Netdev List
 help / color / mirror / Atom feed
* Re: [PATCH next 4/7] sc92031: use standard #defines from mii.h.
From: David Miller @ 2011-10-03 18:09 UTC (permalink / raw)
  To: romieu; +Cc: netdev
In-Reply-To: <20110930103802.GE26727@electric-eye.fr.zoreil.com>

From: Francois Romieu <romieu@fr.zoreil.com>
Date: Fri, 30 Sep 2011 12:38:02 +0200

> Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>

Applied.

^ permalink raw reply

* Re: [PATCH next 5/7] rtl8150: removal of forward declarations.
From: David Miller @ 2011-10-03 18:09 UTC (permalink / raw)
  To: romieu; +Cc: netdev
In-Reply-To: <20110930103829.GF26727@electric-eye.fr.zoreil.com>

From: Francois Romieu <romieu@fr.zoreil.com>
Date: Fri, 30 Sep 2011 12:38:29 +0200

> Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>

Applied.

^ permalink raw reply

* Re: [PATCH next 6/7] drivers/net/ethernet: remove unused #define.
From: David Miller @ 2011-10-03 18:09 UTC (permalink / raw)
  To: romieu; +Cc: netdev
In-Reply-To: <20110930103849.GG26727@electric-eye.fr.zoreil.com>

From: Francois Romieu <romieu@fr.zoreil.com>
Date: Fri, 30 Sep 2011 12:38:49 +0200

> Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>

Applied.

^ permalink raw reply

* Re: [PATCH next 7/7] tehuti: shorten PCI device table.
From: David Miller @ 2011-10-03 18:10 UTC (permalink / raw)
  To: romieu; +Cc: netdev
In-Reply-To: <20110930103923.GH26727@electric-eye.fr.zoreil.com>

From: Francois Romieu <romieu@fr.zoreil.com>
Date: Fri, 30 Sep 2011 12:39:23 +0200

> Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>

Applied.

^ permalink raw reply

* Re: [PATCH] ipv4: NET_IPV4_ROUTE_GC_INTERVAL removal
From: David Miller @ 2011-10-03 18:13 UTC (permalink / raw)
  To: vvs; +Cc: netdev, vvs
In-Reply-To: <1317381070-19564-1-git-send-email-vvs@parallels.com>

From: Vasily Averin <vvs@parallels.com>
Date: Fri, 30 Sep 2011 15:11:10 +0400

> From: Vasily Averin <vvs@sw.ru>
> 
> removing obsoleted sysctl, 
> ip_rt_gc_interval variable no longer used since 2.6.38
> 
> Signed-off-by: Vasily Averin <vvs@sw.ru>

Applied, thanks.

^ permalink raw reply

* Re: [PATCH] net: xen-netback: correctly restart Tx after a VM restore/migrate
From: David Miller @ 2011-10-03 18:16 UTC (permalink / raw)
  To: Ian.Campbell; +Cc: david.vrabel, netdev, xen-devel
In-Reply-To: <1317401105.26672.319.camel@zakaz.uk.xensource.com>

From: Ian Campbell <Ian.Campbell@eu.citrix.com>
Date: Fri, 30 Sep 2011 17:45:05 +0100

> On Fri, 2011-09-30 at 17:37 +0100, David Vrabel wrote:
>> If a VM is saved and restored (or migrated) the netback driver will no
>> longer process any Tx packets from the frontend.  xenvif_up() does not
>> schedule the processing of any pending Tx requests from the front end
>> because the carrier is off.  Without this initial kick the frontend
>> just adds Tx requests to the ring without raising an event (until the
>> ring is full).
>> 
>> This was caused by 47103041e91794acdbc6165da0ae288d844c820b (net:
>> xen-netback: convert to hw_features) which reordered the calls to
>> xenvif_up() and netif_carrier_on() in xenvif_connect().
> 
> Ah, so the bit of that patch which moved "netif_carrier_on(vif->dev);"
> should have actually moved the entire block
>  	netif_carrier_on(vif->dev);
> 	if (netif_running(vif->dev))
> 		xenvif_up(vif);
> 
> Since it it is logically a single thing. Make sense. Thanks!
> 
>> Signed-off-by: David Vrabel <david.vrabel@citrix.com>
> 
> Acked-by: Ian Campbell <ian.campbell@citrix.com>

Applied, thanks.

