1. 15 8月, 2012 1 次提交
  2. 18 6月, 2012 1 次提交
  3. 21 4月, 2012 2 次提交
  4. 16 4月, 2012 1 次提交
  5. 14 4月, 2012 2 次提交
  6. 13 4月, 2012 1 次提交
    • E
      phonet: Sort out initiailziation and cleanup code. · 03478756
      Eric W. Biederman 提交于
      Recently an oops was reported in phonet if there was a failure during
      network namespace creation.
      
      [  163.733755] ------------[ cut here ]------------
      [  163.734501] kernel BUG at include/net/netns/generic.h:45!
      [  163.734501] invalid opcode: 0000 [#1] PREEMPT SMP
      [  163.734501] CPU 2
      [  163.734501] Pid: 19145, comm: trinity Tainted: G        W 3.4.0-rc1-next-20120405-sasha-dirty #57
      [  163.734501] RIP: 0010:[<ffffffff824d6062>]  [<ffffffff824d6062>] phonet_pernet+0x182/0x1a0
      [  163.734501] RSP: 0018:ffff8800674d5ca8  EFLAGS: 00010246
      [  163.734501] RAX: 000000003fffffff RBX: 0000000000000000 RCX: ffff8800678c88d8
      [  163.734501] RDX: 00000000003f4000 RSI: ffff8800678c8910 RDI: 0000000000000282
      [  163.734501] RBP: ffff8800674d5cc8 R08: 0000000000000000 R09: 0000000000000000
      [  163.734501] R10: 0000000000000000 R11: 0000000000000000 R12: ffff880068bec920
      [  163.734501] R13: ffffffff836b90c0 R14: 0000000000000000 R15: 0000000000000000
      [  163.734501] FS:  00007f055e8de700(0000) GS:ffff88007d000000(0000) knlGS:0000000000000000
      [  163.734501] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
      [  163.734501] CR2: 00007f055e6bb518 CR3: 0000000070c16000 CR4: 00000000000406e0
      [  163.734501] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [  163.734501] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      [  163.734501] Process trinity (pid: 19145, threadinfo ffff8800674d4000, task ffff8800678c8000)
      [  163.734501] Stack:
      [  163.734501]  ffffffff824d5f00 ffffffff810e2ec1 ffff880067ae0000 00000000ffffffd4
      [  163.734501]  ffff8800674d5cf8 ffffffff824d667a ffff880067ae0000 00000000ffffffd4
      [  163.734501]  ffffffff836b90c0 0000000000000000 ffff8800674d5d18 ffffffff824d707d
      [  163.734501] Call Trace:
      [  163.734501]  [<ffffffff824d5f00>] ? phonet_pernet+0x20/0x1a0
      [  163.734501]  [<ffffffff810e2ec1>] ? get_parent_ip+0x11/0x50
      [  163.734501]  [<ffffffff824d667a>] phonet_device_destroy+0x1a/0x100
      [  163.734501]  [<ffffffff824d707d>] phonet_device_notify+0x3d/0x50
      [  163.734501]  [<ffffffff810dd96e>] notifier_call_chain+0xee/0x130
      [  163.734501]  [<ffffffff810dd9d1>] raw_notifier_call_chain+0x11/0x20
      [  163.734501]  [<ffffffff821cce12>] call_netdevice_notifiers+0x52/0x60
      [  163.734501]  [<ffffffff821cd235>] rollback_registered_many+0x185/0x270
      [  163.734501]  [<ffffffff821cd334>] unregister_netdevice_many+0x14/0x60
      [  163.734501]  [<ffffffff823123e3>] ipip_exit_net+0x1b3/0x1d0
      [  163.734501]  [<ffffffff82312230>] ? ipip_rcv+0x420/0x420
      [  163.734501]  [<ffffffff821c8515>] ops_exit_list+0x35/0x70
      [  163.734501]  [<ffffffff821c911b>] setup_net+0xab/0xe0
      [  163.734501]  [<ffffffff821c9416>] copy_net_ns+0x76/0x100
      [  163.734501]  [<ffffffff810dc92b>] create_new_namespaces+0xfb/0x190
      [  163.734501]  [<ffffffff810dca21>] unshare_nsproxy_namespaces+0x61/0x80
      [  163.734501]  [<ffffffff810afd1f>] sys_unshare+0xff/0x290
      [  163.734501]  [<ffffffff8187622e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
      [  163.734501]  [<ffffffff82665539>] system_call_fastpath+0x16/0x1b
      [  163.734501] Code: e0 c3 fe 66 0f 1f 44 00 00 48 c7 c2 40 60 4d 82 be 01 00 00 00 48 c7 c7 80 d1 23 83 e8 48 2a c4 fe e8 73 06 c8 fe 48 85 db 75 0e <0f> 0b 0f 1f 40 00 eb fe 66 0f 1f 44 00 00 48 83 c4 10 48 89 d8
      [  163.734501] RIP  [<ffffffff824d6062>] phonet_pernet+0x182/0x1a0
      [  163.734501]  RSP <ffff8800674d5ca8>
      [  163.861289] ---[ end trace fb5615826c548066 ]---
      
      After investigation it turns out there were two issues.
      1) Phonet was not implementing network devices but was using register_pernet_device
         instead of register_pernet_subsys.
      
