From d136f1bd366fdb7e747ca7e0218171e7a00a98a5 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Sat, 12 Sep 2009 03:03:15 +0000 Subject: genetlink: fix netns vs. netlink table locking Since my commits introducing netns awareness into genetlink we can get this problem: BUG: scheduling while atomic: modprobe/1178/0x00000002 2 locks held by modprobe/1178: #0: (genl_mutex){+.+.+.}, at: [] genl_register_mc_grou #1: (rcu_read_lock){.+.+..}, at: [] genl_register_mc_g Pid: 1178, comm: modprobe Not tainted 2.6.31-rc8-wl-34789-g95cb731-dirty # Call Trace: [] __schedule_bug+0x85/0x90 [] schedule+0x108/0x588 [] netlink_table_grab+0xa1/0xf0 [] netlink_change_ngroups+0x47/0x100 [] genl_register_mc_group+0x12f/0x290 because I overlooked that netlink_table_grab() will schedule, thinking it was just the rwlock. However, in the contention case, that isn't actually true. Fix this by letting the code grab the netlink table lock first and then the RCU for netns protection. Signed-off-by: Johannes Berg Signed-off-by: David S. Miller --- include/linux/netlink.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include') diff --git a/include/linux/netlink.h b/include/linux/netlink.h index 0fbecbbe8e9e..080f6ba9e73a 100644 --- a/include/linux/netlink.h +++ b/include/linux/netlink.h @@ -176,12 +176,16 @@ struct netlink_skb_parms #define NETLINK_CREDS(skb) (&NETLINK_CB((skb)).creds) +extern void netlink_table_grab(void); +extern void netlink_table_ungrab(void); + extern struct sock *netlink_kernel_create(struct net *net, int unit,unsigned int groups, void (*input)(struct sk_buff *skb), struct mutex *cb_mutex, struct module *module); extern void netlink_kernel_release(struct sock *sk); +extern int __netlink_change_ngroups(struct sock *sk, unsigned int groups); extern int netlink_change_ngroups(struct sock *sk, unsigned int groups); extern void netlink_clear_multicast_users(struct sock *sk, unsigned int group); extern void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err); -- cgit v1.2.3 From 32613090a96dba2ca2cc524c8d4749d3126fdde5 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Mon, 14 Sep 2009 12:21:47 +0000 Subject: net: constify struct net_protocol Remove long removed "inet_protocol_base" declaration. Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller --- include/net/protocol.h | 7 +++---- net/dccp/ipv4.c | 2 +- net/ipv4/af_inet.c | 18 +++++++++--------- net/ipv4/ah4.c | 2 +- net/ipv4/esp4.c | 2 +- net/ipv4/icmp.c | 2 +- net/ipv4/ip_gre.c | 2 +- net/ipv4/ip_input.c | 2 +- net/ipv4/ipcomp.c | 2 +- net/ipv4/ipmr.c | 6 +----- net/ipv4/protocol.c | 6 +++--- net/ipv4/tunnel4.c | 4 ++-- net/ipv4/udplite.c | 2 +- net/sctp/protocol.c | 2 +- 14 files changed, 27 insertions(+), 32 deletions(-) (limited to 'include') diff --git a/include/net/protocol.h b/include/net/protocol.h index 1089d5aabd49..cea2aee92ac5 100644 --- a/include/net/protocol.h +++ b/include/net/protocol.h @@ -94,15 +94,14 @@ struct inet_protosw { #define INET_PROTOSW_PERMANENT 0x02 /* Permanent protocols are unremovable. */ #define INET_PROTOSW_ICSK 0x04 /* Is this an inet_connection_sock? */ -extern struct net_protocol *inet_protocol_base; -extern struct net_protocol *inet_protos[MAX_INET_PROTOS]; +extern const struct net_protocol *inet_protos[MAX_INET_PROTOS]; #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) extern struct inet6_protocol *inet6_protos[MAX_INET_PROTOS]; #endif -extern int inet_add_protocol(struct net_protocol *prot, unsigned char num); -extern int inet_del_protocol(struct net_protocol *prot, unsigned char num); +extern int inet_add_protocol(const struct net_protocol *prot, unsigned char num); +extern int inet_del_protocol(const struct net_protocol *prot, unsigned char num); extern void inet_register_protosw(struct inet_protosw *p); extern void inet_unregister_protosw(struct inet_protosw *p); diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c index d01c00de1ad0..7302e1498d46 100644 --- a/net/dccp/ipv4.c +++ b/net/dccp/ipv4.c @@ -948,7 +948,7 @@ static struct proto dccp_v4_prot = { #endif }; -static struct net_protocol dccp_v4_protocol = { +static const struct net_protocol dccp_v4_protocol = { .handler = dccp_v4_rcv, .err_handler = dccp_v4_err, .no_policy = 1, diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 6c30a73f03f5..58c4b0f7c4aa 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -244,7 +244,7 @@ EXPORT_SYMBOL(build_ehash_secret); static inline int inet_netns_ok(struct net *net, int protocol) { int hash; - struct net_protocol *ipprot; + const struct net_protocol *ipprot; if (net_eq(net, &init_net)) return 1; @@ -1162,7 +1162,7 @@ EXPORT_SYMBOL(inet_sk_rebuild_header); static int inet_gso_send_check(struct sk_buff *skb) { struct iphdr *iph; - struct net_protocol *ops; + const struct net_protocol *ops; int proto; int ihl; int err = -EINVAL; @@ -1198,7 +1198,7 @@ static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int features) { struct sk_buff *segs = ERR_PTR(-EINVAL); struct iphdr *iph; - struct net_protocol *ops; + const struct net_protocol *ops; int proto; int ihl; int id; @@ -1265,7 +1265,7 @@ out: static struct sk_buff **inet_gro_receive(struct sk_buff **head, struct sk_buff *skb) { - struct net_protocol *ops; + const struct net_protocol *ops; struct sk_buff **pp = NULL; struct sk_buff *p; struct iphdr *iph; @@ -1342,7 +1342,7 @@ out: static int inet_gro_complete(struct sk_buff *skb) { - struct net_protocol *ops; + const struct net_protocol *ops; struct iphdr *iph = ip_hdr(skb); int proto = iph->protocol & (MAX_INET_PROTOS - 1); int err = -ENOSYS; @@ -1427,13 +1427,13 @@ void snmp_mib_free(void *ptr[2]) EXPORT_SYMBOL_GPL(snmp_mib_free); #ifdef CONFIG_IP_MULTICAST -static struct net_protocol igmp_protocol = { +static const struct net_protocol igmp_protocol = { .handler = igmp_rcv, .netns_ok = 1, }; #endif -static struct net_protocol tcp_protocol = { +static const struct net_protocol tcp_protocol = { .handler = tcp_v4_rcv, .err_handler = tcp_v4_err, .gso_send_check = tcp_v4_gso_send_check, @@ -1444,7 +1444,7 @@ static struct net_protocol tcp_protocol = { .netns_ok = 1, }; -static struct net_protocol udp_protocol = { +static const struct net_protocol udp_protocol = { .handler = udp_rcv, .err_handler = udp_err, .gso_send_check = udp4_ufo_send_check, @@ -1453,7 +1453,7 @@ static struct net_protocol udp_protocol = { .netns_ok = 1, }; -static struct net_protocol icmp_protocol = { +static const struct net_protocol icmp_protocol = { .handler = icmp_rcv, .no_policy = 1, .netns_ok = 1, diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index e878e494296e..5c662703eb1e 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c @@ -311,7 +311,7 @@ static const struct xfrm_type ah_type = .output = ah_output }; -static struct net_protocol ah4_protocol = { +static const struct net_protocol ah4_protocol = { .handler = xfrm4_rcv, .err_handler = ah4_err, .no_policy = 1, diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 18bb383ea393..12f7287e902d 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c @@ -615,7 +615,7 @@ static const struct xfrm_type esp_type = .output = esp_output }; -static struct net_protocol esp4_protocol = { +static const struct net_protocol esp4_protocol = { .handler = xfrm4_rcv, .err_handler = esp4_err, .no_policy = 1, diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 97c410e84388..5bc13fe816d1 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -655,7 +655,7 @@ static void icmp_unreach(struct sk_buff *skb) struct iphdr *iph; struct icmphdr *icmph; int hash, protocol; - struct net_protocol *ipprot; + const struct net_protocol *ipprot; u32 info = 0; struct net *net; diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index 533afaadefd4..d9645c94a067 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -1288,7 +1288,7 @@ static void ipgre_fb_tunnel_init(struct net_device *dev) } -static struct net_protocol ipgre_protocol = { +static const struct net_protocol ipgre_protocol = { .handler = ipgre_rcv, .err_handler = ipgre_err, .netns_ok = 1, diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index db46b4b5b2b9..6c98b43badf4 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -202,7 +202,7 @@ static int ip_local_deliver_finish(struct sk_buff *skb) { int protocol = ip_hdr(skb)->protocol; int hash, raw; - struct net_protocol *ipprot; + const struct net_protocol *ipprot; resubmit: raw = raw_local_deliver(skb, protocol); diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c index 3262ce06294c..38fbf04150ae 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c @@ -146,7 +146,7 @@ static const struct xfrm_type ipcomp_type = { .output = ipcomp_output }; -static struct net_protocol ipcomp4_protocol = { +static const struct net_protocol ipcomp4_protocol = { .handler = xfrm4_rcv, .err_handler = ipcomp4_err, .no_policy = 1, diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c index 65d421cf5bc7..c43ec2d51ce2 100644 --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c @@ -99,10 +99,6 @@ static int ipmr_cache_report(struct net *net, struct sk_buff *pkt, vifi_t vifi, int assert); static int ipmr_fill_mroute(struct sk_buff *skb, struct mfc_cache *c, struct rtmsg *rtm); -#ifdef CONFIG_IP_PIMSM_V2 -static struct net_protocol pim_protocol; -#endif - static struct timer_list ipmr_expire_timer; /* Service routines creating virtual interfaces: DVMRP tunnels and PIMREG */ @@ -1945,7 +1941,7 @@ static const struct file_operations ipmr_mfc_fops = { #endif #ifdef CONFIG_IP_PIMSM_V2 -static struct net_protocol pim_protocol = { +static const struct net_protocol pim_protocol = { .handler = pim_rcv, .netns_ok = 1, }; diff --git a/net/ipv4/protocol.c b/net/ipv4/protocol.c index a2e5fc0a15e1..542f22fc98b3 100644 --- a/net/ipv4/protocol.c +++ b/net/ipv4/protocol.c @@ -28,14 +28,14 @@ #include #include -struct net_protocol *inet_protos[MAX_INET_PROTOS] ____cacheline_aligned_in_smp; +const struct net_protocol *inet_protos[MAX_INET_PROTOS] ____cacheline_aligned_in_smp; static DEFINE_SPINLOCK(inet_proto_lock); /* * Add a protocol handler to the hash tables */ -int inet_add_protocol(struct net_protocol *prot, unsigned char protocol) +int inet_add_protocol(const struct net_protocol *prot, unsigned char protocol) { int hash, ret; @@ -57,7 +57,7 @@ int inet_add_protocol(struct net_protocol *prot, unsigned char protocol) * Remove a protocol from the hash tables. */ -int inet_del_protocol(struct net_protocol *prot, unsigned char protocol) +int inet_del_protocol(const struct net_protocol *prot, unsigned char protocol) { int hash, ret; diff --git a/net/ipv4/tunnel4.c b/net/ipv4/tunnel4.c index cb1f0e83830b..3959e0ca456a 100644 --- a/net/ipv4/tunnel4.c +++ b/net/ipv4/tunnel4.c @@ -132,7 +132,7 @@ static void tunnel64_err(struct sk_buff *skb, u32 info) } #endif -static struct net_protocol tunnel4_protocol = { +static const struct net_protocol tunnel4_protocol = { .handler = tunnel4_rcv, .err_handler = tunnel4_err, .no_policy = 1, @@ -140,7 +140,7 @@ static struct net_protocol