Re: [2.6.20.17 review 00/58] 2.6.20.17 -stable review
From: Willy Tarreau
Date: Wed Aug 22 2007 - 16:30:19 EST
On Wed, Aug 22, 2007 at 03:15:14PM -0400, Stephen Smalley wrote:
> On Wed, 2007-08-22 at 19:50 +0200, Michal Piotrowski wrote:
> > On 22/08/07, Michal Piotrowski <michal.k.k.piotrowski@xxxxxxxxx> wrote:
> > > On 22/08/07, James Morris <jmorris@xxxxxxxxx> wrote:
> > [snip]
> > > > The previous problem is theoretically unrelated. It arose via a separate
> > > > mechanism which can't be used at the same as the one you're seeing now in
> > > > the logs.
> > > >
> > > > So this either looks like a problem which has gone unnoticed and was
> > > > inadvertently fixed at some point, or is unique to the 2.6.20 stable
> > > > series.
> > >
> > > Yup, it is very interesting why no one noticed it. Binary search in progress:
> > > good - 2.6.20.4
> > > bad - 2.6.20.8
> >
> > Ok, I narrowed the problem to 2.6.20.7. There are a few net changes
> > http://eu.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.20.7
> > any suggestions?
> >
> > I also have seen this avc on 2.6.20.6 during reboot
> >
> > [ 2333.905944] audit(1187803699.273:271): avc: denied { send } for
> > saddr=192.168.1.70 src=48591 daddr=72.14.217.189 dest=80 netif=eth0
> > scontext=user_u:system_r:unconfined_t:s0
> > tcontext=system_u:system_r:kernel_t:s0 tclass=packet
> > [ 2334.420598] audit(1187803699.789:272): avc: denied { send } for
> > saddr=192.168.1.70 src=47248 daddr=66.249.91.18 dest=80 netif=eth0
> > scontext=user_u:system_r:unconfined_t:s0
> > tcontext=system_u:system_r:kernel_t:s0 tclass=packet
> >
> > so the roots of the problem may lie between 2.6.20.4 and 2.6.20.6
> >
> > http://www.stardust.webpages.pl/files/tbf/bitis-gabonica/2.6.20.17-rc1/console2.log
>
> Might be related to this:
> http://marc.info/?l=git-commits-head&m=118271540932264&w=2
Interesting, this one was fixed in 2.6.22-rc6, but is neither in 2.6.20
nor in 2.6.21. Michal, could you please try to apply the patch ? I include
it here for your convenience. If it fixes your problem, I can queue it for
next 2.6.20-stable, and forward it to the -stable team for 2.6.21 in case
Greg and Chris plan to release another one.
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Sun, 24 Jun 2007 05:58:34 +0000 (-0700)
Subject: [SKBUFF]: Fix incorrect config #ifdef around skb_copy_secmark
X-Git-Tag: v2.6.22~103^2~6
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=dbbeb2f9917792b989b6269ebfe24257f9aa1618
[SKBUFF]: Fix incorrect config #ifdef around skb_copy_secmark
secmark doesn't depend on CONFIG_NET_SCHED.
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
Acked-by: James Morris <jmorris@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
---
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 7c6a34e..8d43ae6 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -434,8 +434,8 @@ struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
n->tc_verd = CLR_TC_MUNGED(n->tc_verd);
C(iif);
#endif
- skb_copy_secmark(n, skb);
#endif
+ skb_copy_secmark(n, skb);
C(truesize);
atomic_set(&n->users, 1);
C(head);
Thanks,
Willy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/