^ permalink raw reply

* Re: [patch] make PACKET_STATISTICS getsockopt report consistently between ring and non-ring
From: David Miller @ 2011-10-03 18:18 UTC (permalink / raw)
  To: willemb; +Cc: netdev
In-Reply-To: <4E8628C4.2070504@google.com>

From: Willem de Bruijn <willemb@google.com>
Date: Fri, 30 Sep 2011 16:38:28 -0400

> This is a minor change.
> 
> Up until kernel 2.6.32, getsockopt(fd, SOL_PACKET, PACKET_STATISTICS,
> ...) would return total and dropped packets since its last invocation. The
> introduction of socket queue overflow reporting [1] changed drop
> rate calculation in the normal packet socket path, but not when using a
> packet ring. As a result, the getsockopt now returns different statistics
> depending on the reception method used. With a ring, it still returns the
> count since the last call, as counts are incremented in tpacket_rcv and
> reset in getsockopt. Without a ring, it returns 0 if no drops occurred
> since the last getsockopt and the total drops over the lifespan of
> the socket otherwise. The culprit is this line in packet_rcv, executed
> on a drop:
> 
> drop_n_acct:
>         po->stats.tp_drops = atomic_inc_return(&sk->sk_drops);
> 
> As it shows, the new drop number it taken from the socket drop counter,
> which is not reset at getsockopt. I put together a small example
> that demonstrates the issue [2]. It runs for 10 seconds and overflows
> the queue/ring on every odd second. The reported drop rates are:
> ring: 16, 0, 16, 0, 16, ...
> non-ring: 0, 15, 0, 30, 0, 46, 0, 60, 0 , 74.
> 
> Note how the even ring counts monotonically increase. Because the
> getsockopt adds tp_drops to tp_packets, total counts are similarly
> reported cumulatively. Long story short, reinstating the original code, as
> the below patch does, fixes the issue at the cost of additional per-packet
> cycles. Another solution that does not introduce per-packet overhead
> is be to keep the current data path, record the value of sk_drops at
> getsockopt() at call N in a new field in struct packetsock and subtract
> that when reporting at call N+1. I'll be happy to code that, instead,
> it's just more messy.
> 
> [1] http://patchwork.ozlabs.org/patch/35665/
> [2] http://kernel.googlecode.com/files/test-packetsock-getstatistics.c
> 
> Signed-off-by: Willem de Bruijn <willemb@google.com>

Applied, thanks a lot for fixing this bug.

^ permalink raw reply

* Re: [PATCH v2 1/2] virtio-net: Verify page list size before fitting into skb
From: David Miller @ 2011-10-03 18:19 UTC (permalink / raw)
  To: levinsasha928; +Cc: linux-kernel, rusty, mst, virtualization, netdev, kvm
In-Reply-To: <1317220855-9352-1-git-send-email-levinsasha928@gmail.com>

From: Sasha Levin <levinsasha928@gmail.com>
Date: Wed, 28 Sep 2011 17:40:54 +0300

> This patch verifies that the length of a buffer stored in a linked list
> of pages is small enough to fit into a skb.
> 
> If the size is larger than a max size of a skb, it means that we shouldn't
> go ahead building skbs anyway since we won't be able to send the buffer as
> the user requested.
> 
> Cc: Rusty Russell <rusty@rustcorp.com.au>
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
> Cc: virtualization@lists.linux-foundation.org
> Cc: netdev@vger.kernel.org
> Cc: kvm@vger.kernel.org
> Signed-off-by: Sasha Levin <levinsasha928@gmail.com>

Michael, tell me what's happening with these two virtio-net bug fixes.

Thanks.

^ permalink raw reply

* Re: [PATCH 2/2] pch_gbe: Fixed the issue on which a network freezes
From: David Miller @ 2011-10-03 18:25 UTC (permalink / raw)
  To: toshiharu-linux
  Cc: netdev, linux-kernel, eric.dumazet, qi.wang, yong.y.wang,
	joel.clark, kok.howg.ewe, tomoya-linux
In-Reply-To: <1317022063-12143-2-git-send-email-toshiharu-linux@dsn.okisemi.com>

From: Toshiharu Okada <toshiharu-linux@dsn.okisemi.com>
Date: Mon, 26 Sep 2011 16:27:43 +0900

> The pch_gbe driver has an issue which a network stops,
> when receiving traffic is high.
> In the case, The link down and up are necessary to return a network.
> 
> This patch fixed this issue.
> 
> Signed-off-by: Toshiharu Okada <toshiharu-linux@dsn.okisemi.com>

Applied.

^ permalink raw reply

* Re: [PATCH 1/2] pch_gbe: Fixed the issue on which PC was frozen when link was downed.
From: David Miller @ 2011-10-03 18:25 UTC (permalink / raw)
  To: toshiharu-linux
  Cc: netdev, linux-kernel, eric.dumazet, qi.wang, yong.y.wang,
	joel.clark, kok.howg.ewe, tomoya-linux
In-Reply-To: <1317022063-12143-1-git-send-email-toshiharu-linux@dsn.okisemi.com>

From: Toshiharu Okada <toshiharu-linux@dsn.okisemi.com>
Date: Mon, 26 Sep 2011 16:27:42 +0900

> When a link was downed during network use,
> there is an issue on which PC freezes.
> 
> This patch fixed this issue.
> 
> Signed-off-by: Toshiharu Okada <toshiharu-linux@dsn.okisemi.com>

Applied.

