What is unconfirmed connection in one netns can very well be confirmed in another. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/net/netfilter/nf_conntrack_core.h | 1 - include/net/netns/conntrack.h | 2 ++ net/netfilter/nf_conntrack_core.c | 6 +++--- net/netfilter/nf_conntrack_helper.c | 3 +-- 4 files changed, 6 insertions(+), 6 deletions(-) --- a/include/net/netfilter/nf_conntrack_core.h +++ ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- net/bridge/br_netfilter.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -357,7 +357,7 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb) if (err != -EHOSTUNREACH || !in_dev || IN_DEV_FORWARD(in_dev)) goto free_skb; - if (!ip_route_output_key(&init_net, &rt, &fl)) { + if (!ip_route_output_key(dev_net(dev), &rt, &fl)) { /* - ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/net/netns/bridge.h | 1 net/bridge/netfilter/ebtable_filter.c | 51 ++++++++++++++++++++++++---------- 2 files changed, 38 insertions(+), 14 deletions(-) --- a/include/net/netns/bridge.h +++ b/include/net/netns/bridge.h @@ -6,5 +6,6 @@ struct netns_br { struct list_head ebt_tables; struct ebt_table *broute_table; + struct ebt_table *frame_filter; }; #endif --- ...

So far it wasn't needed, because modules were pinned just right to prevent ebtables from unloading when cleanup was necessary. ebt_unregster_table() is called during netns stop now, so... Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- net/bridge/netfilter/ebtables.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1262,6 +1262,8 @@ void ebt_unregister_table(struct ebt_table *table) ...

* make registered ebtables list per-netns * for that, duplicate table at the very beginning of register, we can't add one table to multiple lists. * propagate netns from userspace socket down to iterators over list, * register individual modules only in init_net for a minute. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/linux/netfilter_bridge/ebtables.h | 2 include/net/net_namespace.h | 4 + include/net/netns/bridge.h | 9 +++ ...

Bridge as netdevice doesn't cross netns boundaries. Bridge ports and bridge itself live in same netns. Notifiers are fixed. netns propagated from userspace socket. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- net/bridge/br_device.c | 3 ++- net/bridge/br_if.c | 11 ++++++----- net/bridge/br_ioctl.c | 20 ++++++++++---------- net/bridge/br_netlink.c | 15 +++++---------- net/bridge/br_notify.c | 3 --- net/bridge/br_private.h | 4 ++-- ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- net/ipv4/netfilter/nf_nat_rule.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c @@ -91,13 +91,13 @@ static unsigned int ipt_snat_target(struct sk_buff *skb, } /* Before 2.6.11 we did implicit source NAT if required. Warn about change. */ -static void warn_if_extra_mangle(__be32 dstip, __be32 srcip) +static void ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/net/netns/ipv4.h | 2 + net/ipv4/netfilter/nf_nat_core.c | 71 +++++++++++++++++++++++---------------- 2 files changed, 45 insertions(+), 28 deletions(-) --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h @@ -39,6 +39,8 @@ struct netns_ipv4 { struct xt_table *arptable_filter; struct xt_table *iptable_security; struct xt_table *nat_table; + struct ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- net/netfilter/nf_conntrack_pptp.c | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) --- a/net/netfilter/nf_conntrack_pptp.c +++ b/net/netfilter/nf_conntrack_pptp.c @@ -121,7 +121,7 @@ static void pptp_expectfn(struct nf_conn *ct, pr_debug("trying to unexpect other dir: "); nf_ct_dump_tuple(&inv_t); - exp_other = nf_ct_expect_find_get(&init_net, &inv_t); + exp_other = ...

* make keymap list per-netns * do the same for lock while I'm at it (not strictly necessary) * flush keymap at netns stop and module unload time. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/linux/netfilter/nf_conntrack_proto_gre.h | 2 net/netfilter/nf_conntrack_pptp.c | 2 net/netfilter/nf_conntrack_proto_gre.c | 98 +++++++++++++++++------ 3 files changed, 76 insertions(+), 26 deletions(-) --- ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- net/netfilter/nf_conntrack_sip.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c @@ -775,7 +775,7 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, rcu_read_lock(); do { - exp = __nf_ct_expect_find(&init_net, &tuple); + exp = __nf_ct_expect_find(nf_ct_net(ct), &tuple); if (!exp || exp->master == ct || ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/net/netfilter/nf_conntrack_l4proto.h | 15 +++++++-------- include/net/netns/conntrack.h | 1 + net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 2 +- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 6 +++--- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 2 +- net/netfilter/nf_conntrack_core.c | 1 - net/netfilter/nf_conntrack_proto_dccp.c | 10 ++++++---- ...

