1. 30 1月, 2017 1 次提交
    • E
      can: Fix kernel panic at security_sock_rcv_skb · f1712c73
      Eric Dumazet 提交于
      Zhang Yanmin reported crashes [1] and provided a patch adding a
      synchronize_rcu() call in can_rx_unregister()
      
      The main problem seems that the sockets themselves are not RCU
      protected.
      
      If CAN uses RCU for delivery, then sockets should be freed only after
      one RCU grace period.
      
      Recent kernels could use sock_set_flag(sk, SOCK_RCU_FREE), but let's
      ease stable backports with the following fix instead.
      
      [1]
      BUG: unable to handle kernel NULL pointer dereference at (null)
      IP: [<ffffffff81495e25>] selinux_socket_sock_rcv_skb+0x65/0x2a0
      
      Call Trace:
       <IRQ>
       [<ffffffff81485d8c>] security_sock_rcv_skb+0x4c/0x60
       [<ffffffff81d55771>] sk_filter+0x41/0x210
       [<ffffffff81d12913>] sock_queue_rcv_skb+0x53/0x3a0
       [<ffffffff81f0a2b3>] raw_rcv+0x2a3/0x3c0
       [<ffffffff81f06eab>] can_rcv_filter+0x12b/0x370
       [<ffffffff81f07af9>] can_receive+0xd9/0x120
       [<ffffffff81f07beb>] can_rcv+0xab/0x100
       [<ffffffff81d362ac>] __netif_receive_skb_core+0xd8c/0x11f0
       [<ffffffff81d36734>] __netif_receive_skb+0x24/0xb0
       [<ffffffff81d37f67>] process_backlog+0x127/0x280
       [<ffffffff81d36f7b>] net_rx_action+0x33b/0x4f0
       [<ffffffff810c88d4>] __do_softirq+0x184/0x440
       [<ffffffff81f9e86c>] do_softirq_own_stack+0x1c/0x30
       <EOI>
       [<ffffffff810c76fb>] do_softirq.part.18+0x3b/0x40
       [<ffffffff810c8bed>] do_softirq+0x1d/0x20
       [<ffffffff81d30085>] netif_rx_ni+0xe5/0x110
       [<ffffffff8199cc87>] slcan_receive_buf+0x507/0x520
       [<ffffffff8167ef7c>] flush_to_ldisc+0x21c/0x230
       [<ffffffff810e3baf>] process_one_work+0x24f/0x670
       [<ffffffff810e44ed>] worker_thread+0x9d/0x6f0
       [<ffffffff810e4450>] ? rescuer_thread+0x480/0x480
       [<ffffffff810ebafc>] kthread+0x12c/0x150
       [<ffffffff81f9ccef>] ret_from_fork+0x3f/0x70
      Reported-by: NZhang Yanmin <yanmin.zhang@intel.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Acked-by: NOliver Hartkopp <socketcan@hartkopp.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f1712c73
  2. 26 12月, 2016 2 次提交
    • T
      ktime: Cleanup ktime_set() usage · 8b0e1953
      Thomas Gleixner 提交于
      ktime_set(S,N) was required for the timespec storage type and is still
      useful for situations where a Seconds and Nanoseconds part of a time value
      needs to be converted. For anything where the Seconds argument is 0, this
      is pointless and can be replaced with a simple assignment.
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      8b0e1953
    • T
      ktime: Get rid of the union · 2456e855
      Thomas Gleixner 提交于
      ktime is a union because the initial implementation stored the time in
      scalar nanoseconds on 64 bit machine and in a endianess optimized timespec
      variant for 32bit machines. The Y2038 cleanup removed the timespec variant
      and switched everything to scalar nanoseconds. The union remained, but
      become completely pointless.
      
      Get rid of the union and just keep ktime_t as simple typedef of type s64.
      
      The conversion was done with coccinelle and some manual mopping up.
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      2456e855
  3. 07 12月, 2016 1 次提交
  4. 23 11月, 2016 1 次提交
  5. 01 11月, 2016 1 次提交
  6. 23 6月, 2016 1 次提交
    • A
      can: only call can_stat_update with procfs · 2781ff5c
      Arnd Bergmann 提交于
      The change to leave out procfs support in CAN when CONFIG_PROC_FS
      is not set was incomplete and leads to a build error:
      
      net/built-in.o: In function `can_init':
      :(.init.text+0x9858): undefined reference to `can_stat_update'
      ERROR: "can_stat_update" [net/can/can.ko] undefined!
      
      This tries a better approach, encapsulating all of the calls
      within IS_ENABLED(), so we also leave out the timer function
      from the object file.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Fixes: a20fadf8 ("can: build proc support only if CONFIG_PROC_FS is activated")
      Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      2781ff5c
  7. 17 6月, 2016 5 次提交
  8. 05 4月, 2016 1 次提交
    • S
      sock: enable timestamping using control messages · c14ac945
      Soheil Hassas Yeganeh 提交于
      Currently, SOL_TIMESTAMPING can only be enabled using setsockopt.
      This is very costly when users want to sample writes to gather
      tx timestamps.
      
