Fix uidrange based routing |
||||||||
Issue descriptionMake sure all Chrome OS kernels / user programs are using the same constants, and move to the latest (upstream) implementation if possible.
,
Mar 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/cd5205b95ba3619aaaf0764d2c77f4a32a5457c5 commit cd5205b95ba3619aaaf0764d2c77f4a32a5457c5 Author: Kevin Cernekee <cernekee@chromium.org> Date: Wed Mar 01 06:33:37 2017 Revert "CHROMIUM: net: ipv4: Fix uninitialized flowi4_uid fields" This reverts commit 773ec67588ae5977329bd4d59751528370cba4fc. BUG= chromium:686577 TEST=compile-tested only Change-Id: Ia5fd726d9635c7251086649801ac6f19941d4ec0 Signed-off-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/434069 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/cd5205b95ba3619aaaf0764d2c77f4a32a5457c5/net/ipv4/fib_frontend.c [modify] https://crrev.com/cd5205b95ba3619aaaf0764d2c77f4a32a5457c5/net/ipv4/route.c
,
Mar 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/a408877fb2e67563b6d4ca2b978a6ab83a573958 commit a408877fb2e67563b6d4ca2b978a6ab83a573958 Author: Kevin Cernekee <cernekee@chromium.org> Date: Wed Mar 01 06:33:38 2017 Revert "Handle 'sk' being NULL in UID-based routing." This reverts commit 44fcf31c209f9d915a86da79cd980d57a31e8838. BUG= chromium:686577 TEST=compile-tested only Change-Id: I8fffed5d0559535ad9eada0e783f0eb7b59244df Signed-off-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/434070 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/a408877fb2e67563b6d4ca2b978a6ab83a573958/net/ipv4/route.c [modify] https://crrev.com/a408877fb2e67563b6d4ca2b978a6ab83a573958/include/net/route.h
,
Mar 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/ae2a48cdf79d87df3b71aa137754066ba739b9c8 commit ae2a48cdf79d87df3b71aa137754066ba739b9c8 Author: Kevin Cernekee <cernekee@chromium.org> Date: Wed Mar 01 06:33:39 2017 Revert "net: core: Support UID-based routing." This reverts commit c834da0ddae0d90a3dc1e10ebf135558ae4a1204. BUG= chromium:686577 TEST=compile-tested only Change-Id: I11ab6e44a485f01883745ccce26b1e22871228ee Signed-off-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/434071 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/ping.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/include/net/ip.h [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/include/net/fib_rules.h [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/datagram.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv4/ip_output.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/raw.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/core/fib_rules.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/include/net/route.h [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/af_inet6.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/udp.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/include/net/flow.h [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/include/uapi/linux/rtnetlink.h [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv4/udp.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv4/ping.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv4/raw.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv4/fib_frontend.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/syncookies.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/ipcomp6.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/route.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/esp6.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv4/syncookies.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/include/net/ip6_route.h [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv4/inet_connection_sock.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv4/route.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/tcp_ipv6.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/ah6.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/include/uapi/linux/fib_rules.h [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/icmp.c [modify] https://crrev.com/ae2a48cdf79d87df3b71aa137754066ba739b9c8/net/ipv6/inet6_connection_sock.c
,
Mar 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/c92ac1820198e15a8c2178ec9ff1069aa3a12b0e commit c92ac1820198e15a8c2178ec9ff1069aa3a12b0e Author: Eric Dumazet <edumazet@google.com> Date: Wed Mar 01 06:33:40 2017 BACKPORT: tcp: fix more NULL deref after prequeue changes When I cooked commit c3658e8d0f1 ("tcp: fix possible NULL dereference in tcp_vX_send_reset()") I missed other spots we could deref a NULL skb_dst(skb) Again, if a socket is provided, we do not need skb_dst() to get a pointer to network namespace : sock_net(sk) is good enough. Reported-by: Dann Frazier <dann.frazier@canonical.com> Bisected-by: Dann Frazier <dann.frazier@canonical.com> Tested-by: Dann Frazier <dann.frazier@canonical.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Fixes: ca777eff51f7 ("tcp: remove dst refcount false sharing for prequeue mode") Signed-off-by: David S. Miller <davem@davemloft.net> (cherry-picked from commit 0f85feae6b710ced3abad5b2b47d31dfcb956b62) BUG= chromium:686577 TEST=compile-tested only Change-Id: Id4008e5c761c25ed10237dc9cc2c295362805a02 Reviewed-on: https://chromium-review.googlesource.com/434072 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/c92ac1820198e15a8c2178ec9ff1069aa3a12b0e/net/ipv6/tcp_ipv6.c [modify] https://crrev.com/c92ac1820198e15a8c2178ec9ff1069aa3a12b0e/net/ipv4/tcp_ipv4.c
