1. 01 May, 2012 3 commits
  2. 30 Apr, 2012 1 commit
  3. 29 Apr, 2012 1 commit
  4. 15 Apr, 2012 1 commit
  5. 13 Apr, 2012 3 commits
  6. 02 Apr, 2012 1 commit
  7. 22 Mar, 2012 1 commit
  8. 20 Mar, 2012 1 commit
  9. 05 Mar, 2012 1 commit
  10. 15 Feb, 2012 1 commit
  11. 26 Jan, 2012 1 commit
    • James Chapman's avatar
      l2tp: l2tp_ip - fix possible oops on packet receive · 68315801
      James Chapman authored
      When a packet is received on an L2TP IP socket (L2TPv3 IP link
      encapsulation), the l2tpip socket's backlog_rcv function calls
      xfrm4_policy_check(). This is not necessary, since it was called
      before the skb was added to the backlog. With CONFIG_NET_NS enabled,
      xfrm4_policy_check() will oops if skb->dev is null, so this trivial
      patch removes the call.
      
      This bug has always been present, but only when CONFIG_NET_NS is
      enabled does it cause problems. Most users are probably using UDP
      encapsulation for L2TP, hence the problem has only recently
      surfaced.
      
      EIP: 0060:[<c12bb62b>] EFLAGS: 00210246 CPU: 0
      EIP is at l2tp_ip_recvmsg+0xd4/0x2a7
      EAX: 00000001 EBX: d77b5180 ECX: 00000000 EDX: 00200246
      ESI: 00000000 EDI: d63cbd30 EBP: d63cbd18 ESP: d63cbcf4
       DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
      Call Trace:
       [<c1218568>] sock_common_recvmsg+0x31/0x46
       [<c1215c92>] __sock_recvmsg_nosec+0x45/0x4d
       [<c12163a1>] __sock_recvmsg+0x31/0x3b
       [<c1216828>] sock_recvmsg+0x96/0xab
       [<c10b2693>] ? might_fault+0x47/0x81
       [<c10b2693>] ? might_fault+0x47/0x81
       [<c1167fd0>] ? _copy_from_user+0x31/0x115
       [<c121e8c8>] ? copy_from_user+0x8/0xa
       [<c121ebd6>] ? verify_iovec+0x3e/0x78
       [<c1216604>] __sys_recvmsg+0x10a/0x1aa
       [<c1216792>] ? sock_recvmsg+0x0/0xab
       [<c105a99b>] ? __lock_acquire+0xbdf/0xbee
       [<c12d5a99>] ? do_page_fault+0x193/0x375
       [<c10d1200>] ? fcheck_files+0x9b/0xca
       [<c10d1259>] ? fget_light+0x2a/0x9c
       [<c1216bbb>] sys_recvmsg+0x2b/0x43
       [<c1218145>] sys_socketcall+0x16d/0x1a5
       [<c11679f0>] ? trace_hardirqs_on_thunk+0xc/0x10
       [<c100305f>] sysenter_do_call+0x12/0x38
      Code: c6 05 8c ea a8 c1 01 e8 0c d4 d9 ff 85 f6 74 07 3e ff 86 80 00 00 00 b9 17 b6 2b c1 ba 01 00 00 00 b8 78 ed 48 c1 e8 23 f6 d9 ff <ff> 76 0c 68 28 e3 30 c1 68 2d 44 41 c1 e8 89 57 01 00 83 c4 0c
      Signed-off-by: default avatarJames Chapman <jchapman@katalix.com>
      Acked-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      68315801
  12. 26 Nov, 2011 1 commit
  13. 08 Nov, 2011 1 commit
  14. 03 Nov, 2011 1 commit
  15. 19 Oct, 2011 2 commits
  16. 28 Jul, 2011 1 commit
    • Neil Horman's avatar
      net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared · 550fd08c
      Neil Horman authored
      After the last patch, We are left in a state in which only drivers calling
      ether_setup have IFF_TX_SKB_SHARING set (we assume that drivers touching real
      hardware call ether_setup for their net_devices and don't hold any state in
      their skbs.  There are a handful of drivers that violate this assumption of
      course, and need to be fixed up.  This patch identifies those drivers, and marks
      them as not being able to support the safe transmission of skbs by clearning the
      IFF_TX_SKB_SHARING flag in priv_flags
      Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      CC: Karsten Keil <isdn@linux-pingi.de>
      CC: "David S. Miller" <davem@davemloft.net>
      CC: Jay Vosburgh <fubar@us.ibm.com>
      CC: Andy Gospodarek <andy@greyhouse.net>
      CC: Patrick McHardy <kaber@trash.net>
      CC: Krzysztof Halasa <khc@pm.waw.pl>
      CC: "John W. Linville" <linville@tuxdriver.com>
      CC: Greg Kroah-Hartman <gregkh@suse.de>
      CC: Marcel Holtmann <marcel@holtmann.org>
      CC: Johannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      550fd08c
  17. 26 Jul, 2011 1 commit
  18. 13 Jun, 2011 1 commit
  19. 05 Jun, 2011 1 commit
  20. 12 May, 2011 1 commit
  21. 08 May, 2011 4 commits
  22. 04 May, 2011 1 commit
  23. 29 Apr, 2011 2 commits
  24. 28 Apr, 2011 2 commits
    • David S. Miller's avatar
      l2tp: Fix inet_opt conversion. · 778865a5
      David S. Miller authored
      We don't actually hold the socket lock at this point, so the
      rcu_dereference_protected() isn't' correct.  Thanks to Eric
      Dumazet for pointing this out.
      
