From da298d3a4f01dbc10c54da75d6b5717a99fb9cbc Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 27 Jun 2006 03:00:09 -0700 Subject: [NETFILTER]: x_tables: fix xt_register_table error propagation When xt_register_table fails the error is not properly propagated back. Based on patch by Lepton Wu . Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/ipv4/netfilter/arp_tables.c | 3 ++- net/ipv4/netfilter/ip_tables.c | 3 ++- net/ipv6/netfilter/ip6_tables.c | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index d0d19192026d..ad39bf640567 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -1120,7 +1120,8 @@ int arpt_register_table(struct arpt_table *table, return ret; } - if (xt_register_table(table, &bootstrap, newinfo) != 0) { + ret = xt_register_table(table, &bootstrap, newinfo); + if (ret != 0) { xt_free_table_info(newinfo); return ret; } diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 706c0025ec5e..7aaaf92efb59 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -2113,7 +2113,8 @@ int ipt_register_table(struct xt_table *table, const struct ipt_replace *repl) return ret; } - if (xt_register_table(table, &bootstrap, newinfo) != 0) { + ret = xt_register_table(table, &bootstrap, newinfo); + if (ret != 0) { xt_free_table_info(newinfo); return ret; } diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 2e72f89a7019..0b5bd5587a3e 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -1281,7 +1281,8 @@ int ip6t_register_table(struct xt_table *table, return ret; } - if (xt_register_table(table, &bootstrap, newinfo) != 0) { + ret = xt_register_table(table, &bootstrap, newinfo); + if (ret != 0) { xt_free_table_info(newinfo); return ret; } -- cgit v1.2.3 From 40a839fdbd5d76cebb2a61980bc1fc7ecd784be2 Mon Sep 17 00:00:00 2001 From: Yasuyuki Kozakai Date: Tue, 27 Jun 2006 03:00:35 -0700 Subject: [NETFILTER]: nf_conntrack: Fix undefined references to local_bh_* MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CC net/netfilter/nf_conntrack_proto_sctp.o net/netfilter/nf_conntrack_proto_sctp.c: In function `sctp_print_conntrack': net/netfilter/nf_conntrack_proto_sctp.c:206: warning: implicit declaration of function `local_bh_disable' net/netfilter/nf_conntrack_proto_sctp.c:208: warning: implicit declaration of function `local_bh_enable' CC net/netfilter/nf_conntrack_netlink.o net/netfilter/nf_conntrack_netlink.c: In function `ctnetlink_dump_table': net/netfilter/nf_conntrack_netlink.c:429: warning: implicit declaration of function `local_bh_disable' net/netfilter/nf_conntrack_netlink.c:452: warning: implicit declaration of function `local_bh_enable' Spotted by Toralf Förster Signed-off-by: Yasuyuki Kozakai Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/nf_conntrack_netlink.c | 1 + net/netfilter/nf_conntrack_proto_sctp.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index b8c7c567c9df..af4845971f70 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index 0c6da496cfa9..0839b701b930 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c @@ -28,6 +28,8 @@ #include #include #include +#include +#include #include #include -- cgit v1.2.3 From 9abdcf6b6cf387035d934c77bf9ebe5e747166f9 Mon Sep 17 00:00:00 2001 From: Yuri Gushin Date: Tue, 27 Jun 2006 03:01:03 -0700 Subject: [NETFILTER]: xt_tcpudp: fix double unregistration in error path "xt_unregister_match(AF_INET, &tcp_matchstruct)" is called twice, leaving "udp_matchstruct" registered, in case of a failure in the registration of the udp6 structure. Signed-off-by: Yuri Gushin Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/xt_tcpudp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index 1b61dac9c873..a9a63aa68936 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c @@ -260,7 +260,7 @@ static int __init xt_tcpudp_init(void) return ret; out_unreg_udp: - xt_unregister_match(&tcp_matchstruct); + xt_unregister_match(&udp_matchstruct); out_unreg_tcp6: xt_unregister_match(&tcp6_matchstruct); out_unreg_tcp: -- cgit v1.2.3 From 1c7e47726a88303e4cfa2785f0a357bf1ceecee1 Mon Sep 17 00:00:00 2001 From: Jorge Matias Date: Tue, 27 Jun 2006 03:01:25 -0700 Subject: [NETFILTER]: xt_sctp: fix --chunk-types matching xt_sctp uses an incorrect header offset when --chunk-types is used. Signed-off-by: Jorge Matias Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/xt_sctp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c index 9316c753692f..843383e01d41 100644 --- a/net/netfilter/xt_sctp.c +++ b/net/netfilter/xt_sctp.c @@ -151,7 +151,7 @@ match(const struct sk_buff *skb, && SCCHECK(((ntohs(sh->dest) >= info->dpts[0]) && (ntohs(sh->dest) <= info->dpts[1])), XT_SCTP_DEST_PORTS, info->flags, info->invflags) - && SCCHECK(match_packet(skb, protoff, + && SCCHECK(match_packet(skb, protoff + sizeof (sctp_sctphdr_t), info->chunkmap, info->chunk_match_type, info->flag_info, info->flag_count, hotdrop), -- cgit v1.2.3 From ef47c6a7b8e36e3b160433673b1b68db799aabcd Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 27 Jun 2006 03:01:48 -0700 Subject: [NETFILTER]: ip_queue/nfnetlink_queue: drop bridge port references when dev disappears When a device that is acting as a bridge port is unregistered, the ip_queue/nfnetlink_queue notifier doesn't check if its one of physindev/physoutdev and doesn't release the references if it is. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/ipv4/netfilter/ip_queue.c | 12 ++++++++++-- net/netfilter/nfnetlink_queue.c | 12 ++++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index b93f0494362f..213d116e5bb9 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c @@ -457,11 +457,19 @@ dev_cmp(struct ipq_queue_entry *entry, unsigned long ifindex) if (entry->info->indev) if (entry->info->indev->ifindex == ifindex) return 1; - if (entry->info->outdev) if (entry->info->outdev->ifindex == ifindex) return 1; - +#ifdef CONFIG_BRIDGE_NETFILTER + if (entry->skb->nf_bridge) { + if (entry->skb->nf_bridge->physindev && + entry->skb->nf_bridge->physindev->ifindex == ifindex) + return 1; + if (entry->skb->nf_bridge->physoutdev && + entry->skb->nf_bridge->physoutdev->ifindex == ifindex) + return 1; + } +#endif return 0; } diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 86a4ac33de34..49ef41e34c48 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -680,11 +680,19 @@ dev_cmp(struct nfqnl_queue_entry *entry, unsigned long ifindex) if (entinf->indev) if (entinf->indev->ifindex == ifindex) return 1; - if (entinf->outdev) if (entinf->outdev->ifindex == ifindex) return 1; - +#ifdef CONFIG_BRIDGE_NETFILTER + if (entry->skb->nf_bridge) { + if (entry->skb->nf_bridge->physindev && + entry->skb->nf_bridge->physindev->ifindex == ifindex) + return 1; + if (entry->skb->nf_bridge->physoutdev && + entry->skb->nf_bridge->physoutdev->ifindex == ifindex) + return 1; + } +#endif return 0; } -- cgit v1.2.3 From 68c1692e3ea5d79f24cb5cc566c4a73939d13d25 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 27 Jun 2006 03:02:14 -0700 Subject: [NETFILTER]: statistic match: add missing Kconfig help text Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- net/netfilter/Kconfig | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index b1622b7de1cf..42a178aa30f9 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -411,7 +411,10 @@ config NETFILTER_XT_MATCH_STATISTIC tristate '"statistic" match support' depends on NETFILTER_XTABLES help - statistic module + This option adds a `statistic' match, which allows you to match + on packets periodically or randomly with a given percentage. + + To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_STRING tristate '"string" match support' -- cgit v1.2.3 From 576a30eb6453439b3c37ba24455ac7090c247b5a Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 27 Jun 2006 13:22:38 -0700 Subject: [NET]: Added GSO header verification When GSO packets come from an untrusted source (e.g., a Xen guest domain), we need to verify the header integrity before passing it to the hardware. Since the first step in GSO is to verify the header, we can reuse that code by adding a new bit to gso_type: SKB_GSO_DODGY. Packets with this bit set can only be fed directly to devices with the corresponding bit NETIF_F_GSO_ROBUST. If the device doesn't have that bit, then the skb is fed to the GSO engine which will allow the packet to be sent to the hardware if it passes the header check. This patch changes the sg flag to a full features flag. The same method can be used to implement TSO ECN support. We simply have to mark packets with CWR set with SKB_GSO_ECN so that only hardware with a corresponding NETIF_F_TSO_ECN can accept them. The GSO engine can either fully segment the packet, or segment the first MTU and pass the rest to the hardware for further segmentation. