1. 08 6月, 2013 1 次提交
    • P
      netlink: allow large data transfers from user-space · c05cdb1b
      Pablo Neira Ayuso 提交于
      I can hit ENOBUFS in the sendmsg() path with a large batch that is
      composed of many netlink messages. Here that limit is 8 MBytes of
      skbuff data area as kmalloc does not manage to get more than that.
      
      While discussing atomic rule-set for nftables with Patrick McHardy,
      we decided to put all rule-set updates that need to be applied
      atomically in one single batch to simplify the existing approach.
      However, as explained above, the existing netlink code limits us
      to a maximum of ~20000 rules that fit in one single batch without
      hitting ENOBUFS. iptables does not have such limitation as it is
      using vmalloc.
      
      This patch adds netlink_alloc_large_skb() which is only used in
      the netlink_sendmsg() path. It uses alloc_skb if the memory
      requested is <= one memory page, that should be the common case
      for most subsystems, else vmalloc for higher memory allocations.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c05cdb1b
  2. 05 6月, 2013 1 次提交
  3. 02 5月, 2013 1 次提交
  4. 25 4月, 2013 1 次提交
    • N
      netlink: fix compilation after memory mapped patches · 1bf9310a
      Nicolas Dichtel 提交于
      Depending of the kernel configuration (CONFIG_UIDGID_STRICT_TYPE_CHECKS), we can
      get the following errors:
      
      net/netlink/af_netlink.c: In function ‘netlink_queue_mmaped_skb’:
      net/netlink/af_netlink.c:663:14: error: incompatible types when assigning to type ‘__u32’ from type ‘kuid_t’
      net/netlink/af_netlink.c:664:14: error: incompatible types when assigning to type ‘__u32’ from type ‘kgid_t’
      net/netlink/af_netlink.c: In function ‘netlink_ring_set_copied’:
      net/netlink/af_netlink.c:693:14: error: incompatible types when assigning to type ‘__u32’ from type ‘kuid_t’
      net/netlink/af_netlink.c:694:14: error: incompatible types when assigning to type ‘__u32’ from type ‘kgid_t’
      
      We must use the helpers to get the uid and gid, and also take care of user_ns.
      
      Fix suggested by Eric W. Biederman <ebiederm@xmission.com>.
      Signed-off-by: NNicolas Dichtel <nicolas.dichtel@6wind.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1bf9310a
  5. 24 4月, 2013 1 次提交
  6. 20 4月, 2013 9 次提交
  7. 29 3月, 2013 1 次提交
  8. 22 3月, 2013 1 次提交
  9. 28 2月, 2013 1 次提交
    • S
      hlist: drop the node parameter from iterators · b67bfe0d
      Sasha Levin 提交于
      I'm not sure why, but the hlist for each entry iterators were conceived
      
              list_for_each_entry(pos, head, member)
      
      The hlist ones were greedy and wanted an extra parameter:
      
              hlist_for_each_entry(tpos, pos, head, member)
      
      Why did they need an extra pos parameter? I'm not quite sure. Not only
      they don't really need it, it also prevents the iterator from looking
      exactly like the list iterator, which is unfortunate.
      
      Besides the semantic patch, there was some manual work required:
      
       - Fix up the actual hlist iterators in linux/list.h
       - Fix up the declaration of other iterators based on the hlist ones.
       - A very small amount of places were using the 'node' parameter, this
       was modified to use 'obj->member' instead.
       - Coccinelle didn't handle the hlist_for_each_entry_safe iterator
       properly, so those had to be fixed up manually.
      
      The semantic patch which is mostly the work of Peter Senna Tschudin is here:
      
      @@
      iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
      
      type T;
      expression a,c,d,e;
      identifier b;
      statement S;
      @@
      