         This was allowing there to be cases when phonenet was not initialized and
         the phonet net_generic was not set for a network namespace when network
         device events were being reported on the netdevice_notifier for a network
         namespace leading to the oops above.
      
      2) phonet_exit_net was implementing a confusing and special case of handling all
         network devices from going away that it was hard to see was correct, and would
         only occur when the phonet module was removed.
      
         Now that unregister_netdevice_notifier has been modified to synthesize unregistration
         events for the network devices that are extant when called this confusing special
         case in phonet_exit_net is no longer needed.
      Signed-off-by: NEric W. Biederman <ebiederm@xmission.com>
      Acked-by: NRémi Denis-Courmont <remi.denis-courmont@nokia.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      03478756
  7. 06 4月, 2012 1 次提交
    • S
      phonet: Check input from user before allocating · bcf1b70a
      Sasha Levin 提交于
      A phonet packet is limited to USHRT_MAX bytes, this is never checked during
      tx which means that the user can specify any size he wishes, and the kernel
      will attempt to allocate that size.
      
      In the good case, it'll lead to the following warning, but it may also cause
      the kernel to kick in the OOM and kill a random task on the server.
      
      [ 8921.744094] WARNING: at mm/page_alloc.c:2255 __alloc_pages_slowpath+0x65/0x730()
      [ 8921.749770] Pid: 5081, comm: trinity Tainted: G        W    3.4.0-rc1-next-20120402-sasha #46
      [ 8921.756672] Call Trace:
      [ 8921.758185]  [<ffffffff810b2ba7>] warn_slowpath_common+0x87/0xb0
      [ 8921.762868]  [<ffffffff810b2be5>] warn_slowpath_null+0x15/0x20
      [ 8921.765399]  [<ffffffff8117eae5>] __alloc_pages_slowpath+0x65/0x730
      [ 8921.769226]  [<ffffffff81179c8a>] ? zone_watermark_ok+0x1a/0x20
      [ 8921.771686]  [<ffffffff8117d045>] ? get_page_from_freelist+0x625/0x660
      [ 8921.773919]  [<ffffffff8117f3a8>] __alloc_pages_nodemask+0x1f8/0x240
      [ 8921.776248]  [<ffffffff811c03e0>] kmalloc_large_node+0x70/0xc0
      [ 8921.778294]  [<ffffffff811c4bd4>] __kmalloc_node_track_caller+0x34/0x1c0
      [ 8921.780847]  [<ffffffff821b0e3c>] ? sock_alloc_send_pskb+0xbc/0x260
      [ 8921.783179]  [<ffffffff821b3c65>] __alloc_skb+0x75/0x170
      [ 8921.784971]  [<ffffffff821b0e3c>] sock_alloc_send_pskb+0xbc/0x260
      [ 8921.787111]  [<ffffffff821b002e>] ? release_sock+0x7e/0x90
      [ 8921.788973]  [<ffffffff821b0ff0>] sock_alloc_send_skb+0x10/0x20
      [ 8921.791052]  [<ffffffff824cfc20>] pep_sendmsg+0x60/0x380
      [ 8921.792931]  [<ffffffff824cb4a6>] ? pn_socket_bind+0x156/0x180
      [ 8921.794917]  [<ffffffff824cb50f>] ? pn_socket_autobind+0x3f/0x90
      [ 8921.797053]  [<ffffffff824cb63f>] pn_socket_sendmsg+0x4f/0x70
      [ 8921.798992]  [<ffffffff821ab8e7>] sock_aio_write+0x187/0x1b0
      [ 8921.801395]  [<ffffffff810e325e>] ? sub_preempt_count+0xae/0xf0
      [ 8921.803501]  [<ffffffff8111842c>] ? __lock_acquire+0x42c/0x4b0
      [ 8921.805505]  [<ffffffff821ab760>] ? __sock_recv_ts_and_drops+0x140/0x140
      [ 8921.807860]  [<ffffffff811e07cc>] do_sync_readv_writev+0xbc/0x110
      [ 8921.809986]  [<ffffffff811958e7>] ? might_fault+0x97/0xa0
      [ 8921.811998]  [<ffffffff817bd99e>] ? security_file_permission+0x1e/0x90
      [ 8921.814595]  [<ffffffff811e17e2>] do_readv_writev+0xe2/0x1e0
      [ 8921.816702]  [<ffffffff810b8dac>] ? do_setitimer+0x1ac/0x200
      [ 8921.818819]  [<ffffffff810e2ec1>] ? get_parent_ip+0x11/0x50
      [ 8921.820863]  [<ffffffff810e325e>] ? sub_preempt_count+0xae/0xf0
      [ 8921.823318]  [<ffffffff811e1926>] vfs_writev+0x46/0x60
      [ 8921.825219]  [<ffffffff811e1a3f>] sys_writev+0x4f/0xb0
      [ 8921.827127]  [<ffffffff82658039>] system_call_fastpath+0x16/0x1b
      [ 8921.829384] ---[ end trace dffe390f30db9eb7 ]---
      Signed-off-by: NSasha Levin <levinsasha928@gmail.com>
      Acked-by: NRémi Denis-Courmont <remi.denis-courmont@nokia.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bcf1b70a
  8. 02 4月, 2012 1 次提交
  9. 13 1月, 2012 1 次提交
  10. 19 11月, 2011 1 次提交
  11. 01 11月, 2011 2 次提交
  12. 02 8月, 2011 1 次提交
  13. 10 6月, 2011 1 次提交
    • G
      rtnetlink: Compute and store minimum ifinfo dump size · c7ac8679
      Greg Rose 提交于
      The message size allocated for rtnl ifinfo dumps was limited to
      a single page.  This is not enough for additional interface info
      available with devices that support SR-IOV and caused a bug in
      which VF info would not be displayed if more than approximately
      40 VFs were created per interface.
      