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- include/linux/netdevice.h | 17 ++++++++++++----- include/linux/skbuff.h | 5 ++++- include/net/protocol.h | 3 ++- include/net/tcp.h | 2 +- net/bridge/br_device.c | 4 ++-- net/bridge/br_if.c | 3 ++- net/core/dev.c | 33 ++++++++++++++++++++++++--------- net/core/skbuff.c | 5 +++-- net/ipv4/af_inet.c | 6 +++--- net/ipv4/tcp.c | 8 ++++++-- 10 files changed, 59 insertions(+), 27 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 03cd7551a7a1..84b0f0d16fcb 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -315,6 +315,7 @@ struct net_device #define NETIF_F_GSO_SHIFT 16 #define NETIF_F_TSO (SKB_GSO_TCPV4 << NETIF_F_GSO_SHIFT) #define NETIF_F_UFO (SKB_GSO_UDPV4 << NETIF_F_GSO_SHIFT) +#define NETIF_F_GSO_ROBUST (SKB_GSO_DODGY << NETIF_F_GSO_SHIFT) #define NETIF_F_GEN_CSUM (NETIF_F_NO_CSUM | NETIF_F_HW_CSUM) #define NETIF_F_ALL_CSUM (NETIF_F_IP_CSUM | NETIF_F_GEN_CSUM) @@ -543,7 +544,8 @@ struct packet_type { struct net_device *, struct packet_type *, struct net_device *); - struct sk_buff *(*gso_segment)(struct sk_buff *skb, int sg); + struct sk_buff *(*gso_segment)(struct sk_buff *skb, + int features); void *af_packet_priv; struct list_head list; }; @@ -968,7 +970,7 @@ extern int netdev_max_backlog; extern int weight_p; extern int netdev_set_master(struct net_device *dev, struct net_device *master); extern int skb_checksum_help(struct sk_buff *skb, int inward); -extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int sg); +extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features); #ifdef CONFIG_BUG extern void netdev_rx_csum_fault(struct net_device *dev); #else @@ -988,11 +990,16 @@ extern void dev_seq_stop(struct seq_file *seq, void *v); extern void linkwatch_run_queue(void); +static inline int skb_gso_ok(struct sk_buff *skb, int features) +{ + int feature = skb_shinfo(skb)->gso_size ? + skb_shinfo(skb)->gso_type << NETIF_F_GSO_SHIFT : 0; + return (features & feature) != feature; +} + static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb) { - int feature = skb_shinfo(skb)->gso_type << NETIF_F_GSO_SHIFT; - return skb_shinfo(skb)->gso_size && - (dev->features & feature) != feature; + return skb_gso_ok(skb, dev->features); } #endif /* __KERNEL__ */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 16eef03ce0eb..5fb72da7da03 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -172,6 +172,9 @@ enum { enum { SKB_GSO_TCPV4 = 1 << 0, SKB_GSO_UDPV4 = 1 << 1, + + /* This indicates the skb is from an untrusted source. */ + SKB_GSO_DODGY = 1 << 2, }; /** @@ -1299,7 +1302,7 @@ extern void skb_split(struct sk_buff *skb, struct sk_buff *skb1, const u32 len); extern void skb_release_data(struct sk_buff *skb); -extern struct sk_buff *skb_segment(struct sk_buff *skb, int sg); +extern struct sk_buff *skb_segment(struct sk_buff *skb, int features); static inline void *skb_header_pointer(const struct sk_buff *skb, int offset, int len, void *buffer) diff --git a/include/net/protocol.h b/include/net/protocol.h index 3b6dc15c68a5..40b6b9c9973f 100644 --- a/include/net/protocol.h +++ b/include/net/protocol.h @@ -36,7 +36,8 @@ struct net_protocol { int (*handler)(struct sk_buff *skb); void (*err_handler)(struct sk_buff *skb, u32 info); - struct sk_buff *(*gso_segment)(struct sk_buff *skb, int sg); + struct sk_buff *(*gso_segment)(struct sk_buff *skb, + int features); int no_policy; }; diff --git a/include/net/tcp.h b/include/net/tcp.h index ca3d38dfc00b..624921e76332 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -1086,7 +1086,7 @@ extern struct request_sock_ops tcp_request_sock_ops; extern int tcp_v4_destroy_sock(struct sock *sk); -extern struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int sg); +extern struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int features); #ifdef CONFIG_PROC_FS extern int tcp4_proc_init(void); diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 2afdc7c0736c..f8dbcee80eba 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -184,6 +184,6 @@ void br_dev_setup(struct net_device *dev) dev->set_mac_address = br_set_mac_address; dev->priv_flags = IFF_EBRIDGE; - dev->features = NETIF_F_SG | NETIF_F_FRAGLIST - | NETIF_F_HIGHDMA | NETIF_F_TSO | NETIF_F_NO_CSUM; + dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | NETIF_F_HIGHDMA | + NETIF_F_TSO | NETIF_F_NO_CSUM | NETIF_F_GSO_ROBUST; } diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c index 07956ecf545e..f55ef682ef84 100644 --- a/net/bridge/br_if.c +++ b/net/bridge/br_if.c @@ -392,7 +392,8 @@ void br_features_recompute(struct net_bridge *br) features &= feature; } - br->dev->features = features | checksum | NETIF_F_LLTX; + br->dev->features = features | checksum | NETIF_F_LLTX | + NETIF_F_GSO_ROBUST; } /* called with RTNL */ diff --git a/net/core/dev.c b/net/core/dev.c index f1c52cbd6ef7..4f2014994a84 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1190,11 +1190,14 @@ out: /** * skb_gso_segment - Perform segmentation on skb. * @skb: buffer to segment - * @sg: whether scatter-gather is supported on the target. + * @features: features for the output path (see dev->features) * * This function segments the given skb and returns a list of segments. + * + * It may return NULL if the skb requires no segmentation. This is + * only possible when GSO is used for verifying header integrity. */ -struct sk_buff *skb_gso_segment(struct sk_buff *skb, int sg) +struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features) { struct sk_buff *segs = ERR_PTR(-EPROTONOSUPPORT); struct packet_type *ptype; @@ -1210,12 +1213,14 @@ struct sk_buff *skb_gso_segment(struct sk_buff *skb, int sg) rcu_read_lock(); list_for_each_entry_rcu(ptype, &ptype_base[ntohs(type) & 15], list) { if (ptype->type == type && !ptype->dev && ptype->gso_segment) { - segs = ptype->gso_segment(skb, sg); + segs = ptype->gso_segment(skb, features); break; } } rcu_read_unlock(); + __skb_push(skb, skb->data - skb->mac.raw); + return segs; } @@ -1291,9 +1296,15 @@ static int dev_gso_segment(struct sk_buff *skb) { struct net_device *dev = skb->dev; struct sk_buff *segs; + int features = dev->features & ~(illegal_highdma(dev, skb) ? + NETIF_F_SG : 0); + + segs = skb_gso_segment(skb, features); + + /* Verifying header integrity only. */ + if (!segs) + return 0; - segs = skb_gso_segment(skb, dev->features & NETIF_F_SG && - !illegal_highdma(dev, skb)); if (unlikely(IS_ERR(segs))) return PTR_ERR(segs); @@ -1310,13 +1321,17 @@ int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev) if (netdev_nit) dev_queue_xmit_nit(skb, dev); - if (!netif_needs_gso(dev, skb)) - return dev->hard_start_xmit(skb, dev); + if (netif_needs_gso(dev, skb)) { + if (unlikely(dev_gso_segment(skb))) + goto out_kfree_skb; + if (skb->next) + goto gso; + } - if (unlikely(dev_gso_segment(skb))) - goto out_kfree_skb; + return dev->hard_start_xmit(skb, dev); } +gso: do { struct sk_buff *nskb = skb->next; int rc; diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 6edbb90cbcec..dfef9eece83e 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -1848,13 +1848,13 @@ EXPORT_SYMBOL_GPL(skb_pull_rcsum); /** * skb_segment - Perform protocol segmentation on skb. * @skb: buffer to segment - * @sg: whether scatter-gather can be used for generated segments + * @features: features for the output path (see dev->features) * * This function performs segmentation on the given skb. It returns * the segment at the given position. It returns NULL if there are * no more segments to generate, or when an error is encountered. */ -struct sk_buff *skb_segment(struct sk_buff *skb, int sg) +struct sk_buff *skb_segment(struct sk_buff *skb, int features) { struct sk_buff *segs = NULL; struct sk_buff *tail = NULL; @@ -1863,6 +1863,7 @@ struct sk_buff *skb_segment(struct sk_buff *skb, int sg) unsigned int offset = doffset; unsigned int headroom; unsigned int len; + int sg = features & NETIF_F_SG; int nfrags = skb_shinfo(skb)->nr_frags; int err = -ENOMEM; int i = 0; diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 461216b47948..8d157157bf8e 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -1097,7 +1097,7 @@ int inet_sk_rebuild_header(struct sock *sk) EXPORT_SYMBOL(inet_sk_rebuild_header); -static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int sg) +static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int features) { struct sk_buff *segs = ERR_PTR(-EINVAL); struct iphdr *iph; @@ -1126,10 +1126,10 @@ static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int sg) rcu_read_lock(); ops = rcu_dereference(inet_protos[proto]); if (ops && ops->gso_segment) - segs = ops->gso_segment(skb, sg); + segs = ops->gso_segment(skb, features); rcu_read_unlock(); - if (IS_ERR(segs)) + if (!segs || unlikely(IS_ERR(segs))) goto out; skb = segs; diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index c04176be7ed1..0336422c88a0 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -2145,7 +2145,7 @@ int compat_tcp_getsockopt(struct sock *sk, int level, int optname, EXPORT_SYMBOL(compat_tcp_getsockopt); #endif -struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int sg) +struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int features) { struct sk_buff *segs = ERR_PTR(-EINVAL); struct tcphdr *th; @@ -2166,10 +2166,14 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int sg) if (!pskb_may_pull(skb, thlen)) goto out; + segs = NULL; + if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) + goto out; + oldlen = (u16)~skb->len; __skb_pull(skb, thlen); - segs = skb_segment(skb, sg); + segs = skb_segment(skb, features); if (IS_ERR(segs)) goto out; -- cgit v1.2.3 From c7bdb545d23026b18be53289fd866d1ac07f5f8c Mon Sep 17 00:00:00 2001 From: Darrel Goeddel Date: Tue, 27 Jun 2006 13:26:11 -0700 Subject: [NETLINK]: Encapsulate eff_cap usage within security framework. This patch encapsulates the usage of eff_cap (in netlink_skb_params) within the security framework by extending security_netlink_recv to include a required capability parameter and converting all direct usage of eff_caps outside of the lsm modules to use the interface. It also updates the SELinux implementation of the security_netlink_send and security_netlink_recv hooks to take advantage of the sid in the netlink_skb_params struct. This also enables SELinux to perform auditing of netlink capability checks. Please apply, for 2.6.18 if possible. Signed-off-by: Darrel Goeddel Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: David S. Miller --- include/linux/security.h | 13 +++++++------ kernel/audit.c | 8 ++++---- net/core/rtnetlink.c | 2 +- net/decnet/netfilter/dn_rtmsg.c | 2 +- net/ipv4/netfilter/ip_queue.c | 2 +- net/ipv6/netfilter/ip6_queue.c | 2 +- net/netfilter/nfnetlink.c | 2 +- net/netlink/genetlink.c | 2 +- net/xfrm/xfrm_user.c | 2 +- security/commoncap.c | 4 ++-- security/dummy.c | 4 ++-- security/selinux/hooks.c | 26 +++++++++++++------------- 12 files changed, 35 insertions(+), 34 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index 51805806f974..c7ea15716dce 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -67,7 +67,7 @@ struct xfrm_state; struct xfrm_user_sec_ctx; extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); -extern int cap_netlink_recv(struct sk_buff *skb); +extern int cap_netlink_recv(struct sk_buff *skb, int cap); /* * Values used in the task_security_ops calls @@ -656,6 +656,7 @@ struct swap_info_struct; * Check permission before processing the received netlink message in * @skb. * @skb contains the sk_buff structure for the netlink message. + * @cap indicates the capability required * Return 0 if permission is granted. * * Security hooks for Unix domain networking. @@ -1266,7 +1267,7 @@ struct security_operations { struct sembuf * sops, unsigned nsops, int alter); int (*netlink_send) (struct sock * sk, struct sk_buff * skb); - int (*netlink_recv) (struct sk_buff * skb); + int (*netlink_recv) (struct sk_buff * skb, int cap); /* allow module stacking */ int (*register_security) (const char *name, @@ -2032,9 +2033,9 @@ static inline int security_netlink_send(struct sock *sk, struct sk_buff * skb) return security_ops->netlink_send(sk, skb); } -static inline int security_netlink_recv(struct sk_buff * skb) +static inline int security_netlink_recv(struct sk_buff * skb, int cap) { - return security_ops->netlink_recv(skb); + return security_ops->netlink_recv(skb, cap); } /* prototypes */ @@ -2670,9 +2671,9 @@ static inline int security_netlink_send (struct sock *sk, struct sk_buff *skb) return cap_netlink_send (sk, skb); } -static inline int security_netlink_recv (struct sk_buff *skb) +static inline int security_netlink_recv (struct sk_buff *skb, int cap) { - return cap_netlink_recv (skb); + return cap_netlink_recv (skb, cap); } static inline struct dentry *securityfs_create_dir(const char *name, diff --git a/kernel/audit.c b/kernel/audit.c index 82443fb433ef..d417ca1db79b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -445,7 +445,7 @@ void audit_send_reply(int pid, int seq, int type, int done, int multi, * Check for appropriate CAP_AUDIT_ capabilities on incoming audit * control messages. */ -static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type) +static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type) { int err = 0; @@ -459,13 +459,13 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type) case AUDIT_DEL: case AUDIT_DEL_RULE: case AUDIT_SIGNAL_INFO: - if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL)) + if (security_netlink_recv(skb, CAP_AUDIT_CONTROL)) err = -EPERM; break; case AUDIT_USER: case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2: - if (!cap_raised(eff_cap, CAP_AUDIT_WRITE)) + if (security_netlink_recv(skb, CAP_AUDIT_WRITE)) err = -EPERM; break; default: /* bad msg */ @@ -488,7 +488,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) char *ctx; u32 len; - err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); + err = audit_netlink_ok(skb, msg_type); if (err) return err; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 3fcfa9c59e1f..f25aac17497a 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -663,7 +663,7 @@ rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *errp) sz_idx = type>>2; kind = type&3; - if (kind != 2 && security_netlink_recv(skb)) { + if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN)) { *errp = -EPERM; return -1; } diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c index 74133ecd7700..8b99bd33540d 100644 --- a/net/decnet/netfilter/dn_rtmsg.c +++ b/net/decnet/netfilter/dn_rtmsg.c @@ -107,7 +107,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb) if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len) return; - if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) + if (security_netlink_recv(skb, CAP_NET_ADMIN)) RCV_SKB_FAIL(-EPERM); /* Eventually we might send routing messages too */ diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index 213d116e5bb9..198ac36db861 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c @@ -515,7 +515,7 @@ ipq_rcv_skb(struct sk_buff *skb) if (type <= IPQM_BASE) return; - if (security_netlink_recv(skb)) + if (security_netlink_recv(skb, CAP_NET_ADMIN)) RCV_SKB_FAIL(-EPERM); write_lock_bh(&queue_lock); diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index b4b7d441af25..968a14be0d05 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c @@ -505,7 +505,7 @@ ipq_rcv_skb(struct sk_buff *skb) if (type <= IPQM_BASE) return; - if (security_netlink_recv(skb)) + if (security_netlink_recv(skb, CAP_NET_ADMIN)) RCV_SKB_FAIL(-EPERM); write_lock_bh(&queue_lock); diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index b88e82a1a987..ec9f0efea6bb 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c @@ -229,7 +229,7 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, NFNL_SUBSYS_ID(nlh->nlmsg_type), NFNL_MSG_TYPE(nlh->nlmsg_type)); - if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) { + if (security_netlink_recv(skb, CAP_NET_ADMIN)) { DEBUGP("missing CAP_NET_ADMIN\n"); *errp = -EPERM; return -1; diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index f329b72578f5..edf084becd5e 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -320,7 +320,7 @@ static int genl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, goto errout; } - if ((ops->flags & GENL_ADMIN_PERM) && security_netlink_recv(skb)) { + if ((ops->flags & GENL_ADMIN_PERM) && security_netlink_recv(skb, CAP_NET_ADMIN)) { err = -EPERM; goto errout; } diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index c21dc26141ea..3e6a722d072e 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1435,7 +1435,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *err link = &xfrm_dispatch[type]; /* All operations require privileges, even GET */ - if (security_netlink_recv(skb)) { + if (security_netlink_recv(skb, CAP_NET_ADMIN)) { *errp = -EPERM; return -1; } diff --git a/security/commoncap.c b/security/commoncap.c index 841eb4e5c62b..57673ee07ceb 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -33,9 +33,9 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb) EXPORT_SYMBOL(cap_netlink_send); -int cap_netlink_recv(struct sk_buff *skb) +int cap_netlink_recv(struct sk_buff *skb, int cap) { - if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) + if (!cap_raised(NETLINK_CB(skb).eff_cap, cap)) return -EPERM; return 0; } diff --git a/security/dummy.c b/security/dummy.c index 310fcdf7b749..913540808577 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -675,9 +675,9 @@ static int dummy_netlink_send (struct sock *sk, struct sk_buff *skb) return 0; } -static int dummy_netlink_recv (struct sk_buff *skb) +static int dummy_netlink_recv (struct sk_buff *skb, int cap) { - if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN)) + if (!cap_raised (NETLINK_CB (skb).eff_cap, cap)) return -EPERM; return 0; } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 28832e689800..b6c378dd4f12 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3641,32 +3641,32 @@ static unsigned int selinux_ipv6_postroute_last(unsigned int hooknum, static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) { - struct task_security_struct *tsec; - struct av_decision avd; int err; err = secondary_ops->netlink_send(sk, skb); if (err) return err; - tsec = current->security; - - avd.allowed = 0; - avc_has_perm_noaudit(tsec->sid, tsec->sid, - SECCLASS_CAPABILITY, ~0, &avd); - cap_mask(NETLINK_CB(skb).eff_cap, avd.allowed); - if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS) err = selinux_nlmsg_perm(sk, skb); return err; } -static int selinux_netlink_recv(struct sk_buff *skb) +static int selinux_netlink_recv(struct sk_buff *skb, int capability) { - if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) - return -EPERM; - return 0; + int err; + struct avc_audit_data ad; + + err = secondary_ops->netlink_recv(skb, capability); + if (err) + return err; + + AVC_AUDIT_DATA_INIT(&ad, CAP); + ad.u.cap = capability; + + return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, + SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad); } static int ipc_alloc_security(struct task_struct *task, -- cgit v1.2.3 From 47da8ee681d04e68ca1b1812c10e28162150d453 Mon Sep 17 00:00:00 2001 From: Sridhar Samudrala Date: Tue, 27 Jun 2006 13:29:00 -0700 Subject: [TCP]: Export accept queue len of a TCP listening socket via rx_queue While debugging a TCP server hang issue, we noticed that currently there is no way for a user to get the acceptq backlog value for a TCP listen socket. All the standard networking utilities that display socket info like netstat, ss and /proc/net/tcp have 2 fields called rx_queue and tx_queue. These fields do not mean much for listening sockets. This patch uses one of these unused fields(rx_queue) to export the accept queue len for listening sockets. Signed-off-by: Sridhar Samudrala Signed-off-by: David S. Miller --- net/ipv4/tcp_diag.c | 5 ++++- net/ipv4/tcp_ipv4.c | 3 ++- net/ipv6/tcp_ipv6.c | 3 ++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/net/ipv4/tcp_diag.c b/net/ipv4/tcp_diag.c index c148c1081880..b56399c7cc12 100644 --- a/net/ipv4/tcp_diag.c +++ b/net/ipv4/tcp_diag.c @@ -26,7 +26,10 @@ static void tcp_diag_get_info(struct sock *sk, struct inet_diag_msg *r, const struct tcp_sock *tp = tcp_sk(sk); struct tcp_info *info = _info; - r->idiag_rqueue = tp->rcv_nxt - tp->copied_seq; + if (sk->sk_state == TCP_LISTEN) + r->idiag_rqueue = sk->sk_ack_backlog; + else + r->idiag_rqueue = tp->rcv_nxt - tp->copied_seq; r->idiag_wqueue = tp->write_seq - tp->snd_una; if (info != NULL) tcp_get_info(sk, info); diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 25ecc6e2478b..4c6ef47eb1c3 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1726,7 +1726,8 @@ static void get_tcp4_sock(struct sock *sp, char *tmpbuf, int i) sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX " "%08X %5d %8d %lu %d %p %u %u %u %u %d", i, src, srcp, dest, destp, sp->sk_state, - tp->write_seq - tp->snd_una, tp->rcv_nxt - tp->copied_seq, + tp->write_seq - tp->snd_una, + (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), timer_active, jiffies_to_clock_t(timer_expires - jiffies), icsk->icsk_retransmits, diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index a50eb306e9e2..b36d5b2e7c30 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1469,7 +1469,8 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) dest->s6_addr32[0], dest->s6_addr32[1], dest->s6_addr32[2], dest->s6_addr32[3], destp, sp->sk_state, - tp->write_seq-tp->snd_una, tp->rcv_nxt-tp->copied_seq, + tp->write_seq-tp->snd_una, + (sp->sk_state == TCP_LISTEN) ? sp->sk_ack_backlog : (tp->rcv_nxt - tp->copied_seq), timer_active, jiffies_to_clock_t(timer_expires - jiffies), icsk->icsk_retransmits, -- cgit v1.2.3 From 3d3a85337937bb5e3db676eeb4f3bf7f02533b44 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 27 Jun 2006 13:33:10 -0700 Subject: [NET]: Make illegal_highdma more anal Rather than having illegal_highdma as a macro when HIGHMEM is off, we can turn it into an inline function that returns zero. This will catch callers that give it bad arguments. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/core/dev.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index 4f2014994a84..08976b08df5b 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1239,7 +1239,6 @@ void netdev_rx_csum_fault(struct net_device *dev) EXPORT_SYMBOL(netdev_rx_csum_fault); #endif -#ifdef CONFIG_HIGHMEM /* Actually, we should eliminate this check as soon as we know, that: * 1. IOMMU is present and allows to map all the memory. * 2. No high memory really exists on this machine. @@ -1247,6 +1246,7 @@ EXPORT_SYMBOL(netdev_rx_csum_fault); static inline int illegal_highdma(struct net_device *dev, struct sk_buff *skb) { +#ifdef CONFIG_HIGHMEM int i; if (dev->features & NETIF_F_HIGHDMA) @@ -1256,11 +1256,9 @@ static inline int illegal_highdma(struct net_device *dev, struct sk_buff *skb) if (PageHighMem(skb_shinfo(skb)->frags[i].page)) return 1; +#endif return 0; } -#else -#define illegal_highdma(dev, skb) (0) -#endif struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); -- cgit v1.2.3 From 4ee303dfeac6451b402e3d8512723d3a0f861857 Mon Sep 17 00:00:00 2001 From: Shuya MAEDA Date: Wed, 28 Jun 2006 01:40:35 -0700 Subject: [PKT_SCHED]: PSCHED_TADD() and PSCHED_TADD2() can result,tv_usec >= 1000000 Signed-off-by: Shuya MAEDA Signed-off-by: David S. Miller --- include/net/pkt_sched.h | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/include/net/pkt_sched.h b/include/net/pkt_sched.h index 75b5b9333fc7..1925c65e617b 100644 --- a/include/net/pkt_sched.h +++ b/include/net/pkt_sched.h @@ -169,17 +169,23 @@ psched_tod_diff(int delta_sec, int bound) #define PSCHED_TADD2(tv, delta, tv_res) \ ({ \ - int __delta = (tv).tv_usec + (delta); \ - (tv_res).tv_sec = (tv).tv_sec; \ - if (__delta > USEC_PER_SEC) { (tv_res).tv_sec++; __delta -= USEC_PER_SEC; } \ + int __delta = (delta); \ + (tv_res) = (tv); \ + while(__delta >= USEC_PER_SEC){ \ + (tv_res).tv_sec++; \ + __delta -= USEC_PER_SEC; \ + } \ (tv_res).tv_usec = __delta; \ }) #define PSCHED_TADD(tv, delta) \ ({ \ - (tv).tv_usec += (delta); \ - if ((tv).tv_usec > USEC_PER_SEC) { (tv).tv_sec++; \ - (tv).tv_usec -= USEC_PER_SEC; } \ + int __delta = (delta); \ + while(__delta >= USEC_PER_SEC){ \ + (tv).tv_sec++; \ + __delta -= USEC_PER_SEC; \ + } \ + (tv).tv_usec = __delta; \ }) /* Set/check that time is in the "past perfect"; -- cgit v1.2.3 From d6b4991ad5d1a9840e12db507be1a6593def01fe Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 29 Jun 2006 12:25:53 -0700 Subject: [NET]: Fix logical error in skb_gso_ok The test in skb_gso_ok is backwards. Noticed by Michael Chan . Signed-off-by: Herbert Xu Acked-by: Michael Chan Signed-off-by: David S. Miller --- include/linux/netdevice.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 84b0f0d16fcb..efd1e2af0bf3 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -994,12 +994,12 @@ static inline int skb_gso_ok(struct sk_buff *skb, int features) { int feature = skb_shinfo(skb)->gso_size ? skb_shinfo(skb)->gso_type << NETIF_F_GSO_SHIFT : 0; - return (features & feature) != feature; + return (features & feature) == feature; } static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb) { - return skb_gso_ok(skb, dev->features); + return !skb_gso_ok(skb, dev->features); } #endif /* __KERNEL__ */ -- cgit v1.2.3 From 877ce7c1b3afd69a9b1caeb1b9964c992641f52a Mon Sep 17 00:00:00 2001 From: Catherine Zhang Date: Thu, 29 Jun 2006 12:27:47 -0700 Subject: [AF_UNIX]: Datagram getpeersec This patch implements an API whereby an application can determine the label of its peer's Unix datagram sockets via the auxiliary data mechanism of recvmsg. Patch purpose: This patch enables a security-aware application to retrieve the security context of the peer of a Unix datagram socket. The application can then use this security context to determine the security context for processing on behalf of the peer who sent the packet. Patch design and implementation: The design and implementation is very similar to the UDP case for INET sockets. Basically we build upon the existing Unix domain socket API for retrieving user credentials. Linux offers the API for obtaining user credentials via ancillary messages (i.e., out of band/control messages that are bundled together with a normal message). To retrieve the security context, the application first indicates to the kernel such desire by setting the SO_PASSSEC option via getsockopt. Then the application retrieves the security context using the auxiliary data mechanism. An example server application for Unix datagram socket should look like this: toggle = 1; toggle_len = sizeof(toggle); setsockopt(sockfd, SOL_SOCKET, SO_PASSSEC, &toggle, &toggle_len); recvmsg(sockfd, &msg_hdr, 0); if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) { cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr); if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) && cmsg_hdr->cmsg_level == SOL_SOCKET && cmsg_hdr->cmsg_type == SCM_SECURITY) { memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext)); } } sock_setsockopt is enhanced with a new socket option SOCK_PASSSEC to allow a server socket to receive security context of the peer. Testing: We have tested the patch by setting up Unix datagram client and server applications. We verified that the server can retrieve the security context using the auxiliary data mechanism of recvmsg. Signed-off-by: Catherine Zhang Acked-by: Acked-by: James Morris Signed-off-by: David S. Miller --- include/asm-alpha/socket.h | 1 + include/asm-arm/socket.h | 1 + include/asm-arm26/socket.h | 1 + include/asm-cris/socket.h | 1 + include/asm-frv/socket.h | 1 + include/asm-h8300/socket.h | 1 + include/asm-i386/socket.h | 1 + include/asm-ia64/socket.h | 1 + include/asm-m32r/socket.h | 1 + include/asm-m68k/socket.h | 1 + include/asm-mips/socket.h | 1 + include/asm-parisc/socket.h | 1 + include/asm-powerpc/socket.h | 1 + include/asm-s390/socket.h | 1 + include/asm-sh/socket.h | 1 + include/asm-sparc/socket.h | 1 + include/asm-sparc64/socket.h | 1 + include/asm-v850/socket.h | 1 + include/asm-x86_64/socket.h | 1 + include/asm-xtensa/socket.h | 1 + include/linux/net.h | 1 + include/net/af_unix.h | 6 ++++++ include/net/scm.h | 17 +++++++++++++++++ net/core/sock.c | 11 +++++++++++ net/unix/af_unix.c | 27 +++++++++++++++++++++++++++ security/selinux/hooks.c | 11 ++++++++--- 26 files changed, 90 insertions(+), 3 deletions(-) diff --git a/include/asm-alpha/socket.h b/include/asm-alpha/socket.h index b5193229132a..d22ab97ea72e 100644 --- a/include/asm-alpha/socket.h +++ b/include/asm-alpha/socket.h @@ -51,6 +51,7 @@ #define SCM_TIMESTAMP SO_TIMESTAMP #define SO_PEERSEC 30 +#define SO_PASSSEC 34 /* Security levels - as per NRL IPv6 - don't actually do anything */ #define SO_SECURITY_AUTHENTICATION 19 diff --git a/include/asm-arm/socket.h b/include/asm-arm/socket.h index 3c51da6438c9..19f7df702b06 100644 --- a/include/asm-arm/socket.h +++ b/include/asm-arm/socket.h @@ -48,5 +48,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-arm26/socket.h b/include/asm-arm26/socket.h index 3c51da6438c9..19f7df702b06 100644 --- a/include/asm-arm26/socket.h +++ b/include/asm-arm26/socket.h @@ -48,5 +48,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-cris/socket.h b/include/asm-cris/socket.h index 8b1da3e58c55..01cfdf1d6d33 100644 --- a/include/asm-cris/socket.h +++ b/include/asm-cris/socket.h @@ -50,6 +50,7 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-frv/socket.h b/include/asm-frv/socket.h index 7177f8b9817c..31db18fc871f 100644 --- a/include/asm-frv/socket.h +++ b/include/asm-frv/socket.h @@ -48,6 +48,7 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-h8300/socket.h b/include/asm-h8300/socket.h index d98cf85bafc1..ebc830fee0d0 100644 --- a/include/asm-h8300/socket.h +++ b/include/asm-h8300/socket.h @@ -48,5 +48,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-i386/socket.h b/include/asm-i386/socket.h index 802ae76195b7..5755d57c4e95 100644 --- a/include/asm-i386/socket.h +++ b/include/asm-i386/socket.h @@ -48,5 +48,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-ia64/socket.h b/include/asm-ia64/socket.h index a255006fb7b5..d638ef3d50c3 100644 --- a/include/asm-ia64/socket.h +++ b/include/asm-ia64/socket.h @@ -57,5 +57,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _ASM_IA64_SOCKET_H */ diff --git a/include/asm-m32r/socket.h b/include/asm-m32r/socket.h index 8b6680f223c0..acdf748fcdc8 100644 --- a/include/asm-m32r/socket.h +++ b/include/asm-m32r/socket.h @@ -48,5 +48,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _ASM_M32R_SOCKET_H */ diff --git a/include/asm-m68k/socket.h b/include/asm-m68k/socket.h index f578ca4b776a..a5966ec005ae 100644 --- a/include/asm-m68k/socket.h +++ b/include/asm-m68k/socket.h @@ -48,5 +48,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-mips/socket.h b/include/asm-mips/socket.h index 0bb31e5aaca6..36ebe4e186a7 100644 --- a/include/asm-mips/socket.h +++ b/include/asm-mips/socket.h @@ -69,6 +69,7 @@ To add: #define SO_REUSEPORT 0x0200 /* Allow local address and port reuse. */ #define SO_PEERSEC 30 #define SO_SNDBUFFORCE 31 #define SO_RCVBUFFORCE 33 +#define SO_PASSSEC 34 #ifdef __KERNEL__ diff --git a/include/asm-parisc/socket.h b/include/asm-parisc/socket.h index 1bf54dc53c10..ce2eae1708b5 100644 --- a/include/asm-parisc/socket.h +++ b/include/asm-parisc/socket.h @@ -48,5 +48,6 @@ #define SO_ACCEPTCONN 0x401c #define SO_PEERSEC 0x401d +#define SO_PASSSEC 0x401e #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-powerpc/socket.h b/include/asm-powerpc/socket.h index e4b8177d4acc..c8b1da50e72d 100644 --- a/include/asm-powerpc/socket.h +++ b/include/asm-powerpc/socket.h @@ -55,5 +55,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _ASM_POWERPC_SOCKET_H */ diff --git a/include/asm-s390/socket.h b/include/asm-s390/socket.h index 15a5298c8744..1778a49a74c5 100644 --- a/include/asm-s390/socket.h +++ b/include/asm-s390/socket.h @@ -56,5 +56,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-sh/socket.h