Eric Lee / smarc-fsl-linux-kernel

06 Jun, 2019

2 commits

  • 4c203b045   xfrm: remove eth_proto value from xfrm_state_afinfo ... Browse Code »

    xfrm_prepare_input needs to lookup the state afinfo backend again to fetch
    the address family ethernet protocol value.

    There are only two address families, so a switch statement is simpler.
    While at it, use u8 for family and proto and remove the owner member --
    its not used anywhere.

    Signed-off-by: Florian Westphal
    Signed-off-by: Steffen Klassert

    Florian Westphal
     
  • 3aaf3915a   xfrm: remove state and template sort indirections from xfrm_state_afinfo ... Browse Code »

    No module dependency, placing this in xfrm_state.c avoids need for
    an indirection.

    This also removes the state spinlock -- I don't see why we would need
    to hold it during sorting.

    This in turn allows to remove the 'net' argument passed to
    xfrm_tmpl_sort. Last, remove the EXPORT_SYMBOL, there are no modular
    callers.

    For the CONFIG_IPV6=m case, vmlinux size increase is about 300 byte.

    Signed-off-by: Florian Westphal
    Signed-off-by: Steffen Klassert

    Florian Westphal
     

05 Jun, 2019

2 commits

26 Apr, 2018

1 commit

  • c926ca160   xfrm: remove VLA usage in __xfrm6_sort() ... Browse Code »

    In the quest to remove all stack VLA usage removed from the kernel[1],
    just use XFRM_MAX_DEPTH as already done for the "class" array. In one
    case, it'll do this loop up to 5, the other caller up to 6.

    [1] https://lkml.org/lkml/2018/3/7/621

    Co-developed-by: Andreas Christoforou
    Signed-off-by: Kees Cook
    Acked-by: Stefano Brivio
    Signed-off-by: Steffen Klassert

    Kees Cook
     

01 Mar, 2018

1 commit

  • 82695b30f   inet: whitespace cleanup ... Browse Code »

    Ran simple script to find/remove trailing whitespace and blank lines
    at EOF because that kind of stuff git whines about and editors leave
    behind.

    Signed-off-by: Stephen Hemminger
    Signed-off-by: David S. Miller

    Stephen Hemminger
     

02 Nov, 2017

1 commit

  • b24413180   License cleanup: add SPDX GPL-2.0 license identifier to files with no license ... Browse Code »

    Many source files in the tree are missing licensing information, which
    makes it harder for compliance tools to determine the correct license.

    By default all files without license information are under the default
    license of the kernel, which is GPL version 2.

    Update the files which contain no license information with the 'GPL-2.0'
    SPDX license identifier. The SPDX identifier is a legally binding
    shorthand, which can be used instead of the full boiler plate text.

    This patch is based on work done by Thomas Gleixner and Kate Stewart and
    Philippe Ombredanne.

    How this work was done:

    Patches were generated and checked against linux-4.14-rc6 for a subset of
    the use cases:
    - file had no licensing information it it.
    - file was a */uapi/* one with no licensing information in it,
    - file was a */uapi/* one with existing licensing information,

    Further patches will be generated in subsequent months to fix up cases
    where non-standard license headers were used, and references to license
    had to be inferred by heuristics based on keywords.

    The analysis to determine which SPDX License Identifier to be applied to
    a file was done in a spreadsheet of side by side results from of the
    output of two independent scanners (ScanCode & Windriver) producing SPDX
    tag:value files created by Philippe Ombredanne. Philippe prepared the
    base worksheet, and did an initial spot review of a few 1000 files.

    The 4.13 kernel was the starting point of the analysis with 60,537 files
    assessed. Kate Stewart did a file by file comparison of the scanner
    results in the spreadsheet to determine which SPDX license identifier(s)
    to be applied to the file. She confirmed any determination that was not
    immediately clear with lawyers working with the Linux Foundation.

