#
8053fc3d |
| 26-Nov-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Temporarily remove locks around copying of non-atomic fields
The change 050f009e16f908932070313c1745d09dc69fd62b
[IPSEC]: Lock state when copying non-atomic fields to user-space
caused a
[IPSEC]: Temporarily remove locks around copying of non-atomic fields
The change 050f009e16f908932070313c1745d09dc69fd62b
[IPSEC]: Lock state when copying non-atomic fields to user-space
caused a regression.
Ingo Molnar reports that it causes a potential dead-lock found by the lock validator as it tries to take x->lock within xfrm_state_lock while numerous other sites take the locks in opposite order.
For 2.6.24, the best fix is to simply remove the added locks as that puts us back in the same state as we've been in for years. For later kernels a proper fix would be to reverse the locking order for every xfrm state user such that if x->lock is taken together with xfrm_state_lock then it is to be taken within it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
show more ...
|
#
cd40b7d3 |
| 10-Oct-2007 |
Denis V. Lunev <den@openvz.org> |
[NET]: make netlink user -> kernel interface synchronious
This patch make processing netlink user -> kernel messages synchronious. This change was inspired by the talk with Alexey Kuznetsov about cu
[NET]: make netlink user -> kernel interface synchronious
This patch make processing netlink user -> kernel messages synchronious. This change was inspired by the talk with Alexey Kuznetsov about current netlink messages processing. He says that he was badly wrong when introduced asynchronious user -> kernel communication.
The call netlink_unicast is the only path to send message to the kernel netlink socket. But, unfortunately, it is also used to send data to the user.
Before this change the user message has been attached to the socket queue and sk->sk_data_ready was called. The process has been blocked until all pending messages were processed. The bad thing is that this processing may occur in the arbitrary process context.
This patch changes nlk->data_ready callback to get 1 skb and force packet processing right in the netlink_unicast.
Kernel -> user path in netlink_unicast remains untouched.
EINTR processing for in netlink_run_queue was changed. It forces rtnl_lock drop, but the process remains in the cycle until the message will be fully processed. So, there is no need to use this kludges now.
Signed-off-by: Denis V. Lunev <den@openvz.org> Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
050f009e |
| 09-Oct-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Lock state when copying non-atomic fields to user-space
This patch adds locking so that when we're copying non-atomic fields such as life-time or coaddr to user-space we don't get a partial
[IPSEC]: Lock state when copying non-atomic fields to user-space
This patch adds locking so that when we're copying non-atomic fields such as life-time or coaddr to user-space we don't get a partial result.
For af_key I've changed every instance of pfkey_xfrm_state2msg apart from expiration notification to include the keys and life-times. This is in-line with XFRM behaviour.
The actual cases affected are:
* pfkey_getspi: No change as we don't have any keys to copy. * key_notify_sa: + ADD/UPD: This wouldn't work otherwise. + DEL: It can't hurt.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
68325d3b |
| 09-Oct-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[XFRM] user: Move attribute copying code into copy_to_user_state_extra
Here's a good example of code duplication leading to code rot. The notification patch did its own netlink message creation for
[XFRM] user: Move attribute copying code into copy_to_user_state_extra
Here's a good example of code duplication leading to code rot. The notification patch did its own netlink message creation for xfrm states. It duplicated code that was already in dump_one_state. Guess what, the next time (and the time after) when someone updated dump_one_state the notification path got zilch.
This patch moves that code from dump_one_state to copy_to_user_state_extra and uses it in xfrm_notify_sa too. Unfortunately whoever updates this still needs to update xfrm_sa_len since the notification path wants to know the exact size for allocation.
At least I've added a comment saying so and if someone still forgest, we'll have a WARN_ON telling us so.
I also changed the security size calculation to use xfrm_user_sec_ctx since that's what we actually put into the skb. However it makes no practical difference since it has the same size as xfrm_sec_ctx.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
658b219e |
| 09-Oct-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Move common code into xfrm_alloc_spi
This patch moves some common code that conceptually belongs to the xfrm core from af_key/xfrm_user into xfrm_alloc_spi.
In particular, the spin lock on
[IPSEC]: Move common code into xfrm_alloc_spi
This patch moves some common code that conceptually belongs to the xfrm core from af_key/xfrm_user into xfrm_alloc_spi.