b/include/asm-sh/socket.h index 553904ff9336..ca70362eb563 100644 --- a/include/asm-sh/socket.h +++ b/include/asm-sh/socket.h @@ -48,5 +48,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* __ASM_SH_SOCKET_H */ diff --git a/include/asm-sparc/socket.h b/include/asm-sparc/socket.h index 4e0ce3a35ea9..f6c4e5baf3f7 100644 --- a/include/asm-sparc/socket.h +++ b/include/asm-sparc/socket.h @@ -48,6 +48,7 @@ #define SCM_TIMESTAMP SO_TIMESTAMP #define SO_PEERSEC 0x001e +#define SO_PASSSEC 0x001f /* Security levels - as per NRL IPv6 - don't actually do anything */ #define SO_SECURITY_AUTHENTICATION 0x5001 diff --git a/include/asm-sparc64/socket.h b/include/asm-sparc64/socket.h index 59987dad3359..754d46a50af3 100644 --- a/include/asm-sparc64/socket.h +++ b/include/asm-sparc64/socket.h @@ -48,6 +48,7 @@ #define SCM_TIMESTAMP SO_TIMESTAMP #define SO_PEERSEC 0x001e +#define SO_PASSSEC 0x001f /* Security levels - as per NRL IPv6 - don't actually do anything */ #define SO_SECURITY_AUTHENTICATION 0x5001 diff --git a/include/asm-v850/socket.h b/include/asm-v850/socket.h index 0240d366a0a4..0dfe55ac2ef2 100644 --- a/include/asm-v850/socket.h +++ b/include/asm-v850/socket.h @@ -48,5 +48,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* __V850_SOCKET_H__ */ diff --git a/include/asm-x86_64/socket.h b/include/asm-x86_64/socket.h index f2cdbeae5d5b..b46702607933 100644 --- a/include/asm-x86_64/socket.h +++ b/include/asm-x86_64/socket.h @@ -48,5 +48,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _ASM_SOCKET_H */ diff --git a/include/asm-xtensa/socket.h b/include/asm-xtensa/socket.h index 00f83f3a6d72..971d231be60e 100644 --- a/include/asm-xtensa/socket.h +++ b/include/asm-xtensa/socket.h @@ -59,5 +59,6 @@ #define SO_ACCEPTCONN 30 #define SO_PEERSEC 31 +#define SO_PASSSEC 34 #endif /* _XTENSA_SOCKET_H */ diff --git a/include/linux/net.h b/include/linux/net.h index 385e68f5bd93..b20c53c74413 100644 --- a/include/linux/net.h +++ b/include/linux/net.h @@ -61,6 +61,7 @@ typedef enum { #define SOCK_ASYNC_WAITDATA 1 #define SOCK_NOSPACE 2 #define SOCK_PASSCRED 3 +#define SOCK_PASSSEC 4 #ifndef ARCH_HAS_SOCKET_TYPES /** diff --git a/include/net/af_unix.h b/include/net/af_unix.h index 795f81f9ec7f..5ba72d95280c 100644 --- a/include/net/af_unix.h +++ b/include/net/af_unix.h @@ -53,10 +53,16 @@ struct unix_address { struct unix_skb_parms { struct ucred creds; /* Skb credentials */ struct scm_fp_list *fp; /* Passed files */ +#ifdef CONFIG_SECURITY_NETWORK + char *secdata; /* Security context */ + u32 seclen; /* Security length */ +#endif }; #define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb)) #define UNIXCREDS(skb) (&UNIXCB((skb)).creds) +#define UNIXSECDATA(skb) (&UNIXCB((skb)).secdata) +#define UNIXSECLEN(skb) (&UNIXCB((skb)).seclen) #define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock) #define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock) diff --git a/include/net/scm.h b/include/net/scm.h index 540619cb7160..02daa097cdcd 100644 --- a/include/net/scm.h +++ b/include/net/scm.h @@ -19,6 +19,10 @@ struct scm_cookie { struct ucred creds; /* Skb credentials */ struct scm_fp_list *fp; /* Passed files */ +#ifdef CONFIG_SECURITY_NETWORK + char *secdata; /* Security context */ + u32 seclen; /* Security length */ +#endif unsigned long seq; /* Connection seqno */ }; @@ -48,6 +52,17 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, return __scm_send(sock, msg, scm); } +#ifdef CONFIG_SECURITY_NETWORK +static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) +{ + if (test_bit(SOCK_PASSSEC, &sock->flags) && scm->secdata != NULL) + put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, scm->seclen, scm->secdata); +} +#else +static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) +{ } +#endif /* CONFIG_SECURITY_NETWORK */ + static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm, int flags) { @@ -62,6 +77,8 @@ static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, if (test_bit(SOCK_PASSCRED, &sock->flags)) put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds); + scm_passec(sock, msg, scm); + if (!scm->fp) return; diff --git a/net/core/sock.c b/net/core/sock.c index 5d820c376653..204a8dec65cc 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -565,6 +565,13 @@ set_rcvbuf: ret = -ENONET; break; + case SO_PASSSEC: + if (valbool) + set_bit(SOCK_PASSSEC, &sock->flags); + else + clear_bit(SOCK_PASSSEC, &sock->flags); + break; + /* We implement the SO_SNDLOWAT etc to not be settable (1003.1g 5.3) */ default: @@ -723,6 +730,10 @@ int sock_getsockopt(struct socket *sock, int level, int optname, v.val = sk->sk_state == TCP_LISTEN; break; + case SO_PASSSEC: + v.val = test_bit(SOCK_PASSSEC, &sock->flags) ? 1 : 0; + break; + case SO_PEERSEC: return security_socket_getpeersec_stream(sock, optval, optlen, len); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index d901465ce013..fd11d4048b52 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -128,6 +128,30 @@ static atomic_t unix_nr_socks = ATOMIC_INIT(0); #define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE) +#ifdef CONFIG_SECURITY_NETWORK +static void unix_get_peersec_dgram(struct sk_buff *skb) +{ + int err; + + err = security_socket_getpeersec_dgram(skb, UNIXSECDATA(skb), + UNIXSECLEN(skb)); + if (err) + *(UNIXSECDATA(skb)) = NULL; +} + +static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) +{ + scm->secdata = *UNIXSECDATA(skb); + scm->seclen = *UNIXSECLEN(skb); +} +#else +static void unix_get_peersec_dgram(struct sk_buff *skb) +{ } + +static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) +{ } +#endif /* CONFIG_SECURITY_NETWORK */ + /* * SMP locking strategy: * hash table is protected with spinlock unix_table_lock @@ -1291,6 +1315,8 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock, if (siocb->scm->fp) unix_attach_fds(siocb->scm, skb); + unix_get_peersec_dgram(skb); + skb->h.raw = skb->data; err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len); if (err) @@ -1570,6 +1596,7 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock, memset(&tmp_scm, 0, sizeof(tmp_scm)); } siocb->scm->creds = *UNIXCREDS(skb); + unix_set_secdata(siocb->scm, skb); if (!(flags & MSG_PEEK)) { diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b6c378dd4f12..b85afcf38527 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -69,6 +69,7 @@ #include #include #include +#include #include "avc.h" #include "objsec.h" @@ -3420,7 +3421,13 @@ out: static int selinux_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, u32 *seclen) { int err = 0; - u32 peer_sid = selinux_socket_getpeer_dgram(skb); + u32 peer_sid; + + if (skb->sk->sk_family == PF_UNIX) + selinux_get_inode_sid(SOCK_INODE(skb->sk->sk_socket), + &peer_sid); + else + peer_sid = selinux_socket_getpeer_dgram(skb); if (peer_sid == SECSID_NULL) return -EINVAL; @@ -3432,8 +3439,6 @@ static int selinux_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, return 0; } - - static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) { return sk_alloc_security(sk, family, priority); -- cgit v1.2.3 From b0da8537037f337103348f239ad901477e907aa8 Mon Sep 17 00:00:00 2001 From: Michael Chan Date: Thu, 29 Jun 2006 12:30:00 -0700 Subject: [NET]: Add ECN support for TSO In the current TSO implementation, NETIF_F_TSO and ECN cannot be turned on together in a TCP connection. The problem is that most hardware that supports TSO does not handle CWR correctly if it is set in the TSO packet. Correct handling requires CWR to be set in the first packet only if it is set in the TSO header. This patch adds the ability to turn on NETIF_F_TSO and ECN using GSO if necessary to handle TSO packets with CWR set. Hardware that handles CWR correctly can turn on NETIF_F_TSO_ECN in the dev-> features flag. All TSO packets with CWR set will have the SKB_GSO_TCPV4_ECN set. If the output device does not have the NETIF_F_TSO_ECN feature set, GSO will split the packet up correctly with CWR only set in the first segment. With help from Herbert Xu . Since ECN can always be enabled with TSO, the SOCK_NO_LARGESEND sock flag is completely removed. Signed-off-by: Michael Chan Signed-off-by: David S. Miller --- include/linux/netdevice.h | 1 + include/linux/skbuff.h | 3 +++ include/net/sock.h | 3 +-- include/net/tcp_ecn.h | 6 ++++-- net/ipv4/tcp_input.c | 4 ---- net/ipv4/tcp_minisocks.c | 2 -- net/ipv4/tcp_output.c | 2 -- 7 files changed, 9 insertions(+), 12 deletions(-) diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index efd1e2af0bf3..aa2d3c12c4d8 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -316,6 +316,7 @@ struct net_device #define NETIF_F_TSO (SKB_GSO_TCPV4 << NETIF_F_GSO_SHIFT) #define NETIF_F_UFO (SKB_GSO_UDPV4 << NETIF_F_GSO_SHIFT) #define NETIF_F_GSO_ROBUST (SKB_GSO_DODGY << NETIF_F_GSO_SHIFT) +#define NETIF_F_TSO_ECN (SKB_GSO_TCPV4_ECN << NETIF_F_GSO_SHIFT) #define NETIF_F_GEN_CSUM (NETIF_F_NO_CSUM | NETIF_F_HW_CSUM) #define NETIF_F_ALL_CSUM (NETIF_F_IP_CSUM | NETIF_F_GEN_CSUM) diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 5fb72da7da03..e74c294929a0 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -175,6 +175,9 @@ enum { /* This indicates the skb is from an untrusted source. */ SKB_GSO_DODGY = 1 << 2, + + /* This indicates the tcp segment has CWR set. */ + SKB_GSO_TCPV4_ECN = 1 << 3, }; /** diff --git a/include/net/sock.h b/include/net/sock.h index 2d8d6adf1616..7136bae48c2f 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -383,7 +383,6 @@ enum sock_flags { SOCK_USE_WRITE_QUEUE, /* whether to call sk->sk_write_space in sock_wfree */ SOCK_DBG, /* %SO_DEBUG setting */ SOCK_RCVTSTAMP, /* %SO_TIMESTAMP setting */ - SOCK_NO_LARGESEND, /* whether to sent large segments or not */ SOCK_LOCALROUTE, /* route locally only, %SO_DONTROUTE setting */ SOCK_QUEUE_SHRUNK, /* write queue has been shrunk recently */ }; @@ -1033,7 +1032,7 @@ static inline void sk_setup_caps(struct sock *sk, struct dst_entry *dst) if (sk->sk_route_caps & NETIF_F_GSO) sk->sk_route_caps |= NETIF_F_TSO; if (sk->sk_route_caps & NETIF_F_TSO) { - if (sock_flag(sk, SOCK_NO_LARGESEND) || dst->header_len) + if (dst->header_len) sk->sk_route_caps &= ~NETIF_F_TSO; else sk->sk_route_caps |= NETIF_F_SG | NETIF_F_HW_CSUM; diff --git a/include/net/tcp_ecn.h b/include/net/tcp_ecn.h index c6b84397448d..7bb366f70934 100644 --- a/include/net/tcp_ecn.h +++ b/include/net/tcp_ecn.h @@ -31,10 +31,9 @@ static inline void TCP_ECN_send_syn(struct sock *sk, struct tcp_sock *tp, struct sk_buff *skb) { tp->ecn_flags = 0; - if (sysctl_tcp_ecn && !