tunnel4_protocol = { }; #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) -static struct net_protocol tunnel64_protocol = { +static const struct net_protocol tunnel64_protocol = { .handler = tunnel64_rcv, .err_handler = tunnel64_err, .no_policy = 1, diff --git a/net/ipv4/udplite.c b/net/ipv4/udplite.c index c784891cb7e5..95248d7f75ec 100644 --- a/net/ipv4/udplite.c +++ b/net/ipv4/udplite.c @@ -25,7 +25,7 @@ static void udplite_err(struct sk_buff *skb, u32 info) __udp4_lib_err(skb, info, &udplite_table); } -static struct net_protocol udplite_protocol = { +static const struct net_protocol udplite_protocol = { .handler = udplite_rcv, .err_handler = udplite_err, .no_policy = 1, diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index 60093be8385d..c557f1fb1c66 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -924,7 +924,7 @@ static struct inet_protosw sctp_stream_protosw = { }; /* Register with IP layer. */ -static struct net_protocol sctp_protocol = { +static const struct net_protocol sctp_protocol = { .handler = sctp_rcv, .err_handler = sctp_v4_err, .no_policy = 1, -- cgit v1.2.3 From 41135cc836a1abeb12ca1416bdb29e87ad021153 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Mon, 14 Sep 2009 12:22:28 +0000 Subject: net: constify struct inet6_protocol Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller --- include/net/protocol.h | 6 +++--- net/dccp/ipv6.c | 2 +- net/ipv6/af_inet6.c | 10 +++++----- net/ipv6/ah6.c | 2 +- net/ipv6/esp6.c | 2 +- net/ipv6/exthdrs.c | 6 +++--- net/ipv6/icmp.c | 4 ++-- net/ipv6/ip6_input.c | 2 +- net/ipv6/ip6mr.c | 6 +----- net/ipv6/ipcomp6.c | 2 +- net/ipv6/protocol.c | 6 +++--- net/ipv6/reassembly.c | 2 +- net/ipv6/tcp_ipv6.c | 2 +- net/ipv6/tunnel6.c | 4 ++-- net/ipv6/udp.c | 2 +- net/ipv6/udplite.c | 2 +- net/sctp/ipv6.c | 2 +- 17 files changed, 29 insertions(+), 33 deletions(-) (limited to 'include') diff --git a/include/net/protocol.h b/include/net/protocol.h index cea2aee92ac5..60249e51b669 100644 --- a/include/net/protocol.h +++ b/include/net/protocol.h @@ -97,7 +97,7 @@ struct inet_protosw { extern const struct net_protocol *inet_protos[MAX_INET_PROTOS]; #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) -extern struct inet6_protocol *inet6_protos[MAX_INET_PROTOS]; +extern const struct inet6_protocol *inet6_protos[MAX_INET_PROTOS]; #endif extern int inet_add_protocol(const struct net_protocol *prot, unsigned char num); @@ -106,8 +106,8 @@ extern void inet_register_protosw(struct inet_protosw *p); extern void inet_unregister_protosw(struct inet_protosw *p); #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) -extern int inet6_add_protocol(struct inet6_protocol *prot, unsigned char num); -extern int inet6_del_protocol(struct inet6_protocol *prot, unsigned char num); +extern int inet6_add_protocol(const struct inet6_protocol *prot, unsigned char num); +extern int inet6_del_protocol(const struct inet6_protocol *prot, unsigned char num); extern int inet6_register_protosw(struct inet_protosw *p); extern void inet6_unregister_protosw(struct inet_protosw *p); #endif diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c index 64f011cc4491..364bfc76c29e 100644 --- a/net/dccp/ipv6.c +++ b/net/dccp/ipv6.c @@ -1152,7 +1152,7 @@ static struct proto dccp_v6_prot = { #endif }; -static struct inet6_protocol dccp_v6_protocol = { +static const struct inet6_protocol dccp_v6_protocol = { .handler = dccp_v6_rcv, .err_handler = dccp_v6_err, .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL, diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index a123a328aeb3..e127a32f9540 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -710,7 +710,7 @@ EXPORT_SYMBOL_GPL(ipv6_opt_accepted); static int ipv6_gso_pull_exthdrs(struct sk_buff *skb, int proto) { - struct inet6_protocol *ops = NULL; + const struct inet6_protocol *ops = NULL; for (;;) { struct ipv6_opt_hdr *opth; @@ -745,7 +745,7 @@ static int ipv6_gso_pull_exthdrs(struct sk_buff *skb, int proto) static int ipv6_gso_send_check(struct sk_buff *skb) { struct ipv6hdr *ipv6h; - struct inet6_protocol *ops; + const struct inet6_protocol *ops; int err = -EINVAL; if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h)))) @@ -773,7 +773,7 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb, int features) { struct sk_buff *segs = ERR_PTR(-EINVAL); struct ipv6hdr *ipv6h; - struct inet6_protocol *ops; + const struct inet6_protocol *ops; int proto; struct frag_hdr *fptr; unsigned int unfrag_ip6hlen; @@ -840,7 +840,7 @@ struct ipv6_gro_cb { static struct sk_buff **ipv6_gro_receive(struct sk_buff **head, struct sk_buff *skb) { - struct inet6_protocol *ops; + const struct inet6_protocol *ops; struct sk_buff **pp = NULL; struct sk_buff *p; struct ipv6hdr *iph; @@ -926,7 +926,7 @@ out: static int ipv6_gro_complete(struct sk_buff *skb) { - struct inet6_protocol *ops; + const struct inet6_protocol *ops; struct ipv6hdr *iph = ipv6_hdr(skb); int err = -ENOSYS; diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index 86f42a288c4b..c1589e2f1dc9 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c @@ -527,7 +527,7 @@ static const struct xfrm_type ah6_type = .hdr_offset = xfrm6_find_1stfragopt, }; -static struct inet6_protocol ah6_protocol = { +static const struct inet6_protocol ah6_protocol = { .handler = xfrm6_rcv, .err_handler = ah6_err, .flags = INET6_PROTO_NOPOLICY, diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 678bb95b1525..af597c73ebe9 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c @@ -558,7 +558,7 @@ static const struct xfrm_type esp6_type = .hdr_offset = xfrm6_find_1stfragopt, }; -static struct inet6_protocol esp6_protocol = { +static const struct inet6_protocol esp6_protocol = { .handler = xfrm6_rcv, .err_handler = esp6_err, .flags = INET6_PROTO_NOPOLICY, diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c index 4aae658e5501..df159fffe4bc 100644 --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c @@ -500,17 +500,17 @@ unknown_rh: return -1; } -static struct inet6_protocol rthdr_protocol = { +static const struct inet6_protocol rthdr_protocol = { .handler = ipv6_rthdr_rcv, .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR, }; -static struct inet6_protocol destopt_protocol = { +static const struct inet6_protocol destopt_protocol = { .handler = ipv6_destopt_rcv, .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR, }; -static struct inet6_protocol nodata_protocol = { +static const struct inet6_protocol nodata_protocol = { .handler = dst_discard, .flags = INET6_PROTO_NOPOLICY, }; diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index e2325f6a05fb..f23ebbec0631 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -86,7 +86,7 @@ static inline struct sock *icmpv6_sk(struct net *net) static int icmpv6_rcv(struct sk_buff *skb); -static struct inet6_protocol icmpv6_protocol = { +static const struct inet6_protocol icmpv6_protocol = { .handler = icmpv6_rcv, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, }; @@ -583,7 +583,7 @@ out: static void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) { - struct inet6_protocol *ipprot; + const struct inet6_protocol *ipprot; int inner_offset; int hash; u8 nexthdr; diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index 2d9cbaa67edb..237e2dba6e94 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c @@ -159,7 +159,7 @@ drop: static int ip6_input_finish(struct sk_buff *skb) { - struct inet6_protocol *ipprot; + const struct inet6_protocol *ipprot; unsigned int nhoff; int nexthdr, raw; u8 hash; diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c index 5c8d73730c75..3907510c2ce3 100644 --- a/net/ipv6/ip6mr.c +++ b/net/ipv6/ip6mr.c @@ -83,10 +83,6 @@ static int ip6mr_cache_report(struct net *net, struct sk_buff *pkt, static int ip6mr_fill_mroute(struct sk_buff *skb, struct mfc6_cache *c, struct rtmsg *rtm); static void mroute_clean_tables(struct net *net); -#ifdef CONFIG_IPV6_PIMSM_V2 -static struct inet6_protocol pim6_protocol; -#endif - static struct timer_list ipmr_expire_timer; @@ -410,7 +406,7 @@ static int pim6_rcv(struct sk_buff *skb) return 0; } -static struct inet6_protocol pim6_protocol = { +static const struct inet6_protocol pim6_protocol = { .handler = pim6_rcv, }; diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c index 79c172f1ff01..2f2a5ca2c878 100644 --- a/net/ipv6/ipcomp6.c +++ b/net/ipv6/ipcomp6.c @@ -178,7 +178,7 @@ static const struct xfrm_type ipcomp6_type = .hdr_offset = xfrm6_find_1stfragopt, }; -static struct inet6_protocol ipcomp6_protocol = +static const struct inet6_protocol ipcomp6_protocol = { .handler = xfrm6_rcv, .err_handler = ipcomp6_err, diff --git a/net/ipv6/protocol.c b/net/ipv6/protocol.c index 568864f722ca..1fa3468f0f32 100644 --- a/net/ipv6/protocol.c +++ b/net/ipv6/protocol.c @@ -25,11 +25,11 @@ #include #include -struct inet6_protocol *inet6_protos[MAX_INET_PROTOS]; +const struct inet6_protocol *inet6_protos[MAX_INET_PROTOS]; static DEFINE_SPINLOCK(inet6_proto_lock); -int inet6_add_protocol(struct inet6_protocol *prot, unsigned char protocol) +int inet6_add_protocol(const struct inet6_protocol *prot, unsigned char protocol) { int ret, hash = protocol & (MAX_INET_PROTOS - 1); @@ -53,7 +53,7 @@ EXPORT_SYMBOL(inet6_add_protocol); * Remove a protocol from the hash tables. */ -int inet6_del_protocol(struct inet6_protocol *prot, unsigned char protocol) +int inet6_del_protocol(const struct inet6_protocol *prot, unsigned char protocol) { int ret, hash = protocol & (MAX_INET_PROTOS - 1); diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index 2642a41a8535..da5bd0ed83df 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c @@ -627,7 +627,7 @@ fail_hdr: return -1; } -static struct inet6_protocol frag_protocol = +static const struct inet6_protocol frag_protocol = { .handler = ipv6_frag_rcv, .flags = INET6_PROTO_NOPOLICY, diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 3aae0f217d61..7718a9261efb 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -2093,7 +2093,7 @@ struct proto tcpv6_prot = { #endif }; -static struct inet6_protocol tcpv6_protocol = { +static const struct inet6_protocol tcpv6_protocol = { .handler = tcp_v6_rcv, .err_handler = tcp_v6_err, .gso_send_check = tcp_v6_gso_send_check, diff --git a/net/ipv6/tunnel6.c b/net/ipv6/tunnel6.c index 633ad789effc..51e2832d13a6 100644 --- a/net/ipv6/tunnel6.c +++ b/net/ipv6/tunnel6.c @@ -133,13 +133,13 @@ static void tunnel6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, break; } -static struct inet6_protocol tunnel6_protocol = { +static const struct inet6_protocol tunnel6_protocol = { .handler = tunnel6_rcv, .err_handler = tunnel6_err, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, }; -static struct inet6_protocol tunnel46_protocol = { +static const struct inet6_protocol tunnel46_protocol = { .handler = tunnel46_rcv, .err_handler = tunnel6_err, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 164040613c2e..b265b7047d3e 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -1172,7 +1172,7 @@ out: return segs; } -static struct inet6_protocol udpv6_protocol = { +static const struct inet6_protocol udpv6_protocol = { .handler = udpv6_rcv, .err_handler = udpv6_err, .gso_send_check = udp6_ufo_send_check, diff --git a/net/ipv6/udplite.c b/net/ipv6/udplite.c index 4818c48688f2..d737a27ee010 100644 --- a/net/ipv6/udplite.c +++ b/net/ipv6/udplite.c @@ -25,7 +25,7 @@ static void udplitev6_err(struct sk_buff *skb, __udp6_lib_err(skb, opt, type, code, offset, info, &udplite_table); } -static struct inet6_protocol udplitev6_protocol = { +static const struct inet6_protocol udplitev6_protocol = { .handler = udplitev6_rcv, .err_handler = udplitev6_err, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 6a4b19094143..bb280e60e00a 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -949,7 +949,7 @@ static int sctp6_rcv(struct sk_buff *skb) return sctp_rcv(skb) ? -1 : 0; } -static struct inet6_protocol sctpv6_protocol = { +static const struct inet6_protocol sctpv6_protocol = { .handler = sctp6_rcv, .err_handler = sctp_v6_err, .