,
Mar 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/26af7d144800e3e3b2fcdfd63d222fcf2942c0ec commit 26af7d144800e3e3b2fcdfd63d222fcf2942c0ec Author: Eric Dumazet <edumazet@google.com> Date: Wed Mar 01 06:33:41 2017 BACKPORT: net: add sk_fullsock() helper We have many places where we want to check if a socket is not a timewait or request socket. Use a helper to avoid hard coding this. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 1d0ab253872cdd3d8e7913f59c266c7fd01771d0) [cernekee: drop TCPF_NEW_SYN_RECV check, because it doesn't exist in 3.14. other places that use sk_fullsock() on master used to check for TCPF_TIME_WAIT only, in 3.14.] BUG= chromium:686577 TEST=compile-tested only Change-Id: I41fe26de220468121df8c4337fb8d1c2771a3f64 Reviewed-on: https://chromium-review.googlesource.com/434073 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/26af7d144800e3e3b2fcdfd63d222fcf2942c0ec/include/net/sock.h
,
Mar 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/7d2067c7f8708bf690f502630d25297cf318aa4c commit 7d2067c7f8708bf690f502630d25297cf318aa4c Author: Lorenzo Colitti <lorenzo@google.com> Date: Wed Mar 01 06:33:43 2017 BACKPORT: net: core: Add a UID field to struct sock. Protocol sockets (struct sock) don't have UIDs, but most of the time, they map 1:1 to userspace sockets (struct socket) which do. Various operations such as the iptables xt_owner match need access to the "UID of a socket", and do so by following the backpointer to the struct socket. This involves taking sk_callback_lock and doesn't work when there is no socket because userspace has already called close(). Simplify this by adding a sk_uid field to struct sock whose value matches the UID of the corresponding struct socket. The semantics are as follows: 1. Whenever sk_socket is non-null: sk_uid is the same as the UID in sk_socket, i.e., matches the return value of sock_i_uid. Specifically, the UID is set when userspace calls socket(), fchown(), or accept(). 2. When sk_socket is NULL, sk_uid is defined as follows: - For a socket that no longer has a sk_socket because userspace has called close(): the previous UID. - For a cloned socket (e.g., an incoming connection that is established but on which userspace has not yet called accept): the UID of the socket it was cloned from. - For a socket that has never had an sk_socket: UID 0 inside the user namespace corresponding to the network namespace the socket belongs to. Kernel sockets created by sock_create_kern are a special case of #1 and sk_uid is the user that created them. For kernel sockets created at network namespace creation time, such as the per-processor ICMP and TCP sockets, this is the user that created the network namespace. Bug: 16355602 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from Android commit 80e3440721f1669b57b7cf6a2985067866db54ef) BUG= chromium:686577 TEST=compile-tested only Change-Id: Idbc3e9a0cec91c4c6e01916b967b6237645ebe59 Reviewed-on: https://chromium-review.googlesource.com/434074 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/7d2067c7f8708bf690f502630d25297cf318aa4c/net/core/sock.c [modify] https://crrev.com/7d2067c7f8708bf690f502630d25297cf318aa4c/net/socket.c [modify] https://crrev.com/7d2067c7f8708bf690f502630d25297cf318aa4c/include/net/sock.h
,
Mar 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/05a71c1f84c13a658cef28403c97fc1059592087 commit 05a71c1f84c13a658cef28403c97fc1059592087 Author: Lorenzo Colitti <lorenzo@google.com> Date: Wed Mar 01 06:33:44 2017 BACKPORT: net: core: add UID to flows, rules, and routes - Define a new FIB rule attributes, FRA_UID_RANGE, to describe a range of UIDs. - Define a RTA_UID attribute for per-UID route lookups and dumps. - Support passing these attributes to and from userspace via rtnetlink. The value INVALID_UID indicates no UID was specified. - Add a UID field to the flow structures. Bug: 16355602 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from Android commit 18c36d7b7186c16d0cc79a6df63b10067c39a4b8) BUG= chromium:686577 TEST=compile-tested only Change-Id: Iea98e6fedd0fd4435a1f4efa3deb3629505619ab Reviewed-on: https://chromium-review.googlesource.com/434075 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/05a71c1f84c13a658cef28403c97fc1059592087/net/ipv4/fib_frontend.c [modify] https://crrev.com/05a71c1f84c13a658cef28403c97fc1059592087/net/core/fib_rules.c [modify] https://crrev.com/05a71c1f84c13a658cef28403c97fc1059592087/include/net/fib_rules.h [modify] https://crrev.com/05a71c1f84c13a658cef28403c97fc1059592087/include/uapi/linux/fib_rules.h [modify] https://crrev.com/05a71c1f84c13a658cef28403c97fc1059592087/include/net/flow.h [modify] https://crrev.com/05a71c1f84c13a658cef28403c97fc1059592087/net/ipv6/route.c [modify] https://crrev.com/05a71c1f84c13a658cef28403c97fc1059592087/include/uapi/linux/rtnetlink.h [modify] https://crrev.com/05a71c1f84c13a658cef28403c97fc1059592087/net/ipv4/route.c
,
