* [PATCH 1/3] ipvs: fix sctp chunk length order
2013-03-19 1:39 [GIT PULL nf] IPVS fixes for v3.9 Simon Horman
@ 2013-03-19 1:39 ` Simon Horman
2013-03-19 1:39 ` [PATCH 2/3] ipvs: fix hashing in ip_vs_svc_hashkey Simon Horman
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Simon Horman @ 2013-03-19 1:39 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: lvs-devel, netdev, netfilter-devel, Wensong Zhang,
Julian Anastasov, Simon Horman
From: Julian Anastasov <ja@ssi.bg>
Fix wrong but non-fatal access to chunk length.
sch->length should be in network order, next chunk should
be aligned to 4 bytes. Problem noticed in sparse output.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
net/netfilter/ipvs/ip_vs_proto_sctp.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c
index ae8ec6f..cd1d729 100644
--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
@@ -906,7 +906,7 @@ set_sctp_state(struct ip_vs_proto_data *pd, struct ip_vs_conn *cp,
sctp_chunkhdr_t _sctpch, *sch;
unsigned char chunk_type;
int event, next_state;
- int ihl;
+ int ihl, cofs;
#ifdef CONFIG_IP_VS_IPV6
ihl = cp->af == AF_INET ? ip_hdrlen(skb) : sizeof(struct ipv6hdr);
@@ -914,8 +914,8 @@ set_sctp_state(struct ip_vs_proto_data *pd, struct ip_vs_conn *cp,
ihl = ip_hdrlen(skb);
#endif
- sch = skb_header_pointer(skb, ihl + sizeof(sctp_sctphdr_t),
- sizeof(_sctpch), &_sctpch);
+ cofs = ihl + sizeof(sctp_sctphdr_t);
+ sch = skb_header_pointer(skb, cofs, sizeof(_sctpch), &_sctpch);
if (sch == NULL)
return;
@@ -933,10 +933,12 @@ set_sctp_state(struct ip_vs_proto_data *pd, struct ip_vs_conn *cp,
*/
if ((sch->type == SCTP_CID_COOKIE_ECHO) ||
(sch->type == SCTP_CID_COOKIE_ACK)) {
- sch = skb_header_pointer(skb, (ihl + sizeof(sctp_sctphdr_t) +
- sch->length), sizeof(_sctpch), &_sctpch);
- if (sch) {
- if (sch->type == SCTP_CID_ABORT)
+ int clen = ntohs(sch->length);
+
+ if (clen >= sizeof(sctp_chunkhdr_t)) {
+ sch = skb_header_pointer(skb, cofs + ALIGN(clen, 4),
+ sizeof(_sctpch), &_sctpch);
+ if (sch && sch->type == SCTP_CID_ABORT)
chunk_type = sch->type;
}
}
--
1.7.10.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/3] ipvs: fix hashing in ip_vs_svc_hashkey
2013-03-19 1:39 [GIT PULL nf] IPVS fixes for v3.9 Simon Horman
2013-03-19 1:39 ` [PATCH 1/3] ipvs: fix sctp chunk length order Simon Horman
@ 2013-03-19 1:39 ` Simon Horman
2013-03-19 1:39 ` [PATCH 3/3] ipvs: fix some sparse warnings Simon Horman
2013-03-19 9:45 ` [GIT PULL nf] IPVS fixes for v3.9 Pablo Neira Ayuso
3 siblings, 0 replies; 6+ messages in thread
From: Simon Horman @ 2013-03-19 1:39 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: lvs-devel, netdev, netfilter-devel, Wensong Zhang,
Julian Anastasov, Simon Horman
From: Julian Anastasov <ja@ssi.bg>
net is a pointer in host order, mix it properly
with other keys in network order. Fixes sparse warning.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
net/netfilter/ipvs/ip_vs_ctl.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index c68198b..a528178 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -271,16 +271,18 @@ ip_vs_svc_hashkey(struct net *net, int af, unsigned int proto,
{
register unsigned int porth = ntohs(port);