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL, -- cgit v1.2.3 From 0b6a05c1dbebe8c616e2e5b0f52b7a01fd792911 Mon Sep 17 00:00:00 2001 From: Ilpo Järvinen Date: Tue, 15 Sep 2009 01:30:10 -0700 Subject: tcp: fix ssthresh u16 leftover MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It was once upon time so that snd_sthresh was a 16-bit quantity. ...That has not been true for long period of time. I run across some ancient compares which still seem to trust such legacy. Put all that magic into a single place, I hopefully found all of them. Compile tested, though linking of allyesconfig is ridiculous nowadays it seems. Signed-off-by: Ilpo Järvinen Signed-off-by: David S. Miller --- include/net/tcp.h | 7 +++++++ net/ipv4/tcp.c | 2 +- net/ipv4/tcp_input.c | 2 +- net/ipv4/tcp_ipv4.c | 4 ++-- net/ipv4/tcp_minisocks.c | 2 +- net/ipv6/tcp_ipv6.c | 5 +++-- 6 files changed, 15 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/net/tcp.h b/include/net/tcp.h index b71a446d58f6..56b76027b85e 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -793,6 +793,13 @@ static inline unsigned int tcp_packets_in_flight(const struct tcp_sock *tp) return tp->packets_out - tcp_left_out(tp) + tp->retrans_out; } +#define TCP_INFINITE_SSTHRESH 0x7fffffff + +static inline bool tcp_in_initial_slowstart(const struct tcp_sock *tp) +{ + return tp->snd_ssthresh >= TCP_INFINITE_SSTHRESH; +} + /* If cwnd > ssthresh, we may raise ssthresh to be half-way to cwnd. * The exception is rate halving phase, when cwnd is decreasing towards * ssthresh. diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index edeea060db44..19a0612b8a20 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -2012,7 +2012,7 @@ int tcp_disconnect(struct sock *sk, int flags) tp->snd_cwnd = 2; icsk->icsk_probes_out = 0; tp->packets_out = 0; - tp->snd_ssthresh = 0x7fffffff; + tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; tp->snd_cwnd_cnt = 0; tp->bytes_acked = 0; tcp_set_ca_state(sk, TCP_CA_Open); diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index af6d6fa00db1..d86784be7ab3 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -761,7 +761,7 @@ void tcp_update_metrics(struct sock *sk) set_dst_metric_rtt(dst, RTAX_RTTVAR, var); } - if (tp->snd_ssthresh >= 0xFFFF) { + if (tcp_in_initial_slowstart(tp)) { /* Slow start still did not finish. */ if (dst_metric(dst, RTAX_SSTHRESH) && !dst_metric_locked(dst, RTAX_SSTHRESH) && diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 0543561da999..7cda24b53f61 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1808,7 +1808,7 @@ static int tcp_v4_init_sock(struct sock *sk) /* See draft-stevens-tcpca-spec-01 for discussion of the * initialization of these values. */ - tp->snd_ssthresh = 0x7fffffff; /* Infinity */ + tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; tp->snd_cwnd_clamp = ~0; tp->mss_cache = 536; @@ -2284,7 +2284,7 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, tp->snd_cwnd, - tp->snd_ssthresh >= 0xFFFF ? -1 : tp->snd_ssthresh, + tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh, len); } diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index e48c37d74d77..045bcfd3f288 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -410,7 +410,7 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req, newtp->retrans_out = 0; newtp->sacked_out = 0; newtp->fackets_out = 0; - newtp->snd_ssthresh = 0x7fffffff; + newtp->snd_ssthresh = TCP_INFINITE_SSTHRESH; /* So many TCP implementations out there (incorrectly) count the * initial SYN frame in their delayed-ACK and congestion control diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 7718a9261efb..21d100b68b19 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1846,7 +1846,7 @@ static int tcp_v6_init_sock(struct sock *sk) /* See draft-stevens-tcpca-spec-01 for discussion of the * initialization of these values. */ - tp->snd_ssthresh = 0x7fffffff; + tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; tp->snd_cwnd_clamp = ~0; tp->mss_cache = 536; @@ -1969,7 +1969,8 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) jiffies_to_clock_t(icsk->icsk_rto), jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, - tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh + tp->snd_cwnd, + tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh ); } -- cgit v1.2.3 From 75c78500ddad74b229cd0691496b8549490496a2 Mon Sep 17 00:00:00 2001 From: Moni Shoua Date: Tue, 15 Sep 2009 02:37:40 -0700 Subject: bonding: remap muticast addresses without using dev_close() and dev_open() This patch fixes commit e36b9d16c6a6d0f59803b3ef04ff3c22c3844c10. The approach there is to call dev_close()/dev_open() whenever the device type is changed in order to remap the device IP multicast addresses to HW multicast addresses. This approach suffers from 2 drawbacks: *. It assumes tha the device is UP when calling dev_close(), or otherwise dev_close() has no affect. It is worth to mention that initscripts (Redhat) and sysconfig (Suse) doesn't act the same in this matter. *. dev_close() has other side affects, like deleting entries from the routing table, which might be unnecessary. The fix here is to directly remap the IP multicast addresses to HW multicast addresses for a bonding device that changes its type, and nothing else. Reported-by: Jason Gunthorpe Signed-off-by: Moni Shoua Signed-off-by: David S. Miller --- drivers/net/bonding/bond_main.c | 9 ++++++--- include/linux/igmp.h | 2 ++ include/linux/netdevice.h | 3 ++- include/linux/notifier.h | 2 ++ include/net/addrconf.h | 2 ++ net/core/dev.c | 4 ++-- net/ipv4/devinet.c | 6 ++++++ net/ipv4/igmp.c | 22 ++++++++++++++++++++++ net/ipv6/addrconf.c | 19 +++++++++++++++++++ net/ipv6/mcast.c | 19 +++++++++++++++++++ 10 files changed, 82 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index a7e731f8a0da..6419cf9a4fa6 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -1211,7 +1211,7 @@ void bond_change_active_slave(struct bonding *bond, struct slave *new_active) write_unlock_bh(&bond->curr_slave_lock); read_unlock(&bond->lock); - netdev_bonding_change(bond->dev); + netdev_bonding_change(bond->dev, NETDEV_BONDING_FAILOVER); read_lock(&bond->lock); write_lock_bh(&bond->curr_slave_lock); @@ -1469,14 +1469,17 @@ int bond_enslave(struct net_device *bond_dev, struct net_device *slave_dev) */ if (bond->slave_cnt == 0) { if (bond_dev->type != slave_dev->type) { - dev_close(bond_dev); pr_debug("%s: change device type from %d to %d\n", bond_dev->name, bond_dev->type, slave_dev->type); + + netdev_bonding_change(bond_dev, NETDEV_BONDING_OLDTYPE); + if (slave_dev->type != ARPHRD_ETHER) bond_setup_by_slave(bond_dev, slave_dev); else ether_setup(bond_dev); - dev_open(bond_dev); + + netdev_bonding_change(bond_dev, NETDEV_BONDING_NEWTYPE); } } else if (bond_dev->type != slave_dev->type) { pr_err(DRV_NAME ": %s ether type (%d) is different " diff --git a/include/linux/igmp.h b/include/linux/igmp.h index 92fbd8cbd68f..fe158e0e20e6 100644 --- a/include/linux/igmp.h +++ b/include/linux/igmp.h @@ -233,6 +233,8 @@ extern void ip_mc_init_dev(struct in_device *); extern void ip_mc_destroy_dev(struct in_device *); extern void ip_mc_up(struct in_device *); extern void ip_mc_down(struct in_device *); +extern void ip_mc_unmap(struct in_device *); +extern void ip_mc_remap(struct in_device *); extern void ip_mc_dec_group(struct in_device *in_dev, __be32 addr); extern void ip_mc_inc_group(struct in_device *in_dev, __be32 addr); extern void ip_mc_rejoin_group(struct ip_mc_list *im); diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 65ee1929b2b1..f46db6c7a734 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -1873,7 +1873,8 @@ extern void __dev_addr_unsync(struct dev_addr_list **to, int *to_count, struct extern int dev_set_promiscuity(struct net_device *dev, int inc); extern int dev_set_allmulti(struct net_device *dev, int inc); extern void netdev_state_change(struct net_device *dev); -extern void netdev_bonding_change(struct net_device *dev); +extern void netdev_bonding_change(struct net_device *dev, + unsigned long event); extern void netdev_features_change(struct net_device *dev); /* Load a device via the kmod */ extern void dev_load(struct net *net, const char *name); diff --git a/include/linux/notifier.h b/include/linux/notifier.h index 81bc252dc8ac..44428d247dbe 100644 --- a/include/linux/notifier.h +++ b/include/linux/notifier.h @@ -199,6 +199,8 @@ static inline int notifier_to_errno(int ret) #define NETDEV_FEAT_CHANGE 0x000B #define NETDEV_BONDING_FAILOVER 0x000C #define NETDEV_PRE_UP 0x000D +#define NETDEV_BONDING_OLDTYPE 0x000E +#define NETDEV_BONDING_NEWTYPE 0x000F #define SYS_DOWN 0x0001 /* Notify of system down */ #define SYS_RESTART SYS_DOWN diff --git a/include/net/addrconf.h b/include/net/addrconf.h index 7b55ab215a64..0f7c37825fc1 100644 --- a/include/net/addrconf.h +++ b/include/net/addrconf.h @@ -143,6 +143,8 @@ extern int __ipv6_dev_mc_dec(struct inet6_dev *idev, const struct in6_addr *addr extern int ipv6_dev_mc_dec(struct net_device *dev, const struct in6_addr *addr); extern void ipv6_mc_up(struct inet6_dev *idev); extern void ipv6_mc_down(struct inet6_dev *idev); +extern void ipv6_mc_unmap(struct inet6_dev *idev); +extern void ipv6_mc_remap(struct inet6_dev *idev); extern void ipv6_mc_init_dev(struct inet6_dev *idev); extern void ipv6_mc_destroy_dev(struct inet6_dev *idev); extern void addrconf_dad_failure(struct inet6_ifaddr *ifp); diff --git a/net/core/dev.c b/net/core/dev.c index 84945470ab38..560c8c9c03ab 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1017,9 +1017,9 @@ void netdev_state_change(struct net_device *dev) } EXPORT_SYMBOL(netdev_state_change); -void netdev_bonding_change(struct net_device *dev) +void netdev_bonding_change(struct net_device *dev, unsigned long event) { - call_netdevice_notifiers(NETDEV_BONDING_FAILOVER, dev); + call_netdevice_notifiers(event, dev); } EXPORT_SYMBOL(netdev_bonding_change); diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index 