aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/can/bcm.c4
-rw-r--r--net/can/raw.c4
-rw-r--r--net/core/sock.c22
-rw-r--r--net/ipv4/tcp_ipv4.c3
-rw-r--r--net/ipv4/tcp_output.c2
-rw-r--r--net/ipv6/tcp_ipv6.c3
-rw-r--r--net/netfilter/nf_conntrack_core.c21
-rw-r--r--net/netfilter/xt_osf.c5
8 files changed, 53 insertions, 11 deletions
diff --git a/net/can/bcm.c b/net/can/bcm.c
index 95d7f32643ae..72720c710351 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -75,6 +75,7 @@ static __initdata const char banner[] = KERN_INFO
75MODULE_DESCRIPTION("PF_CAN broadcast manager protocol"); 75MODULE_DESCRIPTION("PF_CAN broadcast manager protocol");
76MODULE_LICENSE("Dual BSD/GPL"); 76MODULE_LICENSE("Dual BSD/GPL");
77MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>"); 77MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>");
78MODULE_ALIAS("can-proto-2");
78 79
79/* easy access to can_frame payload */ 80/* easy access to can_frame payload */
80static inline u64 GET_U64(const struct can_frame *cp) 81static inline u64 GET_U64(const struct can_frame *cp)
@@ -1469,6 +1470,9 @@ static int bcm_release(struct socket *sock)
1469 bo->ifindex = 0; 1470 bo->ifindex = 0;
1470 } 1471 }
1471 1472
1473 sock_orphan(sk);
1474 sock->sk = NULL;
1475
1472 release_sock(sk); 1476 release_sock(sk);
1473 sock_put(sk); 1477 sock_put(sk);
1474 1478
diff --git a/net/can/raw.c b/net/can/raw.c
index 6aa154e806ae..f4cc44548bda 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -62,6 +62,7 @@ static __initdata const char banner[] =
62MODULE_DESCRIPTION("PF_CAN raw protocol"); 62MODULE_DESCRIPTION("PF_CAN raw protocol");
63MODULE_LICENSE("Dual BSD/GPL"); 63MODULE_LICENSE("Dual BSD/GPL");
64MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>"); 64MODULE_AUTHOR("Urs Thuermann <urs.thuermann@volkswagen.de>");
65MODULE_ALIAS("can-proto-1");
65 66
66#define MASK_ALL 0 67#define MASK_ALL 0
67 68
@@ -306,6 +307,9 @@ static int raw_release(struct socket *sock)
306 ro->bound = 0; 307 ro->bound = 0;
307 ro->count = 0; 308 ro->count = 0;
308 309
310 sock_orphan(sk);
311 sock->sk = NULL;
312
309 release_sock(sk); 313 release_sock(sk);
310 sock_put(sk); 314 sock_put(sk);
311 315
diff --git a/net/core/sock.c b/net/core/sock.c
index ba5d2116aea1..bbb25be7ddfe 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -631,7 +631,7 @@ set_rcvbuf:
631 631
632 case SO_TIMESTAMPING: 632 case SO_TIMESTAMPING:
633 if (val & ~SOF_TIMESTAMPING_MASK) { 633 if (val & ~SOF_TIMESTAMPING_MASK) {
634 ret = EINVAL; 634 ret = -EINVAL;
635 break; 635 break;
636 } 636 }
637 sock_valbool_flag(sk, SOCK_TIMESTAMPING_TX_HARDWARE, 637 sock_valbool_flag(sk, SOCK_TIMESTAMPING_TX_HARDWARE,
@@ -919,13 +919,19 @@ static inline void sock_lock_init(struct sock *sk)
919 af_family_keys + sk->sk_family); 919 af_family_keys + sk->sk_family);
920} 920}
921 921
922/*
923 * Copy all fields from osk to nsk but nsk->sk_refcnt must not change yet,
924 * even temporarly, because of RCU lookups. sk_node should also be left as is.