    Criteria used to select files for SPDX license identifier tagging was:
    - Files considered eligible had to be source code files.
    - Make and config files were included as candidates if they contained >5
    lines of source
    - File already had some variant of a license header in it (even if
    Reviewed-by: Philippe Ombredanne
    Reviewed-by: Thomas Gleixner
    Signed-off-by: Greg Kroah-Hartman

    Greg Kroah-Hartman
     

25 Aug, 2014

1 commit

  • 67ba4152e   ipv6: White-space cleansing : Line Layouts ... Browse Code »

    This patch makes no changes to the logic of the code but simply addresses
    coding style issues as detected by checkpatch.

    Both objdump and diff -w show no differences.

    A number of items are addressed in this patch:
    * Multiple spaces converted to tabs
    * Spaces before tabs removed.
    * Spaces in pointer typing cleansed (char *)foo etc.
    * Remove space after sizeof
    * Ensure spacing around comparators such as if statements.

    Signed-off-by: Ian Morris
    Signed-off-by: David S. Miller

    Ian Morris
     

14 Aug, 2013

1 commit

  • 628e341f3   xfrm: make local error reporting more robust ... Browse Code »

    In xfrm4 and xfrm6 we need to take care about sockets of the other
    address family. This could happen because a 6in4 or 4in6 tunnel could
    get protected by ipsec.

    Because we don't want to have a run-time dependency on ipv6 when only
    using ipv4 xfrm we have to embed a pointer to the correct local_error
    function in xfrm_state_afinet and look it up when returning an error
    depending on the socket address family.

    Thanks to vi0ss for the great bug report:

    v2:
    a) fix two more unsafe interpretations of skb->sk as ipv6 socket
    (xfrm6_local_dontfrag and __xfrm6_output)
    v3:
    a) add an EXPORT_SYMBOL_GPL(xfrm_local_error) to fix a link error when
    building ipv6 as a module (thanks to Steffen Klassert)

    Reported-by:
    Cc: Steffen Klassert
    Signed-off-by: Hannes Frederic Sowa
    Signed-off-by: Steffen Klassert

    Hannes Frederic Sowa
     

02 Nov, 2012

1 commit

  • 07a936260   ipv6: use IS_ENABLED() ... Browse Code »

    #if defined(CONFIG_FOO) || defined(CONFIG_FOO_MODULE)

    can be replaced by

    #if IS_ENABLED(CONFIG_FOO)

    Cc: David S. Miller
    Signed-off-by: Cong Wang
    Signed-off-by: David S. Miller

    Amerigo Wang
     

23 Nov, 2011

1 commit

01 Nov, 2011

1 commit

11 May, 2011

1 commit

  • 43a4dea4c   xfrm: Assign the inner mode output function to the dst entry ... Browse Code »

    As it is, we assign the outer modes output function to the dst entry
    when we create the xfrm bundle. This leads to two problems on interfamily
    scenarios. We might insert ipv4 packets into ip6_fragment when called
    from xfrm6_output. The system crashes if we try to fragment an ipv4
    packet with ip6_fragment. This issue was introduced with git commit
    ad0081e4 (ipv6: Fragment locally generated tunnel-mode IPSec6 packets
    as needed). The second issue is, that we might insert ipv4 packets in
    netfilter6 and vice versa on interfamily scenarios.

    With this patch we assign the inner mode output function to the dst entry
    when we create the xfrm bundle. So xfrm4_output/xfrm6_output from the inner
    mode is used and the right fragmentation and netfilter functions are called.
    We switch then to outer mode with the output_finish functions.

    Signed-off-by: Steffen Klassert
    Signed-off-by: David S. Miller

    Steffen Klassert
     

13 Mar, 2011

4 commits

24 Feb, 2011

1 commit

23 Feb, 2011

1 commit

21 Sep, 2010

1 commit

  • 8444cf712   xfrm: Allow different selector family in temporary state ... Browse Code »

    The family parameter xfrm_state_find is used to find a state matching a
    certain policy. This value is set to the template's family
    (encap_family) right before xfrm_state_find is called.
    The family parameter is however also used to construct a temporary state
    in xfrm_state_find itself which is wrong for inter-family scenarios
    because it produces a selector for the wrong family. Since this selector
    is included in the xfrm_user_acquire structure, user space programs
    misinterpret IPv6 addresses as IPv4 and vice versa.
    This patch splits up the original init_tempsel function into a part that
    initializes the selector respectively the props and id of the temporary
    state, to allow for differing ip address families whithin the state.

