Eric Lee / smarc-fsl-linux-kernel

05 Jun, 2017

1 commit

  • 77d4b1d36   net: ping: do not abuse udp_poll() ... Browse Code »

    Alexander reported various KASAN messages triggered in recent kernels

    The problem is that ping sockets should not use udp_poll() in the first
    place, and recent changes in UDP stack finally exposed this old bug.

    Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind")
    Fixes: 6d0bfe226116 ("net: ipv6: Add IPv6 support to the ping socket.")
    Signed-off-by: Eric Dumazet
    Reported-by: Sasha Levin
    Cc: Solar Designer
    Cc: Vasiliy Kulikov
    Cc: Lorenzo Colitti
    Acked-By: Lorenzo Colitti
    Tested-By: Lorenzo Colitti
    Signed-off-by: David S. Miller

    Eric Dumazet
     

30 Dec, 2016

1 commit

  • de8499cee   ipv6: remove unnecessary inet6_sk check ... Browse Code »

    np is already assigned in the variable declaration of ping_v6_sendmsg.
    At this point, we have already dereferenced np several times, so the
    NULL check is also redundant.

    Suggested-by: Eric Dumazet
    Signed-off-by: Dave Jones
    Signed-off-by: David S. Miller

    Dave Jones
     

05 Nov, 2016

1 commit

  • e2d118a1c   net: inet: Support UID-based routing in IP protocols. ... Browse Code »

    - Use the UID in routing lookups made by protocol connect() and
    sendmsg() functions.
    - Make sure that routing lookups triggered by incoming packets
    (e.g., Path MTU discovery) take the UID of the socket into
    account.
    - For packets not associated with a userspace socket, (e.g., ping
    replies) use UID 0 inside the user namespace corresponding to
    the network namespace the socket belongs to. This allows
    all namespaces to apply routing and iptables rules to
    kernel-originated traffic in that namespaces by matching UID 0.
    This is better than using the UID of the kernel socket that is
    sending the traffic, because the UID of kernel sockets created
    at namespace creation time (e.g., the per-processor ICMP and
    TCP sockets) is the UID of the user that created the socket,
    which might not be mapped in the namespace.

    Tested: compiles allnoconfig, allyesconfig, allmodconfig
    Tested: https://android-review.googlesource.com/253302
    Signed-off-by: Lorenzo Colitti
    Signed-off-by: David S. Miller

    Lorenzo Colitti
     

21 Oct, 2016

1 commit

  • 286c72dea   udp: must lock the socket in udp_disconnect() ... Browse Code »

    Baozeng Ding reported KASAN traces showing uses after free in
    udp_lib_get_port() and other related UDP functions.

    A CONFIG_DEBUG_PAGEALLOC=y kernel would eventually crash.

    I could write a reproducer with two threads doing :

    static int sock_fd;
    static void *thr1(void *arg)
    {
    for (;;) {
    connect(sock_fd, (const struct sockaddr *)arg,
    sizeof(struct sockaddr_in));
    }
    }

    static void *thr2(void *arg)
    {
    struct sockaddr_in unspec;

    for (;;) {
    memset(&unspec, 0, sizeof(unspec));
    connect(sock_fd, (const struct sockaddr *)&unspec,
    sizeof(unspec));
    }
    }

    Problem is that udp_disconnect() could run without holding socket lock,
    and this was causing list corruptions.

    Signed-off-by: Eric Dumazet
    Reported-by: Baozeng Ding
    Signed-off-by: David S. Miller

    Eric Dumazet
     

07 Sep, 2016

1 commit

  • 03c2778a9   ipv6: release dst in ping_v6_sendmsg ... Browse Code »

    Neither the failure or success paths of ping_v6_sendmsg release
    the dst it acquires. This leads to a flood of warnings from
    "net/core/dst.c:288 dst_release" on older kernels that
    don't have 8bf4ada2e21378816b28205427ee6b0e1ca4c5f1 backported.