^ permalink raw reply

* Re: [PATCH v2 2/2] virtio-net: Prevent NULL dereference
From: Michael S. Tsirkin @ 2011-10-03 18:40 UTC (permalink / raw)
  To: Sasha Levin; +Cc: linux-kernel, Rusty Russell, virtualization, netdev, kvm
In-Reply-To: <1317220855-9352-2-git-send-email-levinsasha928@gmail.com>

On Wed, Sep 28, 2011 at 05:40:55PM +0300, Sasha Levin wrote:
> This patch prevents a NULL dereference when the user has passed a length
> longer than an actual buffer to virtio-net.
> 
> Cc: Rusty Russell <rusty@rustcorp.com.au>
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
> Cc: virtualization@lists.linux-foundation.org
> Cc: netdev@vger.kernel.org
> Cc: kvm@vger.kernel.org
> Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
> ---
>  drivers/net/virtio_net.c |   12 +++++++++++-
>  1 files changed, 11 insertions(+), 1 deletions(-)
> 
> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
> index bde0dec..4a53d2a 100644
> --- a/drivers/net/virtio_net.c
> +++ b/drivers/net/virtio_net.c
> @@ -208,12 +208,22 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi,
>  		return NULL;
>  	}
>  
> -	while (len) {
> +	while (len && page) {
>  		set_skb_frag(skb, page, offset, &len);
>  		page = (struct page *)page->private;
>  		offset = 0;
>  	}
>  
> +	/*
> +	 * This is the case where we ran out of pages in our linked list, but
> +	 * supposedly have more data to read.

Again, let's clarify that this only happens with broken devices.

> +	 */	
> +	if (len > 0) {
> +		pr_debug("%s: missing data to assemble skb\n", skb->dev->name);
> +		dev_kfree_skb(skb);
> +		return NULL;
> +	}
> +
>  	if (page)
>  		give_pages(vi, page);
>  
> -- 
> 1.7.6.1

^ permalink raw reply

* Re: [PATCH v2 1/2] virtio-net: Verify page list size before fitting into skb
From: Michael S. Tsirkin @ 2011-10-03 18:42 UTC (permalink / raw)
  To: David Miller
  Cc: levinsasha928, linux-kernel, rusty, virtualization, netdev, kvm
In-Reply-To: <20111003.141951.1122469843900651595.davem@davemloft.net>

On Mon, Oct 03, 2011 at 02:19:51PM -0400, David Miller wrote:
> From: Sasha Levin <levinsasha928@gmail.com>
> Date: Wed, 28 Sep 2011 17:40:54 +0300
> 
> > This patch verifies that the length of a buffer stored in a linked list
> > of pages is small enough to fit into a skb.
> > 
> > If the size is larger than a max size of a skb, it means that we shouldn't
> > go ahead building skbs anyway since we won't be able to send the buffer as
> > the user requested.
> > 
> > Cc: Rusty Russell <rusty@rustcorp.com.au>
> > Cc: "Michael S. Tsirkin" <mst@redhat.com>
> > Cc: virtualization@lists.linux-foundation.org
> > Cc: netdev@vger.kernel.org
> > Cc: kvm@vger.kernel.org
> > Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
> 
> Michael, tell me what's happening with these two virtio-net bug fixes.
> 
> Thanks.

Thanks for the reminder.
They are more enhancements than bugfixes, in that both help debug buggy
hypervisors. So net-next material.
Patch 1 is ok patch 2 would benefit from a slightly clearer comment.

-- 
MST

^ permalink raw reply

* Re: [PATCH v2 1/2] virtio-net: Verify page list size before fitting into  skb
From: Michael S. Tsirkin @ 2011-10-03 19:04 UTC (permalink / raw)
  To: Sasha Levin; +Cc: linux-kernel, Rusty Russell, virtualization, netdev, kvm
In-Reply-To: <1317220855-9352-1-git-send-email-levinsasha928@gmail.com>

On Wed, Sep 28, 2011 at 05:40:54PM +0300, Sasha Levin wrote:
> This patch verifies that the length of a buffer stored in a linked list
> of pages is small enough to fit into a skb.
> 
> If the size is larger than a max size of a skb, it means that we shouldn't
> go ahead building skbs anyway since we won't be able to send the buffer as
> the user requested.
> 
> Cc: Rusty Russell <rusty@rustcorp.com.au>
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
> Cc: virtualization@lists.linux-foundation.org
> Cc: netdev@vger.kernel.org
> Cc: kvm@vger.kernel.org
> Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
> ---
>  drivers/net/virtio_net.c |   13 +++++++++++++
>  1 files changed, 13 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
> index 0c7321c..bde0dec 100644
> --- a/drivers/net/virtio_net.c
> +++ b/drivers/net/virtio_net.c
> @@ -195,6 +195,19 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi,
>  	len -= copy;
>  	offset += copy;
>  
> +	/*
> +	 * Verify that we can indeed put this data into a skb.
> +	 * This is here to handle cases when the device erroneously
> +	 * tries to receive more than is possible. This is usually
> +	 * the case of a broken device.
> +	 */
> +	if (unlikely(len > MAX_SKB_FRAGS * PAGE_SIZE)) {
> +		if (net_ratelimit())
> +			pr_debug("%s: too much data\n", skb->dev->name);
> +		dev_kfree_skb(skb);
> +		return NULL;
> +	}
> +

BTW, receive_mergeable does
                        pr_debug("%s: packet too long\n", skb->dev->name);
                        skb->dev->stats.rx_length_errors++;

which makes sense.