      Add support for enabling SO_TIMESTAMPING via control messages by
      using tsflags added in `struct sockcm_cookie` (added in the previous
      patches in this series) to set the tx_flags of the last skb created in
      a sendmsg. With this patch, the timestamp recording bits in tx_flags
      of the skbuff is overridden if SO_TIMESTAMPING is passed in a cmsg.
      
      Please note that this is only effective for overriding the recording
      timestamps flags. Users should enable timestamp reporting (e.g.,
      SOF_TIMESTAMPING_SOFTWARE | SOF_TIMESTAMPING_OPT_ID) using
      socket options and then should ask for SOF_TIMESTAMPING_TX_*
      using control messages per sendmsg to sample timestamps for each
      write.
      Signed-off-by: NSoheil Hassas Yeganeh <soheil@google.com>
      Acked-by: NWillem de Bruijn <willemb@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c14ac945
  9. 13 10月, 2015 1 次提交
    • A
      can: avoid using timeval for uapi · ba61a8d9
      Arnd Bergmann 提交于
      The can subsystem communicates with user space using a bcm_msg_head
      header, which contains two timestamps. This is problematic for
      multiple reasons:
      
      a) The structure layout is currently incompatible between 64-bit
         user space and 32-bit user space, and cannot work in compat
         mode (other than x32).
      
      b) The timeval structure layout will change in 32-bit user
         space when we fix the y2038 overflow problem by redefining
         time_t to 64-bit, making new 32-bit user space incompatible
         with the current kernel interface.
         Cars last a long time and often use old kernels, so the actual
         users of this code are the most likely ones to migrate to y2038
         safe user space.
      
      This tries to work around part of the problem by changing the
      publicly visible user interface in the header, but not the binary
      interface. Fortunately, the values passed around in the structure
      are relative times and do not actually suffer from the y2038
      overflow, so 32-bit is enough here.
      
      We replace the use of 'struct timeval' with a newly defined
      'struct bcm_timeval' that uses the exact same binary layout
      as before and that still suffers from problem a) but not problem
      b).
      
      The downside of this approach is that any user space program
      that currently assigns a timeval structure to these members
      rather than writing the tv_sec/tv_usec portions individually
      will suffer a compile-time error when built with an updated
      kernel header. Fixing this error makes it work fine with old
      and new headers though.
      
      We could address problem a) by using '__u32' or 'int' members
      rather than 'long', but that would have a more significant
      downside in also breaking support for all existing 64-bit user
      binaries that might be using this interface, which is likely
      not acceptable.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Acked-by: NOliver Hartkopp <socketcan@hartkopp.net>
      Cc: linux-can@vger.kernel.org
      Cc: linux-api@vger.kernel.org
      Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      ba61a8d9
  10. 13 7月, 2015 1 次提交
    • O
      can: replace timestamp as unique skb attribute · d3b58c47
      Oliver Hartkopp 提交于
      Commit 514ac99c "can: fix multiple delivery of a single CAN frame for
      overlapping CAN filters" requires the skb->tstamp to be set to check for
      identical CAN skbs.
      
      Without timestamping to be required by user space applications this timestamp
      was not generated which lead to commit 36c01245 "can: fix loss of CAN frames
      in raw_rcv" - which forces the timestamp to be set in all CAN related skbuffs
      by introducing several __net_timestamp() calls.
      
      This forces e.g. out of tree drivers which are not using alloc_can{,fd}_skb()
      to add __net_timestamp() after skbuff creation to prevent the frame loss fixed
      in mainline Linux.
      
      This patch removes the timestamp dependency and uses an atomic counter to
      create an unique identifier together with the skbuff pointer.
      
      Btw: the new skbcnt element introduced in struct can_skb_priv has to be
      initialized with zero in out-of-tree drivers which are not using
      alloc_can{,fd}_skb() too.
      Signed-off-by: NOliver Hartkopp <socketcan@hartkopp.net>
      Cc: linux-stable <stable@vger.kernel.org>
      Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      d3b58c47
  11. 22 6月, 2015 1 次提交
  12. 09 6月, 2015 1 次提交
  13. 11 5月, 2015 1 次提交
  14. 01 4月, 2015 2 次提交
    • O
      can: introduce new raw socket option to join the given CAN filters · a5581ef4
      Oliver Hartkopp 提交于
      The CAN_RAW socket can set multiple CAN identifier specific filters that lead
      to multiple filters in the af_can.c filter processing. These filters are
      indenpendent from each other which leads to logical OR'ed filters when applied.
      
      This socket option joines the given CAN filters in the way that only CAN frames
      are passed to user space that matched *all* given CAN filters. The semantic for
      the applied filters is therefore changed to a logical AND.
      
