1. 20 10月, 2013 1 次提交
    • D
      net: unix: inherit SOCK_PASS{CRED, SEC} flags from socket to fix race · 90c6bd34
      Daniel Borkmann 提交于
      In the case of credentials passing in unix stream sockets (dgram
      sockets seem not affected), we get a rather sparse race after
      commit 16e57262 ("af_unix: dont send SCM_CREDENTIALS by default").
      
      We have a stream server on receiver side that requests credential
      passing from senders (e.g. nc -U). Since we need to set SO_PASSCRED
      on each spawned/accepted socket on server side to 1 first (as it's
      not inherited), it can happen that in the time between accept() and
      setsockopt() we get interrupted, the sender is being scheduled and
      continues with passing data to our receiver. At that time SO_PASSCRED
      is neither set on sender nor receiver side, hence in cmsg's
      SCM_CREDENTIALS we get eventually pid:0, uid:65534, gid:65534
      (== overflow{u,g}id) instead of what we actually would like to see.
      
      On the sender side, here nc -U, the tests in maybe_add_creds()
      invoked through unix_stream_sendmsg() would fail, as at that exact
      time, as mentioned, the sender has neither SO_PASSCRED on his side
      nor sees it on the server side, and we have a valid 'other' socket
      in place. Thus, sender believes it would just look like a normal
      connection, not needing/requesting SO_PASSCRED at that time.
      
      As reverting 16e57262 would not be an option due to the significant
      performance regression reported when having creds always passed,
      one way/trade-off to prevent that would be to set SO_PASSCRED on
      the listener socket and allow inheriting these flags to the spawned
      socket on server side in accept(). It seems also logical to do so
      if we'd tell the listener socket to pass those flags onwards, and
      would fix the race.
      
      Before, strace:
      
      recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"blub\n", 4096}],
              msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET,
              cmsg_type=SCM_CREDENTIALS{pid=0, uid=65534, gid=65534}},
              msg_flags=0}, 0) = 5
      
      After, strace:
      
      recvmsg(4, {msg_name(0)=NULL, msg_iov(1)=[{"blub\n", 4096}],
              msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET,
              cmsg_type=SCM_CREDENTIALS{pid=11580, uid=1000, gid=1000}},
              msg_flags=0}, 0) = 5
      Signed-off-by: NDaniel Borkmann <dborkman@redhat.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      90c6bd34
  2. 19 10月, 2013 8 次提交
    • H
      qlcnic: Validate Tx queue only for 82xx adapters. · 66c562ef
      Himanshu Madhani 提交于
      o validate Tx queue only in case of adapters which supports
        multi Tx queue.
      
        This patch is to fix regression introduced in commit
        aa4a1f7d
        "qlcnic: Enable Tx queue changes using ethtool for 82xx Series adapter"
      Signed-off-by: NHimanshu Madhani <himanshu.madhani@qlogic.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      66c562ef
    • V
      be2net: pass if_id for v1 and V2 versions of TX_CREATE cmd · 0fb88d61
      Vasundhara Volam 提交于
      It is a required field for all TX_CREATE cmd versions > 0.
      This fixes a driver initialization failure, caused by recent SH-R Firmwares
      (versions > 10.0.639.0) failing the TX_CREATE cmd when if_id field is
      not passed.
      Signed-off-by: NSathya Perla <sathya.perla@emulex.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0fb88d61
    • S
      wanxl: fix info leak in ioctl · 2b13d06c
      Salva Peiró 提交于
      The wanxl_ioctl() code fails to initialize the two padding bytes of
      struct sync_serial_settings after the ->loopback member. Add an explicit
      memset(0) before filling the structure to avoid the info leak.
      Signed-off-by: NSalva Peiró <speiro@ai2.upv.es>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2b13d06c
    • D
      Merge branch 'bridge_pvid' · b8bde1c4
      David S. Miller 提交于
      Toshiaki Makita says:
      