    Signed-off-by: Thomas Egerer
    Signed-off-by: Steffen Klassert
    Signed-off-by: David S. Miller

    Thomas Egerer
     

22 Feb, 2009

1 commit

25 Nov, 2008

1 commit

05 Nov, 2008

1 commit

  • 79654a769   xfrm: Have af-specific init_tempsel() initialize family field of temporary selector ... Browse Code »

    While adding MIGRATE support to strongSwan, Andreas Steffen noticed that
    the selectors provided in XFRM_MSG_ACQUIRE have their family field
    uninitialized (those in MIGRATE do have their family set).

    Looking at the code, this is because the af-specific init_tempsel()
    (called via afinfo->init_tempsel() in xfrm_init_tempsel()) do not set
    the value.

    Reported-by: Andreas Steffen
    Acked-by: Herbert Xu
    Signed-off-by: Arnaud Ebalard

    Andreas Steffen
     

28 Mar, 2008

1 commit

27 Mar, 2008

1 commit

  • 732c8bd59   [IPSEC]: Fix BEET output ... Browse Code »

    The IPv6 BEET output function is incorrectly including the inner
    header in the payload to be protected. This causes a crash as
    the packet doesn't actually have that many bytes for a second
    header.

    The IPv4 BEET output on the other hand is broken when it comes
    to handling an inner IPv6 header since it always assumes an
    inner IPv4 header.

    This patch fixes both by making sure that neither BEET output
    function touches the inner header at all. All access is now
    done through the protocol-independent cb structure. Two new
    attributes are added to make this work, the IP header length
    and the IPv4 option length. They're filled in by the inner
    mode's output function.

    Thanks to Joakim Koskela for finding this problem.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

25 Mar, 2008

1 commit

29 Jan, 2008

8 commits

  • 0013cabab   [IPV6]: Make xfrm6_init to return an error code. ... Browse Code »

    The xfrm initialization function does not return any error code, so if
    there is an error, the caller can not be advise of that. This patch
    checks the return code of the different called functions in order to
    return a successful or failed initialization.

    Signed-off-by: Daniel Lezcano
    Acked-by: Benjamin Thery
    Signed-off-by: David S. Miller

    Daniel Lezcano
     
  • 294b4baf2   [IPSEC]: Kill afinfo->nf_post_routing ... Browse Code »

    After changeset:

    [NETFILTER]: Introduce NF_INET_ hook values

    It always evaluates to NF_INET_POST_ROUTING.

    Signed-off-by: David S. Miller

    David S. Miller
     
  • 6e23ae2a4   [NETFILTER]: Introduce NF_INET_ hook values ... Browse Code »

    The IPv4 and IPv6 hook values are identical, yet some code tries to figure
    out the "correct" value by looking at the address family. Introduce NF_INET_*
    values for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__
    section for userspace compatibility.

    Signed-off-by: Patrick McHardy
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Patrick McHardy
     
  • 60d5fcfb1   [IPSEC]: Remove nhoff from xfrm_input ... Browse Code »

    The nhoff field isn't actually necessary in xfrm_input. For tunnel
    mode transforms we now throw away the output IP header so it makes no
    sense to fill in the nexthdr field. For transport mode we can now let
    the function transport_finish do the setting and it knows where the
    nexthdr field is.

    The only other thing that needs the nexthdr field to be set is the
    header extraction code. However, we can simply move the protocol
    extraction out of the generic header extraction.

    We want to minimise the amount of info we have to carry around between
    transforms as this simplifies the resumption process for async crypto.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 716062fd4   [IPSEC]: Merge most of the input path ... Browse Code »

    As part of the work on asynchronous cryptographic operations, we need
    to be able to resume from the spot where they occur. As such, it
    helps if we isolate them to one spot.

    This patch moves most of the remaining family-specific processing into
    the common input code.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 862b82c6f   [IPSEC]: Merge most of the output path ... Browse Code »

    As part of the work on asynchrnous cryptographic operations, we need
    to be able to resume from the spot where they occur. As such, it
    helps if we isolate them to one spot.

