Eric Lee / smarc-fsl-linux-kernel

28 Feb, 2013

1 commit

  • b67bfe0d4   hlist: drop the node parameter from iterators ... Browse Code »

    I'm not sure why, but the hlist for each entry iterators were conceived

    list_for_each_entry(pos, head, member)

    The hlist ones were greedy and wanted an extra parameter:

    hlist_for_each_entry(tpos, pos, head, member)

    Why did they need an extra pos parameter? I'm not quite sure. Not only
    they don't really need it, it also prevents the iterator from looking
    exactly like the list iterator, which is unfortunate.

    Besides the semantic patch, there was some manual work required:

    - Fix up the actual hlist iterators in linux/list.h
    - Fix up the declaration of other iterators based on the hlist ones.
    - A very small amount of places were using the 'node' parameter, this
    was modified to use 'obj->member' instead.
    - Coccinelle didn't handle the hlist_for_each_entry_safe iterator
    properly, so those had to be fixed up manually.

    The semantic patch which is mostly the work of Peter Senna Tschudin is here:

    @@
    iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;

    type T;
    expression a,c,d,e;
    identifier b;
    statement S;
    @@

    -T b;

    [akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
    [akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
    [akpm@linux-foundation.org: checkpatch fixes]
    [akpm@linux-foundation.org: fix warnings]
    [akpm@linux-foudnation.org: redo intrusive kvm changes]
    Tested-by: Peter Senna Tschudin
    Acked-by: Paul E. McKenney
    Signed-off-by: Sasha Levin
    Cc: Wu Fengguang
    Cc: Marcelo Tosatti
    Cc: Gleb Natapov
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Sasha Levin
     

27 Feb, 2013

1 commit

  • d895cb1af   Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs ... Browse Code »

    Pull vfs pile (part one) from Al Viro:
    "Assorted stuff - cleaning namei.c up a bit, fixing ->d_name/->d_parent
    locking violations, etc.

    The most visible changes here are death of FS_REVAL_DOT (replaced with
    "has ->d_weak_revalidate()") and a new helper getting from struct file
    to inode. Some bits of preparation to xattr method interface changes.

    Misc patches by various people sent this cycle *and* ocfs2 fixes from
    several cycles ago that should've been upstream right then.

    PS: the next vfs pile will be xattr stuff."

    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (46 commits)
    saner proc_get_inode() calling conventions
    proc: avoid extra pde_put() in proc_fill_super()
    fs: change return values from -EACCES to -EPERM
    fs/exec.c: make bprm_mm_init() static
    ocfs2/dlm: use GFP_ATOMIC inside a spin_lock
    ocfs2: fix possible use-after-free with AIO
    ocfs2: Fix oops in ocfs2_fast_symlink_readpage() code path
    get_empty_filp()/alloc_file() leave both ->f_pos and ->f_version zero
    target: writev() on single-element vector is pointless
    export kernel_write(), convert open-coded instances
    fs: encode_fh: return FILEID_INVALID if invalid fid_type
    kill f_vfsmnt
    vfs: kill FS_REVAL_DOT by adding a d_weak_revalidate dentry op
    nfsd: handle vfs_getattr errors in acl protocol
    switch vfs_getattr() to struct path
    default SET_PERSONALITY() in linux/elf.h
    ceph: prepopulate inodes only when request is aborted
    d_hash_and_lookup(): export, switch open-coded instances
    9p: switch v9fs_set_create_acl() to inode+fid, do it before d_instantiate()
    9p: split dropping the acls from v9fs_set_create_acl()
    ...

    Linus Torvalds
     

23 Feb, 2013

1 commit

19 Feb, 2013

2 commits

  • ece31ffd5   net: proc: change proc_net_remove to remove_proc_entry ... Browse Code »

    proc_net_remove is only used to remove proc entries
    that under /proc/net,it's not a general function for
    removing proc entries of netns. if we want to remove
    some proc entries which under /proc/net/stat/, we still
    need to call remove_proc_entry.

    this patch use remove_proc_entry to replace proc_net_remove.
    we can remove proc_net_remove after this patch.

    Signed-off-by: Gao feng
    Signed-off-by: David S. Miller

    Gao feng
     
  • d4beaa66a   net: proc: change proc_net_fops_create to proc_create ... Browse Code »

    Right now, some modules such as bonding use proc_create
    to create proc entries under /proc/net/, and other modules
    such as ipv4 use proc_net_fops_create.

