Miss a lock protection in if_tag_stat_update while doing get_iface_entry. So if
one CPU is doing iface_stat_create while another CPU is doing if_tag_stat_update,
race will happened.
Change-Id: Ib8d98e542f4e385685499f5b7bb7354f08654a75
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
Force any pending hardidletimer_tg_work() to complete before freeing
the associated work struct.
CRs-Fixed: 814707
Change-Id: I57b2f0dcd24f05ddb472d6007525d1722f9fe0b0
Signed-off-by: Patrick Daly <pdaly@codeaurora.org>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
idletimer_resume() assumes that the PM_SUSPEND_PREPARE notifier is sent
before PM_POST_PREPARE so that timer->last_suspend_time is initialized.
However, it is posible for PM_POST_PREPARE to be sent first if there is an
error returned from another driver's PM_SUSPEND_PREPARE notifier.
Add a flag indicating whether the current value of timer->last_suspend is
valid.
Detected with CONFIG_SLUB_DEBUG & CONFIG_DEBUG_SPINLOCK in arm64. The
timestamp lock is held for more than a minute while
set_normalized_timespec() proceses the poisoned timer->last_suspend_time
argument.
Change-Id: I95328b0ac85dba819ff9cef751c3d07300c232f1
CRs-fixed: 745178
Signed-off-by: Patrick Daly <pdaly@codeaurora.org>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
Message notifications contains an additional uid field. This field
represents the uid that was responsible for waking the radio. And hence
it is present only in notifications stating that the radio is now
active.
Change-Id: I18fc73eada512e370d7ab24fc9f890845037b729
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Bug: 20264396
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
"timer" was checked for null, but used later without being re-checked.
Change-Id: Ib4d08cd49860c9f157d1cac556705ba85cd44f4e
Reported-by: dan.carpenter@oracle.com
Signed-off-by: JP Abgrall <jpa@google.com>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
e254d2c28c880da28626af6d53b7add5f7d6afee
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
Message notifications contains an additional timestamp field in nano seconds.
The expiry time for the timers are modified during suspend/resume.
If timer was supposed to expire while the system is suspended then a
notification is sent when it resumes with the timestamp of the scheduled expiry.
Removes the race condition for multiple work scheduled.
Bug: 13247811
Change-Id: I752c5b00225fe7085482819f975cc0eb5af89bff
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
This patch adds a SOCK_DESTROY operation, a destroy function
pointer to sock_diag_handler, and a diag_destroy function
pointer. It does not include any implementation code.
[Backport of net-next 64be0aed59ad519d6f2160868734f7e278290ac1]
Change-Id: I1d998e1c5f836b2f5638c0f79244c372c8d2d9d9
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
Alex Efros reported rpfilter module doesn't match following packets:
IN=br.qemu SRC=192.168.2.1 DST=192.168.2.255 [ .. ]
(netfilter bugzilla #814).
Problem is that network stack arranges for the locally generated broadcasts
to appear on the interface they were sent out, so the IFF_LOOPBACK check
doesn't trigger.
As -m rpfilter is restricted to PREROUTING, we can check for existing
rtable instead, it catches locally-generated broad/multicast case, too.
Change-Id: I2d921ac4d53e5b1ca9a5249e489c33e4fa4a4b3a
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
To avoid BT-WiFi coexistence issues, phone will reject
EV3 packet types.Code Logic added to reject EV3 packet
type when eSCO Connection request is from Carkit/Headset,
hence headset will connect SCO with HV3 packet.Phone will
connect devices with eSCO only if 2EV3 packet type is
supported and for other SCO will be connected. This commit
is propagated from (CR)
- Original JIRA (CR) Packet optimization for BT
- Feature ID 33099
Change-Id: Icf2ea0589b4364a0a3b1ae33fb724e4fcec36255
Reviewed-on: http://gerrit.pcs.mot.com/317610
Tested-by: Jira Key <JIRAKEY@motorola.com>
Reviewed-by: Check Patch <CHEKPACH@motorola.com>
Reviewed-by: Klocwork kwcheck <klocwork-kwcheck@sourceforge.mot.com>
Reviewed-by: LieJun Tao <L.J.Tao@motorola.com>
Reviewed-by: Ashish Kumar Sharma <rjmc87@motorola.com>
Reviewed-by: Tao Hu <taohu@motorola.com>
Reviewed-by: Jeffrey Carlyle <jeff.carlyle@motorola.com>
Signed-off-by: Vishwanath K M <a21174@motorola.com>
Reviewed-on: http://gerrit.pcs.mot.com/512986
Tested-by: Jira Key <jirakey@motorola.com>
Reviewed-by: Viswanathan N <a21415@motorola.com>
Submit-Approved: Jira Key <jirakey@motorola.com>
(cherry picked from commit ab0181f1846f873284bcfb430a49d253ebca9bb2)
In this API, we were using sizeof operator for an array
given as function argument, which is invalid.
However this API is not used anywhere.
Change-Id: I80a43472b35f0f6c117624de2b2907b37eefb786
Signed-off-by: Syam Sidhardhan <s.syam@samsung.com>
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
We should check that e->target_offset is sane before
mark_source_chains gets called since it will fetch the target entry
for loop detection.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
Git-repo: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Git-commit: bdf533de6968e9686df777dc178486f600c6e617
(cherry picked from commit bdf533de6968e9686df777dc178486f600c6e617)
Change-Id: Id3ec56cdc333990d62c99d6c2e59dbcce633bcc1
Otherwise this function may read data beyond the ruleset blob.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Git-repo: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Git-commit: 6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91
Change-Id: I78ac6043166c21e47b83a3742e3bd95c6710c953
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
Ben Hawkes says:
In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it
is possible for a user-supplied ipt_entry structure to have a large
next_offset field. This field is not bounds checked prior to writing a
counter value at the supplied offset.
Problem is that mark_source_chains should not have been called --
the rule doesn't have a next entry, so its supposed to return
an absolute verdict of either ACCEPT or DROP.
However, the function conditional() doesn't work as the name implies.
It only checks that the rule is using wildcard address matching.
However, an unconditional rule must also not be using any matches
(no -m args).
The underflow validator only checked the addresses, therefore
passing the 'unconditional absolute verdict' test, while
mark_source_chains also tested for presence of matches, and thus
proceeeded to the next (not-existent) rule.
Unify this so that all the callers have same idea of 'unconditional rule'.
Change-Id: Icbca80abeff1811180e61195802664220b30853f
Reported-by: Ben Hawkes <hawkes@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Git-commit: 54d83fc74aa9ec72794373cb47432c5f7fb1a309
Git-repo:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
The syzkaller fuzzer hit the following use-after-free:
Call Trace:
[<ffffffff8175ea0e>] __asan_report_load8_noabort+0x3e/0x40 mm/kasan/report.c:295
[<ffffffff851cc31a>] __sys_recvmmsg+0x6fa/0x7f0 net/socket.c:2261
[< inline >] SYSC_recvmmsg net/socket.c:2281
[<ffffffff851cc57f>] SyS_recvmmsg+0x16f/0x180 net/socket.c:2270
[<ffffffff86332bb6>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
And, as Dmitry rightly assessed, that is because we can drop the
reference and then touch it when the underlying recvmsg calls return
some packets and then hit an error, which will make recvmmsg to set
sock->sk->sk_err, oops, fix it.
Reported-and-Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Fixes: a2e2725541 ("net: Introduce recvmmsg socket syscall")
http://lkml.kernel.org/r/20160122211644.GC2470@redhat.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Change-Id: I447302392f46841f31c374bdb560fe5ee9c2d687
Git-repo: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Git-commit: 34b88a68f26a75e4fded796f1a49c40f82234b7d
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
UDP IPv4 encapsulation sockets will have their state printed as 0xF0
binary ORed with the actual state such that they can be distinguished
from regular UDP sockets in /proc/net/udp.
CRs-Fixed: 821341
Change-Id: I240ab1526a4280e5e996d9577a904581684fc84a
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Signed-off-by: Shreyas Narayan <shrena@codeaurora.org>
Fix to allow IPv6 packets originating locally to match rules with the "iff"
set to "lo". This allows IPv6 rule matching work the same as it does for
IPv4. From the iproute2 man page:
iif NAME
select the incoming device to match. If the interface is loop‐
back, the rule only matches packets originating from this host.
This means that you may create separate routing tables for for‐
warded and local packets and, hence, completely segregate them.
Change-Id: Id044383eaa17b24b99b167b0b14d88c7dcb3292d
Signed-off-by: David McCullough <david_mccullough@mcafee.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 4dc27d1cf3b3027b9ce654221c559e88b2f41b33
Git-repo: https://android.googlesource.com/kernel/msm/
Signed-off-by: Ravinder Konka <rkonka@codeaurora.org>
Fix to allow IPv6 packets originating locally to match rules with the "iff"
set to "lo". This allows IPv6 rule matching work the same as it does for
IPv4. From the iproute2 man page:
iif NAME
select the incoming device to match. If the interface is loop‐
back, the rule only matches packets originating from this host.
This means that you may create separate routing tables for for‐
warded and local packets and, hence, completely segregate them.
Signed-off-by: David McCullough <david_mccullough@mcafee.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 4dc27d1cf3b3027b9ce654221c559e88b2f41b33)
Change-Id: Ic62766e5c2d197446c67a0f225f10f39d70f09ea
Signed-off-by: Ravinder Konka <rkonka@codeaurora.org>
If we try to rmmod the driver for an interface while sockets with
setsockopt(JOIN_ANYCAST) are alive, some refcounts aren't cleaned up
and we get stuck on :
unregister_netdevice: waiting for ens3 to become free. Usage count = 1
If we LEAVE_ANYCAST/close everything before rmmod'ing, there is no
problem.
