Gitlab 现已全面支持 git over ssh 与 git over https。通过 HTTPS 访问请配置带有 read_repository / write_repository 权限的 Personal access token。通过 SSH 端口访问请使用 22 端口或 13389 端口。如果使用CAS注册了账户但不知道密码，可以自行至设置中更改；如有其他问题，请发邮件至 service@cra.moe 寻求协助。

Commit 7cd0a638 authored Mar 15, 2009 by Jarek Poplawski Committed by David S. Miller Mar 15, 2009

pkt_sched: Change misleading code in class delete.

While looking for a possible reason of bugzilla report on HTB oops:
http://bugzilla.kernel.org/show_bug.cgi?id=12858


I found the code in htb_delete calling htb_destroy_class on zero
refcount is very misleading: it can suggest this is a common path, and
destroy is called under sch_tree_lock. Actually, this can never happen
like this because before deletion cops->get() is done, and after
delete a class is still used by tclass_notify. The class destroy is
always called from cops->put(), so without sch_tree_lock.

This doesn't mean much now (since 2.6.27) because all vulnerable calls
were moved from htb_destroy_class to htb_delete, but there was a bug
in older kernels. The same change is done for other classful scheds,
which, it seems, didn't have similar locking problems here.

Reported-by: m0sia <m0sia@m0sia.ru>
Signed-off-by: Jarek Poplawski <jarkao2@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 8bdd663a

net/sched/sch_cbq.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -1960,8 +1960,11 @@ static int cbq_delete(struct Qdisc *sch, unsigned long arg)
		cbq_rmprio(q, cl);
		sch_tree_unlock(sch);

		if (--cl->refcnt == 0)
		cbq_destroy_class(sch, cl);
		BUG_ON(--cl->refcnt == 0);
		/*
		* This shouldn't happen: we "hold" one cops->get() when called
		* from tc_ctl_tclass; the destroy method is done from cops->put().
		*/

		return 0;
		}

net/sched/sch_drr.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -155,8 +155,11 @@ static int drr_delete_class(struct Qdisc *sch, unsigned long arg)
		drr_purge_queue(cl);
		qdisc_class_hash_remove(&q->clhash, &cl->common);

		if (--cl->refcnt == 0)
		drr_destroy_class(sch, cl);
		BUG_ON(--cl->refcnt == 0);
		/*
		* This shouldn't happen: we "hold" one cops->get() when called
		* from tc_ctl_tclass; the destroy method is done from cops->put().
		*/

		sch_tree_unlock(sch);
		return 0;

net/sched/sch_hfsc.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -1139,8 +1139,11 @@ hfsc_delete_class(struct Qdisc *sch, unsigned long arg)
		hfsc_purge_queue(sch, cl);
		qdisc_class_hash_remove(&q->clhash, &cl->cl_common);

		if (--cl->refcnt == 0)
		hfsc_destroy_class(sch, cl);
		BUG_ON(--cl->refcnt == 0);
		/*
		* This shouldn't happen: we "hold" one cops->get() when called
		* from tc_ctl_tclass; the destroy method is done from cops->put().
		*/

		sch_tree_unlock(sch);
		return 0;

net/sched/sch_htb.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -1275,8 +1275,11 @@ static int htb_delete(struct Qdisc *sch, unsigned long arg)
		if (last_child)
		htb_parent_to_leaf(q, cl, new_q);

		if (--cl->refcnt == 0)
		htb_destroy_class(sch, cl);
		BUG_ON(--cl->refcnt == 0);
		/*
		* This shouldn't happen: we "hold" one cops->get() when called
		* from tc_ctl_tclass; the destroy method is done from cops->put().
		*/

		sch_tree_unlock(sch);
		return 0;

CRA Git | Maintained and supported by SUSTech CRA and CCSE