commit eee8abe5de9cbd936b51db292c8d3c406b0e79e7 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[BRIDGE]: adding new device to bridge should enable if up
[IPV6]: Do not set IF_READY if device is down
[IPSEC]: xfrm audit hook misplaced in pfkey_delete and xfrm_del_sa
[IPSEC]: Add xfrm policy change auditing to pfkey_spdget
[IPSEC]: xfrm_policy delete security check misplaced
[CONNECTOR]: Bugfix for cn_call_callback()
[DCCP]: Revert patch which disables bidirectional mode
[IPV6]: Handle np->opt being NULL in ipv6_getsockopt_sticky().
[UDP]: Reread uh pointer after pskb_trim
[NETFILTER]: nfnetlink_log: fix crash on bridged packet
[NETFILTER]: nfnetlink_log: zero-terminate prefix
[NETFILTER]: nf_conntrack_ipv6: fix incorrect classification of IPv6 fragments as ESTABLISHED

Linus Torvalds 19 years ago eee8abe5 06aa5b4a

+75 -72

13 changed files

expand all

unified split

drivers

connector

connector.c

include

net

xfrm.h

net

bridge

br_if.c

dccp

ccids

ccid3.c

input.c

ipv4

udp.c

ipv6

addrconf.c

ipv6_sockglue.c

netfilter

nf_conntrack_l3proto_ipv6.c

key

af_key.c

netfilter

nfnetlink_log.c

xfrm

xfrm_policy.c

xfrm_user.c

+11 -11

drivers/connector/connector.c

··· 128 128 */ 129 129 static int cn_call_callback(struct cn_msg *msg, void (*destruct_data)(void *), void *data) 130 130 { 131 - struct cn_callback_entry *__cbq; 131 + struct cn_callback_entry *__cbq, *__new_cbq; 132 132 struct cn_dev *dev = &cdev; 133 133 int err = -ENODEV; 134 134 ··· 148 148 } else { 149 149 struct cn_callback_data *d; 150 150 151 - __cbq = kzalloc(sizeof(*__cbq), GFP_ATOMIC); 152 - if (__cbq) { 153 - d = &__cbq->data; 151 + err = -ENOMEM; 152 + __new_cbq = kzalloc(sizeof(struct cn_callback_entry), GFP_ATOMIC); 153 + if (__new_cbq) { 154 + d = &__new_cbq->data; 154 155 d->callback_priv = msg; 155 156 d->callback = __cbq->data.callback; 156 157 d->ddata = data; 157 158 d->destruct_data = destruct_data; 158 - d->free = __cbq; 159 + d->free = __new_cbq; 159 160 160 - INIT_WORK(&__cbq->work, 161 + INIT_WORK(&__new_cbq->work, 161 162 &cn_queue_wrapper); 162 - 163 + 163 164 if (queue_work(dev->cbdev->cn_queue, 164 - &__cbq->work)) 165 + &__new_cbq->work)) 165 166 err = 0; 166 167 else { 167 - kfree(__cbq); 168 + kfree(__new_cbq); 168 169 err = -EINVAL; 169 170 } 170 - } else 171 - err = -ENOMEM; 171 + } 172 172 } 173 173 break; 174 174 }

+3 -2

include/net/xfrm.h

··· 988 988 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); 989 989 struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, 990 990 struct xfrm_selector *sel, 991 - struct xfrm_sec_ctx *ctx, int delete); 992 - struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete); 991 + struct xfrm_sec_ctx *ctx, int delete, 992 + int *err); 993 + struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete, int *err); 993 994 void xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info); 994 995 u32 xfrm_get_acqseq(void); 995 996 void xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi);

net/bridge/br_if.c

··· 428 428 spin_lock_bh(&br->lock); 429 429 br_stp_recalculate_bridge_id(br); 430 430 br_features_recompute(br); 431 + 432 + if ((dev->flags & IFF_UP) && netif_carrier_ok(dev) && 433 + (br->dev->flags & IFF_UP)) 434 + br_stp_enable_port(p); 431 435 spin_unlock_bh(&br->lock); 432 436 433 437 dev_set_mtu(br->dev, br_min_mtu(br));