We need to perform a cleanup similar to the one for multicast in
addrconf_ifdown(how == 1).
BUG: 18902601
Change-Id: I6d51aed5755eb5738fcba91950e7773a1c985d2e
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 86a47ad60de5221c3869821d3552dcd1c89199f5
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Ian Maund <imaund@codeaurora.org>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
As suggested by Julian:
Simply, flowi4_iif must not contain 0, it does not
look logical to ignore all ip rules with specified iif.
because in fib_rule_match() we do:
if (rule->iifindex && (rule->iifindex != fl->flowi_iif))
goto out;
flowi4_iif should be LOOPBACK_IFINDEX by default .
We need to move LOOPBACK_IFINDEX to include/net/flow.h:
1) It is mostly used by flowi_iif
2) Fix the following compile error if we use it in flow.h
by the patches latter:
In file included from include/linux/netfilter.h:277:0,
from include/net/netns/netfilter.h:5,
from include/net/net_namespace.h:21,
from include/linux/netdevice.h:43,
from include/linux/icmpv6.h:12,
from include/linux/ipv6.h:61,
from include/net/ipv6.h:16,
from include/linux/sunrpc/clnt.h:27,
from include/linux/nfs_fs.h:30,
from init/do_mounts.c:32:
include/net/flow.h: In function ‘flowi4_init_output’:
include/net/flow.h:84:32: error: ‘LOOPBACK_IFINDEX’ undeclared (first use in this function)
[Backport of net-next 6a662719c9868b3d6c7d26b3a085f0cd3cc15e64]
Change-Id: Ib7a0a08d78c03800488afa1b2c170cb70e34cfd9
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Julian Anastasov <ja@ssi.bg>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Git-commit: 9c086b4cf266e9ac1afabb86ff9ef54407b344e2
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Ian Maund <imaund@codeaurora.org>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
The kernel forcefully applies MTU values received in router
advertisements provided the new MTU is less than the current. This
behavior is undesirable when the user space is managing the MTU. Instead
a sysctl flag 'accept_ra_mtu' is introduced such that the user space
can control whether or not RA provided MTU updates should be applied.
The default behavior is unchanged; user space must explicitly set this flag
to 0 for RA MTUs to be ignored.
Change-Id: I9b2672d7c7804b6d5394516f451888d3ac8d7803
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
1. For an IPv4 ping socket, ping_check_bind_addr does not check
the family of the socket address that's passed in. Instead,
make it behave like inet_bind, which enforces either that the
address family is AF_INET, or that the family is AF_UNSPEC and
the address is 0.0.0.0.
2. For an IPv6 ping socket, ping_check_bind_addr returns EINVAL
if the socket family is not AF_INET6. Return EAFNOSUPPORT
instead, for consistency with inet6_bind.
3. Make ping_v4_sendmsg and ping_v6_sendmsg return EAFNOSUPPORT
instead of EINVAL if an incorrect socket address structure is
passed in.
4. Make IPv6 ping sockets be IPv6-only. The code does not support
IPv4, and it cannot easily be made to support IPv4 because
the protocol numbers for ICMP and ICMPv6 are different. This
makes connect(::ffff:192.0.2.1) fail with EAFNOSUPPORT instead
of making the socket unusable
Among other things, this fixes an oops that can be triggered by:
int s = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
struct sockaddr_in6 sin6 = {
.sin6_family = AF_INET6,
.sin6_addr = in6addr_any,
};
bind(s, (struct sockaddr *) &sin6, sizeof(sin6));
[backport of net 9145736d4862145684009d6a72a6e61324a9439e]
Change-Id: If06ca86d9f1e4593c0d6df174caca3487c57a241
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 428e6d675d83323d05649d901cc0fa0069f8e825
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Ian Maund <imaund@codeaurora.org>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
ping_lookup() may return a wrong sock if sk_buff's and sock's protocols
dont' match. For example, sk_buff's protocol is ETH_P_IPV6, but sock's
sk_family is AF_INET, in that case, if sk->sk_bound_dev_if is zero, a wrong
sock will be returned.
the fix is to "continue" the searching, if no matching, return NULL.
Change-Id: I0edf397538e67657ea64917705ebff828c7aea4f
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: James Morris <jmorris@namei.org>
Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: netdev@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Jane Zhou <a17711@motorola.com>
Signed-off-by: Yiwei Zhao <gbjc64@motorola.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 91a0b603469069cdcce4d572b7525ffc9fd352a6
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Trilok Soni <tsoni@codeaurora.org>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Assign a unique proc inode to each namespace, and use that
inode number to ensure we only allocate at most one proc
inode for every namespace in proc.
A single proc inode per namespace allows userspace to test
to see if two processes are in the same namespace.
This has been a long requested feature and only blocked because
a naive implementation would put the id in a global space and
would ultimately require having a namespace for the names of
namespaces, making migration and certain virtualization tricks
impossible.
We still don't have per superblock inode numbers for proc, which
appears necessary for application unaware checkpoint/restart and
migrations (if the application is using namespace file descriptors)
but that is now allowd by the design if it becomes important.
I have preallocated the ipc and uts initial proc inode numbers so
their structures can be statically initialized.
Change-Id: I01d42c2f051fd74b1474d9d8378ccc78174cf3cf
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Git-commit: f80cd4676998eb352d1a8b9df0f3663537a9ce93
Git-repo: https://android.googlesource.com/kernel/common/
[schikk@codeaurora.org: Resolved merge conflicts ]
CRs-Fixed: 901628
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
[1] When entering NUD_PROBE state via neigh_update(), perhaps received
from userspace, correctly (re)initialize the probes count to zero.
This is useful for forcing revalidation of a neighbor (for example
if the host is attempting to do DNA [IPv4 4436, IPv6 6059]).
[2] Notify listeners when a neighbor goes into NUD_PROBE state.
By sending notifications on entry to NUD_PROBE state listeners get
more timely warnings of imminent connectivity issues.
The current notifications on entry to NUD_STALE have somewhat
limited usefulness: NUD_STALE is a perfectly normal state, as is
NUD_DELAY, whereas notifications on entry to NUD_FAILURE come after
a neighbor reachability problem has been confirmed (typically after
three probes).
Change-Id: Idfbff01774453b0930da48edaf0dfb9da701387a
Signed-off-by: Erik Kline <ek@google.com>
Acked-By: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 765c9c639fbb132af0cafc6e1da22fe6cea26bb8
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Acked-by: Nagarjuna Chaganti <nchagant@qti.qualcomm.com>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
If we don't do that, then the poison value is left in the ->pprev
backlink.
This can cause crashes if we do a disconnect, followed by a connect().
Change-Id: I8ce5297bbde2de3c3d917a690bf5de1b2dc566e8
Tested-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Wen Xu <hotdog3645@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: a134f083e79fb4c3d0a925691e732c56911b4326
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Avijit Kanti Das <avijitnsec@codeaurora.org>
The space is required so that the genregdb.awk
can interpret the values correctly.
CRs-Fixed: 802281
Change-Id: I85eabb723108e3a90793b25e3e02da0dc0e58794
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
softnet_data.input_pkt_queue is protected by a spinlock that we must
hold when transferring packets from victim queue to an active one.
This is because other cpus could still be trying to enqueue packets
into victim queue.
A second problem is that when we transfert the NAPI poll_list from
victim to current cpu, we absolutely need to special case the percpu
backlog, because we do not want to add complex locking to protect
process_queue : Only owner cpu is allowed to manipulate it, unless
cpu is offline.
Based on initial patch from Prasad Sodagudi &
Subash Abhinov Kasiviswanathan.
This version is better because we do not slow down packet processing,
only make migration safer.
Change-Id: I6468cc74779b126ce0565f8bd6cc39514b14eb38
Reported-by: Prasad Sodagudi <psodagud@codeaurora.org>
Reported-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Tom Herbert <therbert@google.com>
Git-commit: ac64da0b83d82abe62f78b3d0e21cca31aea24fa
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Trilok Soni <tsoni@codeaurora.org>
The default initial rwnd is hardcoded to 10.
Now we allow it to be controlled via
/proc/sys/net/ipv4/tcp_default_init_rwnd
which limits the values from 3 to 100
This is somewhat needed because ipv6 routes are
autoconfigured by the kernel.
See "An Argument for Increasing TCP's Initial Congestion Window"
in https://developers.google.com/speed/articles/tcp_initcwnd_paper.pdf
Change-Id: I386b2a9d62de0ebe05c1ebe1b4bd91b314af5c54
Signed-off-by: JP Abgrall <jpa@google.com>
Git-commit: 969ff3bbb38b6622800a1a4bd38404e3701193de
Git-Repo: https://android.googlesource.com/kernel/common.git
[imaund@codeaurora.org: Resolved trivial context conflicts.]
Signed-off-by: Ian Maund <imaund@codeaurora.org>
* fix skb->dev vs par->in/out
When there is some forwarding going on, it introduces extra state
around devs associated with xt_action_param->in/out and sk_buff->dev.
E.g.
par->in and par->out are both set, or
skb->dev and par->out are both set (and different)
This would lead qtaguid to make the wrong assumption about the
direction and update the wrong device stats.
Now we rely more on par->in/out.
* Fix handling when qtaguid is used as "owner"
When qtaguid is used as an owner module, and sk_socket->file is
not there (happens when tunnels are involved), it would
incorrectly do a tag stats update.
* Correct debug messages.