(sk->sk_route_caps & NETIF_F_TSO)) { + if (sysctl_tcp_ecn) { TCP_SKB_CB(skb)->flags |= TCPCB_FLAG_ECE|TCPCB_FLAG_CWR; tp->ecn_flags = TCP_ECN_OK; - sock_set_flag(sk, SOCK_NO_LARGESEND); } } @@ -56,6 +55,9 @@ static inline void TCP_ECN_send(struct sock *sk, struct tcp_sock *tp, if (tp->ecn_flags&TCP_ECN_QUEUE_CWR) { tp->ecn_flags &= ~TCP_ECN_QUEUE_CWR; skb->h.th->cwr = 1; + if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4) + skb_shinfo(skb)->gso_type |= + SKB_GSO_TCPV4_ECN; } } else { /* ACK or retransmitted segment: clear ECT|CE */ diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 94fe5b1f9dcb..7fa0b4a8a389 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -4178,8 +4178,6 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, */ TCP_ECN_rcv_synack(tp, th); - if (tp->ecn_flags&TCP_ECN_OK) - sock_set_flag(sk, SOCK_NO_LARGESEND); tp->snd_wl1 = TCP_SKB_CB(skb)->seq; tcp_ack(sk, skb, FLAG_SLOWPATH); @@ -4322,8 +4320,6 @@ discard: tp->max_window = tp->snd_wnd; TCP_ECN_rcv_syn(tp, th); - if (tp->ecn_flags&TCP_ECN_OK) - sock_set_flag(sk, SOCK_NO_LARGESEND); tcp_mtup_init(sk); tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index 2b9b7f6c7f7c..54b2ef7d3efe 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -440,8 +440,6 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req, newicsk->icsk_ack.last_seg_size = skb->len - newtp->tcp_header_len; newtp->rx_opt.mss_clamp = req->mss; TCP_ECN_openreq_child(newtp, req); - if (newtp->ecn_flags&TCP_ECN_OK) - sock_set_flag(newsk, SOCK_NO_LARGESEND); TCP_INC_STATS_BH(TCP_MIB_PASSIVEOPENS); } diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index bdd71db8bf90..5a7cb4a9c867 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -2044,8 +2044,6 @@ struct sk_buff * tcp_make_synack(struct sock *sk, struct dst_entry *dst, memset(th, 0, sizeof(struct tcphdr)); th->syn = 1; th->ack = 1; - if (dst->dev->features&NETIF_F_TSO) - ireq->ecn_ok = 0; TCP_ECN_make_synack(req, th); th->source = inet_sk(sk)->sport; th->dest = ireq->rmt_port; -- cgit v1.2.3 From b11d6213529b33d81c21eeba97343e3b714e62e7 Mon Sep 17 00:00:00 2001 From: Michael Chan Date: Thu, 29 Jun 2006 12:31:21 -0700 Subject: [BNX2]: Add NETIF_F_TSO_ECN Add NETIF_F_TSO_ECN feature for all bnx2 hardware. Signed-off-by: Michael Chan Signed-off-by: David S. Miller --- drivers/net/bnx2.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/drivers/net/bnx2.c b/drivers/net/bnx2.c index 7635736cc791..e89d5df3e978 100644 --- a/drivers/net/bnx2.c +++ b/drivers/net/bnx2.c @@ -5128,6 +5128,16 @@ bnx2_set_rx_csum(struct net_device *dev, u32 data) return 0; } +static int +bnx2_set_tso(struct net_device *dev, u32 data) +{ + if (data) + dev->features |= NETIF_F_TSO | NETIF_F_TSO_ECN; + else + dev->features &= ~(NETIF_F_TSO | NETIF_F_TSO_ECN); + return 0; +} + #define BNX2_NUM_STATS 46 static struct { @@ -5445,7 +5455,7 @@ static struct ethtool_ops bnx2_ethtool_ops = { .set_sg = ethtool_op_set_sg, #ifdef BCM_TSO .get_tso = ethtool_op_get_tso, - .set_tso = ethtool_op_set_tso, + .set_tso = bnx2_set_tso, #endif .self_test_count = bnx2_self_test_count, .self_test = bnx2_self_test, @@ -5926,7 +5936,7 @@ bnx2_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) dev->features |= NETIF_F_HW_VLAN_TX | NETIF_F_HW_VLAN_RX; #endif #ifdef BCM_TSO - dev->features |= NETIF_F_TSO; + dev->features |= NETIF_F_TSO | NETIF_F_TSO_ECN; #endif netif_carrier_off(bp->dev); -- cgit v1.2.3 From b47eb0eb9bb5fcee6394f0d9bde0b471f7329841 Mon Sep 17 00:00:00 2001 From: Chas Williams Date: Thu, 29 Jun 2006 12:35:02 -0700 Subject: [ATM]: [idt77105] should be __devinit not __init Signed-off-by: Chas Williams Signed-off-by: David S. Miller --- drivers/atm/idt77105.c | 2 +- drivers/atm/idt77105.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/atm/idt77105.c b/drivers/atm/idt77105.c index 0aabfc2a59d9..325325afabec 100644 --- a/drivers/atm/idt77105.c +++ b/drivers/atm/idt77105.c @@ -358,7 +358,7 @@ static const struct atmphy_ops idt77105_ops = { }; -int idt77105_init(struct atm_dev *dev) +int __devinit idt77105_init(struct atm_dev *dev) { dev->phy = &idt77105_ops; return 0; diff --git a/drivers/atm/idt77105.h b/drivers/atm/idt77105.h index 8ba8218aaefe..3fd2bc899761 100644 --- a/drivers/atm/idt77105.h +++ b/drivers/atm/idt77105.h @@ -76,7 +76,7 @@ #define IDT77105_CTRSEL_RHEC 0x01 /* W, Rx HEC Error Counter */ #ifdef __KERNEL__ -int idt77105_init(struct atm_dev *dev) __init; +int idt77105_init(struct atm_dev *dev); #endif /* -- cgit v1.2.3 From 249c14b55c8576ad8c6ec23c7c1b3b2219b33e54 Mon Sep 17 00:00:00 2001 From: Chas Williams Date: Thu, 29 Jun 2006 12:35:32 -0700 Subject: [ATM]: [iphase] should be __devinit not __init Signed-off-by: Chas Williams Signed-off-by: David S. Miller --- drivers/atm/iphase.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c index 2e2e50e1167a..333a7bc609d2 100644 --- a/drivers/atm/iphase.c +++ b/drivers/atm/iphase.c @@ -2284,7 +2284,7 @@ static int reset_sar(struct atm_dev *dev) } -static int __init ia_init(struct atm_dev *dev) +static int __devinit ia_init(struct atm_dev *dev) { IADEV *iadev; unsigned long real_base; @@ -2480,7 +2480,7 @@ static void ia_free_rx(IADEV *iadev) iadev->rx_dle_dma); } -static int __init ia_start(struct atm_dev *dev) +static int __devinit ia_start(struct atm_dev *dev) { IADEV *iadev; int error; -- cgit v1.2.3 From d17f086550a6fdb13fe82371d60ebf80904c6f96 Mon Sep 17 00:00:00 2001 From: Chas Williams Date: Thu, 29 Jun 2006 12:35:49 -0700 Subject: [ATM]: [suni] change suni_init to __devinit Signed-off-by: Chas Williams Signed-off-by: David S. Miller --- drivers/atm/he.c | 2 +- drivers/atm/suni.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/atm/he.c b/drivers/atm/he.c index fde9334059af..a486eb1f1640 100644 --- a/drivers/atm/he.c +++ b/drivers/atm/he.c @@ -1018,7 +1018,7 @@ he_init_irq(struct he_dev *he_dev) return 0; } -static int __init +static int __devinit he_start(struct atm_dev *dev) { struct he_dev *he_dev; diff --git a/drivers/atm/suni.c b/drivers/atm/suni.c index b1d063cc4fbe..f04f39c00833 100644 --- a/drivers/atm/suni.c +++ b/drivers/atm/suni.c @@ -289,7 +289,7 @@ static const struct atmphy_ops suni_ops = { }; -int suni_init(struct atm_dev *dev) +int __devinit suni_init(struct atm_dev *dev) { unsigned char mri; -- cgit v1.2.3 From 656d98b09d57d4e1185c5d2436a42600d48fbcb5 Mon Sep 17 00:00:00 2001 From: Roman Kagan Date: Thu, 29 Jun 2006 12:36:34 -0700 Subject: [ATM]: basic sysfs support for ATM devices Signed-off-by: Chas Williams Signed-off-by: David S. Miller --- include/linux/atmdev.h | 4 +- net/atm/Makefile | 2 +- net/atm/atm_sysfs.c | 176 +++++++++++++++++++++++++++++++++++++++++++++++++ net/atm/common.c | 7 ++ net/atm/common.h | 2 + net/atm/resources.c | 22 +++++-- net/atm/resources.h | 2 + 7 files changed, 209 insertions(+), 6 deletions(-) create mode 100644 net/atm/atm_sysfs.c diff --git a/include/linux/atmdev.h b/include/linux/atmdev.h index 1eb238affb12..41788a31c438 100644 --- a/include/linux/atmdev.h +++ b/include/linux/atmdev.h @@ -7,6 +7,7 @@ #define LINUX_ATMDEV_H +#include #include #include #include @@ -358,6 +359,7 @@ struct atm_dev { struct proc_dir_entry *proc_entry; /* proc entry */ char *proc_name; /* proc entry name */ #endif + struct class_device class_dev; /* sysfs class device */ struct list_head dev_list; /* linkage */ }; @@ -459,7 +461,7 @@ static inline void atm_dev_put(struct atm_dev *dev) BUG_ON(!test_bit(ATM_DF_REMOVED, &dev->flags)); if (dev->ops->dev_close) dev->ops->dev_close(dev); - kfree(dev); + class_device_put(&dev->class_dev); } } diff --git a/net/atm/Makefile b/net/atm/Makefile index d5818751f6ba..89656d6c0b90 100644 --- a/net/atm/Makefile +++ b/net/atm/Makefile @@ -2,7 +2,7 @@ # Makefile for the ATM Protocol Families. # -atm-y := addr.o pvc.o signaling.o svc.o ioctl.o common.o atm_misc.o raw.o resources.o +atm-y := addr.o pvc.o signaling.o svc.o ioctl.o common.o atm_misc.o raw.o resources.o atm_sysfs.o mpoa-objs := mpc.o mpoa_caches.o mpoa_proc.o obj-$(CONFIG_ATM) += atm.o diff --git a/net/atm/atm_sysfs.c b/net/atm/atm_sysfs.c new file mode 100644 index 000000000000..5df4b9a068bb --- /dev/null +++ b/net/atm/atm_sysfs.c @@ -0,0 +1,176 @@ +/* ATM driver model support. */ + +#include +#include +#include +#include +#include +#include "common.h" +#include "resources.h" + +#define to_atm_dev(cldev) container_of(cldev, struct atm_dev, class_dev) + +static ssize_t show_type(struct class_device *cdev, char *buf) +{ + struct atm_dev *adev = to_atm_dev(cdev); + return sprintf(buf, "%s\n", adev->type); +} + +static ssize_t show_address(struct class_device *cdev, char *buf) +{ + char *pos = buf; + struct atm_dev *adev = to_atm_dev(cdev); + int i; + + for (i = 0; i < (ESI_LEN - 1); i++) + pos += sprintf(pos, "%02x:", adev->esi[i]); + pos += sprintf(pos, "%02x\n", adev->esi[i]); + + return pos - buf; +} + +static ssize_t show_atmaddress(struct class_device *cdev, char *buf) +{ + unsigned long flags; + char *pos = buf; + struct atm_dev *adev = to_atm_dev(cdev); + struct atm_dev_addr *aaddr; + int bin[] = { 1, 2, 10, 6, 1 }, *fmt = bin; + int i, j; + + spin_lock_irqsave(&adev->lock, flags); + list_for_each_entry(aaddr, &adev->local, entry) { + for(i = 0, j = 0; i < ATM_ESA_LEN; ++i, ++j) { + if (j == *fmt) { + pos += sprintf(pos, "."); + ++fmt; + j = 0; + } + pos += sprintf(pos, "%02x", aaddr->addr.sas_addr.prv[i]); + } + pos += sprintf(pos, "\n"); + } + spin_unlock_irqrestore(&adev->lock, flags); + + return pos - buf; +} + +static ssize_t show_carrier(struct class_device *cdev, char *buf) +{ + char *pos = buf; + struct atm_dev *adev = to_atm_dev(cdev); + + pos += sprintf(pos, "%d\n", + adev->signal == ATM_PHY_SIG_LOST ? 