      ====================
      bridge: Fix problems around the PVID
      
      There seem to be some undesirable behaviors related with PVID.
      1. It has no effect assigning PVID to a port. PVID cannot be applied
      to any frame regardless of whether we set it or not.
      2. FDB entries learned via frames applied PVID are registered with
      VID 0 rather than VID value of PVID.
      3. We can set 0 or 4095 as a PVID that are not allowed in IEEE 802.1Q.
      This leads interoperational problems such as sending frames with VID
      4095, which is not allowed in IEEE 802.1Q, and treating frames with VID
      0 as they belong to VLAN 0, which is expected to be handled as they have
      no VID according to IEEE 802.1Q.
      
      Note: 2nd and 3rd problems are potential and not exposed unless 1st problem
      is fixed, because we cannot activate PVID due to it.
      
      This is my analysis for each behavior.
      1. We are using VLAN_TAG_PRESENT bit when getting PVID, and not when
      adding/deleting PVID.
      It can be fixed in either way using or not using VLAN_TAG_PRESENT,
      but I think the latter is slightly more efficient.
      
      2. We are setting skb->vlan_tci with the value of PVID but the variable
      vid, which is used in FDB later, is set to 0 at br_allowed_ingress()
      when untagged frames arrive at a port with PVID valid. I'm afraid that
      vid should be updated to the value of PVID if PVID is valid.
      
      3. According to IEEE 802.1Q-2011 (6.9.1 and Table 9-2), we cannot use
      VID 0 or 4095 as a PVID.
      It looks like that there are more stuff to consider.
      
      - VID 0:
      VID 0 shall not be configured in any FDB entry and used in a tag header
      to indicate it is a 802.1p priority-tagged frame.
      Priority-tagged frames should be applied PVID (from IEEE 802.1Q 6.9.1).
      In my opinion, since we can filter incomming priority-tagged frames by
      deleting PVID, we don't need to filter them by vlan_bitmap.
      In other words, priority-tagged frames don't have VID 0 but have no VID,
      which is the same as untagged frames, and should be filtered by unsetting
      PVID.
      So, not only we cannot set PVID as 0, but also we don't need to add 0 to
      vlan_bitmap, which enables us to simply forbid to add vlan 0.
      
      - VID 4095:
      VID 4095 shall not be transmitted in a tag header. This VID value may be
      used to indicate a wildcard match for the VID in management operations or
      FDB entries (from IEEE 802.1Q Table 9-2).
      In current implementation, we can create a static FDB entry with all
      existing VIDs by not specifying any VID when creating it.
      I don't think this way to add wildcard-like entries needs to change,
      and VID 4095 looks no use and can be unacceptable to add.
      
      Consequently, I believe what we should do for 3rd problem is below:
      - Not allowing VID 0 and 4095 to be added.
      - Applying PVID to priority-tagged (VID 0) frames.
      
      Note: It has been descovered that another problem related to priority-tags
      remains. If we use vlan 0 interface such as eth0.0, we cannot communicate
      with another end station via a linux bridge.
      This problem exists regardless of whether this patch set is applied or not
      because we might receive untagged frames from another end station even if we
      are sending priority-tagged frames.
      This issue will be addressed by another patch set introducing an additional
      egress policy, on which Vlad Yasevich is working.
      See http://marc.info/?t=137880893800001&r=1&w=2 for detailed discussion.
      
      Patch set follows this mail.
      The order of patches is not the same as described above, because the way
      to fix 1st problem is based on the assumption that we don't use VID 0 as
      a PVID, which is realized by fixing 3rd problem.
      (1/4)(2/4): Fix 3rd problem.
      (3/4): Fix 1st problem.
      (4/4): Fix 2nd probelm.
      