    It looks a little chaos.this patch changes all of
    proc_net_fops_create to proc_create. we can remove
    proc_net_fops_create after this patch.

    Signed-off-by: Gao feng
    Signed-off-by: David S. Miller

    Gao feng
     

10 Jan, 2013

1 commit

18 Dec, 2012

2 commits

19 Nov, 2012

1 commit

  • df008c91f   net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm ... Browse Code »

    Allow an unpriviled user who has created a user namespace, and then
    created a network namespace to effectively use the new network
    namespace, by reducing capable(CAP_NET_ADMIN) and
    capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
    CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.

    Allow creation of af_key sockets.
    Allow creation of llc sockets.
    Allow creation of af_packet sockets.

    Allow sending xfrm netlink control messages.

    Allow binding to netlink multicast groups.
    Allow sending to netlink multicast groups.
    Allow adding and dropping netlink multicast groups.
    Allow sending to all netlink multicast groups and port ids.

    Allow reading the netfilter SO_IP_SET socket option.
    Allow sending netfilter netlink messages.
    Allow setting and getting ip_vs netfilter socket options.

    Signed-off-by: "Eric W. Biederman"
    Signed-off-by: David S. Miller

    Eric W. Biederman
     

19 Oct, 2012

1 commit

  • 6d772ac55   netlink: use kfree_rcu() in netlink_release() ... Browse Code »

    On some suspend/resume operations involving wimax device, we have
    noticed some intermittent memory corruptions in netlink code.

    Stéphane Marchesin tracked this corruption in netlink_update_listeners()
    and suggested a patch.

    It appears netlink_release() should use kfree_rcu() instead of kfree()
    for the listeners structure as it may be used by other cpus using RCU
    protection.

    netlink_release() must set to NULL the listeners pointer when
    it is about to be freed.

    Also have to protect netlink_update_listeners() and
    netlink_has_listeners() if listeners is NULL.

    Add a nl_deref_protected() lockdep helper to properly document which
    locks protects us.

    Reported-by: Jonathan Kliegman
    Signed-off-by: Eric Dumazet
    Cc: Stéphane Marchesin
    Cc: Sam Leffler
    Signed-off-by: David S. Miller

    Eric Dumazet
     

07 Oct, 2012

1 commit

  • 6dc878a8c   netlink: add reference of module in netlink_dump_start ... Browse Code »

    I get a panic when I use ss -a and rmmod inet_diag at the
    same time.

    It's because netlink_dump uses inet_diag_dump which belongs to module
    inet_diag.

    I search the codes and find many modules have the same problem. We
    need to add a reference to the module which the cb->dump belongs to.

    Thanks for all help from Stephen,Jan,Eric,Steffen and Pablo.

    Change From v3:
    change netlink_dump_start to inline,suggestion from Pablo and
    Eric.

    Change From v2:
    delete netlink_dump_done,and call module_put in netlink_dump
    and netlink_sock_destruct.

    Signed-off-by: Gao feng
    Signed-off-by: David S. Miller

    Gao feng
     

11 Sep, 2012

1 commit

  • 15e473046   netlink: Rename pid to portid to avoid confusion ... Browse Code »

    It is a frequent mistake to confuse the netlink port identifier with a
    process identifier. Try to reduce this confusion by renaming fields
    that hold port identifiers portid instead of pid.

    I have carefully avoided changing the structures exported to
    userspace to avoid changing the userspace API.

    I have successfully built an allyesconfig kernel with this change.

    Signed-off-by: "Eric W. Biederman"
    Acked-by: Stephen Hemminger
    Signed-off-by: David S. Miller

    Eric W. Biederman
     

09 Sep, 2012

2 commits

  • 9f00d9776   netlink: hide struct module parameter in netlink_kernel_create ... Browse Code »

    This patch defines netlink_kernel_create as a wrapper function of
    __netlink_kernel_create to hide the struct module *me parameter
    (which seems to be THIS_MODULE in all existing netlink subsystems).

    Suggested by David S. Miller.

    Signed-off-by: Pablo Neira Ayuso
    Signed-off-by: David S. Miller

    Pablo Neira Ayuso
     
  • 9785e10ae   netlink: kill netlink_set_nonroot ... Browse Code »

    Replace netlink_set_nonroot by one new field `flags' in
    struct netlink_kernel_cfg that is passed to netlink_kernel_create.

