Eric Lee / smarc-fsl-linux-kernel

23 Feb, 2010

3 commits

20 Feb, 2010

3 commits

  • 2f1eb65f3   xfrm: Flushing empty SPD generates false events ... Browse Code »

    To see the effect make sure you have an empty SPD.
    On window1 "ip xfrm mon" and on window2 issue "ip xfrm policy flush"
    You get prompt back in window2 and you see the flush event on window1.
    With this fix, you still get prompt on window1 but no event on window2.

    Thanks to Alexey Dobriyan for finding a bug in earlier version
    when using pfkey to do the flushing.

    Signed-off-by: Jamal Hadi Salim
    Signed-off-by: David S. Miller

    Jamal Hadi Salim
     
  • 9e64cc957   xfrm: Flushing empty SAD generates false events ... Browse Code »

    To see the effect make sure you have an empty SAD.
    On window1 "ip xfrm mon" and on window2 issue "ip xfrm state flush"
    You get prompt back in window2 and you see the flush event on window1.
    With this fix, you still get prompt on window1 but no event on window2.

    Thanks to Alexey Dobriyan for finding a bug in earlier version
    when using pfkey to do the flushing.

    Signed-off-by: Jamal Hadi Salim
    Signed-off-by: David S. Miller

    Jamal Hadi Salim
     
  • 8be987d73   pfkey: fix SA and SP flush sequence ... Browse Code »

    RFC 2367 says flushing behavior should be:
    1) user space -> kernel: flush
    2) kernel: flush
    3) kernel -> user space: flush event to ALL listeners

    This is not realistic today in the presence of selinux policies
    which may reject the flush etc. So we make the sequence become:
    1) user space -> kernel: flush
    2) kernel: flush
    3) kernel -> user space: flush response to originater from #1
    4) if there were no errors then:
    kernel -> user space: flush event to ALL listeners

    Signed-off-by: Jamal Hadi Salim
    Signed-off-by: David S. Miller

    Jamal Hadi Salim
     

18 Feb, 2010

1 commit

  • 069c474e8   xfrm: Revert false event eliding commits. ... Browse Code »

    As reported by Alexey Dobriyan:

    --------------------
    setkey now takes several seconds to run this simple script
    and it spits "recv: Resource temporarily unavailable" messages.

    #!/usr/sbin/setkey -f
    flush;
    spdflush;

    add A B ipcomp 44 -m tunnel -C deflate;
    add B A ipcomp 45 -m tunnel -C deflate;

    spdadd A B any -P in ipsec
    ipcomp/tunnel/192.168.1.2-192.168.1.3/use;
    spdadd B A any -P out ipsec
    ipcomp/tunnel/192.168.1.3-192.168.1.2/use;
    --------------------

    Obviously applications want the events even when the table
    is empty. So we cannot make this behavioral change.

    Signed-off-by: David S. Miller

    David S. Miller
     

16 Feb, 2010

2 commits

  • 0dca3a843   xfrm: Flushing empty SPD generates false events ... Browse Code »

    Observed similar behavior on SPD as previouly seen on SAD flushing..
    This fixes it.

    cheers,
    jamal
    commit 428b20432dc31bc2e01a94cd451cf5a2c00d2bf4
    Author: Jamal Hadi Salim
    Date: Thu Feb 11 05:49:38 2010 -0500

    xfrm: Flushing empty SPD generates false events

    To see the effect make sure you have an empty SPD.
    On window1 "ip xfrm mon" and on window2 issue "ip xfrm policy flush"
    You get prompt back in window1 and you see the flush event on window2.
    With this fix, you still get prompt on window1 but no event on window2.

    Signed-off-by: Jamal Hadi Salim

    Signed-off-by: David S. Miller

    jamal
     
  • 19f4c7133   xfrm: Flushing empty SAD generates false events ... Browse Code »

    To see the effect make sure you have an empty SAD.
    -On window1 "ip xfrm mon"
    -on window2 issue "ip xfrm state flush"
    You get prompt back in window1
    and you see the flush event on window2.
    With this fix, you still get prompt on window1 but no
    event on window2.

    I was tempted to return -ESRCH on window1 (which would
    show "RTNETLINK answers: No such process") but didnt want
    to change current behavior.

    cheers,
    jamal
    commit 5f3dd4a772326166e1bcf54acc2391df00dc7ab5
    Author: Jamal Hadi Salim
    Date: Thu Feb 11 04:41:36 2010 -0500

    xfrm: Flushing empty SAD generates false events

    To see the effect make sure you have an empty SAD.
    On window1 "ip xfrm mon" and on window2 issue "ip xfrm state flush"
    You get prompt back in window1 and you see the flush event on window2.
    With this fix, you still get prompt on window1 but no event on window2.

