- Mar 13, 2011
-
-
Allan Stephens authored
Removes a race condition that could cause TIPC's internal counter of the number of links it has to neighboring nodes to have the incorrect value if two independent threads of control simultaneously create new link endpoints connecting to two different nodes using two different bearers. Such under counting would result in TIPC failing to list the final link(s) in its response to a configuration request to list all of the node's links. The counter is now updated atomically to ensure that simultaneous increments do not interfere with each other. Thanks go to Peter Butler <pbutler@pt.com> for his assistance in diagnosing and fixing this problem. Signed-off-by:
Allan Stephens <Allan.Stephens@windriver.com> Signed-off-by:
Paul Gortmaker <paul.gortmaker@windriver.com>
-
Allan Stephens authored
Adds support for the SO_RCVTIMEO socket option to TIPC's socket receive routines. Thanks go out to Raj Hegde <rajenhegde@yahoo.ca> for his contribution to the development and testing this enhancement. Signed-off-by:
-
Allan Stephens authored
Relocates the code that notifies users of node subscriptions so that it is adjacent to the rest of the routines that implement TIPC's node subscription capability. Renames the name table routine that is invoked by a node subscription to better reflect its purpose and to be consistent with other, similar name table routines. These changes are cosmetic in nature, and do not alter the behavior of TIPC. Signed-off-by:
-
Allan Stephens authored
Prevents a null pointer dereference from occurring if a node subscription is triggered at the same time that the subscribing port or publication is terminating the subscription. The problem arises if the triggering routine asynchronously activates and deregisters the node subscription while deregistration is already underway -- the deregistration routine may find that the pointer it has just verified to be non-NULL is now NULL. To avoid this race condition the triggering routine now simply marks the node subscription as defunct (to prevent it from re-activating) instead of deregistering it. The subscription is now both deregistered and destroyed only when the subscribing port or publication code terminates the node subscription. Signed-off-by:
-
Allan Stephens authored
Introduces a pair of helper routines that convert the network address for a TIPC node into the network address for its cluster or zone. This is a cosmetic change designed to avoid future errors caused by the incorrect use of address bitmasks, and does not alter the existing operation of TIPC. Signed-off-by:
-
Allan Stephens authored
Fixes a typo in the calculation of the network address of a node's own cluster when generating a response to the configuration command that lists all of the node's links. The correct mask value for a <Z.C.N> network address uses 1's for the 8-bit zone and 12-bit cluster parts and 0's for the 12-bit node part. Signed-off-by:
-
Allan Stephens authored
Enhances TIPC's socket receive routines to support iovec structures containing more than a single entry. This change leverages existing sk_buff routines to do most of the work; the only significant change to TIPC itself is that an sk_buff now records how much data has been already consumed as an numeric offset, rather than as a pointer to the first unread data byte. Signed-off-by:
-
- Mar 12, 2011
-
-
David S. Miller authored
Signed-off-by:David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Signed-off-by: -
David S. Miller authored
Signed-off-by: -
David S. Miller authored
Signed-off-by: -
David S. Miller authored
This function no longer exists. Signed-off-by: -
David S. Miller authored
Signed-off-by: -
David S. Miller authored
Signed-off-by: -
David S. Miller authored
Signed-off-by: -
David S. Miller authored
Signed-off-by: -
David S. Miller authored
Signed-off-by: -
David S. Miller authored
Signed-off-by: -
David S. Miller authored
Signed-off-by: -
David S. Miller authored
Signed-off-by: -
David S. Miller authored
We will change the externally visible APIs next. Signed-off-by: -
David S. Miller authored
To start doing these conversions, we need to add some temporary flow4_* macros which will eventually go away when all the protocol code paths are changed to work on AF specific flowi objects. Signed-off-by: -
David S. Miller authored
Now we have struct flowi4, flowi6, and flowidn for each address family. And struct flowi is just a union of them all. It might have been troublesome to convert flow_cache_uli_match() but as it turns out this function is completely unused and therefore can be simply removed. Signed-off-by: -
David S. Miller authored
Create two sets of port member accessors, one set prefixed by fl4_* and the other prefixed by fl6_* This will let us to create AF optimal flow instances. It will work because every context in which we access the ports, we have to be fully aware of which AF the flowi is anyways. Signed-off-by: -
David S. Miller authored
I intend to turn struct flowi into a union of AF specific flowi structs. There will be a common structure that each variant includes first, much like struct sock_common. This is the first step to move in that direction. Signed-off-by: -
David S. Miller authored
There is only one caller of xfrm_bundle_ok(), and that always passes these parameters as NULL. Signed-off-by: -
David S. Miller authored
The idea here is this minimizes the number of places one has to edit in order to make changes to how flows are defined and used. Signed-off-by:
-
- Mar 11, 2011
-
-
David S. Miller authored
Completely unused. Signed-off-by: -
David S. Miller authored
fl->oif will always be zero on the input path, so there is no reason to test for that. Signed-off-by: -
