16 Jan, 2011

1 commit


05 Jan, 2011

1 commit


01 Jan, 2011

1 commit

  • Since the socket address is just being used as a unique identifier, its
    inode number is an alternative that does not leak potentially sensitive
    information.

    CC-ing stable because MITRE has assigned CVE-2010-4565 to the issue.

    Signed-off-by: Dan Rosenberg
    Acked-by: Oliver Hartkopp
    Signed-off-by: David S. Miller

    Dan Rosenberg
     

23 Nov, 2010

1 commit


13 Nov, 2010

1 commit

  • On 64-bit platforms the ASCII representation of a pointer may be up to 17
    bytes long. This patch increases the length of the buffer accordingly.

    http://marc.info/?l=linux-netdev&m=128872251418192&w=2

    Reported-by: Dan Rosenberg
    Signed-off-by: Oliver Hartkopp
    CC: Linus Torvalds
    Signed-off-by: David S. Miller

    Oliver Hartkopp
     

21 Oct, 2010

1 commit

  • CAN has no addressing scheme. It is currently impossible for userspace
    to tell is a received CAN frame comes from another process on the local
    host, or from a remote CAN device.

    This patch add support for userspace applications to distinguish between
    'own', 'local' and 'remote' CAN traffic. The distinction is made by returning
    flags in msg->msg_flags in the call to recvmsg().

    The added documentation explains the introduced flags.

    Signed-off-by: Kurt Van Dijck
    Signed-off-by: Oliver Hartkopp
    Signed-off-by: David S. Miller

    Oliver Hartkopp
     

19 Aug, 2010

1 commit

  • This patch removes the abstraction introduced by the union skb_shared_tx in
    the shared skb data.

    The access of the different union elements at several places led to some
    confusion about accessing the shared tx_flags e.g. in skb_orphan_try().

    http://marc.info/?l=linux-netdev&m=128084897415886&w=2

    Signed-off-by: Oliver Hartkopp
    Signed-off-by: David S. Miller

    Oliver Hartkopp
     

12 Aug, 2010

1 commit

  • This patch adds a limit for nframes as the number of frames in TX_SETUP and
    RX_SETUP are derived from a single byte multiplex value by default.
    Use-cases that would require to send/filter more than 256 CAN frames should
    be implemented in userspace for complexity reasons anyway.

    Additionally the assignments of unsigned values from userspace to signed
    values in kernelspace and vice versa are fixed by using unsigned values in
    kernelspace consistently.

    Signed-off-by: Oliver Hartkopp
    Reported-by: Ben Hawkes
    Acked-by: Urs Thuermann
    Signed-off-by: David S. Miller

    Oliver Hartkopp
     

03 Aug, 2010

1 commit

  • Commit fc6055a5ba31e2c14e36e8939f9bf2b6d586a7f5 (net: Introduce
    skb_orphan_try()) allows an early orphan of the skb and takes care on
    tx timestamping, which needs the sk-reference in the skb on driver level.
    So does the can-raw socket, which has not been taken into account here.

    The patch below adds a 'prevent_sk_orphan' bit in the skb tx shared info,
    which fixes the problem discovered by Matthias Fuchs here:

    http://marc.info/?t=128030411900003&r=1&w=2

    Even if it's not a primary tx timestamp topic it fits well into some skb
    shared tx context. Or should be find a different place for the information to
    protect the sk reference until it reaches the driver level?

    Signed-off-by: Oliver Hartkopp
    Signed-off-by: David S. Miller

    Oliver Hartkopp
     

31 May, 2010

1 commit

  • Use memdup_user when user data is immediately copied into the
    allocated region.

