Eric Lee / smarc-fsl-linux-kernel

23 Nov, 2011

1 commit

08 Jul, 2011

1 commit

  • 8fcbc6370   XFRM: Fix memory leak in xfrm_state_update ... Browse Code »

    Upon "ip xfrm state update ..", xfrm_add_sa() takes an extra reference on
    the user-supplied SA and forgets to drop the reference when
    xfrm_state_update() returns 0. This leads to a memory leak as the
    parameter SA is never freed. This change attempts to fix the leak by
    calling __xfrm_state_put() when xfrm_state_update() updates a valid SA
    (err = 0). The parameter SA is added to the gc list when the final
    reference is dropped by xfrm_add_sa() upon completion.

    Signed-off-by: Tushar Gohad
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Tushar Gohad
     

23 Apr, 2011

1 commit

29 Mar, 2011

1 commit

  • af2f464e3   xfrm: Assign esn pointers when cloning a state ... Browse Code »

    When we clone a xfrm state we have to assign the replay_esn
    and the preplay_esn pointers to the state if we use the
    new replay detection method. To this end, we add a
    xfrm_replay_clone() function that allocates memory for
    the replay detection and takes over the necessary values
    from the original state.

    Signed-off-by: Steffen Klassert
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Steffen Klassert
     

22 Mar, 2011

1 commit

  • a454f0cce   xfrm: Fix initialize repl field of struct xfrm_state ... Browse Code »

    Commit 'xfrm: Move IPsec replay detection functions to a separate file'
    (9fdc4883d92d20842c5acea77a4a21bb1574b495)
    introduce repl field to struct xfrm_state, and only initialize it
    under SA's netlink create path, the other path, such as pf_key,
    ipcomp/ipcomp6 etc, the repl field remaining uninitialize. So if
    the SA is created by pf_key, any input packet with SA's encryption
    algorithm will cause panic.

    int xfrm_input()
    {
    ...
    x->repl->advance(x, seq);
    ...
    }

    This patch fixed it by introduce new function __xfrm_init_state().

    Pid: 0, comm: swapper Not tainted 2.6.38-next+ #14 Bochs Bochs
    EIP: 0060:[] EFLAGS: 00010206 CPU: 0
    EIP is at xfrm_input+0x31c/0x4cc
    EAX: dd839c00 EBX: 00000084 ECX: 00000000 EDX: 01000000
    ESI: dd839c00 EDI: de3a0780 EBP: dec1de88 ESP: dec1de64
    DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
    Process swapper (pid: 0, ti=dec1c000 task=c09c0f20 task.ti=c0992000)
    Stack:
    00000000 00000000 00000002 c0ba27c0 00100000 01000000 de3a0798 c0ba27c0
    00000033 dec1de98 c0786848 00000000 de3a0780 dec1dea4 c0786868 00000000
    dec1debc c074ee56 e1da6b8c de3a0780 c074ed44 de3a07a8 dec1decc c074ef32
    Call Trace:
    [] xfrm4_rcv_encap+0x22/0x27
    [] xfrm4_rcv+0x1b/0x1d
    [] ip_local_deliver_finish+0x112/0x1b1
    [] ? ip_local_deliver_finish+0x0/0x1b1
    [] NF_HOOK.clone.1+0x3d/0x44
    [] ip_local_deliver+0x3e/0x44
    [] ? ip_local_deliver_finish+0x0/0x1b1
    [] ip_rcv_finish+0x30a/0x332
    [] ? ip_rcv_finish+0x0/0x332
    [] NF_HOOK.clone.1+0x3d/0x44
    [] ip_rcv+0x20b/0x247
    [] ? ip_rcv_finish+0x0/0x332
    [] __netif_receive_skb+0x373/0x399
    [] netif_receive_skb+0x4b/0x51
    [] cp_rx_poll+0x210/0x2c4 [8139cp]
    [] net_rx_action+0x9a/0x17d
    [] __do_softirq+0xa1/0x149
    [] ? __do_softirq+0x0/0x149

    Signed-off-by: Wei Yongjun
    Signed-off-by: David S. Miller

    Wei Yongjun
     

14 Mar, 2011

2 commits

  • d8647b79c   xfrm: Add user interface for esn and big anti-replay windows ... Browse Code »

    This patch adds a netlink based user interface to configure
    esn and big anti-replay windows. The new netlink attribute
    XFRMA_REPLAY_ESN_VAL is used to configure the new implementation.
    If the XFRM_STATE_ESN flag is set, we use esn and support for big
    anti-replay windows for the configured state. If this flag is not
    set we use the new implementation with 32 bit sequence numbers.
    A big anti-replay window can be configured in this case anyway.