925 */
922static void sock_copy(struct sock *nsk, const struct sock *osk) 926static void sock_copy(struct sock *nsk, const struct sock *osk)
923{ 927{
924#ifdef CONFIG_SECURITY_NETWORK 928#ifdef CONFIG_SECURITY_NETWORK
925 void *sptr = nsk->sk_security; 929 void *sptr = nsk->sk_security;
926#endif 930#endif
927 931 BUILD_BUG_ON(offsetof(struct sock, sk_copy_start) !=
928 memcpy(nsk, osk, osk->sk_prot->obj_size); 932 sizeof(osk->sk_node) + sizeof(osk->sk_refcnt));
933 memcpy(&nsk->sk_copy_start, &osk->sk_copy_start,
934 osk->sk_prot->obj_size - offsetof(struct sock, sk_copy_start));
929#ifdef CONFIG_SECURITY_NETWORK 935#ifdef CONFIG_SECURITY_NETWORK
930 nsk->sk_security = sptr; 936 nsk->sk_security = sptr;
931 security_sk_clone(osk, nsk); 937 security_sk_clone(osk, nsk);
@@ -1140,6 +1146,11 @@ struct sock *sk_clone(const struct sock *sk, const gfp_t priority)
1140 1146
1141 newsk->sk_err = 0; 1147 newsk->sk_err = 0;
1142 newsk->sk_priority = 0; 1148 newsk->sk_priority = 0;
1149 /*
1150 * Before updating sk_refcnt, we must commit prior changes to memory
1151 * (Documentation/RCU/rculist_nulls.txt for details)
1152 */
1153 smp_wmb();
1143 atomic_set(&newsk->sk_refcnt, 2); 1154 atomic_set(&newsk->sk_refcnt, 2);
1144 1155
1145 /* 1156 /*
@@ -1855,6 +1866,11 @@ void sock_init_data(struct socket *sock, struct sock *sk)
1855 1866
1856 sk->sk_stamp = ktime_set(-1L, 0); 1867 sk->sk_stamp = ktime_set(-1L, 0);
1857 1868
1869 /*
1870 * Before updating sk_refcnt, we must commit prior changes to memory
1871 * (Documentation/RCU/rculist_nulls.txt for details)
1872 */
1873 smp_wmb();
1858 atomic_set(&sk->sk_refcnt, 1); 1874 atomic_set(&sk->sk_refcnt, 1);
1859 atomic_set(&sk->sk_wmem_alloc, 1); 1875 atomic_set(&sk->sk_wmem_alloc, 1);
1860 atomic_set(&sk->sk_drops, 0); 1876 atomic_set(&sk->sk_drops, 0);
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 5a1ca2698c88..6d88219c5e22 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1160,6 +1160,7 @@ struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1160#ifdef CONFIG_TCP_MD5SIG 1160#ifdef CONFIG_TCP_MD5SIG
1161static struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = { 1161static struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1162 .md5_lookup = tcp_v4_reqsk_md5_lookup, 1162 .md5_lookup = tcp_v4_reqsk_md5_lookup,
1163 .calc_md5_hash = tcp_v4_md5_hash_skb,
1163}; 1164};
1164#endif 1165#endif
1165 1166
@@ -1373,7 +1374,7 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1373 */ 1374 */
1374 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1375 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1375 if (newkey != NULL) 1376 if (newkey != NULL)
1376 tcp_v4_md5_do_add(newsk, inet_sk(sk)->daddr, 1377 tcp_v4_md5_do_add(newsk, newinet->daddr,
1377 newkey, key->keylen); 1378 newkey, key->keylen);
1378 newsk->sk_route_caps &= ~NETIF_F_GSO_MASK; 1379 newsk->sk_route_caps &= ~NETIF_F_GSO_MASK;
1379 } 1380 }
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 5bdf08d312d9..bd62712848fa 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2261,7 +2261,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
2261#ifdef CONFIG_TCP_MD5SIG 2261#ifdef CONFIG_TCP_MD5SIG
2262 /* Okay, we have all we need - do the md5 hash if needed */ 2262 /* Okay, we have all we need - do the md5 hash if needed */
2263 if (md5) { 2263 if (md5) {
2264 tp->af_specific->calc_md5_hash(md5_hash_location, 2264 tcp_rsk(req)->af_specific->calc_md5_hash(md5_hash_location,
2265 md5, NULL, req, skb); 2265 md5, NULL, req, skb);
2266 } 2266 }
2267#endif 2267#endif
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 58810c65b635..d849dd53b788 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -896,6 +896,7 @@ struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
896#ifdef CONFIG_TCP_MD5SIG 896#ifdef CONFIG_TCP_MD5SIG
897static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = { 897static struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
898 .md5_lookup = tcp_v6_reqsk_md5_lookup, 898 .md5_lookup = tcp_v6_reqsk_md5_lookup,
899 .calc_md5_hash = tcp_v6_md5_hash_skb,
899}; 900};
900#endif 901#endif
901 902
@@ -1441,7 +1442,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1441 */ 1442 */
1442 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); 1443 char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC);
1443 if (newkey != NULL) 1444 if (newkey != NULL)
1444 tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr, 1445 tcp_v6_md5_do_add(newsk, &newnp->daddr,
1445 newkey, key->keylen); 1446 newkey, key->keylen);
1446 } 1447 }
1447#endif 1448#endif
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 7508f11c5b39..b5869b9574b0 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -561,23 +561,38 @@ struct nf_conn *nf_conntrack_alloc(struct net *net,
561 } 561 }
562 } 562 }
563 563
564 ct = kmem_cache_zalloc(nf_conntrack_cachep, gfp); 564 /*
565 * Do not use kmem_cache_zalloc(), as this cache uses
566 * SLAB_DESTROY_BY_RCU.