    That patch optimistically hoped this had been fixed post 3.10, but
    it seems at least one case wasn't, where I've seen this triggered
    a lot from machines doing unprivileged icmp sockets.

    Cc: Martin Lau
    Signed-off-by: Dave Jones
    Acked-by: Martin KaFai Lau
    Signed-off-by: David S. Miller

    Dave Jones
     

16 Aug, 2016

1 commit

  • 5e4578969   net: ipv6: Fix ping to link-local addresses. ... Browse Code »

    ping_v6_sendmsg does not set flowi6_oif in response to
    sin6_scope_id or sk_bound_dev_if, so it is not possible to use
    these APIs to ping an IPv6 address on a different interface.
    Instead, it sets flowi6_iif, which is incorrect but harmless.

    Stop setting flowi6_iif, and support various ways of setting oif
    in the same priority order used by udpv6_sendmsg.

    Tested: https://android-review.googlesource.com/#/c/254470/
    Signed-off-by: Lorenzo Colitti
    Signed-off-by: David S. Miller

    Lorenzo Colitti
     

12 Jun, 2016

1 commit

04 May, 2016

1 commit

  • 26879da58   ipv6: add new struct ipcm6_cookie ... Browse Code »

    In the sendmsg function of UDP, raw, ICMP and l2tp sockets, we use local
    variables like hlimits, tclass, opt and dontfrag and pass them to corresponding
    functions like ip6_make_skb, ip6_append_data and xxx_push_pending_frames.
    This is not a good practice and makes it hard to add new parameters.
    This fix introduces a new struct ipcm6_cookie similar to ipcm_cookie in
    ipv4 and include the above mentioned variables. And we only pass the
    pointer to this structure to corresponding functions. This makes it easier
    to add new parameters in the future and makes the function cleaner.

    Signed-off-by: Wei Wang
    Signed-off-by: David S. Miller

    Wei Wang
     

05 Apr, 2016

1 commit

  • c14ac9451   sock: enable timestamping using control messages ... Browse Code »

    Currently, SOL_TIMESTAMPING can only be enabled using setsockopt.
    This is very costly when users want to sample writes to gather
    tx timestamps.

    Add support for enabling SO_TIMESTAMPING via control messages by
    using tsflags added in `struct sockcm_cookie` (added in the previous
    patches in this series) to set the tx_flags of the last skb created in
    a sendmsg. With this patch, the timestamp recording bits in tx_flags
    of the skbuff is overridden if SO_TIMESTAMPING is passed in a cmsg.

    Please note that this is only effective for overriding the recording
    timestamps flags. Users should enable timestamp reporting (e.g.,
    SOF_TIMESTAMPING_SOFTWARE | SOF_TIMESTAMPING_OPT_ID) using
    socket options and then should ask for SOF_TIMESTAMPING_TX_*
    using control messages per sendmsg to sample timestamps for each
    write.

    Signed-off-by: Soheil Hassas Yeganeh
    Acked-by: Willem de Bruijn
    Signed-off-by: David S. Miller

    Soheil Hassas Yeganeh
     

24 Mar, 2016

1 commit

  • 6579a023a   net: ping: make ping_v6_sendmsg static ... Browse Code »

    As ping_v6_sendmsg is used only in this file,
    making it static

    The body of "pingv6_prot" and "pingv6_protosw" were
    moved at the middle of the file, to avoid having to
    declare some static prototypes.

    Signed-off-by: Haishuang Yan
    Signed-off-by: David S. Miller

    Haishuang Yan
     

10 Mar, 2015

1 commit

05 Mar, 2015

1 commit

  • 9145736d4   net: ping: Return EAFNOSUPPORT when appropriate. ... Browse Code »

    1. For an IPv4 ping socket, ping_check_bind_addr does not check
    the family of the socket address that's passed in. Instead,
    make it behave like inet_bind, which enforces either that the
    address family is AF_INET, or that the family is AF_UNSPEC and
    the address is 0.0.0.0.
    2. For an IPv6 ping socket, ping_check_bind_addr returns EINVAL
    if the socket family is not AF_INET6. Return EAFNOSUPPORT
    instead, for consistency with inet6_bind.
    3. Make ping_v4_sendmsg and ping_v6_sendmsg return EAFNOSUPPORT
    instead of EINVAL if an incorrect socket address structure is
    passed in.
    4. Make IPv6 ping sockets be IPv6-only. The code does not support
    IPv4, and it cannot easily be made to support IPv4 because
    the protocol numbers for ICMP and ICMPv6 are different. This
    makes connect(::ffff:192.0.2.1) fail with EAFNOSUPPORT instead
    of making the socket unusable.

