[netfilter-cvslog] r3729 - trunk/patch-o-matic-ng/ownercmd

laforge at netfilter.org laforge at netfilter.org
Sat Feb 19 20:06:55 CET 2005 

Author: laforge at netfilter.org
Date: 2005-02-19 20:06:54 +0100 (Sat, 19 Feb 2005)
New Revision: 3729

Modified:
   trunk/patch-o-matic-ng/ownercmd/linux-2.4.patch
   trunk/patch-o-matic-ng/ownercmd/linux-2.6.patch
Log:
The current 2.6 patch illegally uses read locks, which causes compiler 
warnings. If you look at the other functions in the same file 
(ip6t_owner.c), it's easy to see spinlocks are used for the same 
operations everywhere else in the file.

[2] Both the 2.4 and 2.6 patches lack an update to the SMP checks done 
in the checkentry() function. The ipv4 version in the stock kernel does 
this properly, so I updated the checks according to that.

(Jonas Berlin)


Modified: trunk/patch-o-matic-ng/ownercmd/linux-2.4.patch
===================================================================
--- trunk/patch-o-matic-ng/ownercmd/linux-2.4.patch	2005-02-17 17:54:29 UTC (rev 3728)
+++ trunk/patch-o-matic-ng/ownercmd/linux-2.4.patch	2005-02-19 19:06:54 UTC (rev 3729)
@@ -1,6 +1,6 @@
-diff -urN ../../kernel/linux-2.4.20-pre4/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.4.20-pre4/include/linux/netfilter_ipv6/ip6t_owner.h
---- ../../kernel/linux-2.4.20-pre4/include/linux/netfilter_ipv6/ip6t_owner.h	2000-06-20 23:32:27.000000000 +0200
-+++ linux-2.4.20-pre4/include/linux/netfilter_ipv6/ip6t_owner.h	2002-08-30 02:05:19.000000000 +0200
+diff -ur --exclude-from=/tmp/srcdiff.excludes.K336vZ -N orig-linux-2.4.28/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.4.28/include/linux/netfilter_ipv6/ip6t_owner.h
+--- orig-linux-2.4.28/include/linux/netfilter_ipv6/ip6t_owner.h	2001-05-17 16:05:15.000000000 +0300
++++ linux-2.4.28/include/linux/netfilter_ipv6/ip6t_owner.h	2005-02-17 04:43:29.765977549 +0200
 @@ -6,12 +6,14 @@
  #define IP6T_OWNER_GID	0x02
  #define IP6T_OWNER_PID	0x04
@@ -16,9 +16,9 @@
      u_int8_t match, invert;	/* flags */
  };
  
-diff -urN ../../kernel/linux-2.4.20-pre4/net/ipv6/netfilter/ip6t_owner.c linux-2.4.20-pre4/net/ipv6/netfilter/ip6t_owner.c
---- ../../kernel/linux-2.4.20-pre4/net/ipv6/netfilter/ip6t_owner.c	2001-10-31 00:08:12.000000000 +0100
-+++ linux-2.4.20-pre4/net/ipv6/netfilter/ip6t_owner.c	2002-08-30 02:04:04.000000000 +0200
+diff -ur --exclude-from=/tmp/srcdiff.excludes.K336vZ -N orig-linux-2.4.28/net/ipv6/netfilter/ip6t_owner.c linux-2.4.28/net/ipv6/netfilter/ip6t_owner.c
+--- orig-linux-2.4.28/net/ipv6/netfilter/ip6t_owner.c	2004-11-28 09:57:45.000000000 +0200
++++ linux-2.4.28/net/ipv6/netfilter/ip6t_owner.c	2005-02-17 04:44:04.759592035 +0200
 @@ -16,6 +16,38 @@
  MODULE_LICENSE("GPL");
  
@@ -71,3 +71,15 @@
  	return 1;
  }
  
+@@ -140,8 +178,9 @@
+ #ifdef CONFIG_SMP
+ 	/* files->file_lock can not be used in a BH */
+ 	if (((struct ip6t_owner_info *)matchinfo)->match
+-	    & (IP6T_OWNER_PID|IP6T_OWNER_SID)) {
+-		printk("ip6t_owner: pid and sid matching is broken on SMP.\n");
++	    & (IP6T_OWNER_PID|IP6T_OWNER_SID|IP6T_OWNER_COMM)) {
++		printk("ip6t_owner: pid, sid and command matching is broken "
++		       "on SMP.\n");
+ 		return 0;
+ 	}
+ #endif