Note, sysctl table is always duplicated, this is simpler, less special-cased, less mistakes (and did one mistake in first version of this patch). Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/net/netns/conntrack.h | 4 + net/netfilter/nf_conntrack_standalone.c | 73 +++++++++++++++++--------------- 2 files changed, 44 insertions(+), 33 deletions(-) --- a/include/net/netns/conntrack.h +++ b/include/net/netns/conntrack.h @@ -5,6 +5,7 @@ #include ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/net/netfilter/nf_conntrack.h | 8 +-- include/net/netns/conntrack.h | 1 net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | 4 - net/netfilter/nf_conntrack_core.c | 47 +++++++++--------- net/netfilter/nf_conntrack_expect.c | 4 - net/netfilter/nf_conntrack_standalone.c | 5 - 6 files changed, 36 insertions(+), 33 ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/net/netfilter/nf_conntrack_ecache.h | 27 +++++++++++++++++-------- include/net/netns/conntrack.h | 5 ++++ net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 4 ++- net/ipv4/netfilter/nf_nat_helper.c | 2 - net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 4 ++- net/netfilter/nf_conntrack_core.c | 23 +++++++++++++-------- net/netfilter/nf_conntrack_ecache.c ...

Make untracked conntrack per-netns. Compare conntracks with relevant untracked one. The following code you'll start laughing at this code: if (ct == ct->ct_net->ct.untracked) ... let me remind you that ->ct_net is set in only one place, and never overwritten later. All of this requires some surgery with headers, otherwise horrible circular dependencies. And we lost nf_ct_is_untracked() as function, it became macro. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- net/netfilter/nf_conntrack_helper.c | 41 +++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 17 deletions(-) --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c @@ -123,29 +123,18 @@ int nf_conntrack_helper_register(struct nf_conntrack_helper *me) } EXPORT_SYMBOL_GPL(nf_conntrack_helper_register); -void nf_conntrack_helper_unregister(struct nf_conntrack_helper *me) +static ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | 60 ++++++++++++------ 1 file changed, 40 insertions(+), 20 deletions(-) --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c @@ -21,18 +21,20 @@ #include <net/netfilter/nf_conntrack_acct.h> struct ct_iter_state { + struct seq_net_private p; unsigned int bucket; }; static struct hlist_node ...

Statistics part of stat/nf_conntrack is from init_net, this is temporary. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- net/netfilter/nf_conntrack_standalone.c | 52 +++++++++++++++++++------------- 1 file changed, 31 insertions(+), 21 deletions(-) --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -40,18 +40,20 @@ print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple, EXPORT_SYMBOL_GPL(print_tuple); struct ...

It's deducible as is, but it's also known at nf_conntrack_in() time allowing to not branch and make code simpler later. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/net/netfilter/nf_conntrack_core.h | 2 +- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 4 ++-- net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 24 ++++++++++++++++-------- net/netfilter/nf_conntrack_core.c | 11 +++++------ 4 files changed, 24 insertions(+), 17 ...

Make per-netns expectation hash and expectation count. Expectation always belongs to netns to which it's master conntrack belongs. This is natural and allows to not bloat expectations. Proc files and leaf users in protocol modules are stubbed to init_net, this is temporary. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/net/netfilter/nf_conntrack_expect.h | 20 ++++-- include/net/netns/conntrack.h | 3 + ...

Conntrack (struct nf_conn) gets pointer to netns: ->ct_net -- netns in which it was created. It comes from netdevice. ->ct_net is write-once field. Every conntrack in system has ->ct_net initialized, no exceptions. ->ct_net doesn't pin netns: conntracks are recycled after timeouts and pinning background traffic will prevent netns from even starting shutdown sequence. Right now every conntrack is created in init_net. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- net/ipv6/netfilter/ip6t_REJECT.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c @@ -35,7 +35,7 @@ MODULE_DESCRIPTION("Xtables: packet \"rejection\" target for IPv6"); MODULE_LICENSE("GPL"); /* Send RST reply */ -static void send_reset(struct sk_buff *oldskb) +static void send_reset(struct net *net, struct sk_buff ...

