24 Nov, 2014
1 commit
-
Signed-off-by: Al Viro
06 Nov, 2014
1 commit
-
This encapsulates all of the skb_copy_datagram_iovec() callers
with call argument signature "skb, offset, msghdr->msg_iov, length".When we move to iov_iters in the networking, the iov_iter object will
sit in the msghdr.Having a helper like this means there will be less places to touch
during that transformation.Based upon descriptions and patch from Al Viro.
Signed-off-by: David S. Miller
24 May, 2014
1 commit
-
It doesn't seem like an protocols are setting anything other
than the default, and allowing to arbitrarily disable checksums
for a whole protocol seems dangerous. This can be done on a per
socket basis.Signed-off-by: Tom Herbert
Signed-off-by: David S. Miller
16 Apr, 2014
1 commit
-
ip_queue_xmit() assumes the skb it has to transmit is attached to an
inet socket. Commit 31c70d5956fc ("l2tp: keep original skb ownership")
changed l2tp to not change skb ownership and thus broke this assumption.One fix is to add a new 'struct sock *sk' parameter to ip_queue_xmit(),
so that we do not assume skb->sk points to the socket used by l2tp
tunnel.Fixes: 31c70d5956fc ("l2tp: keep original skb ownership")
Reported-by: Zhan Jianyu
Tested-by: Zhan Jianyu
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
19 Jan, 2014
1 commit
-
This is a follow-up patch to f3d3342602f8bc ("net: rework recvmsg
handler msg_name and msg_namelen logic").DECLARE_SOCKADDR validates that the structure we use for writing the
name information to is not larger than the buffer which is reserved
for msg->msg_name (which is 128 bytes). Also use DECLARE_SOCKADDR
consistently in sendmsg code paths.Signed-off-by: Steffen Hurrle
Suggested-by: Hannes Frederic Sowa
Acked-by: Hannes Frederic Sowa
Signed-off-by: David S. Miller
19 Nov, 2013
1 commit
-
Only update *addr_len when we actually fill in sockaddr, otherwise we
can return uninitialized memory from the stack to the caller in the
recvfrom, recvmmsg and recvmsg syscalls. Drop the the (addr_len == NULL)
checks because we only get called with a valid addr_len pointer either
from sock_common_recvmsg or inet_recvmsg.If a blocking read waits on a socket which is concurrently shut down we
now return zero and set msg_msgnamelen to 0.Reported-by: mpb
Suggested-by: Eric Dumazet
Signed-off-by: Hannes Frederic Sowa
Signed-off-by: David S. Miller
21 Mar, 2013
1 commit
-
l2tp_core hooks UDP's .destroy handler to gain advance warning of a tunnel
socket being closed from userspace. We need to do the same thing for
IP-encapsulation sockets.Signed-off-by: Tom Parkin
Signed-off-by: James Chapman
Signed-off-by: David S. Miller
28 Feb, 2013
1 commit
-
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;type T;
expression a,c,d,e;
identifier b;
statement S;
@@-T b;
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin
Acked-by: Paul E. McKenney
Signed-off-by: Sasha Levin
Cc: Wu Fengguang
Cc: Marcelo Tosatti
Cc: Gleb Natapov
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
06 Feb, 2013
1 commit
-
The infrastructure is already pretty much entirely there
to allow this conversion.The tunnel and session lookups have per-namespace tables,
and the ipv4 bind lookup includes the namespace in the
lookup key.Set netns_ok in l2tp_ip_protocol.