Bug: 11687690
Change-Id: I2b1ff8bd7131969ce9e25f8291d83a6280b3ba7f
Signed-off-by: JP Abgrall <jpa@google.com>
Git-commit: 2b71479d6f5fe8f33b335f713380f72037244395
Git-repo: https://www.codeaurora.org/cgit/quic/la/kernel/mediatek
[imaund@codeaurora.org: Resolved trivial context conflicts.]
Signed-off-by: Ian Maund <imaund@codeaurora.org>
This contains the following commits:
1. 0149763 net: core: Add a UID range to fib rules.
2. 1650474 net: core: Use the socket UID in routing lookups.
3. 0b16771 net: ipv4: Add the UID to the route cache.
4. ee058f1 net: core: Add a RTA_UID attribute to routes.
This is so that userspace can do per-UID route lookups.
Bug: 15413527
Change-Id: I1285474c6734614d3bda6f61d88dfe89a4af7892
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Git-commit: 0b428749ce5969bc06c73855e360141b4e7126e8
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Ian Maund <imaund@codeaurora.org>
The l2tp [get|set]sockopt() code has fallen back to the UDP functions
for socket option levels != SOL_PPPOL2TP since day one, but that has
never actually worked, since the l2tp socket isn't an inet socket.
As David Miller points out:
"If we wanted this to work, it'd have to look up the tunnel and then
use tunnel->sk, but I wonder how useful that would be"
Since this can never have worked so nobody could possibly have depended
on that functionality, just remove the broken code and return -EINVAL.
Change-Id: I7d00fb0c595cdd65f9724d710f93ca5362019e43
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Acked-by: James Chapman <jchapman@katalix.com>
Acked-by: David Miller <davem@davemloft.net>
Cc: Phil Turnbull <phil.turnbull@oracle.com>
Cc: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Willy Tarreau <w@1wt.eu>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Divya Sharma <c_shard@codeaurora.org>
Non-root user-space processes can send Netlink messages to other
processes that are well-known for being subscribed to Netlink
asynchronous notifications. This allows ilegitimate non-root
process to send forged messages to Netlink subscribers.
The userspace process usually verifies the legitimate origin in
two ways:
a) Socket credentials. If UID != 0, then the message comes from
some ilegitimate process and the message needs to be dropped.
b) Netlink portID. In general, portID == 0 means that the origin
of the messages comes from the kernel. Thus, discarding any
message not coming from the kernel.
However, ctnetlink sets the portID in event messages that has
been triggered by some user-space process, eg. conntrack utility.
So other processes subscribed to ctnetlink events, eg. conntrackd,
know that the event was triggered by some user-space action.
Neither of the two ways to discard ilegitimate messages coming
from non-root processes can help for ctnetlink.
This patch adds capability validation in case that dst_pid is set
in netlink_sendmsg(). This approach is aggressive since existing
applications using any Netlink bus to deliver messages between
two user-space processes will break. Note that the exception is
NETLINK_USERSOCK, since it is reserved for netlink-to-netlink
userspace communication.
Still, if anyone wants that his Netlink bus allows netlink-to-netlink
userspace, then they can set NL_NONROOT_SEND. However, by default,
I don't think it makes sense to allow to use NETLINK_ROUTE to
communicate two processes that are sending no matter what information
that is not related to link/neighbouring/routing. They should be using
NETLINK_USERSOCK instead for that.
Change-Id: I6382c2ecf3dc9ada1f6b7298ebb8bd08453d3a28
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Correct the channel list and tx power values for countries
with alpha2 IL, MX, ZA and TW.
Change-Id: I735a153ef1e87c1022f175ac360d675071d1ec2a
CRs-Fixed: 640859
Signed-off-by: Amar Singhal <asinghal@codeaurora.org>
Signed-off-by: Agarwal Ashish <ashishka@codeaurora.org>
When using mark-based routing, sockets returned from accept()
may need to be marked differently depending on the incoming
connection request.
This is the case, for example, if different socket marks identify
different networks: a listening socket may want to accept
connections from all networks, but each connection should be
marked with the network that the request came in on, so that
subsequent packets are sent on the correct network.
This patch adds a sysctl to mark TCP sockets based on the fwmark
of the incoming SYN packet. If enabled, and an unmarked socket
receives a SYN, then the SYN packet's fwmark is written to the
connection's inet_request_sock, and later written back to the
accepted socket when the connection is established. If the
socket already has a nonzero mark, then the behaviour is the same
as it is today, i.e., the listening socket's fwmark is used.
Black-box tested using user-mode linux:
- IPv4/IPv6 SYN+ACK, FIN, etc. packets are routed based on the
mark of the incoming SYN packet.
- The socket returned by accept() is marked with the mark of the
incoming SYN packet.
- Tested with syncookies=1 and syncookies=2.
Change-Id: I5e8c9b989762a93f3eb5a0c1b4df44f62d57f3cb
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
[imaund@codeaurora.org: Resolve trivial merge conflicts.]
Git-commit: 4593f09b1f9939ec6ed2f8d7848def26b98c47ac
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Ian Maund <imaund@codeaurora.org>
Kernel-originated IP packets that have no user socket associated
with them (e.g., ICMP errors and echo replies, TCP RSTs, etc.)
are emitted with a mark of zero. Add a sysctl to make them have
the same mark as the packet they are replying to.
This allows an administrator that wishes to do so to use
mark-based routing, firewalling, etc. for these replies by
marking the original packets inbound.
Tested using user-mode linux:
- ICMP/ICMPv6 echo replies and errors.
- TCP RST packets (IPv4 and IPv6).
Change-Id: I95d896647b278d092ef331d1377b959da1deb042
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Git-commit: 3356997e1e1b2aa9959f046203e6d0b193bbd7f7
Git-repo: https://android.googlesource.com/kernel/common.git
[imaund@codeaurora.org: Resolve trivial merge conflicts.]
Signed-off-by: Ian Maund <imaund@codeaurora.org>
Currently, IPv6 router discovery always puts routes into
RT6_TABLE_MAIN. This causes problems for connection managers
that want to support multiple simultaneous network connections
and want control over which one is used by default (e.g., wifi
and wired).
To work around this connection managers typically take the routes
they prefer and copy them to static routes with low metrics in
the main table. This puts the burden on the connection manager
to watch netlink to see if the routes have changed, delete the
routes when their lifetime expires, etc.
Instead, this patch adds a per-interface sysctl to have the
kernel put autoconf routes into different tables. This allows
each interface to have its own autoconf table, and choosing the
default interface (or using different interfaces at the same
time for different types of traffic) can be done using
appropriate ip rules.
The sysctl behaves as follows:
- = 0: default. Put routes into RT6_TABLE_MAIN as before.
- > 0: manual. Put routes into the specified table.
- < 0: automatic. Add the absolute value of the sysctl to the
device's ifindex, and use that table.
The automatic mode is most useful in conjunction with
net.ipv6.conf.default.accept_ra_rt_table. A connection manager
or distribution could set it to, say, -100 on boot, and
thereafter just use IP rules.
Change-Id: I093d39fb06ec413905dc0d0d5792c1bc5d5c73a9
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Git-commit: 5fe5c512af518d0abbbc0d2fafa8e355f518c2a9
Git-repo: https://android.googlesource.com/kernel/common.git
[imaund@codeaurora.org: Resolve trivial merge conflicts]
Signed-off-by: Ian Maund <imaund@codeaurora.org>
[net-next commit bf439b3154ce49d81a79b14f9fab18af99018ae2]
Change-Id: I8356e9132088c75d4510021c6e4c2641d772087a
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: a5d5c168c37e0ab30ba07b2c79c7cba9615f4e87
Git-repo: https://android.googlesource.com/kernel/common.git
Signed-off-by: Ian Maund <imaund@codeaurora.org>
Added module which subscribes to socket notifier events. Notifier events
are then converted to a multicast netlink message for user space
applications to consume.
CRs-Fixed: 626021
Change-Id: Id5c6808d972b69f5f065d7fba9094e75c6ad0b2c
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Allows other areas in the kernel to register notifier callbacks which
get invoked whenever something performs an administrative action on a
socket. This patch adds hooks in socket(), bind(), listen(), accept(),
shutdown().
CRs-Fixed: 626021
Change-Id: I4ae99cb2206d7c4eddba69757335c18d10143045
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
memset() the structure ethtool_wolinfo that has padded bytes
but the padded bytes have not been zeroed out.
Change-Id: If3fd2d872a1b1ab9521d937b86a29fc468a8bbfe
Signed-off-by: Avijit Kanti Das <avijitnsec@codeaurora.org>
All seq_printf() users are using "%n" for calculating padding size,
convert them to use seq_setwidth() / seq_pad() pair.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Joe Perches <joe@perches.com>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Git-commit: 652586df95e5d76b37d07a11839126dcfede1621
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
[rsiddoji@codeaurora.org: Resolve merge conflicts with ipv4/6 ping
changes in upstream]
CRs-fixed: 665291
Change-Id: Ia0416c9dbe3d80ff35f24f9c93c3543d1200a327
Signed-off-by: Ravi Kumar <rsiddoji@codeaurora.org>
Plug a group_info refcount leak in ping_init.
group_info is only needed during initialization and
the code failed to release the reference on exit.
While here move grabbing the reference to a place
where it is actually needed.
Change-Id: I38d476f49e7ae300bc1168bc4b2c1b67274a51ca
Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
Signed-off-by: Zhang Dongxing <dongxing.zhang@intel.com>
Signed-off-by: xiaoming wang <xiaoming.wang@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit:b04c46190219a4f845e46a459e3102137b7f6cac
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git
Signed-off-by: Divya Sharma <c_shard@codeaurora.org>
[rsiddoji@codeaurora.org: resolve trivial merge conflicts]
Signed-off-by: Ravi Kumar S <rsiddoji@codeaurora.org>
Queueing the socket after setting the NETLINK_KERNEL_SOCKET on the
kernel socket.