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- net/ipv6/netfilter/ip6table_raw.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c @@ -45,25 +45,37 @@ static struct xt_table packet_raw = { /* The work comes in here from netfilter.c. */ static unsigned int -ip6t_hook(unsigned int hook, +ip6t_pre_routing_hook(unsigned int hook, struct sk_buff *skb, const struct ...

On Thu, 21 Aug 2008 23:47:34 +0200 Also needed in 2.6.25.x and 2.6.26.x, yes? --

The leak hurts with swiotlb and jumbo frames (see http://bugzilla.kernel.org/show_bug.cgi?id=9468). Heavily hinted by Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>. Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> Tested-by: Alistair John Strachan <alistair@devzero.co.uk> Tested-by: Timothy J Fontaine <tjfontaine@atxconsulting.com> Cc: Edward Hsu <edward_hsu@realtek.com.tw> --- drivers/net/r8169.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git ...

Smack needs to call netlbl_skbuff_err() to let NetLabel do the necessary protocol specific error handling. Signed-off-by: XXX --- security/smack/smack_lsm.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 87d7541..6e2dc0b 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2179,7 +2179,10 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) * ...

NetLabel has always had a list of backpointers in the CIPSO DOI definition structure which pointed to the NetLabel LSM domain mapping structures which referenced the CIPSO DOI struct. The rationale for this was that when an administrator removed a CIPSO DOI from the system all of the associated NetLabel LSM domain mappings should be removed as well; a list of backpointers made this a simple operation. Unfortunately, while the backpointers did make the removal easier they were a bit of a mess ...

Add the necessary NetLabel support for the new CIPSO mapping, CIPSO_V4_MAP_LOCAL, which allows full LSM label/context support. Signed-off-by: XXX --- net/netlabel/netlabel_cipso_v4.c | 41 ++++++++++++++++++++++++++++++++++++++ net/netlabel/netlabel_cipso_v4.h | 6 ++++-- net/netlabel/netlabel_kapi.c | 3 +++ 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c index a6dc5d1..aa87568 100644 --- ...

After some discussions with the Smack folks, well just Casey, I now have a better idea of what Smack wants out of NetLabel in the future so I think it is now safe to do some API "pruning". If another LSM comes along that needs this functionality we can always add it back in, but I don't see any LSMs on the horizon which might make use of these functions. Thanks to Rami Rosen who suggested removing netlbl_cfg_cipsov4_del() back in February 2008. Signed-off-by: Paul Moore ...

Another update to the labeled networking patches for 2.6.28. This revision adds some small fixes, the dead-code removal patch posted earlier, and the big addition ... wait for it ... full LSM label/context support for local connections. This is accomplished by creating a new, private CIPSO tag type (allowed by the spec with a tag number > 127) which carries the LSM's secid value, allowing full LSM contexts to be carried across local connections without the headaches of labeled IPsec. For ...

This patch extends the NetLabel traffic labeling capabilities to individual packets based not only on the LSM domain but the by the destination address as well. The changes here only affect the core NetLabel infrastructre, changes to the NetLabel KAPI and individial protocol engines are also required but are split out into a different patch to ease review. Signed-off-by: XXX --- include/net/netlabel.h | 7 - net/netlabel/netlabel_addrlist.c | 130 ++++++++++++ ...

Previous work enabled the use of address based NetLabel selectors, which while highly useful, brought the potential for additional per-packet overhead when used. This patch attempts to solve that by applying NetLabel socket labels when sockets are connect()'d. This should alleviate the per-packet NetLabel labeling for all connected sockets (yes, it even works for connected DGRAM sockets). Signed-off-by: XXX --- include/net/cipso_ipv4.h | 5 ++ include/net/netlabel.h ...