      -T b;
          <+... when != b
      (
      hlist_for_each_entry(a,
      - b,
      c, d) S
      |
      hlist_for_each_entry_continue(a,
      - b,
      c) S
      |
      hlist_for_each_entry_from(a,
      - b,
      c) S
      |
      hlist_for_each_entry_rcu(a,
      - b,
      c, d) S
      |
      hlist_for_each_entry_rcu_bh(a,
      - b,
      c, d) S
      |
      hlist_for_each_entry_continue_rcu_bh(a,
      - b,
      c) S
      |
      for_each_busy_worker(a, c,
      - b,
      d) S
      |
      ax25_uid_for_each(a,
      - b,
      c) S
      |
      ax25_for_each(a,
      - b,
      c) S
      |
      inet_bind_bucket_for_each(a,
      - b,
      c) S
      |
      sctp_for_each_hentry(a,
      - b,
      c) S
      |
      sk_for_each(a,
      - b,
      c) S
      |
      sk_for_each_rcu(a,
      - b,
      c) S
      |
      sk_for_each_from
      -(a, b)
      +(a)
      S
      + sk_for_each_from(a) S
      |
      sk_for_each_safe(a,
      - b,
      c, d) S
      |
      sk_for_each_bound(a,
      - b,
      c) S
      |
      hlist_for_each_entry_safe(a,
      - b,
      c, d, e) S
      |
      hlist_for_each_entry_continue_rcu(a,
      - b,
      c) S
      |
      nr_neigh_for_each(a,
      - b,
      c) S
      |
      nr_neigh_for_each_safe(a,
      - b,
      c, d) S
      |
      nr_node_for_each(a,
      - b,
      c) S
      |
      nr_node_for_each_safe(a,
      - b,
      c, d) S
      |
      - for_each_gfn_sp(a, c, d, b) S
      + for_each_gfn_sp(a, c, d) S
      |
      - for_each_gfn_indirect_valid_sp(a, c, d, b) S
      + for_each_gfn_indirect_valid_sp(a, c, d) S
      |
      for_each_host(a,
      - b,
      c) S
      |
      for_each_host_safe(a,
      - b,
      c, d) S
      |
      for_each_mesh_entry(a,
      - b,
      c, d) S
      )
          ...+>
      
      [akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
      [akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
      [akpm@linux-foundation.org: checkpatch fixes]
      [akpm@linux-foundation.org: fix warnings]
      [akpm@linux-foudnation.org: redo intrusive kvm changes]
      Tested-by: NPeter Senna Tschudin <peter.senna@gmail.com>
      Acked-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: NSasha Levin <sasha.levin@oracle.com>
      Cc: Wu Fengguang <fengguang.wu@intel.com>
      Cc: Marcelo Tosatti <mtosatti@redhat.com>
      Cc: Gleb Natapov <gleb@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      b67bfe0d
  10. 23 2月, 2013 1 次提交
  11. 19 2月, 2013 2 次提交
  12. 10 1月, 2013 1 次提交
  13. 18 12月, 2012 2 次提交
  14. 19 11月, 2012 1 次提交
    • E
      net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm · df008c91
      Eric W. Biederman 提交于
      Allow an unpriviled user who has created a user namespace, and then
      created a network namespace to effectively use the new network
      namespace, by reducing capable(CAP_NET_ADMIN) and
      capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
      CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
      
      Allow creation of af_key sockets.
      Allow creation of llc sockets.
      Allow creation of af_packet sockets.
      
      Allow sending xfrm netlink control messages.
      
      Allow binding to netlink multicast groups.
      Allow sending to netlink multicast groups.
      Allow adding and dropping netlink multicast groups.
      Allow sending to all netlink multicast groups and port ids.
      
      Allow reading the netfilter SO_IP_SET socket option.
      Allow sending netfilter netlink messages.
      Allow setting and getting ip_vs netfilter socket options.
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      df008c91
  15. 19 10月, 2012 1 次提交
    • E
      netlink: use kfree_rcu() in netlink_release() · 6d772ac5
      Eric Dumazet 提交于
      On some suspend/resume operations involving wimax device, we have
      noticed some intermittent memory corruptions in netlink code.
      
      Stéphane Marchesin tracked this corruption in netlink_update_listeners()
      and suggested a patch.
      
      It appears netlink_release() should use kfree_rcu() instead of kfree()
      for the listeners structure as it may be used by other cpus using RCU
      protection.
      
      netlink_release() must set to NULL the listeners pointer when
      it is about to be freed.
      
      Also have to protect netlink_update_listeners() and
      netlink_has_listeners() if listeners is NULL.
      
      Add a nl_deref_protected() lockdep helper to properly document which
      locks protects us.
      Reported-by: NJonathan Kliegman <kliegs@google.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Cc: Stéphane Marchesin <marcheu@google.com>
      Cc: Sam Leffler <sleffler@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6d772ac5
  16. 07 10月, 2012 1 次提交
    • G
      netlink: add reference of module in netlink_dump_start · 6dc878a8
      Gao feng 提交于
      I get a panic when I use ss -a and rmmod inet_diag at the
      same time.
      
      It's because netlink_dump uses inet_diag_dump which belongs to module
      inet_diag.
      
      I search the codes and find many modules have the same problem.  We
      need to add a reference to the module which the cb->dump belongs to.
      
      Thanks for all help from Stephen,Jan,Eric,Steffen and Pablo.
      