    Signed-off-by: Steffen Klassert
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Steffen Klassert
     
  • 9fdc4883d   xfrm: Move IPsec replay detection functions to a separate file ... Browse Code »

    To support multiple versions of replay detection, we move the replay
    detection functions to a separate file and make them accessible
    via function pointers contained in the struct xfrm_replay.

    Signed-off-by: Steffen Klassert
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Steffen Klassert
     

13 Mar, 2011

1 commit

28 Feb, 2011

1 commit

24 Feb, 2011

7 commits

23 Feb, 2011

3 commits

10 Dec, 2010

1 commit

  • 78347c8c6   xfrm: Fix xfrm_state_migrate leak ... Browse Code »

    xfrm_state_migrate calls kfree instead of xfrm_state_put to free
    a failed state. According to git commit 553f9118 this can cause
    memory leaks.

    Signed-off-by: Thomas Egerer
    Signed-off-by: Steffen Klassert
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Thomas Egerer
     

21 Sep, 2010

1 commit

  • 8444cf712   xfrm: Allow different selector family in temporary state ... Browse Code »

    The family parameter xfrm_state_find is used to find a state matching a
    certain policy. This value is set to the template's family
    (encap_family) right before xfrm_state_find is called.
    The family parameter is however also used to construct a temporary state
    in xfrm_state_find itself which is wrong for inter-family scenarios
    because it produces a selector for the wrong family. Since this selector
    is included in the xfrm_user_acquire structure, user space programs
    misinterpret IPv6 addresses as IPv4 and vice versa.
    This patch splits up the original init_tempsel function into a part that
    initializes the selector respectively the props and id of the temporary
    state, to allow for differing ip address families whithin the state.

    Signed-off-by: Thomas Egerer
    Signed-off-by: Steffen Klassert
    Signed-off-by: David S. Miller

    Thomas Egerer
     

12 Apr, 2010

1 commit

02 Apr, 2010

1 commit

  • 34996cb91   xfrm: Remove xfrm_state_genid ... Browse Code »

    The xfrm state genid only needs to be matched against the copy
    saved in xfrm_dst. So we don't need a global genid at all. In
    fact, we don't even need to initialise it.

    Based on observation by Timo Teräs.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

30 Mar, 2010

1 commit

  • 5a0e3ad6a   include cleanup: Update gfp.h and slab.h includes to prepare for breaking implic… ... Browse Code »

    …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

23 Feb, 2010

2 commits

20 Feb, 2010

1 commit

  • 9e64cc957   xfrm: Flushing empty SAD generates false events ... Browse Code »

    To see the effect make sure you have an empty SAD.
    On window1 "ip xfrm mon" and on window2 issue "ip xfrm state flush"
    You get prompt back in window2 and you see the flush event on window1.
    With this fix, you still get prompt on window1 but no event on window2.

    Thanks to Alexey Dobriyan for finding a bug in earlier version
    when using pfkey to do the flushing.

    Signed-off-by: Jamal Hadi Salim
    Signed-off-by: David S. Miller

    Jamal Hadi Salim
     

18 Feb, 2010

1 commit

  • 069c474e8   xfrm: Revert false event eliding commits. ... Browse Code »

    As reported by Alexey Dobriyan:

    --------------------
    setkey now takes several seconds to run this simple script
    and it spits "recv: Resource temporarily unavailable" messages.

    #!/usr/sbin/setkey -f
    flush;
    spdflush;

    add A B ipcomp 44 -m tunnel -C deflate;
    add B A ipcomp 45 -m tunnel -C deflate;

    spdadd A B any -P in ipsec
    ipcomp/tunnel/192.168.1.2-192.168.1.3/use;
    spdadd B A any -P out ipsec
    ipcomp/tunnel/192.168.1.3-192.168.1.2/use;
    --------------------

    Obviously applications want the events even when the table
    is empty. So we cannot make this behavioral change.