This change is required in-order to avoid the BUG check which is
caused due to race condition between setting this flag and a
message from the app space for this kernel netlink sock.
Change-Id: I19a8edf2fe009a3020b194684a6172654f8f257a
CRs-Fixed: 681815
Signed-off-by: Vinay Krishna Eranna <veran@codeaurora.org>
After IP route cache removal, I believe rcu_bh() has very little use and
we should remove this RCU variant, since it adds some cycles in fast
path.
Anyway, the call_rcu_bh() use in fib_true is obviously wrong, since
some users only assert rcu_read_lock().
Change-Id: Ie22d933518d579f4d018a4efec9d3a39c7b64681
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 0c03eca3d995e73d691edea8c787e25929ec156d
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Osvaldo Banuelos <osvaldob@codeaurora.org>
Setting net.ipv6.conf.<interface>.accept_ra=2 causes the kernel
to accept RAs even when forwarding is enabled. However, enabling
forwarding purges all default routes on the system, breaking
connectivity until the next RA is received. Fix this by not
purging default routes on interfaces that have accept_ra=2.
Change-Id: Icda010467c030b11f2cc91fac8d1331b6e9fc370
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
CRs-Fixed: 646636
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Driver configures the default country code during bootup.
When STA disconnects,cfg80211 restore the regulatory setting
to world domain.cfg80211 should remain in the default country
code and not restore to world reg domain.
Change-Id: I01ccdc4d2831cf252a4b35f9f856f3256d9b7429
CRs-Fixed: 630014
Signed-off-by: Sachin Ahuja <sahuja@codeaurora.org>
Assign/pass the cur_cmd_info parameter correctly. This fixes a
merge error when open source commit
ad7e718c9b4f717823fd920a0103f7b0fb06183f was pulled into the tree.
CRs-Fixed: 672390
Change-Id: Iaa21a1723709683a6f34b07423b74ef0b6077b68
Signed-off-by: Sunil Dutt <usdutt@codeaurora.org>
A plain read() on a socket does set msg->msg_name to NULL. So check for
NULL pointer first.
Change-Id: I3773934fb633157ce5011d2f10900b7caef73733
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: cf970c002d270c36202bd5b9c2804d3097a52da0
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Avijit Kanti Das <avijitnsec@codeaurora.org>
Coverity pointed out that in the (practically impossible)
error case we leak the message - fix this.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 9fe271af7d4de96471c5aaee2f4d0d1576050497
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Change-Id: I78c3631eabd04e86872faf65fa1e401dadb35a75
Signed-off-by: Ahmad Kholaif <akholaif@codeaurora.org>
There are a few places which check nl80211hdr_put() for an ERR_PTR
but actually it returns NULL on error and never error values. In
nl80211_testmode_dump() the return wasn't checked at all so I have
added one.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
[some whitespace changes]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: cb35fba360dfc3496e5d8a47e23ec5ccdfd90925
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Change-Id: I5da1aafea35110a1ce606d402b1b96859d34b869
[akholaif@codeaurora.org: resolved conflicts manually]
Signed-off-by: Ahmad Kholaif <akholaif@codeaurora.org>
As reported by Jan, and others over the past few years, there is a
race condition caused by unix_release setting the sock->sk pointer
to NULL before properly marking the socket as dead/orphaned. This
can cause a problem with the LSM hook security_unix_may_send() if
there is another socket attempting to write to this partially
released socket in between when sock->sk is set to NULL and it is
marked as dead/orphaned. This patch fixes this by only setting
sock->sk to NULL after the socket has been marked as dead; I also
take the opportunity to make unix_release_sock() a void function
as it only ever returned 0/success.
Dave, I think this one should go on the -stable pile.
Special thanks to Jan for coming up with a reproducer for this
problem.
CRs-Fixed: 660580
Change-Id: I0e39b84464cf3f4c9daf8677bba444d0d6d94825
Reported-by: Jan Stancek <jan.stancek@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: ded34e0fe8fe8c2d595bfa30626654e4b87621e0
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
Signed-off-by: Vignesh Radhakrishnan <vigneshr@codeaurora.org>
Some years ago, the ktime_t helper functions ktime_now() and ktime_lt()
have been introduced. Instead of defining them inside pktgen.c, they
should either use ktime_t library functions or, if not available, they
should be defined in ktime.h, so that also others can benefit from them.
ktime_compare() is introduced with a similar notion as in timespec_compare().
Change-Id: I3d092b737d46cf2368baf4101c852fe9a4db510f
Signed-off-by: Daniel Borkmann <daniel.borkmann@tik.ee.ethz.ch>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Stephen Hemminger <shemminger@vyatta.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Matt Wagantall <mattw@codeaurora.org>
When call_crda() is called we kick off a witch hunt search
for the same regulatory domain on our internal regulatory
database and that work gets kicked off on a workqueue, this
is done while the cfg80211_mutex is held. If that workqueue
kicks off it will first lock reg_regdb_search_mutex and
later cfg80211_mutex but to ensure two CPUs will not contend
against cfg80211_mutex the right thing to do is to have the
reg_regdb_search() wait until the cfg80211_mutex is let go.
Change-Id: Ibb44a5325876d77f1549d3938d56d8fbd051b9ba
CRs-Fixed: 655287
Signed-off-by: Santhosh Kumar Padma <skpadma@codeaurora.org>
The TCP delayed ack parameters can be configured from user space
application which runs with non-root credentials and does not have
direct write access to /proc entries. This commit creates shadow
files under /sys/kernel/ipv4 which maps to /proc/sys/net/ipv4.
CRs-Fixed: 628139
Change-Id: Ib7242aaae930dbc02133e44c04e182ebc52bc89f
Signed-off-by: Ravi Joshi <ravij@codeaurora.org>
Change regulatory rules for Indonesia as per the
directive from regulatory compliance team.
Change-Id: If25a3100a94492191b322310406ae9047bd6f4a2
CRs-Fixed: 637303
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
While framing the TDLS Setup Confirmation frame, the driver needs to
know if the TDLS peer is VHT/HT/WMM capable and thus shall construct
the VHT/HT operation / WMM parameter elements accordingly. Supplicant
determines if the TDLS peer is VHT/HT/WMM capable based on the
presence of the respective IEs in the received TDLS Setup Response frame.
The host driver should not need to parse the received TDLS Response
frame and thus, should be able to rely on the supplicant to indicate
the capability of the peer through additional flags while transmitting
the TDLS Setup Confirmation frame through tdls_mgmt operations.
CRs-Fixed: 650927
Change-Id: I6e37ff671aa39b27cd22fa8af0b6a1a3b33a64db
[ppotte@codeaurora.org: manually solved merge conflicts]
Signed-off-by: Pradeep Reddy POTTETI <ppotte@codeaurora.org>
This allows drivers to advertise the maximum number of associated
stations they support in AP mode (including P2P GO). User space
applications can use this for cleaner way of handling the limit (e.g.,
hostapd rejecting IEEE 802.11 authentication without manual
configuration of the limit) or to figure out what type of use cases can
be executed with multiple devices before trying and failing.
CRs-Fixed: 650927
Change-Id: I73a078800d8da28c9699cc02e7d4142691107811
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: b43504cf75b8b8773ee70c90bcd691282e151b9a
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-testing.git
[ppotte@codeaurora.org: manually solved merge conflicts]
Signed-off-by: Pradeep Reddy POTTETI <ppotte@codeaurora.org>
This clarifies the expected driver behavior on the older
NL80211_ATTR_MAC and NL80211_ATTR_WIPHY_FREQ attributes and adds a new
set of similar attributes with _HINT postfix to enable use of a
recommendation of the initial BSS to choose. This can be helpful for
some drivers that can avoid an additional full scan on connection
request if the information is provided to them (user space tools like
wpa_supplicant already has that information available based on earlier
scans).
In addition, this can be used to get more expected behavior for cases
where a specific BSS should be picked first based on operations like
Interworking network selection or WPS. These cases were already easily
addressed with drivers that leave BSS selection to user space, but there
was no convenient way to do this with drivers that take care of BSS
selection internally without using the NL80211_ATTR_MAC which is not
really desired since it is needed for other purposes to force the
association to remain with the same BSS.
CRs-Fixed: 650927
Change-Id: I882d4b94b90f270907df0e53c360d69f3c984fb8
Signed-off-by: Jouni Malinen <j@w1.fi>
[add const, fix policy]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 1df4a51082df6e5b0b8eb70df81885b9b4c9e6ec
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-testing.git
Signed-off-by: Pradeep Reddy POTTETI <ppotte@codeaurora.org>
This allows QoS mapping from external networks to be implemented as
defined in IEEE Std 802.11-2012, 10.24.9. APs can use this to advertise
DSCP ranges and exceptions for mapping frames to a specific UP over
Wi-Fi.
The payload of the QoS Map Set element (IEEE Std 802.11-2012, 8.4.2.97)
is sent to the driver through the new NL80211_ATTR_QOS_MAP attribute to
configure the local behavior either on the AP (based on local
configuration) or on a station (based on information received from the
AP).
