diff options
| author | Chuck Ebbert <cebbert@redhat.com> | 2011-03-27 23:00:49 -0400 |
|---|---|---|
| committer | Chuck Ebbert <cebbert@redhat.com> | 2011-03-27 23:00:49 -0400 |
| commit | 561c61e4ca69b9f215c5f476aea5e78928fe4af1 (patch) | |
| tree | b792c7428a1ebb2368004bc7bae46298dc60d5e8 /prevent-runtime-conntrack-changes.patch | |
| parent | cf8d6fcbcdd8e3e56d88e37e3326e078cade7bbb (diff) | |
| download | kernel-561c61e4ca69b9f215c5f476aea5e78928fe4af1.tar.gz kernel-561c61e4ca69b9f215c5f476aea5e78928fe4af1.tar.xz kernel-561c61e4ca69b9f215c5f476aea5e78928fe4af1.zip | |
Drop two obsolete patches
Diffstat (limited to 'prevent-runtime-conntrack-changes.patch')
| -rw-r--r-- | prevent-runtime-conntrack-changes.patch | 74 |
1 files changed, 0 insertions, 74 deletions
diff --git a/prevent-runtime-conntrack-changes.patch b/prevent-runtime-conntrack-changes.patch deleted file mode 100644 index 59d62f3de..000000000 --- a/prevent-runtime-conntrack-changes.patch +++ /dev/null @@ -1,74 +0,0 @@ -Jon Masters correctly points out that conntrack hash sizes -(nf_conntrack_htable_size) are global (not per-netns) and -modifiable at runtime via /sys/module/nf_conntrack/hashsize . - -Steps to reproduce: - clone(CLONE_NEWNET) - [grow /sys/module/nf_conntrack/hashsize] - exit() - -At netns exit we are going to scan random memory for conntracks to be killed. - -Apparently there is a code which deals with hashtable resize for -init_net (and it was there befode netns conntrack code), so prohibit -hashsize modification if there is more than one netns exists. - -To change hashtable sizes, you need to reload module. - -Expectation hashtable size was simply glued to a variable with no code -to rehash expectations, so it was a bug to allow writing to it. -Make "expect_hashsize" readonly. - -This is temporarily until we figure out what to do. - -Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> -Cc: stable@kernel.org ---- - - net/netfilter/nf_conntrack_core.c | 15 +++++++++++++++ - net/netfilter/nf_conntrack_expect.c | 2 +- - 2 files changed, 16 insertions(+), 1 deletion(-) - ---- a/net/netfilter/nf_conntrack_core.c -+++ b/net/netfilter/nf_conntrack_core.c -@@ -21,6 +21,7 @@ - #include <linux/stddef.h> - #include <linux/slab.h> - #include <linux/random.h> -+#include <linux/rtnetlink.h> - #include <linux/jhash.h> - #include <linux/err.h> - #include <linux/percpu.h> -@@ -1198,6 +1199,20 @@ int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp) - if (!nf_conntrack_htable_size) - return param_set_uint(val, kp); - -+ { -+ struct net *net; -+ unsigned int nr; -+ -+ nr = 0; -+ rtnl_lock(); -+ for_each_net(net) -+ nr++; -+ rtnl_unlock(); -+ /* init_net always exists */ -+ if (nr != 1) -+ return -EINVAL; -+ } -+ - hashsize = simple_strtoul(val, NULL, 0); - if (!hashsize) - return -EINVAL; ---- a/net/netfilter/nf_conntrack_expect.c -+++ b/net/netfilter/nf_conntrack_expect.c -@@ -569,7 +569,7 @@ static void exp_proc_remove(struct net *net) - #endif /* CONFIG_PROC_FS */ - } - --module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0600); -+module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400); - - int nf_conntrack_expect_init(struct net *net) - { - |