Mar 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/83d27d960b371e7459dd829b3334dae84a9db5c4 commit 83d27d960b371e7459dd829b3334dae84a9db5c4 Author: Lorenzo Colitti <lorenzo@google.com> Date: Wed Mar 01 06:33:45 2017 BACKPORT: net: inet: Support UID-based routing in IP protocols. - Use the UID in routing lookups made by protocol connect() and sendmsg() functions. - Make sure that routing lookups triggered by incoming packets (e.g., Path MTU discovery) take the UID of the socket into account. - For packets not associated with a userspace socket, (e.g., ping replies) use UID 0 inside the user namespace corresponding to the network namespace the socket belongs to. This allows all namespaces to apply routing and iptables rules to kernel-originated traffic in that namespaces by matching UID 0. This is better than using the UID of the kernel socket that is sending the traffic, because the UID of kernel sockets created at namespace creation time (e.g., the per-processor ICMP and TCP sockets) is the UID of the user that created the socket, which might not be mapped in the namespace. Bug: 16355602 Tested: compiles allnoconfig, allyesconfig, allmodconfig Tested: https://android-review.googlesource.com/253302 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from Android commit 04c0eace816f2b2c33830ec7f5e882de674841ae) BUG= chromium:686577 TEST=compile-tested only Change-Id: I910504b508948057912bc188fd1e8aca28294de3 Reviewed-on: https://chromium-review.googlesource.com/434076 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/ping.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv4/icmp.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/include/net/ip.h [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv4/tcp_ipv4.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/netfilter.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/datagram.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv4/ip_output.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/raw.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/include/net/route.h [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/af_inet6.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/udp.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/include/net/flow.h [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv4/udp.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv4/ping.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/l2tp/l2tp_ip6.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/syncookies.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/ipcomp6.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/route.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/esp6.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv4/syncookies.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/include/net/ip6_route.h [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv4/inet_connection_sock.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv4/route.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/tcp_ipv6.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/ah6.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv4/raw.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/icmp.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/inet6_connection_sock.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/ip6_tunnel.c [modify] https://crrev.com/83d27d960b371e7459dd829b3334dae84a9db5c4/net/ipv6/ip6_gre.c
,
Mar 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/4df9926b570b8c030ac8e1b305e24b6d624c07e5 commit 4df9926b570b8c030ac8e1b305e24b6d624c07e5 Author: Lorenzo Colitti <lorenzo@google.com> Date: Wed Mar 01 06:33:46 2017 BACKPORT: net: ipv4: Don't crash if passing a null sk to ip_rt_update_pmtu. Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") made __build_flow_key call sock_net(sk) to determine the network namespace of the passed-in socket. This crashes if sk is NULL. Fix this by getting the network namespace from the skb instead. Bug: 16355602 Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") Reported-by: Erez Shitrit <erezsh@dev.mellanox.co.il> Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from Android commit b004e795047713c8335598ff078e84c10d23884e) BUG= chromium:686577 TEST=compile-tested only Change-Id: I27161b70f448bb95adce3994a97920d54987ce4e Reviewed-on: https://chromium-review.googlesource.com/434537 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/4df9926b570b8c030ac8e1b305e24b6d624c07e5/net/ipv4/route.c
,
Mar 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/e39a17165b9c37fb8f0cbb33642db68bb3a09459 commit e39a17165b9c37fb8f0cbb33642db68bb3a09459 Author: Lorenzo Colitti <lorenzo@google.com> Date: Thu Mar 02 02:42:21 2017 UPSTREAM: net: ipv4: Don't crash if passing a null sk to ip_do_redirect. Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") made ip_do_redirect call sock_net(sk) to determine the network namespace of the passed-in socket. This crashes if sk is NULL. Fix this by getting the network namespace from the skb instead. Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 7d99569460eae28b187d574aec930a4cf8b90441) BUG= chromium:686577 TEST=`run cts --package android.net.hostsidenetwork` Change-Id: I5d3461f87b29dd614e892879a915a59c18f7449d Reviewed-on: https://chromium-review.googlesource.com/434538 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/e39a17165b9c37fb8f0cbb33642db68bb3a09459/net/ipv4/route.c
,
Mar 29 2017
Is this done? I'd like to know if 3.14, 3.18, and 4.4 kernels have the feature.
,
Mar 29 2017
Currently only 3.14 is done. 3.18 and 4.4 are planned.