CRs-fixed: 650927
Change-Id: I72ab05c7aa98528b05f6278df192cc25358c2666
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: fa9ffc745610f31c6bc136d5a6a1782e00870e72
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-testing.git
[ppotte@codeaurora.org: manually solved merge conflicts]
Signed-off-by: Pradeep Reddy POTTETI <ppotte@codeaurora.org>
Taking the gratuitous ARP/unsolicited NA detection code from
mwifiex (but fixing it up to not have read-after-skb-end bugs),
implement the ability for userspace to request the behaviour
required by HS2.0 to drop gratuitous ARP and unsolicited NA
frames when proxy ARP service is enabled on the AP. Since this
behaviour is only mandatory for HS2.0 and may not always be
desired, make it optional - modify cfg80211/nl80211 for that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: be9efdecf8ecdcc6d2221845482e7359b33a603b
Git-repo : git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git
Change-Id: I1e4083a2327c121073226aa6b75bb6b5b97cec00
CRs-fixed: 621827
[akholaif@codeaurora.org: only picked up the declaration
and definition of cfg80211_is_gratuitous_arp_unsolicited_na()]
Signed-off-by: Ahmad Kholaif <akholaif@codeaurora.org>
If the driver is loaded when cfg80211_regdom is intersected then
user hint will fail for the first time since cfg80211 does not
have a check to see if cfg80211_regdom is intersected. Add
a check to see if cf80211_regdom is intersected and allow the
user hint to be processed.
Change-Id: Iba9cdd32470e29d35d3bb35012eb404b7c78d601
CRs-Fixed: 639538
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
The Vendor command needs to have the NEED_NETDEV internal flag set
for the corresponding vendor_cmd function to initialize correctly
and call the vendor subcommand specific doit function.
Change-Id: Icc46438dc9467fe0344cb832633c49466e2d20d0
CRs-fixed: 633799
Signed-off-by: Subhani Shaik <subhanis@codeaurora.org>
If we don't need scope id, we should initialize it to zero.
Same for ->sin6_flowinfo.
Bug: 12800827
CRs-Fixed: 619776
Change-Id: Ic19792cee3f5dc30237562cf48e6bdf49817c96e
Cc: Lorenzo Colitti <lorenzo@google.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <amwang@redhat.com>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: c26d6b46da3ee86fa8a864347331e5513ca84c2b
Git-repo: git://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
[subashab@codeaurora.org : resolve trivial merge conflicts]
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
It has been observed that default values for some of key tcp/ip
parameters are affecting the tput/performance of the system. Hence
extending configuration capabilities to TCP/Ip stack through
sysctl interface
Change-Id: Ia92fc229c0a4a8c3f7e4e02cf7e3c8849719ddff
CRs-Fixed: 507581
Signed-off-by: Kiran Kumar Lokere <klokere@codeaurora.org>
The vendor/testmode event skb functions are needed outside
the ifdef for vendor-specific events, so move them out.
Change-Id: Ide22eb7326bdd524d04f8a7ec3398cdf0a5a88f7
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: e03ad6eade141daf0df07f1c312e8ae702327939
Git-repo: kernel.googlesource.com/pub/scm/linux/kernel/git/jberg/mac80211-next
Signed-off-by: Amar Singhal <asinghal@codeaurora.org>
countries
Ch 144 can be enabled in many countries. Enable it all countries that
are mapped to FCC3, FCC6 and APL7 (5GHz) RDs.
Change-Id: I1e11883a8085a900684eadd8f7a6f8f442cae3fb
CRs-Fixed: 614319
Signed-off-by: Manjunathappa Prakash <prakashpm@codeaurora.org>
Update the db.txt with new information from regulatory compliance team.
This considers changes posted as on Nov 15th, 2013: Various country updates
and corrections
CRs-Fixed: 579446
Change-Id: Ief60fc89c7d7ef67744bf20ced9eb5e6ed060ea9
Signed-off-by: Manjunathappa Prakash <prakashpm@codeaurora.org>
Signed-off-by: Arif Hussain <arifhussain@codeaurora.org>
In addition to vendor-specific commands, also support vendor-specific
events. These must be registered with cfg80211 before they can be used.
They're also advertised in nl80211 in the wiphy information so that
userspace knows can be expected. The events themselves are sent on a
new multicast group called "vendor".
Change-Id: I184aaa9f9e8461aee572f7d0a35916cd668c2218
CRs-fixed: 576020
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 567ffc3509b2d3f965a49a18631d3da7f9a96d4f
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/linville/wireless-next.git
Signed-off-by: Leo Chang <leochang@codeaurora.org>
Add support for vendor-specific commands to nl80211. This is
intended to be used for really vendor-specific functionality
that can't be implemented in a generic fashion for any reason.
It's *NOT* intended to be used for any normal/generic feature
or any optimisations that could be implemented across drivers.
Currently, only vendor commands (with replies) are supported,
no dump operations or vendor-specific notifications.
Also add a function wdev_to_ieee80211_vif() to mac80211 which
is needed for mac80211-based drivers wanting to implement any
vendor commands.
Change-Id: If73cf90d152ca0888a563cf4ae685aad9cec6443
CRs-fixed: 576020
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: ad7e718c9b4f717823fd920a0103f7b0fb06183f
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/linville/wireless-next.git
Signed-off-by: Leo Chang <leochang@codeaurora.org>
The current regdomain was not always set by the core. This causes
cards with a custom regulatory domain to ignore user initiated changes
if done before the card was registered.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Acked-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 23df0b731954502a9391e739b92927cee4360343
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
CRs-Fixed: 569424
Change-Id: Ia5462145a27f5ecdd7a1eb9f4235992f7a801097
[smihir@codeaurora.org: changes to merge cleanly in older kernel]
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
We don't validate iph->ihl which may lead a dead loop if we meet a IPIP
skb whose iph->ihl is zero. Fix this by failing immediately when iph->ihl
is evil (less than 5).
CRs-Fixed: 589913
Change-Id: Ifd7be75d153d7504704e7ff9d8f63fe3767326d2
Acked-by: David Arinzon <darinzon@qti.qualcomm.com>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
[net-next commit fbfe80c890a1dc521d0b629b870e32fcffff0da5]
ping_v6_sendmsg currently returns 0 on success. It should return
the number of bytes written instead.
Bug: 9469865
CRs-Fixed: 573548
Change-Id: I82b7d3a37ba91ad24e6dbd97a4880745ce16ad31
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 68221869132d78d712d402efd53633ae8aebda20
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
[backport of net-next 6d0bfe22611602f36617bc7aa2ffa1bbb2f54c67]
This adds the ability to send ICMPv6 echo requests without a
raw socket. The equivalent ability for ICMPv4 was added in
2011.
Instead of having separate code paths for IPv4 and IPv6, make
most of the code in net/ipv4/ping.c dual-stack and only add a
few IPv6-specific bits (like the protocol definition) to a new
net/ipv6/ping.c. Hopefully this will reduce divergence and/or
duplication of bugs in the future.
Caveats:
- Setting options via ancillary data (e.g., using IPV6_PKTINFO
to specify the outgoing interface) is not yet supported.
- There are no separate security settings for IPv4 and IPv6;
everything is controlled by /proc/net/ipv4/ping_group_range.
- The proc interface does not yet display IPv6 ping sockets
properly.
Tested with a patched copy of ping6 and using raw socket calls.
Compiles and works with all of CONFIG_IPV6={n,m,y}.
CRs-Fixed: 573548
Change-Id: I0081b4654dd54b12c8f233e00e18943582aa2142
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[lorenzo@google.com: backported to 3.4]
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Git-commit: 1f0675844e3b63a765e5bd32bc5af051ccd951c0
Git-repo: https://android.googlesource.com/kernel/common
[subashab@codeaurora.org : resolve trivial merge conflicts]
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Update db.txt by removing AD & BL from the list as recomened by
QCA regulatory compliance team
CRs-Fixed: 608532
Change-Id: I7b32feb32235e84e94100ee3a0986de1faaef88f
Signed-off-by: Tushnim Bhattacharyya <tushnimb@codeaurora.org>
Update the db.txt with support for channel 144 for US country code
CRs-Fixed: 599829
Change-Id: I627e27e5bc2f225080a36db4d575bf8c030267ce
Signed-off-by: Tushnim Bhattacharyya <tushnimb@codeaurora.org>
Remove the code that extracts the information of the rates without
the check for the corresponding bands. Also , this part of the code
is redundant as the following code checks for the same, which also
prevents a possible crash.
Change-Id: I1b4d243cd65f8890f4f7ab4cddf72aad261d7bb0
Signed-off-by: Ming-yi Lin <mylin@codeaurora.org>
The information of the peer's supported channels and supported operating
classes are required for the driver to perform TDLS off channel
operations. This commit enhances the function nl80211_(new)set_station
to pass this information of the peer to the driver.
