diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-02-08 14:21:54 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-02-08 14:21:54 -0500 |
| commit | 27b4ad621e887ce8e5eb508a0103f13d30f6b38a (patch) | |
| tree | e1fda67c6c119c2f6a00a22fe8ae9b7a2494e799 /net/socket.c | |
| parent | 680905431b9de8c7224b15b76b1826a1481cfeaf (diff) | |
| parent | 39841cc1cbb69344539c98a1fa9d858ed124c7ba (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
"This pull request is dedicated to the upcoming snowpocalypse parts 2
and 3 in the Pacific Northwest:
1) Drop profiles are broken because some drivers use dev_kfree_skb*
instead of dev_consume_skb*, from Yang Wei.
2) Fix IWLWIFI kconfig deps, from Luca Coelho.
3) Fix percpu maps updating in bpftool, from Paolo Abeni.
4) Missing station release in batman-adv, from Felix Fietkau.
5) Fix some networking compat ioctl bugs, from Johannes Berg.
6) ucc_geth must reset the BQL queue state when stopping the device,
from Mathias Thore.
7) Several XDP bug fixes in virtio_net from Toshiaki Makita.
8) TSO packets must be sent always on queue 0 in stmmac, from Jose
Abreu.
9) Fix socket refcounting bug in RDS, from Eric Dumazet.
10) Handle sparse cpu allocations in bpf selftests, from Martynas
Pumputis.
11) Make sure mgmt frames have enough tailroom in mac80211, from Felix
Feitkau.
12) Use safe list walking in sctp_sendmsg() asoc list traversal, from
Greg Kroah-Hartman.
13) Make DCCP's ccid_hc_[rt]x_parse_options always check for NULL
ccid, from Eric Dumazet.
14) Need to reload WoL password into bcmsysport device after deep
sleeps, from Florian Fainelli.
15) Remove filter from mask before freeing in cls_flower, from Petr
Machata.
16) Missing release and use after free in error paths of s390 qeth
code, from Julian Wiedmann.
17) Fix lockdep false positive in dsa code, from Marc Zyngier.
18) Fix counting of ATU violations in mv88e6xxx, from Andrew Lunn.
19) Fix EQ firmware assert in qed driver, from Manish Chopra.
20) Don't default Caivum PTP to Y in kconfig, from Bjorn Helgaas"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (116 commits)
net: dsa: b53: Fix for failure when irq is not defined in dt
sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
geneve: should not call rt6_lookup() when ipv6 was disabled
net: Don't default Cavium PTP driver to 'y'
net: broadcom: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
net: via-velocity: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
net: tehuti: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
net: sun: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
net: fsl_ucc_hdlc: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
net: fec_mpc52xx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
net: smsc: epic100: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
net: dscc4: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
net: tulip: de2104x: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
net: defxx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
net/mlx5e: Don't overwrite pedit action when multiple pedit used
net/mlx5e: Update hw flows when encap source mac changed
qed*: Advance drivers version to 8.37.0.20
qed: Change verbosity for coalescing message.
qede: Fix system crash on configuring channels.
qed: Consider TX tcs while deriving the max num_queues for PF.
...
Diffstat (limited to 'net/socket.c')
| -rw-r--r-- | net/socket.c | 82 |
1 files changed, 63 insertions, 19 deletions
diff --git a/net/socket.c b/net/socket.c index e89884e2197b..d80d87a395ea 100644 --- a/net/socket.c +++ b/net/socket.c | |||
| @@ -941,8 +941,7 @@ void dlci_ioctl_set(int (*hook) (unsigned int, void __user *)) | |||