567 */
568 ct = kmem_cache_alloc(nf_conntrack_cachep, gfp);
565 if (ct == NULL) { 569 if (ct == NULL) {
566 pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n"); 570 pr_debug("nf_conntrack_alloc: Can't alloc conntrack.\n");
567 atomic_dec(&net->ct.count); 571 atomic_dec(&net->ct.count);
568 return ERR_PTR(-ENOMEM); 572 return ERR_PTR(-ENOMEM);
569 } 573 }
570 574 /*
575 * Let ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode.next
576 * and ct->tuplehash[IP_CT_DIR_REPLY].hnnode.next unchanged.
577 */
578 memset(&ct->tuplehash[IP_CT_DIR_MAX], 0,
579 sizeof(*ct) - offsetof(struct nf_conn, tuplehash[IP_CT_DIR_MAX]));
571 spin_lock_init(&ct->lock); 580 spin_lock_init(&ct->lock);
572 atomic_set(&ct->ct_general.use, 1);
573 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig; 581 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig;
582 ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode.pprev = NULL;
574 ct->tuplehash[IP_CT_DIR_REPLY].tuple = *repl; 583 ct->tuplehash[IP_CT_DIR_REPLY].tuple = *repl;
584 ct->tuplehash[IP_CT_DIR_REPLY].hnnode.pprev = NULL;
575 /* Don't set timer yet: wait for confirmation */ 585 /* Don't set timer yet: wait for confirmation */
576 setup_timer(&ct->timeout, death_by_timeout, (unsigned long)ct); 586 setup_timer(&ct->timeout, death_by_timeout, (unsigned long)ct);
577#ifdef CONFIG_NET_NS 587#ifdef CONFIG_NET_NS
578 ct->ct_net = net; 588 ct->ct_net = net;
579#endif 589#endif
580 590
591 /*
592 * changes to lookup keys must be done before setting refcnt to 1
593 */
594 smp_wmb();
595 atomic_set(&ct->ct_general.use, 1);
581 return ct; 596 return ct;
582} 597}
583EXPORT_SYMBOL_GPL(nf_conntrack_alloc); 598EXPORT_SYMBOL_GPL(nf_conntrack_alloc);
diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c
index 863e40977a4d..0f482e2440b4 100644
--- a/net/netfilter/xt_osf.c
+++ b/net/netfilter/xt_osf.c
@@ -330,7 +330,8 @@ static bool xt_osf_match_packet(const struct sk_buff *skb,
330 fcount++; 330 fcount++;
331 331
332 if (info->flags & XT_OSF_LOG) 332 if (info->flags & XT_OSF_LOG)
333 nf_log_packet(p->hooknum, 0, skb, p->in, p->out, NULL, 333 nf_log_packet(p->family, p->hooknum, skb,
334 p->in, p->out, NULL,
334 "%s [%s:%s] : %pi4:%d -> %pi4:%d hops=%d\n", 335 "%s [%s:%s] : %pi4:%d -> %pi4:%d hops=%d\n",
335 f->genre, f->version, f->subtype, 336 f->genre, f->version, f->subtype,
336 &ip->saddr, ntohs(tcp->source), 337 &ip->saddr, ntohs(tcp->source),
@@ -345,7 +346,7 @@ static bool xt_osf_match_packet(const struct sk_buff *skb,
345 rcu_read_unlock(); 346 rcu_read_unlock();
346 347
347 if (!fcount && (info->flags & XT_OSF_LOG)) 348 if (!fcount && (info->flags & XT_OSF_LOG))
348 nf_log_packet(p->hooknum, 0, skb, p->in, p->out, NULL, 349 nf_log_packet(p->family, p->hooknum, skb, p->in, p->out, NULL,
349 "Remote OS is not known: %pi4:%u -> %pi4:%u\n", 350 "Remote OS is not known: %pi4:%u -> %pi4:%u\n",
350 &ip->saddr, ntohs(tcp->source), 351 &ip->saddr, ntohs(tcp->source),
351 &ip->daddr, ntohs(tcp->dest)); 352 &ip->daddr, ntohs(tcp->dest));