Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6

author David S. Miller <davem@davemloft.net>

Thu, 4 Nov 2010 01:52:32 +0000 (18:52 -0700)

committer David S. Miller <davem@davemloft.net>

Thu, 4 Nov 2010 01:52:32 +0000 (18:52 -0700)
author David S. Miller <davem@davemloft.net>
Thu, 4 Nov 2010 01:52:32 +0000 (18:52 -0700)
committer David S. Miller <davem@davemloft.net>
Thu, 4 Nov 2010 01:52:32 +0000 (18:52 -0700)
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c

index 3cad2591ace0c15fdad446ab528b0f40c2624d09..3fac340a28d5394bd95bd649d5bcee3dcb3d24df 100644 (file)
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -927,6 +927,7 @@ static int get_info(struct net *net, void __user *user,
                         private = &tmp;
                 }
  #endif
+               memset(&info, 0, sizeof(info));
                 info.valid_hooks = t->valid_hooks;
                 memcpy(info.hook_entry, private->hook_entry,
                        sizeof(info.hook_entry));
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c

index d31b007a6d80dcda45f7f7913ec72af7556b79bf..a846d633b3b6f04a3ed72be1d884e484d3efa030 100644 (file)
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1124,6 +1124,7 @@ static int get_info(struct net *net, void __user *user,
                         private = &tmp;
                 }
  #endif
+               memset(&info, 0, sizeof(info));
                 info.valid_hooks = t->valid_hooks;
                 memcpy(info.hook_entry, private->hook_entry,
                        sizeof(info.hook_entry));
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c

index 295c97431e4358408dc45fc7c493536bb41434fc..c04787ce1a71203e1346830450b0a130e358defc 100644 (file)
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -47,26 +47,6 @@ __nf_nat_proto_find(u_int8_t protonum)
         return rcu_dereference(nf_nat_protos[protonum]);
  }
  
-static const struct nf_nat_protocol *
-nf_nat_proto_find_get(u_int8_t protonum)
-{
-       const struct nf_nat_protocol *p;
-
-       rcu_read_lock();
-       p = __nf_nat_proto_find(protonum);
-       if (!try_module_get(p->me))
-               p = &nf_nat_unknown_protocol;
-       rcu_read_unlock();
-
-       return p;
-}
-
-static void
-nf_nat_proto_put(const struct nf_nat_protocol *p)
-{
-       module_put(p->me);
-}
-
  /* We keep an extra hash for each conntrack, for fast searching. */
  static inline unsigned int
  hash_by_src(const struct net *net, u16 zone,
@@ -588,6 +568,26 @@ static struct nf_ct_ext_type nat_extend __read_mostly = {
  #include <linux/netfilter/nfnetlink.h>
  #include <linux/netfilter/nfnetlink_conntrack.h>
  
+static const struct nf_nat_protocol *
+nf_nat_proto_find_get(u_int8_t protonum)
+{
+       const struct nf_nat_protocol *p;
+
+       rcu_read_lock();
+       p = __nf_nat_proto_find(protonum);
+       if (!try_module_get(p->me))
+               p = &nf_nat_unknown_protocol;
+       rcu_read_unlock();
+
+       return p;
+}
+
+static void
+nf_nat_proto_put(const struct nf_nat_protocol *p)
+{
+       module_put(p->me);
+}
+
  static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = {
         [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 },
         [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 },
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c

index 1eacf8d9966aa292f7f051964f822a00c0ab6605..27a5ea6b6a0ff1a644205ca705f717c78b4dcc84 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1312,7 +1312,8 @@ void *nf_ct_alloc_hashtable(unsigned int *sizep, int *vmalloced, int nulls)
         if (!hash) {
                 *vmalloced = 1;
                 printk(KERN_WARNING "nf_conntrack: falling back to vmalloc.\n");
-               hash = __vmalloc(sz, GFP_KERNEL | __GFP_ZERO, PAGE_KERNEL);
+               hash = __vmalloc(sz, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO,
+                                PAGE_KERNEL);
         }
  
         if (hash && nulls)
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c

index ed6d929580236c1b4aa77a42db959c9e522f2fc5..dc7bb74110df22818b42222450f0141068b79b6d 100644 (file)
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -292,6 +292,12 @@ int nf_conntrack_l4proto_register(struct nf_conntrack_l4proto *l4proto)
  
                 for (i = 0; i < MAX_NF_CT_PROTO; i++)
                         proto_array[i] = &nf_conntrack_l4proto_generic;
+
+               /* Before making proto_array visible to lockless readers,
+                * we must make sure its content is committed to memory.
+                */
+               smp_wmb();
+
                 nf_ct_protos[l4proto->l3proto] = proto_array;
         } else if (nf_ct_protos[l4proto->l3proto][l4proto->l4proto] !=
                                         &nf_conntrack_l4proto_generic) {
author	David S. Miller <davem@davemloft.net>
	Thu, 4 Nov 2010 01:52:32 +0000 (18:52 -0700)
committer	David S. Miller <davem@davemloft.net>
	Thu, 4 Nov 2010 01:52:32 +0000 (18:52 -0700)
net/ipv4/netfilter/arp_tables.c		patch \| blob \| blame \| history
net/ipv4/netfilter/ip_tables.c		patch \| blob \| blame \| history
net/ipv4/netfilter/nf_nat_core.c		patch \| blob \| blame \| history
net/netfilter/nf_conntrack_core.c		patch \| blob \| blame \| history
net/netfilter/nf_conntrack_proto.c		patch \| blob \| blame \| history