      Change From v3:
      change netlink_dump_start to inline,suggestion from Pablo and
      Eric.
      
      Change From v2:
      delete netlink_dump_done,and call module_put in netlink_dump
      and netlink_sock_destruct.
      Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6dc878a8
  17. 11 9月, 2012 1 次提交
  18. 09 9月, 2012 2 次提交
  19. 08 9月, 2012 1 次提交
    • E
      scm: Don't use struct ucred in NETLINK_CB and struct scm_cookie. · dbe9a417
      Eric W. Biederman 提交于
      Passing uids and gids on NETLINK_CB from a process in one user
      namespace to a process in another user namespace can result in the
      wrong uid or gid being presented to userspace.  Avoid that problem by
      passing kuids and kgids instead.
      
      - define struct scm_creds for use in scm_cookie and netlink_skb_parms
        that holds uid and gid information in kuid_t and kgid_t.
      
      - Modify scm_set_cred to fill out scm_creds by heand instead of using
        cred_to_ucred to fill out struct ucred.  This conversion ensures
        userspace does not get incorrect uid or gid values to look at.
      
      - Modify scm_recv to convert from struct scm_creds to struct ucred
        before copying credential values to userspace.
      
      - Modify __scm_send to populate struct scm_creds on in the scm_cookie,
        instead of just copying struct ucred from userspace.
      
      - Modify netlink_sendmsg to copy scm_creds instead of struct ucred
        into the NETLINK_CB.
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dbe9a417
  20. 25 8月, 2012 1 次提交
    • P
      netlink: fix possible spoofing from non-root processes · 20e1db19
      Pablo Neira Ayuso 提交于
      Non-root user-space processes can send Netlink messages to other
      processes that are well-known for being subscribed to Netlink
      asynchronous notifications. This allows ilegitimate non-root
      process to send forged messages to Netlink subscribers.
      
      The userspace process usually verifies the legitimate origin in
      two ways:
      
      a) Socket credentials. If UID != 0, then the message comes from
         some ilegitimate process and the message needs to be dropped.
      
      b) Netlink portID. In general, portID == 0 means that the origin
         of the messages comes from the kernel. Thus, discarding any
         message not coming from the kernel.
      
      However, ctnetlink sets the portID in event messages that has
      been triggered by some user-space process, eg. conntrack utility.
      So other processes subscribed to ctnetlink events, eg. conntrackd,
      know that the event was triggered by some user-space action.
      
      Neither of the two ways to discard ilegitimate messages coming
      from non-root processes can help for ctnetlink.
      
      This patch adds capability validation in case that dst_pid is set
      in netlink_sendmsg(). This approach is aggressive since existing
      applications using any Netlink bus to deliver messages between
      two user-space processes will break. Note that the exception is
      NETLINK_USERSOCK, since it is reserved for netlink-to-netlink
      userspace communication.
      
      Still, if anyone wants that his Netlink bus allows netlink-to-netlink
      userspace, then they can set NL_NONROOT_SEND. However, by default,
      I don't think it makes sense to allow to use NETLINK_ROUTE to
      communicate two processes that are sending no matter what information
      that is not related to link/neighbouring/routing. They should be using
      NETLINK_USERSOCK instead for that.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      20e1db19
  21. 22 8月, 2012 1 次提交
    • E
      af_netlink: force credentials passing [CVE-2012-3520] · e0e3cea4
      Eric Dumazet 提交于
      Pablo Neira Ayuso discovered that avahi and
      potentially NetworkManager accept spoofed Netlink messages because of a
      kernel bug.  The kernel passes all-zero SCM_CREDENTIALS ancillary data
      to the receiver if the sender did not provide such data, instead of not
      including any such data at all or including the correct data from the
      peer (as it is the case with AF_UNIX).
      
      This bug was introduced in commit 16e57262
      (af_unix: dont send SCM_CREDENTIALS by default)
      
      This patch forces passing credentials for netlink, as
      before the regression.
      
      Another fix would be to not add SCM_CREDENTIALS in
      netlink messages if not provided by the sender, but it
      might break some programs.
      
      With help from Florian Weimer & Petr Matousek
      
      This issue is designated as CVE-2012-3520
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Cc: Petr Matousek <pmatouse@redhat.com>
      Cc: Florian Weimer <fweimer@redhat.com>
      Cc: Pablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e0e3cea4
  22. 15 8月, 2012 1 次提交
  23. 30 6月, 2012 2 次提交
  24. 24 4月, 2012 2 次提交
  25. 20 4月, 2012 1 次提交
  26. 06 4月, 2012 1 次提交
  27. 27 2月, 2012 1 次提交