1. 12 Mar, 2011 1 commit
  2. 09 Mar, 2011 1 commit
    • Vasiliy Kulikov's avatar
      net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules · 8909c9ad
      Vasiliy Kulikov authored
      Since a8f80e8f any process with
      CAP_NET_ADMIN may load any module from /lib/modules/.  This doesn't mean
      that CAP_NET_ADMIN is a superset of CAP_SYS_MODULE as modules are
      limited to /lib/modules/**.  However, CAP_NET_ADMIN capability shouldn't
      allow anybody load any module not related to networking.
      
      This patch restricts an ability of autoloading modules to netdev modules
      with explicit aliases.  This fixes CVE-2011-1019.
      
      Arnd Bergmann suggested to leave untouched the old pre-v2.6.32 behavior
      of loading netdev modules by name (without any prefix) for processes
      with CAP_SYS_MODULE to maintain the compatibility with network scripts
      that use autoloading netdev modules by aliases like "eth0", "wlan0".
      
      Currently there are only three users of the feature in the upstream
      kernel: ipip, ip_gre and sit.
      
          root@albatros:~# capsh --drop=$(seq -s, 0 11),$(seq -s, 13 34) --
          root@albatros:~# grep Cap /proc/$$/status
          CapInh:	0000000000000000
          CapPrm:	fffffff800001000
          CapEff:	fffffff800001000
          CapBnd:	fffffff800001000
          root@albatros:~# modprobe xfs
          FATAL: Error inserting xfs
          (/lib/modules/2.6.38-rc6-00001-g2bf4ca3/kernel/fs/xfs/xfs.ko): Operation not permitted
          root@albatros:~# lsmod | grep xfs
          root@albatros:~# ifconfig xfs
          xfs: error fetching interface information: Device not found
          root@albatros:~# lsmod | grep xfs
          root@albatros:~# lsmod | grep sit
          root@albatros:~# ifconfig sit
          sit: error fetching interface information: Device not found
          root@albatros:~# lsmod | grep sit
          root@albatros:~# ifconfig sit0
          sit0      Link encap:IPv6-in-IPv4
      	      NOARP  MTU:1480  Metric:1
      
          root@albatros:~# lsmod | grep sit
          sit                    10457  0
          tunnel4                 2957  1 sit
      
      For CAP_SYS_MODULE module loading is still relaxed:
      
          root@albatros:~# grep Cap /proc/$$/status
          CapInh:	0000000000000000
          CapPrm:	ffffffffffffffff
          CapEff:	ffffffffffffffff
          CapBnd:	ffffffffffffffff
          root@albatros:~# ifconfig xfs
          xfs: error fetching interface information: Device not found
          root@albatros:~# lsmod | grep xfs
          xfs                   745319  0
      
      Reference: https://lkml.org/lkml/2011/2/24/203
      
      Signed-off-by: default avatarVasiliy Kulikov <segoon@openwall.com>
      Signed-off-by: default avatarMichael Tokarev <mjt@tls.msk.ru>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      Acked-by: default avatarKees Cook <kees.cook@canonical.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      8909c9ad
  3. 02 Mar, 2011 1 commit
  4. 11 Feb, 2011 1 commit
  5. 13 Dec, 2010 2 commits
    • David S. Miller's avatar
      ipv4: Don't pre-seed hoplimit metric. · 323e126f
      David S. Miller authored
      
      
      Always go through a new ip4_dst_hoplimit() helper, just like ipv6.
      
      This allowed several simplifications:
      
      1) The interim dst_metric_hoplimit() can go as it's no longer
         userd.
      
      2) The sysctl_ip_default_ttl entry no longer needs to use
         ipv4_doint_and_flush, since the sysctl is not cached in
         routing cache metrics any longer.
      
      3) ipv4_doint_and_flush no longer needs to be exported and
         therefore can be marked static.
      
      When ipv4_doint_and_flush_strategy was removed some time ago,
      the external declaration in ip.h was mistakenly left around
      so kill that off too.
      
      We have to move the sysctl_ip_default_ttl declaration into
      ipv4's route cache definition header net/route.h, because
      currently net/ip.h (where the declaration lives now) has
      a back dependency on net/route.h
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      323e126f
    • David S. Miller's avatar
  6. 09 Dec, 2010 1 commit
    • David S. Miller's avatar
      net: Abstract away all dst_entry metrics accesses. · defb3519
      David S. Miller authored
      
      
      Use helper functions to hide all direct accesses, especially writes,
      to dst_entry metrics values.
      
