- 04 Jan, 2005 27 commits
-
-
Anton Blanchard authored
Protect the read/write SPR xmon commands. Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Anton Blanchard authored
A number of people (myself included) have pasted bad input into xmon that it parsed as a request to dump gigabytes of memory. Place a limit of 128kB on the dump commands. Also remove a stale function prototype thats been lying around. Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Serge Hallyn authored
In the current kernel/capability.c:sys_capset() code, permission is denied if CAP_SETPCAP is not held and pid is positive. pid=0 means use the current process, and this is allowed. But using the current process' pid is not allowed. The man page for capsetp simply says that CAP_SETPCAP is required to use this function, and does not mention the exception for pid=0. The current behavior seems inconsistent. The attached patch also allows a process to call capset() on itself. Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Serge Hallyn authored
The attached patch removes checks from kernel/capability.c which are redundant with cap_capset_check() code, and moves the capset_check() calls to immediately before the capset_set() calls. This allows capset_check() to accurately check the setter's permission to set caps on the target. Please apply. Signed-off-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Oleg Nesterov authored
generic_file_aio_write(): generic_file_aio_write_nolock(): if (SYNC) sync_page_range_nolock(); if (SYNC) sync_page_range(); I think that generic_file_aio_write() should use __generic_file_aio_write_nolock() instead. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
William Lee Irwin III authored
pud needs to be declared as a pud_t in order to avoid an assignment from incompatible pointer type warning or two; this patch makes it so. Signed-off-by: William Irwin <wli@holomorphy.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Heiko Carstens authored
the patch below fixes a few compile warnings due to missing parenthesizes. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
Patrick McHardy spotted this, on top of previous fix. I neatened it. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
FTP connection tracking assumes it can just dereference tcphdr; not neccessarily true now we don't linearize in ftp conntrack helper or tcp connection tracking. Also found by nfsim. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
The nat core calls skb_ip_make_writable() with a length too short. Found by nfsim. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
UDP and TCP refer to potentially stale pointers after calling skb_ip_make_writable(), and UDP calls it with the wrong len argument. All found by nfsim. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
Here is a patch that just makes it use get_free_pages to test the TLB theory. Another obvious improvement would be to not use list_heads for the hash table buckets - a single pointer would likely suffice and it would cut the hash table in half, saving cache, TLB and memory. Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
The multiport match doesn't support ranges of ports, so a new match called "mport" was written. Now we have versioning of matches and targets, we can simply put this extension in multiport revision 1. Also, removes gratuitous checking in match: we basically trust iptables userspace these days. Signed-off-by: Pablo Neira Ayuso <pablo@eurodev.net> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (modified) Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
Anders Fugmann <afu@fugmann.dhs.org> wrote a patch to add bitops to ipt_MARK. I made a version based on the revision patch. Bart De Schuymer <bdschuym@pandora.be> provided the idea of overriding the target type. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
This adds a new getsockopt to iptables, which allows userspace to query the revision number of extensions. iptables 1.3.0 (to be released soon) already has support for this. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
Pablo Neira <pablo@eurodev.net> came up with the idea of stealing the last byte in the (already nul-terminated) name of a target/match to create a version. That patch motivated me to clean up the match and target searching in ip_tables, which makes this patch more trivial. I also renamed "version" to "revision" since the word "version" was used for iptables itself. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
We now have a convenient kmod macro try_then_request_module(). 1) Split our current "generic" function into separate find_target_lock(), find_table_lock() and find_match_lock() functions explicitly. 2) Have those functions do try_module_get() for us, and fix up the one caller who didn't do that anyway. 3) Have the caller use try_then_request_module(). 4) Remove __ipt_mutex_up() and __ipt_find_target_lock() which weren't used (even in patch-o-matic AFAICT). This cleanup takes us closer to using standard list macros everywhere, and makes the version patch simpler. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
We currently choose a "random" IP address to NAT to, where we have a range. Martin Josefsson pointed out that he uses the SAME target in iptables because changing IP addresses breaks Internet banking sites (among others) which assume the customer will be coming from a consistent IP address. In fact, we spend a fair bit of effort trying to balance the number of connections we NAT to each IP address. We can come pretty damn close just hashing the source and destination IP addresses, and it has the consistency property which is so desirable, as well as being faster. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
Now we no longer do extra mangling, warn in that case. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
On NF_IP_LOCAL_OUT, when destination NAT changes the destination interface, we also change the source address, so the packet is the same as if it were generated to go that way in the first place. This is not strictly necessary, I believe. This patch rips that code out to see what breaks. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