    This patch also renames NL_NONROOT_* to NL_CFG_F_NONROOT_* since
    now the flags field in nl_table is generic (so we can add more
    flags if needed in the future).

    Also adjust all callers in the net-next tree to use these flags
    instead of netlink_set_nonroot.

    Signed-off-by: Pablo Neira Ayuso
    Signed-off-by: David S. Miller

    Pablo Neira Ayuso
     

08 Sep, 2012

1 commit

  • dbe9a4173   scm: Don't use struct ucred in NETLINK_CB and struct scm_cookie. ... Browse Code »

    Passing uids and gids on NETLINK_CB from a process in one user
    namespace to a process in another user namespace can result in the
    wrong uid or gid being presented to userspace. Avoid that problem by
    passing kuids and kgids instead.

    - define struct scm_creds for use in scm_cookie and netlink_skb_parms
    that holds uid and gid information in kuid_t and kgid_t.

    - Modify scm_set_cred to fill out scm_creds by heand instead of using
    cred_to_ucred to fill out struct ucred. This conversion ensures
    userspace does not get incorrect uid or gid values to look at.

    - Modify scm_recv to convert from struct scm_creds to struct ucred
    before copying credential values to userspace.

    - Modify __scm_send to populate struct scm_creds on in the scm_cookie,
    instead of just copying struct ucred from userspace.

    - Modify netlink_sendmsg to copy scm_creds instead of struct ucred
    into the NETLINK_CB.

    Signed-off-by: "Eric W. Biederman"
    Signed-off-by: David S. Miller

    Eric W. Biederman
     

01 Sep, 2012

1 commit

25 Aug, 2012

2 commits

  • e6acb3848   Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace ... Browse Code »

    This is an initial merge in of Eric Biederman's work to start adding
    user namespace support to the networking.

    Signed-off-by: David S. Miller

    David S. Miller
     
  • 20e1db19d   netlink: fix possible spoofing from non-root processes ... Browse Code »

    Non-root user-space processes can send Netlink messages to other
    processes that are well-known for being subscribed to Netlink
    asynchronous notifications. This allows ilegitimate non-root
    process to send forged messages to Netlink subscribers.

    The userspace process usually verifies the legitimate origin in
    two ways:

    a) Socket credentials. If UID != 0, then the message comes from
    some ilegitimate process and the message needs to be dropped.

    b) Netlink portID. In general, portID == 0 means that the origin
    of the messages comes from the kernel. Thus, discarding any
    message not coming from the kernel.

    However, ctnetlink sets the portID in event messages that has
    been triggered by some user-space process, eg. conntrack utility.
    So other processes subscribed to ctnetlink events, eg. conntrackd,
    know that the event was triggered by some user-space action.

    Neither of the two ways to discard ilegitimate messages coming
    from non-root processes can help for ctnetlink.

    This patch adds capability validation in case that dst_pid is set
    in netlink_sendmsg(). This approach is aggressive since existing
    applications using any Netlink bus to deliver messages between
    two user-space processes will break. Note that the exception is
    NETLINK_USERSOCK, since it is reserved for netlink-to-netlink
    userspace communication.

    Still, if anyone wants that his Netlink bus allows netlink-to-netlink
    userspace, then they can set NL_NONROOT_SEND. However, by default,
    I don't think it makes sense to allow to use NETLINK_ROUTE to
    communicate two processes that are sending no matter what information
    that is not related to link/neighbouring/routing. They should be using
    NETLINK_USERSOCK instead for that.

    Signed-off-by: Pablo Neira Ayuso
    Signed-off-by: David S. Miller

    Pablo Neira Ayuso
     

22 Aug, 2012

1 commit

  • e0e3cea46   af_netlink: force credentials passing [CVE-2012-3520] ... Browse Code »

    Pablo Neira Ayuso discovered that avahi and
    potentially NetworkManager accept spoofed Netlink messages because of a
    kernel bug. The kernel passes all-zero SCM_CREDENTIALS ancillary data
    to the receiver if the sender did not provide such data, instead of not
    including any such data at all or including the correct data from the
    peer (as it is the case with AF_UNIX).

    This bug was introduced in commit 16e572626961
    (af_unix: dont send SCM_CREDENTIALS by default)

    This patch forces passing credentials for netlink, as
    before the regression.