>  	while (len) {
>  		set_skb_frag(skb, page, offset, &len);
>  		page = (struct page *)page->private;
> -- 
> 1.7.6.1

^ permalink raw reply

* Re: [PATCH v2 2/2] virtio-net: Prevent NULL dereference
From: Michael S. Tsirkin @ 2011-10-03 19:05 UTC (permalink / raw)
  To: Sasha Levin; +Cc: linux-kernel, Rusty Russell, virtualization, netdev, kvm
In-Reply-To: <1317220855-9352-2-git-send-email-levinsasha928@gmail.com>

On Wed, Sep 28, 2011 at 05:40:55PM +0300, Sasha Levin wrote:
> This patch prevents a NULL dereference when the user has passed a length
> longer than an actual buffer to virtio-net.
> 
> Cc: Rusty Russell <rusty@rustcorp.com.au>
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
> Cc: virtualization@lists.linux-foundation.org
> Cc: netdev@vger.kernel.org
> Cc: kvm@vger.kernel.org
> Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
> ---
>  drivers/net/virtio_net.c |   12 +++++++++++-
>  1 files changed, 11 insertions(+), 1 deletions(-)
> 
> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
> index bde0dec..4a53d2a 100644
> --- a/drivers/net/virtio_net.c
> +++ b/drivers/net/virtio_net.c
> @@ -208,12 +208,22 @@ static struct sk_buff *page_to_skb(struct virtnet_info *vi,
>  		return NULL;
>  	}
>  
> -	while (len) {
> +	while (len && page) {

I think if (unlikely(!page))
		goto err_page;

would make the logic clearer. But see below

>  		set_skb_frag(skb, page, offset, &len);
>  		page = (struct page *)page->private;
>  		offset = 0;
>  	}
>  
> +	/*
> +	 * This is the case where we ran out of pages in our linked list, but
> +	 * supposedly have more data to read.
> +	 */	
> +	if (len > 0) {
> +		pr_debug("%s: missing data to assemble skb\n", skb->dev->name);
> +		dev_kfree_skb(skb);
> +		return NULL;
> +	}
> +
>  	if (page)
>  		give_pages(vi, page);
>

I thought about this some more. If length was too large host is
right now writing into pages that we have freed.
That is very bad, and I don't know what do do with it,
really not worth prettifying that IMO, NULL pointer is the least of our
worries.

But, with mergeable buffers at least, and that is the main mode anyway,
there is always a single page per buf, right?
So I think we should change the code,
and for mergeable buffers we shall only verify that
length <= PAGE_SIZE.

IOW copy a bit of code from page_to_skb(vi, page, len)
to receive_mergeable, maybe add a common function
if we need to avoid duplication.

  
> -- 
> 1.7.6.1

^ permalink raw reply

* cloning net-next tree (from git-hub ?)
From: Kevin Wilson @ 2011-10-03 19:52 UTC (permalink / raw)
  To: netdev

Hi,

According to:
http://lwn.net/Articles/459795/#Comments

There are some github reps for some kernel subsystems because of the
kernel.org outage.
Though this is from 21.9.11, and it could be that since than the
problem was solved, still my question is this:
I do not see in taht link net-next (or any other net) tree.

I want to download the git tree of net-next.

what URL should I use for git clone ?

rgs,
Kevin

^ permalink raw reply

* Re: [PATCH 01/15] add Documentation/namespaces/user_namespace.txt (v3)
From: Eric W. Biederman @ 2011-10-03 19:53 UTC (permalink / raw)
  To: Serge E. Hallyn
  Cc: Vasiliy Kulikov, Serge Hallyn, akpm, linux-kernel, netdev,
	containers, dhowells, rdunlap, kernel-hardening
In-Reply-To: <m1aa9i4zkx.fsf@fess.ebiederm.org>

ebiederm@xmission.com (Eric W. Biederman) writes:

> "Serge E. Hallyn" <serge.hallyn@canonical.com> writes:
>
>> Quoting Vasiliy Kulikov (segoon@openwall.com):
>>> On Tue, Sep 27, 2011 at 08:21 -0500, Serge E. Hallyn wrote:
>>> > > First, the patches by design expose much kernel code to unprivileged
>>> > > userspace processes.  This code doesn't expect malformed data (e.g. VFS,
>>> > > specific filesystems, block layer, char drivers, sysadmin part of LSMs,
>>> > > etc. etc.).  By relaxing permission rules you greatly increase attack
>>> > > surface of the kernel from unprivileged users.  Are you (or somebody
>>> > > else) planning to audit this code?
>
> Well in theory this codes does expose this code to unprivileged user
> space in a way that increases the attack surface.    However right now
> there are a lot of cases where because the kernel lacks a sufficient
> mechanism people are just given root provileges so that can get things
> done.  Network manager controlling the network stack as an unprivileged
> user.  Random filesystems on usb sticks being mounted and unmounted
> automatically when the usb sticks are inserted and removed.
>
> I completely agree that auditing and looking at the code is necessary I
> think most of what will happen is that we will start directly supporting
> how the kernel is actually used in the real world.  Which should
> actually reduce our level of vulnerability, because we give up the
> delusion that large classes of operations don't need careful
> attention because only root can perform them.   Operations which the
> user space authors turn around and write a suid binary for and
> unprivileged user space performs those operations all day long.
>
>>> > I had wanted to (but didn't) propose a discussion at ksummit about how
>>> > best to approach the filesystem code.  That's not even just for user
>>> > namespaces - patches have been floated in the past to make mount an
>>> > unprivileged operation depending on the FS and the user's permission
>>> > over the device and target.
>>> 
>>> This is a dangerous operation by itself.
>>
>> Of course it is :)  And it's been a while since it has been brought up,
>> but it *was* quite well thought through and throrougly discussed - see
>> i.e. https://lkml.org/lkml/2008/1/8/131
>>
>> Oh, that's right.  In the end the reason it didn't go in had to do with
>> the ability for an unprivileged user to prevent a privileged user from
>> unmounting trees by leaving a busy mount in a hidden namespace.
>>
>> Eric, in the past we didn't know what to do about that, but I wonder
>> if setns could be used in some clever way to solve it from userspace.
>
> Oh.  That is a good objection.  I had not realized that unprivileged
> mounts had that problem.

I just re-read the discussion you are referring to and that wasn't
it.  Fuse already has something like a revoke in it's umount -f
implementation.

Eric

^ permalink raw reply

* Re: [PATCH 01/15] add Documentation/namespaces/user_namespace.txt (v3)
From: Serge E. Hallyn @ 2011-10-03 20:04 UTC (permalink / raw)
  To: Eric W. Biederman
  Cc: Vasiliy Kulikov, Serge Hallyn, akpm, linux-kernel, netdev,
	containers, dhowells, rdunlap, kernel-hardening
In-Reply-To: <m1zkhh3l83.fsf@fess.ebiederm.org>

Quoting Eric W. Biederman (ebiederm@xmission.com):
> ebiederm@xmission.com (Eric W. Biederman) writes:
> 
> > "Serge E. Hallyn" <serge.hallyn@canonical.com> writes:
> >
> >> Quoting Vasiliy Kulikov (segoon@openwall.com):
> >>> On Tue, Sep 27, 2011 at 08:21 -0500, Serge E. Hallyn wrote:
> >>> > > First, the patches by design expose much kernel code to unprivileged
> >>> > > userspace processes.  This code doesn't expect malformed data (e.g. VFS,
> >>> > > specific filesystems, block layer, char drivers, sysadmin part of LSMs,
> >>> > > etc. etc.).  By relaxing permission rules you greatly increase attack
> >>> > > surface of the kernel from unprivileged users.  Are you (or somebody
> >>> > > else) planning to audit this code?
> >
> > Well in theory this codes does expose this code to unprivileged user
> > space in a way that increases the attack surface.    However right now
> > there are a lot of cases where because the kernel lacks a sufficient
> > mechanism people are just given root provileges so that can get things
> > done.  Network manager controlling the network stack as an unprivileged
> > user.  Random filesystems on usb sticks being mounted and unmounted
> > automatically when the usb sticks are inserted and removed.
> >
> > I completely agree that auditing and looking at the code is necessary I
> > think most of what will happen is that we will start directly supporting
> > how the kernel is actually used in the real world.  Which should
> > actually reduce our level of vulnerability, because we give up the
> > delusion that large classes of operations don't need careful
> > attention because only root can perform them.   Operations which the
> > user space authors turn around and write a suid binary for and
> > unprivileged user space performs those operations all day long.
> >
> >>> > I had wanted to (but didn't) propose a discussion at ksummit about how
> >>> > best to approach the filesystem code.  That's not even just for user
> >>> > namespaces - patches have been floated in the past to make mount an
> >>> > unprivileged operation depending on the FS and the user's permission
> >>> > over the device and target.
> >>> 
> >>> This is a dangerous operation by itself.
> >>
> >> Of course it is :)  And it's been a while since it has been brought up,
> >> but it *was* quite well thought through and throrougly discussed - see
> >> i.e. https://lkml.org/lkml/2008/1/8/131
> >>
> >> Oh, that's right.  In the end the reason it didn't go in had to do with
> >> the ability for an unprivileged user to prevent a privileged user from
> >> unmounting trees by leaving a busy mount in a hidden namespace.
> >>
> >> Eric, in the past we didn't know what to do about that, but I wonder
> >> if setns could be used in some clever way to solve it from userspace.
> >
> > Oh.  That is a good objection.  I had not realized that unprivileged
> > mounts had that problem.
> 
> I just re-read the discussion you are referring to and that wasn't

The one I linked was one discussion, but not the final one.

https://lkml.org/lkml/2008/10/6/72 is the one where the need for
revoke is brought up.

