1. 23 2月, 2018 2 次提交
  2. 19 2月, 2018 3 次提交
  3. 31 1月, 2018 3 次提交
    • T
      cfg80211: Add support to notify station's opmode change to userspace · 466b9936
      tamizhr@codeaurora.org 提交于
      ht/vht action frames will be sent to AP from station to notify
      change of its ht/vht opmode(max bandwidth, smps mode or nss) modified
      values. Currently these valuse used by driver/firmware for rate control
      algorithm. This patch introduces NL80211_CMD_STA_OPMODE_CHANGED
      command to notify those modified/current supported values(max bandwidth,
      smps mode, max nss) to userspace application. This will be useful for the
      application like steering, which closely monitoring station's capability
      changes. Since the application has taken these values during station
      association.
      Signed-off-by: NTamizh chelvam <tamizhr@codeaurora.org>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      466b9936
    • S
      cfg80211/nl80211: Optional authentication offload to userspace · 40cbfa90
      Srinivas Dasari 提交于
      This interface allows the host driver to offload the authentication to
      user space. This is exclusively defined for host drivers that do not
      define separate commands for authentication and association, but rely on
      userspace SME (e.g., in wpa_supplicant for the ~WPA_DRIVER_FLAGS_SME
      case) for the authentication to happen. This can be used to implement
      SAE without full implementation in the kernel/firmware while still being
      able to use NL80211_CMD_CONNECT with driver-based BSS selection.
      
      Host driver sends NL80211_CMD_EXTERNAL_AUTH event to start/abort
      authentication to the port on which connect is triggered and status
      of authentication is further indicated by user space to host
      driver through the same command response interface.
      
      User space entities advertise this capability through the
      NL80211_ATTR_EXTERNAL_AUTH_SUPP flag in the NL80211_CMD_CONNECT request.
      Host drivers shall look at this capability to offload the authentication.
      Signed-off-by: NSrinivas Dasari <dasaris@qti.qualcomm.com>
      Signed-off-by: NJouni Malinen <jouni@qca.qualcomm.com>
      [add socket connection ownership check]
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      40cbfa90
    • S
      nl80211: Introduce scan flags to emphasize requested scan behavior · 5037a009
      Sunil Dutt 提交于
      This commit defines new scan flags (LOW_SPAN, LOW_POWER, HIGH_LATENCY)
      to emphasize the requested scan behavior for the driver. These flags
      are optional and are mutually exclusive. The implementation of the
      respective functionality can be driver/hardware specific.
      
      These flags can be used to control the compromise between how long
      a scan takes, how much power it uses, and high accurate/complete
      the scan is in finding the BSSs.
      Signed-off-by: NSunil Dutt <usdutt@qti.qualcomm.com>
      Signed-off-by: NJouni Malinen <jouni@qca.qualcomm.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      5037a009
  4. 30 1月, 2018 10 次提交
  5. 27 1月, 2018 1 次提交
    • D
      bpf: make unknown opcode handling more robust · 5e581dad
      Daniel Borkmann 提交于
      Recent findings by syzcaller fixed in 7891a87e ("bpf: arsh is
      not supported in 32 bit alu thus reject it") triggered a warning
      in the interpreter due to unknown opcode not being rejected by
      the verifier. The 'return 0' for an unknown opcode is really not
      optimal, since with BPF to BPF calls, this would go untracked by
      the verifier.
      
      Do two things here to improve the situation: i) perform basic insn
      sanity check early on in the verification phase and reject every
      non-uapi insn right there. The bpf_opcode_in_insntable() table
      reuses the same mapping as the jumptable in ___bpf_prog_run() sans
      the non-public mappings. And ii) in ___bpf_prog_run() we do need
      to BUG in the case where the verifier would ever create an unknown
      opcode due to some rewrites.
      
      Note that JITs do not have such issues since they would punt to
      interpreter in these situations. Moreover, the BPF_JIT_ALWAYS_ON
      would also help to avoid such unknown opcodes in the first place.
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      5e581dad
  6. 26 1月, 2018 12 次提交
  7. 25 1月, 2018 9 次提交
    • D
      net: tcp: close sock if net namespace is exiting · 4ee806d5
      Dan Streetman 提交于
      When a tcp socket is closed, if it detects that its net namespace is
      exiting, close immediately and do not wait for FIN sequence.
      
      For normal sockets, a reference is taken to their net namespace, so it will
      never exit while the socket is open.  However, kernel sockets do not take a
      reference to their net namespace, so it may begin exiting while the kernel
      socket is still open.  In this case if the kernel socket is a tcp socket,
      it will stay open trying to complete its close sequence.  The sock's dst(s)
      hold a reference to their interface, which are all transferred to the
      namespace's loopback interface when the real interfaces are taken down.
      When the namespace tries to take down its loopback interface, it hangs
      waiting for all references to the loopback interface to release, which
      results in messages like:
      
      unregister_netdevice: waiting for lo to become free. Usage count = 1
      
      These messages continue until the socket finally times out and closes.
      Since the net namespace cleanup holds the net_mutex while calling its
      registered pernet callbacks, any new net namespace initialization is
      blocked until the current net namespace finishes exiting.
      