+1 -6

net/dccp/ccids/ccid3.c

··· 545 545 /* set idle flag */ 546 546 hctx->ccid3hctx_idle = 1; 547 547 break; 548 - case TFRC_SSTATE_NO_SENT: 549 - /* 550 - * XXX when implementing bidirectional rx/tx check this again 551 - */ 552 - DCCP_WARN("Illegal ACK received - no packet sent\n"); 553 - /* fall through */ 548 + case TFRC_SSTATE_NO_SENT: /* fall through */ 554 549 case TFRC_SSTATE_TERM: /* ignore feedback when closing */ 555 550 break; 556 551 }

+4 -17

net/dccp/input.c

··· 248 248 DCCP_ACKVEC_STATE_RECEIVED)) 249 249 goto discard; 250 250 251 - /* 252 - * Deliver to the CCID module in charge. 253 - * FIXME: Currently DCCP operates one-directional only, i.e. a listening 254 - * server is not at the same time a connecting client. There is 255 - * not much sense in delivering to both rx/tx sides at the moment 256 - * (only one is active at a time); when moving to bidirectional 257 - * service, this needs to be revised. 258 - */ 259 - if (dccp_sk(sk)->dccps_role == DCCP_ROLE_CLIENT) 260 - ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb); 261 - else /* listening or connected server */ 262 - ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb); 251 + ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb); 252 + ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb); 263 253 264 254 return __dccp_rcv_established(sk, skb, dh, len); 265 255 discard: ··· 484 494 DCCP_ACKVEC_STATE_RECEIVED)) 485 495 goto discard; 486 496 487 - /* XXX see the comments in dccp_rcv_established about this */ 488 - if (dccp_sk(sk)->dccps_role == DCCP_ROLE_CLIENT) 489 - ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb); 490 - else 491 - ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb); 497 + ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb); 498 + ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb); 492 499 } 493 500 494 501 /*

net/ipv4/udp.c

··· 1215 1215 1216 1216 if (ulen < sizeof(*uh) || pskb_trim_rcsum(skb, ulen)) 1217 1217 goto short_packet; 1218 + uh = skb->h.uh; 1218 1219 1219 1220 udp4_csum_init(skb, uh); 1220 1221

-4

net/ipv6/addrconf.c

··· 342 342 } 343 343 #endif 344 344 345 - if (netif_carrier_ok(dev)) 346 - ndev->if_flags |= IF_READY; 347 - 348 - 349 345 ipv6_mc_init_dev(ndev); 350 346 ndev->tstamp = jiffies; 351 347 #ifdef CONFIG_SYSCTL

+7 -3

net/ipv6/ipv6_sockglue.c

··· 795 795 EXPORT_SYMBOL(compat_ipv6_setsockopt); 796 796 #endif 797 797 798 - static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_opt_hdr *hdr, 798 + static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt, 799 799 char __user *optval, int len) 800 800 { 801 - if (!hdr) 801 + struct ipv6_opt_hdr *hdr; 802 + 803 + if (!opt || !opt->hopopt) 802 804 return 0; 805 + hdr = opt->hopopt; 806 + 803 807 len = min_t(int, len, ipv6_optlen(hdr)); 804 808 if (copy_to_user(optval, hdr, ipv6_optlen(hdr))) 805 809 return -EFAULT; ··· 944 940 { 945 941 946 942 lock_sock(sk); 947 - len = ipv6_getsockopt_sticky(sk, np->opt->hopopt, 943 + len = ipv6_getsockopt_sticky(sk, np->opt, 948 944 optval, len); 949 945 release_sock(sk); 950 946 return put_user(len, optlen);

net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c

··· 257 257 } 258 258 nf_conntrack_get(reasm->nfct); 259 259 (*pskb)->nfct = reasm->nfct; 260 + (*pskb)->nfctinfo = reasm->nfctinfo; 260 261 return NF_ACCEPT; 261 262 } 262 263

