1. 12 9月, 2009 1 次提交
  2. 13 8月, 2009 1 次提交
    • M
      Use correct NET_RX_* returns for atalk_rcv() · 6885ffb3
      Mark Smith 提交于
      In all rx'd SKB cases, atalk_rcv() either eventually jumps to or falls through
          to the label out:, which  returns numeric 0. Numeric 0 corresponds to
          NET_RX_SUCCESS, which is incorrect in failed SKB cases.
      
          This patch makes atalk_rcv() provide the correct returns by:
      
          o  explicitly returning NET_RX_SUCCESS in the two success cases
          o  having the out: label return NET_RX_DROP, instead of numeric 0
          o  making the failed SKB labels and processing more consistent with other
             _rcv() routines in the kernel, simplifying validation and removing a
             backwards goto
      Signed-off-by: NMark Smith <markzzzsmith@yahoo.com.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6885ffb3
  3. 07 8月, 2009 1 次提交
  4. 13 7月, 2009 1 次提交
  5. 18 6月, 2009 1 次提交
  6. 17 6月, 2009 1 次提交
  7. 09 6月, 2009 1 次提交
  8. 27 3月, 2009 1 次提交
  9. 10 3月, 2009 1 次提交
  10. 27 2月, 2009 1 次提交
  11. 01 2月, 2009 1 次提交
  12. 26 12月, 2008 1 次提交
    • J
      net/appletalk: Remove redundant test · 88a44e51
      Julia Lawall 提交于
      atif is tested for being NULL twice, with the same effect in each case.  I
      have kept the second test, as it seems to fit well with the comment above it.
      
      A simplified version of the semantic patch that makes this change is as
      follows: (http://www.emn.fr/x-info/coccinelle/)
      
      // <smpl>
      @r exists@
      local idexpression x;
      expression E;
      position p1,p2;
      @@
      
      if (x@p1 == NULL || ...) { ... when forall
         return ...; }
      ... when != \(x=E\|x--\|x++\|--x\|++x\|x-=E\|x+=E\|x|=E\|x&=E\|&x\)
      (
      x@p2 == NULL
      |
      x@p2 != NULL
      )
      
      // another path to the test that is not through p1?
      @s exists@
      local idexpression r.x;
      position r.p1,r.p2;
      @@
      
      ... when != x@p1
      (
      x@p2 == NULL
      |
      x@p2 != NULL
      )
      
      @fix depends on !s@
      position r.p1,r.p2;
      expression x,E;
      statement S1,S2;
      @@
      
      (
      - if ((x@p2 != NULL) || ...)
        S1
      |
      - if ((x@p2 == NULL) && ...) S1
      |
      - BUG_ON(x@p2 == NULL);
      )
      // </smpl>
      Signed-off-by: NJulia Lawall <julia@diku.dk>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      88a44e51
  13. 13 11月, 2008 1 次提交
    • W
      netdevice: safe convert to netdev_priv() #part-4 · 524ad0a7
      Wang Chen 提交于
      We have some reasons to kill netdev->priv:
      1. netdev->priv is equal to netdev_priv().
      2. netdev_priv() wraps the calculation of netdev->priv's offset, obviously
         netdev_priv() is more flexible than netdev->priv.
      But we cann't kill netdev->priv, because so many drivers reference to it
      directly.
      
      This patch is a safe convert for netdev->priv to netdev_priv(netdev).
      Since all of the netdev->priv is only for read.
      But it is too big to be sent in one mail.
      I split it to 4 parts and make every part smaller than 100,000 bytes,
      which is max size allowed by vger.
      Signed-off-by: NWang Chen <wangchen@cn.fujitsu.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      524ad0a7
  14. 14 10月, 2008 1 次提交
  15. 26 7月, 2008 1 次提交
  16. 20 7月, 2008 1 次提交
  17. 26 3月, 2008 1 次提交
  18. 29 1月, 2008 1 次提交
  19. 01 11月, 2007 1 次提交
  20. 11 10月, 2007 5 次提交
    • E
      [NET]: Make the device list and device lookups per namespace. · 881d966b
      Eric W. Biederman 提交于
      This patch makes most of the generic device layer network
      namespace safe.  This patch makes dev_base_head a
      network namespace variable, and then it picks up
      a few associated variables.  The functions:
      dev_getbyhwaddr
      dev_getfirsthwbytype
      dev_get_by_flags
      dev_get_by_name
      __dev_get_by_name
      dev_get_by_index
      __dev_get_by_index
      dev_ioctl
      dev_ethtool
      dev_load
      wireless_process_ioctl
      
      were modified to take a network namespace argument, and
      deal with it.
      
      vlan_ioctl_set and brioctl_set were modified so their
      hooks will receive a network namespace argument.
      
      So basically anthing in the core of the network stack that was
      affected to by the change of dev_base was modified to handle
      multiple network namespaces.  The rest of the network stack was
      simply modified to explicitly use &init_net the initial network
      namespace.  This can be fixed when those components of the network
      stack are modified to handle multiple network namespaces.
      
      For now the ifindex generator is left global.
      
      Fundametally ifindex numbers are per namespace, or else
      we will have corner case problems with migration when
      we get that far.
      
