[netfilter-cvslog] r3729 - trunk/patch-o-matic-ng/ownercmd
laforge at netfilter.org
laforge at netfilter.org
Sat Feb 19 20:06:55 CET 2005
Author: laforge at netfilter.org
Date: 2005-02-19 20:06:54 +0100 (Sat, 19 Feb 2005)
New Revision: 3729
Modified:
trunk/patch-o-matic-ng/ownercmd/linux-2.4.patch
trunk/patch-o-matic-ng/ownercmd/linux-2.6.patch
Log:
The current 2.6 patch illegally uses read locks, which causes compiler
warnings. If you look at the other functions in the same file
(ip6t_owner.c), it's easy to see spinlocks are used for the same
operations everywhere else in the file.
[2] Both the 2.4 and 2.6 patches lack an update to the SMP checks done
in the checkentry() function. The ipv4 version in the stock kernel does
this properly, so I updated the checks according to that.
(Jonas Berlin)
Modified: trunk/patch-o-matic-ng/ownercmd/linux-2.4.patch
===================================================================
--- trunk/patch-o-matic-ng/ownercmd/linux-2.4.patch 2005-02-17 17:54:29 UTC (rev 3728)
+++ trunk/patch-o-matic-ng/ownercmd/linux-2.4.patch 2005-02-19 19:06:54 UTC (rev 3729)
@@ -1,6 +1,6 @@
-diff -urN ../../kernel/linux-2.4.20-pre4/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.4.20-pre4/include/linux/netfilter_ipv6/ip6t_owner.h
---- ../../kernel/linux-2.4.20-pre4/include/linux/netfilter_ipv6/ip6t_owner.h 2000-06-20 23:32:27.000000000 +0200
-+++ linux-2.4.20-pre4/include/linux/netfilter_ipv6/ip6t_owner.h 2002-08-30 02:05:19.000000000 +0200
+diff -ur --exclude-from=/tmp/srcdiff.excludes.K336vZ -N orig-linux-2.4.28/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.4.28/include/linux/netfilter_ipv6/ip6t_owner.h
+--- orig-linux-2.4.28/include/linux/netfilter_ipv6/ip6t_owner.h 2001-05-17 16:05:15.000000000 +0300
++++ linux-2.4.28/include/linux/netfilter_ipv6/ip6t_owner.h 2005-02-17 04:43:29.765977549 +0200
@@ -6,12 +6,14 @@
#define IP6T_OWNER_GID 0x02
#define IP6T_OWNER_PID 0x04
@@ -16,9 +16,9 @@
u_int8_t match, invert; /* flags */
};
-diff -urN ../../kernel/linux-2.4.20-pre4/net/ipv6/netfilter/ip6t_owner.c linux-2.4.20-pre4/net/ipv6/netfilter/ip6t_owner.c
---- ../../kernel/linux-2.4.20-pre4/net/ipv6/netfilter/ip6t_owner.c 2001-10-31 00:08:12.000000000 +0100
-+++ linux-2.4.20-pre4/net/ipv6/netfilter/ip6t_owner.c 2002-08-30 02:04:04.000000000 +0200
+diff -ur --exclude-from=/tmp/srcdiff.excludes.K336vZ -N orig-linux-2.4.28/net/ipv6/netfilter/ip6t_owner.c linux-2.4.28/net/ipv6/netfilter/ip6t_owner.c
+--- orig-linux-2.4.28/net/ipv6/netfilter/ip6t_owner.c 2004-11-28 09:57:45.000000000 +0200
++++ linux-2.4.28/net/ipv6/netfilter/ip6t_owner.c 2005-02-17 04:44:04.759592035 +0200
@@ -16,6 +16,38 @@
MODULE_LICENSE("GPL");
@@ -71,3 +71,15 @@
return 1;
}
+@@ -140,8 +178,9 @@
+ #ifdef CONFIG_SMP
+ /* files->file_lock can not be used in a BH */
+ if (((struct ip6t_owner_info *)matchinfo)->match
+- & (IP6T_OWNER_PID|IP6T_OWNER_SID)) {
+- printk("ip6t_owner: pid and sid matching is broken on SMP.\n");
++ & (IP6T_OWNER_PID|IP6T_OWNER_SID|IP6T_OWNER_COMM)) {
++ printk("ip6t_owner: pid, sid and command matching is broken "
++ "on SMP.\n");
+ return 0;
+ }
+ #endif
Modified: trunk/patch-o-matic-ng/ownercmd/linux-2.6.patch
===================================================================