      v2:
      - Add descriptions about the problem related to priority-tags in cover letter.
      - Revise patch comments to reference the newest spec.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b8bde1c4
    • T
      bridge: Fix updating FDB entries when the PVID is applied · dfb5fa32
      Toshiaki Makita 提交于
      We currently set the value that variable vid is pointing, which will be
      used in FDB later, to 0 at br_allowed_ingress() when we receive untagged
      or priority-tagged frames, even though the PVID is valid.
      This leads to FDB updates in such a wrong way that they are learned with
      VID 0.
      Update the value to that of PVID if the PVID is applied.
      Signed-off-by: NToshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
      Reviewed-by: NVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dfb5fa32
    • T
      bridge: Fix the way the PVID is referenced · d1c6c708
      Toshiaki Makita 提交于
      We are using the VLAN_TAG_PRESENT bit to detect whether the PVID is
      set or not at br_get_pvid(), while we don't care about the bit in
      adding/deleting the PVID, which makes it impossible to forward any
      incomming untagged frame with vlan_filtering enabled.
      
      Since vid 0 cannot be used for the PVID, we can use vid 0 to indicate
      that the PVID is not set, which is slightly more efficient than using
      the VLAN_TAG_PRESENT.
      
      Fix the problem by getting rid of using the VLAN_TAG_PRESENT.
      Signed-off-by: NToshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
      Reviewed-by: NVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d1c6c708
    • T
      bridge: Apply the PVID to priority-tagged frames · b90356ce
      Toshiaki Makita 提交于
      IEEE 802.1Q says that when we receive priority-tagged (VID 0) frames
      use the PVID for the port as its VID.
      (See IEEE 802.1Q-2011 6.9.1 and Table 9-2)
      
      Apply the PVID to not only untagged frames but also priority-tagged frames.
      Signed-off-by: NToshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
      Reviewed-by: NVlad Yasevich <vyasevic@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b90356ce
    • T
      bridge: Don't use VID 0 and 4095 in vlan filtering · 8adff41c
      Toshiaki Makita 提交于
      IEEE 802.1Q says that:
      - VID 0 shall not be configured as a PVID, or configured in any Filtering
      Database entry.
      - VID 4095 shall not be configured as a PVID, or transmitted in a tag
      header. This VID value may be used to indicate a wildcard match for the VID
      in management operations or Filtering Database entries.
      (See IEEE 802.1Q-2011 6.9.1 and Table 9-2)
      
      Don't accept adding these VIDs in the vlan_filtering implementation.
      Signed-off-by: NToshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
      Reviewed-by: NVlad Yasevich <vyasevic@redhat.com>
      Acked-by: NStephen Hemminger <stephen@networkplumber.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8adff41c
  3. 18 10月, 2013 22 次提交
  4. 16 10月, 2013 1 次提交
  5. 15 10月, 2013 3 次提交
  6. 14 10月, 2013 2 次提交
    • J
      mac80211: fix crash if bitrate calculation goes wrong · d86aa4f8
      Johannes Berg 提交于
      If a frame's timestamp is calculated, and the bitrate
      calculation goes wrong and returns zero, the system
      will attempt to divide by zero and crash. Catch this
      case and print the rate information that the driver
      reported when this happens.
      
      Cc: stable@vger.kernel.org
      Reported-by: NThomas Lindroth <thomas.lindroth@gmail.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      d86aa4f8
    • J
      wireless: radiotap: fix parsing buffer overrun · f5563318
      Johannes Berg 提交于
      When parsing an invalid radiotap header, the parser can overrun
      the buffer that is passed in because it doesn't correctly check
       1) the minimum radiotap header size
       2) the space for extended bitmaps
      
      The first issue doesn't affect any in-kernel user as they all
      check the minimum size before calling the radiotap function.
      The second issue could potentially affect the kernel if an skb
      is passed in that consists only of the radiotap header with a
      lot of extended bitmaps that extend past the SKB. In that case
      a read-only buffer overrun by at most 4 bytes is possible.
      
      Fix this by adding the appropriate checks to the parser.
      
      Cc: stable@vger.kernel.org
      Reported-by: NEvan Huus <eapache@gmail.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      f5563318
  7. 12 10月, 2013 3 次提交