    Among other things, this fixes an oops that can be triggered by:

    int s = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
    struct sockaddr_in6 sin6 = {
    .sin6_family = AF_INET6,
    .sin6_addr = in6addr_any,
    };
    bind(s, (struct sockaddr *) &sin6, sizeof(sin6));

    Change-Id: If06ca86d9f1e4593c0d6df174caca3487c57a241
    Signed-off-by: Lorenzo Colitti
    Signed-off-by: David S. Miller

    Lorenzo Colitti
     

03 Mar, 2015

1 commit

  • 1b7841404   net: Remove iocb argument from sendmsg and recvmsg ... Browse Code »

    After TIPC doesn't depend on iocb argument in its internal
    implementations of sendmsg() and recvmsg() hooks defined in proto
    structure, no any user is using iocb argument in them at all now.
    Then we can drop the redundant iocb argument completely from kinds of
    implementations of both sendmsg() and recvmsg() in the entire
    networking stack.

    Cc: Christoph Hellwig
    Suggested-by: Al Viro
    Signed-off-by: Ying Xue
    Signed-off-by: David S. Miller

    Ying Xue
     

04 Feb, 2015

1 commit

10 Dec, 2014

1 commit

  • c0371da60   put iov_iter into msghdr ... Browse Code »

    Note that the code _using_ ->msg_iter at that point will be very
    unhappy with anything other than unshifted iovec-backed iov_iter.
    We still need to convert users to proper primitives.

    Signed-off-by: Al Viro

    Al Viro
     

24 May, 2014

1 commit

  • b26ba202e   net: Eliminate no_check from protosw ... Browse Code »

    It doesn't seem like an protocols are setting anything other
    than the default, and allowing to arbitrarily disable checksums
    for a whole protocol seems dangerous. This can be done on a per
    socket basis.

    Signed-off-by: Tom Herbert
    Signed-off-by: David S. Miller

    Tom Herbert
     

01 May, 2014

1 commit

01 Apr, 2014

1 commit

  • 43a43b604   ipv6: some ipv6 statistic counters failed to disable bh ... Browse Code »

    After commit c15b1ccadb323ea ("ipv6: move DAD and addrconf_verify
    processing to workqueue") some counters are now updated in process context
    and thus need to disable bh before doing so, otherwise deadlocks can
    happen on 32-bit archs. Fabio Estevam noticed this while while mounting
    a NFS volume on an ARM board.

    As a compensation for missing this I looked after the other *_STATS_BH
    and found three other calls which need updating:

    1) icmp6_send: ip6_fragment -> icmpv6_send -> icmp6_send (error handling)
    2) ip6_push_pending_frames: rawv6_sendmsg -> rawv6_push_pending_frames -> ...
    (only in case of icmp protocol with raw sockets in error handling)
    3) ping6_v6_sendmsg (error handling)

    Fixes: c15b1ccadb323ea ("ipv6: move DAD and addrconf_verify processing to workqueue")
    Reported-by: Fabio Estevam
    Tested-by: Fabio Estevam
    Cc: Eric Dumazet
    Signed-off-by: Hannes Frederic Sowa
    Signed-off-by: David S. Miller

    Hannes Frederic Sowa
     

28 Feb, 2014

1 commit

22 Jan, 2014

1 commit

  • 82b276cd2   ipv6: protect protocols not handling ipv4 from v4 connection/bind attempts ... Browse Code »

    Some ipv6 protocols cannot handle ipv4 addresses, so we must not allow
    connecting and binding to them. sendmsg logic does already check msg->name
    for this but must trust already connected sockets which could be set up
    for connection to ipv4 address family.

