Eric Lee / smarc-fsl-linux-kernel

13 Oct, 2009

1 commit

  • 3b885787e   net: Generalize socket rx gap / receive queue overflow cmsg ... Browse Code »

    Create a new socket level option to report number of queue overflows

    Recently I augmented the AF_PACKET protocol to report the number of frames lost
    on the socket receive queue between any two enqueued frames. This value was
    exported via a SOL_PACKET level cmsg. AFter I completed that work it was
    requested that this feature be generalized so that any datagram oriented socket
    could make use of this option. As such I've created this patch, It creates a
    new SOL_SOCKET level option called SO_RXQ_OVFL, which when enabled exports a
    SOL_SOCKET level cmsg that reports the nubmer of times the sk_receive_queue
    overflowed between any two given frames. It also augments the AF_PACKET
    protocol to take advantage of this new feature (as it previously did not touch
    sk->sk_drops, which this patch uses to record the overflow count). Tested
    successfully by me.

    Notes:

    1) Unlike my previous patch, this patch simply records the sk_drops value, which
    is not a number of drops between packets, but rather a total number of drops.
    Deltas must be computed in user space.

    2) While this patch currently works with datagram oriented protocols, it will
    also be accepted by non-datagram oriented protocols. I'm not sure if thats
    agreeable to everyone, but my argument in favor of doing so is that, for those
    protocols which aren't applicable to this option, sk_drops will always be zero,
    and reporting no drops on a receive queue that isn't used for those
    non-participating protocols seems reasonable to me. This also saves us having
    to code in a per-protocol opt in mechanism.

    3) This applies cleanly to net-next assuming that commit
    977750076d98c7ff6cbda51858bb5a5894a9d9ab (my af packet cmsg patch) is reverted

    Signed-off-by: Neil Horman
    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Neil Horman
     

07 Oct, 2009

1 commit

02 Sep, 2009

2 commits

18 Jun, 2009

1 commit

  • 31e6d363a   net: correct off-by-one write allocations reports ... Browse Code »

    commit 2b85a34e911bf483c27cfdd124aeb1605145dc80
    (net: No more expensive sock_hold()/sock_put() on each tx)
    changed initial sk_wmem_alloc value.

    We need to take into account this offset when reporting
    sk_wmem_alloc to user, in PROC_FS files or various
    ioctls (SIOCOUTQ/TIOCOUTQ)

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

27 Feb, 2009

1 commit

26 Jan, 2009

1 commit

  • a8d694c65   af_key: initialize xfrm encap_oa ... Browse Code »

    Currently encap_oa is left uninitialized, so it contains garbage data which
    is visible to userland via Netlink. Initialize it by zeroing it out.

    Signed-off-by: Timo Teras
    Acked-by: Herbert Xu
    Signed-off-by: David S. Miller

    Timo Teras
     

26 Nov, 2008

14 commits

07 Nov, 2008

1 commit

01 Nov, 2008

1 commit

  • 920da6923   key: fix setkey(8) policy set breakage ... Browse Code »

    Steps to reproduce:

    #/usr/sbin/setkey -f
    flush;
    spdflush;

    add 192.168.0.42 192.168.0.1 ah 24500 -A hmac-md5 "1234567890123456";
    add 192.168.0.42 192.168.0.1 esp 24501 -E 3des-cbc "123456789012123456789012";

    spdadd 192.168.0.42 192.168.0.1 any -P out ipsec
    esp/transport//require
    ah/transport//require;

    setkey: invalid keymsg length

    Policy dump will bail out with the same message after that.

    -recv(4, "\2\16\0\0\32\0\3\0\0\0\0\0\37\r\0\0\3\0\5\0\377 \0\0\2\0\0\0\300\250\0*\0"..., 32768, 0) = 208
    +recv(4, "\2\16\0\0\36\0\3\0\0\0\0\0H\t\0\0\3\0\5\0\377 \0\0\2\0\0\0\300\250\0*\0"..., 32768, 0) = 208

    Signed-off-by: Alexey Dobriyan
    Signed-off-by: David S. Miller

    Alexey Dobriyan
     

11 Oct, 2008

1 commit

  • 1839faab9   af_key: fix SADB_X_SPDDELETE response ... Browse Code »

    When deleting an SPD entry using SADB_X_SPDDELETE, c.data.byid is not
    initialized to zero in pfkey_spddelete(). Thus, key_notify_policy()
    responds with a PF_KEY message of type SADB_X_SPDDELETE2 instead of
    SADB_X_SPDDELETE.

    Signed-off-by: Tobias Brunner
    Signed-off-by: David S. Miller

    Tobias Brunner
     

06 Oct, 2008

1 commit

01 Oct, 2008

2 commits

  • 12a169e7d   ipsec: Put dumpers on the dump list ... Browse Code »

    Herbert Xu came up with the idea and the original patch to make
    xfrm_state dump list contain also dumpers:

    As it is we go to extraordinary lengths to ensure that states
    don't go away while dumpers go to sleep. It's much easier if
    we just put the dumpers themselves on the list since they can't
    go away while they're going.