      Thankfully, we're only interested in fetching the faddr value
      if srr is enabled, so we can simply make this an RCU sequence
      and use plain rcu_dereference().
      Reported-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      778865a5
    • Eric Dumazet's avatar
      inet: add RCU protection to inet->opt · f6d8bd05
      Eric Dumazet authored
      We lack proper synchronization to manipulate inet->opt ip_options
      
      Problem is ip_make_skb() calls ip_setup_cork() and
      ip_setup_cork() possibly makes a copy of ipc->opt (struct ip_options),
      without any protection against another thread manipulating inet->opt.
      
      Another thread can change inet->opt pointer and free old one under us.
      
      Use RCU to protect inet->opt (changed to inet->inet_opt).
      
      Instead of handling atomic refcounts, just copy ip_options when
      necessary, to avoid cache line dirtying.
      
      We cant insert an rcu_head in struct ip_options since its included in
      skb->cb[], so this patch is large because I had to introduce a new
      ip_options_rcu structure.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f6d8bd05
  25. 27 Apr, 2011 2 commits
    • David S. Miller's avatar
      ipv4: Sanitize and simplify ip_route_{connect,newports}() · 2d7192d6
      David S. Miller authored
      These functions are used together as a unit for route resolution
      during connect().  They address the chicken-and-egg problem that
      exists when ports need to be allocated during connect() processing,
      yet such port allocations require addressing information from the
      routing code.
      
      It's currently more heavy handed than it needs to be, and in
      particular we allocate and initialize a flow object twice.
      
      Let the callers provide the on-stack flow object.  That way we only
      need to initialize it once in the ip_route_connect() call.
      
      Later, if ip_route_newports() needs to do anything, it re-uses that
      flow object as-is except for the ports which it updates before the
      route re-lookup.
      
      Also, describe why this set of facilities are needed and how it works
      in a big comment.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Reviewed-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      2d7192d6
    • Lucas De Marchi's avatar
      Revert wrong fixes for common misspellings · e9c54999
      Lucas De Marchi authored
      These changes were incorrectly fixed by codespell. They were now
      manually corrected.
      Signed-off-by: default avatarLucas De Marchi <lucas.demarchi@profusion.mobi>
      e9c54999
  26. 18 Apr, 2011 1 commit
  27. 22 Mar, 2011 1 commit
    • James Chapman's avatar
      l2tp: fix possible oops on l2tp_eth module unload · 8aa525a9
      James Chapman authored
      A struct used in the l2tp_eth driver for registering network namespace
      ops was incorrectly marked as __net_initdata, leading to oops when
      module unloaded.
      
      BUG: unable to handle kernel paging request at ffffffffa00ec098
      IP: [<ffffffff8123dbd8>] ops_exit_list+0x7/0x4b
      PGD 142d067 PUD 1431063 PMD 195da8067 PTE 0
      Oops: 0000 [#1] SMP 
      last sysfs file: /sys/module/l2tp_eth/refcnt
      Call Trace:
       [<ffffffff8123dc94>] ? unregister_pernet_operations+0x32/0x93
       [<ffffffff8123dd20>] ? unregister_pernet_device+0x2b/0x38
       [<ffffffff81068b6e>] ? sys_delete_module+0x1b8/0x222
       [<ffffffff810c7300>] ? do_munmap+0x254/0x318
       [<ffffffff812c64e5>] ? page_fault+0x25/0x30
       [<ffffffff812c6952>] ? system_call_fastpath+0x16/0x1b
      Signed-off-by: default avatarJames Chapman <jchapman@katalix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8aa525a9
  28. 12 Mar, 2011 1 commit
  29. 02 Mar, 2011 1 commit