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/5a9762eaf5eccfa65f87e7ac92ec87ae59eed83b commit 5a9762eaf5eccfa65f87e7ac92ec87ae59eed83b Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:07 2017 UPSTREAM: tcp: ipv4: initialize unicast_sock sk_pacing_rate [ Upstream commit 811230cd853d62f09ed0addd0ce9a1b9b0e13fb5 ] When I added sk_pacing_rate field, I forgot to initialize its value in the per cpu unicast_sock used in ip_send_unicast_reply() This means that for sch_fq users, RST packets, or ACK packets sent on behalf of TIME_WAIT sockets might be sent to slowly or even dropped once we reach the per flow limit. [Cherry-pick of stable/linux-3.18.y 617417f9990b33c162c08a2e29cc356c50ce3943] Bug: 16355602 Signed-off-by: Eric Dumazet <edumazet@google.com> Fixes: 95bd09eb2750 ("tcp: TSO packets automatic sizing") Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> BUG= chromium:686577 TEST=compile-tested only Change-Id: I892ec72ec923df35c7ba78d39c14b011762f72db Reviewed-on: https://chromium-review.googlesource.com/523423 Commit-Ready: Satya Tangirala <satyat@google.com> Tested-by: Satya Tangirala <satyat@google.com> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/5a9762eaf5eccfa65f87e7ac92ec87ae59eed83b/net/ipv4/ip_output.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/aaafa89ca4ba168d211ffef95da71ae545b43bb6 commit aaafa89ca4ba168d211ffef95da71ae545b43bb6 Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:08 2017 UPSTREAM: ipv4: tcp: get rid of ugly unicast_sock [ Upstream commit bdbbb8527b6f6a358dbcb70dac247034d665b8e4 ] In commit be9f4a44e7d41 ("ipv4: tcp: remove per net tcp_sock") I tried to address contention on a socket lock, but the solution I chose was horrible : commit 3a7c384ffd57e ("ipv4: tcp: unicast_sock should not land outside of TCP stack") addressed a selinux regression. commit 0980e56e506b ("ipv4: tcp: set unicast_sock uc_ttl to -1") took care of another regression. commit b5ec8eeac46 ("ipv4: fix ip_send_skb()") fixed another regression. commit 811230cd85 ("tcp: ipv4: initialize unicast_sock sk_pacing_rate") was another shot in the dark. Really, just use a proper socket per cpu, and remove the skb_orphan() call, to re-enable flow control. This solves a serious problem with FQ packet scheduler when used in hostile environments, as we do not want to allocate a flow structure for every RST packet sent in response to a spoofed packet. [Cherry-pick of stable/linux-3.18.y b974d00b778962b9b83c477a7359e40a28f7ed98] Bug: 16355602 Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> BUG= chromium:686577 TEST=compile-tested only Change-Id: I2482b8f33872d0c10cca19699457995596d1636f Reviewed-on: https://chromium-review.googlesource.com/523424 Commit-Ready: Satya Tangirala <satyat@google.com> Tested-by: Satya Tangirala <satyat@google.com> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/aaafa89ca4ba168d211ffef95da71ae545b43bb6/net/ipv4/ip_output.c [modify] https://crrev.com/aaafa89ca4ba168d211ffef95da71ae545b43bb6/include/net/ip.h [modify] https://crrev.com/aaafa89ca4ba168d211ffef95da71ae545b43bb6/net/ipv4/tcp_ipv4.c [modify] https://crrev.com/aaafa89ca4ba168d211ffef95da71ae545b43bb6/include/net/netns/ipv4.h
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/5ea88ea108c6804efb7d3f9acccf936a27e65ef6 commit 5ea88ea108c6804efb7d3f9acccf936a27e65ef6 Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:09 2017 UPSTREAM: tcp: fix more NULL deref after prequeue changes [ Upstream commit 0f85feae6b710ced3abad5b2b47d31dfcb956b62 ] When I cooked commit c3658e8d0f1 ("tcp: fix possible NULL dereference in tcp_vX_send_reset()") I missed other spots we could deref a NULL skb_dst(skb) Again, if a socket is provided, we do not need skb_dst() to get a pointer to network namespace : sock_net(sk) is good enough. [Cherry-pick of stable/linux-3.18.y 7efe8f1bb70588036edacab8b6c7f899092781f2] Bug: 16355602 Reported-by: Dann Frazier <dann.frazier@canonical.com> Bisected-by: Dann Frazier <dann.frazier@canonical.com> Tested-by: Dann Frazier <dann.frazier@canonical.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Fixes: ca777eff51f7 ("tcp: remove dst refcount false sharing for prequeue mode") Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> BUG= chromium:686577 TEST=compile-tested only Change-Id: I3d59844c1b1b954ac2f52cba7e82036f8eefa75e Reviewed-on: https://chromium-review.googlesource.com/523425 Commit-Ready: Satya Tangirala <satyat@google.com> Tested-by: Satya Tangirala <satyat@google.com> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/5ea88ea108c6804efb7d3f9acccf936a27e65ef6/net/ipv6/tcp_ipv6.c [modify] https://crrev.com/5ea88ea108c6804efb7d3f9acccf936a27e65ef6/net/ipv4/tcp_ipv4.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/5bc59b5c97960478b125ad86d5f2f63709d3a595 commit 5bc59b5c97960478b125ad86d5f2f63709d3a595 Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:11 2017 Revert "CHROMIUM: Handle 'sk' being NULL in UID-based routing." This reverts commit a99dce6cce648c3f753a34d818b2d05c6906777d. BUG= chromium:686577 TEST=compile-tested only Change-Id: Id4d146e270e92d1a85920d219675bb121df3e260 Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/523426 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/5bc59b5c97960478b125ad86d5f2f63709d3a595/net/ipv4/route.c [modify] https://crrev.com/5bc59b5c97960478b125ad86d5f2f63709d3a595/include/net/route.h