      This will allow us to:
      
      1) More easily change how the metrics are stored.
      
      2) Implement COW for metrics.
      
      In particular this will help us put metrics into the inetpeer
      cache if that is what we end up doing.  We can make the _metrics
      member a pointer instead of an array, initially have it point
      at the read-only metrics in the FIB, and then on the first set
      grab an inetpeer entry and point the _metrics member there.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Acked-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      defb3519
  7. 01 Dec, 2010 2 commits
  8. 17 Nov, 2010 1 commit
  9. 15 Nov, 2010 1 commit
  10. 12 Nov, 2010 1 commit
  11. 30 Oct, 2010 1 commit
  12. 27 Oct, 2010 1 commit
  13. 19 Oct, 2010 1 commit
  14. 05 Oct, 2010 1 commit
    • Eric Dumazet's avatar
      net: add a core netdev->rx_dropped counter · caf586e5
      Eric Dumazet authored
      In various situations, a device provides a packet to our stack and we
      drop it before it enters protocol stack :
      - softnet backlog full (accounted in /proc/net/softnet_stat)
      - bad vlan tag (not accounted)
      - unknown/unregistered protocol (not accounted)
      
      We can handle a per-device counter of such dropped frames at core level,
      and automatically adds it to the device provided stats (rx_dropped), so
      that standard tools can be used (ifconfig, ip link, cat /proc/net/dev)
      
      This is a generalization of commit 8990f468
      
       (net: rx_dropped
      accounting), thus reverting it.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      caf586e5
  15. 30 Sep, 2010 1 commit
  16. 29 Sep, 2010 1 commit
    • Eric Dumazet's avatar
      ip_gre: lockless xmit · b790e01a
      Eric Dumazet authored
      
      
      GRE tunnels can benefit from lockless xmits, using NETIF_F_LLTX
      
      Note: If tunnels are created with the "oseq" option, LLTX is not
      enabled :
      
      Even using an atomic_t o_seq, we would increase chance for packets being
      out of order at receiver.
      
      Bench on a 16 cpus machine (dual E5540 cpus), 16 threads sending
      10000000 UDP frames via one gre tunnel (size:200 bytes per frame)
      
      Before patch :
      real	3m0.094s
      user	0m9.365s
      sys	47m50.103s
      
      After patch:
      real	0m29.756s
      user	0m11.097s
      sys	7m33.012s
      
      Last problem to solve is the contention on dst :
      
      38660.00 21.4% __ip_route_output_key          vmlinux
      20786.00 11.5% dst_release                    vmlinux
      14191.00  7.8% __xfrm_lookup                  vmlinux
      12410.00  6.9% ip_finish_output               vmlinux
       4540.00  2.5% ip_push_pending_frames         vmlinux
       4427.00  2.4% ip_append_data                 vmlinux
       4265.00  2.4% __alloc_skb                    vmlinux
       4140.00  2.3% __ip_local_out                 vmlinux
       3991.00  2.2% dev_queue_xmit                 vmlinux
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b790e01a
  17. 28 Sep, 2010 1 commit
    • Eric Dumazet's avatar
      ip_gre: percpu stats accounting · e985aad7
      Eric Dumazet authored
      
      
      Le lundi 27 septembre 2010 à 14:29 +0100, Ben Hutchings a écrit :
      
      > > diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
      > > index 5d6ddcb..de39b22 100644
      > > --- a/net/ipv4/ip_gre.c
      > > +++ b/net/ipv4/ip_gre.c
      > [...]
      > > @@ -377,7 +405,7 @@ static struct ip_tunnel *ipgre_tunnel_locate(struct net *net,
      > >  	if (parms->name[0])
      > >  		strlcpy(name, parms->name, IFNAMSIZ);
      > >  	else
      > > -		sprintf(name, "gre%%d");
      > > +		strcpy(name, "gre%d");
      > >
      > >  	dev = alloc_netdev(sizeof(*t), name, ipgre_tunnel_setup);
      > >  	if (!dev)
      > [...]
      >
      > This is a valid fix, but doesn't belong in this patch!
      >
      
      Sorry ? It was not a fix, but at most a cleanup ;)
      
      Anyway I forgot the gretap case...
      
      [PATCH 2/4 v2] ip_gre: percpu stats accounting
      
      Maintain per_cpu tx_bytes, tx_packets, rx_bytes, rx_packets.
      
      Other seldom used fields are kept in netdev->stats structure, possibly
      unsafe.
      