      Implement a new function pointer for the rtnl_register service that will
      calculate the amount of data required for the ifinfo dump and allocate
      enough data to satisfy the request.
      Signed-off-by: NGreg Rose <gregory.v.rose@intel.com>
      Signed-off-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
      c7ac8679
  14. 24 5月, 2011 1 次提交
    • D
      net: convert %p usage to %pK · 71338aa7
      Dan Rosenberg 提交于
      The %pK format specifier is designed to hide exposed kernel pointers,
      specifically via /proc interfaces.  Exposing these pointers provides an
      easy target for kernel write vulnerabilities, since they reveal the
      locations of writable structures containing easily triggerable function
      pointers.  The behavior of %pK depends on the kptr_restrict sysctl.
      
      If kptr_restrict is set to 0, no deviation from the standard %p behavior
      occurs.  If kptr_restrict is set to 1, the default, if the current user
      (intended to be a reader via seq_printf(), etc.) does not have CAP_SYSLOG
      (currently in the LSM tree), kernel pointers using %pK are printed as 0's.
       If kptr_restrict is set to 2, kernel pointers using %pK are printed as
      0's regardless of privileges.  Replacing with 0's was chosen over the
      default "(null)", which cannot be parsed by userland %p, which expects
      "(nil)".
      
      The supporting code for kptr_restrict and %pK are currently in the -mm
      tree.  This patch converts users of %p in net/ to %pK.  Cases of printing
      pointers to the syslog are not covered, since this would eliminate useful
      information for postmortem debugging and the reading of the syslog is
      already optionally protected by the dmesg_restrict sysctl.
      Signed-off-by: NDan Rosenberg <drosenberg@vsecurity.com>
      Cc: James Morris <jmorris@namei.org>
      Cc: Eric Dumazet <eric.dumazet@gmail.com>
      Cc: Thomas Graf <tgraf@infradead.org>
      Cc: Eugene Teo <eugeneteo@kernel.org>
      Cc: Kees Cook <kees.cook@canonical.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: David S. Miller <davem@davemloft.net>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Eric Paris <eparis@parisplace.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      71338aa7
  15. 08 5月, 2011 1 次提交
  16. 03 5月, 2011 1 次提交
    • E
      net: dont hold rtnl mutex during netlink dump callbacks · e67f88dd
      Eric Dumazet 提交于
      Four years ago, Patrick made a change to hold rtnl mutex during netlink
      dump callbacks.
      
      I believe it was a wrong move. This slows down concurrent dumps, making
      good old /proc/net/ files faster than rtnetlink in some situations.
      
      This occurred to me because one "ip link show dev ..." was _very_ slow
      on a workload adding/removing network devices in background.
      
      All dump callbacks are able to use RCU locking now, so this patch does
      roughly a revert of commits :
      
      1c2d670f : [RTNETLINK]: Hold rtnl_mutex during netlink dump callbacks
      6313c1e0 : [RTNETLINK]: Remove unnecessary locking in dump callbacks
      
      This let writers fight for rtnl mutex and readers going full speed.
      
      It also takes care of phonet : phonet_route_get() is now called from rcu
      read section. I renamed it to phonet_route_get_rcu()
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Cc: Patrick McHardy <kaber@trash.net>
      Cc: Remi Denis-Courmont <remi.denis-courmont@nokia.com>
      Acked-by: NStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e67f88dd
  17. 15 4月, 2011 1 次提交
  18. 16 3月, 2011 1 次提交
  19. 10 3月, 2011 8 次提交
  20. 26 2月, 2011 7 次提交
  21. 11 1月, 2011 1 次提交
  22. 23 11月, 2010 1 次提交
  23. 20 10月, 2010 1 次提交
  24. 14 10月, 2010 1 次提交