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/1dae4dc942e674ba97e3953e3490e6c591221890 commit 1dae4dc942e674ba97e3953e3490e6c591221890 Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:12 2017 Revert "CHROMIUM: net: Make "uidrange 0-n" match kernel packets in containers" This reverts commit c9574b48ed9e7f164600bdb9bae19d07b40b52b8. BUG= chromium:686577 TEST=compile-tested only Change-Id: I7ff5a7a7f5f00c562036840f02f7615e5dc8838b Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/523427 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/1dae4dc942e674ba97e3953e3490e6c591221890/net/core/fib_rules.c [modify] https://crrev.com/1dae4dc942e674ba97e3953e3490e6c591221890/include/net/fib_rules.h
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/fa04efbbbc47548008d60fe274a5243967885207 commit fa04efbbbc47548008d60fe274a5243967885207 Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:13 2017 Revert "CHROMIUM: net: ipv4: Fix uninitialized flowi4_uid fields" This reverts commit 02b4d67143c4e3d8f8b9439d07406aee21dea696. BUG= chromium:686577 TEST=compile-tested only Change-Id: Iabb1e212bee4a44c71c0b6db0df25ae10f0d3c2d Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/523428 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/fa04efbbbc47548008d60fe274a5243967885207/net/ipv4/fib_frontend.c [modify] https://crrev.com/fa04efbbbc47548008d60fe274a5243967885207/net/ipv4/route.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/2ccd045ef91364f05412e7b1aa5c2103f42e4d59 commit 2ccd045ef91364f05412e7b1aa5c2103f42e4d59 Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:14 2017 Revert "net: core: Support UID-based routing." This reverts commit ba3d8d3f9f65807763b2e0e1ea7645d74a962248. BUG= chromium:686577 TEST=compile-tested only Change-Id: I43ef8a436b8c1f90ac758659419be2c45a09e2f9 Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/523429 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/ping.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/include/net/ip.h [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/include/net/fib_rules.h [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/datagram.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv4/ip_output.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/raw.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/core/fib_rules.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/include/net/route.h [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/af_inet6.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/udp.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/include/net/flow.h [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/include/uapi/linux/rtnetlink.h [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv4/udp.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv4/ping.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv4/raw.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv4/fib_frontend.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/syncookies.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/ipcomp6.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/route.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/esp6.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv4/syncookies.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/include/net/ip6_route.h [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv4/inet_connection_sock.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv4/route.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/tcp_ipv6.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/ah6.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/include/uapi/linux/fib_rules.h [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/icmp.c [modify] https://crrev.com/2ccd045ef91364f05412e7b1aa5c2103f42e4d59/net/ipv6/inet6_connection_sock.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/4838c7fab1cee64f839910b71d96b3617008dd90 commit 4838c7fab1cee64f839910b71d96b3617008dd90 Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:15 2017 UPSTREAM: net: core: Add a UID field to struct sock. Protocol sockets (struct sock) don't have UIDs, but most of the time, they map 1:1 to userspace sockets (struct socket) which do. Various operations such as the iptables xt_owner match need access to the "UID of a socket", and do so by following the backpointer to the struct socket. This involves taking sk_callback_lock and doesn't work when there is no socket because userspace has already called close(). Simplify this by adding a sk_uid field to struct sock whose value matches the UID of the corresponding struct socket. The semantics are as follows: 1. Whenever sk_socket is non-null: sk_uid is the same as the UID in sk_socket, i.e., matches the return value of sock_i_uid. Specifically, the UID is set when userspace calls socket(), fchown(), or accept(). 2. When sk_socket is NULL, sk_uid is defined as follows: - For a socket that no longer has a sk_socket because userspace has called close(): the previous UID. - For a cloned socket (e.g., an incoming connection that is established but on which userspace has not yet called accept): the UID of the socket it was cloned from. - For a socket that has never had an sk_socket: UID 0 inside the user namespace corresponding to the network namespace the socket belongs to. Kernel sockets created by sock_create_kern are a special case of #1 and sk_uid is the user that created them. For kernel sockets created at network namespace creation time, such as the per-processor ICMP and TCP sockets, this is the user that created the network namespace. Bug: 16355602 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 86741ec25462e4c8cdce6df2f41ead05568c7d5e) BUG= chromium:686577 TEST=compile-tested only Change-Id: I7d0b413ca3f62151c616810a3be43d19ccee81a9 Reviewed-on: https://chromium-review.googlesource.com/523430 Commit-Ready: Satya Tangirala <satyat@google.com> Tested-by: Satya Tangirala <satyat@google.com> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/4838c7fab1cee64f839910b71d96b3617008dd90/net/core/sock.c [modify] https://crrev.com/4838c7fab1cee64f839910b71d96b3617008dd90/net/socket.c [modify] https://crrev.com/4838c7fab1cee64f839910b71d96b3617008dd90/include/net/sock.h