> it.  Fuse already has something like a revoke in it's umount -f
> implementation.

I'll have to (haven't yet) take a look at it.

-serge

^ permalink raw reply

* Re: cloning net-next tree (from git-hub ?)
From: Randy Dunlap @ 2011-10-03 20:20 UTC (permalink / raw)
  To: Kevin Wilson; +Cc: netdev
In-Reply-To: <CAGXs5wUAa=K5SdX_JCMrWmZsLMNJDGbAL6yBJakc31Kup36jXg@mail.gmail.com>

On 10/03/11 12:52, Kevin Wilson wrote:
> Hi,
> 
> According to:
> http://lwn.net/Articles/459795/#Comments
> 
> There are some github reps for some kernel subsystems because of the
> kernel.org outage.
> Though this is from 21.9.11, and it could be that since than the
> problem was solved, still my question is this:
> I do not see in taht link net-next (or any other net) tree.
> 
> I want to download the git tree of net-next.
> 
> what URL should I use for git clone ?


https://github.com/davem330/net-next says that you can use
https://github.com/davem330/net-next.git

-- 
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***

^ permalink raw reply

* Re: [PATCH] mlx4_en: fix transmit of packages when blue frame is enabled
From: Thadeu Lima de Souza Cascardo @ 2011-10-03 20:53 UTC (permalink / raw)
  To: Yevgeny Petrilin
  Cc: netdev@vger.kernel.org, Eli Cohen, eli@dev.mellanox.co.il,
	Benjamin Herrenschmidt, linuxppc-dev
In-Reply-To: <953B660C027164448AE903364AC447D2235DAA9D@MTLDAG02.mtl.com>

On Mon, Oct 03, 2011 at 02:56:08PM +0000, Yevgeny Petrilin wrote:
> > Hello, Yevgeny.
> > 
> > We use a MT26448 (lspci -v output bellow) on a POWER7. Any other
> > information, tests or debug patches you want me to try, just tell me.
> > 
> > I expected this was really not the proper fix, but thought it would be
> > better to send it than just guess. Any clues what the problem might be?
> > Perhaps, we would have to disable blue frame for this particular device?
> > 
> > Regards,
> > Cascardo.
> > 
> > ---
> > lspci output
> > 0006:01:00.0 Ethernet controller: Mellanox Technologies MT26448 [ConnectX EN 10GigE, PCIe 2.0 5GT/s] (rev b0)
> > ---
> > lspci -v output
> > 0006:01:00.0 0200: 15b3:6750 (rev b0)
> >         Subsystem: 1014:0416
> >         Flags: bus master, fast devsel, latency 0, IRQ 31
> >         Memory at 3da47be00000 (64-bit, non-prefetchable) [size=1M]
> >         Memory at 3da47c000000 (64-bit, prefetchable) [size=32M]
> >         Expansion ROM at 3da47bf00000 [disabled] [size=1M]
> >         Capabilities: [40] Power Management version 3
> >         Capabilities: [48] Vital Product Data
> >         Capabilities: [9c] MSI-X: Enable+ Count=128 Masked-
> >         Capabilities: [60] Express Endpoint, MSI 00
> >         Capabilities: [100] Alternative Routing-ID Interpretation (ARI)
> >         Capabilities: [148] Device Serial Number 00-02-c9-03-00-0f-50-be
> >         Kernel driver in use: mlx4_core
> >         Kernel modules: mlx4_en, mlx4_core
> > ---
> 
> Cascardo,
> 
> Can you also send me the output of ethtool -i?
> It seems that there is a problem with write combining on Power processors, we will check this issue.
> 
> Yevgeny

Hello, Yevgeny.

You will find the output of ethtool -i below.

I am copying Ben and powerpc list, in case this is an issue with Power
processors. They can provide us some more insight into this.

Thanks,
Cascardo.

---
# ethtool -i eth10
driver: mlx4_en
version: 1.5.4.1 (March 2011)
firmware-version: 2.9.4130
bus-info: 0006:01:00.0

^ permalink raw reply

* Re: [PATCH 2/2] IPVS netns shutdown/startup dead-lock (Take II)
From: Julian Anastasov @ 2011-10-03 20:55 UTC (permalink / raw)
  To: Hans Schillstrom; +Cc: horms, wensong, lvs-devel, netdev, netfilter-devel, hans
In-Reply-To: <1317639399-4522-2-git-send-email-hans.schillstrom@ericsson.com>


	Hello,

On Mon, 3 Oct 2011, Hans Schillstrom wrote:

> From: Hans Schillstrom <hans@schillstrom.com>
> 
> ip_vs_mutext is used by both netns shutdown code and startup
> and both implicit uses sk_lock-AF_INET mutex.
> 
> cleanup CPU-1         startup CPU-2
> ip_vs_dst_event()     ip_vs_genl_set_cmd()
>  sk_lock-AF_INET     __ip_vs_mutex
>                      sk_lock-AF_INET
> __ip_vs_mutex
> * DEAD LOCK *
> 
> A new mutex placed in ip_vs netns struct called sync_mutex is added.
> 
> Comments from Julian and Simon added.
> This patch has been running for more than 3 month now and it seems to work.

