summaryrefslogtreecommitdiff
path: root/drivers/net/pppol2tp.c
AgeCommit message (Collapse)Author
2010-03-16l2tp: Fix UDP socket reference count bugs in the pppol2tp driverJames Chapman
This patch fixes UDP socket refcnt bugs in the pppol2tp driver. A bug can cause a kernel stack trace when a tunnel socket is closed. A way to reproduce the issue is to prepare the UDP socket for L2TP (by opening a tunnel pppol2tp socket) and then close it before any L2TP sessions are added to it. The sequence is Create UDP socket Create tunnel pppol2tp socket to prepare UDP socket for L2TP pppol2tp_connect: session_id=0, peer_session_id=0 L2TP SCCRP control frame received (tunnel_id==0) pppol2tp_recv_core: sock_hold() pppol2tp_recv_core: sock_put L2TP ZLB control frame received (tunnel_id=nnn) pppol2tp_recv_core: sock_hold() pppol2tp_recv_core: sock_put Close tunnel management socket pppol2tp_release: session_id=0, peer_session_id=0 Close UDP socket udp_lib_close: BUG The addition of sock_hold() in pppol2tp_connect() solves the problem. For data frames, two sock_put() calls were added to plug a refcnt leak per received data frame. The ref that is grabbed at the top of pppol2tp_recv_core() must always be released, but this wasn't done for accepted data frames or data frames discarded because of bad UDP checksums. This leak meant that any UDP socket that had passed L2TP data traffic (i.e. L2TP data frames, not just L2TP control frames) using pppol2tp would not be released by the kernel. WARNING: at include/net/sock.h:435 udp_lib_unhash+0x117/0x120() Pid: 1086, comm: openl2tpd Not tainted 2.6.33-rc1 #8 Call Trace: [<c119e9b7>] ? udp_lib_unhash+0x117/0x120 [<c101b871>] ? warn_slowpath_common+0x71/0xd0 [<c119e9b7>] ? udp_lib_unhash+0x117/0x120 [<c101b8e3>] ? warn_slowpath_null+0x13/0x20 [<c119e9b7>] ? udp_lib_unhash+0x117/0x120 [<c11598a7>] ? sk_common_release+0x17/0x90 [<c11a5e33>] ? inet_release+0x33/0x60 [<c11577b0>] ? sock_release+0x10/0x60 [<c115780f>] ? sock_close+0xf/0x30 [<c106e542>] ? __fput+0x52/0x150 [<c106b68e>] ? filp_close+0x3e/0x70 [<c101d2e2>] ? put_files_struct+0x62/0xb0 [<c101eaf7>] ? do_exit+0x5e7/0x650 [<c1081623>] ? mntput_no_expire+0x13/0x70 [<c106b68e>] ? filp_close+0x3e/0x70 [<c101eb8a>] ? do_group_exit+0x2a/0x70 [<c101ebe1>] ? sys_exit_group+0x11/0x20 [<c10029b0>] ? sysenter_do_call+0x12/0x26 Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-03-16l2tp: Fix oops in pppol2tp_xmitJames Chapman
When transmitting L2TP frames, we derive the outgoing interface's UDP checksum hardware assist capabilities from the tunnel dst dev. This can sometimes be NULL, especially when routing protocols are used and routing changes occur. This patch just checks for NULL dst or dev pointers when checking for netdev hardware assist features. BUG: unable to handle kernel NULL pointer dereference at 0000000c IP: [<f89d074c>] pppol2tp_xmit+0x341/0x4da [pppol2tp] *pde = 00000000 Oops: 0000 [#1] SMP last sysfs file: /sys/class/net/lo/operstate Modules linked in: pppol2tp pppox ppp_generic slhc ipv6 dummy loop snd_hda_codec_atihdmi snd_hda_intel snd_hda_codec snd_pcm snd_timer snd soundcore snd_page_alloc evdev psmouse serio_raw processor button i2c_piix4 i2c_core ati_agp agpgart pcspkr ext3 jbd mbcache sd_mod ide_pci_generic atiixp ide_core ahci ata_generic floppy ehci_hcd ohci_hcd libata e1000e scsi_mod usbcore nls_base thermal fan thermal_sys [last unloaded: scsi_wait_scan] Pid: 0, comm: swapper Not tainted (2.6.32.8 #1) EIP: 0060:[<f89d074c>] EFLAGS: 00010297 CPU: 3 EIP is at pppol2tp_xmit+0x341/0x4da [pppol2tp] EAX: 00000000 EBX: f64d1680 ECX: 000005b9 EDX: 00000000 ESI: f6b91850 EDI: f64d16ac EBP: f6a0c4c0 ESP: f70a9cac DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 Process swapper (pid: 0, ti=f70a8000 task=f70a31c0 task.ti=f70a8000) Stack: 000005a9 000005b9 f734c400 f66652c0 f7352e00 f67dc800 00000000 f6b91800 <0> 000005a3 f70ef6c4 f67dcda9 000005a3 f89b192e 00000246 000005a3 f64d1680 <0> f63633e0 f6363320 f64d1680 f65a7320 f65a7364 f65856c0 f64d1680 f679f02f Call Trace: [<f89b192e>] ? ppp_push+0x459/0x50e [ppp_generic] [<f89b217f>] ? ppp_xmit_process+0x3b6/0x430 [ppp_generic] [<f89b2306>] ? ppp_start_xmit+0x10d/0x120 [ppp_generic] [<c11c15cb>] ? dev_hard_start_xmit+0x21f/0x2b2 [<c11d0947>] ? sch_direct_xmit+0x48/0x10e [<c11c19a0>] ? dev_queue_xmit+0x263/0x3a6 [<c11e2a9f>] ? ip_finish_output+0x1f7/0x221 [<c11df682>] ? ip_forward_finish+0x2e/0x30 [<c11de645>] ? ip_rcv_finish+0x295/0x2a9 [<c11c0b19>] ? netif_receive_skb+0x3e9/0x404 [<f814b791>] ? e1000_clean_rx_irq+0x253/0x2fc [e1000e] [<f814cb7a>] ? e1000_clean+0x63/0x1fc [e1000e] [<c1047eff>] ? sched_clock_local+0x15/0x11b [<c11c1095>] ? net_rx_action+0x96/0x195 [<c1035750>] ? __do_softirq+0xaa/0x151 [<c1035828>] ? do_softirq+0x31/0x3c [<c10358fe>] ? irq_exit+0x26/0x58 [<c1004b21>] ? do_IRQ+0x78/0x89 [<c1003729>] ? common_interrupt+0x29/0x30 [<c101ac28>] ? native_safe_halt+0x2/0x3 [<c1008c54>] ? default_idle+0x55/0x75 [<c1009045>] ? c1e_idle+0xd2/0xd5 [<c100233c>] ? cpu_idle+0x46/0x62 Code: 8d 45 08 f0 ff 45 08 89 6b 08 c7 43 68 7e fb 9c f8 8a 45 24 83 e0 0c 3c 04 75 09 80 63 64 f3 e9 b4 00 00 00 8b 43 18 8b 4c 24 04 <8b> 40 0c 8d 79 11 f6 40 44 0e 8a 43 64 75 51 6a 00 8b 4c 24 08 EIP: [<f89d074c>] pppol2tp_xmit+0x341/0x4da [pppol2tp] SS:ESP 0068:f70a9cac CR2: 000000000000000c Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-12-01net: Simplify pppol2tp pernet operations.Eric W. Biederman
Take advantage of the new pernet automatic storage management, and stop using compatibility network namespace functions. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-18drivers/net/pppol2tp.c: remove exceptional & on function nameJulia Lawall
In this file, function names are otherwise used as pointers without &. A simplified version of the semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // <smpl> @r@ identifier f; @@ f(...) { ... } @@ identifier r.f; @@ - &f + f // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-18netns: net_identifiers should be read_mostlyEric Dumazet
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-10-18inet: rename some inet_sock fieldsEric Dumazet
In order to have better cache layouts of struct sock (separate zones for rx/tx paths), we need this preliminary patch. Goal is to transfert fields used at lookup time in the first read-mostly cache line (inside struct sock_common) and move sk_refcnt to a separate cache line (only written by rx path) This patch adds inet_ prefix to daddr, rcv_saddr, dport, num, saddr, sport and id fields. This allows a future patch to define these fields as macros, like sk_refcnt, without name clashes. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-09-30net: Make setsockopt() optlen be unsigned.David S. Miller
This provides safety against negative optlen at the type level instead of depending upon (sometimes non-trivial) checks against this sprinkled all over the the place, in each and every implementation. Based upon work done by Arjan van de Ven and feedback from Linus Torvalds. Signed-off-by: David S. Miller <davem@davemloft.net>
2009-09-14net: constify remaining proto_opsAlexey Dobriyan
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-08-02pppol2tp: calls unregister_pernet_gen_device() at unload timeEric Dumazet
Failure to call unregister_pernet_gen_device() can exhaust memory if module is loaded/unloaded many times. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-06-03net: skb->dst accessorsEric Dumazet
Define three accessors to get/set dst attached to a skb struct dst_entry *skb_dst(const struct sk_buff *skb) void skb_dst_set(struct sk_buff *skb, struct dst_entry *dst) void skb_dst_drop(struct sk_buff *skb) This one should replace occurrences of : dst_release(skb->dst) skb->dst = NULL; Delete skb->dst field Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-04-13drivers/net: replace BUG() with BUG_ON() if possibleAlexander Beregalov
Signed-off-by: Alexander Beregalov <a.beregalov@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-17drivers/net/ppp*.c: fix sparse warnings: fix signednessHannes Eder
Fix this sparse warnings: drivers/net/ppp_generic.c:919:43: warning: incorrect type in argument 1 (different signedness) drivers/net/pppoe.c:1195:43: warning: incorrect type in argument 1 (different signedness) drivers/net/pppol2tp.c:2666:43: warning: incorrect type in argument 1 (different signedness) Signed-off-by: Hannes Eder <hannes@hanneseder.net> Acked-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-09ppp: section fixes re netnsAlexey Dobriyan