      This is useful especially when the filterset is a combination of filters where
      the CAN_INV_FILTER flag is set in order to notch single CAN IDs or CAN ID
      ranges from the incoming traffic.
      
      As the raw_rcv() function is executed from NET_RX softirq the introduced
      variables are implemented as per-CPU variables to avoid extensive locking at
      CAN frame reception time.
      Signed-off-by: NOliver Hartkopp <socketcan@hartkopp.net>
      Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      a5581ef4
    • O
      can: fix multiple delivery of a single CAN frame for overlapping CAN filters · 514ac99c
      Oliver Hartkopp 提交于
      The CAN_RAW socket can set multiple CAN identifier specific filters that lead
      to multiple filters in the af_can.c filter processing. These filters are
      indenpendent from each other which leads to logical OR'ed filters when applied.
      
      This patch makes sure that every CAN frame which is filtered for a specific
      socket is only delivered once to the user space. This is independent from the
      number of matching CAN filters of this socket.
      
      As the raw_rcv() function is executed from NET_RX softirq the introduced
      variables are implemented as per-CPU variables to avoid extensive locking at
      CAN frame reception time.
      Signed-off-by: NOliver Hartkopp <socketcan@hartkopp.net>
      Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      514ac99c
  15. 09 3月, 2015 1 次提交
  16. 03 3月, 2015 1 次提交
  17. 02 3月, 2015 1 次提交
  18. 18 1月, 2015 1 次提交
    • J
      netlink: make nlmsg_end() and genlmsg_end() void · 053c095a
      Johannes Berg 提交于
      Contrary to common expectations for an "int" return, these functions
      return only a positive value -- if used correctly they cannot even
      return 0 because the message header will necessarily be in the skb.
      
      This makes the very common pattern of
      
        if (genlmsg_end(...) < 0) { ... }
      
      be a whole bunch of dead code. Many places also simply do
      
        return nlmsg_end(...);
      
      and the caller is expected to deal with it.
      
      This also commonly (at least for me) causes errors, because it is very
      common to write
      
        if (my_function(...))
          /* error condition */
      
      and if my_function() does "return nlmsg_end()" this is of course wrong.
      
      Additionally, there's not a single place in the kernel that actually
      needs the message length returned, and if anyone needs it later then
      it'll be very easy to just use skb->len there.
      
      Remove this, and make the functions void. This removes a bunch of dead
      code as described above. The patch adds lines because I did
      
      -	return nlmsg_end(...);
      +	nlmsg_end(...);
      +	return 0;
      
      I could have preserved all the function's return values by returning
      skb->len, but instead I've audited all the places calling the affected
      functions and found that none cared. A few places actually compared
      the return value with <= 0 in dump functionality, but that could just
      be changed to < 0 with no change in behaviour, so I opted for the more
      efficient version.
      
      One instance of the error I've made numerous times now is also present
      in net/phonet/pn_netlink.c in the route_dumpit() function - it didn't
      check for <0 or <=0 and thus broke out of the loop every single time.
      I've preserved this since it will (I think) have caused the messages to
      userspace to be formatted differently with just a single message for
      every SKB returned to userspace. It's possible that this isn't needed
      for the tools that actually use this, but I don't even know what they
      are so couldn't test that changing this behaviour would be acceptable.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      053c095a
  19. 08 12月, 2014 2 次提交
  20. 24 11月, 2014 2 次提交
  21. 19 5月, 2014 2 次提交
  22. 25 4月, 2014 1 次提交
  23. 03 3月, 2014 1 次提交
    • O
      can: remove CAN FD compatibility for CAN 2.0 sockets · 821047c4
      Oliver Hartkopp 提交于
      In commit e2d265d3 (canfd: add support for CAN FD in CAN_RAW sockets)
      CAN FD frames with a payload length up to 8 byte are passed to legacy
      sockets where the CAN FD support was not enabled by the application.
      
      After some discussions with developers at a fair this well meant feature
      leads to confusion as no clean switch for CAN / CAN FD is provided to the
      application programmer. Additionally a compatibility like this for legacy
      CAN_RAW sockets requires some compatibility handling for the sending, e.g.
      make CAN2.0 frames a CAN FD frame with BRS at transmission time (?!?).
      
      This will become a mess when people start to develop applications with
      real CAN FD hardware. This patch reverts the bad compatibility code
      together with the documentation describing the removed feature.
      Acked-by: NStephane Grosjean <s.grosjean@peak-system.com>
      Signed-off-by: NOliver Hartkopp <socketcan@hartkopp.net>
      Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>
      821047c4
  24. 31 1月, 2014 1 次提交
  25. 30 1月, 2014 1 次提交
  26. 19 1月, 2014 1 次提交
  27. 15 1月, 2014 1 次提交
  28. 21 12月, 2013 1 次提交
  29. 20 10月, 2013 1 次提交
  30. 14 10月, 2013 1 次提交
  31. 30 8月, 2013 1 次提交