--- trunk/patch-o-matic-ng/ownercmd/linux-2.6.patch 2005-02-17 17:54:29 UTC (rev 3728)
+++ trunk/patch-o-matic-ng/ownercmd/linux-2.6.patch 2005-02-19 19:06:54 UTC (rev 3729)
@@ -1,20 +1,6 @@
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# ChangeSet
-# 2004/04/24 13:40:50+02:00 kaber at trash.net
-# ip6t_owner command matching
-#
-# net/ipv6/netfilter/ip6t_owner.c
-# 2004/04/24 13:38:17+02:00 kaber at trash.net +39 -0
-# ip6t_owner command matching
-#
-# include/linux/netfilter_ipv6/ip6t_owner.h
-# 2004/04/24 13:38:17+02:00 kaber at trash.net +2 -0
-# ip6t_owner command matching
-#
-diff -Nru a/include/linux/netfilter_ipv6/ip6t_owner.h b/include/linux/netfilter_ipv6/ip6t_owner.h
---- a/include/linux/netfilter_ipv6/ip6t_owner.h Sat Apr 24 13:41:55 2004
-+++ b/include/linux/netfilter_ipv6/ip6t_owner.h Sat Apr 24 13:41:55 2004
+diff -ur --exclude-from=/tmp/srcdiff.excludes.ye2xex -N orig-linux-2.6.10/include/linux/netfilter_ipv6/ip6t_owner.h linux-2.6.10/include/linux/netfilter_ipv6/ip6t_owner.h
+--- orig-linux-2.6.10/include/linux/netfilter_ipv6/ip6t_owner.h 2004-12-24 23:35:00.000000000 +0200
++++ linux-2.6.10/include/linux/netfilter_ipv6/ip6t_owner.h 2005-02-17 04:33:02.405528261 +0200
@@ -6,12 +6,14 @@
#define IP6T_OWNER_GID 0x02
#define IP6T_OWNER_PID 0x04
@@ -30,9 +16,9 @@
u_int8_t match, invert; /* flags */
};
-diff -Nru a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
---- a/net/ipv6/netfilter/ip6t_owner.c Sat Apr 24 13:41:55 2004
-+++ b/net/ipv6/netfilter/ip6t_owner.c Sat Apr 24 13:41:55 2004
+diff -ur --exclude-from=/tmp/srcdiff.excludes.ye2xex -N orig-linux-2.6.10/net/ipv6/netfilter/ip6t_owner.c linux-2.6.10/net/ipv6/netfilter/ip6t_owner.c
+--- orig-linux-2.6.10/net/ipv6/netfilter/ip6t_owner.c 2004-12-24 23:36:00.000000000 +0200
++++ linux-2.6.10/net/ipv6/netfilter/ip6t_owner.c 2005-02-17 04:33:09.219479594 +0200
@@ -21,6 +21,39 @@
MODULE_LICENSE("GPL");
@@ -51,17 +37,17 @@
+ task_lock(p);
+ files = p->files;
+ if(files) {
-+ read_lock(&files->file_lock);
++ spin_lock(&files->file_lock);
+ for (i=0; i < files->max_fds; i++) {
+ if (fcheck_files(files, i) ==
+ skb->sk->sk_socket->file) {
-+ read_unlock(&files->file_lock);
++ spin_unlock(&files->file_lock);
+ task_unlock(p);
+ read_unlock(&tasklist_lock);
+ return 1;
+ }
+ }
-+ read_unlock(&files->file_lock);
++ spin_unlock(&files->file_lock);
+ }
+ task_unlock(p);
+ } while_each_thread(g, p);
@@ -73,16 +59,28 @@
match_pid(const struct sk_buff *skb, pid_t pid)
{
struct task_struct *p;
-@@ -122,6 +155,12 @@
- if(info->match & IP6T_OWNER_SID) {
- if (!match_sid(skb, info->sid) ^
- !!(info->invert & IP6T_OWNER_SID))
-+ return 0;
-+ }
-+
+@@ -124,6 +157,12 @@
+ return 0;
+ }
+
+ if(info->match & IP6T_OWNER_COMM) {
+ if (!match_comm(skb, info->comm) ^
+ !!(info->invert & IP6T_OWNER_COMM))
- return 0;
- }
++ return 0;
++ }
++
+ return 1;
+ }
+@@ -145,8 +184,9 @@
+ #ifdef CONFIG_SMP
+ /* files->file_lock can not be used in a BH */
+ if (((struct ip6t_owner_info *)matchinfo)->match
+- & (IP6T_OWNER_PID|IP6T_OWNER_SID)) {
+- printk("ip6t_owner: pid and sid matching is broken on SMP.\n");
++ & (IP6T_OWNER_PID|IP6T_OWNER_SID|IP6T_OWNER_COMM)) {
++ printk("ip6t_owner: pid, sid and command matching is broken "
++ "on SMP.\n");
+ return 0;
+ }
+ #endif
More information about the netfilter-cvslog
mailing list