    Signed-off-by: Jamal Hadi Salim

    Signed-off-by: David S. Miller

    jamal
     

11 Feb, 2010

1 commit

04 Feb, 2010

2 commits

  • 9c119ba54   Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 Browse Code »
    David S. Miller
     
  • 180211b84   af_key: fix netns ops ordering on module load/unload ... Browse Code »

    1. After sock_register() returns, it's possible to create sockets,
    even if module still not initialized fully (blame generic module code
    for that!)
    2. Consequently, pfkey_create() can be called with pfkey_net_id still not
    initialized which will BUG_ON in net_generic():
    kernel BUG at include/net/netns/generic.h:43!
    3. During netns shutdown, netns ops should be unregistered after
    key manager unregistered because key manager calls can be triggered
    from xfrm_user module:

    general protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
    pfkey_broadcast+0x111/0x210 [af_key]
    pfkey_send_notify+0x16a/0x300 [af_key]
    km_state_notify+0x41/0x70
    xfrm_flush_sa+0x75/0x90 [xfrm_user]
    4. Unregister netns ops after socket ops just in case and for symmetry.

    Reported by Luca Tettamanti.

    Signed-off-by: Alexey Dobriyan
    Tested-by: Luca Tettamanti
    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Alexey Dobriyan
     

03 Feb, 2010

1 commit

18 Jan, 2010

1 commit

12 Dec, 2009

1 commit

  • c20a66f47   xfrm: Fix truncation length of authentication algorithms installed via PF_KEY ... Browse Code »

    Commit 4447bb33f09444920a8f1d89e1540137429351b6 ("xfrm: Store aalg in
    xfrm_state with a user specified truncation length") breaks
    installation of authentication algorithms via PF_KEY, as the state
    specific truncation length is not installed with the algorithms
    default truncation length. This patch initializes state properly to
    the default if installed via PF_KEY.

    Signed-off-by: Martin Willi
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Martin Willi
     

02 Dec, 2009

1 commit

18 Nov, 2009

1 commit

06 Nov, 2009

1 commit

  • 3f378b684   net: pass kern to net_proto_family create function ... Browse Code »

    The generic __sock_create function has a kern argument which allows the
    security system to make decisions based on if a socket is being created by
    the kernel or by userspace. This patch passes that flag to the
    net_proto_family specific create function, so it can do the same thing.

    Signed-off-by: Eric Paris
    Acked-by: Arnaldo Carvalho de Melo
    Signed-off-by: David S. Miller

    Eric Paris
     

13 Oct, 2009

1 commit

  • 3b885787e   net: Generalize socket rx gap / receive queue overflow cmsg ... Browse Code »

    Create a new socket level option to report number of queue overflows

    Recently I augmented the AF_PACKET protocol to report the number of frames lost
    on the socket receive queue between any two enqueued frames. This value was
    exported via a SOL_PACKET level cmsg. AFter I completed that work it was
    requested that this feature be generalized so that any datagram oriented socket
    could make use of this option. As such I've created this patch, It creates a
    new SOL_SOCKET level option called SO_RXQ_OVFL, which when enabled exports a
    SOL_SOCKET level cmsg that reports the nubmer of times the sk_receive_queue
    overflowed between any two given frames. It also augments the AF_PACKET
    protocol to take advantage of this new feature (as it previously did not touch
    sk->sk_drops, which this patch uses to record the overflow count). Tested
    successfully by me.

    Notes:

    1) Unlike my previous patch, this patch simply records the sk_drops value, which
    is not a number of drops between packets, but rather a total number of drops.
    Deltas must be computed in user space.

    2) While this patch currently works with datagram oriented protocols, it will
    also be accepted by non-datagram oriented protocols. I'm not sure if thats
    agreeable to everyone, but my argument in favor of doing so is that, for those
    protocols which aren't applicable to this option, sk_drops will always be zero,
    and reporting no drops on a receive queue that isn't used for those
    non-participating protocols seems reasonable to me. This also saves us having
    to code in a per-protocol opt in mechanism.

    3) This applies cleanly to net-next assuming that commit
    977750076d98c7ff6cbda51858bb5a5894a9d9ab (my af packet cmsg patch) is reverted

    Signed-off-by: Neil Horman
    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Neil Horman
     

07 Oct, 2009

1 commit

02 Sep, 2009

2 commits

18 Jun, 2009

1 commit

  • 31e6d363a   net: correct off-by-one write allocations reports ... Browse Code »

    commit 2b85a34e911bf483c27cfdd124aeb1605145dc80
    (net: No more expensive sock_hold()/sock_put() on each tx)
    changed initial sk_wmem_alloc value.

    We need to take into account this offset when reporting
    sk_wmem_alloc to user, in PROC_FS files or various
    ioctls (SIOCOUTQ/TIOCOUTQ)

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

27 Feb, 2009

1 commit

26 Jan, 2009

1 commit

  • a8d694c65   af_key: initialize xfrm encap_oa ... Browse Code »

    Currently encap_oa is left uninitialized, so it contains garbage data which
    is visible to userland via Netlink. Initialize it by zeroing it out.

    Signed-off-by: Timo Teras
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Timo Teras
     

26 Nov, 2008

14 commits

07 Nov, 2008

1 commit