netfilter 00/02: Netfilter fixes

netfilter 00/02: Netfilter fixes

[Patrick McHardy]

Hi Dave,

following are two patches for netfilter, fixing

- a positive errno return value in the osf match

- a sleeping function called under RCU lock in the nf_log seq_show function

Please apply or pull from:

git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git master

Thanks!


 net/netfilter/nf_log.c |   18 +++++-------------
 net/netfilter/xt_osf.c |    2 +-
 2 files changed, 6 insertions(+), 14 deletions(-)

Roel Kluin (1):
      netfilter: xt_osf: fix xt_osf_remove_callback() return value

Wu Fengguang (1):
      netfilter: nf_log: fix sleeping function called from invalid context in seq_show()

netfilter 01/02: xt_osf: fix xt_osf_remove_callback() return value

[Patrick McHardy]

commit 1c622ae67bfc729891f5cd80795b15b87e6ac471
Author: Roel Kluin <roel.kluin@gmail.com>
Date:   Fri Nov 13 09:31:35 2009 +0100

    netfilter: xt_osf: fix xt_osf_remove_callback() return value
    
    Return a negative error value.
    
    Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c
index 63e1905..4d1a41b 100644
--- a/net/netfilter/xt_osf.c
+++ b/net/netfilter/xt_osf.c
@@ -118,7 +118,7 @@ static int xt_osf_remove_callback(struct sock *ctnl, struct sk_buff *skb,
 {
 	struct xt_osf_user_finger *f;
 	struct xt_osf_finger *sf;
-	int err = ENOENT;
+	int err = -ENOENT;
 
 	if (!osf_attrs[OSF_ATTR_FINGER])
 		return -EINVAL;

netfilter 02/02: nf_log: fix sleeping function called from invalid context in seq_show()

[Patrick McHardy]

commit 7378396cd172cc058fa62220c6486419046c4e0c
Author: Wu Fengguang <fengguang.wu@intel.com>
Date:   Fri Nov 13 09:34:44 2009 +0100

    netfilter: nf_log: fix sleeping function called from invalid context in seq_show()
    
    [  171.925285] BUG: sleeping function called from invalid context at kernel/mutex.c:280
    [  171.925296] in_atomic(): 1, irqs_disabled(): 0, pid: 671, name: grep
    [  171.925306] 2 locks held by grep/671:
    [  171.925312]  #0:  (&p->lock){+.+.+.}, at: [<c10b8acd>] seq_read+0x25/0x36c
    [  171.925340]  #1:  (rcu_read_lock){.+.+..}, at: [<c1391dac>] seq_start+0x0/0x44
    [  171.925372] Pid: 671, comm: grep Not tainted 2.6.31.6-4-netbook #3
    [  171.925380] Call Trace:
    [  171.925398]  [<c105104e>] ? __debug_show_held_locks+0x1e/0x20
    [  171.925414]  [<c10264ac>] __might_sleep+0xfb/0x102
    [  171.925430]  [<c1461521>] mutex_lock_nested+0x1c/0x2ad
    [  171.925444]  [<c1391c9e>] seq_show+0x74/0x127
    [  171.925456]  [<c10b8c5c>] seq_read+0x1b4/0x36c
    [  171.925469]  [<c10b8aa8>] ? seq_read+0x0/0x36c
    [  171.925483]  [<c10d5c8e>] proc_reg_read+0x60/0x74
    [  171.925496]  [<c10d5c2e>] ? proc_reg_read+0x0/0x74
    [  171.925510]  [<c10a4468>] vfs_read+0x87/0x110
    [  171.925523]  [<c10a458a>] sys_read+0x3b/0x60
    [  171.925538]  [<c1002a49>] syscall_call+0x7/0xb
    
    Fix it by replacing RCU with nf_log_mutex.
    
    Reported-by: "Yin, Kangkai" <kangkai.yin@intel.com>
    Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index c93494f..d65d348 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -128,9 +128,8 @@ EXPORT_SYMBOL(nf_log_packet);
 
 #ifdef CONFIG_PROC_FS
 static void *seq_start(struct seq_file *seq, loff_t *pos)
-	__acquires(RCU)
 {
-	rcu_read_lock();
+	mutex_lock(&nf_log_mutex);
 
 	if (*pos >= ARRAY_SIZE(nf_loggers))
 		return NULL;
@@ -149,9 +148,8 @@ static void *seq_next(struct seq_file *s, void *v, loff_t *pos)
 }
 
 static void seq_stop(struct seq_file *s, void *v)
-	__releases(RCU)
 {
-	rcu_read_unlock();
+	mutex_unlock(&nf_log_mutex);
 }
 
 static int seq_show(struct seq_file *s, void *v)
@@ -161,7 +159,7 @@ static int seq_show(struct seq_file *s, void *v)
 	struct nf_logger *t;
 	int ret;
 
-	logger = rcu_dereference(nf_loggers[*pos]);
+	logger = nf_loggers[*pos];
 
 	if (!logger)
 		ret = seq_printf(s, "%2lld NONE (", *pos);
@@ -171,22 +169,16 @@ static int seq_show(struct seq_file *s, void *v)
 	if (ret < 0)
 		return ret;
 
