22 Jul, 2018

1 commit

  • commit 2546da99212f22034aecf279da9c47cbfac6c981 upstream.

    The RX SGL in processing is already registered with the RX SGL tracking
    list to support proper cleanup. The cleanup code path uses the
    sg_num_bytes variable which must therefore be always initialized, even
    in the error code path.

    Signed-off-by: Stephan Mueller
    Reported-by: syzbot+9c251bdd09f83b92ba95@syzkaller.appspotmail.com
    #syz test: https://github.com/google/kmsan.git master
    CC: #4.14
    Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management")
    Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
    Signed-off-by: Herbert Xu
    Signed-off-by: Greg Kroah-Hartman

    Stephan Mueller
     

16 May, 2018

1 commit

  • commit a466856e0b7ab269cdf9461886d007e88ff575b0 upstream.

    syzbot reported :

    BUG: KMSAN: uninit-value in alg_bind+0xe3/0xd90 crypto/af_alg.c:162

    We need to check addr_len before dereferencing sa (or uaddr)

    Fixes: bb30b8848c85 ("crypto: af_alg - whitelist mask and type")
    Signed-off-by: Eric Dumazet
    Reported-by: syzbot
    Cc: Stephan Mueller
    Cc: Herbert Xu
    Signed-off-by: David S. Miller
    Signed-off-by: Greg Kroah-Hartman

    Eric Dumazet
     

03 Mar, 2018

1 commit

  • [ Upstream commit af955bf15d2c27496b0269b1f05c26f758c68314 ]

    This variable was increased and decreased without any protection.
    Result was an occasional misscount and negative wrap around resulting
    in false resource allocation failures.

    Fixes: 7d2c3f54e6f6 ("crypto: af_alg - remove locking in async callback")
    Signed-off-by: Jonathan Cameron
    Reviewed-by: Stephan Mueller
    Signed-off-by: Herbert Xu
    Signed-off-by: Sasha Levin
    Signed-off-by: Greg Kroah-Hartman

    Jonathan Cameron
     

04 Feb, 2018

1 commit

  • commit bb30b8848c85e18ca7e371d0a869e94b3e383bdf upstream.

    The user space interface allows specifying the type and mask field used
    to allocate the cipher. Only a subset of the possible flags are intended
    for user space. Therefore, white-list the allowed flags.

    In case the user space caller uses at least one non-allowed flag, EINVAL
    is returned.

    Reported-by: syzbot
    Signed-off-by: Stephan Mueller
    Signed-off-by: Herbert Xu
    Signed-off-by: Greg Kroah-Hartman

    Stephan Mueller
     

30 Dec, 2017

1 commit

  • commit 11edb555966ed2c66c533d17c604f9d7e580a829 upstream.

    The wait for data is a non-atomic operation that can sleep and therefore
    potentially release the socket lock. The release of the socket lock
    allows another thread to modify the context data structure. The waiting
    operation for new data therefore must be called at the beginning of
    recvmsg. This prevents a race condition where checks of the members of
    the context data structure are performed by recvmsg while there is a
    potential for modification of these values.

    Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management")
    Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
    Reported-by: syzbot
    Signed-off-by: Stephan Mueller
    Signed-off-by: Herbert Xu
    Signed-off-by: Greg Kroah-Hartman

    Stephan Mueller
     

20 Dec, 2017

1 commit

  • commit 887207ed9e5812ed9239b6d07185a2d35dda91db upstream.

    af_alg_free_areq_sgls()

    If allocating the ->tsgl member of 'struct af_alg_async_req' failed,
    during cleanup we dereferenced the NULL ->tsgl pointer in
    af_alg_free_areq_sgls(), because ->tsgl_entries was nonzero.

    Fix it by only freeing the ->tsgl list if it is non-NULL.

    This affected both algif_skcipher and algif_aead.

    Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management")
    Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
    Reported-by: syzbot
    Signed-off-by: Eric Biggers
    Reviewed-by: Stephan Mueller
    Signed-off-by: Herbert Xu
    Signed-off-by: Greg Kroah-Hartman

    Eric Biggers
     

05 Dec, 2017

1 commit

  • commit 7d2c3f54e6f646887d019faa45f35d6fe9fe82ce upstream.

    The code paths protected by the socket-lock do not use or modify the
    socket in a non-atomic fashion. The actions pertaining the socket do not
    even need to be handled as an atomic operation. Thus, the socket-lock
    can be safely ignored.