      This is a preliminary work to support lockless transmit path, and
      correct RX stats, that are already unsafe.
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e985aad7
  18. 23 Sep, 2010 1 commit
  19. 20 Sep, 2010 2 commits
  20. 16 Sep, 2010 1 commit
  21. 22 Aug, 2010 1 commit
    • Dmitry Kozlov's avatar
      PPTP: PPP over IPv4 (Point-to-Point Tunneling Protocol) · 00959ade
      Dmitry Kozlov authored
      PPP: introduce "pptp" module which implements point-to-point tunneling protocol using pppox framework
      NET: introduce the "gre" module for demultiplexing GRE packets on version criteria
           (required to pptp and ip_gre may coexists)
      NET: ip_gre: update to use the "gre" module
      
      This patch introduces then pptp support to the linux kernel which
      dramatically speeds up pptp vpn connections and decreases cpu usage in
      comparison of existing user-space implementation
      (poptop/pptpclient). There is accel-pptp project
      (https://sourceforge.net/projects/accel-pptp/
      
      ) to utilize this module,
      it contains plugin for pppd to use pptp in client-mode and modified
      pptpd (poptop) to build high-performance pptp NAS.
      
      There was many changes from initial submitted patch, most important are:
      1. using rcu instead of read-write locks
      2. using static bitmap instead of dynamically allocated
      3. using vmalloc for memory allocation instead of BITS_PER_LONG + __get_free_pages
      4. fixed many coding style issues
      Thanks to Eric Dumazet.
      Signed-off-by: default avatarDmitry Kozlov <xeb@mail.ru>
      Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      00959ade
  22. 09 Jul, 2010 1 commit
    • Stephen Hemminger's avatar
      gre: propagate ipv6 transport class · dd4ba83d
      Stephen Hemminger authored
      
      
      This patch makes IPV6 over IPv4 GRE tunnel propagate the transport
      class field from the underlying IPV6 header to the IPV4 Type Of Service
      field. Without the patch, all IPV6 packets in tunnel look the same to QoS.
      
      This assumes that IPV6 transport class is exactly the same
      as IPv4 TOS. Not sure if that is always the case?  Maybe need
      to mask off some bits.
      
      The mask and shift to get tclass is copied from ipv6/datagram.c
      Signed-off-by: default avatarStephen Hemminger <shemminger@vyatta.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dd4ba83d
  23. 11 Jun, 2010 1 commit
  24. 18 May, 2010 2 commits
  25. 30 Mar, 2010 1 commit
    • Tejun Heo's avatar
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo authored
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Guess-its-ok-by: default avatarChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  26. 22 Mar, 2010 1 commit
  27. 04 Mar, 2010 1 commit
    • Timo Teräs's avatar
      gre: fix hard header destination address checking · 6d55cb91
      Timo Teräs authored
      
      
      ipgre_header() can be called with zero daddr when the gre device is
      configured as multipoint tunnel and still has the NOARP flag set (which is
      typically cleared by the userspace arp daemon).  If the NOARP packets are
      not dropped, ipgre_tunnel_xmit() will take rt->rt_gateway (= NBMA IP) and
      use that for route look up (and may lead to bogus xfrm acquires).
      
      The multicast address check is removed as sending to multicast group should
      be ok.  In fact, if gre device has a multicast address as destination
      ipgre_header is always called with multicast address.
      Signed-off-by: default avatarTimo Teras <timo.teras@iki.fi>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6d55cb91
  28. 18 Feb, 2010 1 commit
  29. 16 Feb, 2010 1 commit
  30. 18 Jan, 2010 1 commit
  31. 02 Dec, 2009 1 commit
  32. 18 Nov, 2009 1 commit
  33. 08 Nov, 2009 1 commit
    • Eric W. Biederman's avatar
      net: Support specifying the network namespace upon device creation. · 81adee47
      Eric W. Biederman authored
      
      
      There is no good reason to not support userspace specifying the
      network namespace during device creation, and it makes it easier
      to create a network device and pass it to a child network namespace
      with a well known name.
      
      We have to be careful to ensure that the target network namespace
      for the new device exists through the life of the call.  To keep
      that logic clear I have factored out the network namespace grabbing
      logic into rtnl_link_get_net.
      
      In addtion we need to continue to pass the source network namespace
      to the rtnl_link_ops.newlink method so that we can find the base
      device source network namespace.
      Signed-off-by: default avatarEric W. Biederman <ebiederm@aristanetworks.com>
      Acked-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
      81adee47
  34. 30 Oct, 2009 1 commit
  35. 28 Oct, 2009 1 commit
  36. 24 Oct, 2009 1 commit