| 941 | EXPORT_SYMBOL(dlci_ioctl_set); | 941 | EXPORT_SYMBOL(dlci_ioctl_set); |
| 942 | 942 | ||
| 943 | static long sock_do_ioctl(struct net *net, struct socket *sock, | 943 | static long sock_do_ioctl(struct net *net, struct socket *sock, |
| 944 | unsigned int cmd, unsigned long arg, | 944 | unsigned int cmd, unsigned long arg) |
| 945 | unsigned int ifreq_size) | ||
| 946 | { | 945 | { |
| 947 | int err; | 946 | int err; |
| 948 | void __user *argp = (void __user *)arg; | 947 | void __user *argp = (void __user *)arg; |
| @@ -968,11 +967,11 @@ static long sock_do_ioctl(struct net *net, struct socket *sock, | |||
| 968 | } else { | 967 | } else { |
| 969 | struct ifreq ifr; | 968 | struct ifreq ifr; |
| 970 | bool need_copyout; | 969 | bool need_copyout; |
| 971 | if (copy_from_user(&ifr, argp, ifreq_size)) | 970 | if (copy_from_user(&ifr, argp, sizeof(struct ifreq))) |
| 972 | return -EFAULT; | 971 | return -EFAULT; |
| 973 | err = dev_ioctl(net, cmd, &ifr, &need_copyout); | 972 | err = dev_ioctl(net, cmd, &ifr, &need_copyout); |
| 974 | if (!err && need_copyout) | 973 | if (!err && need_copyout) |
| 975 | if (copy_to_user(argp, &ifr, ifreq_size)) | 974 | if (copy_to_user(argp, &ifr, sizeof(struct ifreq))) |
| 976 | return -EFAULT; | 975 | return -EFAULT; |
| 977 | } | 976 | } |
| 978 | return err; | 977 | return err; |
| @@ -1071,8 +1070,7 @@ static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg) | |||
| 1071 | err = open_related_ns(&net->ns, get_net_ns); | 1070 | err = open_related_ns(&net->ns, get_net_ns); |
| 1072 | break; | 1071 | break; |
| 1073 | default: | 1072 | default: |
| 1074 | err = sock_do_ioctl(net, sock, cmd, arg, | 1073 | err = sock_do_ioctl(net, sock, cmd, arg); |
| 1075 | sizeof(struct ifreq)); | ||
| 1076 | break; | 1074 | break; |
| 1077 | } | 1075 | } |
| 1078 | return err; | 1076 | return err; |
| @@ -2780,8 +2778,7 @@ static int do_siocgstamp(struct net *net, struct socket *sock, | |||
| 2780 | int err; | 2778 | int err; |
| 2781 | 2779 | ||
| 2782 | set_fs(KERNEL_DS); | 2780 | set_fs(KERNEL_DS); |
| 2783 | err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv, | 2781 | err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv); |
| 2784 | sizeof(struct compat_ifreq)); | ||
| 2785 | set_fs(old_fs); | 2782 | set_fs(old_fs); |
| 2786 | if (!err) | 2783 | if (!err) |
| 2787 | err = compat_put_timeval(&ktv, up); | 2784 | err = compat_put_timeval(&ktv, up); |
| @@ -2797,8 +2794,7 @@ static int do_siocgstampns(struct net *net, struct socket *sock, | |||
| 2797 | int err; | 2794 | int err; |
| 2798 | 2795 | ||
| 2799 | set_fs(KERNEL_DS); | 2796 | set_fs(KERNEL_DS); |
| 2800 | err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts, | 2797 | err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts); |
| 2801 | sizeof(struct compat_ifreq)); | ||
| 2802 | set_fs(old_fs); | 2798 | set_fs(old_fs); |
| 2803 | if (!err) | 2799 | if (!err) |
| 2804 | err = compat_put_timespec(&kts, up); | 2800 | err = compat_put_timespec(&kts, up); |
| @@ -2994,6 +2990,54 @@ static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd, | |||
| 2994 | return dev_ioctl(net, cmd, &ifreq, NULL); | 2990 | return dev_ioctl(net, cmd, &ifreq, NULL); |
| 2995 | } | 2991 | } |
| 2996 | 2992 | ||
| 2993 | static int compat_ifreq_ioctl(struct net *net, struct socket *sock, | ||
| 2994 | unsigned int cmd, | ||
| 2995 | struct compat_ifreq __user *uifr32) | ||
| 2996 | { | ||
| 2997 | struct ifreq __user *uifr; | ||
| 2998 | int err; | ||
| 2999 | |||
| 3000 | /* Handle the fact that while struct ifreq has the same *layout* on | ||