The socket could become unwritable for various reasons between poll() returning and the send() call. This shouldn't happen very often, but if the system is under memory pressure and needs to page in data between those two calls, that race window can get rather large. You might want to increase your TCP buffer sizes, either per-socket with setsockopt, or system-wide with sysctl. -- Chris --

Hi Jeff, Please find our new 10Gb ethernet driver at the following site: ftp://ftp.qlogic.com/outgoing/linux/network/linux/upstream/qlge There are two files at this location: qlge-aug212008.patch - A full patch that is buildable on the latest netdev/upstream kernel. qlge-aug212008.tar.bz2 - A zip file of the source code at drivers/net/qlge/* We are targeting this driver for 2.6.28 release. We look forward to any and all comments. Notes: 1) The file qlge_mpi.c (Management Port ...

This updates the option-parsing code with regard to RFC 4340, 5.8: "[..] options with nonsensical lengths (length byte less than two or more than the remaining space in the options portion of the header) MUST be ignored, and any option space following an option with nonsensical length MUST likewise be ignored." Hence in the following cases erratic options will be ignored: 1. The type byte of a multi-byte option is the last byte of the header options (effective option length is 1). ...

This updates the use of the `out_invalid_option' label, which produces a Reset (code 5, "Option Error"), to fill in the Data1...Data3 fields as specified in RFC 4340, 5.6. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk> --- net/dccp/options.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) --- a/net/dccp/options.c +++ b/net/dccp/options.c @@ -291,6 +291,9 @@ out_invalid_option: DCCP_INC_STATS_BH(DCCP_MIB_INVALIDOPT); DCCP_SKB_CB(skb)->dccpd_reset_code = ...

Oh, well that's easy. (See below.) I assumed you needed the data for a hanging kernel, not one with the workaround enabled. I can still try to provide the output of the printk's in your patch later, in that would have any value. Here is 'dmesg' for a recent kernel with "hpet=disable": ================================== $ git show |head commit 30a2f3c60a84092c8084dfe788b710f8d0768cd4 Author: Linus Torvalds <torvalds@linux-foundation.org> Date: Tue Aug 12 18:55:39 2008 -0700 ...

I'm hitting the __netif_schedule warning on 82566DC/e1000e with rc4. This link hasn't gone up/down before in the past. It is a 24in cable to the switch. eth0: Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX eth0: Link is Down eth0: Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX ------------[ cut here ]------------ WARNING: at net/core/dev.c:1330 __netif_schedule+0x24/0x6a() Modules linked in: nfsd exportfs container battery nfs lockd sunrpc vfat fat nvidia(P) snd_hda_intel ...

From: Martin Schwidefsky <schwidefsky@de.ibm.com> probe_error() frees memory only, if cgdev->dev.driver_data refers to the claw_privbk structure. Move forward its setting in claw_probe() to ensure proper freeing of claw_privbk allocations. Cc: Daniel <danielm77@spray.se> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com> --- drivers/s390/net/claw.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 ...

From: Klaus-D. Wacker <kdwacker@de.ibm.com> LCS recovery dumps in irq routine when CCW address in Subchannel Status Word (SCSW) is zero. This occurs when recovery is driven after cable reconnect. Signed-off-by: Klaus-D. Wacker <kdwacker@de.ibm.com> Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com> --- drivers/s390/net/lcs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -urpN linux-2.6/drivers/s390/net/lcs.c linux-2.6-patched/drivers/s390/net/lcs.c --- ...

with hpet=disable? YH --

Thanks for this! I am not a developer, so I am not familiar with all of the little tweaks available in the kernel configs -- I've probably seen this dozens of times, but ignored it because I wasn't debugging. Now that I _am_ debugging, I wish I had paid more attention. When I tried it, my kernel hung much earlier in the boot process. The help text for CONFIG_BOOT_PRINTK_DELAY even mentions that this can be a problems on SMP systems, and that is exactly what I have. Bummer. Thanks ...

Caused by: commit 405666db84b984b68fc75794069f424c02e5796c Author: Denis V. Lunev <den@openvz.org> Date: Fri Feb 29 11:16:46 2008 -0800 [ICMP]: Pass proper ICMP socket into icmp(v6)_xmit_(un)lock. We need to disable preemption (was provided by disabling BH) before getting the per-cpu ICMP socket. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: ...