3863c3a4223f..07336c6201f0 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c @@ -1087,6 +1087,12 @@ static int inetdev_event(struct notifier_block *this, unsigned long event, case NETDEV_DOWN: ip_mc_down(in_dev); break; + case NETDEV_BONDING_OLDTYPE: + ip_mc_unmap(in_dev); + break; + case NETDEV_BONDING_NEWTYPE: + ip_mc_remap(in_dev); + break; case NETDEV_CHANGEMTU: if (inetdev_valid_mtu(dev->mtu)) break; diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c index 01b4284ed694..d41e5de79a82 100644 --- a/net/ipv4/igmp.c +++ b/net/ipv4/igmp.c @@ -1298,6 +1298,28 @@ void ip_mc_dec_group(struct in_device *in_dev, __be32 addr) } } +/* Device changing type */ + +void ip_mc_unmap(struct in_device *in_dev) +{ + struct ip_mc_list *i; + + ASSERT_RTNL(); + + for (i = in_dev->mc_list; i; i = i->next) + igmp_group_dropped(i); +} + +void ip_mc_remap(struct in_device *in_dev) +{ + struct ip_mc_list *i; + + ASSERT_RTNL(); + + for (i = in_dev->mc_list; i; i = i->next) + igmp_group_added(i); +} + /* Device going down */ void ip_mc_down(struct in_device *in_dev) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index c9b369034a40..f216a41ceb22 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -137,6 +137,8 @@ static DEFINE_SPINLOCK(addrconf_verify_lock); static void addrconf_join_anycast(struct inet6_ifaddr *ifp); static void addrconf_leave_anycast(struct inet6_ifaddr *ifp); +static void addrconf_bonding_change(struct net_device *dev, + unsigned long event); static int addrconf_ifdown(struct net_device *dev, int how); static void addrconf_dad_start(struct inet6_ifaddr *ifp, u32 flags); @@ -2582,6 +2584,10 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event, return notifier_from_errno(err); } break; + case NETDEV_BONDING_OLDTYPE: + case NETDEV_BONDING_NEWTYPE: + addrconf_bonding_change(dev, event); + break; } return NOTIFY_OK; @@ -2595,6 +2601,19 @@ static struct notifier_block ipv6_dev_notf = { .priority = 0 }; +static void addrconf_bonding_change(struct net_device *dev, unsigned long event) +{ + struct inet6_dev *idev; + ASSERT_RTNL(); + + idev = __in6_dev_get(dev); + + if (event == NETDEV_BONDING_NEWTYPE) + ipv6_mc_remap(idev); + else if (event == NETDEV_BONDING_OLDTYPE) + ipv6_mc_unmap(idev); +} + static int addrconf_ifdown(struct net_device *dev, int how) { struct inet6_dev *idev; diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c index 71c3dacec1ed..f9fcf690bd5d 100644 --- a/net/ipv6/mcast.c +++ b/net/ipv6/mcast.c @@ -2249,6 +2249,25 @@ static void igmp6_timer_handler(unsigned long data) ma_put(ma); } +/* Device changing type */ + +void ipv6_mc_unmap(struct inet6_dev *idev) +{ + struct ifmcaddr6 *i; + + /* Install multicast list, except for all-nodes (already installed) */ + + read_lock_bh(&idev->lock); + for (i = idev->mc_list; i; i = i->next) + igmp6_group_dropped(i); + read_unlock_bh(&idev->lock); +} + +void ipv6_mc_remap(struct inet6_dev *idev) +{ + ipv6_mc_up(idev); +} + /* Device going down */ void ipv6_mc_down(struct inet6_dev *idev) -- cgit v1.2.3 From 29a020d35f629619c67fa5e32acaaac3f8a1ba90 Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Tue, 15 Sep 2009 02:39:20 -0700 Subject: [PATCH] net: kmemcheck annotation in struct socket struct socket has a 16 bit hole that triggers kmemcheck warnings. As suggested by Ingo, use kmemcheck annotations Signed-off-by: Eric Dumazet Acked-by: Ingo Molnar Signed-off-by: David S. Miller --- include/linux/net.h | 5 +++++ net/socket.c | 1 + 2 files changed, 6 insertions(+) (limited to 'include') diff --git a/include/linux/net.h b/include/linux/net.h index 4fc2ffd527f9..9040a10584f7 100644 --- a/include/linux/net.h +++ b/include/linux/net.h @@ -57,6 +57,7 @@ typedef enum { #include #include #include /* For O_CLOEXEC and O_NONBLOCK */ +#include struct poll_table_struct; struct pipe_inode_info; @@ -127,7 +128,11 @@ enum sock_shutdown_cmd { */ struct socket { socket_state state; + + kmemcheck_bitfield_begin(type); short type; + kmemcheck_bitfield_end(type); + unsigned long flags; /* * Please keep fasync_list & wait fields in the same cache line diff --git a/net/socket.c b/net/socket.c index 6d4716559047..2a022c00d85c 100644 --- a/net/socket.c +++ b/net/socket.c @@ -489,6 +489,7 @@ static struct socket *sock_alloc(void) sock = SOCKET_I(inode); + kmemcheck_annotate_bitfield(sock, type); inode->i_mode = S_IFSOCK | S_IRWXUGO; inode->i_uid = current_fsuid(); inode->i_gid = current_fsgid(); -- cgit v1.2.3 From 8b815477f382f96deefbe5bd4404fa7b31cf5dcf Mon Sep 17 00:00:00 2001 From: David Howells Date: Mon, 14 Sep 2009 01:17:30 +0000 Subject: RxRPC: Declare the security index constants symbolically Declare the security index constants symbolically rather than just referring to them numerically. Signed-off-by: David Howells Signed-off-by: David S. Miller --- include/linux/rxrpc.h | 7 +++++++ net/rxrpc/ar-key.c | 4 ++-- net/rxrpc/rxkad.c | 6 +++--- 3 files changed, 12 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/linux/rxrpc.h b/include/linux/rxrpc.h index f7b826b565c7..a53915cd5581 100644 --- a/include/linux/rxrpc.h +++ b/include/linux/rxrpc.h @@ -58,5 +58,12 @@ struct sockaddr_rxrpc { #define RXRPC_SECURITY_AUTH 1 /* authenticated packets */ #define RXRPC_SECURITY_ENCRYPT 2 /* encrypted packets */ +/* + * RxRPC security indices + */ +#define RXRPC_SECURITY_NONE 0 /* no security protocol */ +#define RXRPC_SECURITY_RXKAD 2 /* kaserver or kerberos 4 */ +#define RXRPC_SECURITY_RXGK 4 /* gssapi-based */ +#define RXRPC_SECURITY_RXK5 5 /* kerberos 5 */ #endif /* _LINUX_RXRPC_H */ diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c index ad8c7a782da1..b3d10e7ccd7e 100644 --- a/net/rxrpc/ar-key.c +++ b/net/rxrpc/ar-key.c @@ -122,7 +122,7 @@ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) tsec->ticket[6], tsec->ticket[7]); ret = -EPROTONOSUPPORT; - if (tsec->security_index != 2) + if (tsec->security_index != RXRPC_SECURITY_RXKAD) goto error; key->type_data.x[0] = tsec->security_index; @@ -308,7 +308,7 @@ int rxrpc_get_server_data_key(struct rxrpc_connection *conn, _debug("key %d", key_serial(key)); data.kver = 1; - data.tsec.security_index = 2; + data.tsec.security_index = RXRPC_SECURITY_RXKAD; data.tsec.ticket_len = 0; data.tsec.expiry = expiry; data.tsec.kvno = 0; diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c index ef8f91030a15..acec76292c01 100644 --- a/net/rxrpc/rxkad.c +++ b/net/rxrpc/rxkad.c @@ -42,7 +42,7 @@ struct rxkad_level2_hdr { __be32 checksum; /* decrypted data checksum */ }; -MODULE_DESCRIPTION("RxRPC network protocol type-2 security (Kerberos)"); +MODULE_DESCRIPTION("RxRPC network protocol type-2 security (Kerberos 4)"); MODULE_AUTHOR("Red Hat, Inc."); MODULE_LICENSE("GPL"); @@ -506,7 +506,7 @@ static int rxkad_verify_packet(const struct rxrpc_call *call, if (!call->conn->cipher) return 0; - if (sp->hdr.securityIndex != 2) { + if (sp->hdr.securityIndex != RXRPC_SECURITY_RXKAD) { *_abort_code = RXKADINCONSISTENCY; _leave(" = -EPROTO [not rxkad]"); return -EPROTO; @@ -1122,7 +1122,7 @@ static void rxkad_clear(struct rxrpc_connection *conn) static struct rxrpc_security rxkad = { .owner = THIS_MODULE, .name = "rxkad", - .security_index = RXKAD_VERSION, + .security_index = RXRPC_SECURITY_RXKAD, .init_connection_security = rxkad_init_connection_security, .prime_packet_security = rxkad_prime_packet_security, .secure_packet = rxkad_secure_packet, -- cgit v1.2.3 From 339412841d7620f93fea805fbd7469f08186f458 Mon Sep 17 00:00:00 2001 From: David Howells Date: Mon, 14 Sep 2009 01:17:35 +0000 Subject: RxRPC: Allow key payloads to be passed in XDR form Allow add_key() and KEYCTL_INSTANTIATE to accept key payloads in XDR form as described by openafs-1.4.10/src/auth/afs_token.xg. This provides a way of passing kaserver, Kerberos 4, Kerberos 5 and GSSAPI keys from userspace, and allows for future expansion. Signed-off-by: David Howells Signed-off-by: David S. Miller --- include/keys/rxrpc-type.h | 55 +++++++++ net/rxrpc/ar-internal.h | 16 --- net/rxrpc/ar-key.c | 308 ++++++++++++++++++++++++++++++++++++++++------ net/rxrpc/ar-security.c | 8 +- net/rxrpc/rxkad.c | 41 +++--- 5 files changed, 353 insertions(+), 75 deletions(-) (limited to 'include') diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h index 7609365577f1..c0d91218fdd3 100644 --- a/include/keys/rxrpc-type.h +++ b/include/keys/rxrpc-type.h @@ -21,4 +21,59 @@ extern struct key_type key_type_rxrpc; extern struct key *rxrpc_get_null_key(const char *); +/* + * RxRPC key for Kerberos IV (type-2 security) + */ +struct rxkad_key { + u32 vice_id; + u32 start; /* time at which ticket starts */ + u32 expiry; /* time at which ticket expires */ + u32 kvno; /* key version number */ + u8 primary_flag; /* T if key for primary cell for this user */ + u16 ticket_len; /* length of ticket[] */ + u8 session_key[8]; /* DES session key */ + u8 ticket[0]; /* the encrypted ticket */ +}; + +/* + * list of tokens attached to an rxrpc key + */ +struct rxrpc_key_token { + u16 security_index; /* RxRPC header security index */ + struct rxrpc_key_token *next; /* the next token in the list */ + union { + struct rxkad_key *kad; + }; +}; + +/* + * structure of raw payloads passed to add_key() or instantiate key + */ +struct rxrpc_key_data_v1 { + u32 kif_version; /* 1 */ + u16 security_index; + u16 ticket_length; + u32 expiry; /* time_t */ + u32 kvno; + u8 session_key[8]; + u8 ticket[0]; +}; + +/* + * AF_RXRPC key payload derived from XDR format + * - based on openafs-1.4.10/src/auth/afs_token.xg + */ +#define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ +#define AFSTOKEN_CELL_MAX 64 /* max cellname length */ +#define AFSTOKEN_MAX 8 /* max tokens per payload */ +#define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ +#define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ +#define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ +#define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */ +#define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */ +#define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */ +#define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */ +#define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */ +#define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */ + #endif /* _KEYS_RXRPC_TYPE_H */ diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index 3e7318c1343c..46c6d8888493 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -401,22 +401,6 @@ struct rxrpc_call { __be32 call_id; /* call ID on connection */ }; -/* - * RxRPC key for Kerberos (type-2 security) - */ -struct rxkad_key { - u16 security_index; /* RxRPC header security index */ - u16 ticket_len; /* length of ticket[] */ - u32 expiry; /* time at which expires */ - u32 kvno; /* key version number */ - u8 session_key[8]; /* DES session key */ - u8 ticket[0]; /* the encrypted ticket */ -}; - -struct rxrpc_key_payload { - struct rxkad_key k; -}; - /* * locally abort an RxRPC call */ diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c index b3d10e7ccd7e..a3a7acb5071a 100644 --- a/net/rxrpc/ar-key.c +++ b/net/rxrpc/ar-key.