| 3001 | * 32/64 for everything but ifreq::ifru_ifmap and ifreq::ifru_data, | ||
| 3002 | * which are handled elsewhere, it still has different *size* due to | ||
| 3003 | * ifreq::ifru_ifmap (which is 16 bytes on 32 bit, 24 bytes on 64-bit, | ||
| 3004 | * resulting in struct ifreq being 32 and 40 bytes respectively). | ||
| 3005 | * As a result, if the struct happens to be at the end of a page and | ||
| 3006 | * the next page isn't readable/writable, we get a fault. To prevent | ||
| 3007 | * that, copy back and forth to the full size. | ||
| 3008 | */ | ||
| 3009 | |||
| 3010 | uifr = compat_alloc_user_space(sizeof(*uifr)); | ||
| 3011 | if (copy_in_user(uifr, uifr32, sizeof(*uifr32))) | ||
| 3012 | return -EFAULT; | ||
| 3013 | |||
| 3014 | err = sock_do_ioctl(net, sock, cmd, (unsigned long)uifr); | ||
| 3015 | |||
| 3016 | if (!err) { | ||
| 3017 | switch (cmd) { | ||
| 3018 | case SIOCGIFFLAGS: | ||
| 3019 | case SIOCGIFMETRIC: | ||
| 3020 | case SIOCGIFMTU: | ||
| 3021 | case SIOCGIFMEM: | ||
| 3022 | case SIOCGIFHWADDR: | ||
| 3023 | case SIOCGIFINDEX: | ||
| 3024 | case SIOCGIFADDR: | ||
| 3025 | case SIOCGIFBRDADDR: | ||
| 3026 | case SIOCGIFDSTADDR: | ||
| 3027 | case SIOCGIFNETMASK: | ||
| 3028 | case SIOCGIFPFLAGS: | ||
| 3029 | case SIOCGIFTXQLEN: | ||
| 3030 | case SIOCGMIIPHY: | ||
| 3031 | case SIOCGMIIREG: | ||
| 3032 | case SIOCGIFNAME: | ||
| 3033 | if (copy_in_user(uifr32, uifr, sizeof(*uifr32))) | ||
| 3034 | err = -EFAULT; | ||
| 3035 | break; | ||
| 3036 | } | ||
| 3037 | } | ||
| 3038 | return err; | ||
| 3039 | } | ||
| 3040 | |||
| 2997 | static int compat_sioc_ifmap(struct net *net, unsigned int cmd, | 3041 | static int compat_sioc_ifmap(struct net *net, unsigned int cmd, |
| 2998 | struct compat_ifreq __user *uifr32) | 3042 | struct compat_ifreq __user *uifr32) |
| 2999 | { | 3043 | { |
| @@ -3109,8 +3153,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, | |||
| 3109 | } | 3153 | } |
| 3110 | 3154 | ||
| 3111 | set_fs(KERNEL_DS); | 3155 | set_fs(KERNEL_DS); |
| 3112 | ret = sock_do_ioctl(net, sock, cmd, (unsigned long) r, | 3156 | ret = sock_do_ioctl(net, sock, cmd, (unsigned long) r); |
| 3113 | sizeof(struct compat_ifreq)); | ||
| 3114 | set_fs(old_fs); | 3157 | set_fs(old_fs); |
| 3115 | 3158 | ||
| 3116 | out: | 3159 | out: |
| @@ -3210,21 +3253,22 @@ static int compat_sock_ioctl_trans(struct file *file, struct socket *sock, | |||
| 3210 | case SIOCSIFTXQLEN: | 3253 | case SIOCSIFTXQLEN: |
| 3211 | case SIOCBRADDIF: | 3254 | case SIOCBRADDIF: |
| 3212 | case SIOCBRDELIF: | 3255 | case SIOCBRDELIF: |
| 3256 | case SIOCGIFNAME: | ||
| 3213 | case SIOCSIFNAME: | 3257 | case SIOCSIFNAME: |
| 3214 | case SIOCGMIIPHY: | 3258 | case SIOCGMIIPHY: |
| 3215 | case SIOCGMIIREG: | 3259 | case SIOCGMIIREG: |
| 3216 | case SIOCSMIIREG: | 3260 | case SIOCSMIIREG: |
| 3217 | case SIOCSARP: | ||
| 3218 | case SIOCGARP: | ||
| 3219 | case SIOCDARP: | ||
| 3220 | case SIOCATMARK: | ||
| 3221 | case SIOCBONDENSLAVE: | 3261 | case SIOCBONDENSLAVE: |
| 3222 | case SIOCBONDRELEASE: | 3262 | case SIOCBONDRELEASE: |
| 3223 | case SIOCBONDSETHWADDR: | 3263 | case SIOCBONDSETHWADDR: |
| 3224 | case SIOCBONDCHANGEACTIVE: | 3264 | case SIOCBONDCHANGEACTIVE: |
| 3225 | case SIOCGIFNAME: | 3265 | return compat_ifreq_ioctl(net, sock, cmd, argp); |
| 3226 | return sock_do_ioctl(net, sock, cmd, arg, | 3266 | |
| 3227 | sizeof(struct compat_ifreq)); | 3267 | case SIOCSARP: |
| 3268 | case SIOCGARP: | ||
| 3269 | case SIOCDARP: | ||
| 3270 | case SIOCATMARK: | ||
| 3271 | return sock_do_ioctl(net, sock, cmd, arg); | ||
| 3228 | } | 3272 | } |
| 3229 | 3273 | ||
| 3230 | return -ENOIOCTLCMD; | 3274 | return -ENOIOCTLCMD; |