1. 11 5月, 2011 1 次提交
  2. 03 5月, 2011 1 次提交
  3. 13 4月, 2011 2 次提交
  4. 31 3月, 2011 1 次提交
  5. 30 3月, 2011 1 次提交
  6. 28 3月, 2011 2 次提交
  7. 22 3月, 2011 1 次提交
  8. 17 3月, 2011 1 次提交
  9. 10 3月, 2011 1 次提交
    • V
      net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules · 8909c9ad
      Vasiliy Kulikov 提交于
      Since a8f80e8f any process with
      CAP_NET_ADMIN may load any module from /lib/modules/.  This doesn't mean
      that CAP_NET_ADMIN is a superset of CAP_SYS_MODULE as modules are
      limited to /lib/modules/**.  However, CAP_NET_ADMIN capability shouldn't
      allow anybody load any module not related to networking.
      
      This patch restricts an ability of autoloading modules to netdev modules
      with explicit aliases.  This fixes CVE-2011-1019.
      
      Arnd Bergmann suggested to leave untouched the old pre-v2.6.32 behavior
      of loading netdev modules by name (without any prefix) for processes
      with CAP_SYS_MODULE to maintain the compatibility with network scripts
      that use autoloading netdev modules by aliases like "eth0", "wlan0".
      
      Currently there are only three users of the feature in the upstream
      kernel: ipip, ip_gre and sit.
      
          root@albatros:~# capsh --drop=$(seq -s, 0 11),$(seq -s, 13 34) --
          root@albatros:~# grep Cap /proc/$$/status
          CapInh:	0000000000000000
          CapPrm:	fffffff800001000
          CapEff:	fffffff800001000
          CapBnd:	fffffff800001000
          root@albatros:~# modprobe xfs
          FATAL: Error inserting xfs
          (/lib/modules/2.6.38-rc6-00001-g2bf4ca3/kernel/fs/xfs/xfs.ko): Operation not permitted
          root@albatros:~# lsmod | grep xfs
          root@albatros:~# ifconfig xfs
          xfs: error fetching interface information: Device not found
          root@albatros:~# lsmod | grep xfs
          root@albatros:~# lsmod | grep sit
          root@albatros:~# ifconfig sit
          sit: error fetching interface information: Device not found
          root@albatros:~# lsmod | grep sit
          root@albatros:~# ifconfig sit0
          sit0      Link encap:IPv6-in-IPv4
      	      NOARP  MTU:1480  Metric:1
      
          root@albatros:~# lsmod | grep sit
          sit                    10457  0
          tunnel4                 2957  1 sit
      
      For CAP_SYS_MODULE module loading is still relaxed:
      
          root@albatros:~# grep Cap /proc/$$/status
          CapInh:	0000000000000000
          CapPrm:	ffffffffffffffff
          CapEff:	ffffffffffffffff
          CapBnd:	ffffffffffffffff
          root@albatros:~# ifconfig xfs
          xfs: error fetching interface information: Device not found
          root@albatros:~# lsmod | grep xfs
          xfs                   745319  0
      
      Reference: https://lkml.org/lkml/2011/2/24/203Signed-off-by: NVasiliy Kulikov <segoon@openwall.com>
      Signed-off-by: NMichael Tokarev <mjt@tls.msk.ru>
      Acked-by: NDavid S. Miller <davem@davemloft.net>
      Acked-by: NKees Cook <kees.cook@canonical.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      8909c9ad
  10. 08 3月, 2011 1 次提交
  11. 01 3月, 2011 1 次提交
  12. 24 2月, 2011 2 次提交
  13. 19 2月, 2011 2 次提交
  14. 18 2月, 2011 2 次提交
  15. 16 2月, 2011 2 次提交
  16. 14 2月, 2011 2 次提交
  17. 09 2月, 2011 1 次提交
    • D
      net: Fix lockdep regression caused by initializing netdev queues too early. · 8d3bdbd5
      David S. Miller 提交于
      In commit aa942104 ("net: init ingress
      queue") we moved the allocation and lock initialization of the queues
      into alloc_netdev_mq() since register_netdevice() is way too late.
      
      The problem is that dev->type is not setup until the setup()
      callback is invoked by alloc_netdev_mq(), and the dev->type is
      what determines the lockdep class to use for the locks in the
      queues.
      
      Fix this by doing the queue allocation after the setup() callback
      runs.
      
      This is safe because the setup() callback is not allowed to make any
      state changes that need to be undone on error (memory allocations,
      etc.).  It may, however, make state changes that are undone by
      free_netdev() (such as netif_napi_add(), which is done by the
      ipoib driver's setup routine).
      