PPP is modular code so no initdata on netns hooks. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-26pppol2tp: stop using proc internalsAlexey Dobriyan
PDE_NET usage in driver code is a sign and, indeed, switching to seq_open_net/seq_release_net saves code and fixes bogus things, like user triggerabble BUG_ON(!net) after maybe_get_net, and NULLifying ->private. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-21net: pppoe,pppol2tp - register channels with explicit netCyrill Gorcunov
In PPPo[E|L2TP] we could explicitly point which net namespace we're going to use for channels - make it so. Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-21net: pppol2tp - introduce net-namespace functionalityCyrill Gorcunov
- Each tunnel and appropriate lock are inside own namespace now. - pppox code allows to create per-namespace sockets for both PX_PROTO_OE and PX_PROTO_OL2TP protocols. Actually since now pppox_create support net-namespaces new PPPo... protocols (if they ever will be) should support net-namespace too otherwise explicit check for &init_net would be needed. Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-21net: constify VFTsJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-12-16l2tp: fix UDP checksum supportJames Chapman
The pppol2tp driver has had broken UDP checksum code for a long time. This patch fixes it. If UDP checksums are enabled in the tunnel's UDP socket, the L2TP driver now properly validates the checksum on receive and fills in the checksum on transmit. If the network device has hardware checksum support and is enabled, it is used instead of generating/checking the checksum in software. Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-11-28pppol2tp: Add missing sock_put() in pppol2tp_release()Frédéric Moulins
pppol2tp_sock_to_session() do sock_hold() if the session to release is not NULL. Signed-off-by: Frédéric Moulins <frederic.moulins@alsatis.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-09-21net: Remove __skb_insert() calls outside of skbuff internals.David S. Miller
This minor cleanup simplifies later changes which will convert struct sk_buff and friends over to using struct list_head. Signed-off-by: David S. Miller <davem@davemloft.net>
2008-08-14[netdrvr] remove unnecessary #includeHuang Weiyi
The drivers below do not use LINUX_VERSION_CODE nor KERNEL_VERSION. drivers/net/acenic.c drivers/net/bnx2x_link.c drivers/net/bnx2x_main.c drivers/net/cpmac.c drivers/net/gianfar_sysfs.c drivers/net/ipg.h drivers/net/ppp_mppe.c drivers/net/pppol2tp.c drivers/net/r6040.c drivers/net/sh_eth.c drivers/net/sky2.c drivers/net/tehuti.h drivers/net/typhoon.c This patch removes the said #include <linux/version.h>. Signed-off-by: Huang Weiyi <hwy@cn.fujitsu.com> Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
2008-06-10l2tp: Fix potential memory corruption in pppol2tp_recvmsg()James Chapman
This patch fixes a potential memory corruption in pppol2tp_recvmsg(). If skb->len is bigger than the caller's buffer length, memcpy_toiovec() will go into unintialized data on the kernel heap, interpret it as an iovec and start modifying memory. The fix is to change the memcpy_toiovec() call to skb_copy_datagram_iovec() so that paged packets (rare for PPPOL2TP) are handled properly. Also check that the caller's buffer is big enough for the data and set the MSG_TRUNC flag if it is not so. Reported-by: Ilja <ilja@netric.org> Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04l2tp: Fix possible oops if transmitting or receiving when tunnel goes downJames Chapman
Some problems have been experienced in the field which cause an oops in the pppol2tp driver if L2TP tunnels fail while passing data. The pppol2tp driver uses private data that is referenced via the sk->sk_user_data of its UDP and PPPoL2TP sockets. This patch makes sure that the driver uses sock_hold() when it holds a reference to the sk pointer. This affects its sendmsg(), recvmsg(), getname(), [gs]etsockopt() and ioctl() handlers. Tested by ISP where problem was seen. System has been up 10 days with no oops since running this patch. Without the patch, an oops would occur every 1-2 days. Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-06-04lt2p: Fix possible WARN_ON from socket code when UDP socket is closedJames Chapman