Signed-off-by: David S. Miller
09 Jun, 2012
1 commit
-
Commit 081b1b1bb27f (l2tp: fix l2tp_ip_sendmsg() route handling) added
a race, in case IP route cache is disabled.In this case, we should not do the dst_release(&rt->dst), since it'll
free the dst immediately, instead of waiting a RCU grace period.Signed-off-by: Eric Dumazet
Cc: James Chapman
Cc: Denys Fedoryshchenko
Signed-off-by: David S. Miller
30 May, 2012
1 commit
-
An application may call connect() to disconnect a socket using an
address with family AF_UNSPEC. The L2TP IP sockets were not handling
this case when the socket is not bound and an attempt to connect()
using AF_UNSPEC in such cases would result in an oops. This patch
addresses the problem by protecting the sk_prot->disconnect() call
against trying to unhash the socket before it is bound.The L2TP IPv4 and IPv6 sockets have the same problem. Both are fixed
by this patch.The patch also adds more checks that the sockaddr supplied to bind()
and connect() calls is valid.RIP: 0010:[] [] inet_unhash+0x50/0xd0
RSP: 0018:ffff88001989be28 EFLAGS: 00010293
Stack:
ffff8800407a8000 0000000000000000 ffff88001989be78 ffffffff82e3a249
ffffffff82e3a050 ffff88001989bec8 ffff88001989be88 ffff8800407a8000
0000000000000010 ffff88001989bec8 ffff88001989bea8 ffffffff82e42639
Call Trace:
[] udp_disconnect+0x1f9/0x290
[] inet_dgram_connect+0x29/0x80
[] sys_connect+0x9c/0x100Reported-by: Sasha Levin
Signed-off-by: James Chapman
Signed-off-by: David S. Miller
17 May, 2012
1 commit
-
Use more current logging styles.
Add pr_fmt to prefix output appropriately.
Convert printks to pr_.
Convert PRINTK macros to new l2tp_ macros.
Neaten some _refcount debugging macros.
Use print_hex_dump_bytes instead of hand-coded loops.
Coalesce formats and align arguments.Some KERN_DEBUG output is not now emitted unless
dynamic_debugging is enabled.Signed-off-by: Joe Perches
Signed-off-by: James Chapman
Signed-off-by: David S. Miller
08 May, 2012
1 commit
-
Conflicts:
drivers/net/ethernet/intel/e1000e/param.c
drivers/net/wireless/iwlwifi/iwl-agn-rx.c
drivers/net/wireless/iwlwifi/iwl-trans-pcie-rx.c
drivers/net/wireless/iwlwifi/iwl-trans.hResolved the iwlwifi conflict with mainline using 3-way diff posted
by John Linville and Stephen Rothwell. In 'net' we added a bug
fix to make iwlwifi report a more accurate skb->truesize but this
conflicted with RX path changes that happened meanwhile in net-next.In e1000e a conflict arose in the validation code for settings of
adapter->itr. 'net-next' had more sophisticated logic so that
logic was used.Signed-off-by: David S. Miller
03 May, 2012
1 commit
-
l2tp_ip_sendmsg could return without releasing socket lock, making it all the
way to userspace, and generating the following warning:[ 130.891594] ================================================
[ 130.894569] [ BUG: lock held when returning to user space! ]
[ 130.897257] 3.4.0-rc5-next-20120501-sasha #104 Tainted: G W
[ 130.900336] ------------------------------------------------
[ 130.902996] trinity/8384 is leaving the kernel with locks still held!
[ 130.906106] 1 lock held by trinity/8384:
[ 130.907924] #0: (sk_lock-AF_INET){+.+.+.}, at: [] l2tp_ip_sendmsg+0x2f/0x550Introduced by commit 2f16270 ("l2tp: Fix locking in l2tp_ip.c").
Signed-off-by: Sasha Levin
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller
01 May, 2012
2 commits
-
The l2tp_ip socket currently maintains packet/byte stats in its
private socket structure. But these counters aren't exposed to
userspace and so serve no purpose. The counters were also
smp-unsafe. So this patch just gets rid of the stats.While here, change a couple of internal __u32 variables to u32.
Signed-off-by: James Chapman
Signed-off-by: David S. Miller -
Cleanup the l2tp_ip code to make use of an existing ipv4 support function.
