Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (32 commits) [NET]: Fix more per-cpu typos [SECURITY]: Fix build with CONFIG_SECURITY disabled. [I/OAT]: Remove CPU hotplug lock from net_dma_rebalance [DECNET]: Fix for routing bug [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch [NET]: skb_queue_lock_key() is no longer used. [NET]: Remove lockdep_set_class() call from skb_queue_head_init(). [IPV6]: SNMPv2 "ipv6IfStatsOutFragCreates" counter error [IPV6]: SNMPv2 "ipv6IfStatsInHdrErrors" counter error [NET]: Kill the WARN_ON() calls for checksum fixups. [NETFILTER]: xt_hashlimit/xt_string: missing string validation [NETFILTER]: SIP helper: expect RTP streams in both directions [E1000]: Convert to netdev_alloc_skb [TG3]: Convert to netdev_alloc_skb [NET]: Add netdev_alloc_skb(). [TCP]: Process linger2 timeout consistently. [SECURITY] secmark: nul-terminate secdata [NET] infiniband: Cleanup ib_addr module to use the netevents [NET]: Core net changes to generate netevents [NET]: Network Event Notifier Mechanism. ...
This commit is contained in:
@@ -6,7 +6,6 @@
|
||||
|
||||
#include <linux/netfilter.h>
|
||||
#if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER)
|
||||
#include <asm/atomic.h>
|
||||
#include <linux/if_ether.h>
|
||||
#endif
|
||||
|
||||
|
||||
@@ -1109,6 +1109,16 @@ struct swap_info_struct;
|
||||
* @name contains the name of the security module being unstacked.
|
||||
* @ops contains a pointer to the struct security_operations of the module to unstack.
|
||||
*
|
||||
* @secid_to_secctx:
|
||||
* Convert secid to security context.
|
||||
* @secid contains the security ID.
|
||||
* @secdata contains the pointer that stores the converted security context.
|
||||
*
|
||||
* @release_secctx:
|
||||
* Release the security context.
|
||||
* @secdata contains the security context.
|
||||
* @seclen contains the length of the security context.
|
||||
*
|
||||
* This is the main security structure.
|
||||
*/
|
||||
struct security_operations {
|
||||
@@ -1289,6 +1299,8 @@ struct security_operations {
|
||||
|
||||
int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size);
|
||||
int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size);
|
||||
int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
|
||||
void (*release_secctx)(char *secdata, u32 seclen);
|
||||
|
||||
#ifdef CONFIG_SECURITY_NETWORK
|
||||
int (*unix_stream_connect) (struct socket * sock,
|
||||
@@ -1317,7 +1329,7 @@ struct security_operations {
|
||||
int (*socket_shutdown) (struct socket * sock, int how);
|
||||
int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb);
|
||||
int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
|
||||
int (*socket_getpeersec_dgram) (struct sk_buff *skb, char **secdata, u32 *seclen);
|
||||
int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
|
||||
int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
|
||||
void (*sk_free_security) (struct sock *sk);
|
||||
unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir);
|
||||
@@ -2059,6 +2071,16 @@ static inline int security_netlink_recv(struct sk_buff * skb, int cap)
|
||||
return security_ops->netlink_recv(skb, cap);
|
||||
}
|
||||
|
||||
static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
|
||||
{
|
||||
return security_ops->secid_to_secctx(secid, secdata, seclen);
|
||||
}
|
||||
|
||||
static inline void security_release_secctx(char *secdata, u32 seclen)
|
||||
{
|
||||
return security_ops->release_secctx(secdata, seclen);
|
||||
}
|
||||
|
||||
/* prototypes */
|
||||
extern int security_init (void);
|
||||
extern int register_security (struct security_operations *ops);
|
||||
@@ -2725,6 +2747,14 @@ static inline void securityfs_remove(struct dentry *dentry)
|
||||
{
|
||||
}
|
||||
|
||||
static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
|
||||
{
|
||||
return -EOPNOTSUPP;
|
||||
}
|
||||
|
||||
static inline void security_release_secctx(char *secdata, u32 seclen)
|
||||
{
|
||||
}
|
||||
#endif /* CONFIG_SECURITY */
|
||||
|
||||
#ifdef CONFIG_SECURITY_NETWORK
|
||||
@@ -2840,10 +2870,9 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, char __
|
||||
return security_ops->socket_getpeersec_stream(sock, optval, optlen, len);
|
||||
}
|
||||
|
||||
static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata,
|
||||
u32 *seclen)
|
||||
static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
|
||||
{
|
||||
return security_ops->socket_getpeersec_dgram(skb, secdata, seclen);
|
||||
return security_ops->socket_getpeersec_dgram(sock, skb, secid);
|
||||
}
|
||||
|
||||
static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
|
||||
@@ -2968,8 +2997,7 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, char __
|
||||
return -ENOPROTOOPT;
|
||||
}
|
||||
|
||||
static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata,
|
||||
u32 *seclen)
|
||||
static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
|
||||
{
|
||||
return -ENOPROTOOPT;
|
||||
}
|
||||
|
||||
+30
-3
@@ -604,12 +604,17 @@ static inline __u32 skb_queue_len(const struct sk_buff_head *list_)
|
||||
return list_->qlen;
|
||||
}
|
||||
|
||||
extern struct lock_class_key skb_queue_lock_key;
|
||||
|
||||
/*
|
||||
* This function creates a split out lock class for each invocation;
|
||||
* this is needed for now since a whole lot of users of the skb-queue
|
||||
* infrastructure in drivers have different locking usage (in hardirq)
|
||||
* than the networking core (in softirq only). In the long run either the
|
||||
* network layer or drivers should need annotation to consolidate the
|
||||
* main types of usage into 3 classes.