    Another fix would be to not add SCM_CREDENTIALS in
    netlink messages if not provided by the sender, but it
    might break some programs.

    With help from Florian Weimer & Petr Matousek

    This issue is designated as CVE-2012-3520

    Signed-off-by: Eric Dumazet
    Cc: Petr Matousek
    Cc: Florian Weimer
    Cc: Pablo Neira Ayuso
    Signed-off-by: David S. Miller

    Eric Dumazet
     

15 Aug, 2012

1 commit

  • 3fbc29054   netlink: Make the sending netlink socket availabe in NETLINK_CB ... Browse Code »

    The sending socket of an skb is already available by it's port id
    in the NETLINK_CB. If you want to know more like to examine the
    credentials on the sending socket you have to look up the sending
    socket by it's port id and all of the needed functions and data
    structures are static inside of af_netlink.c. So do the simple
    thing and pass the sending socket to the receivers in the NETLINK_CB.

    I intend to use this to get the user namespace of the sending socket
    in inet_diag so that I can report uids in the context of the process
    who opened the socket, the same way I report uids in the contect
    of the process who opens files.

    Acked-by: David S. Miller
    Acked-by: Serge Hallyn
    Signed-off-by: Eric W. Biederman

    Eric W. Biederman
     

24 Jul, 2012

1 commit

11 Jul, 2012

1 commit

30 Jun, 2012

2 commits

  • 03292745b   netlink: add nlk->netlink_bind hook for module auto-loading ... Browse Code »

    This patch adds a hook in the binding path of netlink.

    This is used by ctnetlink to allow module autoloading for the case
    in which one user executes:

    conntrack -E

    So far, this resulted in nfnetlink loaded, but not
    nf_conntrack_netlink.

    I have received in the past many complains on this behaviour.

    Signed-off-by: Pablo Neira Ayuso
    Signed-off-by: David S. Miller

    Pablo Neira Ayuso
     
  • a31f2d17b   netlink: add netlink_kernel_cfg parameter to netlink_kernel_create ... Browse Code »

    This patch adds the following structure:

    struct netlink_kernel_cfg {
    unsigned int groups;
    void (*input)(struct sk_buff *skb);
    struct mutex *cb_mutex;
    };

    That can be passed to netlink_kernel_create to set optional configurations
    for netlink kernel sockets.

    I've populated this structure by looking for NULL and zero parameters at the
    existing code. The remaining parameters that always need to be set are still
    left in the original interface.

    That includes optional parameters for the netlink socket creation. This allows
    easy extensibility of this interface in the future.

    This patch also adapts all callers to use this new interface.

    Signed-off-by: Pablo Neira Ayuso
    Signed-off-by: David S. Miller

    Pablo Neira Ayuso
     

30 May, 2012

1 commit

  • e9412c370   genetlink: Build a generic netlink family module alias ... Browse Code »

    Generic netlink searches for -type- formatted aliases when requesting a module to
    fulfill a protocol request (i.e. net-pf-16-proto-16-type-, where x is a type
    value). However generic netlink protocols have no well defined type numbers,
    they have string names. Modify genl_ctrl_getfamily to request an alias in the
    format net-pf-16-proto-16-family- instead, where x is a generic string, and
    add a macro that builds on the previously added MODULE_ALIAS_NET_PF_PROTO_NAME
    macro to allow modules to specifify those generic strings.

    Note, l2tp previously hacked together an net-pf-16-proto-16-type-l2tp alias
    using the MODULE_ALIAS macro, with these updates we can convert that to use the
    PROTO_NAME macro.

    Signed-off-by: Neil Horman
    CC: Eric Dumazet
    CC: James Chapman
    CC: David Miller
    Signed-off-by: David S. Miller

    Neil Horman
     

24 Apr, 2012

2 commits

20 Apr, 2012

1 commit

11 Apr, 2012

1 commit

06 Apr, 2012

1 commit

02 Apr, 2012

1 commit

27 Feb, 2012

2 commits

  • 7175c8830   netlink: allow to pass data pointer to netlink_dump_start() callback ... Browse Code »

    This patch allows you to pass a data pointer that can be
    accessed from the dump callback.