If an L2TP daemon closes a tunnel socket while packets are queued in the tunnel's reorder queue, a kernel warning is logged because the socket is closed while skbs are still referencing it. The fix is to purge the queue in the socket's release handler. WARNING: at include/net/sock.h:351 udp_lib_unhash+0x41/0x68() Pid: 12998, comm: openl2tpd Not tainted 2.6.25 #8 [<c0423c58>] warn_on_slowpath+0x41/0x51 [<c05d33a7>] udp_lib_unhash+0x41/0x68 [<c059424d>] sk_common_release+0x23/0x90 [<c05d16be>] udp_lib_close+0x8/0xa [<c05d8684>] inet_release+0x42/0x48 [<c0592599>] sock_release+0x14/0x60 [<c059299f>] sock_close+0x29/0x30 [<c046ef52>] __fput+0xad/0x15b [<c046f1d9>] fput+0x17/0x19 [<c046c8c4>] filp_close+0x50/0x5a [<c046da06>] sys_close+0x69/0x9f [<c04048ce>] syscall_call+0x7/0xb Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-19l2tp: avoid skb truesize bug if headroom is increasedJames Chapman
A user reported seeing occasional bugs such as the following when using the L2TP driver. SKB BUG: Invalid truesize (272) len=72, sizeof(sk_buff)=208 When L2TP adds its header in the transmit path, it might need to increase the headroom of the skb. In some cases, the increased headroom trips a kernel bug when the skb is freed because the skb has grown beyond its truesize value. The fix is to increase the truesize by the amount of headroom added, after orphaning the skb. While here, fix a misleading comment. Thanks to Iouri Kharon <bc-info@styx.cabel.net> for the initial report and testing the fix. Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-05-12pppol2tp: Remove null pointer dereference.Julia Lawall
If session is NULL, it is not possible to access its name field. So I have split apart the printing of the error message to drop the printing of the name field in this case. The macro PRINTK actually only evaluates its arguments starting with the third one if the bitwise conjunction of the first two is non-zero. Normally, this conjunction would only be non-zero if debugging mode were turned on, but when session is NULL, the first argument in both the old and new code is -1, and thus the bitwise conjunction is true. Perhaps a different strategy is desired, such as using tunnel->debug, which session->debug is initialized to, but tunnel can also be NULL, so this does not completely solve the problem. This problem was found using the following semantic match (http://www.emn.fr/x-info/coccinelle/) // <smpl> @@ expression E, E1; identifier f; statement S1,S2,S3; @@ * if (E == NULL) { ... when != if (E == NULL) S1 else S2 when != E = E1 * E->f ... when any return ...; } else S3 // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-04-29netdev: use non-racy method for proc entries creationDenis V. Lunev
Use proc_create()/proc_create_data() to make sure that ->proc_fops and ->data be setup before gluing PDE to main tree. Signed-off-by: Denis V. Lunev <den@openvz.org> Cc: Jeff Garzik <jgarzik@pobox.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-03-05[PPPOL2TP]: Fix SMP issues in skb reorder queue handlingJames Chapman
When walking a session's packet reorder queue, use skb_queue_walk_safe() since the list could be modified inside the loop. Rearrange the unlinking skbs from the reorder queue such that it is done while the queue lock is held in pppol2tp_recv_dequeue() when walking the skb list. A version of this patch was suggested by Jarek Poplawski. Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-05[PPPOL2TP]: Make locking calls softirq-safeJames Chapman
Fix locking issues in the pppol2tp driver which can cause a kernel crash on SMP boxes. There were two problems:- 1. The driver was violating read_lock() and write_lock() scheduling rules because it wasn't using softirq-safe locks in softirq contexts. So we now consistently use the _bh variants of the lock functions. 2. The driver was calling sk_dst_get() in pppol2tp_xmit() which was taking sk_dst_lock in softirq context. We now call __sk_dst_get(). Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-03[PPPOL2TP]: Add missing sock_put() in pppol2tp_tunnel_closeall()Jarek Poplawski