0 : 1); + + return pos - buf; +} + +static ssize_t show_link_rate(struct class_device *cdev, char *buf) +{ + char *pos = buf; + struct atm_dev *adev = to_atm_dev(cdev); + int link_rate; + + /* show the link rate, not the data rate */ + switch (adev->link_rate) { + case ATM_OC3_PCR: + link_rate = 155520000; + break; + case ATM_OC12_PCR: + link_rate = 622080000; + break; + case ATM_25_PCR: + link_rate = 25600000; + break; + default: + link_rate = adev->link_rate * 8 * 53; + } + pos += sprintf(pos, "%d\n", link_rate); + + return pos - buf; +} + +static CLASS_DEVICE_ATTR(address, S_IRUGO, show_address, NULL); +static CLASS_DEVICE_ATTR(atmaddress, S_IRUGO, show_atmaddress, NULL); +static CLASS_DEVICE_ATTR(carrier, S_IRUGO, show_carrier, NULL); +static CLASS_DEVICE_ATTR(type, S_IRUGO, show_type, NULL); +static CLASS_DEVICE_ATTR(link_rate, S_IRUGO, show_link_rate, NULL); + +static struct class_device_attribute *atm_attrs[] = { + &class_device_attr_atmaddress, + &class_device_attr_address, + &class_device_attr_carrier, + &class_device_attr_type, + &class_device_attr_link_rate, + NULL +}; + +static int atm_uevent(struct class_device *cdev, char **envp, int num_envp, char *buf, int size) +{ + struct atm_dev *adev; + int i = 0, len = 0; + + if (!cdev) + return -ENODEV; + + adev = to_atm_dev(cdev); + if (!adev) + return -ENODEV; + + if (add_uevent_var(envp, num_envp, &i, buf, size, &len, + "NAME=%s%d", adev->type, adev->number)) + return -ENOMEM; + + envp[i] = NULL; + return 0; +} + +static void atm_release(struct class_device *cdev) +{ + struct atm_dev *adev = to_atm_dev(cdev); + + kfree(adev); +} + +static struct class atm_class = { + .name = "atm", + .release = atm_release, + .uevent = atm_uevent, +}; + +int atm_register_sysfs(struct atm_dev *adev) +{ + struct class_device *cdev = &adev->class_dev; + int i, err; + + cdev->class = &atm_class; + class_set_devdata(cdev, adev); + + snprintf(cdev->class_id, BUS_ID_SIZE, "%s%d", adev->type, adev->number); + err = class_device_register(cdev); + if (err < 0) + return err; + + for (i = 0; atm_attrs[i]; i++) + class_device_create_file(cdev, atm_attrs[i]); + + return 0; +} + +void atm_unregister_sysfs(struct atm_dev *adev) +{ + struct class_device *cdev = &adev->class_dev; + + class_device_del(cdev); +} + +int __init atm_sysfs_init(void) +{ + return class_register(&atm_class); +} + +void __exit atm_sysfs_exit(void) +{ + class_unregister(&atm_class); +} diff --git a/net/atm/common.c b/net/atm/common.c index ae002220fa99..35ab1a61e831 100644 --- a/net/atm/common.c +++ b/net/atm/common.c @@ -791,8 +791,14 @@ static int __init atm_init(void) printk(KERN_ERR "atm_proc_init() failed with %d\n",error); goto out_atmsvc_exit; } + if ((error = atm_sysfs_init()) < 0) { + printk(KERN_ERR "atm_sysfs_init() failed with %d\n",error); + goto out_atmproc_exit; + } out: return error; +out_atmproc_exit: + atm_proc_exit(); out_atmsvc_exit: atmsvc_exit(); out_atmpvc_exit: @@ -805,6 +811,7 @@ out_unregister_vcc_proto: static void __exit atm_exit(void) { atm_proc_exit(); + atm_sysfs_exit(); atmsvc_exit(); atmpvc_exit(); proto_unregister(&vcc_proto); diff --git a/net/atm/common.h b/net/atm/common.h index 4887c317cefe..a422da7788fb 100644 --- a/net/atm/common.h +++ b/net/atm/common.h @@ -28,6 +28,8 @@ int atmpvc_init(void); void atmpvc_exit(void); int atmsvc_init(void); void atmsvc_exit(void); +int atm_sysfs_init(void); +void atm_sysfs_exit(void); #ifdef CONFIG_PROC_FS int atm_proc_init(void); diff --git a/net/atm/resources.c b/net/atm/resources.c index 18ac80698f83..534baf704056 100644 --- a/net/atm/resources.c +++ b/net/atm/resources.c @@ -114,14 +114,27 @@ struct atm_dev *atm_dev_register(const char *type, const struct atmdev_ops *ops, printk(KERN_ERR "atm_dev_register: " "atm_proc_dev_register failed for dev %s\n", type); - mutex_unlock(&atm_dev_mutex); - kfree(dev); - return NULL; + goto out_fail; + } + + if (atm_register_sysfs(dev) < 0) { + printk(KERN_ERR "atm_dev_register: " + "atm_register_sysfs failed for dev %s\n", + type); + atm_proc_dev_deregister(dev); + goto out_fail; } + list_add_tail(&dev->dev_list, &atm_devs); - mutex_unlock(&atm_dev_mutex); +out: + mutex_unlock(&atm_dev_mutex); return dev; + +out_fail: + kfree(dev); + dev = NULL; + goto out; } @@ -140,6 +153,7 @@ void atm_dev_deregister(struct atm_dev *dev) mutex_unlock(&atm_dev_mutex); atm_dev_release_vccs(dev); + atm_unregister_sysfs(dev); atm_proc_dev_deregister(dev); atm_dev_put(dev); diff --git a/net/atm/resources.h b/net/atm/resources.h index ac7222fee7a8..644989980c37 100644 --- a/net/atm/resources.h +++ b/net/atm/resources.h @@ -43,4 +43,6 @@ static inline void atm_proc_dev_deregister(struct atm_dev *dev) #endif /* CONFIG_PROC_FS */ +int atm_register_sysfs(struct atm_dev *adev); +void atm_unregister_sysfs(struct atm_dev *adev); #endif -- cgit v1.2.3 From 745720e58303f940e12944bf7fab52bc9ce48bda Mon Sep 17 00:00:00 2001 From: Michael Chan Date: Thu, 29 Jun 2006 12:37:41 -0700 Subject: [BNX2]: Use dev_kfree_skb() instead of the _irq version Change all dev_kfree_skb_irq() and dev_kfree_skb_any() to dev_kfree_skb(). These calls are never used in irq context. Signed-off-by: Michael Chan Signed-off-by: David S. Miller --- drivers/net/bnx2.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/net/bnx2.c b/drivers/net/bnx2.c index e89d5df3e978..e59cb5925154 100644 --- a/drivers/net/bnx2.c +++ b/drivers/net/bnx2.c @@ -1676,7 +1676,7 @@ bnx2_tx_int(struct bnx2 *bp) tx_free_bd += last + 1; - dev_kfree_skb_irq(skb); + dev_kfree_skb(skb); hw_cons = bp->hw_tx_cons = sblk->status_tx_quick_consumer_index0; @@ -1824,7 +1824,7 @@ reuse_rx: if ((len > (bp->dev->mtu + ETH_HLEN)) && (ntohs(skb->protocol) != 0x8100)) { - dev_kfree_skb_irq(skb); + dev_kfree_skb(skb); goto next_rx; } @@ -3643,7 +3643,7 @@ bnx2_free_tx_skbs(struct bnx2 *bp) skb_shinfo(skb)->frags[j].size, PCI_DMA_TODEVICE); } - dev_kfree_skb_any(skb); + dev_kfree_skb(skb); i += j + 1; } @@ -3669,7 +3669,7 @@ bnx2_free_rx_skbs(struct bnx2 *bp) rx_buf->skb = NULL; - dev_kfree_skb_any(skb); + dev_kfree_skb(skb); } } @@ -3999,7 +3999,7 @@ bnx2_run_loopback(struct bnx2 *bp, int loopback_mode) udelay(5); pci_unmap_single(bp->pdev, map, pkt_size, PCI_DMA_TODEVICE); - dev_kfree_skb_irq(skb); + dev_kfree_skb(skb); if (bp->status_blk->status_tx_quick_consumer_index0 != bp->tx_prod) { goto loopback_test_done; -- cgit v1.2.3 From 6c4f095eae35e83eb6148dec7f72874eeadf0c9b Mon Sep 17 00:00:00 2001 From: Michael Chan Date: Thu, 29 Jun 2006 12:38:15 -0700 Subject: [BNX2]: Turn off link during shutdown Minor change in shutdown logic to effect a link down. Update version to 1.4.43. Signed-off-by: Michael Chan Signed-off-by: David S. Miller --- drivers/net/bnx2.c | 8 ++++---- drivers/net/bnx2.h | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/net/bnx2.c b/drivers/net/bnx2.c index e59cb5925154..d55b0f7939a6 100644 --- a/drivers/net/bnx2.c +++ b/drivers/net/bnx2.c @@ -57,8 +57,8 @@ #define DRV_MODULE_NAME "bnx2" #define PFX DRV_MODULE_NAME ": " -#define DRV_MODULE_VERSION "1.4.42" -#define DRV_MODULE_RELDATE "June 12, 2006" +#define DRV_MODULE_VERSION "1.4.43" +#define DRV_MODULE_RELDATE "June 28, 2006" #define RUN_AT(x) (jiffies + (x)) @@ -4541,7 +4541,7 @@ bnx2_close(struct net_device *dev) bnx2_netif_stop(bp); del_timer_sync(&bp->timer); if (bp->flags & NO_WOL_FLAG) - reset_code = BNX2_DRV_MSG_CODE_UNLOAD; + reset_code = BNX2_DRV_MSG_CODE_UNLOAD_LNK_DN; else if (bp->wol) reset_code = BNX2_DRV_MSG_CODE_SUSPEND_WOL; else @@ -5978,7 +5978,7 @@ bnx2_suspend(struct pci_dev *pdev, pm_message_t state) netif_device_detach(dev); del_timer_sync(&bp->timer); if (bp->flags & NO_WOL_FLAG) - reset_code = BNX2_DRV_MSG_CODE_UNLOAD; + reset_code = BNX2_DRV_MSG_CODE_UNLOAD_LNK_DN; else if (bp->wol) reset_code = BNX2_DRV_MSG_CODE_SUSPEND_WOL; else diff --git a/drivers/net/bnx2.h b/drivers/net/bnx2.h index 5845e334941b..658c5ee95c73 100644 --- a/drivers/net/bnx2.h +++ b/drivers/net/bnx2.h @@ -4174,6 +4174,7 @@ struct fw_info { #define BNX2_DRV_MSG_CODE_PULSE 0x06000000 #define BNX2_DRV_MSG_CODE_DIAG 0x07000000 #define BNX2_DRV_MSG_CODE_SUSPEND_NO_WOL 0x09000000 +#define BNX2_DRV_MSG_CODE_UNLOAD_LNK_DN 0x0b000000 #define BNX2_DRV_MSG_DATA 0x00ff0000 #define BNX2_DRV_MSG_DATA_WAIT0 0x00010000 -- cgit v1.2.3 From 7263ade1e1e72e34fc3c179f3aeaa07a11872d22 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Thu, 29 Jun 2006 12:39:07 -0700 Subject: [IrDA]: MCS7780 usb_driver struct should be static This patch makes a needlessly global struct static. Signed-off-by: Adrian Bunk Signed-off-by: Samuel Ortiz Signed-off-by: David S. Miller --- drivers/net/irda/mcs7780.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/irda/mcs7780.c b/drivers/net/irda/mcs7780.c index 754297fc8f22..47f6f64d604c 100644 --- a/drivers/net/irda/mcs7780.c +++ b/drivers/net/irda/mcs7780.c @@ -101,7 +101,7 @@ static int transceiver_type = MCS_TSC_VISHAY; module_param(transceiver_type, int, 0444); MODULE_PARM_DESC(transceiver_type, "IR transceiver type, see mcs7780.h."); -struct usb_driver mcs_driver = { +static struct usb_driver mcs_driver = { .name = "mcs7780", .probe = mcs_probe, .disconnect = mcs_disconnect, -- cgit v1.2.3 From c22751b73a3770b3046102bb97b139218ff1875b Mon Sep 17 00:00:00 2001 From: Matt LaPlante Date: Thu, 29 Jun 2006 12:51:15 -0700 Subject: [NETFILTE] ipv4: Fix typo (Bugzilla #6753) This patch fixes bugzilla #6753, a typo in the netfilter Kconfig Signed-off-by: David S. Miller --- net/ipv4/netfilter/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index e1d7f5fbc526..ef0b5aac5838 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig @@ -332,7 +332,7 @@ config IP_NF_MATCH_HASHLIMIT help This option adds a new iptables `hashlimit' match. - As opposed to `limit', this match dynamically crates a hash table + As opposed to `limit', this match dynamically creates a hash table of limit buckets, based on your selection of source/destination ip addresses and/or ports. -- cgit v1.2.3 From 5bba17127e7c78e819560519449db237e1b0f99b Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Thu, 29 Jun 2006 13:02:35 -0700 Subject: [NET]: make skb_release_data() static skb_release_data() no longer has any users in other files. Signed-off-by: Adrian Bunk Signed-off-by: David S. Miller --- arch/x86_64/kernel/functionlist | 1 - include/linux/skbuff.h | 1 - net/core/skbuff.c | 2 +- 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/x86_64/kernel/functionlist b/arch/x86_64/kernel/functionlist index 2bcebdc3eedb..01fa23580c85 100644 --- a/arch/x86_64/kernel/functionlist +++ b/arch/x86_64/kernel/functionlist @@ -384,7 +384,6 @@ *(.text.