In particular, the spin lock on the state is now taken inside xfrm_alloc_spi. Previously it also protected the construction of the response PF_KEY/XFRM messages to user-space. This is inconsistent as other identical constructions are not protected by the state lock. This is bad because they in fact should be protected but only in certain spots (so as not to hold the lock for too long which may cause packet drops).
The SPI byte order conversion has also been moved.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
0cfad075 |
| 16-Sep-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[NETLINK]: Avoid pointer in netlink_run_queue
I was looking at Patrick's fix to inet_diag and it occured to me that we're using a pointer argument to return values unnecessarily in netlink_run_queue
[NETLINK]: Avoid pointer in netlink_run_queue
I was looking at Patrick's fix to inet_diag and it occured to me that we're using a pointer argument to return values unnecessarily in netlink_run_queue. Changing it to return the value will allow the compiler to generate better code since the value won't have to be memory-backed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
b4b51029 |
| 12-Sep-2007 |
Eric W. Biederman <ebiederm@xmission.com> |
[NET]: Support multiple network namespaces with netlink
Each netlink socket will live in exactly one network namespace, this includes the controlling kernel sockets.
This patch updates all of the e
[NET]: Support multiple network namespaces with netlink
Each netlink socket will live in exactly one network namespace, this includes the controlling kernel sockets.
This patch updates all of the existing netlink protocols to only support the initial network namespace. Request by clients in other namespaces will get -ECONREFUSED. As they would if the kernel did not have the support for that netlink protocol compiled in.
As each netlink protocol is updated to be multiple network namespace safe it can register multiple kernel sockets to acquire a presence in the rest of the network namespaces.
The implementation in af_netlink is a simple filter implementation at hash table insertion and hash table look up time.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
ab5f5e8b |
| 17-Sep-2007 |
Joy Latten <latten@austin.ibm.com> |
[XFRM]: xfrm audit calls
This patch modifies the current ipsec audit layer by breaking it up into purpose driven audit calls.
So far, the only audit calls made are when add/delete an SA/policy. It
[XFRM]: xfrm audit calls
This patch modifies the current ipsec audit layer by breaking it up into purpose driven audit calls.
So far, the only audit calls made are when add/delete an SA/policy. It had been discussed to give each key manager it's own calls to do this, but I found there to be much redundnacy since they did the exact same things, except for how they got auid and sid, so I combined them. The below audit calls can be made by any key manager. Hopefully, this is ok.
Signed-off-by: Joy Latten <latten@austin.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
fd21150a |
| 06-Sep-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Inline attach_encap_tmpl(), attach_sec_ctx(), and attach_one_addr()
These functions are only used once and are a lot easier to understand if inlined directly into the function.
Fixe
[XFRM] netlink: Inline attach_encap_tmpl(), attach_sec_ctx(), and attach_one_addr()
These functions are only used once and are a lot easier to understand if inlined directly into the function.
Fixes by Masahide NAKAMURA.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
15901a27 |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Remove dependency on rtnetlink
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
5424f32e |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Use nlattr instead of rtattr
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
35a7aa08 |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Rename attribute array from xfrma[] to attrs[]
Increases readability a lot.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
fab44899 |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Enhance indexing of the attribute array
nlmsg_parse() puts attributes at array[type] so the indexing method can be simpilfied by removing the obscuring "- 1".
Signed-off-by: Thomas
[XFRM] netlink: Enhance indexing of the attribute array
nlmsg_parse() puts attributes at array[type] so the indexing method can be simpilfied by removing the obscuring "- 1".
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
cf5cb79f |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Establish an attribute policy
Adds a policy defining the minimal payload lengths for all the attributes allowing for most attribute validation checks to be removed from in the middle
[XFRM] netlink: Establish an attribute policy
Adds a policy defining the minimal payload lengths for all the attributes allowing for most attribute validation checks to be removed from in the middle of the code path. Makes updates more consistent as many format errors are recognised earlier, before any changes have been attempted.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
a7bd9a45 |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Use nlmsg_parse() to parse attributes
Uses nlmsg_parse() to parse the attributes. This actually changes behaviour as unknown attributes (type > MAXTYPE) no longer cause an error. Ins
[XFRM] netlink: Use nlmsg_parse() to parse attributes
Uses nlmsg_parse() to parse the attributes. This actually changes behaviour as unknown attributes (type > MAXTYPE) no longer cause an error. Instead unknown attributes will be ignored henceforth to keep older kernels compatible with more recent userspace tools.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
7deb2264 |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Use nlmsg_new() and type-safe size calculation helpers
Moves all complex message size calculation into own inlined helper functions and makes use of the type-safe netlink interface.
[XFRM] netlink: Use nlmsg_new() and type-safe size calculation helpers
Moves all complex message size calculation into own inlined helper functions and makes use of the type-safe netlink interface.
Using nlmsg_new() simplifies the calculation itself as it takes care of the netlink header length by itself.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
cfbfd45a |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Clear up some of the CONFIG_XFRM_SUB_POLICY ifdef mess
Moves all of the SUB_POLICY ifdefs related to the attribute size calculation into a function.
Signed-off-by: Thomas Graf <tgra
[XFRM] netlink: Clear up some of the CONFIG_XFRM_SUB_POLICY ifdef mess
Moves all of the SUB_POLICY ifdefs related to the attribute size calculation into a function.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
c26445ac |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Move algorithm length calculation to its own function
Adds alg_len() to calculate the properly padded length of an algorithm attribute to simplify the code.
Signed-off-by: Thomas Gr
[XFRM] netlink: Move algorithm length calculation to its own function
Adds alg_len() to calculate the properly padded length of an algorithm attribute to simplify the code.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
c0144bea |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Use nla_put()/NLA_PUT() variantes
Also makes use of copy_sec_ctx() in another place and removes duplicated code.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. M
[XFRM] netlink: Use nla_put()/NLA_PUT() variantes
Also makes use of copy_sec_ctx() in another place and removes duplicated code.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
082a1ad5 |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Use nlmsg_broadcast() and nlmsg_unicast()
This simplifies successful return codes from >0 to 0.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@dave
[XFRM] netlink: Use nlmsg_broadcast() and nlmsg_unicast()
This simplifies successful return codes from >0 to 0.
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
7b67c857 |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Use nlmsg_data() instead of NLMSG_DATA()
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
9825069d |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Use nlmsg_end() and nlmsg_cancel()
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
79b8b7f4 |
| 22-Aug-2007 |
Thomas Graf <tgraf@suug.ch> |
[XFRM] netlink: Use nlmsg_put() instead of NLMSG_PUT()
Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
196b0036 |
| 31-Jul-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[IPSEC]: Ensure that state inner family is set
Similar to the issue we had with template families which specified the inner families of policies, we need to set the inner families of states as the m
[IPSEC]: Ensure that state inner family is set
Similar to the issue we had with template families which specified the inner families of policies, we need to set the inner families of states as the main xfrm user Openswan leaves it as zero.
af_key is unaffected because the inner family is set by it and not the KM.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
show more ...
|
#
4aa2e62c |
| 04-Jun-2007 |
Joy Latten <latten@austin.ibm.com> |
xfrm: Add security check before flushing SAD/SPD
Currently we check for permission before deleting entries from SAD and SPD, (see security_xfrm_policy_delete() security_xfrm_state_delete()) However
xfrm: Add security check before flushing SAD/SPD
Currently we check for permission before deleting entries from SAD and SPD, (see security_xfrm_policy_delete() security_xfrm_state_delete()) However we are not checking for authorization when flushing the SPD and the SAD completely. It was perhaps missed in the original security hooks patch.
This patch adds a security check when flushing entries from the SAD and SPD. It runs the entire database and checks each entry for a denial. If the process attempting the flush is unable to remove all of the entries a denial is logged the the flush function returns an error without removing anything.
This is particularly useful when a process may need to create or delete its own xfrm entries used for things like labeled networking but that same process should not be able to delete other entries or flush the entire database.
Signed-off-by: Joy Latten<latten@austin.ibm.com> Signed-off-by: Eric Paris <eparis@parisplace.org> Signed-off-by: James Morris <jmorris@namei.org>
show more ...
|