	May be IP_VS_SO_GET_DAEMON in do_ip_vs_get_ctl
must be protected by sync_mutex in a similar way.

Regards

--
Julian Anastasov <ja@ssi.bg>

^ permalink raw reply

* Re: [PATCH 2/2] IPVS netns shutdown/startup dead-lock (Take II)
From: Hans Schillstrom @ 2011-10-03 21:12 UTC (permalink / raw)
  To: Julian Anastasov
  Cc: Hans Schillstrom, horms, wensong, lvs-devel, netdev,
	netfilter-devel
In-Reply-To: <alpine.LFD.2.00.1110032350500.1868@ja.ssi.bg>

Hi Julian
On Monday, October 03, 2011 22:55:02 Julian Anastasov wrote:
> 
> 	Hello,
> 
> On Mon, 3 Oct 2011, Hans Schillstrom wrote:
> 
> > From: Hans Schillstrom <hans@schillstrom.com>
> > 
> > ip_vs_mutext is used by both netns shutdown code and startup
> > and both implicit uses sk_lock-AF_INET mutex.
> > 
> > cleanup CPU-1         startup CPU-2
> > ip_vs_dst_event()     ip_vs_genl_set_cmd()
> >  sk_lock-AF_INET     __ip_vs_mutex
> >                      sk_lock-AF_INET
> > __ip_vs_mutex
> > * DEAD LOCK *
> > 
> > A new mutex placed in ip_vs netns struct called sync_mutex is added.
> > 
> > Comments from Julian and Simon added.
> > This patch has been running for more than 3 month now and it seems to work.
> 
> 	May be IP_VS_SO_GET_DAEMON in do_ip_vs_get_ctl
> must be protected by sync_mutex in a similar way.
> 

That's right there is a small risk inconsistent data there...
I will send a new patch tomorrow.

Thanks
Hans

^ permalink raw reply

* Re: [PATCH] SELinux: Fix RCU deref check warning in sel_netport_insert()
From: Paul Moore @ 2011-10-03 21:30 UTC (permalink / raw)
  To: David Howells; +Cc: selinux, netdev
In-Reply-To: <20111003135824.15303.10147.stgit@warthog.procyon.org.uk>

On Monday, October 03, 2011 02:58:24 PM David Howells wrote:
> Fix the following bug in sel_netport_insert() where rcu_dereference() should
> be rcu_dereference_protected() as sel_netport_lock is held.
> 
> ===================================================
> [ INFO: suspicious rcu_dereference_check() usage. ]
> ---------------------------------------------------
> security/selinux/netport.c:127 invoked rcu_dereference_check() without
> protection!
> 
> other info that might help us debug this:
> 
> 
> rcu_scheduler_active = 1, debug_locks = 0
> 1 lock held by ossec-rootcheck/3323:
>  #0:  (sel_netport_lock){+.....}, at: [<ffffffff8117d775>]
> sel_netport_sid+0xbb/0x226
> 
> stack backtrace:
> Pid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095
> Call Trace:
>  [<ffffffff8105cfb7>] lockdep_rcu_dereference+0xa7/0xb0
>  [<ffffffff8117d871>] sel_netport_sid+0x1b7/0x226
>  [<ffffffff8117d6ba>] ? sel_netport_avc_callback+0xbc/0xbc
>  [<ffffffff8117556c>] selinux_socket_bind+0x115/0x230
>  [<ffffffff810a5388>] ? might_fault+0x4e/0x9e
>  [<ffffffff810a53d1>] ? might_fault+0x97/0x9e
>  [<ffffffff81171cf4>] security_socket_bind+0x11/0x13
>  [<ffffffff812ba967>] sys_bind+0x56/0x95
>  [<ffffffff81380dac>] ? sysret_check+0x27/0x62
>  [<ffffffff8105b767>] ? trace_hardirqs_on_caller+0x11e/0x155
>  [<ffffffff81076fcd>] ? audit_syscall_entry+0x17b/0x1ae
>  [<ffffffff811b5eae>] ? trace_hardirqs_on_thunk+0x3a/0x3f
>  [<ffffffff81380d7b>] system_call_fastpath+0x16/0x1b
> 
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
> 
>  security/selinux/netport.c |    4 +++-
>  1 files changed, 3 insertions(+), 1 deletions(-)

We should probably do the same for the security/selinux/netif.c as it uses the 
same logic; David is this something you want to tackle?