    The semantic patch that makes this change is as follows:
    (http://coccinelle.lip6.fr/)

    //
    @@
    expression from,to,size,flag;
    position p;
    identifier l1,l2;
    @@

    - to = \(kmalloc@p\|kzalloc@p\)(size,flag);
    + to = memdup_user(from,size);
    if (
    - to==NULL
    + IS_ERR(to)
    || ...) {

    }
    - if (copy_from_user(to, from, size) != 0) {
    -
    - }
    //

    Signed-off-by: Julia Lawall
    Signed-off-by: David S. Miller

    Julia Lawall
     

18 May, 2010

1 commit

  • This patch removes from net/ (but not any netfilter files)
    all the unnecessary return; statements that precede the
    last closing brace of void functions.

    It does not remove the returns that are immediately
    preceded by a label as gcc doesn't like that.

    Done via:
    $ grep -rP --include=*.[ch] -l "return;\n}" net/ | \
    xargs perl -i -e 'local $/ ; while (<>) { s/\n[ \t\n]+return;\n}/\n}/g; print; }'

    Signed-off-by: Joe Perches
    Signed-off-by: David S. Miller

    Joe Perches
     

13 Apr, 2010

1 commit


06 Apr, 2010

1 commit

  • * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (37 commits)
    smc91c92_cs: fix the problem of "Unable to find hardware address"
    r8169: clean up my printk uglyness
    net: Hook up cxgb4 to Kconfig and Makefile
    cxgb4: Add main driver file and driver Makefile
    cxgb4: Add remaining driver headers and L2T management
    cxgb4: Add packet queues and packet DMA code
    cxgb4: Add HW and FW support code
    cxgb4: Add register, message, and FW definitions
    netlabel: Fix several rcu_dereference() calls used without RCU read locks
    bonding: fix potential deadlock in bond_uninit()
    net: check the length of the socket address passed to connect(2)
    stmmac: add documentation for the driver.
    stmmac: fix kconfig for crc32 build error
    be2net: fix bug in vlan rx path for big endian architecture
    be2net: fix flashing on big endian architectures
    be2net: fix a bug in flashing the redboot section
    bonding: bond_xmit_roundrobin() fix
    drivers/net: Add missing unlock
    net: gianfar - align BD ring size console messages
    net: gianfar - initialize per-queue statistics
    ...

    Linus Torvalds
     

02 Apr, 2010

1 commit

  • check the length of the socket address passed to connect(2).

    Check the length of the socket address passed to connect(2). If the
    length is invalid, -EINVAL will be returned.

    Signed-off-by: Changli Gao
    ----
    net/bluetooth/l2cap.c | 3 ++-
    net/bluetooth/rfcomm/sock.c | 3 ++-
    net/bluetooth/sco.c | 3 ++-
    net/can/bcm.c | 3 +++
    net/ieee802154/af_ieee802154.c | 3 +++
    net/ipv4/af_inet.c | 5 +++++
    net/netlink/af_netlink.c | 3 +++
    7 files changed, 20 insertions(+), 3 deletions(-)
    Signed-off-by: David S. Miller

    Changli Gao
     

30 Mar, 2010

1 commit

  • …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

02 Feb, 2010

1 commit

  • In commit 20dd3850bcf860561496827b711fa10fecf6e787 "can: Speed up CAN frame
    receiption by using ml_priv" the formerly used hlist of receiver lists for
    each CAN netdevice has been replaced.

    The hlist content ensured only CAN netdevices to be accessed by the
    can_rx_(un)register() functions which accidently dropped away together with
    the hlist receiver implementation.

    This patch re-introduces the check for CAN netdevices in can_rx_(un)register().

    Signed-off-by: Oliver Hartkopp
    Signed-off-by: David S. Miller

    Oliver Hartkopp
     

04 Jan, 2010

1 commit

  • this patch removes the hlist that contains the CAN receiver filter lists.
    It uses the 'midlayer private' pointer ml_priv and links the filters directly
    to the CAN netdevice, which allows to omit the walk through the complete CAN
    devices hlist for each received CAN frame.

    This patch is tested and does not remove any locking.