Every skb removed from session->reorder_q needs sock_put(). Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Acked-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-03Subject: [PPPOL2TP] add missing sock_put() in pppol2tp_recv_dequeue()Jarek Poplawski
Every skb removed from session->reorder_q needs sock_put(). Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Acked-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-09pppol2tp: fix printk warningsAndrew Morton
drivers/net/pppol2tp.c: In function `pppol2tp_seq_tunnel_show': drivers/net/pppol2tp.c:2295: warning: long long unsigned int format, __u64 arg (arg 4) drivers/net/pppol2tp.c:2295: warning: long long unsigned int format, __u64 arg (arg 5) drivers/net/pppol2tp.c:2295: warning: long long unsigned int format, __u64 arg (arg 6) drivers/net/pppol2tp.c:2295: warning: long long unsigned int format, __u64 arg (arg 7) drivers/net/pppol2tp.c:2295: warning: long long unsigned int format, __u64 arg (arg 8) drivers/net/pppol2tp.c:2295: warning: long long unsigned int format, __u64 arg (arg 9) drivers/net/pppol2tp.c: In function `pppol2tp_seq_session_show': drivers/net/pppol2tp.c:2328: warning: long long unsigned int format, __u64 arg (arg 5) drivers/net/pppol2tp.c:2328: warning: long long unsigned int format, __u64 arg (arg 6) drivers/net/pppol2tp.c:2328: warning: long long unsigned int format, __u64 arg (arg 7) drivers/net/pppol2tp.c:2328: warning: long long unsigned int format, __u64 arg (arg 8) drivers/net/pppol2tp.c:2328: warning: long long unsigned int format, __u64 arg (arg 9) drivers/net/pppol2tp.c:2328: warning: long long unsigned int format, __u64 arg (arg 10) Not all platforms implement u64 with unsigned long long. eg: powerpc. Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-05[PPPOL2TP]: Label unused warning when CONFIG_PROC_FS is not set.Rami Rosen
When CONFIG_PROC_FS is not set and CONFIG_PPPOL2TP is set, we have the following warning in build: drivers/net/pppol2tp.c: In function 'pppol2tp_init': drivers/net/pppol2tp.c:2472: warning: label 'out_unregister_pppox_proto' defined but not used This patches fixes this warning by adding appropriate #ifdef. Signed-off-by: Rami Rosen <ramirose@gmail.com> Acked-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-28drivers/net: Add missing "space"Joe Perches
Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
2007-11-07[PPP]: L2TP: Fix oops in transmit and receive pathsJames Chapman
Changes made on 18-sep to fix skb handling in the pppol2tp driver broke the transmit and receive paths. Users are only running into this now because distros are now using 2.6.23 and I must have messed up when I tested the change. For receive, we now do our own calculation of how much to pull from the skb (variable length L2TP header) rather than using skb_transport_offset(). Also, if the skb isn't a data packet, it must be passed back to UDP with skb->data pointing to the UDP header. For transmit, make sure skb->sk is set up because ip_queue_xmit() needs it. Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-11-01[NET]: Forget the zero_it argument of sk_alloc()Pavel Emelyanov
Finally, the zero_it argument can be completely removed from the callers and from the function prototype. Besides, fix the checkpatch.pl warnings about using the assignments inside if-s. This patch is rather big, and it is a part of the previous one. I splitted it wishing to make the patches more readable. Hope this particular split helped. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10[NET]: Make socket creation namespace safe.Eric W. Biederman
This patch passes in the namespace a new socket should be created in and has the socket code do the appropriate reference counting. By virtue of this all socket create methods are touched. In addition the socket create methods are modified so that they will fail if you attempt to create a socket in a non-default network namespace. Failing if we attempt to create a socket outside of the default network namespace ensures that as we incrementally make the network stack network namespace aware we will not export functionality that someone has not audited and made certain is network namespace safe. Allowing us to partially enable network namespaces before all of the exotic protocols are supported. Any protocol layers I have missed will fail to compile because I now pass an extra parameter into the socket creation code. [ Integrated AF_IUCV build fixes from Andrew Morton... -DaveM ] Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10[NET]: Make /proc/net per network namespaceEric W. Biederman