|
||||
*/
|
||||
static inline void skb_queue_head_init(struct sk_buff_head *list)
|
||||
{
|
||||
spin_lock_init(&list->lock);
|
||||
lockdep_set_class(&list->lock, &skb_queue_lock_key);
|
||||
list->prev = list->next = (struct sk_buff *)list;
|
||||
list->qlen = 0;
|
||||
}
|
||||
@@ -1104,6 +1109,28 @@ static inline struct sk_buff *dev_alloc_skb(unsigned int length)
|
||||
return __dev_alloc_skb(length, GFP_ATOMIC);
|
||||
}
|
||||
|
||||
extern struct sk_buff *__netdev_alloc_skb(struct net_device *dev,
|
||||
unsigned int length, gfp_t gfp_mask);
|
||||
|
||||
/**
|
||||
* netdev_alloc_skb - allocate an skbuff for rx on a specific device
|
||||
* @dev: network device to receive on
|
||||
* @length: length to allocate
|
||||
*
|
||||
* Allocate a new &sk_buff and assign it a usage count of one. The
|
||||
* buffer has unspecified headroom built in. Users should allocate
|
||||
* the headroom they think they need without accounting for the
|
||||
* built in space. The built in space is used for optimisations.
|
||||
*
|
||||
* %NULL is returned if there is no free memory. Although this function
|
||||
* allocates memory it can be called from an interrupt.
|
||||
*/
|
||||
static inline struct sk_buff *netdev_alloc_skb(struct net_device *dev,
|
||||
unsigned int length)
|
||||
{
|
||||
return __netdev_alloc_skb(dev, length, GFP_ATOMIC);
|
||||
}
|
||||
|
||||
/**
|
||||
* skb_cow - copy header of skb when it is required
|
||||
* @skb: buffer to cow
|
||||
|
||||
@@ -54,15 +54,13 @@ struct unix_skb_parms {
|
||||
struct ucred creds; /* Skb credentials */
|
||||
struct scm_fp_list *fp; /* Passed files */
|
||||
#ifdef CONFIG_SECURITY_NETWORK
|
||||
char *secdata; /* Security context */
|
||||
u32 seclen; /* Security length */
|
||||
u32 secid; /* Security ID */
|
||||
#endif
|
||||
};
|
||||
|
||||
#define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb))
|
||||
#define UNIXCREDS(skb) (&UNIXCB((skb)).creds)
|
||||
#define UNIXSECDATA(skb) (&UNIXCB((skb)).secdata)
|
||||
#define UNIXSECLEN(skb) (&UNIXCB((skb)).seclen)
|
||||
#define UNIXSID(skb) (&UNIXCB((skb)).secid)
|
||||
|
||||
#define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock)
|
||||
#define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock)
|
||||
|
||||
@@ -139,16 +139,22 @@ extern rwlock_t rt6_lock;
|
||||
/*
|
||||
* Store a destination cache entry in a socket
|
||||
*/
|
||||
static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst,
|
||||
struct in6_addr *daddr)
|
||||
static inline void __ip6_dst_store(struct sock *sk, struct dst_entry *dst,
|
||||
struct in6_addr *daddr)
|
||||
{
|
||||
struct ipv6_pinfo *np = inet6_sk(sk);
|
||||
struct rt6_info *rt = (struct rt6_info *) dst;
|
||||
|
||||
write_lock(&sk->sk_dst_lock);
|
||||
sk_setup_caps(sk, dst);
|
||||
np->daddr_cache = daddr;
|
||||
np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0;
|
||||
}
|
||||
|
||||
static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst,
|
||||
struct in6_addr *daddr)
|
||||
{
|
||||
write_lock(&sk->sk_dst_lock);
|
||||
__ip6_dst_store(sk, dst, daddr);
|
||||
write_unlock(&sk->sk_dst_lock);
|
||||
}
|
||||
|
||||
|
||||
@@ -468,6 +468,9 @@ extern void ip6_flush_pending_frames(struct sock *sk);
|
||||
extern int ip6_dst_lookup(struct sock *sk,
|
||||
struct dst_entry **dst,
|
||||
struct flowi *fl);
|
||||
extern int ip6_sk_dst_lookup(struct sock *sk,
|
||||
struct dst_entry **dst,
|
||||
struct flowi *fl);
|
||||
|
||||
/*
|
||||
* skb processing functions
|
||||
|
||||
@@ -29,7 +29,7 @@ static inline struct dma_chan *get_softnet_dma(void)
|
||||
{
|
||||
struct dma_chan *chan;
|
||||
rcu_read_lock();
|
||||
chan = rcu_dereference(__get_cpu_var(softnet_data.net_dma));
|
||||
chan = rcu_dereference(__get_cpu_var(softnet_data).net_dma);
|
||||
