1. 26 11月, 2007 1 次提交
    • H
      [IPSEC]: Temporarily remove locks around copying of non-atomic fields · 8053fc3d
      Herbert Xu 提交于
      The change 050f009e
      
      	[IPSEC]: Lock state when copying non-atomic fields to user-space
      
      caused a regression.
      
      Ingo Molnar reports that it causes a potential dead-lock found by the
      lock validator as it tries to take x->lock within xfrm_state_lock while
      numerous other sites take the locks in opposite order.
      
      For 2.6.24, the best fix is to simply remove the added locks as that puts
      us back in the same state as we've been in for years.  For later kernels
      a proper fix would be to reverse the locking order for every xfrm state
      user such that if x->lock is taken together with xfrm_state_lock then
      it is to be taken within it.
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      8053fc3d
  2. 11 10月, 2007 22 次提交
  3. 31 7月, 2007 1 次提交
  4. 08 6月, 2007 1 次提交
    • J
      xfrm: Add security check before flushing SAD/SPD · 4aa2e62c
      Joy Latten 提交于
      Currently we check for permission before deleting entries from SAD and
      SPD, (see security_xfrm_policy_delete() security_xfrm_state_delete())
      However we are not checking for authorization when flushing the SPD and
      the SAD completely. It was perhaps missed in the original security hooks
      patch.
      
      This patch adds a security check when flushing entries from the SAD and
      SPD.  It runs the entire database and checks each entry for a denial.
      If the process attempting the flush is unable to remove all of the
      entries a denial is logged the the flush function returns an error
      without removing anything.
      
      This is particularly useful when a process may need to create or delete
      its own xfrm entries used for things like labeled networking but that
      same process should not be able to delete other entries or flush the
      entire database.
      
      Signed-off-by: Joy Latten<latten@austin.ibm.com>
      Signed-off-by: NEric Paris <eparis@parisplace.org>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      4aa2e62c
  5. 05 5月, 2007 2 次提交
  6. 29 4月, 2007 1 次提交
  7. 27 4月, 2007 1 次提交
  8. 26 4月, 2007 9 次提交
  9. 14 4月, 2007 1 次提交
    • J
      [IPSEC] XFRM_USER: kernel panic when large security contexts in ACQUIRE · 661697f7
      Joy Latten 提交于
      When sending a security context of 50+ characters in an ACQUIRE 
      message, following kernel panic occurred.
      
      kernel BUG in xfrm_send_acquire at net/xfrm/xfrm_user.c:1781!
      cpu 0x3: Vector: 700 (Program Check) at [c0000000421bb2e0]
          pc: c00000000033b074: .xfrm_send_acquire+0x240/0x2c8
          lr: c00000000033b014: .xfrm_send_acquire+0x1e0/0x2c8
          sp: c0000000421bb560
         msr: 8000000000029032
        current = 0xc00000000fce8f00
        paca    = 0xc000000000464b00
          pid   = 2303, comm = ping
      kernel BUG in xfrm_send_acquire at net/xfrm/xfrm_user.c:1781!
      enter ? for help
      3:mon> t
      [c0000000421bb650] c00000000033538c .km_query+0x6c/0xec
      [c0000000421bb6f0] c000000000337374 .xfrm_state_find+0x7f4/0xb88
      [c0000000421bb7f0] c000000000332350 .xfrm_tmpl_resolve+0xc4/0x21c
      [c0000000421bb8d0] c0000000003326e8 .xfrm_lookup+0x1a0/0x5b0
      [c0000000421bba00] c0000000002e6ea0 .ip_route_output_flow+0x88/0xb4
      [c0000000421bbaa0] c0000000003106d8 .ip4_datagram_connect+0x218/0x374
      [c0000000421bbbd0] c00000000031bc00 .inet_dgram_connect+0xac/0xd4
      [c0000000421bbc60] c0000000002b11ac .sys_connect+0xd8/0x120
      [c0000000421bbd90] c0000000002d38d0 .compat_sys_socketcall+0xdc/0x214
      [c0000000421bbe30] c00000000000869c syscall_exit+0x0/0x40
      --- Exception: c00 (System Call) at 0000000007f0ca9c
      SP (fc0ef8f0) is in userspace
      
      We are using size of security context from xfrm_policy to determine
      how much space to alloc skb and then putting security context from
      xfrm_state into skb. Should have been using size of security context 
      from xfrm_state to alloc skb. Following fix does that
      Signed-off-by: NJoy Latten <latten@austin.ibm.com>
      Acked-by: NJames Morris <jmorris@namei.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      661697f7
  10. 23 3月, 2007 1 次提交