linux-toradex.git/net/can, branch v2.6.32.2 Linux kernel for Apalis and Colibri modules can: should not use __dev_get_by_index() without locks 2009-11-08T08:33:43+00:00 Eric Dumazet eric.dumazet@gmail.com 2009-11-06T00:23:01+00:00 6755aebaaf9fc5416acfd4578ab7a1e122ecbc74 bcm_proc_getifname() is called with RTNL and dev_base_lock not held. It calls __dev_get_by_index() without locks, and this is illegal (might crash) Close the race by holding dev_base_lock and copying dev->name in the protected section. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
bcm_proc_getifname() is called with RTNL and dev_base_lock
not held. It calls __dev_get_by_index() without locks, and
this is illegal (might crash)

Close the race by holding dev_base_lock and copying dev->name
in the protected section.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net: Make setsockopt() optlen be unsigned. 2009-09-30T23:12:20+00:00 David S. Miller davem@davemloft.net 2009-09-30T23:12:20+00:00 b7058842c940ad2c08dd829b21e5c92ebe3b8758 This provides safety against negative optlen at the type level instead of depending upon (sometimes non-trivial) checks against this sprinkled all over the the place, in each and every implementation. Based upon work done by Arjan van de Ven and feedback from Linus Torvalds. Signed-off-by: David S. Miller <davem@davemloft.net> 
This provides safety against negative optlen at the type
level instead of depending upon (sometimes non-trivial)
checks against this sprinkled all over the the place, in
each and every implementation.

Based upon work done by Arjan van de Ven and feedback
from Linus Torvalds.

Signed-off-by: David S. Miller <davem@davemloft.net>
can: fix NOHZ local_softirq_pending 08 warning 2009-09-15T08:31:34+00:00 Oliver Hartkopp oliver@hartkopp.net 2009-09-15T08:31:34+00:00 481a8199142c050b72bff8a1956a49fd0a75bbe0 When using nanosleep() in an userspace application we get a ratelimit warning NOHZ: local_softirq_pending 08 for 10 times. The echo of CAN frames is done from process context and softirq context only. Therefore the usage of netif_rx() was wrong (for years). This patch replaces netif_rx() with netif_rx_ni() which has to be used from process/softirq context. It also adds a missing comment that can_send() must no be used from hardirq context. Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net> Signed-off-by: Urs Thuermann <urs@isnogud.escape.de> Signed-off-by: David S. Miller <davem@davemloft.net> 
When using nanosleep() in an userspace application we get a ratelimit warning

NOHZ: local_softirq_pending 08

for 10 times.

The echo of CAN frames is done from process context and softirq context only.
Therefore the usage of netif_rx() was wrong (for years).

This patch replaces netif_rx() with netif_rx_ni() which has to be used from
process/softirq context. It also adds a missing comment that can_send() must
no be used from hardirq context.

Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: Urs Thuermann <urs@isnogud.escape.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
can: use correct NET_RX_ return values 2009-08-31T05:13:18+00:00 Oliver Hartkopp oliver@hartkopp.net 2009-08-29T06:45:09+00:00 6ca8b990e07914a87fd1f6dfc5507f5e1c4572e2 Dropped skb's should be documented by an appropriate return value. Use the correct NET_RX_DROP and NET_RX_SUCCESS values for that reason. Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Dropped skb's should be documented by an appropriate return value.
Use the correct NET_RX_DROP and NET_RX_SUCCESS values for that reason.

Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
can: switch to seq_file 2009-08-29T07:19:38+00:00 Alexey Dobriyan adobriyan@gmail.com 2009-08-28T09:57:21+00:00 ea00b8e2223170a842bee06e0f27754ccdf2a217 create_proc_read_entry() is going to be removed soon. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
create_proc_read_entry() is going to be removed soon.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
can: Use WARN_ONCE() instead of BUG_ON() for sanity check in receive path 2009-08-14T23:36:57+00:00 Oliver Hartkopp oliver@hartkopp.net 2009-08-13T22:54:25+00:00 1758c0947605211ef953cc91d6bbdf847a21b822 To ensure a proper handling of CAN frames transported in skbuffs some checks need to be performed at receive time. As stated by Michael Olbrich and Luotao Fu BUG_ON() might be to restrictive. This is right as we can just drop the non conform skbuff and the Kernel can continue working. This patch replaces the BUG_ON() with a WARN_ONCE() so that the system remains healthy but we made the problem visible (once). Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net> Signed-off-by: Urs Thuermann <urs@isnogud.escape.de> CC: Michael Olbrich <m.olbrich@pengutronix.de> CC: Luotao Fu <l.fu@pengutronix.de> Signed-off-by: David S. Miller <davem@davemloft.net> 
To ensure a proper handling of CAN frames transported in skbuffs some checks
need to be performed at receive time.

As stated by Michael Olbrich and Luotao Fu BUG_ON() might be to restrictive.
This is right as we can just drop the non conform skbuff and the Kernel can
continue working.

This patch replaces the BUG_ON() with a WARN_ONCE() so that the system remains
healthy but we made the problem visible (once).

Signed-off-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: Urs Thuermann <urs@isnogud.escape.de>
CC: Michael Olbrich <m.olbrich@pengutronix.de>
CC: Luotao Fu <l.fu@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
can: Fix raw_getname() leak 2009-08-10T04:45:32+00:00 Eric Dumazet eric.dumazet@gmail.com 2009-08-06T20:27:04+00:00 e84b90ae5eb3c112d1f208964df1d8156a538289 raw_getname() can leak 10 bytes of kernel memory to user (two bytes hole between can_family and can_ifindex, 8 bytes at the end of sockaddr_can structure) Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Oliver Hartkopp <oliver@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
raw_getname() can leak 10 bytes of kernel memory to user

(two bytes hole between can_family and can_ifindex,
8 bytes at the end of sockaddr_can structure)

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/can: add module alias to can protocol drivers 2009-07-15T18:20:38+00:00 Lothar Waßmann LW@KARO-electronics.de 2009-07-14T23:12:25+00:00 b13bb2e9933b9dfa25c81d959d847c843481111e Add appropriate MODULE_ALIAS() to facilitate autoloading of can protocol drivers Signed-off-by: Lothar Wassmann <LW@KARO-electronics.de> Acked-by: Oliver Hartkopp <oliver@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Add appropriate MODULE_ALIAS() to facilitate autoloading of can protocol drivers

Signed-off-by: Lothar Wassmann <LW@KARO-electronics.de>
Acked-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/can bugfix: use after free bug in can protocol drivers 2009-07-15T18:20:37+00:00 Lothar Waßmann LW@KARO-electronics.de 2009-07-14T23:10:21+00:00 f7e5cc0c40dff92bad2894153f675c6c542ba2f0 Fix a use after free bug in can protocol drivers The release functions of the can protocol drivers lack a call to sock_orphan() which leads to referencing freed memory under certain circumstances. This patch fixes a bug reported here: https://lists.berlios.de/pipermail/socketcan-users/2009-July/000985.html Signed-off-by: Lothar Wassmann <LW@KARO-electronics.de> Acked-by: Oliver Hartkopp <oliver@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Fix a use after free bug in can protocol drivers

The release functions of the can protocol drivers lack a call to
sock_orphan() which leads to referencing freed memory under certain
circumstances.

This patch fixes a bug reported here:
https://lists.berlios.de/pipermail/socketcan-users/2009-July/000985.html

Signed-off-by: Lothar Wassmann <LW@KARO-electronics.de>
Acked-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
can: af_can.c use rcu_barrier() on module unload. 2009-06-10T08:11:24+00:00 Jesper Dangaard Brouer hawk@comx.dk 2009-06-08T03:11:38+00:00 382bfeec48e43c416af9b271b9b70d2f61ef32d2 This module uses rcu_call() thus it should use rcu_barrier() on module unload. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Acked-by: Oliver Hartkopp <oliver@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
This module uses rcu_call() thus it should use rcu_barrier()
on module unload.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Acked-by: Oliver Hartkopp <oliver@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>