-	mutex_lock(&nf_log_mutex);
 	list_for_each_entry(t, &nf_loggers_l[*pos], list[*pos]) {
 		ret = seq_printf(s, "%s", t->name);
-		if (ret < 0) {
-			mutex_unlock(&nf_log_mutex);
+		if (ret < 0)
 			return ret;
-		}
 		if (&t->list[*pos] != nf_loggers_l[*pos].prev) {
 			ret = seq_printf(s, ",");
-			if (ret < 0) {
-				mutex_unlock(&nf_log_mutex);
+			if (ret < 0)
 				return ret;
-			}
 		}
 	}
-	mutex_unlock(&nf_log_mutex);
 
 	return seq_printf(s, ")\n");
 }

Re: netfilter 01/02: xt_osf: fix xt_osf_remove_callback() return value

[David Miller]

From: Patrick McHardy <kaber@trash.net>
Date: Thu, 19 Nov 2009 15:59:03 +0100 (MET)

> commit 1c622ae67bfc729891f5cd80795b15b87e6ac471
> Author: Roel Kluin <roel.kluin@gmail.com>
> Date:   Fri Nov 13 09:31:35 2009 +0100
> 
>     netfilter: xt_osf: fix xt_osf_remove_callback() return value
>     
>     Return a negative error value.
>     
>     Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
>     Signed-off-by: Patrick McHardy <kaber@trash.net>

Applied.

Re: netfilter 02/02: nf_log: fix sleeping function called from invalid context in seq_show()

[David Miller]

From: Patrick McHardy <kaber@trash.net>
Date: Thu, 19 Nov 2009 15:59:05 +0100 (MET)

> commit 7378396cd172cc058fa62220c6486419046c4e0c
> Author: Wu Fengguang <fengguang.wu@intel.com>
> Date:   Fri Nov 13 09:34:44 2009 +0100
> 
>     netfilter: nf_log: fix sleeping function called from invalid context in seq_show()
...
>     Reported-by: "Yin, Kangkai" <kangkai.yin@intel.com>
>     Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
>     Signed-off-by: Patrick McHardy <kaber@trash.net>
> 

Applied.

Re: netfilter 00/02: netfilter fixes

[David Miller]

From: Patrick McHardy <kaber@trash.net>
Date: Tue,  2 Feb 2010 17:27:37 +0100 (MET)

> the following two patches fix two bugs in netfilter:
> 
> - an off-by-one in SIP conntrack short header parsing, causing mismatches
>   with UAs not inserting a space after the colon
> 
> - a missing initialization in ctnetlink when dumping an expectation mask,
>   causing an invalid layer 4 protocol number to be used
> 
> Please apply or pull from:
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git master

Pulled, thanks Patrick.

netfilter 00/02: netfilter fixes

[Patrick McHardy]

Hi Dave,

the following two patches fix two bugs in netfilter:

- an off-by-one in SIP conntrack short header parsing, causing mismatches
  with UAs not inserting a space after the colon

- a missing initialization in ctnetlink when dumping an expectation mask,
  causing an invalid layer 4 protocol number to be used

Please apply or pull from:

git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git master

Thanks!


 net/netfilter/nf_conntrack_netlink.c |    3 ++-
 net/netfilter/nf_conntrack_sip.c     |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

Patrick McHardy (2):
      netfilter: nf_conntrack_sip: fix off-by-one in compact header parsing
      netfilter: ctnetlink: fix expectation mask dump

Re: netfilter 00/02: netfilter fixes

[David Miller]

From: Patrick McHardy <kaber@trash.net>
Date: Fri, 17 Apr 2009 18:09:13 +0200 (MEST)

> the following two patches fix two netfilter bugs:
> 
> - missing socket notification for ctnetlink skb allocation errors
> 
> - an incorrect return code in nfnetlink for netlink_kernel_create() failure
> 
> Please apply or pull from:
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git

Pulled, thanks a lot!

netfilter 00/02: netfilter fixes

[Patrick McHardy]

Hi Dave,

the following two patches fix two netfilter bugs:

- missing socket notification for ctnetlink skb allocation errors

- an incorrect return code in nfnetlink for netlink_kernel_create() failure

Please apply or pull from:

git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git

Thanks!


 net/netfilter/nf_conntrack_netlink.c |   10 ++++++----
 net/netfilter/nfnetlink.c            |    2 +-
 2 files changed, 7 insertions(+), 5 deletions(-)

Pablo Neira Ayuso (2):
      netfilter: ctnetlink: report error if event message allocation fails
      netfilter: nfnetlink: return ENOMEM if we fail to create netlink socket

netfilter 00/02: netfilter fixes

[Patrick McHardy]

Hi Dave,

the following two patches contain the GRE conntrack netns fix for an
oops on unload from Alexey and the preparatory patch, introducing
register_pernet_gen_subsys/unregister_pernet_gen_subsys.

Please apply, thanks.


 include/net/net_namespace.h            |    2 ++
 net/core/net_namespace.c               |   32 ++++++++++++++++++++++++++++++++
 net/netfilter/nf_conntrack_proto_gre.c |    4 ++--
 3 files changed, 36 insertions(+), 2 deletions(-)

Alexey Dobriyan (2):
      netns: add register_pernet_gen_subsys/unregister_pernet_gen_subsys
      netfilter: nf_conntrack_proto_gre: switch to register_pernet_gen_subsys()