linux-stable.git/drivers/net/pppox.c, branch linux-2.6.33.y Linux kernel stable tree net: pass kern to net_proto_family create function 2009-11-06T06:18:14+00:00 Eric Paris eparis@redhat.com 2009-11-06T06:18:14+00:00 3f378b684453f2a028eda463ce383370545d9cc9 The generic __sock_create function has a kern argument which allows the security system to make decisions based on if a socket is being created by the kernel or by userspace. This patch passes that flag to the net_proto_family specific create function, so it can do the same thing. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
The generic __sock_create function has a kern argument which allows the
security system to make decisions based on if a socket is being created by
the kernel or by userspace.  This patch passes that flag to the
net_proto_family specific create function, so it can do the same thing.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net: mark net_proto_ops as const 2009-10-07T08:10:46+00:00 Stephen Hemminger shemminger@vyatta.com 2009-10-05T05:58:39+00:00 ec1b4cf74c81bfd0fbe5bf62bafc86c45917e72f All usages of structure net_proto_ops should be declared const. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
All usages of structure net_proto_ops should be declared const.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net: pppol2tp - introduce net-namespace functionality 2009-01-21T23:55:15+00:00 Cyrill Gorcunov gorcunov@gmail.com 2009-01-21T23:55:15+00:00 4e9fb8016a351b5b9da7fea32bcfdbc9d836e421 - Each tunnel and appropriate lock are inside own namespace now. - pppox code allows to create per-namespace sockets for both PX_PROTO_OE and PX_PROTO_OL2TP protocols. Actually since now pppox_create support net-namespaces new PPPo... protocols (if they ever will be) should support net-namespace too otherwise explicit check for &init_net would be needed. Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
- Each tunnel and appropriate lock are inside own namespace now.
- pppox code allows to create per-namespace sockets for
  both PX_PROTO_OE and PX_PROTO_OL2TP protocols. Actually since
  now pppox_create support net-namespaces new PPPo... protocols
  (if they ever will be) should support net-namespace too otherwise
  explicit check for &init_net would be needed.

Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net: pppoe - introduce net-namespace functionality 2009-01-21T23:54:54+00:00 Cyrill Gorcunov gorcunov@openvz.org 2009-01-21T23:54:54+00:00 a6bcf1c1d38e0672db35e0d9f2504ac04ddf3ed5 - each net-namespace for pppoe module is having own hash table and appropriate locks wich are allocated at time of namespace intialization. It requires about 140 bytes of memory for every new namespace but such approach allow us to escape from hash chains growing and additional lock contends (especially in SMP environment). - pppox code allows to create per-namespace sockets for PX_PROTO_OE protocol only (since at this moment support for pppol2tp net-namespace is not implemented yet). Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
- each net-namespace for pppoe module is having own
  hash table and appropriate locks wich are allocated
  at time of namespace intialization. It requires about
  140 bytes of memory for every new namespace but such
  approach allow us to escape from hash chains growing
  and additional lock contends (especially in SMP environment).

- pppox code allows to create per-namespace sockets for
  PX_PROTO_OE protocol only (since at this moment support
  for pppol2tp net-namespace is not implemented yet).

Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
remove CONFIG_KMOD from drivers 2008-10-16T15:38:35+00:00 Johannes Berg johannes@sipsolutions.net 2008-07-09T08:28:38+00:00 a65e5d782f9db2a61a914dc01a329e0c2dcf92a1 Straight forward conversions to CONFIG_MODULE; many drivers include <linux/kmod.h> conditionally and then don't have any other conditional code so remove it from those. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Cc: video4linux-list@redhat.com Cc: David Woodhouse <dwmw2@infradead.org> Cc: linux-ppp@vger.kernel.org Cc: dm-devel@redhat.com Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 
Straight forward conversions to CONFIG_MODULE; many drivers
include <linux/kmod.h> conditionally and then don't have any
other conditional code so remove it from those.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Cc: video4linux-list@redhat.com
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: linux-ppp@vger.kernel.org
Cc: dm-devel@redhat.com
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
[NET]: Make socket creation namespace safe. 2007-10-10T23:49:07+00:00 Eric W. Biederman ebiederm@xmission.com 2007-10-09T06:24:22+00:00 1b8d7ae42d02e483ad94035cca851e4f7fbecb40 This patch passes in the namespace a new socket should be created in and has the socket code do the appropriate reference counting. By virtue of this all socket create methods are touched. In addition the socket create methods are modified so that they will fail if you attempt to create a socket in a non-default network namespace. Failing if we attempt to create a socket outside of the default network namespace ensures that as we incrementally make the network stack network namespace aware we will not export functionality that someone has not audited and made certain is network namespace safe. Allowing us to partially enable network namespaces before all of the exotic protocols are supported. Any protocol layers I have missed will fail to compile because I now pass an extra parameter into the socket creation code. [ Integrated AF_IUCV build fixes from Andrew Morton... -DaveM ] Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch passes in the namespace a new socket should be created in
and has the socket code do the appropriate reference counting.  By
virtue of this all socket create methods are touched.  In addition
the socket create methods are modified so that they will fail if
you attempt to create a socket in a non-default network namespace.

Failing if we attempt to create a socket outside of the default
network namespace ensures that as we incrementally make the network stack
network namespace aware we will not export functionality that someone
has not audited and made certain is network namespace safe.
Allowing us to partially enable network namespaces before all of the
exotic protocols are supported.

Any protocol layers I have missed will fail to compile because I now
pass an extra parameter into the socket creation code.

[ Integrated AF_IUCV build fixes from Andrew Morton... -DaveM ]

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[PPPoX/E]: return ENOTTY on unknown ioctl requests 2007-07-31T09:28:22+00:00 Florian Zumbiehl florz@florz.de 2007-07-31T00:48:23+00:00 86c1dcfc96a778433ebc6e9b1d3e80a126cb80f2 here another patch for the PPPoX/E code that makes sure that ENOTTY is returned for unknown ioctl requests rather than 0 (and removes another unneeded initializer which I didn't bother creating a separate patch for). Signed-off-by: Florian Zumbiehl <florz@florz.de> Signed-off-by: David S. Miller <davem@davemloft.net> 
here another patch for the PPPoX/E code that makes sure that ENOTTY is
returned for unknown ioctl requests rather than 0 (and removes another
unneeded initializer which I didn't bother creating a separate patch for).

Signed-off-by: Florian Zumbiehl <florz@florz.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
[L2TP]: Add the ability to autoload a pppox protocol module. 2007-04-30T07:21:02+00:00 James Chapman jchapman@katalix.com 2007-04-30T07:21:02+00:00 65def812ab25d7565756e5748d91e22e302197ee This patch allows a name "pppox-proto-nnn" to be used in modprobe.conf to autoload a PPPoX protocol nnn. Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
This patch allows a name "pppox-proto-nnn" to be used in modprobe.conf
to autoload a PPPoX protocol nnn.

Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[PPPOE]: memory leak when socket is release()d before PPPIOCGCHAN has been called on it 2007-04-26T05:29:20+00:00 Florian Zumbiehl florz@florz.de 2007-04-20T23:58:14+00:00 202a03acf9994076055df40ae093a5c5474ad0bd below you find a patch that fixes a memory leak when a PPPoE socket is release()d after it has been connect()ed, but before the PPPIOCGCHAN ioctl ever has been called on it. This is somewhat of a security problem, too, since PPPoE sockets can be created by any user, so any user can easily allocate all the machine's RAM to non-swappable address space and thus DoS the system. Is there any specific reason for PPPoE sockets being available to any unprivileged process, BTW? After all, you need a packet socket for the discovery stage anyway, so it's unlikely that any unprivileged process will ever need to create a PPPoE socket, no? Allocating all session IDs for a known AC is a kind of DoS, too, after all - with Juniper ERXes, this is really easy, actually, since they don't ever assign session ids above 8000 ... Signed-off-by: Florian Zumbiehl <florz@florz.de> Acked-by: Michal Ostrowski <mostrows@earthlink.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
below you find a patch that fixes a memory leak when a PPPoE socket is
release()d after it has been connect()ed, but before the PPPIOCGCHAN ioctl
ever has been called on it.

This is somewhat of a security problem, too, since PPPoE sockets can be
created by any user, so any user can easily allocate all the machine's
RAM to non-swappable address space and thus DoS the system.

Is there any specific reason for PPPoE sockets being available to any
unprivileged process, BTW? After all, you need a packet socket for the
discovery stage anyway, so it's unlikely that any unprivileged process
will ever need to create a PPPoE socket, no? Allocating all session IDs
for a known AC is a kind of DoS, too, after all - with Juniper ERXes,
this is really easy, actually, since they don't ever assign session ids
above 8000 ...

Signed-off-by: Florian Zumbiehl <florz@florz.de>
Acked-by: Michal Ostrowski <mostrows@earthlink.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[PPPOX]: Fix assignment into const proto_ops. 2006-01-03T21:11:23+00:00 David S. Miller davem@sunset.davemloft.net 2005-12-28T04:57:40+00:00 17ba15fb6264f27374bc87f4c3f8519b80289d85 And actually, with this, the whole pppox layer can basically be removed and subsumed into pppoe.c, no other pppox sub-protocol implementation exists and we've had this thing for at least 4 years. Signed-off-by: David S. Miller <davem@davemloft.net> 
And actually, with this, the whole pppox layer can basically
be removed and subsumed into pppoe.c, no other pppox sub-protocol
implementation exists and we've had this thing for at least 4
years.

Signed-off-by: David S. Miller <davem@davemloft.net>