    This fixes a bug regarding scheduling in atomic as the callback function
    may be invoked in interrupt context.

    In addition, the sock_hold is moved before the AIO encrypt/decrypt
    operation to ensure that the socket is always present. This avoids a
    tiny race window where the socket is unprotected and yet used by the AIO
    operation.

    Finally, the release of resources for a crypto operation is moved into a
    common function of af_alg_free_resources.

    Fixes: e870456d8e7c8 ("crypto: algif_skcipher - overhaul memory management")
    Fixes: d887c52d6ae43 ("crypto: algif_aead - overhaul memory management")
    Reported-by: Romain Izard
    Signed-off-by: Stephan Mueller
    Tested-by: Romain Izard
    Signed-off-by: Herbert Xu
    Signed-off-by: Greg Kroah-Hartman

    Stephan Mueller
     

20 Sep, 2017

1 commit

  • When two adjacent TX SGL are processed and parts of both TX SGLs
    are pulled into the per-request TX SGL, the wrong per-request
    TX SGL entries were updated.

    This fixes a NULL pointer dereference when a cipher implementation walks
    the TX SGL where some of the SGL entries were NULL.

    Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory...")
    Signed-off-by: Stephan Mueller
    Signed-off-by: Herbert Xu

    Stephan Mueller
     

22 Aug, 2017

1 commit

  • When a page is assigned to a TX SGL, call get_page to increment the
    reference counter. It is possible that one page is referenced in
    multiple SGLs:

    - in the global TX SGL in case a previous af_alg_pull_tsgl only
    reassigned parts of a page to a per-request TX SGL

    - in the per-request TX SGL as assigned by af_alg_pull_tsgl

    Note, multiple requests can be active at the same time whose TX SGLs all
    point to different parts of the same page.

    Signed-off-by: Stephan Mueller
    Signed-off-by: Herbert Xu

    Stephan Mueller
     

09 Aug, 2017

1 commit

  • Consolidate following data structures:

    skcipher_async_req, aead_async_req -> af_alg_async_req
    skcipher_rsgl, aead_rsql -> af_alg_rsgl
    skcipher_tsgl, aead_tsql -> af_alg_tsgl
    skcipher_ctx, aead_ctx -> af_alg_ctx

    Consolidate following functions:

    skcipher_sndbuf, aead_sndbuf -> af_alg_sndbuf
    skcipher_writable, aead_writable -> af_alg_writable
    skcipher_rcvbuf, aead_rcvbuf -> af_alg_rcvbuf
    skcipher_readable, aead_readable -> af_alg_readable
    aead_alloc_tsgl, skcipher_alloc_tsgl -> af_alg_alloc_tsgl
    aead_count_tsgl, skcipher_count_tsgl -> af_alg_count_tsgl
    aead_pull_tsgl, skcipher_pull_tsgl -> af_alg_pull_tsgl
    aead_free_areq_sgls, skcipher_free_areq_sgls -> af_alg_free_areq_sgls
    aead_wait_for_wmem, skcipher_wait_for_wmem -> af_alg_wait_for_wmem
    aead_wmem_wakeup, skcipher_wmem_wakeup -> af_alg_wmem_wakeup
    aead_wait_for_data, skcipher_wait_for_data -> af_alg_wait_for_data
    aead_data_wakeup, skcipher_data_wakeup -> af_alg_data_wakeup
    aead_sendmsg, skcipher_sendmsg -> af_alg_sendmsg
    aead_sendpage, skcipher_sendpage -> af_alg_sendpage
    aead_async_cb, skcipher_async_cb -> af_alg_async_cb
    aead_poll, skcipher_poll -> af_alg_poll

    Split out the following common code from recvmsg:

    af_alg_alloc_areq: allocation of the request data structure for the
    cipher operation

    af_alg_get_rsgl: creation of the RX SGL anchored in the request data
    structure

    The following changes to the implementation without affecting the
    functionality have been applied to synchronize slightly different code
    bases in algif_skcipher and algif_aead:

    The wakeup in af_alg_wait_for_data is triggered when either more data
    is received or the indicator that more data is to be expected is
    released. The first is triggered by user space, the second is
    triggered by the kernel upon finishing the processing of data
    (i.e. the kernel is ready for more).

    af_alg_sendmsg uses size_t in min_t calculation for obtaining len.
    Return code determination is consistent with algif_skcipher. The
    scope of the variable i is reduced to match algif_aead. The type of the
    variable i is switched from int to unsigned int to match algif_aead.

    af_alg_sendpage does not contain the superfluous err = 0 from
    aead_sendpage.

    af_alg_async_cb requires to store the number of output bytes in
    areq->outlen before the AIO callback is triggered.