    Per-socket flag ipv6only is of no use here, as it is under users control
    by setsockopt.

    Signed-off-by: Hannes Frederic Sowa
    Signed-off-by: David S. Miller

    Hannes Frederic Sowa
     

20 Jan, 2014

1 commit

  • 4b261c75a   ipv6: make IPV6_RECVPKTINFO work for ipv4 datagrams ... Browse Code »

    We currently don't report IPV6_RECVPKTINFO in cmsg access ancillary data
    for IPv4 datagrams on IPv6 sockets.

    This patch splits the ip6_datagram_recv_ctl into two functions, one
    which handles both protocol families, AF_INET and AF_INET6, while the
    ip6_datagram_recv_specific_ctl only handles IPv6 cmsg data.

    ip6_datagram_recv_*_ctl never reported back any errors, so we can make
    them return void. Also provide a helper for protocols which don't offer dual
    personality to further use ip6_datagram_recv_ctl, which is exported to
    modules.

    I needed to shuffle the code for ping around a bit to make it easier to
    implement dual personality for ping ipv6 sockets in future.

    Reported-by: Gert Doering
    Signed-off-by: Hannes Frederic Sowa
    Signed-off-by: David S. Miller

    Hannes Frederic Sowa
     

19 Jan, 2014

1 commit

  • 342dfc306   net: add build-time checks for msg->msg_name size ... Browse Code »

    This is a follow-up patch to f3d3342602f8bc ("net: rework recvmsg
    handler msg_name and msg_namelen logic").

    DECLARE_SOCKADDR validates that the structure we use for writing the
    name information to is not larger than the buffer which is reserved
    for msg->msg_name (which is 128 bytes). Also use DECLARE_SOCKADDR
    consistently in sendmsg code paths.

    Signed-off-by: Steffen Hurrle
    Suggested-by: Hannes Frederic Sowa
    Acked-by: Hannes Frederic Sowa
    Signed-off-by: David S. Miller

    Steffen Hurrle
     

06 Dec, 2013

1 commit

24 Nov, 2013

1 commit

  • 85fbaa750   inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions ... Browse Code »

    Commit bceaa90240b6019ed73b49965eac7d167610be69 ("inet: prevent leakage
    of uninitialized memory to user in recv syscalls") conditionally updated
    addr_len if the msg_name is written to. The recv_error and rxpmtu
    functions relied on the recvmsg functions to set up addr_len before.

    As this does not happen any more we have to pass addr_len to those
    functions as well and set it to the size of the corresponding sockaddr
    length.

    This broke traceroute and such.

    Fixes: bceaa90240b6 ("inet: prevent leakage of uninitialized memory to user in recv syscalls")
    Reported-by: Brad Spengler
    Reported-by: Tom Labanowski
    Cc: mpb
    Cc: David S. Miller
    Cc: Eric Dumazet
    Signed-off-by: Hannes Frederic Sowa
    Signed-off-by: David S. Miller

    Hannes Frederic Sowa
     

09 Oct, 2013

1 commit

  • efe4208f4   ipv6: make lookups simpler and faster ... Browse Code »

    TCP listener refactoring, part 4 :

    To speed up inet lookups, we moved IPv4 addresses from inet to struct
    sock_common

    Now is time to do the same for IPv6, because it permits us to have fast
    lookups for all kind of sockets, including upcoming SYN_RECV.

    Getting IPv6 addresses in TCP lookups currently requires two extra cache
    lines, plus a dereference (and memory stall).

    inet6_sk(sk) does the dereference of inet_sk(__sk)->pinet6

    This patch is way bigger than its IPv4 counter part, because for IPv4,
    we could add aliases (inet_daddr, inet_rcv_saddr), while on IPv6,
    it's not doable easily.

    inet6_sk(sk)->daddr becomes sk->sk_v6_daddr
    inet6_sk(sk)->rcv_saddr becomes sk->sk_v6_rcv_saddr

    And timewait socket also have tw->tw_v6_daddr & tw->tw_v6_rcv_saddr
    at the same offset.

