[PATCH ipsec-next] xfrm: use a dedicated slab cache for struct xfrm_state

. Signed-off-by: Mathias Krause --- net/xfrm/xfrm_state.c |9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index f9d2f2233f09..73db0ea8692a 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -42,6 +42,7

Re: [PATCH] net: ipv6: xfrm6_state: remove VLA usage

On 9 March 2018 at 13:21, Andreas Christoforou wrote: > The kernel would like to have all stack VLA usage removed[1]. > > Signed-off-by: Andreas Christoforou > --- > net/ipv6/xfrm6_state.c | 8 +++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/net/ipv6/xfrm6_state.c b/ne

Re: [PATCH net 0/4] xfrm_user info leaks

On 26 August 2017 at 17:58, Joe Perches wrote: > On Sat, 2017-08-26 at 17:08 +0200, Mathias Krause wrote: >> Hi David, Steffen, >> >> the following series fixes a few info leaks due to missing padding byte >> initialization in the xfrm_user netlink interface. > >

[PATCH net 3/4] xfrm_user: fix info leak in build_expire()

care of clearing the padding bytes within the 'state' member. Signed-off-by: Mathias Krause --- net/xfrm/xfrm_user.c |2 ++ 1 file changed, 2 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index c33516ef52f2..2cbdc81610c6 100644 --- a/net/xfrm/xfrm_user.c

[PATCH net 2/4] xfrm_user: fix info leak in xfrm_notify_sa()

Y for delete notification") Signed-off-by: Mathias Krause --- net/xfrm/xfrm_user.c |1 + 1 file changed, 1 insertion(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 3259555ae7d7..c33516ef52f2 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -2715,6 +2715,7

[PATCH net 1/4] xfrm_user: fix info leak in copy_user_offload()

dware offloading API") Signed-off-by: Mathias Krause --- net/xfrm/xfrm_user.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 2be4c6af008a..3259555ae7d7 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -79

[PATCH net 4/4] xfrm_user: fix info leak in build_aevent()

ned-off-by: Mathias Krause --- net/xfrm/xfrm_user.c |1 + 1 file changed, 1 insertion(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 2cbdc81610c6..9391ced05259 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1869,6 +1869,7 @@ static int build_aevent(stru

[PATCH net 0/4] xfrm_user info leaks

Hi David, Steffen, the following series fixes a few info leaks due to missing padding byte initialization in the xfrm_user netlink interface. Please apply! Mathias Krause (4): xfrm_user: fix info leak in copy_user_offload() xfrm_user: fix info leak in xfrm_notify_sa() xfrm_user: fix info

[PATCH net] rtnl: stats - add missing netlink message size checks

dump...") Signed-off-by: Mathias Krause Cc: Roopa Prabhu --- net/core/rtnetlink.c |6 ++ 1 file changed, 6 insertions(+) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 18b5aae99bec..75e3ea7bda08 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -3898

[PATCH] rtnl: reset calcit fptr in rtnl_unregister()

Fixes: c7ac8679bec9 ("rtnetlink: Compute and store minimum ifinfo...") Cc: Jeff Kirsher Cc: Greg Rose Signed-off-by: Mathias Krause --- net/core/rtnetlink.c |1 + 1 file changed, 1 insertion(+) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 189cc78c77eb..d4c601604bf7 100644

[PATCH] xfrm_user: propagate sec ctx allocation errors

netlink: Inline attach_encap_tmpl(), attach_sec_ctx(), and attach_one_addr()"). Fix it by propagating the error returned by security_xfrm_state_alloc() in this case. Fixes: fd21150a0fe1 ("[XFRM] netlink: Inline attach_encap_tmpl()...") Signed-off-by: Mathias Krause Cc: Thomas G

[PATCH net] packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface

st info via diag module") Signed-off-by: Mathias Krause Cc: Eric W. Biederman Cc: Pavel Emelyanov --- The bug itself precedes commit eea68e2f1a00 but the list wasn't exposed to userland before the introduction of the packet_diag interface. Therefore the "Fixes:" line on that c