if (chan)
|
||||
dma_chan_get(chan);
|
||||
rcu_read_unlock();
|
||||
|
||||
@@ -0,0 +1,33 @@
|
||||
#ifndef _NET_EVENT_H
|
||||
#define _NET_EVENT_H
|
||||
|
||||
/*
|
||||
* Generic netevent notifiers
|
||||
*
|
||||
* Authors:
|
||||
* Tom Tucker <tom@opengridcomputing.com>
|
||||
* Steve Wise <swise@opengridcomputing.com>
|
||||
*
|
||||
* Changes:
|
||||
*/
|
||||
#ifdef __KERNEL__
|
||||
|
||||
#include <net/dst.h>
|
||||
|
||||
struct netevent_redirect {
|
||||
struct dst_entry *old;
|
||||
struct dst_entry *new;
|
||||
};
|
||||
|
||||
enum netevent_notif_type {
|
||||
NETEVENT_NEIGH_UPDATE = 1, /* arg is struct neighbour ptr */
|
||||
NETEVENT_PMTU_UPDATE, /* arg is struct dst_entry ptr */
|
||||
NETEVENT_REDIRECT, /* arg is struct netevent_redirect ptr */
|
||||
};
|
||||
|
||||
extern int register_netevent_notifier(struct notifier_block *nb);
|
||||
extern int unregister_netevent_notifier(struct notifier_block *nb);
|
||||
extern int call_netevent_notifiers(unsigned long val, void *v);
|
||||
|
||||
#endif
|
||||
#endif
|
||||
+25
-4
@@ -3,6 +3,7 @@
|
||||
|
||||
#include <linux/limits.h>
|
||||
#include <linux/net.h>
|
||||
#include <linux/security.h>
|
||||
|
||||
/* Well, we should have at least one descriptor open
|
||||
* to accept passed FDs 8)
|
||||
@@ -20,8 +21,7 @@ struct scm_cookie
|
||||
struct ucred creds; /* Skb credentials */
|
||||
struct scm_fp_list *fp; /* Passed files */
|
||||
#ifdef CONFIG_SECURITY_NETWORK
|
||||
char *secdata; /* Security context */
|
||||
u32 seclen; /* Security length */
|
||||
u32 secid; /* Passed security ID */
|
||||
#endif
|
||||
unsigned long seq; /* Connection seqno */
|
||||
};
|
||||
@@ -32,6 +32,16 @@ extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie
|
||||
extern void __scm_destroy(struct scm_cookie *scm);
|
||||
extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl);
|
||||
|
||||
#ifdef CONFIG_SECURITY_NETWORK
|
||||
static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
|
||||
{
|
||||
security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
|
||||
}
|
||||
#else
|
||||
static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
|
||||
{ }
|
||||
#endif /* CONFIG_SECURITY_NETWORK */
|
||||
|
||||
static __inline__ void scm_destroy(struct scm_cookie *scm)
|
||||
{
|
||||
if (scm && scm->fp)
|
||||
@@ -47,6 +57,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
|
||||
scm->creds.pid = p->tgid;
|
||||
scm->fp = NULL;
|
||||
scm->seq = 0;
|
||||
unix_get_peersec_dgram(sock, scm);
|
||||
if (msg->msg_controllen <= 0)
|
||||
return 0;
|
||||
return __scm_send(sock, msg, scm);
|
||||
@@ -55,8 +66,18 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
|
||||
#ifdef CONFIG_SECURITY_NETWORK
|
||||
static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
|
||||
{
|
||||
if (test_bit(SOCK_PASSSEC, &sock->flags) && scm->secdata != NULL)
|
||||
put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, scm->seclen, scm->secdata);
|
||||
char *secdata;
|
||||
u32 seclen;
|
||||
int err;
|
||||
|
||||
if (test_bit(SOCK_PASSSEC, &sock->flags)) {
|
||||
err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
|
||||
|
||||
if (!err) {
|
||||
put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
|
||||
security_release_secctx(secdata, seclen);
|
||||
}
|
||||
}
|
||||
}
|
||||
#else
|
||||
static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
|
||||
|
||||
@@ -914,6 +914,9 @@ static inline void tcp_set_state(struct sock *sk, int state)
|
||||
|
||||
static inline void tcp_done(struct sock *sk)
|
||||
{
|
||||
if(sk->sk_state == TCP_SYN_SENT || sk->sk_state == TCP_SYN_RECV)
|
||||
TCP_INC_STATS_BH(TCP_MIB_ATTEMPTFAILS);
|
||||
|
||||
tcp_set_state(sk, TCP_CLOSE);
|
||||
tcp_clear_xmit_timers(sk);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user