summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-11-09 09:31:34 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2017-11-09 09:31:34 -0800
commitd1041cdc60bc122aac09f822aad1ff6c5cb84406 (patch)
treee537e5c0812f100a22512809fde0a2c0e73f5a22 /include
parent87df26175e67c26ccdd3a002fbbb8cde78e28a19 (diff)
parent6a17280247458ac2c302200e2d6ae36656f75bc6 (diff)
downloadlwn-d1041cdc60bc122aac09f822aad1ff6c5cb84406.tar.gz
lwn-d1041cdc60bc122aac09f822aad1ff6c5cb84406.zip
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller: 1) Fix use-after-free in IPSEC input parsing, desintation address pointer was loaded before pskb_may_pull() which can change the SKB data pointers. From Florian Westphal. 2) Stack out-of-bounds read in xfrm_state_find(), from Steffen Klassert. 3) IPVS state of SKB is not properly reset when moving between namespaces, from Ye Yin. 4) Fix crash in asix driver suspend and resume, from Andrey Konovalov. 5) Don't deliver ipv6 l2tp tunnel packets to ipv4 l2tp tunnels, and vice versa, from Guillaume Nault. 6) Fix DSACK undo on non-dup ACKs, from Priyaranjan Jha. 7) Fix regression in bond_xmit_hash()'s behavior after the TCP port selection changes back in 4.2, from Hangbin Liu. 8) Two divide by zero bugs in USB networking drivers when parsing descriptors, from Bjorn Mork. 9) Fix bonding slaves being stuck in BOND_LINK_FAIL state, from Jay Vosburgh. 10) Missing skb_reset_mac_header() in qmi_wwan, from Kristian Evensen. 11) Fix the destruction of tc action object races properly, from Cong Wang. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (31 commits) cls_u32: use tcf_exts_get_net() before call_rcu() cls_tcindex: use tcf_exts_get_net() before call_rcu() cls_rsvp: use tcf_exts_get_net() before call_rcu() cls_route: use tcf_exts_get_net() before call_rcu() cls_matchall: use tcf_exts_get_net() before call_rcu() cls_fw: use tcf_exts_get_net() before call_rcu() cls_flower: use tcf_exts_get_net() before call_rcu() cls_flow: use tcf_exts_get_net() before call_rcu() cls_cgroup: use tcf_exts_get_net() before call_rcu() cls_bpf: use tcf_exts_get_net() before call_rcu() cls_basic: use tcf_exts_get_net() before call_rcu() net_sched: introduce tcf_exts_get_net() and tcf_exts_put_net() Revert "net_sched: hold netns refcnt for each action" net: usb: asix: fill null-ptr-deref in asix_suspend Revert "net: usb: asix: fill null-ptr-deref in asix_suspend" qmi_wwan: Add missing skb_reset_mac_header-call bonding: fix slave stuck in BOND_LINK_FAIL state qrtr: Move to postcore_initcall net: qmi_wwan: fix divide by 0 on bad descriptors net: cdc_ether: fix divide by 0 on bad descriptors ...
Diffstat (limited to 'include')
-rw-r--r--include/linux/skbuff.h7
-rw-r--r--include/net/act_api.h4
-rw-r--r--include/net/pkt_cls.h24
3 files changed, 32 insertions, 3 deletions
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 72299ef00061..d448a4804aea 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -3770,6 +3770,13 @@ static inline void nf_reset_trace(struct sk_buff *skb)
#endif
}
+static inline void ipvs_reset(struct sk_buff *skb)
+{
+#if IS_ENABLED(CONFIG_IP_VS)
+ skb->ipvs_property = 0;
+#endif
+}
+
/* Note: This doesn't put any conntrack and bridge info in dst. */
static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src,
bool copy)
diff --git a/include/net/act_api.h b/include/net/act_api.h
index 1e6df0eb058f..a10a3b1813f3 100644
--- a/include/net/act_api.h
+++ b/include/net/act_api.h
@@ -14,7 +14,6 @@
struct tcf_idrinfo {
spinlock_t lock;
struct idr action_idr;
- struct net *net;
};
struct tc_action_ops;
@@ -106,7 +105,7 @@ struct tc_action_net {
static inline
int tc_action_net_init(struct tc_action_net *tn,
- const struct tc_action_ops *ops, struct net *net)
+ const struct tc_action_ops *ops)
{
int err = 0;
@@ -114,7 +113,6 @@ int tc_action_net_init(struct tc_action_net *tn,
if (!tn->idrinfo)
return -ENOMEM;
tn->ops = ops;
- tn->idrinfo->net = net;
spin_lock_init(&tn->idrinfo->lock);
idr_init(&tn->idrinfo->action_idr);
return err;
diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h
index 70ca2437740e..8826747ef83e 100644
--- a/include/net/pkt_cls.h
+++ b/include/net/pkt_cls.h
@@ -94,6 +94,7 @@ struct tcf_exts {
__u32 type; /* for backward compat(TCA_OLD_COMPAT) */
int nr_actions;
struct tc_action **actions;
+ struct net *net;
#endif
/* Map to export classifier specific extension TLV types to the
* generic extensions API. Unsupported extensions must be set to 0.
@@ -107,6 +108,7 @@ static inline int tcf_exts_init(struct tcf_exts *exts, int action, int police)
#ifdef CONFIG_NET_CLS_ACT
exts->type = 0;
exts->nr_actions = 0;
+ exts->net = NULL;
exts->actions = kcalloc(TCA_ACT_MAX_PRIO, sizeof(struct tc_action *),
GFP_KERNEL);
if (!exts->actions)
@@ -117,6 +119,28 @@ static inline int tcf_exts_init(struct tcf_exts *exts, int action, int police)
return 0;
}
+/* Return false if the netns is being destroyed in cleanup_net(). Callers
+ * need to do cleanup synchronously in this case, otherwise may race with
+ * tc_action_net_exit(). Return true for other cases.
+ */
+static inline bool tcf_exts_get_net(struct tcf_exts *exts)
+{
+#ifdef CONFIG_NET_CLS_ACT
+ exts->net = maybe_get_net(exts->net);
+ return exts->net != NULL;
+#else
+ return true;
+#endif
+}
+
+static inline void tcf_exts_put_net(struct tcf_exts *exts)
+{
+#ifdef CONFIG_NET_CLS_ACT
+ if (exts->net)
+ put_net(exts->net);
+#endif
+}
+
static inline void tcf_exts_to_list(const struct tcf_exts *exts,
struct list_head *actions)
{