This patch makes /proc/net per network namespace. It modifies the global variables proc_net and proc_net_stat to be per network namespace. The proc_net file helpers are modified to take a network namespace argument, and all of their callers are fixed to pass &init_net for that argument. This ensures that all of the /proc/net files are only visible and usable in the initial network namespace until the code behind them has been updated to be handle multiple network namespaces. Making /proc/net per namespace is necessary as at least some files in /proc/net depend upon the set of network devices which is per network namespace, and even more files in /proc/net have contents that are relevant to a single network namespace. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-20[PPP] L2TP: Fix skb handling in pppol2tp_xmitHerbert Xu
This patch makes pppol2tp_xmit call skb_cow_head so that we don't modify cloned skb data. It also gets rid of skb2 we only need to preserve the original skb for congestion notification, which is only applicable for ppp_async and ppp_sync. The other semantic change made here is the removal of socket accounting for data tranmitted out of pppol2tp_xmit. The original code leaked any existing socket skb accounting. We could fix this by dropping the original skb owner. However, this is undesirable as the packet has not physically left the host yet. In fact, all other tunnels in the kernel do not account skb's passing through to their own socket. In partciular, ESP over UDP does not do so and it is the closest tunnel type to PPPoL2TP. So this patch simply removes the socket accounting in pppol2tp_xmit. The accounting still applies to control packets of course. I've also added a reminder that the outgoing checksum here doesn't work. I suppose existing deployments don't actually enable checksums. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-20[PPP] L2TP: Fix skb handling in pppol2tp_recv_coreHerbert Xu
The function pppol2tp_recv_core doesn't handle non-linear packets properly. It also fails to check the remote offset field. This patch fixes these problems. It also removes an unnecessary check on the UDP header which has already been performed by the UDP layer. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-20[PPP] L2TP: Disallow non-UDP datagram socketsHerbert Xu
With the addition of UDP-Lite we need to refine the socket check so that only genuine UDP sockets are allowed through. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-26misannotation in pppol2tpAl Viro
Address of auto variable is not a userland pointer. A good thing, too, since if pppol2tp_tunnel_getsockopt() would _really_ get a userland pointer as argument, it would be an instant roothole... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-18[PPPOL2TP]: Reset meta-data in xmit functionPatrick McHardy
Reset netfilter data and IP CB, fix dst_entry leak. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-18[PPPOL2TP]: Fix use-after-freePatrick McHardy
Don't use skb->len after passing it to ip_queue_xmit. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-10[PPPOL2TP]: Use proper printf format specifier for size_t.David S. Miller
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-10[L2TP]: PPP over L2TP driver coreJames Chapman
This driver handles only L2TP data frames; control frames are handled by a userspace application. It implements L2TP using the PPPoX socket family. There is a PPPoX socket for each L2TP session in an L2TP tunnel. PPP data within each session is passed through the kernel's PPP subsystem via this driver. Kernel parameters of each socket can be read or modified using ioctl() or [gs]etsockopt() calls. Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>