CRs-fixed: 595620
Change-Id: I1d630deb4cf435e7f72e3a59276d3771c2b03114
Signed-off-by: Naresh Jayaram <njayar@codeaurora.org>
During kernel stability testing on an SMP ARMv7 system, Yalin Wang
reported the following panic from the netfilter code:
1fe0: 0000001c 5e2d3b10 4007e779 4009e110 60000010 00000032 ff565656 ff545454
[<c06c48dc>] (ipt_do_table+0x448/0x584) from [<c0655ef0>] (nf_iterate+0x48/0x7c)
[<c0655ef0>] (nf_iterate+0x48/0x7c) from [<c0655f7c>] (nf_hook_slow+0x58/0x104)
[<c0655f7c>] (nf_hook_slow+0x58/0x104) from [<c0683bbc>] (ip_local_deliver+0x88/0xa8)
[<c0683bbc>] (ip_local_deliver+0x88/0xa8) from [<c0683718>] (ip_rcv_finish+0x418/0x43c)
[<c0683718>] (ip_rcv_finish+0x418/0x43c) from [<c062b1c4>] (__netif_receive_skb+0x4cc/0x598)
[<c062b1c4>] (__netif_receive_skb+0x4cc/0x598) from [<c062b314>] (process_backlog+0x84/0x158)
[<c062b314>] (process_backlog+0x84/0x158) from [<c062de84>] (net_rx_action+0x70/0x1dc)
[<c062de84>] (net_rx_action+0x70/0x1dc) from [<c0088230>] (__do_softirq+0x11c/0x27c)
[<c0088230>] (__do_softirq+0x11c/0x27c) from [<c008857c>] (do_softirq+0x44/0x50)
[<c008857c>] (do_softirq+0x44/0x50) from [<c0088614>] (local_bh_enable_ip+0x8c/0xd0)
[<c0088614>] (local_bh_enable_ip+0x8c/0xd0) from [<c06b0330>] (inet_stream_connect+0x164/0x298)
[<c06b0330>] (inet_stream_connect+0x164/0x298) from [<c061d68c>] (sys_connect+0x88/0xc8)
[<c061d68c>] (sys_connect+0x88/0xc8) from [<c000e340>] (ret_fast_syscall+0x0/0x30)
Code: 2a000021 e59d2028 e59de01c e59f011c (e7824103)
---[ end trace da227214a82491bd ]---
Kernel panic - not syncing: Fatal exception in interrupt
This comes about because CPU1 is executing xt_replace_table in response
to a setsockopt syscall, resulting in:
ret = xt_jumpstack_alloc(newinfo);
--> newinfo->jumpstack = kzalloc(size, GFP_KERNEL);
[...]
table->private = newinfo;
newinfo->initial_entries = private->initial_entries;
Meanwhile, CPU0 is handling the network receive path and ends up in
ipt_do_table, resulting in:
private = table->private;
[...]
jumpstack = (struct ipt_entry **)private->jumpstack[cpu];
On weakly ordered memory architectures, the writes to table->private
and newinfo->jumpstack from CPU1 can be observed out of order by CPU0.
Furthermore, on architectures which don't respect ordering of address
dependencies (i.e. Alpha), the reads from CPU0 can also be re-ordered.
This patch adds an smp_wmb() before the assignment to table->private
(which is essentially publishing newinfo) to ensure that all writes to
newinfo will be observed before plugging it into the table structure.
A dependent-read barrier is also added on the consumer sides, to ensure
the same ordering requirements are also respected there.
Change-Id: Ia320d52510d7184c0f13d7f130102dbe685e8d6f
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Reported-by: Wang, Yalin <Yalin.Wang@sonymobile.com>
Tested-by: Wang, Yalin <Yalin.Wang@sonymobile.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Git-commit: b416c144f46af1a30ddfa4e4319a8f077381ad63
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Osvaldo Banuelos <osvaldob@codeaurora.org>
tcp_ioctl() tries to take into account if tcp socket received a FIN
to report correct number bytes in receive queue.
But its flaky because if the application ate the last skb,
we return 1 instead of 0.
Correct way to detect that FIN was received is to test SOCK_DONE.
Reported-by: Elliot Hughes <enh@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Tom Herbert <therbert@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Regulatory hints are processed in a worker thread and by the
time this thread gets a chance to schedule driver can deregister
the wiphy on which the country IE was discovered. There is no need
to process the hints which are coming from such invalid wiphy
devices and we should drop them.
Change-Id: I44f6f7b29ed1d0927151a88f3ea9e0c17044bd7e
CRs-Fixed: 588103
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
After pulling in regulatory information for Taiwan
from the compliance team the data for Taiwan was
inconsistent as it allowed 80MHz bandwidth for
frequency range which was less than 80MHz which was
resulting in failure to parse the regulatory rules
for Taiwan.
Change-Id: Ibfabf26c1481b37d163b755734491ba27b1a4195
CRs-Fixed: 582871
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
This reverts commit 3d78ff9df45c3028845c5cf6a05c9378e438f77f.
Although the standard is to detach sockets from process contexts prior
to freeing them, under some conditions doing this in tcp_nuke_addr()
will cause a null socket dereference in sk_wait_data(). To avoid this
scenario, it may be necessary to purge the sk_receive queue and place
additional checks to ensure a socket is orphaned only when it will be freed.
Change-Id: I880ea9e2cd259eebbc40a81a32b96b4af8c36f95
Signed-off-by: Osvaldo Banuelos <osvaldob@codeaurora.org>
Change will replace sprintf with snprintf, since sprintf is a
banned function.
CRs-FIxed: 548220
Change-Id: I32f5ab1f3707e5bbe43c31a7ad4611b67557b267
Signed-off-by: Juffin Alex Varghese <jalex@codeaurora.org>
Ensure socket is marked as dead prior to freeing it. This will
prevent other tasks executing in the system from potentially
using the freed resource.
Change-Id: I3c7c3ce24f287c4ea7ca7c1d1e5dc96ad37596b0
Signed-off-by: Osvaldo Banuelos <osvaldob@codeaurora.org>
Ensure socket is marked as dead prior to freeing it. This will
prevent other tasks executing in the system from potentially
using the freed resource.
Change-Id: I3c7c3ce24f287c4ea7ca7c1d1e5dc96ad37596b0
Signed-off-by: Osvaldo Banuelos <osvaldob@codeaurora.org>
In some cases, the skb->data alloc fail, then it will get a wrong
point value from the kmalloc_caches array. The value is little then
0x10,but in the slab reference, these value are all zero value. So
change the zero judgement.
CRs-Fixed: 573650
Change-Id: Iba138838821f515b131029cf240a5a99959bb2ff
Signed-off-by: Pan Fang <fangpan@codeaurora.org>
if a custom regulatory domain is passed and if a rule for a channel
indicates it should be disabled that channel should always remain
disabled as per its documentation and design.
Likewise if WIPHY_FLAG_STRICT_REGULATORY flag is set and a
regulatory_hint() is issued if a channel is disabled that channel should
remain disabled.
Without this change only drivers that set the _orig flags appropriately
on their own would ensure disallowed channels remaind disabled. This
helps drivers save code by relying on the APIS provided to entrust
channels that should not be enabled be respected by only having to use
wiphy_apply_custom_regulatory() or regulatory_hint() with the
WIPHY_FLAG_STRICT_REGULATORY set.
If wiphy_apply_custom_regulatory() is used together with
WIPHY_FLAG_STRICT_REGULATORY and a regulatory_hint() issued later, the
incoming regulatory domain can override previously set _orig parameters
from the initial custom regulatory setting.
Change-Id: Ia1af4b293bd299ac20e1934e5e03e633ecb9d6ee
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
Update the db.txt with new information from regulatory compliance
team.
Change-Id: I22d123c28becb87228f96116456fd2b969440fd3
Signed-off-by: Arif Hussain <arifhussain@codeaurora.org>
CRs-Fixed: 571151
Use a different error code if the regdomain is same and then
set the request processed so that it doesn't block new
requests.
Git-commit: 959085352b7c44ff9bae4d8a4d76146193260e4c
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-testing.git
Author: Kalle Valo <kvalo@qca.qualcomm.com>
Date: Thu Jul 12 15:33:58 2012 +0300
Change-Id: I8cbcf80bb43d983c72cf9037f30e11ae8d329b06
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
This is to help the hardware configured in world
roaming mode to save power when not connected to
any AP.
CRs-Fixed: 542802
Change-Id: Ia643d0e9848dcd486832973bd6dd186edd7bd4ea
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
802.11 cards may have different country IE parsing behavioural
preferences and vendors may want to support these. These preferences
were managed by the WIPHY_FLAG_CUSTOM_REGULATORY and the
WIPHY_FLAG_STRICT_REGULATORY flags and their combination.
Instead of using this existing notation, split out the country IE
behavioural preferences to a new flag. This will allow us to add more
customizations easily and make the code more maintainable. Also add
a new flag to disable country IE hints issued by the CORE as the
first customization.
Change-Id: I66ba4a92ac0f029a115eea0a274b02db11279787
CRs-Fixed: 542802
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
802.11 cards may have different country IE parsing behavioural
preferences and vendors may want to support these. These preferences
were managed by the WIPHY_FLAG_CUSTOM_REGULATORY and the
WIPHY_FLAG_STRICT_REGULATORY flags and their combination.
Instead of using this existing notation, split out the country IE
behavioural preferences to a new flag. This will allow us to add more
customizations easily and make the code more maintainable. Also add
a new flag to disable country IE hints issued by the CORE as the
first customization.
Change-Id: I66ba4a92ac0f029a115eea0a274b02db11279787
CRs-Fixed: 542802
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
This is to help the hardware configured in world
roaming mode to save power when not connected to
any AP.
CRs-Fixed: 542802
Change-Id: Ia643d0e9848dcd486832973bd6dd186edd7bd4ea
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
When a driver requests a specific regulatory domain after cfg80211 already
has one, a struct ieee80211_regdomain is leaked.
Change-Id: Id28fc9861b9c911a97bd242439eabca097d76258
Reported-by: Larry Finger <Larry.Finger@lwfinger.net>
Tested-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: b7566fc363e23f0efd3fa1e1460f9421cdc0d77e
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
[mattw@codeaurora.org: trivially backport to the msm-3.4 kernel]
Signed-off-by: Matt Wagantall <mattw@codeaurora.org>
Given the numerous clients of sockets, it is difficult to find the
offending client for the error that is being reported. Change the
kernel print messages to generate a warning instead so that we get
a complete call stack.
Change-Id: I4bfce3e0a5aecd88c6fa4a1f900482449a4b868d
Signed-off-by: Syed Rameez Mustafa <rameezmustafa@codeaurora.org>
When SSR happens at WLAN driver, the cfg80211 stop AP can fail at driver.