    Signed-off-by: Oliver Hartkopp
    Signed-off-by: David S. Miller

    Oliver Hartkopp
     

30 Nov, 2009

1 commit


26 Nov, 2009

1 commit

  • Generated with the following semantic patch

    @@
    struct net *n1;
    struct net *n2;
    @@
    - n1 == n2
    + net_eq(n1, n2)

    @@
    struct net *n1;
    struct net *n2;
    @@
    - n1 != n2
    + !net_eq(n1, n2)

    applied over {include,net,drivers/net}.

    Signed-off-by: Octavian Purdila
    Signed-off-by: David S. Miller

    Octavian Purdila
     

11 Nov, 2009

1 commit


09 Nov, 2009

1 commit


08 Nov, 2009

1 commit

  • bcm_proc_getifname() is called with RTNL and dev_base_lock
    not held. It calls __dev_get_by_index() without locks, and
    this is illegal (might crash)

    Close the race by holding dev_base_lock and copying dev->name
    in the protected section.

    Signed-off-by: Eric Dumazet
    Signed-off-by: Oliver Hartkopp
    Signed-off-by: David S. Miller

    Eric Dumazet
     

06 Nov, 2009

2 commits

  • The generic __sock_create function has a kern argument which allows the
    security system to make decisions based on if a socket is being created by
    the kernel or by userspace. This patch passes that flag to the
    net_proto_family specific create function, so it can do the same thing.

    Signed-off-by: Eric Paris
    Acked-by: Arnaldo Carvalho de Melo
    Signed-off-by: David S. Miller

    Eric Paris
     
  • struct can_proto had a capability field which wasn't ever used. It is
    dropped entirely.

    struct inet_protosw had a capability field which can be more clearly
    expressed in the code by just checking if sock->type = SOCK_RAW.

    Signed-off-by: Eric Paris
    Acked-by: Arnaldo Carvalho de Melo
    Signed-off-by: David S. Miller

    Eric Paris
     

29 Oct, 2009

1 commit


13 Oct, 2009

1 commit

  • Create a new socket level option to report number of queue overflows

    Recently I augmented the AF_PACKET protocol to report the number of frames lost
    on the socket receive queue between any two enqueued frames. This value was
    exported via a SOL_PACKET level cmsg. AFter I completed that work it was
    requested that this feature be generalized so that any datagram oriented socket
    could make use of this option. As such I've created this patch, It creates a
    new SOL_SOCKET level option called SO_RXQ_OVFL, which when enabled exports a
    SOL_SOCKET level cmsg that reports the nubmer of times the sk_receive_queue
    overflowed between any two given frames. It also augments the AF_PACKET
    protocol to take advantage of this new feature (as it previously did not touch
    sk->sk_drops, which this patch uses to record the overflow count). Tested
    successfully by me.

    Notes:

    1) Unlike my previous patch, this patch simply records the sk_drops value, which
    is not a number of drops between packets, but rather a total number of drops.
    Deltas must be computed in user space.

    2) While this patch currently works with datagram oriented protocols, it will
    also be accepted by non-datagram oriented protocols. I'm not sure if thats
    agreeable to everyone, but my argument in favor of doing so is that, for those
    protocols which aren't applicable to this option, sk_drops will always be zero,
    and reporting no drops on a receive queue that isn't used for those
    non-participating protocols seems reasonable to me. This also saves us having
    to code in a per-protocol opt in mechanism.

    3) This applies cleanly to net-next assuming that commit
    977750076d98c7ff6cbda51858bb5a5894a9d9ab (my af packet cmsg patch) is reverted

    Signed-off-by: Neil Horman
    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Neil Horman
     

07 Oct, 2009

1 commit


01 Oct, 2009

1 commit

  • This provides safety against negative optlen at the type
    level instead of depending upon (sometimes non-trivial)
    checks against this sprinkled all over the the place, in
    each and every implementation.