    The POLLIN / POLLRDNORM is now set when either not more data is given or
    the kernel is supplied with data. This is consistent to the wakeup from
    sleep when the kernel waits for data.

    The request data structure is extended by the field last_rsgl which
    points to the last RX SGL list entry. This shall help recvmsg
    implementation to chain the RX SGL to other SG(L)s if needed. It is
    currently used by algif_aead which chains the tag SGL to the RX SGL
    during decryption.

    Signed-off-by: Stephan Mueller
    Signed-off-by: Herbert Xu

    Stephan Mueller
     

12 Jul, 2017

1 commit

  • crypto: af_alg - Avoid sock_graft call warning

    The newly added sock_graft warning triggers in af_alg_accept.
    It's harmless as we're essentially doing sock->sk = sock->sk.

    The sock_graft call is actually redundant because all the work
    it does is subsumed by sock_init_data. However, it was added
    to placate SELinux as it uses it to initialise its internal state.

    This patch avoisd the warning by making the SELinux call directly.

    Reported-by: Linus Torvalds
    Signed-off-by: Herbert Xu
    Acked-by: David S. Miller

    Herbert Xu
     

10 Apr, 2017

1 commit

  • This patch removes the hard-coded 64-byte limit on the length
    of the algorithm name through bind(2). The address length can
    now exceed that. The user-space structure remains unchanged.
    In order to use a longer name simply extend the salg_name array
    beyond its defined 64 bytes length.

    Signed-off-by: Herbert Xu

    Herbert Xu
     

10 Mar, 2017

1 commit

  • Lockdep issues a circular dependency warning when AFS issues an operation
    through AF_RXRPC from a context in which the VFS/VM holds the mmap_sem.

    The theory lockdep comes up with is as follows:

    (1) If the pagefault handler decides it needs to read pages from AFS, it
    calls AFS with mmap_sem held and AFS begins an AF_RXRPC call, but
    creating a call requires the socket lock:

    mmap_sem must be taken before sk_lock-AF_RXRPC

    (2) afs_open_socket() opens an AF_RXRPC socket and binds it. rxrpc_bind()
    binds the underlying UDP socket whilst holding its socket lock.
    inet_bind() takes its own socket lock:

    sk_lock-AF_RXRPC must be taken before sk_lock-AF_INET

    (3) Reading from a TCP socket into a userspace buffer might cause a fault
    and thus cause the kernel to take the mmap_sem, but the TCP socket is
    locked whilst doing this:

    sk_lock-AF_INET must be taken before mmap_sem

    However, lockdep's theory is wrong in this instance because it deals only
    with lock classes and not individual locks. The AF_INET lock in (2) isn't
    really equivalent to the AF_INET lock in (3) as the former deals with a
    socket entirely internal to the kernel that never sees userspace. This is
    a limitation in the design of lockdep.

    Fix the general case by:

    (1) Double up all the locking keys used in sockets so that one set are
    used if the socket is created by userspace and the other set is used
    if the socket is created by the kernel.

    (2) Store the kern parameter passed to sk_alloc() in a variable in the
    sock struct (sk_kern_sock). This informs sock_lock_init(),
    sock_init_data() and sk_clone_lock() as to the lock keys to be used.

    Note that the child created by sk_clone_lock() inherits the parent's
    kern setting.

    (3) Add a 'kern' parameter to ->accept() that is analogous to the one
    passed in to ->create() that distinguishes whether kernel_accept() or
    sys_accept4() was the caller and can be passed to sk_alloc().

    Note that a lot of accept functions merely dequeue an already
    allocated socket. I haven't touched these as the new socket already
    exists before we get the parameter.

    Note also that there are a couple of places where I've made the accepted
    socket unconditionally kernel-based:

    irda_accept()
    rds_rcp_accept_one()
    tcp_accept_from_sock()

    because they follow a sock_create_kern() and accept off of that.

    Whilst creating this, I noticed that lustre and ocfs don't create sockets
    through sock_create_kern() and thus they aren't marked as for-kernel,
    though they appear to be internal. I wonder if these should do that so
    that they use the new set of lock keys.

