17 Jul, 2012
1 commit
-
At least there seems to be no reason to disallow ROSE sockets when
NETROM is loaded.Signed-off-by: Alan Cox
Signed-off-by: David S. Miller
24 Apr, 2012
1 commit
-
Fix merge between commit 3adadc08cc1e ("net ax25: Reorder ax25_exit to
remove races") and commit 0ca7a4c87d27 ("net ax25: Simplify and
cleanup the ax25 sysctl handling")The former moved around the sysctl register/unregister calls, the
later simply removed them.With help from Stephen Rothwell.
Signed-off-by: David S. Miller
21 Apr, 2012
1 commit
-
Don't register/unregister every ax25 table in a batch. Instead register
and unregister per device ax25 sysctls as ax25 devices come and go.This moves ax25 to be a completely modern sysctl user. Registering the
sysctls in just the initial network namespace, removing the use of
.child entries that are no longer natively supported by the sysctl core
and taking advantage of the fact that there are no longer any ordering
constraints between registering and unregistering different sysctl
tables.Signed-off-by: Eric W. Biederman
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller
20 Apr, 2012
1 commit
-
While reviewing the sysctl code in ax25 I spotted races in ax25_exit
where it is possible to receive notifications and packets after already
freeing up some of the data structures needed to process those
notifications and updates.Call unregister_netdevice_notifier early so that the rest of the cleanup
code does not need to deal with network devices. This takes advantage
of my recent enhancement to unregister_netdevice_notifier to send
unregister notifications of all network devices that are current
registered.Move the unregistration for packet types, socket types and protocol
types before we cleanup any of the ax25 data structures to remove the
possibilities of other races.Signed-off-by: Eric W. Biederman
Signed-off-by: David S. Miller
29 Mar, 2012
1 commit
-
Remove all #inclusions of asm/system.h preparatory to splitting and killing
it. Performed with the following command:perl -p -i -e 's!^#\s*include\s*.*\n!!' `grep -Irl '^#\s*include\s*' *`
Signed-off-by: David Howells
29 Dec, 2011
1 commit
-
Commit be639ac6 ("NET: AX.25: Check ioctl arguments to avoid overflows
further down the road") rejects very large arguments, but doesn't
completely fix overflows on 64-bit systems. Consider the AX25_T2 case.int opt;
...
if (opt < 1 || opt > ULONG_MAX / HZ) {
res = -EINVAL;
break;
}
ax25->t2 = opt * HZ;The 32-bit multiplication opt * HZ would overflow before being assigned
to 64-bit ax25->t2. This patch changes "opt" to unsigned long.Signed-off-by: Xi Wang
Cc: Ralf Baechle
Signed-off-by: David S. Miller
29 Nov, 2011
1 commit
-
Very large, nonsenical arguments or use in very extreme conditions could
result in integer overflows. Check ioctls arguments to avoid such
overflows and return -EINVAL for too large arguments.To allow the use of AX.25 for even the most extreme setup (think packet
radio to the Phase 5E mars probe) we make no further attempt to clamp the
argument range.Originally reported by Fan Long and a first patch
was sent by Xi Wang .Signed-off-by: Ralf Baechle
Cc: Xi Wang
Cc: Joerg Reuter
Cc: Alan Cox
Cc: Thomas Osterried
Signed-off-by: David S. Miller
14 Apr, 2011
1 commit
-
Nobody alive seems to recall when they last were useful.
Signed-off-by: Ralf Baechle
Signed-off-by: David S. Miller
12 Jan, 2011
1 commit
-
Commit fe10ae53384e48c51996941b7720ee16995cbcb7 adds a memset() to clear
the structure being sent back to userspace, but accidentally used the
wrong size.Reported-by: Brad Spengler
Signed-off-by: Kees Cook
Cc: stable@kernel.org
Signed-off-by: David S. Miller
11 Nov, 2010
1 commit
-
Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater
field of fsa struct, also the struct has padding bytes between
sax25_call and sax25_ndigis fields. This structure is then copied to
userland. It leads to leaking of contents of kernel stack memory.Signed-off-by: Vasiliy Kulikov
Signed-off-by: David S. Miller
19 Aug, 2010
1 commit
-
Error codes are stored in err, but the return value is always 0. Return
err instead.The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)//
@r@
local idexpression x;
constant C;
@@if (...) { ...
x = -C
... when != x
(
return ;
|
return NULL;
|
return;
|
* return ...;
)
}
//Signed-off-by: Julia Lawall
Acked-by: Ralf Baechle
Signed-off-by: David S. Miller
21 Apr, 2010
1 commit
-
Define a new function to return the waitqueue of a "struct sock".
static inline wait_queue_head_t *sk_sleep(struct sock *sk)
{
return sk->sk_sleep;
}Change all read occurrences of sk_sleep by a call to this function.
Needed for a future RCU conversion. sk_sleep wont be a field directly
available.Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
30 Mar, 2010
1 commit
-
…it slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
11 Feb, 2010
1 commit
-
Simplify seq_file code.