From: adobriyan@gmail.com --

From: adobriyan@gmail.com It's a simple transmit timeout error. Perhaps atl1 doesn't call netif_carrier_off() in all the places that it should. --

Hi, I start with the context, patch-related information follow. XFRM supports a feature called MIGRATE, used by MIPv6 for the purpose of IPsec SP/SA updates upon movement. It was integrated some time ago by people of USAGI (Masahide Nakamura, Shinta Sugimoto and possibly others). Sugimoto-san and Nakamura-san (in CC) also published a document (IETF draft, see [1]) which specifies the original PF_KEY MIGRATE mechanism. Because MIGRATE was not sufficient for bootstrapping IKE negotiation ...

[Empty message]

On Thu, 21 Aug 2008 18:36:15 +1000 Acked-by: Matt LaPlante <kernel1@cyberdogtech.com> Thanks for the quick fix! -- Matt LaPlante --

Couldn't you play with CONFIG_BOOT_PRINTK_DELAY? -- i. --

Yinghai, Please advise me on how you would like me to handle 2.6.27 kernels. If I use your patch on 2.6.27-rc3, the message scroll off the 80x25 screen before I can see them... and then the kernel hangs. I can run the kernel with "hpet=disable", but I'm not sure you want that. If you _do_ want that, just let me know. As an alternative, I can alter your patch to use a log level of something lower, like KERN_WARNING. Then I could see the messages from your patch if I set a "loglevel=4" ...

skb_over_panic: text:ffffffff8056cec7 len:27760 put:27760 head:ffff880821c9b800 data:ffff880821c9b812 tail:0x6c82 end:0x680 dev:eth10 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:128! invalid opcode: 0000 [1] SMP Dumping ftrace buffer: (ftrace buffer empty) CPU 0 Modules linked in: Pid: 0, comm: swapper Not tainted 2.6.27-rc3-tip-00674-g64e34ec-dirty #126 RIP: 0010:[<ffffffff8089c163>] [<ffffffff8089c163>] skb_put+0x82/0x8e RSP: 0018:ffffffff80fa2d30 EFLAGS: ...

Andrew, David This problem is not limited to only the reported socket option. Most of the AUTH socket options suffer the same or similar issues. Here is a patch that fixes all the issues I saw the the API. The new tests for this API have been created and all of them have passed. -vlad sctp: fix potential panics in the SCTP-AUTH API. All of the SCTP-AUTH socket options could cause a panic if the extension is disabled and the API is envoked. Additionally, there were some additional ...

Ahh, what an error I made! I made at least 3 errors in that post, and OK, this was my first error. My first experiment -- leave request_resource() alone, and move the additions of the kernel memory regions to setup_arch() -- produced a booting kernel. When that happened, I was already late for work... so I produced the output of 'cat /proc/iomem' from that kernel and moved on to my second test I simply forgot to include the output in my message because I was rushing to get out of the ...

Agreed, I don't see a reason why it wouldn't need the lock. Applied, thanks. I'll also push this one to -stable. --

Acked by: Brian King <brking@linux.vnet.ibm.com> -- Brian King Linux on Power Virtualization IBM Linux Technology Center --

Yup, this patch also works. tjfontaine

Thanks, I guess I should start basing all of my IPVS patches on this tree rather than net-2.6? Julius -- Google Switzerland GmbH --

Other than the packet format of the sync deamon, are there any fundamental restrictions here? If we extended the sync daemon, could it work? If so, perhaps we could rev the sync deamon protocol and fix a few other kinks, like the handling of timeouts and the Unfortunately (or fortunately depending on how you look at it), I'm going to be away skiing for the next couple of days. Apologies for the slow responses that will lead to. --

I wonder if there are some spare bits inside the flags member of ip_vs_scheduler that could be used for this purpose? Otherwise, I'm fine with this, we can juggle things around later to use the other bits in supports_ipv6 for other things if and when the need arises. Here is a version that applies against lvs-2.6 From: Julius Volz <juliusv@google.com> IPVS: Add IPv6 support flag to schedulers Add 'supports_ipv6' flag to struct ip_vs_scheduler to indicate whether a scheduler supports ...

Thanks. Here are a few thoughts I have had in my breif overview of the code so far - mainly just simple style things. If any of my comments are obviously stupid, please just say so as I haven't got to the end of the series yet and I'm sure some of my questions are answered in the code. [PATCH RFC 01/24] IPVS: Add genetlink interface definitions to ip_vs.h [PATCH RFC 02/24] IPVS: Add genetlink interface implementation * Already in lvs-2.6. Are there any changes? [PATCH RFC 02/24] ...