      At the same time there are assumptions in the network stack
      that the ifindex of a network device won't change.  Making
      the ifindex number global seems a good compromise until
      the network stack can cope with ifindex changes when
      you change namespaces, and the like.
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      881d966b
    • E
      [NET]: Make device event notification network namespace safe · e9dc8653
      Eric W. Biederman 提交于
      Every user of the network device notifiers is either a protocol
      stack or a pseudo device.  If a protocol stack that does not have
      support for multiple network namespaces receives an event for a
      device that is not in the initial network namespace it quite possibly
      can get confused and do the wrong thing.
      
      To avoid problems until all of the protocol stacks are converted
      this patch modifies all netdev event handlers to ignore events on
      devices that are not in the initial network namespace.
      
      As the rest of the code is made network namespace aware these
      checks can be removed.
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e9dc8653
    • E
      [NET]: Make packet reception network namespace safe · e730c155
      Eric W. Biederman 提交于
      This patch modifies every packet receive function
      registered with dev_add_pack() to drop packets if they
      are not from the initial network namespace.
      
      This should ensure that the various network stacks do
      not receive packets in a anything but the initial network
      namespace until the code has been converted and is ready
      for them.
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e730c155
    • E
      [NET]: Make socket creation namespace safe. · 1b8d7ae4
      Eric W. Biederman 提交于
      This patch passes in the namespace a new socket should be created in
      and has the socket code do the appropriate reference counting.  By
      virtue of this all socket create methods are touched.  In addition
      the socket create methods are modified so that they will fail if
      you attempt to create a socket in a non-default network namespace.
      
      Failing if we attempt to create a socket outside of the default
      network namespace ensures that as we incrementally make the network stack
      network namespace aware we will not export functionality that someone
      has not audited and made certain is network namespace safe.
      Allowing us to partially enable network namespaces before all of the
      exotic protocols are supported.
      
      Any protocol layers I have missed will fail to compile because I now
      pass an extra parameter into the socket creation code.
      
      [ Integrated AF_IUCV build fixes from Andrew Morton... -DaveM ]
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1b8d7ae4
    • E
      [ATALK]: In notifier handlers convert the void pointer to a netdevice · 890d52d3
      Eric W. Biederman 提交于
      This slightly improves code safety and clarity.
      
      Later network namespace patches touch this code so this is a
      preliminary cleanup.
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      890d52d3
  21. 09 5月, 2007 1 次提交
  22. 28 4月, 2007 1 次提交
  23. 26 4月, 2007 5 次提交
  24. 05 4月, 2007 1 次提交
    • J
      [APPLETALK]: Fix a remotely triggerable crash · 75559c16
      Jean Delvare 提交于
      When we receive an AppleTalk frame shorter than what its header says,
      we still attempt to verify its checksum, and trip on the BUG_ON() at
      the end of function atalk_sum_skb() because of the length mismatch.
      
      This has security implications because this can be triggered by simply
      sending a specially crafted ethernet frame to a target victim,
      effectively crashing that host. Thus this qualifies, I think, as a
      remote DoS. Here is the frame I used to trigger the crash, in npg
      format:
      
      <Appletalk Killer>
      {
      # Ethernet header -----
      
        XX XX XX XX XX XX  # Destination MAC
        00 00 00 00 00 00  # Source MAC
        00 1D              # Length
      
      # LLC header -----
      
        AA AA 03
        08 00 07 80 9B  # Appletalk
      
      # Appletalk header -----
      
        00 1B        # Packet length (invalid)
        00 01        # Fake checksum 
        00 00 00 00  # Destination and source networks
        00 00 00 00  # Destination and source nodes and ports
      
      # Payload -----
      
        0C 0D 0E 0F 10 11 12 13
        14
      }
      
      The destination MAC address must be set to those of the victim.
      
      The severity is mitigated by two requirements:
      * The target host must have the appletalk kernel module loaded. I
        suspect this isn't so frequent.
      * AppleTalk frames are non-IP, thus I guess they can only travel on
        local networks. I am no network expert though, maybe it is possible
        to somehow encapsulate AppleTalk packets over IP.
      
      The bug has been reported back in June 2004:
        http://bugzilla.kernel.org/show_bug.cgi?id=2979
      But it wasn't investigated, and was closed in July 2006 as both
      reporters had vanished meanwhile.
      
      This code was new in kernel 2.6.0-test5:
        http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=7ab442d7e0a76402c12553ee256f756097cae2d2
      And not modified since then, so we can assume that vanilla kernels
      2.6.0-test5 and later, and distribution kernels based thereon, are
      affected.
      
      Note that I still do not know for sure what triggered the bug in the
      real-world cases. The frame could have been corrupted by the kernel if
      we have a bug hiding somewhere. But more likely, we are receiving the
      faulty frame from the network.
      Signed-off-by: NJean Delvare <jdelvare@suse.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      75559c16
  25. 11 2月, 2007 1 次提交
  26. 04 12月, 2006 1 次提交
  27. 31 10月, 2006 1 次提交
  28. 29 9月, 2006 1 次提交
  29. 22 7月, 2006 1 次提交
  30. 01 7月, 2006 1 次提交
  31. 29 3月, 2006 1 次提交
  32. 12 1月, 2006 1 次提交