__end_that_request_first) *(.text.wake_up_bit) *(.text.unuse_mm) -*(.text.skb_release_data) *(.text.shrink_icache_memory) *(.text.sched_balance_self) *(.text.__pmd_alloc) diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index e74c294929a0..59918be91d0a 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -1304,7 +1304,6 @@ extern void skb_copy_and_csum_dev(const struct sk_buff *skb, u8 *to); extern void skb_split(struct sk_buff *skb, struct sk_buff *skb1, const u32 len); -extern void skb_release_data(struct sk_buff *skb); extern struct sk_buff *skb_segment(struct sk_buff *skb, int features); static inline void *skb_header_pointer(const struct sk_buff *skb, int offset, diff --git a/net/core/skbuff.c b/net/core/skbuff.c index dfef9eece83e..a1c9ecf4f1e0 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -272,7 +272,7 @@ static void skb_clone_fraglist(struct sk_buff *skb) skb_get(list); } -void skb_release_data(struct sk_buff *skb) +static void skb_release_data(struct sk_buff *skb) { if (!skb->cloned || !atomic_sub_return(skb->nohdr ? (1 << SKB_DATAREF_SHIFT) + 1 : 1, -- cgit v1.2.3 From 244055fdc8dd39407a33d4eb9f4053dd4ca8f1bb Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Thu, 29 Jun 2006 13:04:41 -0700 Subject: [XFRM]: unexport xfrm_state_mtu This patch removes the unused EXPORT_SYMBOL(xfrm_state_mtu). Signed-off-by: Adrian Bunk Signed-off-by: David S. Miller --- net/xfrm/xfrm_state.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 17b29ec3c417..43f00fc28a3d 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1164,8 +1164,6 @@ int xfrm_state_mtu(struct xfrm_state *x, int mtu) return res; } -EXPORT_SYMBOL(xfrm_state_mtu); - int xfrm_init_state(struct xfrm_state *x) { struct xfrm_state_afinfo *afinfo; -- cgit v1.2.3 From 1bc1731133140dccdd08899a59bbc06d975d0a15 Mon Sep 17 00:00:00 2001 From: Josh Triplett Date: Thu, 29 Jun 2006 17:02:31 -0700 Subject: [IrDA]: Fix RCU lock pairing on error path irlan_client_discovery_indication calls rcu_read_lock and rcu_read_unlock, but returns without unlocking in an error case. Fix that by replacing the return with a goto so that the rcu_read_unlock always gets executed. Signed-off-by: Josh Triplett Acked-by: Paul E. McKenney Signed-off-by: Samuel Ortiz samuel@sortiz.org <> Signed-off-by: David S. Miller --- net/irda/irlan/irlan_client.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/irda/irlan/irlan_client.c b/net/irda/irlan/irlan_client.c index f8e6cb0db04b..95cf1234ea17 100644 --- a/net/irda/irlan/irlan_client.c +++ b/net/irda/irlan/irlan_client.c @@ -173,13 +173,14 @@ void irlan_client_discovery_indication(discinfo_t *discovery, rcu_read_lock(); self = irlan_get_any(); if (self) { - IRDA_ASSERT(self->magic == IRLAN_MAGIC, return;); + IRDA_ASSERT(self->magic == IRLAN_MAGIC, goto out;); IRDA_DEBUG(1, "%s(), Found instance (%08x)!\n", __FUNCTION__ , daddr); irlan_client_wakeup(self, saddr, daddr); } +IRDA_ASSERT_LABEL(out:) rcu_read_unlock(); } -- cgit v1.2.3 From caf430f37119af5faac9252ec4e18cb1c55dde26 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Thu, 29 Jun 2006 17:03:19 -0700 Subject: [IrDA]: Fix the AU1000 FIR dependencies AU1000 FIR is broken, it should depend on SOC_AU1000. Spotted by Jean-Luc Leger. Signed-off-by: Adrian Bunk Signed-off-by: Samuel Ortiz Signed-off-by: David S. Miller --- drivers/net/irda/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/irda/Kconfig b/drivers/net/irda/Kconfig index d2ce4896abff..e9e6d99a9add 100644 --- a/drivers/net/irda/Kconfig +++ b/drivers/net/irda/Kconfig @@ -350,7 +350,7 @@ config TOSHIBA_FIR config AU1000_FIR tristate "Alchemy Au1000 SIR/FIR" - depends on MIPS_AU1000 && IRDA + depends on SOC_AU1000 && IRDA config SMC_IRCC_FIR tristate "SMSC IrCC (EXPERIMENTAL)" -- cgit v1.2.3 From e49060c7cab6ca856d048e1e10d71c0e6fedf376 Mon Sep 17 00:00:00 2001 From: Allan Stephens Date: Thu, 29 Jun 2006 12:32:46 -0700 Subject: [TIPC]: Fixed skb_under_panic caused by tipc_link_bundle_buf Now determines tailroom of bundle buffer by directly inspection of buffer. Previously, buffer was assumed to have a max capacity equal to the link MTU, but the addition of link MTU negotiation means that the link MTU can increase after the bundle buffer is allocated. Signed-off-by: Allan Stephens Signed-off-by: Per Liden Signed-off-by: David S. Miller --- net/tipc/link.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/net/tipc/link.c b/net/tipc/link.c index d64658053746..c6831c75cfa4 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c @@ -2,7 +2,7 @@ * net/tipc/link.c: TIPC link code * * Copyright (c) 1996-2006, Ericsson AB - * Copyright (c) 2004-2005, Wind River Systems + * Copyright (c) 2004-2006, Wind River Systems * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -988,17 +988,18 @@ static int link_bundle_buf(struct link *l_ptr, struct tipc_msg *bundler_msg = buf_msg(bundler); struct tipc_msg *msg = buf_msg(buf); u32 size = msg_size(msg); - u32 to_pos = align(msg_size(bundler_msg)); - u32 rest = link_max_pkt(l_ptr) - to_pos; + u32 bundle_size = msg_size(bundler_msg); + u32 to_pos = align(bundle_size); + u32 pad = to_pos - bundle_size; if (msg_user(bundler_msg) != MSG_BUNDLER) return 0; if (msg_type(bundler_msg) != OPEN_MSG) return 0; - if (rest < align(size)) + if (skb_tailroom(bundler) < (pad + size)) return 0; - skb_put(bundler, (to_pos - msg_size(bundler_msg)) + size); + skb_put(bundler, pad + size); memcpy(bundler->data + to_pos, buf->data, size); msg_set_size(bundler_msg, to_pos + size); msg_set_msgcnt(bundler_msg, msg_msgcnt(bundler_msg) + 1); -- cgit v1.2.3 From ea13847b240e689e8f291355c36b46de9f44ddf9 Mon Sep 17 00:00:00 2001 From: Allan Stephens Date: Thu, 29 Jun 2006 12:33:20 -0700 Subject: [TIPC]: Improve response to requests for node/link information Now allocates reply space for "get links" request based on number of actual links, not number of potential links. Also, limits reply to "get links" and "get nodes" requests to 32KB to match capabilities of tipc-config utility that issued request. Signed-off-by: Allan Stephens Signed-off-by: Per Liden --- net/tipc/node.c | 26 +++++++++++++++++--------- net/tipc/zone.h | 4 ++-- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/net/tipc/node.c b/net/tipc/node.c index 861322b935da..fc6d09630ccd 100644 --- a/net/tipc/node.c +++ b/net/tipc/node.c @@ -2,7 +2,7 @@ * net/tipc/node.c: TIPC node management routines * * Copyright (c) 2000-2006, Ericsson AB - * Copyright (c) 2005, Wind River Systems + * Copyright (c) 2005-2006, Wind River Systems * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -592,6 +592,7 @@ struct sk_buff *tipc_node_get_nodes(const void *req_tlv_area, int req_tlv_space) struct sk_buff *buf; struct node *n_ptr; struct tipc_node_info node_info; + u32 payload_size; if (!TLV_CHECK(req_tlv_area, req_tlv_space, TIPC_TLV_NET_ADDR)) return tipc_cfg_reply_error_string(TIPC_CFG_TLV_ERROR); @@ -608,8 +609,11 @@ struct sk_buff *tipc_node_get_nodes(const void *req_tlv_area, int req_tlv_space) /* For now, get space for all other nodes (will need to modify this when slave nodes are supported */ - buf = tipc_cfg_reply_alloc(TLV_SPACE(sizeof(node_info)) * - (tipc_max_nodes - 1)); + payload_size = TLV_SPACE(sizeof(node_info)) * (tipc_max_nodes - 1); + if (payload_size > 32768u) + return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED + " (too many nodes)"); + buf = tipc_cfg_reply_alloc(payload_size); if (!buf) return NULL; @@ -633,6 +637,7 @@ struct sk_buff *tipc_node_get_links(const void *req_tlv_area, int req_tlv_space) struct sk_buff *buf; struct node *n_ptr; struct tipc_link_info link_info; + u32 payload_size; if (!TLV_CHECK(req_tlv_area, req_tlv_space, TIPC_TLV_NET_ADDR)) return tipc_cfg_reply_error_string(TIPC_CFG_TLV_ERROR); @@ -645,12 +650,15 @@ struct sk_buff *tipc_node_get_links(const void *req_tlv_area, int req_tlv_space) if (!tipc_nodes) return tipc_cfg_reply_none(); - - /* For now, get space for 2 links to all other nodes + bcast link - (will need to modify this when slave nodes are supported */ - - buf = tipc_cfg_reply_alloc(TLV_SPACE(sizeof(link_info)) * - (2 * (tipc_max_nodes - 1) + 1)); + + /* Get space for all unicast links + multicast link */ + + payload_size = TLV_SPACE(sizeof(link_info)) * + (tipc_net.zones[tipc_zone(tipc_own_addr)]->links + 1); + if (payload_size > 32768u) + return tipc_cfg_reply_error_string(TIPC_CFG_NOT_SUPPORTED + " (too many links)"); + buf = tipc_cfg_reply_alloc(payload_size); if (!buf) return NULL; diff --git a/net/tipc/zone.h b/net/tipc/zone.h index 267999c5a240..5ab3d08602e2 100644 --- a/net/tipc/zone.h +++ b/net/tipc/zone.h @@ -2,7 +2,7 @@ * net/tipc/zone.h: Include file for TIPC zone management routines * * Copyright (c) 2000-2006, Ericsson AB - * Copyright (c) 2005, Wind River Systems + * Copyright (c) 2005-2006, Wind River Systems * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -45,7 +45,7 @@ * struct _zone - TIPC zone structure * @addr: network address of zone * @clusters: array of pointers to all clusters within zone - * @links: (used for inter-zone communication) + * @links: number of (unicast) links to zone */ struct _zone { -- cgit v1.2.3 From 0702056f9f41274a06e21cb05f12b4265b4867a2 Mon Sep 17 00:00:00 2001 From: Allan Stephens Date: Thu, 29 Jun 2006 12:33:51 -0700 Subject: [TIPC]: Initial activation message now includes TIPC version number Signed-off-by: Allan Stephens Signed-off-by: Per Liden Signed-off-by: David S. Miller --- net/tipc/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/tipc/core.c b/net/tipc/core.c index 5003acb15919..0539a8362858 100644 --- a/net/tipc/core.c +++ b/net/tipc/core.c @@ -191,7 +191,8 @@ static int __init tipc_init(void) int res; tipc_log_reinit(CONFIG_TIPC_LOG); - info("Activated (compiled " __DATE__ " " __TIME__ ")\n"); + info("Activated (version " TIPC_MOD_VER + " compiled " __DATE__ " " __TIME__ ")\n"); tipc_own_addr = 0; tipc_remote_management = 1; -- cgit v1.2.3