Signed-off-by: Li Zefan
Signed-off-by: David S. Miller
26 Nov, 2009
1 commit
-
Generated with the following semantic patch
@@
struct net *n1;
struct net *n2;
@@
- n1 == n2
+ net_eq(n1, n2)@@
struct net *n1;
struct net *n2;
@@
- n1 != n2
+ !net_eq(n1, n2)applied over {include,net,drivers/net}.
Signed-off-by: Octavian Purdila
Signed-off-by: David S. Miller
06 Nov, 2009
1 commit
-
The generic __sock_create function has a kern argument which allows the
security system to make decisions based on if a socket is being created by
the kernel or by userspace. This patch passes that flag to the
net_proto_family specific create function, so it can do the same thing.Signed-off-by: Eric Paris
Acked-by: Arnaldo Carvalho de Melo
Signed-off-by: David S. Miller
30 Oct, 2009
1 commit
-
struct ax25_ctl_struct member `arg' is unsigned and cannot be less
than 0.Signed-off-by: Roel Kluin
Signed-off-by: David S. Miller
07 Oct, 2009
1 commit
-
All usages of structure net_proto_ops should be declared const.
Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
01 Oct, 2009
2 commits
-
In ax25_make_new, if kmemdup of digipeat returns an error, there would
be an oops in sk_free while calling sk_destruct, because sk_protinfo
is NULL at the moment; move sk->sk_destruct initialization after this.BTW of reported-by: Bernard Pidoux F6BVP
Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller -
This provides safety against negative optlen at the type
level instead of depending upon (sometimes non-trivial)
checks against this sprinkled all over the the place, in
each and every implementation.Based upon work done by Arjan van de Ven and feedback
from Linus Torvalds.Signed-off-by: David S. Miller
29 Sep, 2009
1 commit
-
ax25_setsockopt SO_BINDTODEVICE is missing a dev_put call in case of
success. Re-order code to fix this bug. While at it also reformat two
lines of code to comply with the Linux coding style.Initial patch by Jarek Poplawski .
Reported-by: Bernard Pidoux F6BVP
Signed-off-by: Ralf Baechle
Signed-off-by: David S. Miller
26 Sep, 2009
1 commit
-
Use ax25_cb_put after ax25_find_cb in ax25_ctl_ioctl.
Reported-by: Bernard Pidoux F6BVP
Signed-off-by: Jarek Poplawski
Reviewed-by: Ralf Baechle
Signed-off-by: David S. Miller
23 Sep, 2009
1 commit
-
rcv_q & snd_q initializations were reversed in commit
31e6d363abcd0d05766c82f1a9c905a4c974a199
(net: correct off-by-one write allocations reports)Signed-off-by: Jan Rafaj
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
18 Jun, 2009
1 commit
-
commit 2b85a34e911bf483c27cfdd124aeb1605145dc80
(net: No more expensive sock_hold()/sock_put() on each tx)
changed initial sk_wmem_alloc value.We need to take into account this offset when reporting
sk_wmem_alloc to user, in PROC_FS files or various
ioctls (SIOCOUTQ/TIOCOUTQ)Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
17 Jun, 2009
1 commit
-
commit 2b85a34e911bf483c27cfdd124aeb1605145dc80
(net: No more expensive sock_hold()/sock_put() on each tx)
changed initial sk_wmem_alloc value.Some protocols check sk_wmem_alloc value to determine if a timer
must delay socket deallocation. We must take care of the sk_wmem_alloc
value being one instead of zero when no write allocations are pending.Reported by Ingo Molnar, and full diagnostic from David Miller.
This patch introduces three helpers to get read/write allocations
and a followup patch will use these helpers to report correct
write allocations to user.Reported-by: Ingo Molnar
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
28 Mar, 2009
1 commit
-
This reverts commit f99bcff7a290768e035f3d4726e103c6ebe858bf.
Like netrom, Alan Cox says that zero lengths have real meaning
and are useful in this protocol.Signed-off-by: David S. Miller
22 Mar, 2009
2 commits
-
In previous commit 244f46ae6e9e18f6fc0be7d1f49febde4762c34b
was introduced a zero length frame filter for ROSE protocole.
This patch has the same purpose at AX25 frame level for the same
reason. Empty frames have no meaning in AX25 protocole.Signed-off-by: Bernard Pidoux
Signed-off-by: David S. Miller -
This patch condenses two debug messages in one.
Signed-off-by: Bernard Pidoux
Signed-off-by: David S. Miller
10 Mar, 2009
1 commit
-
Protocols that use packet_type can be __read_mostly section for better
locality. Elminate any unnecessary initializations of NULL.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller
01 Feb, 2009
1 commit
-
Base versions handle constant folding now.
Signed-off-by: Harvey Harrison
Signed-off-by: David S. Miller
14 Nov, 2008
1 commit
-
Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().
Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.Signed-off-by: David Howells
Reviewed-by: James Morris
Acked-by: Serge Hallyn
Acked-by: Ralf Baechle
Cc: linux-hams@vger.kernel.org
Signed-off-by: James Morris
07 Oct, 2008
1 commit
-
Since we reverted 30902dc3cb0ea1cfc7ac2b17bcf478ff98420d74 ("ax25: Fix
std timer socket destroy handling.") we have to put some kind of fix
in to cure the issue whereby unaccepted connections do not get destroyed.The approach used here is from Tihomir Heidelberg - 9a4gl
Signed-off-by: David S. Miller
20 Jul, 2008
1 commit
-
Without CONFIG_NET_NS, namespace is always &init_net.
Compiler will be able to omit namespace comparisons with this patch.Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
17 Jun, 2008
1 commit
-
The way that listening sockets work in ax25 is that the packet input
code path creates new socks via ax25_make_new() and attaches them
to the incoming SKB. This SKB gets queued up into the listening
socket's receive queue.When accept()'d the sock gets hooked up to the real parent socket.
Alternatively, if the listening socket is closed and released, any
unborn socks stuff up in the receive queue get released.So during this time period these sockets are unreachable in any
other way, so no wakeup events nor references to their ->sk_socket
and ->sk_sleep members can occur. And even if they do, all such
paths have to make NULL checks.So do not deceptively initialize them in ax25_make_new() to the
values in the listening socket. Leave them at NULL.Finally, use sock_graft() in ax25_accept().
Signed-off-by: David S. Miller
26 Mar, 2008
2 commits
-
Introduce per-sock inlines: sock_net(), sock_net_set()
and per-inet_timewait_sock inlines: twsk_net(), twsk_net_set().
Without CONFIG_NET_NS, no namespace other than &init_net exists.
Let's explicitly define them to help compiler optimizations.Signed-off-by: YOSHIFUJI Hideaki
-
Introduce per-net_device inlines: dev_net(), dev_net_set().
Without CONFIG_NET_NS, no namespace other than &init_net exists.
Let's explicitly define them to help compiler optimizations.Signed-off-by: YOSHIFUJI Hideaki
13 Feb, 2008
2 commits
-
According to one of Jann's OOPS reports it looks like
BUG_ON(timer_pending(timer)) triggers during add_timer()
in ax25_start_t1timer(). This patch changes current use
of: init_timer(), add_timer() and del_timer() to
setup_timer() with mod_timer(), which should be safer
anyway.Reported-by: Jann Traschewski
Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller -
This lockdep warning:
> =======================================================
> [ INFO: possible circular locking dependency detected ]
> 2.6.24 #3
> -------------------------------------------------------
> swapper/0 is trying to acquire lock:
> (ax25_list_lock){-+..}, at: [] ax25_destroy_socket+0x171/0x1f0 [ax25]
>
> but task is already holding lock:
> (slock-AF_AX25){-+..}, at: [] ax25_std_heartbeat_expiry+0x1c/0xe0 [ax25]
>
> which lock already depends on the new lock.
...shows that ax25_list_lock and slock-AF_AX25 are taken in different
order: ax25_info_show() takes slock (bh_lock_sock(ax25->sk)) while
ax25_list_lock is held, so reversely to other functions. To fix this
the sock lock should be moved to ax25_info_start(), and there would
be still problem with breaking ax25_list_lock (it seems this "proper"
order isn't optimal yet). But, since it's only for reading proc info
it seems this is not necessary (e.g. ax25_send_to_raw() does similar
reading without this lock too).So, this patch removes sock lock to avoid deadlock possibility; there
is also used sock_i_ino() function, which reads sk_socket under proper
read lock. Additionally printf format of this i_ino is changed to %lu.Reported-by: Bernard Pidoux F6BVP
Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller
01 Feb, 2008
1 commit
-
on the last run overlooked that sfuzz triggable message.
move the message to the corresponding comment.Signed-off-by: maximilian attems
Signed-off-by: David S. Miller
29 Jan, 2008
1 commit
-
net/ax25/ax25_route.c:251:13: warning: context imbalance in
'ax25_rt_seq_start' - wrong count at exit
net/ax25/ax25_route.c:276:13: warning: context imbalance in 'ax25_rt_seq_stop'
- unexpected unlock
net/ax25/ax25_std_timer.c:65:25: warning: expensive signed divide
net/ax25/ax25_uid.c:46:1: warning: symbol 'ax25_uid_list' was not declared.
Should it be static?
net/ax25/ax25_uid.c:146:13: warning: context imbalance in 'ax25_uid_seq_start'
- wrong count at exit
net/ax25/ax25_uid.c:169:13: warning: context imbalance in 'ax25_uid_seq_stop'
- unexpected unlock
net/ax25/af_ax25.c:573:28: warning: expensive signed divide
net/ax25/af_ax25.c:1865:13: warning: context imbalance in 'ax25_info_start' -
wrong count at exit
net/ax25/af_ax25.c:1888:13: warning: context imbalance in 'ax25_info_stop' -
unexpected unlock
net/ax25/ax25_ds_timer.c:133:25: warning: expensive signed divideSigned-off-by: Eric Dumazet
Signed-off-by: David S. Miller