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/eed71095b2d908ed96ce67b9d27c8adbdb44440a commit eed71095b2d908ed96ce67b9d27c8adbdb44440a Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:16 2017 BACKPORT: net: core: add UID to flows, rules, and routes - Define a new FIB rule attributes, FRA_UID_RANGE, to describe a range of UIDs. - Define a RTA_UID attribute for per-UID route lookups and dumps. - Support passing these attributes to and from userspace via rtnetlink. The value INVALID_UID indicates no UID was specified. - Add a UID field to the flow structures. Bug: 16355602 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 622ec2c9d52405973c9f1ca5116eb1c393adfc7d) BUG= chromium:686577 TEST=compile-tested only Change-Id: I30959eb0e63372160076cf2ad4835a839dad520e Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/523431 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/eed71095b2d908ed96ce67b9d27c8adbdb44440a/net/ipv4/fib_frontend.c [modify] https://crrev.com/eed71095b2d908ed96ce67b9d27c8adbdb44440a/net/core/fib_rules.c [modify] https://crrev.com/eed71095b2d908ed96ce67b9d27c8adbdb44440a/include/net/fib_rules.h [modify] https://crrev.com/eed71095b2d908ed96ce67b9d27c8adbdb44440a/include/uapi/linux/fib_rules.h [modify] https://crrev.com/eed71095b2d908ed96ce67b9d27c8adbdb44440a/include/net/flow.h [modify] https://crrev.com/eed71095b2d908ed96ce67b9d27c8adbdb44440a/net/ipv6/route.c [modify] https://crrev.com/eed71095b2d908ed96ce67b9d27c8adbdb44440a/include/uapi/linux/rtnetlink.h [modify] https://crrev.com/eed71095b2d908ed96ce67b9d27c8adbdb44440a/net/ipv4/route.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/19e1ad16af1a408644513ad53a1a3134665f0fef commit 19e1ad16af1a408644513ad53a1a3134665f0fef Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:18 2017 BACKPORT: net: inet: Support UID-based routing in IP protocols. - Use the UID in routing lookups made by protocol connect() and sendmsg() functions. - Make sure that routing lookups triggered by incoming packets (e.g., Path MTU discovery) take the UID of the socket into account. - For packets not associated with a userspace socket, (e.g., ping replies) use UID 0 inside the user namespace corresponding to the network namespace the socket belongs to. This allows all namespaces to apply routing and iptables rules to kernel-originated traffic in that namespaces by matching UID 0. This is better than using the UID of the kernel socket that is sending the traffic, because the UID of kernel sockets created at namespace creation time (e.g., the per-processor ICMP and TCP sockets) is the UID of the user that created the socket, which might not be mapped in the namespace. Bug: 16355602 Tested: compiles allnoconfig, allyesconfig, allmodconfig Tested: https://android-review.googlesource.com/253302 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit e2d118a1cb5e60d077131a09db1d81b90a5295fe) BUG= chromium:686577 TEST=Disconnect Ethernet, disable WiFi. Route traffic from UID 1000 to interface lo (i.e. sudo ip route add default via 127.0.0.1 table 3; sudo ip rule add uidrange 1000-1000 table 3;). Then, check that "ping 8.8.8.8" sends packets through lo, but "sudo ping 8.8.8.8" gives "Network unreachable". Change-Id: Ifb0ed2c909074d0469ec8b82afdaf92b047fe389 Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/523432 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/ping.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv4/icmp.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/include/net/ip.h [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv4/tcp_ipv4.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/netfilter.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/datagram.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv4/ip_output.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/raw.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/include/net/route.h [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/af_inet6.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/udp.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/include/net/flow.h [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv4/udp.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv4/ping.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/l2tp/l2tp_ip6.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/syncookies.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/ipcomp6.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/route.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/esp6.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv4/syncookies.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/ip6_vti.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/include/net/ip6_route.h [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv4/inet_connection_sock.