    Signed-off-by: David S. Miller

    David S. Miller
     

17 Feb, 2010

3 commits

  • 2bb4646fc   Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Browse Code »
    David S. Miller
     
  • 6836b9bdd   xfrm: avoid spinlock in get_acqseq() used by xfrm user ... Browse Code »

    Eric's version fixed it for pfkey. This one is for xfrm user.
    I thought about amortizing those two get_acqseq()s but it seems
    reasonable to have two of these sequence spaces for the two different
    interfaces.

    cheers,
    jamal
    commit d5168d5addbc999c94aacda8f28a4a173756a72b
    Author: Jamal Hadi Salim
    Date: Tue Feb 16 06:51:22 2010 -0500

    xfrm: avoid spinlock in get_acqseq() used by xfrm user

    This is in the same spirit as commit 28aecb9d7728dc26bf03ce7925fe622023a83a2a
    by Eric Dumazet.
    Use atomic_inc_return() in get_acqseq() to avoid taking a spinlock

    Signed-off-by: Jamal Hadi Salim
    Acked-by: Eric Dumazet

    Signed-off-by: David S. Miller

    jamal
     
  • 553f9118a   xfrm: Fix xfrm_state_clone leak ... Browse Code »

    xfrm_state_clone calls kfree instead of xfrm_state_put to free
    a failed state. Depending on the state of the failed state, it
    can cause leaks to things like module references.

    All states should be freed by xfrm_state_put past the point of
    xfrm_init_state.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

16 Feb, 2010

1 commit

  • 19f4c7133   xfrm: Flushing empty SAD generates false events ... Browse Code »

    To see the effect make sure you have an empty SAD.
    -On window1 "ip xfrm mon"
    -on window2 issue "ip xfrm state flush"
    You get prompt back in window1
    and you see the flush event on window2.
    With this fix, you still get prompt on window1 but no
    event on window2.

    I was tempted to return -ESRCH on window1 (which would
    show "RTNETLINK answers: No such process") but didnt want
    to change current behavior.

    cheers,
    jamal
    commit 5f3dd4a772326166e1bcf54acc2391df00dc7ab5
    Author: Jamal Hadi Salim
    Date: Thu Feb 11 04:41:36 2010 -0500

    xfrm: Flushing empty SAD generates false events

    To see the effect make sure you have an empty SAD.
    On window1 "ip xfrm mon" and on window2 issue "ip xfrm state flush"
    You get prompt back in window1 and you see the flush event on window2.
    With this fix, you still get prompt on window1 but no event on window2.

    Signed-off-by: Jamal Hadi Salim

    Signed-off-by: David S. Miller

    jamal
     

24 Jan, 2010

1 commit

26 Nov, 2009

1 commit

  • 4447bb33f   xfrm: Store aalg in xfrm_state with a user specified truncation length ... Browse Code »

    Adding a xfrm_state requires an authentication algorithm specified
    either as xfrm_algo or as xfrm_algo_auth with a specific truncation
    length. For compatibility, both attributes are dumped to userspace,
    and we also accept both attributes, but prefer the new syntax.

    If no truncation length is specified, or the authentication algorithm
    is specified using xfrm_algo, the truncation length from the algorithm
    description in the kernel is used.

    Signed-off-by: Martin Willi
    Signed-off-by: David S. Miller

    Martin Willi
     

09 Nov, 2009

1 commit

  • 9e0d57fd6   xfrm: SAD entries do not expire correctly after suspend-resume ... Browse Code »

    This fixes the following bug in the current implementation of
    net/xfrm: SAD entries timeouts do not count the time spent by the machine
    in the suspended state. This leads to the connectivity problems because
    after resuming local machine thinks that the SAD entry is still valid, while
    it has already been expired on the remote server.

    The cause of this is very simple: the timeouts in the net/xfrm are bound to
    the old mod_timer() timers. This patch reassigns them to the
    CLOCK_REALTIME hrtimer.

    I have been using this version of the patch for a few months on my
    machines without any problems. Also run a few stress tests w/o any
    issues.

    This version of the patch uses tasklet_hrtimer by Peter Zijlstra
    (commit 9ba5f0).

    This patch is against 2.6.31.4. Please CC me.

    Signed-off-by: Yury Polyanskiy
    Signed-off-by: David S. Miller

    Yury Polyanskiy
     

30 Jun, 2009

1 commit

27 Apr, 2009

1 commit

  • 6a783c906   xfrm: wrong hash value for temporary SA ... Browse Code »

    When kernel inserts a temporary SA for IKE, it uses the wrong hash
    value for dst list. Two hash values were calcultated before: one with
    source address and one with a wildcard source address.

    Bug hinted by Junwei Zhang
    Signed-off-by: Nicolas Dichtel
    Signed-off-by: David S. Miller

    Nicolas Dichtel
     

27 Mar, 2009

1 commit

14 Mar, 2009

1 commit

04 Dec, 2008

1 commit