On NF_IP_LOCAL_OUT or NF_IP_PRE_ROUTING, if destination NAT is not sufficient to create a unique tuple, we try changing the source port as well. However, this is also not strictly necessary: if the tuple is not unique, we will also try to change the source on the NF_IP_POST_ROUTING hook. When we finally confirm the connection, if the tuple is still not unique the packet will be dropped (this is required anyway as we could race: the conntrack is not placed in the hash until the packet is about to leave the box anyway). In fact, we only need best effort *everywhere*. This patch rips that code out to see what breaks. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
ip_conntrack_alter_reply checks that the reply isn't already taken, but there's little point, since there's *still* a race after it is called (which we handle at confirm time anyway). Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
The NAT code has the concept of multiple ranges: you can say "map this connection onto IP 192.168.1.2 - 192.168.1.4, 192.168.1.7 ports 1024-65535, and 192.168.1.10". I implemented this because we could. But it's not actually *used* by many (any?) people, and you can approximate this by a random match (from patch-o-matic) if you really want to. It adds complexity to the code. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
Writing the nfsim testcase for the ECN target revealed a hole in the rule checking: when checking whether the rule specified TCP, you need to check it isn't inverted. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Rusty Russell authored
nfsim now generates non-linear packets: when run under valgrind it finds linear assumptions very nicely. This is the second thing I tried, and it found a real bug. In this case, checking the UDP checksum is correct, but overkill, and like the ICMP header handling, does not handle non-linear packets. Remove UDP checksum, fix ICMP error. Signed-off-by: Rusty Russell Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Chris Wright authored
OK, somehow I managed to botch this one. It happens to work fine, but I should have been more careful with forward porting this 1+ year old patch. The exec-time calc should go in bprm_apply_creds, not bprm_free_security. Thanks to Stephen for spotting my mistake. Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
bk://nfsclient.bkbits.net/linux-2.6Linus Torvalds authored
into ppc970.osdl.org:/home/torvalds/v2.6/linux
-
- 05 Jan, 2005 1 commit
-
-
bk://nfsclient.bkbits.net/linux-2.6Trond Myklebust authored
into fys.uio.no:/home/linux/bitkeeper/nfsclient-2.6
-
- 04 Jan, 2005 12 commits
-
-
Trond Myklebust authored
Don't label all retries as "server seeing garbage". Report correct error for buffer overflows. Fix incorrect buffer overflow test that was masking AUTH_REJECTEDCRED, AUTH_REJECTEDVERF,... errors. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-
Trond Myklebust authored
Description: Fix an NFS client bug introduced in 2.6.9-rc1. The "df" command was reporting the size of NFS file systems incorrectly. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
-
Trond Myklebust authored
cache. Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
-
Trond Myklebust authored
The behavior enabled by the "noac" mount option should be precisely equivalent to setting acreg{min,max} or acdir{min,max} to zero via mount options. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
-
Trond Myklebust authored
Other parts of the NFS client invoke nfs_wb_all() when they want to flush dirty cache pages. The direct path needs to do that, too. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
-
Trond Myklebust authored
The initial implementation of NFS direct reads was entirely synchronous. The direct read logic issued one NFS READ operation at a time, and waited for the server's reply before issuing the next one. For large direct read requests, this is unnecessarily slow. This patch changes the NFS direct read path to dispatch NFS READ operations for a single direct read request in parallel and wait for them once. The direct read path is still synchronous in nature, but because the NFS READ operations are going in parallel, the completion wait should be much shorter. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
-
Trond Myklebust authored
Reduce stack utilization in the NFS direct read path by using a dynamically allocated nfs_read_data structure instead of allocating one on the stack. This reduces stack utilization of nfs_direct_read_seg from over 900 bytes to less than 100 bytes. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
-
Trond Myklebust authored
Reduce stack utilization in the NFS direct write path by using a dynamically allocated nfs_write_data structure instead of allocating one on the stack. This reduces stack utilization of nfs_direct_write_seg from over 900 bytes to less than 100 bytes. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
-
Trond Myklebust authored
Immediately return control to the application if a short NFS write is detected in the NFS client's direct write path. This is better behavior than what the direct write path does today, which could result in data appearing at the wrong offset in the file. Eventually this code path should retry short writes at least once before giving up. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
-
Trond Myklebust authored
Replace a C macro with sizeof(). Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
-
Trond Myklebust authored
Description: Ethereal and other tools display RPC XIDs in host order. This patch changes the RPC trace messages that display XIDs to print them in host order so they can be easily matched to XIDs that appear in Ethereal. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
-
Trond Myklebust authored
Improve trace debugging messages for NFSv2/3 GETATTR and SETATTR procedures. Signed-off-by: Chuck Lever <cel@netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust@fys.uio.no>
-