    Netfilter is going to use this patch to provide filtered dumps
    to user-space. This is specifically interesting in ctnetlink that
    may handle lots of conntrack entries. We can save precious
    cycles by skipping the conversion to TLV format of conntrack
    entries that are not interesting for user-space.

    More specifically, ctnetlink will include one operation to allow
    to filter the dumping of conntrack entries by ctmark values.

    Signed-off-by: Pablo Neira Ayuso
    Signed-off-by: David S. Miller

    Pablo Neira Ayuso
     
  • 80d326fab   netlink: add netlink_dump_control structure for netlink_dump_start() ... Browse Code »

    Davem considers that the argument list of this interface is getting
    out of control. This patch tries to address this issue following
    his proposal:

    struct netlink_dump_control c = { .dump = dump, .done = done, ... };

    netlink_dump_start(..., &c);

    Suggested by David S. Miller.

    Signed-off-by: Pablo Neira Ayuso
    Signed-off-by: David S. Miller

    Pablo Neira Ayuso
     

31 Jan, 2012

1 commit

  • a46621a3a   net: Deinline __nlmsg_put and genlmsg_put. -7k code on i386 defconfig. ... Browse Code »

    text data bss dec hex filename
    8455963 532732 1810804 10799499 a4c98b vmlinux.o.before
    8448899 532732 1810804 10792435 a4adf3 vmlinux.o

    This change also removes commented-out copy of __nlmsg_put
    which was last touched in 2005 with "Enable once all users
    have been converted" comment on top.

    Changes in v2: rediffed against net-next.

    Signed-off-by: Denys Vlasenko
    Signed-off-by: David S. Miller

    Denys Vlasenko
     

15 Jan, 2012

1 commit

  • c49c41a41   Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security ... Browse Code »

    * 'for-linus' of git://selinuxproject.org/~jmorris/linux-security:
    capabilities: remove __cap_full_set definition
    security: remove the security_netlink_recv hook as it is equivalent to capable()
    ptrace: do not audit capability check when outputing /proc/pid/stat
    capabilities: remove task_ns_* functions
    capabitlies: ns_capable can use the cap helpers rather than lsm call
    capabilities: style only - move capable below ns_capable
    capabilites: introduce new has_ns_capabilities_noaudit
    capabilities: call has_ns_capability from has_capability
    capabilities: remove all _real_ interfaces
    capabilities: introduce security_capable_noaudit
    capabilities: reverse arguments to security_capable
    capabilities: remove the task from capable LSM hook entirely
    selinux: sparse fix: fix several warnings in the security server cod
    selinux: sparse fix: fix warnings in netlink code
    selinux: sparse fix: eliminate warnings for selinuxfs
    selinux: sparse fix: declare selinux_disable() in security.h
    selinux: sparse fix: move selinux_complete_init
    selinux: sparse fix: make selinux_secmark_refcount static
    SELinux: Fix RCU deref check warning in sel_netport_insert()

    Manually fix up a semantic mis-merge wrt security_netlink_recv():

    - the interface was removed in commit fd7784615248 ("security: remove
    the security_netlink_recv hook as it is equivalent to capable()")

    - a new user of it appeared in commit a38f7907b926 ("crypto: Add
    userspace configuration API")

    causing no automatic merge conflict, but Eric Paris pointed out the
    issue.

    Linus Torvalds
     

06 Jan, 2012

1 commit

29 Dec, 2011

1 commit

  • fa8430953   genetlink: add auto module loading ... Browse Code »

    When testing L2TP support, I discovered that the l2tp module is not autoloaded
    as are other netlink interfaces. There is because of lack of hook in genetlink to call
    request_module and load the module.

    Signed-off-by: Stephen Hemminger
    Signed-off-by: David S. Miller

    Stephen Hemminger
     

24 Dec, 2011

1 commit

  • 035c4c16b   netlink: Undo const marker in netlink_is_kernel(). ... Browse Code »

    We can't do this without propagating the const to nlk_sk()
    too, otherwise:

    net/netlink/af_netlink.c: In function ‘netlink_is_kernel’:
    net/netlink/af_netlink.c:103:2: warning: passing argument 1 of ‘nlk_sk’ discards ‘const’ qualifier from pointer target type [enabled by default]
    net/netlink/af_netlink.c:96:36: note: expected ‘struct sock *’ but argument is of type ‘const struct sock *’

    Signed-off-by: David S. Miller

    David S. Miller
     

23 Dec, 2011

2 commits