      The previous code also leaked a reference to the &init_net namespace
      object on RX/TX queue allocation failures.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8d3bdbd5
  18. 03 2月, 2011 1 次提交
  19. 01 2月, 2011 1 次提交
  20. 30 1月, 2011 1 次提交
    • H
      gro: Reset dev pointer on reuse · 66c46d74
      Herbert Xu 提交于
      On older kernels the VLAN code may zero skb->dev before dropping
      it and causing it to be reused by GRO.
      
      Unfortunately we didn't reset skb->dev in that case which causes
      the next GRO user to get a bogus skb->dev pointer.
      
      This particular problem no longer happens with the current upstream
      kernel due to changes in VLAN processing.
      
      However, for correctness we should still reset the skb->dev pointer
      in the GRO reuse function in case a future user does the same thing.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      66c46d74
  21. 28 1月, 2011 1 次提交
    • E
      net: fix dev_seq_next() · ccf43438
      Eric Dumazet 提交于
      Commit c6d14c84 (net: Introduce for_each_netdev_rcu() iterator)
      added a race in dev_seq_next().
      
      The rcu_dereference() call should be done _before_ testing the end of
      list, or we might return a wrong net_device if a concurrent thread
      changes net_device list under us.
      
      Note : discovered thanks to a sparse warning :
      
      net/core/dev.c:3919:9: error: incompatible types in comparison expression
      (different address spaces)
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ccf43438
  22. 25 1月, 2011 5 次提交
  23. 22 1月, 2011 1 次提交
  24. 21 1月, 2011 2 次提交
  25. 20 1月, 2011 3 次提交
    • J
      net: implement mechanism for HW based QOS · 4f57c087
      John Fastabend 提交于
      This patch provides a mechanism for lower layer devices to
      steer traffic using skb->priority to tx queues. This allows
      for hardware based QOS schemes to use the default qdisc without
      incurring the penalties related to global state and the qdisc
      lock. While reliably receiving skbs on the correct tx ring
      to avoid head of line blocking resulting from shuffling in
      the LLD. Finally, all the goodness from txq caching and xps/rps
      can still be leveraged.
      
      Many drivers and hardware exist with the ability to implement
      QOS schemes in the hardware but currently these drivers tend
      to rely on firmware to reroute specific traffic, a driver
      specific select_queue or the queue_mapping action in the
      qdisc.
      
      By using select_queue for this drivers need to be updated for
      each and every traffic type and we lose the goodness of much
      of the upstream work. Firmware solutions are inherently
      inflexible. And finally if admins are expected to build a
      qdisc and filter rules to steer traffic this requires knowledge
      of how the hardware is currently configured. The number of tx
      queues and the queue offsets may change depending on resources.
      Also this approach incurs all the overhead of a qdisc with filters.
      
      With the mechanism in this patch users can set skb priority using
      expected methods ie setsockopt() or the stack can set the priority
      directly. Then the skb will be steered to the correct tx queues
      aligned with hardware QOS traffic classes. In the normal case with
      single traffic class and all queues in this class everything
      works as is until the LLD enables multiple tcs.
      
      To steer the skb we mask out the lower 4 bits of the priority
      and allow the hardware to configure upto 15 distinct classes
      of traffic. This is expected to be sufficient for most applications
      at any rate it is more then the 8021Q spec designates and is
      equal to the number of prio bands currently implemented in
      the default qdisc.
      
      This in conjunction with a userspace application such as
      lldpad can be used to implement 8021Q transmission selection
      algorithms one of these algorithms being the extended transmission
      selection algorithm currently being used for DCB.
      Signed-off-by: NJohn Fastabend <john.r.fastabend@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4f57c087
    • V
      net_device: add support for network device groups · cbda10fa
      Vlad Dogaru 提交于
      Net devices can now be grouped, enabling simpler manipulation from
      userspace. This patch adds a group field to the net_device structure, as
      well as rtnetlink support to query and modify it.
      Signed-off-by: NVlad Dogaru <ddvlad@rosedu.org>
      Acked-by: NJamal Hadi Salim <hadi@cyberus.ca>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cbda10fa
    • E
      net: fix can_checksum_protocol() arguments swap · d402786e
      Eric Dumazet 提交于
      commit 03634668 (net offloading: Convert checksums to use
      centrally computed features.) mistakenly swapped can_checksum_protocol()
      arguments.
      
      This broke IPv6 on bnx2 for instance, on NIC without TCPv6 checksum
      offloads.
      Reported-by: NHans de Bruin <jmdebruin@xmsnet.nl>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Acked-by: NJesse Gross <jesse@nicira.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d402786e
  26. 19 1月, 2011 1 次提交