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv4/route.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/tcp_ipv6.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/ah6.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv4/raw.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/icmp.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/inet6_connection_sock.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/ip6_tunnel.c [modify] https://crrev.com/19e1ad16af1a408644513ad53a1a3134665f0fef/net/ipv6/ip6_gre.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/f8e053b229dbd090e043dd475b377816a586aacf commit f8e053b229dbd090e043dd475b377816a586aacf Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:19 2017 UPSTREAM: net: ipv4: Don't crash if passing a null sk to ip_rt_update_pmtu. Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") made __build_flow_key call sock_net(sk) to determine the network namespace of the passed-in socket. This crashes if sk is NULL. Fix this by getting the network namespace from the skb instead. Bug: 16355602 Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") Reported-by: Erez Shitrit <erezsh@dev.mellanox.co.il> Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit d109e61bfe7a468fd8df4a7ceb65635e7aa909a0) BUG= chromium:686577 TEST=compile-tested only Change-Id: I5061285cf460692bc131c4dca059f3fa4d59aa11 Reviewed-on: https://chromium-review.googlesource.com/523433 Commit-Ready: Satya Tangirala <satyat@google.com> Tested-by: Satya Tangirala <satyat@google.com> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/f8e053b229dbd090e043dd475b377816a586aacf/net/ipv4/route.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/2e54188d08cc617da118d7749f3cf04828b2dcac commit 2e54188d08cc617da118d7749f3cf04828b2dcac Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:20 2017 UPSTREAM: net: socket: don't set sk_uid to garbage value in ->setattr() ->setattr() was recently implemented for socket files to sync the socket inode's uid to the new 'sk_uid' member of struct sock. It does this by copying over the ia_uid member of struct iattr. However, ia_uid is actually only valid when ATTR_UID is set in ia_valid, indicating that the uid is being changed, e.g. by chown. Other metadata operations such as chmod or utimes leave ia_uid uninitialized. Therefore, sk_uid could be set to a "garbage" value from the stack. Fix this by only copying the uid over when ATTR_UID is set. [backport of net e1a3a60a2ebe991605acb14cd58e39c0545e174e] Bug: 16355602 Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.") Signed-off-by: Eric Biggers <ebiggers@google.com> Tested-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit e1a3a60a2ebe991605acb14cd58e39c0545e174e) BUG= chromium:686577 TEST=compile-tested only Change-Id: Ifc2b4b8fbd185fe238118ec5b47842beb91b4f59 Reviewed-on: https://chromium-review.googlesource.com/523434 Commit-Ready: Satya Tangirala <satyat@google.com> Tested-by: Satya Tangirala <satyat@google.com> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/2e54188d08cc617da118d7749f3cf04828b2dcac/net/socket.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/be702c822a3278bb2b16aae7de23d04a62f27545 commit be702c822a3278bb2b16aae7de23d04a62f27545 Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:21 2017 UPSTREAM: net: ipv4: Don't crash if passing a null sk to ip_do_redirect. Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") made ip_do_redirect call sock_net(sk) to determine the network namespace of the passed-in socket. This crashes if sk is NULL. Fix this by getting the network namespace from the skb instead. Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 7d99569460eae28b187d574aec930a4cf8b90441) BUG= chromium:686577 TEST=compile-tested only Change-Id: Ifc29164ed7f121f8d7558d8483d645a2f387208a Reviewed-on: https://chromium-review.googlesource.com/523435 Commit-Ready: Satya Tangirala <satyat@google.com> Tested-by: Satya Tangirala <satyat@google.com> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/be702c822a3278bb2b16aae7de23d04a62f27545/net/ipv4/route.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/67d83e9bbbde054436cd287a258ebdc5fc51f5b1 commit 67d83e9bbbde054436cd287a258ebdc5fc51f5b1 Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:23 2017 UPSTREAM: net: socket: Make unnecessarily global sockfs_setattr() static Make sockfs_setattr() static as it is not used outside of net/socket.c This fixes the following GCC warning: net/socket.c:534:5: warning: no previous prototype for sockfs_setattr [-Wmissing-prototypes] Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.") Cc: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Acked-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit dc647ec88e029307e60e6bf9988056605f11051a) BUG= chromium:686577 TEST=compile-tested only Change-Id: I5b780dde6e6e8c045e67a3fc2e48f0d59fd098bd Reviewed-on: https://chromium-review.googlesource.com/523436 Commit-Ready: Satya Tangirala <satyat@google.com> Tested-by: Satya Tangirala <satyat@google.com> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/67d83e9bbbde054436cd287a258ebdc5fc51f5b1/net/socket.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/585770f3f25f57f9c3b04646449201c3e887f0fd commit 585770f3f25f57f9c3b04646449201c3e887f0fd Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:24 2017 Revert "CHROMIUM: net: Make "uidrange 0-n" match kernel packets in containers" This reverts commit 50485d661334e2dcd308d257c1b1b519af344898. BUG= chromium:686577 TEST=compile-tested only Change-Id: Iad3cc71b798918a008fc575ae7a435db4b117512 Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/524273 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/585770f3f25f57f9c3b04646449201c3e887f0fd/net/core/fib_rules.c [modify] https://crrev.com/585770f3f25f57f9c3b04646449201c3e887f0fd/include/net/fib_rules.h