Ok, maybe the problem with this is more what it says before the definition of __constant_htons() in include/linux/byteorder.h? ---- /* * These helpers could be phased out over time as the base version * handles constant folding. */ --- Which is probably the reason why it shouldn't be used anymore? So although it's probably doing the right thing already, I'll just change it to htons() and everyone should be happy... Julius -- Google Switzerland GmbH --

Thanks for looking at this, no problem. I know it's a bit much to digest, but I think there is no smaller part that I could post that is No, those are just exactly what I sent you before. I included them because I was basing it on net-2.6. Btw., David just announced that he opened net-next-2.6, so perhaps he (IPV6 = y || IP_VS = IPV6) means that this option will only be visible if either CONFIG_IPV6 is set to Y or if both CONFIG_IPV6 and CONFIG_IP_VS are modules (if both are off, the ...

I think the __constant one is for initializations. All I know is that someone (Stephen Hemminger?) always points this out in other patchsets, I didn't look too closely, there's a lot of patches! :) Doing it in a separate patch is probably a good idea though. -Brian --

Thanks. That does fix the 0.0.0.0 problem that I was seeing. --

It may be different versions of ASF. Try ethtool -i eth0. It may tell us the firmware version. --

Hi, Your patch did not apply cleanly, but I've done all the manual work and pushed UBIFS-related part of it to ubifs-2.6.git. Thanks. -- Best regards, Artem Bityutskiy (Битюцкий Артём) --

But if I get above right, you acknowledge the problem currently exists? Jarek P. --

On Thu, Aug 21, 2008 at 04:10:24PM +1000, Herbert Xu wrote: We need to check if something depends on &noop_qdisc returned in the similar state. Otherwise, there is a bit too much possibilities here, so it would be nice to simplify this all. Thanks, Jarek P. --

So, what I was most suspicious of, cls_u32, looks like safe wrt. this. Congratulations for good estimation of this. But how about this part in qdisc_destroy(): if (qdisc->parent) list_del(&qdisc->list); If we do this with child qdisc from qdisc_graft() it's without deactivation. The rest of the tree can be dequeued in the meantime and call qdisc_tree_decrease_qlen() (like hfsc, tbf, netem), which uses qdisc_lookup() to access this list. We list_del() under ...

On Thu, Aug 21, 2008 at 08:27:21AM +0000, Jarek Poplawski wrote: ...and it's OK, yet. Sorry, Jarek P. --

Alas I've to have a break now, anyway I think for now "my" proposal should be safer since it worked like this before... But of course after good checking your patch should be better. --

Good catch. Longer term we should fix it so that it doesn't do the silly lookup at run-time. In fact we'll be getting rid of requeue so there will be no need to do this in TBF at all. However, for now please create a patch to put a pair of root locks around the list_del in qdisc_destroy. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: ...

This list should only be used by things like qdisc_lookup which occurs under the RTNL. The actual packet processing certainly should not be walking a linked list. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt --

You're right, this doesn't work at all. In fact it's been broken even before we removed the root lock. The problem is that we used to have one big linked list for each device. That was protected by the device qdisc lock. Now we have one list for each txq and qdisc_lookup walks every single txq. This means that no single qdisc root lock can protect this anymore. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: ...

Actually, why do we even keep a netdev_queue pointer in a qdisc? A given qdisc can be used by multiple queues (which is why the lock was moved into the qdisc in the first place). How about keeping a pointer directly to the root qdisc plus a pointer to the netdev (which seems to be the only other use for qdisc->dev_queue)? That way there won't be any confusion as to whether we want the sleeping or non-sleeping qdisc. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ...