Signed-off-by: James Chapman
Signed-off-by: David S. Miller
13 Apr, 2012
2 commits
-
Applications using L2TP/IP sockets want to be able to bind() an L2TP/IP
socket to set the local tunnel id while leaving the auto-assigned source
address alone. So if no source address is supplied, don't overwrite
the address already stored in the socket.Signed-off-by: James Chapman
Signed-off-by: David S. Miller -
The l2tp_ip socket close handler does not update the module refcount
correctly which prevents module unload after the first bind() call on
an L2TPv3 IP encapulation socket.Signed-off-by: James Chapman
Signed-off-by: David S. Miller
26 Jan, 2012
1 commit
-
When a packet is received on an L2TP IP socket (L2TPv3 IP link
encapsulation), the l2tpip socket's backlog_rcv function calls
xfrm4_policy_check(). This is not necessary, since it was called
before the skb was added to the backlog. With CONFIG_NET_NS enabled,
xfrm4_policy_check() will oops if skb->dev is null, so this trivial
patch removes the call.This bug has always been present, but only when CONFIG_NET_NS is
enabled does it cause problems. Most users are probably using UDP
encapsulation for L2TP, hence the problem has only recently
surfaced.EIP: 0060:[] EFLAGS: 00210246 CPU: 0
EIP is at l2tp_ip_recvmsg+0xd4/0x2a7
EAX: 00000001 EBX: d77b5180 ECX: 00000000 EDX: 00200246
ESI: 00000000 EDI: d63cbd30 EBP: d63cbd18 ESP: d63cbcf4
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Call Trace:
[] sock_common_recvmsg+0x31/0x46
[] __sock_recvmsg_nosec+0x45/0x4d
[] __sock_recvmsg+0x31/0x3b
[] sock_recvmsg+0x96/0xab
[] ? might_fault+0x47/0x81
[] ? might_fault+0x47/0x81
[] ? _copy_from_user+0x31/0x115
[] ? copy_from_user+0x8/0xa
[] ? verify_iovec+0x3e/0x78
[] __sys_recvmsg+0x10a/0x1aa
[] ? sock_recvmsg+0x0/0xab
[] ? __lock_acquire+0xbdf/0xbee
[] ? do_page_fault+0x193/0x375
[] ? fcheck_files+0x9b/0xca
[] ? fget_light+0x2a/0x9c
[] sys_recvmsg+0x2b/0x43
[] sys_socketcall+0x16d/0x1a5
[] ? trace_hardirqs_on_thunk+0xc/0x10
[] sysenter_do_call+0x12/0x38
Code: c6 05 8c ea a8 c1 01 e8 0c d4 d9 ff 85 f6 74 07 3e ff 86 80 00 00 00 b9 17 b6 2b c1 ba 01 00 00 00 b8 78 ed 48 c1 e8 23 f6 d9 ff 76 0c 68 28 e3 30 c1 68 2d 44 41 c1 e8 89 57 01 00 83 c4 0cSigned-off-by: James Chapman
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller
14 Jun, 2011
1 commit
-
l2tp_ip_sendmsg() in non connected mode incorrectly calls
sk_setup_caps(). Subsequent send() calls send data to wrong destination.We can also avoid changing dst refcount in connected mode, using
appropriate rcu locking. Once output route lookups can also be done
under rcu, sendto() calls wont change dst refcounts too.Signed-off-by: Eric Dumazet
CC: James Chapman
Signed-off-by: David S. Miller
21 May, 2011
1 commit
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1446 commits)
macvlan: fix panic if lowerdev in a bond
tg3: Add braces around 5906 workaround.
tg3: Fix NETIF_F_LOOPBACK error
macvlan: remove one synchronize_rcu() call
networking: NET_CLS_ROUTE4 depends on INET
irda: Fix error propagation in ircomm_lmp_connect_response()
irda: Kill set but unused variable 'bytes' in irlan_check_command_param()
irda: Kill set but unused variable 'clen' in ircomm_connect_indication()
rxrpc: Fix set but unused variable 'usage' in rxrpc_get_transport()
be2net: Kill set but unused variable 'req' in lancer_fw_download()
irda: Kill set but unused vars 'saddr' and 'daddr' in irlan_provider_connect_indication()
atl1c: atl1c_resume() is only used when CONFIG_PM_SLEEP is defined.
rxrpc: Fix set but unused variable 'usage' in rxrpc_get_peer().
rxrpc: Kill set but unused variable 'local' in rxrpc_UDP_error_handler()
rxrpc: Kill set but unused variable 'sp' in rxrpc_process_connection()
rxrpc: Kill set but unused variable 'sp' in rxrpc_rotate_tx_window()
pkt_sched: Kill set but unused variable 'protocol' in tc_classify()
isdn: capi: Use pr_debug() instead of ifdefs.
tg3: Update version to 3.119
tg3: Apply rx_discards fix to 5719/5720
...Fix up trivial conflicts in arch/x86/Kconfig and net/mac80211/agg-tx.c
as per Davem.