    We get rid of INET6_TW_MATCH() as INET6_MATCH() is now the generic
    macro.

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

04 Jul, 2013

2 commits

13 Jun, 2013

1 commit

  • a06a2d378   net: ping_check_bind_addr() etc. can be static ... Browse Code »

    net/ipv4/ping.c:286:5: sparse: symbol 'ping_check_bind_addr' was not declared. Should it be static?
    net/ipv4/ping.c:355:6: sparse: symbol 'ping_set_saddr' was not declared. Should it be static?
    net/ipv4/ping.c:370:6: sparse: symbol 'ping_clear_saddr' was not declared. Should it be static?

    net/ipv6/ping.c:60:5: sparse: symbol 'dummy_ipv6_recv_error' was not declared. Should it be static?
    net/ipv6/ping.c:64:5: sparse: symbol 'dummy_ip6_datagram_recv_ctl' was not declared. Should it be static?
    net/ipv6/ping.c:69:5: sparse: symbol 'dummy_icmpv6_err_convert' was not declared. Should it be static?
    net/ipv6/ping.c:73:6: sparse: symbol 'dummy_ipv6_icmp_error' was not declared. Should it be static?
    net/ipv6/ping.c:75:5: sparse: symbol 'dummy_ipv6_chk_addr' was not declared. Should it be static?
    net/ipv6/ping.c:201:5: sparse: symbol 'ping_v6_seq_show' was not declared. Should it be static?

    Signed-off-by: Fengguang Wu
    Signed-off-by: David S. Miller

    Wu Fengguang
     

06 Jun, 2013

1 commit

  • 6bc19fb82   Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net ... Browse Code »

    Merge 'net' bug fixes into 'net-next' as we have patches
    that will build on top of them.

    This merge commit includes a change from Emil Goode
    (emilgoode@gmail.com) that fixes a warning that would
    have been introduced by this merge. Specifically it
    fixes the pingv6_ops method ipv6_chk_addr() to add a
    "const" to the "struct net_device *dev" argument and
    likewise update the dummy_ipv6_chk_addr() declaration.

    Signed-off-by: David S. Miller

    David S. Miller
     

05 Jun, 2013

1 commit

  • d862e5461   net: ipv6: Implement /proc/net/icmp6. ... Browse Code »

    The format is based on /proc/net/icmp and /proc/net/{udp,raw}6.

    Compiles and displays reasonable results with CONFIG_IPV6={n,m,y}
    Couldn't figure out how to test without CONFIG_PROC_FS enabled.

    Signed-off-by: Lorenzo Colitti
    Signed-off-by: David S. Miller

    Lorenzo Colitti
     

26 May, 2013

1 commit

  • 6d0bfe226   net: ipv6: Add IPv6 support to the ping socket. ... Browse Code »

    This adds the ability to send ICMPv6 echo requests without a
    raw socket. The equivalent ability for ICMPv4 was added in
    2011.

    Instead of having separate code paths for IPv4 and IPv6, make
    most of the code in net/ipv4/ping.c dual-stack and only add a
    few IPv6-specific bits (like the protocol definition) to a new
    net/ipv6/ping.c. Hopefully this will reduce divergence and/or
    duplication of bugs in the future.

    Caveats:

    - Setting options via ancillary data (e.g., using IPV6_PKTINFO
    to specify the outgoing interface) is not yet supported.
    - There are no separate security settings for IPv4 and IPv6;
    everything is controlled by /proc/net/ipv4/ping_group_range.
    - The proc interface does not yet display IPv6 ping sockets
    properly.

    Tested with a patched copy of ping6 and using raw socket calls.
    Compiles and works with all of CONFIG_IPV6={n,m,y}.

    Signed-off-by: Lorenzo Colitti
    Signed-off-by: David S. Miller

    Lorenzo Colitti