    This patch moves most of the remaining family-specific processing into
    the common output code.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 227620e29   [IPSEC]: Separate inner/outer mode processing on input ... Browse Code »

    With inter-family transforms the inner mode differs from the outer
    mode. Attempting to handle both sides from the same function means
    that it needs to handle both IPv4 and IPv6 which creates duplication
    and confusion.

    This patch separates the two parts on the input path so that each
    function deals with one family only.

    In particular, the functions xfrm4_extract_inut/xfrm6_extract_inut
    moves the pertinent fields from the IPv4/IPv6 IP headers into a
    neutral format stored in skb->cb. This is then used by the inner mode
    input functions to modify the inner IP header. In this way the input
    function no longer has to know about the outer address family.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 36cf9acf9   [IPSEC]: Separate inner/outer mode processing on output ... Browse Code »

    With inter-family transforms the inner mode differs from the outer
    mode. Attempting to handle both sides from the same function means
    that it needs to handle both IPv4 and IPv6 which creates duplication
    and confusion.

    This patch separates the two parts on the output path so that each
    function deals with one family only.

    In particular, the functions xfrm4_extract_output/xfrm6_extract_output
    moves the pertinent fields from the IPv4/IPv6 IP headers into a
    neutral format stored in skb->cb. This is then used by the outer mode
    output functions to write the outer IP header. In this way the output
    function no longer has to know about the inner address family.

    Since the extract functions are only called by tunnel modes (the only
    modes that can support inter-family transforms), I've also moved the
    xfrm*_tunnel_check_size calls into them. This allows the correct ICMP
    message to be sent as opposed to now where you might call icmp_send
    with an IPv6 packet and vice versa.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

18 Oct, 2007

2 commits

  • 17c2a42a2   [IPSEC]: Store afinfo pointer in xfrm_mode ... Browse Code »

    It is convenient to have a pointer from xfrm_state to address-specific
    functions such as the output function for a family. Currently the
    address-specific policy code calls out to the xfrm state code to get
    those pointers when we could get it in an easier way via the state
    itself.

    This patch adds an xfrm_state_afinfo to xfrm_mode (since they're
    address-specific) and changes the policy code to use it. I've also
    added an owner field to do reference counting on the module providing
    the afinfo even though it isn't strictly necessary today since IPv6
    can't be unloaded yet.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 1bfcb10f6   [IPSEC]: Add missing BEET checks ... Browse Code »

    Currently BEET mode does not reinject the packet back into the stack
    like tunnel mode does. Since BEET should behave just like tunnel mode
    this is incorrect.

    This patch fixes this by introducing a flags field to xfrm_mode that
    tells the IPsec code whether it should terminate and reinject the packet
    back into the stack.

    It then sets the flag for BEET and tunnel mode.

    I've also added a number of missing BEET checks elsewhere where we check
    whether a given mode is a tunnel or not.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

11 Jul, 2007

1 commit

  • 59fbb3a61   [IPV6] MIP6: Loadable module support for MIPv6. ... Browse Code »

    This patch makes MIPv6 loadable module named "mip6".

    Here is a modprobe.conf(5) example to load it automatically
    when user application uses XFRM state for MIPv6:

    alias xfrm-type-10-43 mip6
    alias xfrm-type-10-60 mip6

    Some MIPv6 feature is not included by this modular, however,
    it should not be affected to other features like either IPsec
    or IPv6 with and without the patch.
    We may discuss XFRM, MH (RAW socket) and ancillary data/sockopt
    separately for future work.

    Loadable features:
    * MH receiving check (to send ICMP error back)
    * RO header parsing and building (i.e. RH2 and HAO in DSTOPTS)
    * XFRM policy/state database handling for RO

    These are NOT covered as loadable:
    * Home Address flags and its rule on source address selection
    * XFRM sub policy (depends on its own kernel option)
    * XFRM functions to receive RO as IPv6 extension header
    * MH sending/receiving through raw socket if user application
    opens it (since raw socket allows to do so)
    * RH2 sending as ancillary data
    * RH2 operation with setsockopt(2)

    Signed-off-by: Masahide NAKAMURA
    Signed-off-by: David S. Miller

    Masahide NAKAMURA
     

11 Feb, 2007

1 commit

09 Feb, 2007

1 commit

29 Sep, 2006

1 commit