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -54,6 +55,202 @@ struct key_type key_type_rxrpc_s = { .describe = rxrpc_describe, }; +/* + * parse an RxKAD type XDR format token + * - the caller guarantees we have at least 4 words + */ +static int rxrpc_instantiate_xdr_rxkad(struct key *key, const __be32 *xdr, + unsigned toklen) +{ + struct rxrpc_key_token *token; + size_t plen; + u32 tktlen; + int ret; + + _enter(",{%x,%x,%x,%x},%u", + ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), + toklen); + + if (toklen <= 8 * 4) + return -EKEYREJECTED; + tktlen = ntohl(xdr[7]); + _debug("tktlen: %x", tktlen); + if (tktlen > AFSTOKEN_RK_TIX_MAX) + return -EKEYREJECTED; + if (8 * 4 + tktlen != toklen) + return -EKEYREJECTED; + + plen = sizeof(*token) + sizeof(*token->kad) + tktlen; + ret = key_payload_reserve(key, key->datalen + plen); + if (ret < 0) + return ret; + + plen -= sizeof(*token); + token = kmalloc(sizeof(*token), GFP_KERNEL); + if (!token) + return -ENOMEM; + + token->kad = kmalloc(plen, GFP_KERNEL); + if (!token->kad) { + kfree(token); + return -ENOMEM; + } + + token->security_index = RXRPC_SECURITY_RXKAD; + token->kad->ticket_len = tktlen; + token->kad->vice_id = ntohl(xdr[0]); + token->kad->kvno = ntohl(xdr[1]); + token->kad->start = ntohl(xdr[4]); + token->kad->expiry = ntohl(xdr[5]); + token->kad->primary_flag = ntohl(xdr[6]); + memcpy(&token->kad->session_key, &xdr[2], 8); + memcpy(&token->kad->ticket, &xdr[8], tktlen); + + _debug("SCIX: %u", token->security_index); + _debug("TLEN: %u", token->kad->ticket_len); + _debug("EXPY: %x", token->kad->expiry); + _debug("KVNO: %u", token->kad->kvno); + _debug("PRIM: %u", token->kad->primary_flag); + _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", + token->kad->session_key[0], token->kad->session_key[1], + token->kad->session_key[2], token->kad->session_key[3], + token->kad->session_key[4], token->kad->session_key[5], + token->kad->session_key[6], token->kad->session_key[7]); + if (token->kad->ticket_len >= 8) + _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", + token->kad->ticket[0], token->kad->ticket[1], + token->kad->ticket[2], token->kad->ticket[3], + token->kad->ticket[4], token->kad->ticket[5], + token->kad->ticket[6], token->kad->ticket[7]); + + /* count the number of tokens attached */ + key->type_data.x[0]++; + + /* attach the data */ + token->next = key->payload.data; + key->payload.data = token; + if (token->kad->expiry < key->expiry) + key->expiry = token->kad->expiry; + + _leave(" = 0"); + return 0; +} + +/* + * attempt to parse the data as the XDR format + * - the caller guarantees we have more than 7 words + */ +static int rxrpc_instantiate_xdr(struct key *key, const void *data, size_t datalen) +{ + const __be32 *xdr = data, *token; + const char *cp; + unsigned len, tmp, loop, ntoken, toklen, sec_ix; + int ret; + + _enter(",{%x,%x,%x,%x},%zu", + ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), + datalen); + + if (datalen > AFSTOKEN_LENGTH_MAX) + goto not_xdr; + + /* XDR is an array of __be32's */ + if (datalen & 3) + goto not_xdr; + + /* the flags should be 0 (the setpag bit must be handled by + * userspace) */ + if (ntohl(*xdr++) != 0) + goto not_xdr; + datalen -= 4; + + /* check the cell name */ + len = ntohl(*xdr++); + if (len < 1 || len > AFSTOKEN_CELL_MAX) + goto not_xdr; + datalen -= 4; + tmp = (len + 3) & ~3; + if (tmp > datalen) + goto not_xdr; + + cp = (const char *) xdr; + for (loop = 0; loop < len; loop++) + if (!isprint(cp[loop])) + goto not_xdr; + if (len < tmp) + for (; loop < tmp; loop++) + if (cp[loop]) + goto not_xdr; + _debug("cellname: [%u/%u] '%*.*s'", + len, tmp, len, len, (const char *) xdr); + datalen -= tmp; + xdr += tmp >> 2; + + /* get the token count */ + if (datalen < 12) + goto not_xdr; + ntoken = ntohl(*xdr++); + datalen -= 4; + _debug("ntoken: %x", ntoken); + if (ntoken < 1 || ntoken > AFSTOKEN_MAX) + goto not_xdr; + + /* check each token wrapper */ + token = xdr; + loop = ntoken; + do { + if (datalen < 8) + goto not_xdr; + toklen = ntohl(*xdr++); + sec_ix = ntohl(*xdr); + datalen -= 4; + _debug("token: [%x/%zx] %x", toklen, datalen, sec_ix); + if (toklen < 20 || toklen > datalen) + goto not_xdr; + datalen -= (toklen + 3) & ~3; + xdr += (toklen + 3) >> 2; + + } while (--loop > 0); + + _debug("remainder: %zu", datalen); + if (datalen != 0) + goto not_xdr; + + /* okay: we're going to assume it's valid XDR format + * - we ignore the cellname, relying on the key to be correctly named + */ + do { + xdr = token; + toklen = ntohl(*xdr++); + token = xdr + ((toklen + 3) >> 2); + sec_ix = ntohl(*xdr++); + toklen -= 4; + + switch (sec_ix) { + case RXRPC_SECURITY_RXKAD: + ret = rxrpc_instantiate_xdr_rxkad(key, xdr, toklen); + if (ret != 0) + goto error; + break; + + default: + ret = -EPROTONOSUPPORT; + goto error; + } + + } while (--ntoken > 0); + + _leave(" = 0"); + return 0; + +not_xdr: + _leave(" = -EPROTO"); + return -EPROTO; +error: + _leave(" = %d", ret); + return ret; +} + /* * instantiate an rxrpc defined key * data should be of the form: @@ -70,8 +267,8 @@ struct key_type key_type_rxrpc_s = { */ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) { - const struct rxkad_key *tsec; - struct rxrpc_key_payload *upayload; + const struct rxrpc_key_data_v1 *v1; + struct rxrpc_key_token *token, **pp; size_t plen; u32 kver; int ret; @@ -82,6 +279,13 @@ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) if (!data && datalen == 0) return 0; + /* determine if the XDR payload format is being used */ + if (datalen > 7 * 4) { + ret = rxrpc_instantiate_xdr(key, data, datalen); + if (ret != -EPROTO) + return ret; + } + /* get the key interface version number */ ret = -EINVAL; if (datalen <= 4 || !data) @@ -98,53 +302,67 @@ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) /* deal with a version 1 key */ ret = -EINVAL; - if (datalen < sizeof(*tsec)) + if (datalen < sizeof(*v1)) goto error; - tsec = data; - if (datalen != sizeof(*tsec) + tsec->ticket_len) + v1 = data; + if (datalen != sizeof(*v1) + v1->ticket_length) goto error; - _debug("SCIX: %u", tsec->security_index); - _debug("TLEN: %u", tsec->ticket_len); - _debug("EXPY: %x", tsec->expiry); - _debug("KVNO: %u", tsec->kvno); + _debug("SCIX: %u", v1->security_index); + _debug("TLEN: %u", v1->ticket_length); + _debug("EXPY: %x", v1->expiry); + _debug("KVNO: %u", v1->kvno); _debug("SKEY: %02x%02x%02x%02x%02x%02x%02x%02x", - tsec->session_key[0], tsec->session_key[1], - tsec->session_key[2], tsec->session_key[3], - tsec->session_key[4], tsec->session_key[5], - tsec->session_key[6], tsec->session_key[7]); - if (tsec->ticket_len >= 8) + v1->session_key[0], v1->session_key[1], + v1->session_key[2], v1->session_key[3], + v1->session_key[4], v1->session_key[5], + v1->session_key[6], v1->session_key[7]); + if (v1->ticket_length >= 8) _debug("TCKT: %02x%02x%02x%02x%02x%02x%02x%02x", - tsec->ticket[0], tsec->ticket[1], - tsec->ticket[2], tsec->ticket[3], - tsec->ticket[4], tsec->ticket[5], - tsec->ticket[6], tsec->ticket[7]); + v1->ticket[0], v1->ticket[1], + v1->ticket[2], v1->ticket[3], + v1->ticket[4], v1->ticket[5], + v1->ticket[6], v1->ticket[7]); ret = -EPROTONOSUPPORT; - if (tsec->security_index != RXRPC_SECURITY_RXKAD) + if (v1->security_index != RXRPC_SECURITY_RXKAD) goto error; - key->type_data.x[0] = tsec->security_index; - - plen = sizeof(*upayload) + tsec->ticket_len; - ret = key_payload_reserve(key, plen); + plen = sizeof(*token->kad) + v1->ticket_length; + ret = key_payload_reserve(key, plen + sizeof(*token)); if (ret < 0) goto error; ret = -ENOMEM; - upayload = kmalloc(plen, GFP_KERNEL); - if (!upayload) + token = kmalloc(sizeof(*token), GFP_KERNEL); + if (!token) goto error; + token->kad = kmalloc(plen, GFP_KERNEL); + if (!token->kad) + goto error_free; + + token->security_index = RXRPC_SECURITY_RXKAD; + token->kad->ticket_len = v1->ticket_length; + token->kad->expiry = v1->expiry; + token->kad->kvno = v1->kvno; + memcpy(&token->kad->session_key, &v1->session_key, 8); + memcpy(&token->kad->ticket, v1->ticket, v1->ticket_length); /* attach the data */ - memcpy(&upayload->k, tsec, sizeof(*tsec)); - memcpy(&upayload->k.ticket, (void *)tsec + sizeof(*tsec), - tsec->ticket_len); - key->payload.data = upayload; - key->expiry = tsec->expiry; + key->type_data.x[0]++; + + pp = (struct rxrpc_key_token **)&key->payload.data; + while (*pp) + pp = &(*pp)->next; + *pp = token; + if (token->kad->expiry < key->expiry) + key->expiry = token->kad->expiry; + token = NULL; ret = 0; +error_free: + kfree(token); error: return ret; } @@ -184,7 +402,22 @@ static int rxrpc_instantiate_s(struct key *key, const void *data, */ static void rxrpc_destroy(struct key *key) { - kfree(key->payload.data); + struct rxrpc_key_token *token; + + while ((token = key->payload.data)) { + key->payload.data = token->next; + switch (token->security_index) { + case RXRPC_SECURITY_RXKAD: + kfree(token->kad); + break; + default: + printk(KERN_ERR "Unknown token type %x on rxrpc key\n", + token->security_index); + BUG(); + } + + kfree(token); + } } /* @@ -293,7 +526,7 @@ int rxrpc_get_server_data_key(struct rxrpc_connection *conn, struct { u32 kver; - struct rxkad_key tsec; + struct rxrpc_key_data_v1 v1; } data; _enter(""); @@ -308,13 +541,12 @@ int rxrpc_get_server_data_key(struct rxrpc_connection *conn, _debug("key %d", key_serial(key)); data.kver = 1; - data.tsec.security_index = RXRPC_SECURITY_RXKAD; - data.tsec.ticket_len = 0; - data.tsec.expiry = expiry; - data.tsec.kvno = 0; + data.v1.security_index = RXRPC_SECURITY_RXKAD; + data.v1.ticket_length = 0; + data.v1.expiry = expiry; + data.v1.kvno = 0; - memcpy(&data.tsec.session_key, session_key, - sizeof(data.tsec.session_key)); + memcpy(&data.v1.session_key, session_key, sizeof(data.v1.session_key)); ret = key_instantiate_and_link(key, &data, sizeof(data), NULL, NULL); if (ret < 0) diff --git a/net/rxrpc/ar-security.c b/net/rxrpc/ar-security.c index dc62920ee19a..49b3cc31ee1f 100644 --- a/net/rxrpc/ar-security.c +++ b/net/rxrpc/ar-security.