David S. Miller authored
All callers are under rcu_read_lock() protection already. Rename to ip_check_mc_rcu() to make it even more clear. Signed-off-by:
-
- Mar 10, 2011
-
-
stephen hemminger authored
Add necessary alias to autoload ip6ip6 tunnel module. Signed-off-by:
Stephen Hemminger <shemminger@vyatta.com> Signed-off-by:
-
Randy Dunlap authored
When configs BRIDGE=y and IPV6=m, this build error occurs: br_multicast.c:(.text+0xa3341): undefined reference to `ipv6_dev_get_saddr' BRIDGE_IGMP_SNOOPING is boolean; if it were tristate, then adding depends on IPV6 || IPV6=n to BRIDGE_IGMP_SNOOPING would be a good fix. As it is currently, making BRIDGE depend on the IPV6 config works. Reported-by:
Patrick Schaaf <netdev@bof.de> Signed-off-by:
Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by:
-
Stephen Hemminger authored
Signed-off-by:
-
David S. Miller authored
Like in commit 44713b67 ("ipv4: Optimize flow initialization in output route lookup." we can optimize the on-stack flow setup to only initialize the members which are actually used. Otherwise we bzero the entire structure, then initialize explicitly the first half of it. Signed-off-by:
-
David S. Miller authored
Like in commit 44713b67 ("ipv4: Optimize flow initialization in output route lookup." we can optimize the on-stack flow setup to only initialize the members which are actually used. Otherwise we bzero the entire structure, then initialize explicitly the first half of it. Signed-off-by:
-
David S. Miller authored
Addresses https://bugzilla.kernel.org/show_bug.cgi?id=29252 Addresses https://bugzilla.kernel.org/show_bug.cgi?id=30462 In commit d80bc0fd ("ipv6: Always clone offlink routes.") we forced the kernel to always clone offlink routes. The reason we do that is to make sure we never bind an inetpeer to a prefixed route. The logic turned on here has existed in the tree for many years, but was always off due to a protecting CPP define. So perhaps it's no surprise that there is a logic bug here. The problem is that we canot clone a route that is already a host route (ie. has DST_HOST set). Because if we do, an identical entry already exists in the routing tree and therefore the ip6_rt_ins() call is going to fail. This sets off a series of failures and high cpu usage, because when ip6_rt_ins() fails we loop retrying this operation a few times in order to handle a race between two threads trying to clone and insert the same host route at the same time. Fix this by simply using the route as-is when DST_HOST is set. Reported-by:
<slash@ac.auone-net.jp> Reported-by:
Ernst Sjöstrand <ernstp@gmail.com> Signed-off-by:
-
- Mar 09, 2011
-
-
Vasiliy Kulikov authored
Since a8f80e8f any process with CAP_NET_ADMIN may load any module from /lib/modules/. This doesn't mean that CAP_NET_ADMIN is a superset of CAP_SYS_MODULE as modules are limited to /lib/modules/**. However, CAP_NET_ADMIN capability shouldn't allow anybody load any module not related to networking. This patch restricts an ability of autoloading modules to netdev modules with explicit aliases. This fixes CVE-2011-1019. Arnd Bergmann suggested to leave untouched the old pre-v2.6.32 behavior of loading netdev modules by name (without any prefix) for processes with CAP_SYS_MODULE to maintain the compatibility with network scripts that use autoloading netdev modules by aliases like "eth0", "wlan0". Currently there are only three users of the feature in the upstream kernel: ipip, ip_gre and sit. root@albatros:~# capsh --drop=$(seq -s, 0 11),$(seq -s, 13 34) -- root@albatros:~# grep Cap /proc/$$/status CapInh: 0000000000000000 CapPrm: fffffff800001000 CapEff: fffffff800001000 CapBnd: fffffff800001000 root@albatros:~# modprobe xfs FATAL: Error inserting xfs (/lib/modules/2.6.38-rc6-00001-g2bf4ca3/kernel/fs/xfs/xfs.ko): Operation not permitted root@albatros:~# lsmod | grep xfs root@albatros:~# ifconfig xfs xfs: error fetching interface information: Device not found root@albatros:~# lsmod | grep xfs root@albatros:~# lsmod | grep sit root@albatros:~# ifconfig sit sit: error fetching interface information: Device not found root@albatros:~# lsmod | grep sit root@albatros:~# ifconfig sit0 sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 root@albatros:~# lsmod | grep sit sit 10457 0 tunnel4 2957 1 sit For CAP_SYS_MODULE module loading is still relaxed: root@albatros:~# grep Cap /proc/$$/status CapInh: 0000000000000000 CapPrm: ffffffffffffffff CapEff: ffffffffffffffff CapBnd: ffffffffffffffff root@albatros:~# ifconfig xfs xfs: error fetching interface information: Device not found root@albatros:~# lsmod | grep xfs xfs 745319 0 Reference: https://lkml.org/lkml/2011/2/24/203 Signed-off-by:
Vasiliy Kulikov <segoon@openwall.com> Signed-off-by:
Michael Tokarev <mjt@tls.msk.ru> Acked-by:
Kees Cook <kees.cook@canonical.com> Signed-off-by:
James Morris <jmorris@namei.org>
-
Daniel Turull authored
The units in show_results in pktgen were not correct. The results are in usec but it was displayed nsec. Reported-by:
Jong-won Lee <ljw@handong.edu> Signed-off-by:
Daniel Turull <daniel.turull@gmail.com> Signed-off-by:
-
Mario Schuknecht authored
In contrast to SIOCOUTQ which returns the amount of data sent but not yet acknowledged plus data not yet sent this patch only returns the data not sent. For various methods of live streaming bitrate control it may be helpful to know how much data are in the tcp outqueue are not sent yet. Signed-off-by:
Mario Schuknecht <m.schuknecht@dresearch.de> Signed-off-by:
Steffen Sledz <sledz@dresearch.de> Signed-off-by:
-
David S. Miller authored
Create a common helper for this operation, since we do it identically in three spots. Suggested by Eric Dumazet. Signed-off-by:
-
