Eric Lee / smarc-ti-linux-kernel

29 Jan, 2014

1 commit

  • 0f1a24c9a   llc: remove noisy WARN from llc_mac_hdr_init ... Browse Code »

    Sending malformed llc packets triggers this spew, which seems excessive.

    WARNING: CPU: 1 PID: 6917 at net/llc/llc_output.c:46 llc_mac_hdr_init+0x85/0x90 [llc]()
    device type not supported: 0
    CPU: 1 PID: 6917 Comm: trinity-c1 Not tainted 3.13.0+ #95
    0000000000000009 00000000007e257d ffff88009232fbe8 ffffffffac737325
    ffff88009232fc30 ffff88009232fc20 ffffffffac06d28d ffff88020e07f180
    ffff88009232fec0 00000000000000c8 0000000000000000 ffff88009232fe70
    Call Trace:
    [] dump_stack+0x4e/0x7a
    [] warn_slowpath_common+0x7d/0xa0
    [] warn_slowpath_fmt+0x5c/0x80
    [] llc_mac_hdr_init+0x85/0x90 [llc]
    [] llc_build_and_send_ui_pkt+0x79/0x90 [llc]
    [] llc_ui_sendmsg+0x23a/0x400 [llc2]
    [] sock_sendmsg+0x9c/0xe0
    [] ? might_fault+0x47/0x50
    [] SYSC_sendto+0x121/0x1c0
    [] ? syscall_trace_enter+0x207/0x270
    [] SyS_sendto+0xe/0x10
    [] tracesys+0xdd/0xe2

    Until 2009, this was a printk, when it was changed in
    bf9ae5386bc: "llc: use dev_hard_header".

    Let userland figure out what -EINVAL means by itself.

    Signed-off-by: Dave Jones
    Signed-off-by: David S. Miller

    Dave Jones
     

19 Jan, 2014

1 commit

  • 342dfc306   net: add build-time checks for msg->msg_name size ... Browse Code »

    This is a follow-up patch to f3d3342602f8bc ("net: rework recvmsg
    handler msg_name and msg_namelen logic").

    DECLARE_SOCKADDR validates that the structure we use for writing the
    name information to is not larger than the buffer which is reserved
    for msg->msg_name (which is 128 bytes). Also use DECLARE_SOCKADDR
    consistently in sendmsg code paths.

    Signed-off-by: Steffen Hurrle
    Suggested-by: Hannes Frederic Sowa
    Acked-by: Hannes Frederic Sowa
    Signed-off-by: David S. Miller

    Steffen Hurrle
     

07 Jan, 2014

1 commit

04 Jan, 2014

1 commit

03 Jan, 2014

1 commit

  • 4d231b76e   net: llc: fix use after free in llc_ui_recvmsg ... Browse Code »

    While commit 30a584d944fb fixes datagram interface in LLC, a use
    after free bug has been introduced for SOCK_STREAM sockets that do
    not make use of MSG_PEEK.

    The flow is as follow ...

    if (!(flags & MSG_PEEK)) {
    ...
    sk_eat_skb(sk, skb, false);
    ...
    }
    ...
    if (used + offset < skb->len)
    continue;

    ... where sk_eat_skb() calls __kfree_skb(). Therefore, cache
    original length and work on skb_len to check partial reads.

    Fixes: 30a584d944fb ("[LLX]: SOCK_DGRAM interface fixes")
    Signed-off-by: Daniel Borkmann
    Cc: Stephen Hemminger
    Cc: Arnaldo Carvalho de Melo
    Signed-off-by: David S. Miller

    Daniel Borkmann
     

28 Dec, 2013

1 commit

21 Nov, 2013

1 commit

04 Sep, 2013

1 commit

  • 951fd874c   llc: Use normal etherdevice.h tests ... Browse Code »

    Convert the llc_ static inlines to the
    equivalents from etherdevice.h and remove
    the llc_ static inline functions.

    llc_mac_null -> is_zero_ether_addr
    llc_mac_multicast -> is_multicast_ether_addr
    llc_mac_match -> ether_addr_equal

    Signed-off-by: Joe Perches
    Signed-off-by: David S. Miller

    Joe Perches
     

16 Aug, 2013

1 commit

08 Apr, 2013

1 commit

  • c77a4b9cf   llc: Fix missing msg_namelen update in llc_ui_recvmsg() ... Browse Code »

    For stream sockets the code misses to update the msg_namelen member
    to 0 and therefore makes net/socket.c leak the local, uninitialized
    sockaddr_storage variable to userland -- 128 bytes of kernel stack
    memory. The msg_namelen update is also missing for datagram sockets
    in case the socket is shutting down during receive.