    Based upon work done by Arjan van de Ven and feedback
    from Linus Torvalds.

    Signed-off-by: David S. Miller

    David S. Miller
     

15 Sep, 2009

1 commit

  • When using nanosleep() in an userspace application we get a ratelimit warning

    NOHZ: local_softirq_pending 08

    for 10 times.

    The echo of CAN frames is done from process context and softirq context only.
    Therefore the usage of netif_rx() was wrong (for years).

    This patch replaces netif_rx() with netif_rx_ni() which has to be used from
    process/softirq context. It also adds a missing comment that can_send() must
    no be used from hardirq context.

    Signed-off-by: Oliver Hartkopp
    Signed-off-by: Urs Thuermann
    Signed-off-by: David S. Miller

    Oliver Hartkopp
     

31 Aug, 2009

1 commit


29 Aug, 2009

1 commit


15 Aug, 2009

1 commit

  • To ensure a proper handling of CAN frames transported in skbuffs some checks
    need to be performed at receive time.

    As stated by Michael Olbrich and Luotao Fu BUG_ON() might be to restrictive.
    This is right as we can just drop the non conform skbuff and the Kernel can
    continue working.

    This patch replaces the BUG_ON() with a WARN_ONCE() so that the system remains
    healthy but we made the problem visible (once).

    Signed-off-by: Oliver Hartkopp
    Signed-off-by: Urs Thuermann
    CC: Michael Olbrich
    CC: Luotao Fu
    Signed-off-by: David S. Miller

    Oliver Hartkopp
     

10 Aug, 2009

1 commit

  • raw_getname() can leak 10 bytes of kernel memory to user

    (two bytes hole between can_family and can_ifindex,
    8 bytes at the end of sockaddr_can structure)

    Signed-off-by: Eric Dumazet
    Acked-by: Oliver Hartkopp
    Signed-off-by: David S. Miller

    Eric Dumazet
     

16 Jul, 2009

2 commits


10 Jun, 2009

1 commit


17 Apr, 2009

1 commit

  • Since commit ead2ceb0ec9f85cff19c43b5cdb2f8a054484431 ("Network Drop
    Monitor: Adding kfree_skb_clean for non-drops and modifying
    end-of-line points for skbs") so called end-of-line points for skb's
    should use consume_skb() to free the socket buffer.

    In opposite to consume_skb() the function kfree_skb() is intended to
    be used for unexpected skb drops e.g. in error conditions that now can
    trigger the network drop monitor if enabled.

    This patch moves the skb end-of-line point in af_can.c to use
    consume_skb().

    Signed-off-by: Oliver Hartkopp
    Signed-off-by: David S. Miller

    Oliver Hartkopp
     

31 Mar, 2009

1 commit

  • Setting ->owner as done currently (pde->owner = THIS_MODULE) is racy
    as correctly noted at bug #12454. Someone can lookup entry with NULL
    ->owner, thus not pinning enything, and release it later resulting
    in module refcount underflow.

    We can keep ->owner and supply it at registration time like ->proc_fops
    and ->data.

    But this leaves ->owner as easy-manipulative field (just one C assignment)
    and somebody will forget to unpin previous/pin current module when
    switching ->owner. ->proc_fops is declared as "const" which should give
    some thoughts.

    ->read_proc/->write_proc were just fixed to not require ->owner for
    protection.

    rmmod'ed directories will be empty and return "." and ".." -- no harm.
    And directories with tricky enough readdir and lookup shouldn't be modular.
    We definitely don't want such modular code.

    Removing ->owner will also make PDE smaller.

    So, let's nuke it.

    Kudos to Jeff Layton for reminding about this, let's say, oversight.

    http://bugzilla.kernel.org/show_bug.cgi?id=12454

    Signed-off-by: Alexey Dobriyan

    Alexey Dobriyan
     

27 Feb, 2009

1 commit


16 Feb, 2009

1 commit