Make sure that the beacon interval is reset, even when this API fails.
Change-Id: I459f55ce5f4bc44c4d0e20170bd50a83c2d609b4
Signed-off-by: Sameer Thalappil <sameert@codeaurora.org>
AP stopped interface can be used to indicate that the AP mode has
stopped functioning, WLAN driver may have encountered errors that has
forced the driver to stop the AP mode.
When the driver is in P2P-Go mode, and when it goes thru automatic
recovery from firmware crashes, it uses this interface to notify the
userspace that the group has been deleted.
CRs-Fixed: 453060
Change-Id: Ifcd8d4f0c0b26f56a56fb8560aa474297b7521d4
Signed-off-by: Sameer Thalappil <sameert@codeaurora.org>
db.txt is required for the kernel to process regulatory
hints sent by driver.If db.txt is empty then driver callback
(wiphy->reg_notifier) will not be called so updating db.txt
from upstream kernel. With this change any driver using
regulatory_hint API need to register wiphy->reg_notifier
callback which will be called by cfg layer.This file would
be updated monthly from upstream respository.
Git-commit: bb99560ff69c44c30e47416501639e37014689c3
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-regdb.git
Author: John W. Linville <linville@tuxdriver.com>
Date: Wed Feb 13 14:36:58 2013 -0500
wireless-regdb: update regulatory.bin based on preceding changes.
CRs-Fixed: 472846
Change-Id: Ic2467894e6af3c5df9f6236e5c28c17636dd08f6
Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
Fix to return a negative error code from the error handling case
instead of 0(possible overwrite to 0 by ops->fill_xstats call),
as returned elsewhere in this function.
Change-Id: Ia985101d5b14755297c8fb62d0133e3da20c66e3
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: fcca143d696092110ae1e361866576804fe887f3
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
We need to validate the number of pages consumed by data_len, otherwise frags
array could be overflowed by userspace. So this patch validate data_len and
return -EMSGSIZE when data_len may occupies more frags than MAX_SKB_FRAGS.
Change-Id: I2a7d6bb93e4fa04efc6f576d22277f43b11257d3
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
with a family greater or equal then AF_MAX -- the array size of
sock_diag_handlers[]. The current code does not test for this
condition therefore is vulnerable to an out-of-bound access opening
doors for a privilege escalation.
CRs-fixed: 519050
Change-Id: I1466c4f56f3f4df90cf8a1ae17afa80c89b813e8
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Git-commit: 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sarang Joshi <spjoshi@codeaurora.org>
Some of the printks are in the packet handling path.
We now ratelimit the very unlikely errors to avoid
kmsg spamming.
Change-Id: If03d6b90bf367a356069f46aa5926a96fa508966
Signed-off-by: JP Abgrall <jpa@google.com>
Git-commit: bd91f6b21861cde78d800deede8ebeca0cc0cdd2
Git-repo: https://android.googlesource.com/kernel/common/
[subbaram@codeaurora.org: resolve trivial merge conflicts]
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
In the past it would always ignore interfaces with loopback addresses.
Now we just treat them like any other.
This also helps with writing tests that check for the presence
of the qtaguid module.
Change-Id: If0b5444b0a6e23a4089b0dd00a0d820f262f9fa7
Signed-off-by: JP Abgrall <jpa@google.com>
Git-commit: ab3801efc6d2e7b4610071ac87c6977ac9042ad9
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
qtaguid limits what can be done with /ctrl and /stats based on group
membership.
This changes removes AID_NET_BW_STATS and AID_NET_BW_ACCT, and picks
up the groups from the gid of the matching proc entry files.
Signed-off-by: JP Abgrall <jpa@google.com>
Git-commit: 7c060bfc57364ee541b1d9b534262f73c1b42b0d
Git-repo: https://android.googlesource.com/kernel/common/
Change-Id: I42e477adde78a12ed5eb58fbc0b277cdaadb6f94
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
In the past the iface_stat_fmt would only show global bytes/packets
for the skb-based numbers.
For stall detection in userspace, distinguishing tcp vs other protocols
makes it easier.
Now we report
ifname total_skb_rx_bytes total_skb_rx_packets total_skb_tx_bytes
total_skb_tx_packets {rx,tx}_{tcp,udp,ohter}_{bytes,packets}
Bug: 6818637
Change-Id: Ic5041f61bc010e535e119f769a65caa4779a5a81
Signed-off-by: JP Abgrall <jpa@google.com>
Git-commit: 01d1733e27c7c03dc700cd8cd7658b326bc0b1b2
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
If create_if_tag_stat fails to allocate memory (GFP_ATOMIC) the
following will happen:
qtaguid: iface_stat: tag stat alloc failed
...
kernel BUG at xt_qtaguid.c:1482!
Change-Id: I46bee5b6eacc070e604df15ed69f46edf87c148a
Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
Git-commit: 0310b9d5c7a0cd38433148b05992b180ec358676
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
qtudev_open() could return with a uid_tag_data_tree_lock held
when an kzalloc(..., GFP_ATOMIC) would fail.
Very unlikely to get triggered AND survive the mayhem of running out of mem.
Change-Id: I442dd68826a8f5ff7a02423f6f3832228c2f21ab
Signed-off-by: JP Abgrall <jpa@google.com>
Git-commit: fc36cc2104855ca64ab74b76d20ff27259cdae62
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
In the past, a process could only see its own stats (uid-based summary,
and details).
Now we allow any process to see other UIDs uid-based stats, but still
hide the detailed stats.
Change-Id: I7666961ed244ac1d9359c339b048799e5db9facc
Signed-off-by: JP Abgrall <jpa@google.com>
Git-commit: 776488328c5e70ee917e320e6d8d09ecfc85ec14
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
This fixes a bug where the list is accessed without a lock,
potentially causing corruption when there is a race.
Change-Id: I084dcadb537de00a4be6fa09e31ec693443d3986
Signed-off-by: Michael Bohan <mbohan@codeaurora.org>
In a rare race-condition, it's possible that a CPU will be brought
online between when the for_each_online_cpu() loop executes to
call flow_cache_cpu_prepare(), and when the hotplug notifier for
calling this same function is registered. If this happens,
flow_cache_cpu_prepare() will never be called for the new CPU,
resulting in crashes due to uninitialized per-cpu data.
Fix this by preventing CPUs from being added or removed during
this small but sensitive window.
Change-Id: Iafbbaa8a50e5c527392d130561874313720849d0
Signed-off-by: Matt Wagantall <mattw@codeaurora.org>
These allocation's life cycle is through out the system is alive. So,
ignore false positives.
Change-Id: Id33e27f4a993e66ec5a6373862fc06bfcd57f664
Signed-off-by: majianpeng <majianpeng@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 798ec84d45754403571d6387396236e877965c5a
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
Signed-off-by: Chintan Pandya <cpandya@codeaurora.org>
net/core/sysctl_net_core.c: In function sysctl_core_init
net/core/sysctl_net_core.c:259: error: implicit declaration of function
memleak_not_leak
with same error in net/ipv4/route.c
Change-Id: I75c3150f8cdce606efc8a472af32e4e933ac4e0d
Signed-off-by: Shan Wei <davidshan@tencent.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 7426a5645f3d18daec1f7d6a24b529ec7286b800
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/
Signed-off-by: Chintan Pandya <cpandya@codeaurora.org>
Add NATTYPE COOKIE to avoid invalid access of NATTYPE
entry from the conntrack module. This compensates for
possible garbage values in the conntrack entry, which
would cause potential errors.
Change-Id: I1a53fa0dc6961dd3e53d382642b413d4ee781ed6
Signed-off-by: Tyler Wear <twear@codeaurora.org>
Signed-off-by: Devendra Patel <cdevenp@codeaurora.org>
This patch fixes the issue that sysfs entry for hid was not removed when
disconnection was initiated from remote end or if BT was reset. Sysfs
entry prevented reconnection from HID device.
CRs-Fixed: 468516, 473179
Change-Id: I40bcd27450cd8f87180d33b66969dde4f08a34f3
Signed-off-by: Hemant Gupta <hemantg@codeaurora.org>
Otherwise an out of bounds read could happen.
Change-Id: Idaaf38bb61002a086c88734ac1f5be96825de26a
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 4e4b53768f1ddce38b7f6edcad3a063020ef0024
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Matt Wagantall <mattw@codeaurora.org>
I (Johannes) accidentally applied the first version of the patch
("Allow TDLS peer AID to be configured for VHT"). Now apply just
the changes between v1 and v2 to get the AID verification and
prefer the new attribute over the old one.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 3d124ea27ae2fc895f81725f0b4c7f3d9c733df4
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-testing.git
Change-Id: If33cf927dcf6ff8b95b0e0478b8f701b4d899c40
CRs-fixed: 483290
Signed-off-by: Sunil Dutt <duttus@codeaurora.org>
VHT uses peer AID in the PARTIAL_AID field in TDLS frames. The
current design for TDLS is to first add a dummy STA entry before
completing TDLS Setup and then update information on this STA
entry based on what was received from the peer during the setup
exchange.
In theory, this could use NL80211_ATTR_STA_AID to set
the peer AID just like this is used in AP mode to set the AID
of an association station. However, existing cfg80211 validation
rules prevent this attribute from being used with set_station
operation. To avoid interoperability issues between different
kernel and user space version combinations, introduce a new
nl80211 attribute for the purpose of setting TDLS peer AID.