    I've also changed the order of addition on new states to prevent
    a never-ending dump.

    Timo Teräs improved the patch to apply cleanly to latest tree,
    modified iteration code to be more readable by using a common
    struct for entries in the list, implemented the same idea for
    xfrm_policy dumping and moved the af_key specific "last" entry
    caching to af_key.

    Signed-off-by: Herbert Xu
    Signed-off-by: Timo Teras
    Signed-off-by: David S. Miller

    Herbert Xu
     
  • 052382048   af_key: Free dumping state on socket close ... Browse Code »

    Fix a xfrm_{state,policy}_walk leak if pfkey socket is closed while
    dumping is on-going.

    Signed-off-by: Timo Teras
    Signed-off-by: David S. Miller

    Timo Teras
     

26 Jul, 2008

1 commit

  • 547b792ca   net: convert BUG_TRAP to generic WARN_ON ... Browse Code »

    Removes legacy reinvent-the-wheel type thing. The generic
    machinery integrates much better to automated debugging aids
    such as kerneloops.org (and others), and is unambiguous due to
    better naming. Non-intuively BUG_TRAP() is actually equal to
    WARN_ON() rather than BUG_ON() though some might actually be
    promoted to BUG_ON() but I left that to future.

    I could make at least one BUILD_BUG_ON conversion.

    Signed-off-by: Ilpo Järvinen
    Signed-off-by: David S. Miller

    Ilpo Järvinen
     

14 Jun, 2008

1 commit

12 Jun, 2008

4 commits

11 Jun, 2008

1 commit

  • 99c6f60e7   ipsec: pfkey should ignore events when no listeners ... Browse Code »

    When pfkey has no km listeners, it still does a lot of work
    before finding out there aint nobody out there.
    If a tree falls in a forest and no one is around to hear it, does it make
    a sound? In this case it makes a lot of noise:
    With this short-circuit adding 10s of thousands of SAs using
    netlink improves performance by ~10%.

    Signed-off-by: Jamal Hadi Salim
    Signed-off-by: David S. Miller

    Jamal Hadi Salim
     

22 May, 2008

1 commit

28 Apr, 2008

1 commit

  • 2532386f4   Audit: collect sessionid in netlink messages ... Browse Code »

    Previously I added sessionid output to all audit messages where it was
    available but we still didn't know the sessionid of the sender of
    netlink messages. This patch adds that information to netlink messages
    so we can audit who sent netlink messages.

    Signed-off-by: Eric Paris
    Signed-off-by: Al Viro

    Eric Paris
     

25 Apr, 2008

1 commit

  • 2db3e47e7   af_key: Fix af_key.c compiler warning ... Browse Code »

    net/key/af_key.c: In function ‘pfkey_spddelete’:
    net/key/af_key.c:2359: warning: ‘pol_ctx’ may be used uninitialized in
    this function

    When CONFIG_SECURITY_NETWORK_XFRM isn't set,
    security_xfrm_policy_alloc() is an inline that doesn't set pol_ctx, so
    this seemed like the easiest fix short of using *uninitialized_var(pol_ctx).

    Signed-off-by: Brian Haley
    Signed-off-by: David S. Miller

    Brian Haley
     

22 Apr, 2008

1 commit

  • c5d18e984   [IPSEC]: Fix catch-22 with algorithm IDs above 31 ... Browse Code »

    As it stands it's impossible to use any authentication algorithms
    with an ID above 31 portably. It just happens to work on x86 but
    fails miserably on ppc64.

    The reason is that we're using a bit mask to check the algorithm
    ID but the mask is only 32 bits wide.

    After looking at how this is used in the field, I have concluded
    that in the long term we should phase out state matching by IDs
    because this is made superfluous by the reqid feature. For current
    applications, the best solution IMHO is to allow all algorithms when
    the bit masks are all ~0.

    The following patch does exactly that.

    This bug was identified by IBM when testing on the ppc64 platform
    using the NULL authentication algorithm which has an ID of 251.

    Signed-off-by: Herbert Xu
    Signed-off-by: David S. Miller

    Herbert Xu
     

13 Apr, 2008

1 commit

  • 03e1ad7b5   LSM: Make the Labeled IPsec hooks more stack friendly ... Browse Code »

    The xfrm_get_policy() and xfrm_add_pol_expire() put some rather large structs
    on the stack to work around the LSM API. This patch attempts to fix that
    problem by changing the LSM API to require only the relevant "security"
    pointers instead of the entire SPD entry; we do this for all of the
    security_xfrm_policy*() functions to keep things consistent.

    Signed-off-by: Paul Moore
    Acked-by: James Morris
    Signed-off-by: David S. Miller

    Paul Moore
     

28 Mar, 2008

1 commit