Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c

From: Patrick McHardy
Date: Sat Sep 11 2004 - 09:40:19 EST

Next message: Miquel van Smoorenburg: "Re: Major XFS problems..."
Previous message: Alan Cox: "Re: [PATCH] i386 reduce spurious interrupt noise"
In reply to: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Next in thread: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Luke Kenneth Casson Leighton wrote:

On Sat, Sep 11, 2004 at 02:29:35PM +0100, Luke Kenneth Casson Leighton wrote:

thing is, you see, i know just enough to be dangerous.

using files->file_lock a) seems to work b) is accepted code in the
kernel.

It seems to work - on UP where it is a NOP. On SMP it will deadlock.
That we have some broken code doesn't mean we want more of it :)

if someone else has the experience and knowledge to fix ipt_owner.c
i'll quite happily cut/paste that instead - once it's fixed.

The "fix" is quite easy, replace all occurences of
spin_lock(&files->file_lock) in the kernel by spin_lock_bh.
But that's not going to be accepted. IIRC the SELinux guys
want to label packets with the name of the sending process,
maybe we can use this for the owner match once it's done.

Regards
Patrick
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Miquel van Smoorenburg: "Re: Major XFS problems..."
Previous message: Alan Cox: "Re: [PATCH] i386 reduce spurious interrupt noise"
In reply to: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Next in thread: Luke Kenneth Casson Leighton: "Re: [PATCH 2.6 NETFILTER] new netfilter module ipt_program.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]