    Signed-off-by: David Howells
    Signed-off-by: David S. Miller

    David Howells
     

18 Jan, 2016

5 commits


25 Jun, 2015

1 commit

  • Pull networking updates from David Miller:

    1) Add TX fast path in mac80211, from Johannes Berg.

    2) Add TSO/GRO support to ibmveth, from Thomas Falcon

    3) Move away from cached routes in ipv6, just like ipv4, from Martin
    KaFai Lau.

    4) Lots of new rhashtable tests, from Thomas Graf.

    5) Run ingress qdisc lockless, from Alexei Starovoitov.

    6) Allow servers to fetch TCP packet headers for SYN packets of new
    connections, for fingerprinting. From Eric Dumazet.

    7) Add mode parameter to pktgen, for testing receive. From Alexei
    Starovoitov.

    8) Cache access optimizations via simplifications of build_skb(), from
    Alexander Duyck.

    9) Move page frag allocator under mm/, also from Alexander.

    10) Add xmit_more support to hv_netvsc, from KY Srinivasan.

    11) Add a counter guard in case we try to perform endless reclassify
    loops in the packet scheduler.

    12) Extern flow dissector to be programmable and use it in new "Flower"
    classifier. From Jiri Pirko.

    13) AF_PACKET fanout rollover fixes, performance improvements, and new
    statistics. From Willem de Bruijn.

    14) Add netdev driver for GENEVE tunnels, from John W Linville.

    15) Add ingress netfilter hooks and filtering, from Pablo Neira Ayuso.

    16) Fix handling of epoll edge triggers in TCP, from Eric Dumazet.

    17) Add an ECN retry fallback for the initial TCP handshake, from Daniel
    Borkmann.

    18) Add tail call support to BPF, from Alexei Starovoitov.

    19) Add several pktgen helper scripts, from Jesper Dangaard Brouer.

    20) Add zerocopy support to AF_UNIX, from Hannes Frederic Sowa.

    21) Favor even port numbers for allocation to connect() requests, and
    odd port numbers for bind(0), in an effort to help avoid
    ip_local_port_range exhaustion. From Eric Dumazet.

    22) Add Cavium ThunderX driver, from Sunil Goutham.

    23) Allow bpf programs to access skb_iif and dev->ifindex SKB metadata,
    from Alexei Starovoitov.

    24) Add support for T6 chips in cxgb4vf driver, from Hariprasad Shenai.

    25) Double TCP Small Queues default to 256K to accomodate situations
    like the XEN driver and wireless aggregation. From Wei Liu.

    26) Add more entropy inputs to flow dissector, from Tom Herbert.

    27) Add CDG congestion control algorithm to TCP, from Kenneth Klette
    Jonassen.

    28) Convert ipset over to RCU locking, from Jozsef Kadlecsik.

    29) Track and act upon link status of ipv4 route nexthops, from Andy
    Gospodarek.

    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1670 commits)
    bridge: vlan: flush the dynamically learned entries on port vlan delete
    bridge: multicast: add a comment to br_port_state_selection about blocking state
    net: inet_diag: export IPV6_V6ONLY sockopt
    stmmac: troubleshoot unexpected bits in des0 & des1
    net: ipv4 sysctl option to ignore routes when nexthop link is down
    net: track link-status of ipv4 nexthops
    net: switchdev: ignore unsupported bridge flags
    net: Cavium: Fix MAC address setting in shutdown state
    drivers: net: xgene: fix for ACPI support without ACPI
    ip: report the original address of ICMP messages
    net/mlx5e: Prefetch skb data on RX
    net/mlx5e: Pop cq outside mlx5e_get_cqe
    net/mlx5e: Remove mlx5e_cq.sqrq back-pointer
    net/mlx5e: Remove extra spaces
    net/mlx5e: Avoid TX CQE generation if more xmit packets expected
    net/mlx5e: Avoid redundant dev_kfree_skb() upon NOP completion
    net/mlx5e: Remove re-assignment of wq type in mlx5e_enable_rq()
    net/mlx5e: Use skb_shinfo(skb)->gso_segs rather than counting them
    net/mlx5e: Static mapping of netdev priv resources to/from netdev TX queues
    net/mlx4_en: Use HW counters for rx/tx bytes/packets in PF device
    ...

    Linus Torvalds
     

22 Jun, 2015

1 commit

  • The bit CRYPTO_ALG_INTERNAL was added to stop af_alg from accessing
    internal algorithms. However, af_alg itself was never modified to
    actually stop that bit from being used by the user. Therefore the
    user could always override it by specifying the relevant bit in the
    type and/or mask.