+14 -12

net/key/af_key.c

··· 1467 1467 1468 1468 err = xfrm_state_delete(x); 1469 1469 1470 - xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 1471 - AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); 1472 - 1473 1470 if (err < 0) 1474 1471 goto out; 1475 1472 ··· 1475 1478 c.event = XFRM_MSG_DELSA; 1476 1479 km_state_notify(x, &c); 1477 1480 out: 1481 + xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 1482 + AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); 1478 1483 xfrm_state_put(x); 1479 1484 1480 1485 return err; ··· 2293 2294 } 2294 2295 2295 2296 xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1, 2296 - &sel, tmp.security, 1); 2297 + &sel, tmp.security, 1, &err); 2297 2298 security_xfrm_policy_free(&tmp); 2298 2299 2299 2300 if (xp == NULL) 2300 2301 return -ENOENT; 2301 - 2302 - err = security_xfrm_policy_delete(xp); 2303 2302 2304 2303 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 2305 2304 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); ··· 2536 2539 static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2537 2540 { 2538 2541 unsigned int dir; 2539 - int err; 2542 + int err = 0, delete; 2540 2543 struct sadb_x_policy *pol; 2541 2544 struct xfrm_policy *xp; 2542 2545 struct km_event c; ··· 2548 2551 if (dir >= XFRM_POLICY_MAX) 2549 2552 return -EINVAL; 2550 2553 2554 + delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2); 2551 2555 xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id, 2552 - hdr->sadb_msg_type == SADB_X_SPDDELETE2); 2556 + delete, &err); 2553 2557 if (xp == NULL) 2554 2558 return -ENOENT; 2555 2559 2556 - err = 0; 2560 + if (delete) { 2561 + xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 2562 + AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 2557 2563 2558 - c.seq = hdr->sadb_msg_seq; 2559 - c.pid = hdr->sadb_msg_pid; 2560 - if (hdr->sadb_msg_type == SADB_X_SPDDELETE2) { 2564 + if (err) 2565 + goto out; 2566 + c.seq = hdr->sadb_msg_seq; 2567 + c.pid = hdr->sadb_msg_pid; 2561 2568 c.data.byid = 1; 2562 2569 c.event = XFRM_MSG_DELPOLICY; 2563 2570 km_policy_notify(xp, dir, &c); ··· 2569 2568 err = key_pol_get_resp(sk, xp, hdr, dir); 2570 2569 } 2571 2570 2571 + out: 2572 2572 xfrm_pol_put(xp); 2573 2573 return err; 2574 2574 }

+2 -2

net/netfilter/nfnetlink_log.c

··· 486 486 * for physical device (when called from ipv4) */ 487 487 NFA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV, 488 488 sizeof(tmp_uint), &tmp_uint); 489 - if (skb->nf_bridge) { 489 + if (skb->nf_bridge && skb->nf_bridge->physoutdev) { 490 490 tmp_uint = 491 491 htonl(skb->nf_bridge->physoutdev->ifindex); 492 492 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSOUTDEV, ··· 615 615 616 616 plen = 0; 617 617 if (prefix) 618 - plen = strlen(prefix); 618 + plen = strlen(prefix) + 1; 619 619 620 620 /* all macros expand to constant values at compile time */ 621 621 /* FIXME: do we want to make the size calculation conditional based on