Re: [PATCH v2 1/3] unix: fix use-after-free in unix_dgram_poll()

t; + remove_wait_queue(&unix_sk(other)->peer_wait, > &u->wait); > unix_state_unlock(sk); > > unix_dgram_disconnected(sk, other); > @@ -2441,7 +2472,6 @@ static unsigned int unix_dgram_poll(struct fil

Re: List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket

On 30 September 2015 at 15:25, Rainer Weikusat wrote: > Mathias Krause writes: >> On 30 September 2015 at 12:56, Rainer Weikusat >> wrote: >>> In case you want some information on this: This is a kernel warning I >>> could trigger (more than once) on th

Re: List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket

On 30 September 2015 at 12:56, Rainer Weikusat wrote: > Mathias Krause writes: >> On 29 September 2015 at 21:09, Jason Baron wrote: >>> However, if we call connect on socket 's', to connect to a new socket 'o2', >>> we >>> drop the refe

Re: List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket

On 29 September 2015 at 21:09, Jason Baron wrote: > However, if we call connect on socket 's', to connect to a new socket 'o2', we > drop the reference on the original socket 'o'. Thus, we can now close socket > 'o' without unregistering from epoll. Then, when we either close the ep > or unregiste

Re: List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket

On 14 September 2015 at 04:39, Eric Wong wrote: > +cc Jason Baron since he might be able to provide more insight into > epoll. > > Mathias Krause wrote: >> Hi, >> >> this is an attempt to resurrect the thread initially started here: >> >> http://t

Re: List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket

On Tue, Sep 15, 2015 at 06:07:05PM +0100, Rainer Weikusat wrote: > --- a/net/unix/af_unix.c > +++ b/net/unix/af_unix.c > -2233,10 +2233,14 static unsigned int > unix_dgram_poll(struct file *file, struct socket *sock, > writable = unix_writable(sk); > other = unix_peer_get(sk)

List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket

Hi, this is an attempt to resurrect the thread initially started here: http://thread.gmane.org/gmane.linux.network/353003 As that patch fixed the issue for the mentioned reproducer, it did not fix the bug for the production code Olivier is using. :( Changing the reproducer only slightly allow

[PATCH] xfrm6: Fix ICMPv6 and MH header checks in _decode_session6

From: Mathias Krause Ensure there's enough data left prior calling pskb_may_pull(). If skb->data was already advanced, we'll call pskb_may_pull() with a negative value converted to unsigned int -- leading to a huge positive value. That won't matter in practice as pskb_may_pull(

[PATCHv2 net-next] net: #ifdefify sk_classid member of struct sock

The sk_classid member is only required when CONFIG_CGROUP_NET_CLASSID is enabled. #ifdefify it to reduce the size of struct sock on 32 bit systems, at least. Signed-off-by: Mathias Krause --- v2: - ensure we'll error out in nft_meta_get_init() if CONFIG_CGROUP_NET_CLASSID is not set in

Re: [PATCH net-next] net: #ifdefify sk_classid member of struct sock

On 19 July 2015 at 20:42, David Miller wrote: > From: Mathias Krause > Date: Sun, 19 Jul 2015 20:17:41 +0200 > >> The sk_classid member is only required when CONFIG_CGROUP_NET_CLASSID is >> enabled. #ifdefify it to reduce the size of struct sock on 32 bit >> systems,

[PATCH net-next] net: #ifdefify sk_classid member of struct sock

The sk_classid member is only required when CONFIG_CGROUP_NET_CLASSID is enabled. #ifdefify it to reduce the size of struct sock on 32 bit systems, at least. Signed-off-by: Mathias Krause --- include/net/sock.h |2 ++ net/netfilter/nft_meta.c |2 ++ 2 files changed, 4 insertions