09 May, 2011
3 commits
-
This allows us to acquire the exact route keying information from the
protocol, however that might be managed.It handles all of the possibilities, from the simplest case of storing
the key in inet->cork.fl to the more complex setup SCTP has where
individual transports determine the flow.Signed-off-by: David S. Miller
-
Now that the socket is consistently locked in these two routines,
this transformation is legal.Signed-off-by: David S. Miller
-
Both l2tp_ip_connect() and l2tp_ip_sendmsg() must take the socket
lock. They both modify socket state non-atomically, and in particular
l2tp_ip_sendmsg() increments socket private counters without using
atomic operations.
Signed-off-by: David S. Miller
04 May, 2011
1 commit
-
Signed-off-by: David S. Miller
29 Apr, 2011
4 commits
-
Now that output route lookups update the flow with
destination address selection, we can fetch it from
fl4->daddr instead of rt->rt_dstSigned-off-by: David S. Miller
-
Now that output route lookups update the flow with
source address selection, we can fetch it from
fl4->saddr instead of rt->rt_srcSigned-off-by: David S. Miller
-
We don't actually hold the socket lock at this point, so the
rcu_dereference_protected() isn't' correct. Thanks to Eric
Dumazet for pointing this out.Thankfully, we're only interested in fetching the faddr value
if srr is enabled, so we can simply make this an RCU sequence
and use plain rcu_dereference().Reported-by: Eric Dumazet
Signed-off-by: David S. Miller -
We lack proper synchronization to manipulate inet->opt ip_options
Problem is ip_make_skb() calls ip_setup_cork() and
ip_setup_cork() possibly makes a copy of ipc->opt (struct ip_options),
without any protection against another thread manipulating inet->opt.Another thread can change inet->opt pointer and free old one under us.
Use RCU to protect inet->opt (changed to inet->inet_opt).
Instead of handling atomic refcounts, just copy ip_options when
necessary, to avoid cache line dirtying.We cant insert an rcu_head in struct ip_options since its included in
skb->cb[], so this patch is large because I had to introduce a new
ip_options_rcu structure.Signed-off-by: Eric Dumazet
Cc: Herbert Xu
Signed-off-by: David S. Miller
28 Apr, 2011
1 commit
-
These functions are used together as a unit for route resolution
during connect(). They address the chicken-and-egg problem that
exists when ports need to be allocated during connect() processing,
yet such port allocations require addressing information from the
routing code.It's currently more heavy handed than it needs to be, and in
particular we allocate and initialize a flow object twice.Let the callers provide the on-stack flow object. That way we only
need to initialize it once in the ip_route_connect() call.Later, if ip_route_newports() needs to do anything, it re-uses that
flow object as-is except for the ports which it updates before the
route re-lookup.Also, describe why this set of facilities are needed and how it works
in a big comment.Signed-off-by: David S. Miller
Reviewed-by: Eric Dumazet
27 Apr, 2011
1 commit
-
These changes were incorrectly fixed by codespell. They were now
manually corrected.Signed-off-by: Lucas De Marchi
13 Mar, 2011
1 commit
-
The idea here is this minimizes the number of places one has to edit
in order to make changes to how flows are defined and used.Signed-off-by: David S. Miller
03 Mar, 2011
1 commit
-
Instead of on the stack.
Signed-off-by: David S. Miller
02 Mar, 2011
3 commits
-
This boolean state is now available in the flow flags.
Signed-off-by: David S. Miller
-
Since that is what the current vague "flags" argument means.
Signed-off-by: David S. Miller
-
Since that's what the current vague "flags" thing means.
Signed-off-by: David S. Miller
09 Dec, 2010
2 commits
-
Conflicts:
drivers/net/wireless/ath/ath9k/ar9003_eeprom.c
net/llc/af_llc.c -
Using the SOCK_DGRAM enum results in
"net-pf-2-proto-SOCK_DGRAM-type-115", so use the numeric value like it
is done in net/dccp.Signed-off-by: Michal Marek
Signed-off-by: David S. Miller
18 Nov, 2010
1 commit
-
Use the macros defined for the members of flowi to clean the code up.
Signed-off-by: Changli Gao
Signed-off-by: David S. Miller
25 Oct, 2010
1 commit
-
Also moved the refcound inlines from l2tp_core.h to l2tp_core.c
since only used in that one file.Signed-off-by: Stephen Hemminger
Acked-by: James Chapman
Signed-off-by: David S. Miller