__be32 addr_fold = addr->ip;
+ __u32 ahash;
#ifdef CONFIG_IP_VS_IPV6
if (af == AF_INET6)
addr_fold = addr->ip6[0]^addr->ip6[1]^
addr->ip6[2]^addr->ip6[3];
#endif
- addr_fold ^= ((size_t)net>>8);
+ ahash = ntohl(addr_fold);
+ ahash ^= ((size_t) net >> 8);
- return (proto^ntohl(addr_fold)^(porth>>IP_VS_SVC_TAB_BITS)^porth)
- & IP_VS_SVC_TAB_MASK;
+ return (proto ^ ahash ^ (porth >> IP_VS_SVC_TAB_BITS) ^ porth) &
+ IP_VS_SVC_TAB_MASK;
}
/*
--
1.7.10.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/3] ipvs: fix some sparse warnings
2013-03-19 1:39 [GIT PULL nf] IPVS fixes for v3.9 Simon Horman
2013-03-19 1:39 ` [PATCH 1/3] ipvs: fix sctp chunk length order Simon Horman
2013-03-19 1:39 ` [PATCH 2/3] ipvs: fix hashing in ip_vs_svc_hashkey Simon Horman
@ 2013-03-19 1:39 ` Simon Horman
2013-03-19 9:45 ` [GIT PULL nf] IPVS fixes for v3.9 Pablo Neira Ayuso
3 siblings, 0 replies; 6+ messages in thread
From: Simon Horman @ 2013-03-19 1:39 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: lvs-devel, netdev, netfilter-devel, Wensong Zhang,
Julian Anastasov, Simon Horman
From: Julian Anastasov <ja@ssi.bg>
Add missing __percpu annotations and make ip_vs_net_id static.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
include/net/ip_vs.h | 2 +-
net/netfilter/ipvs/ip_vs_core.c | 8 +-------
net/netfilter/ipvs/ip_vs_est.c | 2 +-
3 files changed, 3 insertions(+), 9 deletions(-)
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 68c69d5..29bc055 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -459,7 +459,7 @@ struct ip_vs_estimator {
struct ip_vs_stats {
struct ip_vs_stats_user ustats; /* statistics */
struct ip_vs_estimator est; /* estimator */
- struct ip_vs_cpu_stats *cpustats; /* per cpu counters */
+ struct ip_vs_cpu_stats __percpu *cpustats; /* per cpu counters */
spinlock_t lock; /* spin lock */
struct ip_vs_stats_user ustats0; /* reset values */
};
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 47edf5a..3e5e80b 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -69,10 +69,7 @@ EXPORT_SYMBOL(ip_vs_conn_put);
EXPORT_SYMBOL(ip_vs_get_debug_level);
#endif
-int ip_vs_net_id __read_mostly;
-#ifdef IP_VS_GENERIC_NETNS
-EXPORT_SYMBOL(ip_vs_net_id);
-#endif
+static int ip_vs_net_id __read_mostly;
/* netns cnt used for uniqueness */
static atomic_t ipvs_netns_cnt = ATOMIC_INIT(0);
@@ -1181,9 +1178,6 @@ ip_vs_out(unsigned int hooknum, struct sk_buff *skb, int af)
iph.len)))) {
#ifdef CONFIG_IP_VS_IPV6
if (af == AF_INET6) {
- struct net *net =
- dev_net(skb_dst(skb)->dev);
-
if (!skb->dev)
skb->dev = net->loopback_dev;
icmpv6_send(skb,
diff --git a/net/netfilter/ipvs/ip_vs_est.c b/net/netfilter/ipvs/ip_vs_est.c
index 0fac601..6bee6d0 100644
--- a/net/netfilter/ipvs/ip_vs_est.c
+++ b/net/netfilter/ipvs/ip_vs_est.c
@@ -56,7 +56,7 @@
* Make a summary from each cpu
*/
static void ip_vs_read_cpu_stats(struct ip_vs_stats_user *sum,
- struct ip_vs_cpu_stats *stats)
+ struct ip_vs_cpu_stats __percpu *stats)
{
int i;
--
1.7.10.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [GIT PULL nf] IPVS fixes for v3.9
2013-03-19 1:39 [GIT PULL nf] IPVS fixes for v3.9 Simon Horman
` (2 preceding siblings ...)