Modified: trunk/patch-o-matic-ng/ownercmd/linux-2.6.patch
===================================================================
--- trunk/patch-o-matic-ng/ownercmd/linux-2.6.patch	2005-02-17 17:54:29 UTC (rev 3728)
+++ trunk/patch-o-matic-ng/ownercmd/linux-2.6.patch	2005-02-19 19:06:54 UTC (rev 3729)
@@ -1,20 +1,6 @@
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# ChangeSet
-#   2004/04/24 13:40:50+02:00 kaber at trash.net 
-#   ip6t_owner command matching
-# 
-# net/ipv6/netfilter/ip6t_owner.c
-#   2004/04/24 13:38:17+02:00 kaber at trash.net +39 -0
-#   ip6t_owner command matching
-# 
-# include/linux/netfilter_ipv6/ip6t_owner.h
-#   2004/04/24 13:38:17+02:00 kaber at trash.net +2 -0
-#   ip6t_owner command matching
-# 
-diff -Nru a/include/linux/netfilter_ipv6/ip6t_owner.h b/include/linux/netfilter_ipv6/ip6t_owner.h
---- a/include/linux/netfilter_ipv6/ip6t_owner.h	Sat Apr 24 13:41:55 2004
-+++ b/include/linux/netfilter_ipv6/ip6t_owner.h	Sat Apr 24 13:41:55 2004
+diff -ur --exclude-from=/tmp/srcdiff.excludes.ye2xex -N orig-linux-2.6.10/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.6.10/include/linux/netfilter_ipv6/ip6t_owner.h
+--- orig-linux-2.6.10/include/linux/netfilter_ipv6/ip6t_owner.h	2004-12-24 23:35:00.000000000 +0200
++++ linux-2.6.10/include/linux/netfilter_ipv6/ip6t_owner.h	2005-02-17 04:33:02.405528261 +0200
 @@ -6,12 +6,14 @@
  #define IP6T_OWNER_GID	0x02
  #define IP6T_OWNER_PID	0x04
@@ -30,9 +16,9 @@
      u_int8_t match, invert;	/* flags */
  };
  
-diff -Nru a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
---- a/net/ipv6/netfilter/ip6t_owner.c	Sat Apr 24 13:41:55 2004
-+++ b/net/ipv6/netfilter/ip6t_owner.c	Sat Apr 24 13:41:55 2004
+diff -ur --exclude-from=/tmp/srcdiff.excludes.ye2xex -N orig-linux-2.6.10/net/ipv6/netfilter/ip6t_owner.c linux-2.6.10/net/ipv6/netfilter/ip6t_owner.c
+--- orig-linux-2.6.10/net/ipv6/netfilter/ip6t_owner.c	2004-12-24 23:36:00.000000000 +0200
++++ linux-2.6.10/net/ipv6/netfilter/ip6t_owner.c	2005-02-17 04:33:09.219479594 +0200
 @@ -21,6 +21,39 @@
  MODULE_LICENSE("GPL");
  
@@ -51,17 +37,17 @@
 +		task_lock(p);
 +		files = p->files;
 +		if(files) {
-+			read_lock(&files->file_lock);
++			spin_lock(&files->file_lock);
 +			for (i=0; i < files->max_fds; i++) {
 +				if (fcheck_files(files, i) ==
 +				    skb->sk->sk_socket->file) {
-+					read_unlock(&files->file_lock);
++					spin_unlock(&files->file_lock);
 +					task_unlock(p);
 +					read_unlock(&tasklist_lock);
 +					return 1;
 +				}
 +			}
-+			read_unlock(&files->file_lock);
++			spin_unlock(&files->file_lock);
 +		}
 +		task_unlock(p);
 +	} while_each_thread(g, p);
@@ -73,16 +59,28 @@
  match_pid(const struct sk_buff *skb, pid_t pid)
  {
  	struct task_struct *p;
-@@ -122,6 +155,12 @@
- 	if(info->match & IP6T_OWNER_SID) {
- 		if (!match_sid(skb, info->sid) ^
- 		    !!(info->invert & IP6T_OWNER_SID))
-+			return 0;
-+	}
-+
+@@ -124,6 +157,12 @@
+ 			return 0;
+ 	}
+ 
 +	if(info->match & IP6T_OWNER_COMM) {
 +		if (!match_comm(skb, info->comm) ^
 +		    !!(info->invert & IP6T_OWNER_COMM))
- 			return 0;
- 	}
++			return 0;
++	}
++
+ 	return 1;
+ }
  
+@@ -145,8 +184,9 @@
+ #ifdef CONFIG_SMP
+ 	/* files->file_lock can not be used in a BH */
+ 	if (((struct ip6t_owner_info *)matchinfo)->match
+-	    & (IP6T_OWNER_PID|IP6T_OWNER_SID)) {
+-		printk("ip6t_owner: pid and sid matching is broken on SMP.\n");
++	    & (IP6T_OWNER_PID|IP6T_OWNER_SID|IP6T_OWNER_COMM)) {
++		printk("ip6t_owner: pid, sid and command matching is broken "
++		       "on SMP.\n");
+ 		return 0;
+ 	}
+ #endif

More information about the netfilter-cvslog mailing list