    Fix both issues by setting msg_namelen to 0 early. It will be
    updated later if we're going to fill the msg_name member.

    Cc: Arnaldo Carvalho de Melo
    Signed-off-by: Mathias Krause
    Signed-off-by: David S. Miller

    Mathias Krause
     

28 Feb, 2013

1 commit

  • b67bfe0d4   hlist: drop the node parameter from iterators ... Browse Code »
    26

    I'm not sure why, but the hlist for each entry iterators were conceived

    list_for_each_entry(pos, head, member)

    The hlist ones were greedy and wanted an extra parameter:

    hlist_for_each_entry(tpos, pos, head, member)

    Why did they need an extra pos parameter? I'm not quite sure. Not only
    they don't really need it, it also prevents the iterator from looking
    exactly like the list iterator, which is unfortunate.

    Besides the semantic patch, there was some manual work required:

    - Fix up the actual hlist iterators in linux/list.h
    - Fix up the declaration of other iterators based on the hlist ones.
    - A very small amount of places were using the 'node' parameter, this
    was modified to use 'obj->member' instead.
    - Coccinelle didn't handle the hlist_for_each_entry_safe iterator
    properly, so those had to be fixed up manually.

    The semantic patch which is mostly the work of Peter Senna Tschudin is here:

    @@
    iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;

    type T;
    expression a,c,d,e;
    identifier b;
    statement S;
    @@

    -T b;

    [akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
    [akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
    [akpm@linux-foundation.org: checkpatch fixes]
    [akpm@linux-foundation.org: fix warnings]
    [akpm@linux-foudnation.org: redo intrusive kvm changes]
    Tested-by: Peter Senna Tschudin
    Acked-by: Paul E. McKenney
    Signed-off-by: Sasha Levin
    Cc: Wu Fengguang
    Cc: Marcelo Tosatti
    Cc: Gleb Natapov
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Sasha Levin
     

19 Nov, 2012

1 commit

  • df008c91f   net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm ... Browse Code »

    Allow an unpriviled user who has created a user namespace, and then
    created a network namespace to effectively use the new network
    namespace, by reducing capable(CAP_NET_ADMIN) and
    capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
    CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.

    Allow creation of af_key sockets.
    Allow creation of llc sockets.
    Allow creation of af_packet sockets.

    Allow sending xfrm netlink control messages.

    Allow binding to netlink multicast groups.
    Allow sending to netlink multicast groups.
    Allow adding and dropping netlink multicast groups.
    Allow sending to all netlink multicast groups and port ids.

    Allow reading the netfilter SO_IP_SET socket option.
    Allow sending netfilter netlink messages.
    Allow setting and getting ip_vs netfilter socket options.

    Signed-off-by: "Eric W. Biederman"
    Signed-off-by: David S. Miller

    Eric W. Biederman
     

18 Sep, 2012

7 commits

25 Aug, 2012

1 commit

16 Aug, 2012

1 commit

  • 3592aaeb8   llc: fix info leak via getsockname() ... Browse Code »

    The LLC code wrongly returns 0, i.e. "success", when the socket is
    zapped. Together with the uninitialized uaddrlen pointer argument from
    sys_getsockname this leads to an arbitrary memory leak of up to 128
    bytes kernel stack via the getsockname() syscall.

    Return an error instead when the socket is zapped to prevent the info
    leak. Also remove the unnecessary memset(0). We don't directly write to
    the memory pointed by uaddr but memcpy() a local structure at the end of
    the function that is properly initialized.

    Signed-off-by: Mathias Krause
    Cc: Arnaldo Carvalho de Melo
    Signed-off-by: David S. Miller

    Mathias Krause
     

15 Aug, 2012

4 commits

07 Aug, 2012

1 commit

11 Jul, 2012

1 commit

17 May, 2012

1 commit

16 May, 2012

2 commits

  • 211ed8651   net: delete all instances of special processing for token ring ... Browse Code »

    We are going to delete the Token ring support. This removes any
    special processing in the core networking for token ring, (aside
    from net/tr.c itself), leaving the drivers and remaining tokenring
    support present but inert.