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "ar-internal.h" static LIST_HEAD(rxrpc_security_methods); @@ -122,6 +123,7 @@ EXPORT_SYMBOL_GPL(rxrpc_unregister_security); */ int rxrpc_init_client_conn_security(struct rxrpc_connection *conn) { + struct rxrpc_key_token *token; struct rxrpc_security *sec; struct key *key = conn->key; int ret; @@ -135,7 +137,11 @@ int rxrpc_init_client_conn_security(struct rxrpc_connection *conn) if (ret < 0) return ret; - sec = rxrpc_security_lookup(key->type_data.x[0]); + if (!key->payload.data) + return -EKEYREJECTED; + token = key->payload.data; + + sec = rxrpc_security_lookup(token->security_index); if (!sec) return -EKEYREJECTED; conn->security = sec; diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c index acec76292c01..713ac593e2e9 100644 --- a/net/rxrpc/rxkad.c +++ b/net/rxrpc/rxkad.c @@ -18,6 +18,7 @@ #include #include #include +#include #define rxrpc_debug rxkad_debug #include "ar-internal.h" @@ -59,14 +60,14 @@ static DEFINE_MUTEX(rxkad_ci_mutex); */ static int rxkad_init_connection_security(struct rxrpc_connection *conn) { - struct rxrpc_key_payload *payload; struct crypto_blkcipher *ci; + struct rxrpc_key_token *token; int ret; _enter("{%d},{%x}", conn->debug_id, key_serial(conn->key)); - payload = conn->key->payload.data; - conn->security_ix = payload->k.security_index; + token = conn->key->payload.data; + conn->security_ix = token->security_index; ci = crypto_alloc_blkcipher("pcbc(fcrypt)", 0, CRYPTO_ALG_ASYNC); if (IS_ERR(ci)) { @@ -75,8 +76,8 @@ static int rxkad_init_connection_security(struct rxrpc_connection *conn) goto error; } - if (crypto_blkcipher_setkey(ci, payload->k.session_key, - sizeof(payload->k.session_key)) < 0) + if (crypto_blkcipher_setkey(ci, token->kad->session_key, + sizeof(token->kad->session_key)) < 0) BUG(); switch (conn->security_level) { @@ -110,7 +111,7 @@ error: */ static void rxkad_prime_packet_security(struct rxrpc_connection *conn) { - struct rxrpc_key_payload *payload; + struct rxrpc_key_token *token; struct blkcipher_desc desc; struct scatterlist sg[2]; struct rxrpc_crypt iv; @@ -123,8 +124,8 @@ static void rxkad_prime_packet_security(struct rxrpc_connection *conn) if (!conn->key) return; - payload = conn->key->payload.data; - memcpy(&iv, payload->k.session_key, sizeof(iv)); + token = conn->key->payload.data; + memcpy(&iv, token->kad->session_key, sizeof(iv)); desc.tfm = conn->cipher; desc.info = iv.x; @@ -197,7 +198,7 @@ static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call, u32 data_size, void *sechdr) { - const struct rxrpc_key_payload *payload; + const struct rxrpc_key_token *token; struct rxkad_level2_hdr rxkhdr __attribute__((aligned(8))); /* must be all on one page */ struct rxrpc_skb_priv *sp; @@ -219,8 +220,8 @@ static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call, rxkhdr.checksum = 0; /* encrypt from the session key */ - payload = call->conn->key->payload.data; - memcpy(&iv, payload->k.session_key, sizeof(iv)); + token = call->conn->key->payload.data; + memcpy(&iv, token->kad->session_key, sizeof(iv)); desc.tfm = call->conn->cipher; desc.info = iv.x; desc.flags = 0; @@ -400,7 +401,7 @@ static int rxkad_verify_packet_encrypt(const struct rxrpc_call *call, struct sk_buff *skb, u32 *_abort_code) { - const struct rxrpc_key_payload *payload; + const struct rxrpc_key_token *token; struct rxkad_level2_hdr sechdr; struct rxrpc_skb_priv *sp; struct blkcipher_desc desc; @@ -431,8 +432,8 @@ static int rxkad_verify_packet_encrypt(const struct rxrpc_call *call, skb_to_sgvec(skb, sg, 0, skb->len); /* decrypt from the session key */ - payload = call->conn->key->payload.data; - memcpy(&iv, payload->k.session_key, sizeof(iv)); + token = call->conn->key->payload.data; + memcpy(&iv, token->kad->session_key, sizeof(iv)); desc.tfm = call->conn->cipher; desc.info = iv.x; desc.flags = 0; @@ -737,7 +738,7 @@ static int rxkad_respond_to_challenge(struct rxrpc_connection *conn, struct sk_buff *skb, u32 *_abort_code) { - const struct rxrpc_key_payload *payload; + const struct rxrpc_key_token *token; struct rxkad_challenge challenge; struct rxkad_response resp __attribute__((aligned(8))); /* must be aligned for crypto */ @@ -778,7 +779,7 @@ static int rxkad_respond_to_challenge(struct rxrpc_connection *conn, if (conn->security_level < min_level) goto protocol_error; - payload = conn->key->payload.data; + token = conn->key->payload.data; /* build the response packet */ memset(&resp, 0, sizeof(resp)); @@ -797,13 +798,13 @@ static int rxkad_respond_to_challenge(struct rxrpc_connection *conn, (conn->channels[3] ? conn->channels[3]->call_id : 0); resp.encrypted.inc_nonce = htonl(nonce + 1); resp.encrypted.level = htonl(conn->security_level); - resp.kvno = htonl(payload->k.kvno); - resp.ticket_len = htonl(payload->k.ticket_len); + resp.kvno = htonl(token->kad->kvno); + resp.ticket_len = htonl(token->kad->ticket_len); /* calculate the response checksum and then do the encryption */ rxkad_calc_response_checksum(&resp); - rxkad_encrypt_response(conn, &resp, &payload->k); - return rxkad_send_response(conn, &sp->hdr, &resp, &payload->k); + rxkad_encrypt_response(conn, &resp, token->kad); + return rxkad_send_response(conn, &sp->hdr, &resp, token->kad); protocol_error: *_abort_code = abort_code; -- cgit v1.2.3 From 99455153d0670ba110e6a3b855b8369bcbd11120 Mon Sep 17 00:00:00 2001 From: David Howells Date: Mon, 14 Sep 2009 01:17:46 +0000 Subject: RxRPC: Parse security index 5 keys (Kerberos 5) Parse RxRPC security index 5 type keys (Kerberos 5 tokens). Signed-off-by: David Howells Signed-off-by: David S. Miller --- include/keys/rxrpc-type.h | 52 +++++ net/rxrpc/ar-key.c | 577 ++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 589 insertions(+), 40 deletions(-) (limited to 'include') diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h index c0d91218fdd3..5eb23571b425 100644 --- a/include/keys/rxrpc-type.h +++ b/include/keys/rxrpc-type.h @@ -35,6 +35,54 @@ struct rxkad_key { u8 ticket[0]; /* the encrypted ticket */ }; +/* + * Kerberos 5 principal + * name/name/name@realm + */ +struct krb5_principal { + u8 n_name_parts; /* N of parts of the name part of the principal */ + char **name_parts; /* parts of the name part of the principal */ + char *realm; /* parts of the realm part of the principal */ +}; + +/* + * Kerberos 5 tagged data + */ +struct krb5_tagged_data { + /* for tag value, see /usr/include/krb5/krb5.h + * - KRB5_AUTHDATA_* for auth data + * - + */ + int32_t tag; + uint32_t data_len; + u8 *data; +}; + +/* + * RxRPC key for Kerberos V (type-5 security) + */ +struct rxk5_key { + uint64_t authtime; /* time at which auth token generated */ + uint64_t starttime; /* time at which auth token starts */ + uint64_t endtime; /* time at which auth token expired */ + uint64_t renew_till; /* time to which auth token can be renewed */ + int32_t is_skey; /* T if ticket is encrypted in another ticket's + * skey */ + int32_t flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */ + struct krb5_principal client; /* client principal name */ + struct krb5_principal server; /* server principal name */ + uint16_t ticket_len; /* length of ticket */ + uint16_t ticket2_len; /* length of second ticket */ + u8 n_authdata; /* number of authorisation data elements */ + u8 n_addresses; /* number of addresses */ + struct krb5_tagged_data session; /* session data; tag is enctype */ + struct krb5_tagged_data *addresses; /* addresses */ + u8 *ticket; /* krb5 ticket */ + u8 *ticket2; /* second krb5 ticket, if related to ticket (via + * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */ + struct krb5_tagged_data *authdata; /* authorisation data */ +}; + /* * list of tokens attached to an rxrpc key */ @@ -43,6 +91,7 @@ struct rxrpc_key_token { struct rxrpc_key_token *next; /* the next token in the list */ union { struct rxkad_key *kad; + struct rxk5_key *k5; }; }; @@ -64,8 +113,11 @@ struct rxrpc_key_data_v1 { * - based on openafs-1.4.10/src/auth/afs_token.xg */ #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ +#define AFSTOKEN_STRING_MAX 256 /* max small string length */ +#define AFSTOKEN_DATA_MAX 64 /* max small data length */ #define AFSTOKEN_CELL_MAX 64 /* max cellname length */ #define AFSTOKEN_MAX 8 /* max tokens per payload */ +#define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */ #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c index bf4d623ee1ce..44836f6c9643 100644 --- a/net/rxrpc/ar-key.c +++ b/net/rxrpc/ar-key.c @@ -64,7 +64,7 @@ struct key_type key_type_rxrpc_s = { static int rxrpc_instantiate_xdr_rxkad(struct key *key, const __be32 *xdr, unsigned toklen) { - struct rxrpc_key_token *token; + struct rxrpc_key_token *token, **pptoken; size_t plen; u32 tktlen; int ret; @@ -129,13 +129,398 @@ static int rxrpc_instantiate_xdr_rxkad(struct key *key, const __be32 *xdr, key->type_data.x[0]++; /* attach the data */ - token->next = key->payload.data; - key->payload.data = token; + for (pptoken = (struct rxrpc_key_token **)&key->payload.data; + *pptoken; + pptoken = &(*pptoken)->next) + continue; + *pptoken = token; + if (token->kad->expiry < key->expiry) + key->expiry = token->kad->expiry; + + _leave(" = 0"); + return 0; +} + +static void rxrpc_free_krb5_principal(struct krb5_principal *princ) +{ + int loop; + + if (princ->name_parts) { + for (loop = princ->n_name_parts - 1; loop >= 0; loop--) + kfree(princ->name_parts[loop]); + kfree(princ->name_parts); + } + kfree(princ->realm); +} + +static void rxrpc_free_krb5_tagged(struct krb5_tagged_data *td) +{ + kfree(td->data); +} + +/* + * free up an RxK5 token + */ +static void rxrpc_rxk5_free(struct rxk5_key *rxk5) +{ + int loop; + + rxrpc_free_krb5_principal(&rxk5->client); + rxrpc_free_krb5_principal(&rxk5->server); + rxrpc_free_krb5_tagged(&rxk5->session); + + if (rxk5->addresses) { + for (loop = rxk5->n_addresses - 1; loop >= 0; loop--) + rxrpc_free_krb5_tagged(&rxk5->addresses[loop]); + kfree(rxk5->addresses); + } + if (rxk5->authdata) { + for (loop = rxk5->n_authdata - 1; loop >= 0; loop--) + rxrpc_free_krb5_tagged(&rxk5->authdata[loop]); + kfree(rxk5->authdata); + } + + kfree(rxk5->ticket); + kfree(rxk5->ticket2); + kfree(rxk5); +} + +/* + * extract a krb5 principal + */ +static int rxrpc_krb5_decode_principal(struct krb5_principal *princ, + const __be32 **_xdr, + unsigned *_toklen) +{ + const __be32 *xdr = *_xdr; + unsigned toklen = *_toklen, n_parts, loop, tmp; + + /* there must be at least one name, and at least #names+1 length + * words */ + if (toklen <= 12) + return -EINVAL; + + _enter(",{%x,%x,%x},%u", + ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), toklen); + + n_parts = ntohl(*xdr++); + toklen -= 4; + if (n_parts <= 0 || n_parts > AFSTOKEN_K5_COMPONENTS_MAX) + return -EINVAL; + princ->n_name_parts = n_parts; + + if (toklen <= (n_parts + 1) * 4) + return -EINVAL; + + princ->name_parts = kcalloc(sizeof(char *), n_parts, GFP_KERNEL); + if (!princ->name_parts) + return -ENOMEM; + + for (loop = 0; loop < n_parts; loop++) { + if (toklen < 4) + return -EINVAL; + tmp = ntohl(*xdr++); + toklen -= 4; + if (tmp <= 0 || tmp > AFSTOKEN_STRING_MAX) + return -EINVAL; + if (tmp > toklen) + return -EINVAL; + princ->name_parts[loop] = kmalloc(tmp + 1, GFP_KERNEL); + if (!princ->name_parts[loop]) + return -ENOMEM; + memcpy(princ->name_parts[loop], xdr, tmp); + princ->name_parts[loop][tmp] = 0; + tmp = (tmp + 3) & ~3; + toklen -= tmp; + xdr += tmp >> 2; + } + + if (toklen < 4) + return -EINVAL; + tmp = ntohl(*xdr++); + toklen -= 4; + if (tmp <= 0 || tmp > AFSTOKEN_K5_REALM_MAX) + return -EINVAL; + if (tmp > toklen) + return -EINVAL; + princ->realm = kmalloc(tmp + 1, GFP_KERNEL); + if (!princ->realm) + return -ENOMEM; + memcpy(princ->realm, xdr, tmp); + princ->realm[tmp] = 0; + tmp = (tmp + 3) & ~3; + toklen -= tmp; + xdr += tmp >> 2; + + _debug("%s/...