1. 05 Aug, 2013 14 commits
  2. 04 Aug, 2013 6 commits
  3. 03 Aug, 2013 17 commits
  4. 02 Aug, 2013 3 commits
    • Paul Moore's avatar
      netlabel: use domain based selectors when address based selectors are not available · 6a8b7f0c
      Paul Moore authored
      NetLabel has the ability to selectively assign network security labels
      to outbound traffic based on either the LSM's "domain" (different for
      each LSM), the network destination, or a combination of both.  Depending
      on the type of traffic, local or forwarded, and the type of traffic
      selector, domain or address based, different hooks are used to label the
      traffic; the goal being minimal overhead.
      
      Unfortunately, there is a bug such that a system using NetLabel domain
      based traffic selectors does not correctly label outbound local traffic
      that is not assigned to a socket.  The issue is that in these cases
      the associated NetLabel hook only looks at the address based selectors
      and not the domain based selectors.  This patch corrects this by
      checking both the domain and address based selectors so that the correct
      labeling is applied, regardless of the configuration type.
      
      In order to acomplish this fix, this patch also simplifies some of the
      NetLabel domainhash structures to use a more common outbound traffic
      mapping type: struct netlbl_dommap_def.  This simplifies some of the code
      in this patch and paves the way for further simplifications in the
      future.
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6a8b7f0c
    • Roman Gushchin's avatar
      net: check net.core.somaxconn sysctl values · 5f671d6b
      Roman Gushchin authored
      It's possible to assign an invalid value to the net.core.somaxconn
      sysctl variable, because there is no checks at all.
      
      The sk_max_ack_backlog field of the sock structure is defined as
      unsigned short. Therefore, the backlog argument in inet_listen()
      shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
      is truncated to the somaxconn value. So, the somaxconn value shouldn't
      exceed 65535 (USHRT_MAX).
      Also, negative values of somaxconn are meaningless.
      
      before:
      $ sysctl -w net.core.somaxconn=256
      net.core.somaxconn = 256
      $ sysctl -w net.core.somaxconn=65536
      net.core.somaxconn = 65536
      $ sysctl -w net.core.somaxconn=-100
      net.core.somaxconn = -100
      
      after:
      $ sysctl -w net.core.somaxconn=256
      net.core.somaxconn = 256
      $ sysctl -w net.core.somaxconn=65536
      error: "Invalid argument" setting key "net.core.somaxconn"
      $ sysctl -w net.core.somaxconn=-100
      error: "Invalid argument" setting key "net.core.somaxconn"
      
      Based on a prior patch from Changli Gao.
      Signed-off-by: default avatarRoman Gushchin <klamm@yandex-team.ru>
      Reported-by: default avatarChangli Gao <xiaosuo@gmail.com>
      Suggested-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5f671d6b
    • Denis Kirjanov's avatar
      sis900: Fix the tx queue timeout issue · 3508ea33
      Denis Kirjanov authored
      [  198.720048] ------------[ cut here ]------------
      [  198.720108] WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:255 dev_watchdog+0x229/0x240()
      [  198.720118] NETDEV WATCHDOG: eth0 (sis900): transmit queue 0 timed out
      [  198.720125] Modules linked in: bridge stp llc dmfe sundance 3c59x sis900 mii
      [  198.720159] CPU: 0 PID: 0 Comm: swapper Not tainted 3.11.0-rc3+ #12
      [  198.720167] Hardware name: System Manufacturer System Name/TUSI-M, BIOS ASUS TUSI-M ACPI BIOS
      Revision 1013 Beta 001 12/14/2001
      [  198.720175]  000000ff c13fa6b9 c169ddcc c12208d6 c169ddf8 c1031e4d c1664a84 c169de24
      [  198.720197]  00000000 c165f5ea 000000ff c13fa6b9 00000001 000000ff c1664a84 c169de10
      [  198.720217]  c1031f13 00000009 c169de08 c1664a84 c169de24 c169de50 c13fa6b9 c165f5ea
      [  198.720240] Call Trace:
      [  198.720257]  [<c13fa6b9>] ? dev_watchdog+0x229/0x240
      [  198.720274]  [<c12208d6>] dump_stack+0x16/0x20
      [  198.720306]  [<c1031e4d>] warn_slowpath_common+0x7d/0xa0
      [  198.720318]  [<c13fa6b9>] ? dev_watchdog+0x229/0x240
      [  198.720330]  [<c1031f13>] warn_slowpath_fmt+0x33/0x40
      [  198.720342]  [<c13fa6b9>] dev_watchdog+0x229/0x240
      [  198.720357]  [<c103f158>] call_timer_fn+0x78/0x150
      [  198.720369]  [<c103f0e0>] ? internal_add_timer+0x40/0x40
      [  198.720381]  [<c13fa490>] ? dev_init_scheduler+0xa0/0xa0
      [  198.720392]  [<c103f33f>] run_timer_softirq+0x10f/0x200
      [  198.720412]  [<c103954f>] ? __do_softirq+0x6f/0x210
      [  198.720424]  [<c13fa490>] ? dev_init_scheduler+0xa0/0xa0
      [  198.720435]  [<c1039598>] __do_softirq+0xb8/0x210
      [  198.720467]  [<c14b54d2>] ? _raw_spin_unlock+0x22/0x30
      [  198.720484]  [<c1003245>] ? handle_irq+0x25/0xd0
      [  198.720496]  [<c1039c0c>] irq_exit+0x9c/0xb0
      [  198.720508]  [<c14bc9d7>] do_IRQ+0x47/0x94
      [  198.720534]  [<c1056078>] ? hrtimer_start+0x28/0x30
      [  198.720564]  [<c14bc8b1>] common_interrupt+0x31/0x38
      [  198.720589]  [<c1008692>] ? default_idle+0x22/0xa0
      [  198.720600]  [<c10083c7>] arch_cpu_idle+0x17/0x30
      [  198.720631]  [<c106d23d>] cpu_startup_entry+0xcd/0x180
      [  198.720643]  [<c14ae30a>] rest_init+0xaa/0xb0
      [  198.720654]  [<c14ae260>] ? reciprocal_value+0x50/0x50
      [  198.720668]  [<c17044e0>] ? repair_env_string+0x60/0x60
      [  198.720679]  [<c1704bda>] start_kernel+0x29a/0x350
      [  198.720690]  [<c17044e0>] ? repair_env_string+0x60/0x60
      [  198.720721]  [<c1704269>] i386_start_kernel+0x39/0xa0
      [  198.720729] ---[ end trace 81e0a6266f5c73a8 ]---
      [  198.720740] eth0: Transmit timeout, status 00000204 00000000
      
      timer routine checks the link status and if it's up calls
      netif_carrier_on() allowing upper layer to start the tx queue
      even if the auto-negotiation process is not finished.
      
      Also remove ugly auto-negotiation check from the sis900_start_xmit()
      
      CC: Duan Fugang <B38611@freescale.com>
      CC: Ben Hutchings <bhutchings@solarflare.com>
      Signed-off-by: default avatarDenis Kirjanov <kda@linux-powerpc.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3508ea33