    The mass removal of the drivers and net/tr.c will be in a separate
    commit, so that the history of these files that we still care
    about won't have the giant deletion tied into their history.

    Signed-off-by: Paul Gortmaker

    Paul Gortmaker
     
  • e87cc4728   net: Convert net_ratelimit uses to net_<level>_ratelimited ... Browse Code »

    Standardize the net core ratelimited logging functions.

    Coalesce formats, align arguments.
    Change a printk then vprintk sequence to use printf extension %pV.

    Signed-off-by: Joe Perches
    Signed-off-by: David S. Miller

    Joe Perches
     

24 Apr, 2012

1 commit

  • f545a38f7   net: add a limit parameter to sk_add_backlog() ... Browse Code »

    sk_add_backlog() & sk_rcvqueues_full() hard coded sk_rcvbuf as the
    memory limit. We need to make this limit a parameter for TCP use.

    No functional change expected in this patch, all callers still using the
    old sk_rcvbuf limit.

    Signed-off-by: Eric Dumazet
    Cc: Neal Cardwell
    Cc: Tom Herbert
    Cc: Maciej Żenczykowski
    Cc: Yuchung Cheng
    Cc: Ilpo Järvinen
    Cc: Rick Jones
    Signed-off-by: David S. Miller

    Eric Dumazet
     

21 Apr, 2012

2 commits

  • 64fb30104   net llc: Don't use sysctl tables with .child entries. ... Browse Code »

    The sysctl core no longer natively understands sysctl tables with .child
    entries.

    Kill the intermediate tables and use register_net_sysctl directly to
    remove the need for compatibility code.

    Signed-off-by: Eric W. Biederman
    Acked-by: Pavel Emelyanov
    Signed-off-by: David S. Miller

    Eric W. Biederman
     
  • 5dd3df105   net: Move all of the network sysctls without a namespace into init_net. ... Browse Code »

    This makes it clearer which sysctls are relative to your current network
    namespace.

    This makes it a little less error prone by not exposing sysctls for the
    initial network namespace in other namespaces.

    This is the same way we handle all of our other network interfaces to
    userspace and I can't honestly remember why we didn't do this for
    sysctls right from the start.

    Signed-off-by: Eric W. Biederman
    Acked-by: Pavel Emelyanov
    Signed-off-by: David S. Miller

    Eric W. Biederman
     

16 Apr, 2012

1 commit

25 Jan, 2012

1 commit

20 Dec, 2011

1 commit

01 Nov, 2011

1 commit

12 Apr, 2011

1 commit

  • aa8673599   llc: Fix length check in llc_fixup_skb(). ... Browse Code »

    Fixes bugzilla #32872

    The LLC stack pretends to support non-linear skbs but there is a
    direct use of skb_tail_pointer() in llc_fixup_skb().

    Use pskb_may_pull() to see if data_size bytes remain and can be
    accessed linearly in the packet, instead of direct pointer checks.

    Signed-off-by: David S. Miller

    David S. Miller
     

01 Mar, 2011

1 commit

09 Dec, 2010

1 commit

  • 941666c2e   net: RCU conversion of dev_getbyhwaddr() and arp_ioctl() ... Browse Code »

    Le dimanche 05 décembre 2010 à 09:19 +0100, Eric Dumazet a écrit :

    > Hmm..
    >
    > If somebody can explain why RTNL is held in arp_ioctl() (and therefore
    > in arp_req_delete()), we might first remove RTNL use in arp_ioctl() so
    > that your patch can be applied.
    >
    > Right now it is not good, because RTNL wont be necessarly held when you
    > are going to call arp_invalidate() ?

    While doing this analysis, I found a refcount bug in llc, I'll send a
    patch for net-2.6

    Meanwhile, here is the patch for net-next-2.6

    Your patch then can be applied after mine.

    Thanks

    [PATCH] net: RCU conversion of dev_getbyhwaddr() and arp_ioctl()

    dev_getbyhwaddr() was called under RTNL.

    Rename it to dev_getbyhwaddr_rcu() and change all its caller to now use
    RCU locking instead of RTNL.

    Change arp_ioctl() to use RCU instead of RTNL locking.

    Note: this fix a dev refcount bug in llc

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet