say N. |
503 | 503 | ||
504 | To compile this code as a module, choose M here: the | 504 | To compile this code as a module, choose M here: the |
505 | module will be called simple. | 505 | module will be called act_simple. |
506 | 506 | ||
507 | config NET_ACT_SKBEDIT | 507 | config NET_ACT_SKBEDIT |
508 | tristate "SKB Editing" | 508 | tristate "SKB Editing" |
@@ -513,7 +513,7 @@ config NET_ACT_SKBEDIT | |||
513 | If unsure, say N. | 513 | If unsure, say N. |
514 | 514 | ||
515 | To compile this code as a module, choose M here: the | 515 | To compile this code as a module, choose M here: the |
516 | module will be called skbedit. | 516 | module will be called act_skbedit. |
517 | 517 | ||
518 | config NET_CLS_IND | 518 | config NET_CLS_IND |
519 | bool "Incoming device classification" | 519 | bool "Incoming device classification" |