2013-03-19 1:39 ` [PATCH 3/3] ipvs: fix some sparse warnings Simon Horman
@ 2013-03-19 9:45 ` Pablo Neira Ayuso
2013-03-19 12:15 ` Simon Horman
3 siblings, 1 reply; 6+ messages in thread
From: Pablo Neira Ayuso @ 2013-03-19 9:45 UTC (permalink / raw)
To: Simon Horman
Cc: lvs-devel, netdev, netfilter-devel, Wensong Zhang, Julian Anastasov
Hi Simon,
I proposed this:
> I think that these three fixes:
>
> ipvs: add backup_only flag to avoid loops
> ipvs: remove extra rcu lock
> ipvs: fix sctp chunk length order
>
> should find their path to the net tree.
>
> The remaining two sparse fixes should go to net-next.
But you sent me these for net:
ipvs: fix sctp chunk length order
ipvs: fix hashing in ip_vs_svc_hashkey
ipvs: fix some sparse warnings
that doesn't match.
Can you resolve this? Thanks.
On Tue, Mar 19, 2013 at 10:39:55AM +0900, Simon Horman wrote:
> Hi Pablo,
>
> The following changes since commit a82783c91d5dce680dbd290ebf301a520b0e72a5:
>
> netfilter: ip6t_NPT: restrict to mangle table (2013-03-15 12:58:21 +0100)
>
> are available in the git repository at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs.git tags/ipvs-fixes-for-v3.9
>
> for you to fetch changes up to 1804ac13ac3d9d39b94f3074f303b286e90632ba:
>
> ipvs: fix some sparse warnings (2013-03-19 09:37:37 +0900)
>
> ----------------------------------------------------------------
> IPVS fixes for v3.9 from Julian Anastasov
>
> ----------------------------------------------------------------
> Julian Anastasov (3):
> ipvs: fix sctp chunk length order
> ipvs: fix hashing in ip_vs_svc_hashkey
> ipvs: fix some sparse warnings
>
> include/net/ip_vs.h | 2 +-
> net/netfilter/ipvs/ip_vs_core.c | 8 +-------
> net/netfilter/ipvs/ip_vs_ctl.c | 8 +++++---
> net/netfilter/ipvs/ip_vs_est.c | 2 +-
> net/netfilter/ipvs/ip_vs_proto_sctp.c | 16 +++++++++-------
> 5 files changed, 17 insertions(+), 19 deletions(-)
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [GIT PULL nf] IPVS fixes for v3.9
2013-03-19 9:45 ` [GIT PULL nf] IPVS fixes for v3.9 Pablo Neira Ayuso
@ 2013-03-19 12:15 ` Simon Horman
0 siblings, 0 replies; 6+ messages in thread
From: Simon Horman @ 2013-03-19 12:15 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: lvs-devel, netdev, netfilter-devel, Wensong Zhang, Julian Anastasov
On Tue, Mar 19, 2013 at 10:45:55AM +0100, Pablo Neira Ayuso wrote:
> Hi Simon,
>
> I proposed this:
>
> > I think that these three fixes:
> >
> > ipvs: add backup_only flag to avoid loops
> > ipvs: remove extra rcu lock
> > ipvs: fix sctp chunk length order
> >
> > should find their path to the net tree.
> >
> > The remaining two sparse fixes should go to net-next.
>
> But you sent me these for net:
>
> ipvs: fix sctp chunk length order
> ipvs: fix hashing in ip_vs_svc_hashkey
> ipvs: fix some sparse warnings
>
> that doesn't match.
>
> Can you resolve this? Thanks.
Oops, will do.
^ permalink raw reply [flat|nested] 6+ messages in thread