This attribute can be used in both the new_station and set_station
operations. It is not supposed to be allowed to change the AID
value during the lifetime of the STA entry, but that validation
is left for drivers to do in the change_station callback.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 5e4b6f5698421d94226cc2f80eae6d613c9acef8
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-testing.git
Change-Id: I1d2f6d2f5a291f91858b45ad004de66a0080f1d2
CRs-fixed: 483290
[duttus@codeaurora.org: backport to 3.4-This commit includes the
changes from following commits in include/linux/nl80211.h to compile
for msm-3.4.
5de17984898c5758fc6ebe08eccea9f4b6548914 :
cfg80211: introduce critical protocol indication from user-space.]
Signed-off-by: Sunil Dutt <duttus@codeaurora.org>
NATTYPE entry timeout will not be updated when packets
start flowing through IPA and eventually can timeout.
Make changes to refresh the NATTYPE entry timeout from
the connection tracking netlink module which is used by
IPANAT to update conntrack timeout. Also make the timeout
dynamic by taking the expiry timeout value from connection
tracking entry. Otherwise NATTYPE entry will not timeout
even when all the corresponding conntrack entries expire.
CRs-FIXED: 490813
Change-Id: Ibb225d7b91070ca9948c7a11f0b5925a8435915c
Signed-off-by: Tyler Wear <twear@codeaurora.org>
Add API to enable drivers to implement MAC address based
access control in AP/P2P GO mode. Capable drivers advertise
this capability by setting the maximum number of MAC
addresses in such a list in wiphy->max_acl_mac_addrs.
An initial ACL may be given to the NL80211_CMD_START_AP
command and/or changed later with NL80211_CMD_SET_MAC_ACL.
Black- and whitelists are supported, but not simultaneously.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
[rewrite commit log, many cleanups]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 77765eaf5cfb6b8dd98ec8b54b411d74ff6095f1
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
CRs-fixed: 487410
Change-Id: I9593b887941be5efa5e96546ad92cd6c6bf8fb87
[duttus@codeaurora.org: resolved 3.4 backport issues]
Signed-off-by: Sunil Dutt <duttus@codeaurora.org>
On some suspend/resume operations involving wimax device, we have
noticed some intermittent memory corruptions in netlink code.
Stéphane Marchesin tracked this corruption in netlink_update_listeners()
and suggested a patch.
It appears netlink_release() should use kfree_rcu() instead of kfree()
for the listeners structure as it may be used by other cpus using RCU
protection.
netlink_release() must set to NULL the listeners pointer when
it is about to be freed.
Also have to protect netlink_update_listeners() and
netlink_has_listeners() if listeners is NULL.
Add a nl_deref_protected() lockdep helper to properly document which
locks protects us.
CRs-Fixed: 484684
Change-Id: I4d65f8787d33a5d220b08686887ef205337cd6c3
Reported-by: Jonathan Kliegman <kliegs@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Stéphane Marchesin <marcheu@google.com>
Cc: Sam Leffler <sleffler@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: 6d772ac5578f711d1ce7b03535d1c95bffb21dff
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Matt Wagantall <mattw@codeaurora.org>
If Hardware Error event is received from the SOC, then BT SOC is in bad
state. As per spec, Hardware Error event is handled in HCI. Upper layer
gets informed by HCI to reset everything. & recover BT state machine & BT
SOC.
Change-Id: Iefdf8511ad51f88ff8a24ab9e075eb8dbc0a0a67
Signed-off-by: Nitin Shivpure <nshivpur@codeaurora.org>
Add support for reporting and calculating VHT MCSes.
Note that I'm not completely sure that the bitrate
calculations are correct, nor that they can't be
simplified.
Change-Id: Id4c132850a85ff59f0fc16396763ed717689bec0
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: db9c64cf8d9d3fcbc34b09d037f266d1fc9f928c
Git-repo:
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Sameer Thalappil <sameert@codeaurora.org>
We hit a kernel OOPS.
<3>[23898.789643] BUG: sleeping function called from invalid context at
/data/buildbot/workdir/ics/hardware/intel/linux-2.6/arch/x86/mm/fault.c:1103
<3>[23898.862215] in_atomic(): 0, irqs_disabled(): 0, pid: 10526, name:
Thread-6683
<4>[23898.967805] HSU serial 0000:00:05.1: 0000:00:05.2:HSU serial prevented me
to suspend...
<4>[23899.258526] Pid: 10526, comm: Thread-6683 Tainted: G W
3.0.8-137685-ge7742f9 #1
<4>[23899.357404] HSU serial 0000:00:05.1: 0000:00:05.2:HSU serial prevented me
to suspend...
<4>[23899.904225] Call Trace:
<4>[23899.989209] [<c1227f50>] ? pgtable_bad+0x130/0x130
<4>[23900.000416] [<c1238c2a>] __might_sleep+0x10a/0x110
<4>[23900.007357] [<c1228021>] do_page_fault+0xd1/0x3c0
<4>[23900.013764] [<c18e9ba9>] ? restore_all+0xf/0xf
<4>[23900.024024] [<c17c007b>] ? napi_complete+0x8b/0x690
<4>[23900.029297] [<c1227f50>] ? pgtable_bad+0x130/0x130
<4>[23900.123739] [<c1227f50>] ? pgtable_bad+0x130/0x130
<4>[23900.128955] [<c18ea0c3>] error_code+0x5f/0x64
<4>[23900.133466] [<c1227f50>] ? pgtable_bad+0x130/0x130
<4>[23900.138450] [<c17f6298>] ? __ip_route_output_key+0x698/0x7c0
<4>[23900.144312] [<c17f5f8d>] ? __ip_route_output_key+0x38d/0x7c0
<4>[23900.150730] [<c17f63df>] ip_route_output_flow+0x1f/0x60
<4>[23900.156261] [<c181de58>] ip4_datagram_connect+0x188/0x2b0
<4>[23900.161960] [<c18e981f>] ? _raw_spin_unlock_bh+0x1f/0x30
<4>[23900.167834] [<c18298d6>] inet_dgram_connect+0x36/0x80
<4>[23900.173224] [<c14f9e88>] ? _copy_from_user+0x48/0x140
<4>[23900.178817] [<c17ab9da>] sys_connect+0x9a/0xd0
<4>[23900.183538] [<c132e93c>] ? alloc_file+0xdc/0x240
<4>[23900.189111] [<c123925d>] ? sub_preempt_count+0x3d/0x50
Function free_fib_info resets nexthop_nh->nh_dev to NULL before releasing
fi. Other cpu might be accessing fi. Fixing it by delaying the releasing.
With the patch, we ran MTBF testing on Android mobile for 12 hours
and didn't trigger the issue.
Thank Eric for very detailed review/checking the issue.
CRs-fixed: 430941
Change-Id: I14480ff9085a8e13fe43ea14bfa53fb7b77384b3
Signed-off-by: Yanmin Zhang <yanmin_zhang@linux.intel.com>
Signed-off-by: Kun Jiang <kunx.jiang@intel.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: e49cc0da7283088c5e03d475ffe2fdcb24a6d5b1
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Jay Chokshi <jchokshi@codeaurora.org>
Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the
WLAN driver and NL80211_CMD_FT_EVENT to send FT events from the
WLAN driver. This will carry the target AP's MAC address along
cfg80211: Extend support for IEEE 802.11r Fast BSS Transition
Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the
WLAN driver and NL80211_CMD_FT_EVENT to send FT events from the
WLAN driver. This will carry the target AP's MAC address along
with the relevant Information Elements. This event is used to
report received FT IEs (MDIE, FTIE, RSN IE, TIE, RICIE). These
changes allow FT to be supported with drivers that use an internal
SME instead of user space option (like FT implementation in
wpa_supplicant with mac80211-based drivers).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 355199e02b831fd4f652c34d6c7673d973da1369
Git-repo: http://git.kernel.org/cgit/linux/kernel/git/linville/
wireless-testing.git/
Change-Id: I03e750494a2735a393f1ec57f3d66e3575265c8a
CRs-fixed: 434525
[deepthi@codeaurora.org: backport to 3.4-This commit includes the
changes from following commits to compile for msm-3.4.
5314526b1743e8e8614293db7d86e480b4fe9824 : cfg80211: add channel
switch notify event
98104fdeda63d57631c9f89e90a7b83b58fcee40 : cfg80211: add P2P
Device abstraction
f4e583c8935c6f52f9385ee7cfbea8f65c66a737 : nl/cfg80211: add the
NL80211_CMD_SET_MCAST_RATE command
ed44a951c72ab409f932b1c15914488308e86da2 : cfg80211/nl80211: Notify
connection request failure in AP mode
77765eaf5cfb6b8dd98ec8b54b411d74ff6095f1 : cfg80211/nl80211: add
API for MAC address ACLs.
04f39047af2a6df64b763ea5a271db24879d0391 : nl80211/cfg80211: add
radar detection command/event.
3713b4e364effef4b170c97d54528b1cdb16aa6b : nl80211: allow splitting
wiphy information in dumps.
ee2aca343c9aa64d277a75a5df043299dc84cfd9 : cfg80211: add ability
to override VHT capabilities.
355199e02b831fd4f652c34d6c7673d973da1369 : cfg80211: Extend
support for IEEE 802.11r Fast BSS Transition.]
Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
There's no reason TDLS should be prevented on P2P client
interfaces, and most of the code already handles it, so
allow adding stations for it.
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 93d08f0b785dd3878a3b84a9013a15e57e6b4344
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git
[jjohnson@codeaurora.org: resolved 3.4 backport issues]
Change-Id: I75b5ebd4254c60d4e01aaf54f741468bc6f8d3f1
CRs-fixed: 458139
Signed-off-by: Jeff Johnson <jjohnson@codeaurora.org>