    This patch silently discards the bit in both type and mask.

    Signed-off-by: Herbert Xu

    Herbert Xu
     

11 May, 2015

1 commit


02 Apr, 2015

1 commit


24 Mar, 2015

1 commit


15 Feb, 2015

1 commit

  • Pull crypto update from Herbert Xu:
    "Here is the crypto update for 3.20:

    - Added 192/256-bit key support to aesni GCM.
    - Added MIPS OCTEON MD5 support.
    - Fixed hwrng starvation and race conditions.
    - Added note that memzero_explicit is not a subsitute for memset.
    - Added user-space interface for crypto_rng.
    - Misc fixes"

    * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (71 commits)
    crypto: tcrypt - do not allocate iv on stack for aead speed tests
    crypto: testmgr - limit IV copy length in aead tests
    crypto: tcrypt - fix buflen reminder calculation
    crypto: testmgr - mark rfc4106(gcm(aes)) as fips_allowed
    crypto: caam - fix resource clean-up on error path for caam_jr_init
    crypto: caam - pair irq map and dispose in the same function
    crypto: ccp - terminate ccp_support array with empty element
    crypto: caam - remove unused local variable
    crypto: caam - remove dead code
    crypto: caam - don't emit ICV check failures to dmesg
    hwrng: virtio - drop extra empty line
    crypto: replace scatterwalk_sg_next with sg_next
    crypto: atmel - Free memory in error path
    crypto: doc - remove colons in comments
    crypto: seqiv - Ensure that IV size is at least 8 bytes
    crypto: cts - Weed out non-CBC algorithms
    MAINTAINERS: add linux-crypto to hw random
    crypto: cts - Remove bogus use of seqiv
    crypto: qat - don't need qat_auth_state struct
    crypto: algif_rng - fix sparse non static symbol warning
    ...

    Linus Torvalds
     

11 Feb, 2015

1 commit

  • Commit 1d10eb2f156f ("crypto: switch af_alg_make_sg() to iov_iter")
    broke af_alg_make_sg() and skcipher_recvmsg() in the process of moving
    them to the iov_iter interfaces. The 'npages' calculation in the formar
    calculated the number of *bytes* in the pages, and in the latter case
    the conversion didn't re-read the value of 'ctx->used' after waiting for
    it to become non-zero.

    This reverts to the original code for both these cases.

    Cc: Al Viro
    Cc: David Miller
    Signed-off-by: Linus Torvalds

    Linus Torvalds
     

04 Feb, 2015

1 commit

  • With that, all ->sendmsg() instances are converted to iov_iter primitives
    and are agnostic wrt the kind of iov_iter they are working with.
    So's the last remaining ->recvmsg() instance that wasn't kind-agnostic yet.
    All ->sendmsg() and ->recvmsg() advance ->msg_iter by the amount actually
    copied and none of them modifies the underlying iovec, etc.

    Cc: linux-crypto@vger.kernel.org
    Signed-off-by: Al Viro

    Al Viro
     

26 Dec, 2014

1 commit


22 Dec, 2014

3 commits

  • Use setsockopt on the tfm FD to provide the authentication tag size for
    an AEAD cipher. This is achieved by adding a callback function which is
    intended to be used by the AEAD AF_ALG implementation.

    The optlen argument of the setsockopt specifies the authentication tag
    size to be used with the AEAD tfm.

    Signed-off-by: Stephan Mueller
    Signed-off-by: Herbert Xu

    Stephan Mueller
     
  • Fixed style error identified by checkpatch.

    ERROR: space required before the open parenthesis '('
    + switch(cmsg->cmsg_type) {

    Signed-off-by: Joshua I. James
    Signed-off-by: Herbert Xu

    Joshua I. James
     
  • If a request is backlogged, it's complete() handler will get called
    twice: once with -EINPROGRESS, and once with the final error code.

    af_alg's complete handler, unlike other users, does not handle the
    -EINPROGRESS but instead always completes the completion that recvmsg()
    is waiting on. This can lead to a return to user space while the
    request is still pending in the driver. If userspace closes the sockets
    before the requests are handled by the driver, this will lead to
    use-after-frees (and potential crashes) in the kernel due to the tfm
    having been freed.