+16 -2

net/xfrm/xfrm_policy.c

··· 735 735 736 736 struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, 737 737 struct xfrm_selector *sel, 738 - struct xfrm_sec_ctx *ctx, int delete) 738 + struct xfrm_sec_ctx *ctx, int delete, 739 + int *err) 739 740 { 740 741 struct xfrm_policy *pol, *ret; 741 742 struct hlist_head *chain; 742 743 struct hlist_node *entry; 743 744 745 + *err = 0; 744 746 write_lock_bh(&xfrm_policy_lock); 745 747 chain = policy_hash_bysel(sel, sel->family, dir); 746 748 ret = NULL; ··· 752 750 xfrm_sec_ctx_match(ctx, pol->security)) { 753 751 xfrm_pol_hold(pol); 754 752 if (delete) { 753 + *err = security_xfrm_policy_delete(pol); 754 + if (*err) { 755 + write_unlock_bh(&xfrm_policy_lock); 756 + return pol; 757 + } 755 758 hlist_del(&pol->bydst); 756 759 hlist_del(&pol->byidx); 757 760 xfrm_policy_count[dir]--; ··· 775 768 } 776 769 EXPORT_SYMBOL(xfrm_policy_bysel_ctx); 777 770 778 - struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete) 771 + struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete, 772 + int *err) 779 773 { 780 774 struct xfrm_policy *pol, *ret; 781 775 struct hlist_head *chain; 782 776 struct hlist_node *entry; 783 777 778 + *err = 0; 784 779 write_lock_bh(&xfrm_policy_lock); 785 780 chain = xfrm_policy_byidx + idx_hash(id); 786 781 ret = NULL; ··· 790 781 if (pol->type == type && pol->index == id) { 791 782 xfrm_pol_hold(pol); 792 783 if (delete) { 784 + *err = security_xfrm_policy_delete(pol); 785 + if (*err) { 786 + write_unlock_bh(&xfrm_policy_lock); 787 + return pol; 788 + } 793 789 hlist_del(&pol->bydst); 794 790 hlist_del(&pol->byidx); 795 791 xfrm_policy_count[dir]--;

+11 -13

net/xfrm/xfrm_user.c

··· 530 530 531 531 err = xfrm_state_delete(x); 532 532 533 - xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 534 - AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); 535 - 536 533 if (err < 0) 537 534 goto out; 538 535 ··· 539 542 km_state_notify(x, &c); 540 543 541 544 out: 545 + xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 546 + AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); 542 547 xfrm_state_put(x); 543 548 return err; 544 549 } ··· 1253 1254 return err; 1254 1255 1255 1256 if (p->index) 1256 - xp = xfrm_policy_byid(type, p->dir, p->index, delete); 1257 + xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err); 1257 1258 else { 1258 1259 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1259 1260 struct xfrm_policy tmp; ··· 1269 1270 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1270 1271 return err; 1271 1272 } 1272 - xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete); 1273 + xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1274 + delete, &err); 1273 1275 security_xfrm_policy_free(&tmp); 1274 1276 } 1275 1277 if (xp == NULL) ··· 1288 1288 MSG_DONTWAIT); 1289 1289 } 1290 1290 } else { 1291 - err = security_xfrm_policy_delete(xp); 1292 - 1293 1291 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1294 1292 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 1295 1293 ··· 1301 1303 km_policy_notify(xp, p->dir, &c); 1302 1304 } 1303 1305 1304 - xfrm_pol_put(xp); 1305 - 1306 1306 out: 1307 + xfrm_pol_put(xp); 1307 1308 return err; 1308 1309 } 1309 1310 ··· 1499 1502 return err; 1500 1503 1501 1504 if (p->index) 1502 - xp = xfrm_policy_byid(type, p->dir, p->index, 0); 1505 + xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err); 1503 1506 else { 1504 1507 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1505 1508 struct xfrm_policy tmp; ··· 1515 1518 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1516 1519 return err; 1517 1520 } 1518 - xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 0); 1521 + xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1522 + 0, &err); 1519 1523 security_xfrm_policy_free(&tmp); 1520 1524 } 1521 1525 1522 1526 if (xp == NULL) 1523 - return err; 1524 - read_lock(&xp->lock); 1527 + return -ENOENT; 1528 + read_lock(&xp->lock); 1525 1529 if (xp->dead) { 1526 1530 read_unlock(&xp->lock); 1527 1531 goto out;