      After this change, the tcp socket notices the exiting net namespace, and
      closes immediately, releasing its dst(s) and their reference to the
      loopback interface, which lets the net namespace continue exiting.
      
      Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1711407
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=97811Signed-off-by: NDan Streetman <ddstreet@canonical.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4ee806d5
    • A
      kill kernel_sock_ioctl() · 5c59e564
      Al Viro 提交于
      no users since 2014
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      5c59e564
    • A
      dev_ioctl(): move copyin/copyout to callers · 44c02a2c
      Al Viro 提交于
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      44c02a2c
    • A
      lift handling of SIOCIW... out of dev_ioctl() · b1b0c245
      Al Viro 提交于
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      b1b0c245
    • A
      ip_rt_ioctl(): take copyin to caller · ca25c300
      Al Viro 提交于
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      ca25c300
    • A
      devinet_ioctl(): take copyin/copyout to caller · 03aef17b
      Al Viro 提交于
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      03aef17b
    • A
      net: separate SIOCGIFCONF handling from dev_ioctl() · 36fd633e
      Al Viro 提交于
      Only two of dev_ioctl() callers may pass SIOCGIFCONF to it.
      Separating that codepath from the rest of dev_ioctl() allows both
      to simplify dev_ioctl() itself (all other cases work with struct ifreq *)
      *and* seriously simplify the compat side of that beast: all it takes
      is passing to inet_gifconf() an extra argument - the size of individual
      records (sizeof(struct ifreq) or sizeof(struct compat_ifreq)).  With
      dev_ifconf() called directly from sock_do_ioctl()/compat_dev_ifconf()
      that's easy to arrange.
      
      As the result, compat side of SIOCGIFCONF doesn't need any
      allocations, copy_in_user() back and forth, etc.
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      36fd633e
    • W
      net: erspan: fix use-after-free · b423d13c
      William Tu 提交于
      When building the erspan header for either v1 or v2, the eth_hdr()
      does not point to the right inner packet's eth_hdr,
      causing kasan report use-after-free and slab-out-of-bouds read.
      
      The patch fixes the following syzkaller issues:
      [1] BUG: KASAN: slab-out-of-bounds in erspan_xmit+0x22d4/0x2430 net/ipv4/ip_gre.c:735
      [2] BUG: KASAN: slab-out-of-bounds in erspan_build_header+0x3bf/0x3d0 net/ipv4/ip_gre.c:698
      [3] BUG: KASAN: use-after-free in erspan_xmit+0x22d4/0x2430 net/ipv4/ip_gre.c:735
      [4] BUG: KASAN: use-after-free in erspan_build_header+0x3bf/0x3d0 net/ipv4/ip_gre.c:698
      
      [2] CPU: 0 PID: 3654 Comm: syzkaller377964 Not tainted 4.15.0-rc9+ #185
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:17 [inline]
       dump_stack+0x194/0x257 lib/dump_stack.c:53
       print_address_description+0x73/0x250 mm/kasan/report.c:252
       kasan_report_error mm/kasan/report.c:351 [inline]
       kasan_report+0x25b/0x340 mm/kasan/report.c:409
       __asan_report_load_n_noabort+0xf/0x20 mm/kasan/report.c:440
       erspan_build_header+0x3bf/0x3d0 net/ipv4/ip_gre.c:698
       erspan_xmit+0x3b8/0x13b0 net/ipv4/ip_gre.c:740
       __netdev_start_xmit include/linux/netdevice.h:4042 [inline]
       netdev_start_xmit include/linux/netdevice.h:4051 [inline]
       packet_direct_xmit+0x315/0x6b0 net/packet/af_packet.c:266
       packet_snd net/packet/af_packet.c:2943 [inline]
       packet_sendmsg+0x3aed/0x60b0 net/packet/af_packet.c:2968
       sock_sendmsg_nosec net/socket.c:638 [inline]
       sock_sendmsg+0xca/0x110 net/socket.c:648
       SYSC_sendto+0x361/0x5c0 net/socket.c:1729
       SyS_sendto+0x40/0x50 net/socket.c:1697
       do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
       do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
       entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129
      RIP: 0023:0xf7fcfc79
      RSP: 002b:00000000ffc6976c EFLAGS: 00000286 ORIG_RAX: 0000000000000171
      RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020011000
      RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020008000
      RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
      R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
      
      Fixes: f551c91d ("net: erspan: introduce erspan v2 for ip_gre")
      Fixes: 84e54fe0 ("gre: introduce native tunnel support for ERSPAN")
      Reported-by: syzbot+9723f2d288e49b492cf0@syzkaller.appspotmail.com
      Reported-by: syzbot+f0ddeb2b032a8e1d9098@syzkaller.appspotmail.com
      Reported-by: syzbot+f14b3703cd8d7670203f@syzkaller.appspotmail.com
      Reported-by: syzbot+eefa384efad8d7997f20@syzkaller.appspotmail.com
      Signed-off-by: NWilliam Tu <u9012063@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b423d13c
    • J
      net: sched: remove tc_cls_common_offload_init_deprecated() · c846adb6
      Jakub Kicinski 提交于
      All users are now converted to tc_cls_common_offload_init().
      Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      Reviewed-by: NSimon Horman <simon.horman@netronome.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c846adb6