@%s", princ->name_parts[0], princ->realm); + + *_xdr = xdr; + *_toklen = toklen; + _leave(" = 0 [toklen=%u]", toklen); + return 0; +} + +/* + * extract a piece of krb5 tagged data + */ +static int rxrpc_krb5_decode_tagged_data(struct krb5_tagged_data *td, + size_t max_data_size, + const __be32 **_xdr, + unsigned *_toklen) +{ + const __be32 *xdr = *_xdr; + unsigned toklen = *_toklen, len; + + /* there must be at least one tag and one length word */ + if (toklen <= 8) + return -EINVAL; + + _enter(",%zu,{%x,%x},%u", + max_data_size, ntohl(xdr[0]), ntohl(xdr[1]), toklen); + + td->tag = ntohl(*xdr++); + len = ntohl(*xdr++); + toklen -= 8; + if (len > max_data_size) + return -EINVAL; + td->data_len = len; + + if (len > 0) { + td->data = kmalloc(len, GFP_KERNEL); + if (!td->data) + return -ENOMEM; + memcpy(td->data, xdr, len); + len = (len + 3) & ~3; + toklen -= len; + xdr += len >> 2; + } + + _debug("tag %x len %x", td->tag, td->data_len); + + *_xdr = xdr; + *_toklen = toklen; + _leave(" = 0 [toklen=%u]", toklen); + return 0; +} + +/* + * extract an array of tagged data + */ +static int rxrpc_krb5_decode_tagged_array(struct krb5_tagged_data **_td, + u8 *_n_elem, + u8 max_n_elem, + size_t max_elem_size, + const __be32 **_xdr, + unsigned *_toklen) +{ + struct krb5_tagged_data *td; + const __be32 *xdr = *_xdr; + unsigned toklen = *_toklen, n_elem, loop; + int ret; + + /* there must be at least one count */ + if (toklen < 4) + return -EINVAL; + + _enter(",,%u,%zu,{%x},%u", + max_n_elem, max_elem_size, ntohl(xdr[0]), toklen); + + n_elem = ntohl(*xdr++); + toklen -= 4; + if (n_elem < 0 || n_elem > max_n_elem) + return -EINVAL; + *_n_elem = n_elem; + if (n_elem > 0) { + if (toklen <= (n_elem + 1) * 4) + return -EINVAL; + + _debug("n_elem %d", n_elem); + + td = kcalloc(sizeof(struct krb5_tagged_data), n_elem, + GFP_KERNEL); + if (!td) + return -ENOMEM; + *_td = td; + + for (loop = 0; loop < n_elem; loop++) { + ret = rxrpc_krb5_decode_tagged_data(&td[loop], + max_elem_size, + &xdr, &toklen); + if (ret < 0) + return ret; + } + } + + *_xdr = xdr; + *_toklen = toklen; + _leave(" = 0 [toklen=%u]", toklen); + return 0; +} + +/* + * extract a krb5 ticket + */ +static int rxrpc_krb5_decode_ticket(u8 **_ticket, uint16_t *_tktlen, + const __be32 **_xdr, unsigned *_toklen) +{ + const __be32 *xdr = *_xdr; + unsigned toklen = *_toklen, len; + + /* there must be at least one length word */ + if (toklen <= 4) + return -EINVAL; + + _enter(",{%x},%u", ntohl(xdr[0]), toklen); + + len = ntohl(*xdr++); + toklen -= 4; + if (len > AFSTOKEN_K5_TIX_MAX) + return -EINVAL; + *_tktlen = len; + + _debug("ticket len %u", len); + + if (len > 0) { + *_ticket = kmalloc(len, GFP_KERNEL); + if (!*_ticket) + return -ENOMEM; + memcpy(*_ticket, xdr, len); + len = (len + 3) & ~3; + toklen -= len; + xdr += len >> 2; + } + + *_xdr = xdr; + *_toklen = toklen; + _leave(" = 0 [toklen=%u]", toklen); + return 0; +} + +/* + * parse an RxK5 type XDR format token + * - the caller guarantees we have at least 4 words + */ +static int rxrpc_instantiate_xdr_rxk5(struct key *key, const __be32 *xdr, + unsigned toklen) +{ + struct rxrpc_key_token *token, **pptoken; + struct rxk5_key *rxk5; + const __be32 *end_xdr = xdr + (toklen >> 2); + int ret; + + _enter(",{%x,%x,%x,%x},%u", + ntohl(xdr[0]), ntohl(xdr[1]), ntohl(xdr[2]), ntohl(xdr[3]), + toklen); + + /* reserve some payload space for this subkey - the length of the token + * is a reasonable approximation */ + ret = key_payload_reserve(key, key->datalen + toklen); + if (ret < 0) + return ret; + + token = kzalloc(sizeof(*token), GFP_KERNEL); + if (!token) + return -ENOMEM; + + rxk5 = kzalloc(sizeof(*rxk5), GFP_KERNEL); + if (!rxk5) { + kfree(token); + return -ENOMEM; + } + + token->security_index = RXRPC_SECURITY_RXK5; + token->k5 = rxk5; + + /* extract the principals */ + ret = rxrpc_krb5_decode_principal(&rxk5->client, &xdr, &toklen); + if (ret < 0) + goto error; + ret = rxrpc_krb5_decode_principal(&rxk5->server, &xdr, &toklen); + if (ret < 0) + goto error; + + /* extract the session key and the encoding type (the tag field -> + * ENCTYPE_xxx) */ + ret = rxrpc_krb5_decode_tagged_data(&rxk5->session, AFSTOKEN_DATA_MAX, + &xdr, &toklen); + if (ret < 0) + goto error; + + if (toklen < 4 * 8 + 2 * 4) + goto inval; + rxk5->authtime = be64_to_cpup((const __be64 *) xdr); + xdr += 2; + rxk5->starttime = be64_to_cpup((const __be64 *) xdr); + xdr += 2; + rxk5->endtime = be64_to_cpup((const __be64 *) xdr); + xdr += 2; + rxk5->renew_till = be64_to_cpup((const __be64 *) xdr); + xdr += 2; + rxk5->is_skey = ntohl(*xdr++); + rxk5->flags = ntohl(*xdr++); + toklen -= 4 * 8 + 2 * 4; + + _debug("times: a=%llx s=%llx e=%llx rt=%llx", + rxk5->authtime, rxk5->starttime, rxk5->endtime, + rxk5->renew_till); + _debug("is_skey=%x flags=%x", rxk5->is_skey, rxk5->flags); + + /* extract the permitted client addresses */ + ret = rxrpc_krb5_decode_tagged_array(&rxk5->addresses, + &rxk5->n_addresses, + AFSTOKEN_K5_ADDRESSES_MAX, + AFSTOKEN_DATA_MAX, + &xdr, &toklen); + if (ret < 0) + goto error; + + ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); + + /* extract the tickets */ + ret = rxrpc_krb5_decode_ticket(&rxk5->ticket, &rxk5->ticket_len, + &xdr, &toklen); + if (ret < 0) + goto error; + ret = rxrpc_krb5_decode_ticket(&rxk5->ticket2, &rxk5->ticket2_len, + &xdr, &toklen); + if (ret < 0) + goto error; + + ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); + + /* extract the typed auth data */ + ret = rxrpc_krb5_decode_tagged_array(&rxk5->authdata, + &rxk5->n_authdata, + AFSTOKEN_K5_AUTHDATA_MAX, + AFSTOKEN_BDATALN_MAX, + &xdr, &toklen); + if (ret < 0) + goto error; + + ASSERTCMP((end_xdr - xdr) << 2, ==, toklen); + + if (toklen != 0) + goto inval; + + /* attach the payload to the key */ + for (pptoken = (struct rxrpc_key_token **)&key->payload.data; + *pptoken; + pptoken = &(*pptoken)->next) + continue; + *pptoken = token; if (token->kad->expiry < key->expiry) key->expiry = token->kad->expiry; _leave(" = 0"); return 0; + +inval: + ret = -EINVAL; +error: + rxrpc_rxk5_free(rxk5); + kfree(token); + _leave(" = %d", ret); + return ret; } /* @@ -228,6 +613,8 @@ static int rxrpc_instantiate_xdr(struct key *key, const void *data, size_t datal sec_ix = ntohl(*xdr++); toklen -= 4; + _debug("TOKEN type=%u [%p-%p]", sec_ix, xdr, token); + switch (sec_ix) { case RXRPC_SECURITY_RXKAD: ret = rxrpc_instantiate_xdr_rxkad(key, xdr, toklen); @@ -235,6 +622,12 @@ static int rxrpc_instantiate_xdr(struct key *key, const void *data, size_t datal goto error; break; + case RXRPC_SECURITY_RXK5: + ret = rxrpc_instantiate_xdr_rxk5(key, xdr, toklen); + if (ret != 0) + goto error; + break; + default: ret = -EPROTONOSUPPORT; goto error; @@ -412,6 +805,10 @@ static void rxrpc_destroy(struct key *key) case RXRPC_SECURITY_RXKAD: kfree(token->kad); break; + case RXRPC_SECURITY_RXK5: + if (token->k5) + rxrpc_rxk5_free(token->k5); + break; default: printk(KERN_ERR "Unknown token type %x on rxrpc key\n", token->security_index); @@ -602,10 +999,13 @@ EXPORT_SYMBOL(rxrpc_get_null_key); static long rxrpc_read(const struct key *key, char __user *buffer, size_t buflen) { - struct rxrpc_key_token *token; - size_t size, toksize; - __be32 __user *xdr; - u32 cnlen, tktlen, ntoks, zero; + const struct rxrpc_key_token *token; + const struct krb5_principal *princ; + size_t size; + __be32 __user *xdr, *oldxdr; + u32 cnlen, toksize, ntoks, tok, zero; + u16 toksizes[AFSTOKEN_MAX]; + int loop; _enter(""); @@ -614,28 +1014,68 @@ static long rxrpc_read(const struct key *key, return -EOPNOTSUPP; cnlen = strlen(key->description + 4); +#define RND(X) (((X) + 3) & ~3) + /* AFS keys we return in XDR form, so we need to work out the size of * the XDR */ size = 2 * 4; /* flags, cellname len */ - size += (cnlen + 3) & ~3; /* cellname */ + size += RND(cnlen); /* cellname */ size += 1 * 4; /* token count */ ntoks = 0; for (token = key->payload.data; token; token = token->next) { + toksize = 4; /* sec index */ + switch (token->security_index) { case RXRPC_SECURITY_RXKAD: - size += 2 * 4; /* length, security index (switch ID) */ - size += 8 * 4; /* viceid, kvno, key*2, begin, end, - * primary, tktlen */ - size += (token->kad->ticket_len + 3) & ~3; /* ticket */ - ntoks++; + toksize += 8 * 4; /* viceid, kvno, key*2, begin, + * end, primary, tktlen */ + toksize += RND(token->kad->ticket_len); break; - default: /* can't encode */ + case RXRPC_SECURITY_RXK5: + princ = &token->k5->client; + toksize += 4 + princ->n_name_parts * 4; + for (loop = 0; loop < princ->n_name_parts; loop++) + toksize += RND(strlen(princ->name_parts[loop])); + toksize += 4 + RND(strlen(princ->realm)); + + princ = &token->k5->server; + toksize += 4 + princ->n_name_parts * 4; + for (loop = 0; loop < princ->n_name_parts; loop++) + toksize += RND(strlen(princ->name_parts[loop])); + toksize += 4 + RND(strlen(princ->realm)); + + toksize += 8 + RND(token->k5->session.data_len); + + toksize += 4 * 8 + 2 * 4; + + toksize += 4 + token->k5->n_addresses * 8; + for (loop = 0; loop < token->k5->n_addresses; loop++) + toksize += RND(token->k5->addresses[loop].data_len); + + toksize += 4 + RND(token->k5->ticket_len); + toksize += 4 + RND(token->k5->ticket2_len); + + toksize += 4 + token->k5->n_authdata * 8; + for (loop = 0; loop < token->k5->n_authdata; loop++) + toksize += RND(token->k5->authdata[loop].data_len); break; + + default: /* we have a ticket we can't encode */ + BUG(); + continue; } + + _debug("token[%u]: toksize=%u", ntoks, toksize); + ASSERTCMP(toksize, <=, AFSTOKEN_LENGTH_MAX); + + toksizes[ntoks++] = toksize; + size += toksize + 4; /* each token has a length word */ } +#undef RND + if (!buffer || buflen < size) return size; @@ -647,52 +1087,109 @@ static long rxrpc_read(const struct key *key, if (put_user(y, xdr++) < 0) \ goto fault; \ } while(0) +#define ENCODE_DATA(l, s) \ + do { \ + u32 _l = (l); \ + ENCODE(l); \ + if (copy_to_user(xdr, (s), _l) != 0) \ + goto fault; \ + if (_l & 3 && \ + copy_to_user((u8 *)xdr + _l, &zero, 4 - (_l & 3)) != 0) \ + goto fault; \ + xdr += (_l + 3) >> 2; \ + } while(0) +#define ENCODE64(x) \ + do { \ + __be64 y = cpu_to_be64(x); \ + if (copy_to_user(xdr, &y, 8) != 0) \ + goto fault; \ + xdr += 8 >> 2; \ + } while(0) +#define ENCODE_STR(s) \ + do { \ + const char *_s = (s); \ + ENCODE_DATA(strlen(_s), _s); \ + } while(0) - ENCODE(0); /* flags */ - ENCODE(cnlen); /* cellname length */ - if (copy_to_user(xdr, key->description + 4, cnlen) != 0) - goto fault; - if (cnlen & 3 && - copy_to_user((u8 *)xdr + cnlen, &zero, 4 - (cnlen & 3)) != 0) - goto fault; - xdr += (cnlen + 3) >> 2; - ENCODE(ntoks); /* token count */ + ENCODE(0); /* flags */ + ENCODE_DATA(cnlen, key->description + 4); /* cellname */ + ENCODE(ntoks); + tok = 0; for (token = key->payload.data; token; token = token->next) { - toksize = 1 * 4; /* sec index */ + toksize = toksizes[tok++]; + ENCODE(toksize); + oldxdr = xdr; + ENCODE(token->security_index); switch (token->security_index) { case RXRPC_SECURITY_RXKAD: - toksize += 8 * 4; - toksize += (token->kad->ticket_len + 3) & ~3; - ENCODE(toksize); - ENCODE(token->security_index); ENCODE(token->kad->vice_id); ENCODE(token->kad->kvno); - if (copy_to_user(xdr, token->kad->session_key, 8) != 0) - goto fault; - xdr += 8 >> 2; + ENCODE_DATA(8, token->kad->session_key); ENCODE(token->kad->start); ENCODE(token->kad->expiry); ENCODE(token->kad->primary_flag); - tktlen = token->kad->ticket_len; - ENCODE(tktlen); - if (copy_to_user(xdr, token->kad->ticket, tktlen) != 0) - goto fault; - if (tktlen & 3 && - copy_to_user((u8 *)xdr + tktlen, &zero, - 4 - (tktlen & 3)) != 0) - goto fault; - xdr += (tktlen + 3) >> 2; + ENCODE_DATA(token->kad->ticket_len, token->kad->ticket); + break; + + case RXRPC_SECURITY_RXK5: + princ = &token->k5->client; + ENCODE(princ->n_name_parts); + for (loop = 0; loop < princ->n_name_parts; loop++) + ENCODE_STR(princ->name_parts[loop]); + ENCODE_STR(princ->realm); + + princ = &token->k5->server; + ENCODE(princ->n_name_parts); + for (loop = 0; loop < princ->n_name_parts; loop++) + ENCODE_STR(princ->name_parts[loop]); + ENCODE_STR(princ->realm); + + ENCODE(token->k5->session.tag); + ENCODE_DATA(token->k5->session.data_len, + token->k5->session.data); + + ENCODE64(token->k5->authtime); + ENCODE64(token->k5->starttime); + ENCODE64(token->k5->endtime); + ENCODE64(token->k5->renew_till); + ENCODE(token->k5->is_skey); + ENCODE(token->k5->flags); + + ENCODE(token->k5->n_addresses); + for (loop = 0; loop < token->k5->n_addresses; loop++) { + ENCODE(token->k5->addresses[loop].tag); + ENCODE_DATA(token->k5->addresses[loop].data_len, + token->k5->addresses[loop].data); + } + + ENCODE_DATA(token->k5->ticket_len, token->k5->ticket); + ENCODE_DATA(token->k5->ticket2_len, token->k5->ticket2); + + ENCODE(token->k5->n_authdata); + for (loop = 0; loop < token->k5->n_authdata; loop++) { + ENCODE(token->k5->authdata[loop].tag); + ENCODE_DATA(token->k5->authdata[loop].data_len, + token->k5->authdata[loop].data); + } break; default: + BUG(); break; } + + ASSERTCMP((unsigned long)xdr - (unsigned long)oldxdr, ==, + toksize); } +#undef ENCODE_STR +#undef ENCODE_DATA +#undef ENCODE64 #undef ENCODE + ASSERTCMP(tok, ==, ntoks); ASSERTCMP((char __user *) xdr - buffer, ==, size); _leave(" = %zu", size); return size; -- cgit v1.2.3 From 926e61b7c44db83013159ac2f74bccd451607b5a Mon Sep 17 00:00:00 2001 From: Jarek Poplawski Date: Tue, 15 Sep 2009 02:53:07 -0700 Subject: pkt_sched: Fix tx queue selection in tc_modify_qdisc After the recent mq change there is the new select_queue qdisc class method used in tc_modify_qdisc, but it works OK only for direct child qdiscs of mq qdisc. Grandchildren always get the first tx queue, which would give wrong qdisc_root etc. results (e.g. for sch_htb as child of sch_prio). This patch fixes it by using parent's dev_queue for such grandchildren qdiscs. The select_queue method's return type is changed BTW. With feedback from: Patrick McHardy Signed-off-by: Jarek Poplawski Signed-off-by: David S. Miller --- include/net/sch_generic.h | 2 +- net/sched/sch_api.c | 10 +++++++--- net/sched/sch_mq.c | 13 +++++++++---- 3 files changed, 17 insertions(+), 8 deletions(-) (limited to 'include') diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h index 88eb9de095de..c33180dd42b4 100644 --- a/include/net/sch_generic.h +++ b/include/net/sch_generic.h @@ -81,7 +81,7 @@ struct Qdisc struct Qdisc_class_ops { /* Child qdisc manipulation */ - unsigned int (*select_queue)(struct Qdisc *, struct tcmsg *); + struct netdev_queue * (*select_queue)(struct Qdisc *, struct tcmsg *); int (*graft)(struct Qdisc *, unsigned long cl, struct Qdisc *, struct Qdisc **); struct Qdisc * (*leaf)(struct Qdisc *, unsigned long cl); diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c index c6e4063f698c..1367aa21fad5 100644 --- a/net/sched/sch_api.c +++ b/net/sched/sch_api.c @@ -1116,12 +1116,16 @@ create_n_graft: tcm->tcm_parent, tcm->tcm_parent, tca, &err); else { - unsigned int ntx = 0; + struct netdev_queue *dev_queue; if (p && p->ops->cl_ops && p->ops->cl_ops->select_queue) - ntx = p->ops->cl_ops->select_queue(p, tcm); + dev_queue = p->ops->cl_ops->select_queue(p, tcm); + else if (p) + dev_queue = p->dev_queue; + else + dev_queue = netdev_get_tx_queue(dev, 0); - q = qdisc_create(dev, netdev_get_tx_queue(dev, ntx), p, + q = qdisc_create(dev, dev_queue, p, tcm->tcm_parent, tcm->tcm_handle, tca, &err); } diff --git a/net/sched/sch_mq.c b/net/sched/sch_mq.c index dd5ee022f1f7..600c50143cc7 100644 --- a/net/sched/sch_mq.c +++ b/net/sched/sch_mq.c @@ -125,13 +125,18 @@ static struct netdev_queue *mq_queue_get(struct Qdisc *sch, unsigned long cl) return netdev_get_tx_queue(dev, ntx); } -static unsigned int mq_select_queue(struct Qdisc *sch, struct tcmsg *tcm) +static struct netdev_queue *mq_select_queue(struct Qdisc *sch, + struct tcmsg *tcm) { unsigned int ntx = TC_H_MIN(tcm->tcm_parent); + struct netdev_queue *dev_queue = mq_queue_get(sch, ntx); - if (!mq_queue_get(sch, ntx)) - return 0; - return ntx - 1; + if (!dev_queue) { + struct net_device *dev = qdisc_dev(sch); + + return netdev_get_tx_queue(dev, 0); + } + return dev_queue; } static int mq_graft(struct Qdisc *sch, unsigned long cl, struct Qdisc *new, -- cgit v1.2.3 From 4e36a95e591e9c58dd10bb4103c00993917c27fd Mon Sep 17 00:00:00 2001 From: David Howells Date: Wed, 16 Sep 2009 00:01:13 -0700 Subject: RxRPC: Use uX/sX rather than uintX_t/intX_t types Use uX rather than uintX_t types for consistency. Signed-off-by: David Howells Signed-off-by: David S. Miller --- include/keys/rxrpc-type.h | 20 ++++++++++---------- net/rxrpc/ar-ack.c | 6 +++--- net/rxrpc/ar-internal.h | 16 ++++++++-------- net/rxrpc/ar-key.c | 2 +- 4 files changed, 22 insertions(+), 22 deletions(-) (limited to 'include') diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h index 5eb23571b425..5cb86c307f5d 100644 --- a/include/keys/rxrpc-type.h +++ b/include/keys/rxrpc-type.h @@ -53,8 +53,8 @@ struct krb5_tagged_data { * - KRB5_AUTHDATA_* for auth data * - */ - int32_t tag; - uint32_t data_len; + s32 tag; + u32 data_len; u8 *data; }; @@ -62,17 +62,17 @@ struct krb5_tagged_data { * RxRPC key for Kerberos V (type-5 security) */ struct rxk5_key { - uint64_t authtime; /* time at which auth token generated */ - uint64_t starttime; /* time at which auth token starts */ - uint64_t endtime; /* time at which auth token expired */ - uint64_t renew_till; /* time to which auth token can be renewed */ - int32_t is_skey; /* T if ticket is encrypted in another ticket's + u64 authtime; /* time at which auth token generated */ + u64 starttime; /* time at which auth token starts */ + u64 endtime; /* time at which auth token expired */ + u64 renew_till; /* time to which auth token can be renewed */ + s32 is_skey; /* T if ticket is encrypted in another ticket's * skey */ - int32_t flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */ + s32 flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */ struct krb5_principal client; /* client principal name */ struct krb5_principal server; /* server principal name */ - uint16_t ticket_len; /* length of ticket */ - uint16_t ticket2_len; /* length of second ticket */ + u16 ticket_len; /* length of ticket */ + u16 ticket2_len; /* length of second ticket */ u8 n_authdata; /* number of authorisation data elements */ u8 n_addresses; /* number of addresses */ struct krb5_tagged_data session; /* session data; tag is enctype */ diff --git a/net/rxrpc/ar-ack.c b/net/rxrpc/ar-ack.c index c9f1f0a3a2ff..b4a220977031 100644 --- a/net/rxrpc/ar-ack.c +++ b/net/rxrpc/ar-ack.c @@ -40,7 +40,7 @@ static const s8 rxrpc_ack_priority[] = { /* * propose an ACK be sent */ -void __rxrpc_propose_ACK(struct rxrpc_call *call, uint8_t ack_reason, +void __rxrpc_propose_ACK(struct rxrpc_call *call, u8 ack_reason, __be32 serial, bool immediate) { unsigned long expiry; @@ -120,7 +120,7 @@ cancel_timer: /* * propose an ACK be sent, locking the call structure */ -void rxrpc_propose_ACK(struct rxrpc_call *call, uint8_t ack_reason, +void rxrpc_propose_ACK(struct rxrpc_call *call, u8 ack_reason, __be32 serial, bool immediate) { s8 prior = rxrpc_ack_priority[ack_reason]; @@ -520,7 +520,7 @@ static void rxrpc_zap_tx_window(struct rxrpc_call *call) struct rxrpc_skb_priv *sp; struct sk_buff *skb; unsigned long _skb, *acks_window; - uint8_t winsz = call->acks_winsz; + u8 winsz = call->acks_winsz; int tail; acks_window = call->acks_window; diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h index 46c6d8888493..7043b294bb67 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -229,7 +229,7 @@ struct rxrpc_conn_bundle { int debug_id; /* debug ID for printks */ unsigned short num_conns; /* number of connections in this bundle */ __be16 service_id; /* service ID */ - uint8_t security_ix; /* security type */ + u8 security_ix; /* security type */ }; /* @@ -370,10 +370,10 @@ struct rxrpc_call { u8 channel; /* connection channel occupied by this call */ /* transmission-phase ACK management */ - uint8_t acks_head; /* offset into window of first entry */ - uint8_t acks_tail; /* offset into window of last entry */ - uint8_t acks_winsz; /* size of un-ACK'd window */ - uint8_t acks_unacked; /* lowest unacked packet in last ACK received */ + u8 acks_head; /* offset into window of first entry */ + u8 acks_tail; /* offset into window of last entry */ + u8 acks_winsz; /* size of un-ACK'd window */ + u8 acks_unacked; /* lowest unacked packet in last ACK received */ int acks_latest; /* serial number of latest ACK received */ rxrpc_seq_t acks_hard; /* highest definitively ACK'd msg seq */ unsigned long *acks_window; /* sent packet window @@ -388,7 +388,7 @@ struct rxrpc_call { rxrpc_seq_t rx_first_oos; /* first packet in rx_oos_queue (or 0) */ rxrpc_seq_t ackr_win_top; /* top of ACK window (rx_data_eaten is bottom) */ rxrpc_seq_net_t ackr_prev_seq; /* previous sequence number received */ - uint8_t ackr_reason; /* reason to ACK */ + u8 ackr_reason; /* reason to ACK */ __be32 ackr_serial; /* serial of packet being ACK'd */ atomic_t ackr_not_idle; /* number of packets in Rx queue */ @@ -434,8 +434,8 @@ extern int rxrpc_reject_call(struct rxrpc_sock *); /* * ar-ack.c */ -extern void __rxrpc_propose_ACK(struct rxrpc_call *, uint8_t, __be32, bool); -extern void rxrpc_propose_ACK(struct rxrpc_call *, uint8_t, __be32, bool); +extern void __rxrpc_propose_ACK(struct rxrpc_call *, u8, __be32, bool); +extern void rxrpc_propose_ACK(struct rxrpc_call *, u8, __be32, bool); extern void rxrpc_process_call(struct work_struct *); /* diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c index 44836f6c9643..74697b200496 100644 --- a/net/rxrpc/ar-key.c +++ b/net/rxrpc/ar-key.c @@ -360,7 +360,7 @@ static int rxrpc_krb5_decode_tagged_array(struct krb5_tagged_data **_td, /* * extract a krb5 ticket */ -static int rxrpc_krb5_decode_ticket(u8 **_ticket, uint16_t *_tktlen, +static int rxrpc_krb5_decode_ticket(u8 **_ticket, u16 *_tktlen, const __be32 **_xdr, unsigned *_toklen) { const __be32 *xdr = *_xdr; -- cgit v1.2.3