    The crashes can be easily reproduced (for example) by reducing the max
    queue length in cryptod.c and running the following (from
    http://www.chronox.de/libkcapi.html) on AES-NI capable hardware:

    $ while true; do kcapi -x 1 -e -c '__ecb-aes-aesni' \
    -k 00000000000000000000000000000000 \
    -p 00000000000000000000000000000000 >/dev/null & done

    Cc: stable@vger.kernel.org
    Signed-off-by: Rabin Vincent
    Signed-off-by: Herbert Xu

    Rabin Vincent
     

14 Dec, 2014

1 commit

  • Pull crypto update from Herbert Xu:
    - The crypto API is now documented :)
    - Disallow arbitrary module loading through crypto API.
    - Allow get request with empty driver name through crypto_user.
    - Allow speed testing of arbitrary hash functions.
    - Add caam support for ctr(aes), gcm(aes) and their derivatives.
    - nx now supports concurrent hashing properly.
    - Add sahara support for SHA1/256.
    - Add ARM64 version of CRC32.
    - Misc fixes.

    * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (77 commits)
    crypto: tcrypt - Allow speed testing of arbitrary hash functions
    crypto: af_alg - add user space interface for AEAD
    crypto: qat - fix problem with coalescing enable logic
    crypto: sahara - add support for SHA1/256
    crypto: sahara - replace tasklets with kthread
    crypto: sahara - add support for i.MX53
    crypto: sahara - fix spinlock initialization
    crypto: arm - replace memset by memzero_explicit
    crypto: powerpc - replace memset by memzero_explicit
    crypto: sha - replace memset by memzero_explicit
    crypto: sparc - replace memset by memzero_explicit
    crypto: algif_skcipher - initialize upon init request
    crypto: algif_skcipher - removed unneeded code
    crypto: algif_skcipher - Fixed blocking recvmsg
    crypto: drbg - use memzero_explicit() for clearing sensitive data
    crypto: drbg - use MODULE_ALIAS_CRYPTO
    crypto: include crypto- module prefix in template
    crypto: user - add MODULE_ALIAS
    crypto: sha-mb - remove a bogus NULL check
    crytpo: qat - Fix 64 bytes requests
    ...

    Linus Torvalds
     

11 Dec, 2014

1 commit


05 Dec, 2014

1 commit

  • AEAD requires the caller to specify the following information separate
    from the data stream. This information allows the AEAD interface handler
    to identify the AAD, ciphertext/plaintext and the authentication tag:

    * Associated authentication data of arbitrary length and
    length

    * Length of authentication tag for encryption

    Signed-off-by: Stephan Mueller
    Signed-off-by: Herbert Xu

    Stephan Mueller
     

31 Jul, 2014

1 commit

  • Th AF_ALG socket was missing a security label (e.g. SELinux)
    which means that socket was in "unlabeled" state.

    This was recently demonstrated in the cryptsetup package
    (cryptsetup v1.6.5 and later.)
    See https://bugzilla.redhat.com/show_bug.cgi?id=1115120

    This patch clones the sock's label from the parent sock
    and resolves the issue (similar to AF_BLUETOOTH protocol family).

    Cc: stable@vger.kernel.org
    Signed-off-by: Milan Broz
    Acked-by: Paul Moore
    Signed-off-by: Herbert Xu

    Milan Broz
     

15 Nov, 2013

1 commit


27 Jul, 2011

1 commit

  • This allows us to move duplicated code in
    (atomic_inc_not_zero() for now) to

    Signed-off-by: Arun Sharma
    Reviewed-by: Eric Dumazet
    Cc: Ingo Molnar
    Cc: David Miller
    Cc: Eric Dumazet
    Acked-by: Mike Frysinger
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Arun Sharma
     

21 Dec, 2010

1 commit


08 Dec, 2010

1 commit


19 Nov, 2010

1 commit

  • This patch creates the backbone of the user-space interface for
    the Crypto API, through a new socket family AF_ALG.

    Each session corresponds to one or more connections obtained from
    that socket. The number depends on the number of inputs/outputs
    of that particular type of operation. For most types there will
    be a s ingle connection/file descriptor that is used for both input
    and output. AEAD is one of the few that require two inputs.

    Each algorithm type will provide its own implementation that plugs
    into af_alg. They're keyed using a string such as "skcipher" or
    "hash".

    IOW this patch only contains the boring bits that is required
    to hold everything together.

    Thakns to Miloslav Trmac for reviewing this and contributing
    fixes and improvements.

    Signed-off-by: Herbert Xu
    Acked-by: David S. Miller
    Tested-by: Martin Willi

    Herbert Xu