OK I've lost track of what you were trying to say. Could you please just restate the problem you saw? Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt --

Ugly as it may look, I think this is probably the best fix for now. For 2.6.28 we can fix it properly and remove this eyesore :) Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt --

From: Jarek Poplawski <jarkao2@gmail.com> Grrr... :-) Note that this only happens when my arch nemesis, ->requeue(), fails. Same applies to the netem case, and hfsc's "peek". All other qdisc_tree_decrease_qlen() users hold RTNL. Really, it proves ->requeue() should die, and be replaced with "peek" and "unlink" methods. --

I don't think there could be such a problem, since nobody should look for such a destroyed qdisc: they look for their ancestors only. Anyway, I can't do this patch before evening, so I wait for suggestions or you could simply do it as you wish, no problem. Cheers, Jarek P. --

On Wed, Aug 20, 2008 at 11:56:56AM +0000, Jarek Poplawski wrote: Actually, this patch is "no good" (wrong root qdisc). David, please don't apply - I'll send it redone. Thanks, --

---------------> (take 2) pkt_sched: Fix qdisc_watchdog() vs. dev_deactivate() race dev_deactivate() can skip rescheduling of a qdisc by qdisc_watchdog() or other timer calling netif_schedule() after dev_queue_deactivate(). We prevent this checking aliveness before scheduling the timer. Since during deactivation the root qdisc is available only as qdisc_sleeping additional accessor qdisc_root_sleeping() is created. With feedback from Herbert Xu ...

I mean here: hfsc_dequeue(), netem_dequeue() and tbf_dequeue(). Jarek P. --

Sure, here is a scenario: cpu1 cpu2 rtnl_lock() qdisc_graft() // parent != NULL ->cops-graft() notify_and_destroy() qdisc_run() spin_lock(root_lock) qdisc_destroy(old) dequeue_skb() tbf_dequeue() qdisc_tree_decrease_qlen() qdisc_lookup() //deleting from qdisc_sleeping->list //walking qdisc_sleeping->list //under rtnl_lock() only //under qdisc root_lock only list_del(qdisc->list) list_for_each_entry(txq_root) Jarek P. --

When would we actually want the non-sleeping variant? Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt --

I don't think there is such a problem. I thought you and David were concerned with something trying to find and use this qdisc: that's why I wrote it's nobody ancestor at the moment. sch_tree_lock() should be enough for now because in the current implementation we have only one root qdisc with pointers copied to every dev_queue. At least I can't see nothing more in qdisc_create() and qdisc_graft(). So, qdisc_lookup() seems to be designed for the future (or to do this lookup more exactly with ...

I cannot reproduce the problem locally, at least not with 2.6.27-rc4. I was able to make my box resume from suspend to RAM by using # s2ram --force --vbe_mode --vbe_post (s2ram as shipped in openSUSE 11.0) and forcedeth works correctly after the resume. However, I had to add 'acpi_sleep=old_ordering' to the kernel command line. My box is a desktop with an Asus A8N-SLI motherboard and an Athlon 64 X2 CPU. I have created a Bugzilla entry for this issue ...

From: ebiederm@xmission.com (Eric W. Biederman) Acked-by: David S. Miller <davem@davemloft.net> --

This reverts commit aaf8cdc34ddba08122f02217d9d684e2f9f5d575. Drivers like the ipw2100 call device_create_group when they are initialized and device_remove_group when they are shutdown. Moving them between namespaces deletes their sysfs groups early. In particular the following call chain results. netdev_unregister_kobject -> device_del -> kobject_del -> sysfs_remove_dir With sysfs_remove_dir recursively deleting all of it's subdirectories, and nothing adding them ...

From: ebiederm@xmission.com (Eric W. Biederman) Acked-by: David S. Miller <davem@davemloft.net> --

From: Serge Hallyn <serge@us.ibm.com> Mark the /sys/kernel/uids directory to be tagged so that processes in different user namespaces can remount /sys and see their own uid listings. Without this patch, having CONFIG_FAIR_SCHED=y makes user namespaces unusable, because when you clone(CLONE_NEWUSER) it will auto-create the root userid and try to create /sys/kernel/uids/0. Since that already exists from the parent user namespace, the create fails, and the clone misleadingly ends ...

From: ebiederm@xmission.com (Eric W. Biederman) You can send it all through Greg or whoever, don't feel obligated to push it through me since it depends upon the earlier bits in this series. --

These two functions do 90% of the same work and it doesn't significantly obfuscate the function to allow both the parent dir and the name to change at the same time. So merge them together to simplify maintenance, and increase testing. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> --- fs/sysfs/dir.c | 121 +++++++++++++++++-------------------------------------- 1 files changed, 38 insertions(+), 83 deletions(-) diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c index ...