Acked-by: Paul Moore <paul@paul-moore.com>

> diff --git a/security/selinux/netport.c b/security/selinux/netport.c
> index 0b62bd1..39e2138 100644
> --- a/security/selinux/netport.c
> +++ b/security/selinux/netport.c
> @@ -123,7 +123,9 @@ static void sel_netport_insert(struct sel_netport *port)
> if (sel_netport_hash[idx].size == SEL_NETPORT_HASH_BKT_LIMIT) {
>  		struct sel_netport *tail;
>  		tail = list_entry(
> -			rcu_dereference(sel_netport_hash[idx].list.prev),
> +			rcu_dereference_protected(
> +				sel_netport_hash[idx].list.prev,
> +				spin_is_locked(&sel_netport_lock)),
>  			struct sel_netport, list);
>  		list_del_rcu(&tail->list);
>  		kfree_rcu(tail, rcu);
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
paul moore
www.paul-moore.com

^ permalink raw reply

* Re: [PATCH] SELinux: Fix RCU deref check warning in sel_netport_insert()
From: David Howells @ 2011-10-03 23:07 UTC (permalink / raw)
  To: Paul Moore
  Cc: dhowells-H+wXaHxf7aLQT0dZR+AlfA, selinux-+05T5uksL2qpZYMLLGbcSA,
	netdev-u79uwXL29TY76Z2rM5mHXA
In-Reply-To: <2230709.7n5noARWFd@sifl>

Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org> wrote:

> We should probably do the same for the security/selinux/netif.c as it uses
> the same logic; David is this something you want to tackle?

I can have a look, but it won't be before Wednesday.

David

^ permalink raw reply

* Re: [PATCH] virtio-net: Read MAC only after initializing MSI-X
From: Rusty Russell @ 2011-10-03 23:51 UTC (permalink / raw)
  To: Michael S. Tsirkin
  Cc: Sasha Levin, linux-kernel, virtualization, netdev, kvm,
	David Gibson
In-Reply-To: <20111002090900.GA29706@redhat.com>

On Sun, 2 Oct 2011 11:09:00 +0200, "Michael S. Tsirkin" <mst@redhat.com> wrote:
> On Mon, Sep 19, 2011 at 05:19:49PM +0930, Rusty Russell wrote:
> > On Mon, 19 Sep 2011 09:01:50 +0300, "Michael S. Tsirkin" <mst@redhat.com> wrote:
> > > On Mon, Sep 19, 2011 at 01:05:17PM +0930, Rusty Russell wrote:
> > > > On Sat, 20 Aug 2011 23:00:44 +0300, "Michael S. Tsirkin" <mst@redhat.com> wrote:
> > > > > On Fri, Aug 19, 2011 at 07:33:07PM +0300, Sasha Levin wrote:
> > > > > > Maybe this is better solved by copying the way it was done in PCI itself
> > > > > > with capability linked list?
> > > > > 
> > > > > There are any number of ways to lay out the structure.  I went for what
> > > > > seemed a simplest one.  For MSI-X the train has left the station.  We
> > > > > can probably still tweak where the high 32 bit features
> > > > > for 64 bit features are.  No idea if it's worth it.
> > > > 
> > > > Sorry, this has been in the back of my mind.  I think it's a good idea;
> > > > can we use the capability linked list for pre-device specific stuff from
> > > > now on?
> > > > 
> > > > Thanks,
> > > > Rusty.
> > > 
> > > Do we even want capability bits then?
> > > We can give each capability an ack flag ...
> > 
> > We could have, and if I'd known PCI when I designed virtio I might have.
> > 
> > But it's not easy now to map structure offsets to that scheme, and we
> > can't really force such a change on the non-PCI users.  So I'd say we
> > should only do it for the non-device-specific options.  ie. we'll still
> > have the MSI-X case move the device-specific config, but we'll use a
> > linked list from now on, eg. for the next 32 features bits...
> > 
> > Thoughts?
> > Rusty.
> 
> So I thought about this some more. It probably makes sense to
> stop adding info in the io space, and start adding new stuff in
> memory space which is much less contrained.
> 
> As we need to keep compatibility, and also because memory access is
> much slower with kvm so we prefer io for datapath, we could have the
> first X bytes still mirrored in io space.
> 
> MSIX is there, and it's pointed to from config space,
> so we could just put our stuff at offset 0.
> 
> Or if we wanted a lot of flexibility, we could add pointers, in config
> space, to device specific and non device specific regions in memory
> space.
> 
> Makes sense?

I've cc'd David Gibson who has noted in the past that I/O space on PPC
is icky.

I think a linked list for future virtio-pci extensions makes sense (not
device-specific stuff, that's great as a simple structure).  I think
mirroring everything in mem space makes sense, too.

Thanks,
Rusty.

^ permalink raw reply

* Re: [PATCH] SELinux: Fix RCU deref check warning in sel_netport_insert()
From: Paul Moore @ 2011-10-04  0:06 UTC (permalink / raw)
  To: David Howells; +Cc: selinux, netdev
In-Reply-To: <25906.1317683262@redhat.com>

On Tuesday, October 4, 2011 12:07:42 AM David Howells wrote:
> Paul Moore <paul@paul-moore.com> wrote:
> > We should probably do the same for the security/selinux/netif.c as it
> > uses the same logic; David is this something you want to tackle?
> 
> I can have a look, but it won't be before Wednesday.

Not a problem, if you don't get to it just let me know and I'll put together a 
patch.

Thanks.

-- 
paul moore
www.paul-moore.com

^ permalink raw reply


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox