Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.9.57 2016-11-18T19:01:58+00:00 2016-11-18T19:01:58+00:00 Stefan Hajnoczi stefanha@redhat.com 2016-11-18T09:41:46+00:00 urn:sha1:0f5258cd91e9d78a1ee30696314bec3c33321a93 The argument to get_net_ns_by_fd() is a /proc/$PID/ns/net file descriptor not a pid. Fix the typo. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: Rami Rosen <roszenrami@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2016-08-08T19:42:04+00:00 Eric W. Biederman ebiederm@xmission.com 2016-08-08T19:33:23+00:00 urn:sha1:703286608a220d53584cca5986aad5305eec75ed Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> 2016-08-02T21:31:41+00:00 Fabian Frederick fabf@skynet.be 2016-08-02T21:03:33+00:00 urn:sha1:bd721ea73e1f965569b40620538c942001f76294 There was only one use of __initdata_refok and __exit_refok __init_refok was used 46 times against 82 for __ref. Those definitions are obsolete since commit 312b1485fb50 ("Introduce new section reference annotations tags: __ref, __refdata, __refconst") This patch removes the following compatibility definitions and replaces them treewide. /* compatibility defines */ #define __init_refok __ref #define __initdata_refok __refdata #define __exit_refok __ref I can also provide separate patches if necessary. (One patch per tree and check in 1 month or 2 to remove old definitions) [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/1466796271-3043-1-git-send-email-fabf@skynet.be Signed-off-by: Fabian Frederick <fabf@skynet.be> Cc: Ingo Molnar <mingo@redhat.com> Cc: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2015-12-14T11:48:58+00:00 Pablo Neira pablo@netfilter.org 2015-12-09T13:07:40+00:00 urn:sha1:19576c9478682a398276c994ea0d2696474df32b Add a per-netns list of timeout objects and adjust code to use it. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2015-08-07T09:50:56+00:00 Andreas Schultz aschultz@tpip.net 2015-08-05T15:51:45+00:00 urn:sha1:3499abb249bb5ed9d21031944bc3059ec4aa2909 - Move the nfnl_acct_list into the network namespace, initialize and destroy it per namespace - Keep track of refcnt on nfacct objects, the old logic does not longer work with a per namespace list - Adjust xt_nfacct to pass the namespace when registring objects Signed-off-by: Andreas Schultz <aschultz@tpip.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2015-06-18T19:14:29+00:00 Pablo Neira Ayuso pablo@netfilter.org 2015-06-17T15:28:25+00:00 urn:sha1:04c52dec1473c5dff9d07cd39a68c9b23def6c42 Include linux/idr.h and linux/skbuff.h since they are required by objects that are declared in the net structure. struct net { ... struct idr netns_ids; ... struct sk_buff_head wext_nlevents; ... Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> 2015-05-18T03:41:11+00:00 WANG Cong xiyou.wangcong@gmail.com 2015-05-15T21:47:32+00:00 urn:sha1:de133464c9e70808d3e5a861294bc55940988178 The spinlock is used to protect netns_ids which is per net, so there is no need to use a global spinlock. Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2015-05-10T02:15:31+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-05-07T09:02:53+00:00 urn:sha1:59324cf35aba5336b611074028777838a963d03b More accurately, listen all netns that have a nsid assigned into the netns where the netlink socket is opened. For this purpose, a netlink socket option is added: NETLINK_LISTEN_ALL_NSID. When this option is set on a netlink socket, this socket will receive netlink notifications from all netns that have a nsid assigned into the netns where the socket has been opened. The nsid is sent to userland via an anscillary data. With this patch, a daemon needs only one socket to listen many netns. This is useful when the number of netns is high. Because 0 is a valid value for a nsid, the field nsid_is_set indicates if the field nsid is valid or not. skb->cb is initialized to 0 on skb allocation, thus we are sure that we will never send a nsid 0 by error to the userland. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Acked-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net> 2015-05-10T02:15:30+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-05-07T09:02:49+00:00 urn:sha1:7a0877d4b438886b72be61632eaa774d13262f70 In a following commit, a new function will be introduced to only lookup for a nsid (no allocation if the nsid doesn't exist). To avoid confusion, the existing function is renamed. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Acked-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net> 2015-03-12T18:39:40+00:00 Eric W. Biederman ebiederm@xmission.com 2015-03-12T04:06:44+00:00 urn:sha1:0c5c9fb55106333e773de8c9dd321fa8240caeb3 Having to say > #ifdef CONFIG_NET_NS > struct net *net; > #endif in structures is a little bit wordy and a little bit error prone. Instead it is possible to say: > typedef struct { > #ifdef CONFIG_NET_NS > struct net *net; > #endif > } possible_net_t; And then in a header say: > possible_net_t net; Which is cleaner and easier to use and easier to test, as the possible_net_t is always there no matter what the compile options. Further this allows read_pnet and write_pnet to be functions in all cases which is better at catching typos. This change adds possible_net_t, updates the definitions of read_pnet and write_pnet, updates optional struct net * variables that write_pnet uses on to have the type possible_net_t, and finally fixes up the b0rked users of read_pnet and write_pnet. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>