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/e80de14ebb3db049b4a0354d196e82d9c814e43c commit e80de14ebb3db049b4a0354d196e82d9c814e43c Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:25 2017 Revert "CHROMIUM: net: ipv4: Fix uninitialized flowi4_uid fields" This reverts commit f4956309f1cacff0dcb1bab241ad599512af7713. BUG= chromium:686577 TEST=compile-tested only Change-Id: I70dd171947f5e97457cb1d3c1d935d3da1609a3e Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/524274 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/e80de14ebb3db049b4a0354d196e82d9c814e43c/net/ipv4/fib_frontend.c [modify] https://crrev.com/e80de14ebb3db049b4a0354d196e82d9c814e43c/net/ipv4/route.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/4bd3761940b3e6c8c9cd9147386bb35af8bdcc38 commit 4bd3761940b3e6c8c9cd9147386bb35af8bdcc38 Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:26 2017 Revert "net: core: Handle 'sk' being NULL in UID-based routing" This reverts commit ad493510385ee040516bf83a60e6c4921fcdfdac. BUG= chromium:686577 TEST=compile-tested only Change-Id: I906130675195f685c5b6f5485ec89c72a40d7e27 Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/524275 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/4bd3761940b3e6c8c9cd9147386bb35af8bdcc38/net/ipv4/route.c [modify] https://crrev.com/4bd3761940b3e6c8c9cd9147386bb35af8bdcc38/include/net/route.h
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/01558d267c148de43d51cf08c8630fae6592c52e commit 01558d267c148de43d51cf08c8630fae6592c52e Author: Satya Tangirala <satyat@google.com> Date: Sat Jun 17 08:12:28 2017 Revert "net: core: Support UID-based routing." This reverts commit fd2cf795f3ab193752781be7372949ac1780d0ed. BUG= chromium:686577 TEST=compile-tested only Change-Id: I3ddeb5b4a82caccabbdaf5b0f3d1c3689708df01 Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/524276 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/ping.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/include/net/ip.h [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/include/net/fib_rules.h [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/datagram.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv4/ip_output.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/raw.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/core/fib_rules.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/include/net/route.h [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/af_inet6.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/udp.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/include/net/flow.h [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/include/uapi/linux/rtnetlink.h [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv4/udp.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv4/ping.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv4/raw.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv4/fib_frontend.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/syncookies.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/ipcomp6.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/route.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/esp6.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv4/syncookies.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/include/net/ip6_route.h [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv4/inet_connection_sock.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv4/route.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/tcp_ipv6.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/ah6.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/include/uapi/linux/fib_rules.h [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/icmp.c [modify] https://crrev.com/01558d267c148de43d51cf08c8630fae6592c52e/net/ipv6/inet6_connection_sock.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/67512c7ba678c7a1172067f3761e69a8ebb33461 commit 67512c7ba678c7a1172067f3761e69a8ebb33461 Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Jun 17 08:12:29 2017 UPSTREAM: net: core: Add a UID field to struct sock. Protocol sockets (struct sock) don't have UIDs, but most of the time, they map 1:1 to userspace sockets (struct socket) which do. Various operations such as the iptables xt_owner match need access to the "UID of a socket", and do so by following the backpointer to the struct socket. This involves taking sk_callback_lock and doesn't work when there is no socket because userspace has already called close(). Simplify this by adding a sk_uid field to struct sock whose value matches the UID of the corresponding struct socket. The semantics are as follows: 1. Whenever sk_socket is non-null: sk_uid is the same as the UID in sk_socket, i.e., matches the return value of sock_i_uid. Specifically, the UID is set when userspace calls socket(), fchown(), or accept(). 2. When sk_socket is NULL, sk_uid is defined as follows: - For a socket that no longer has a sk_socket because userspace has called close(): the previous UID. - For a cloned socket (e.g., an incoming connection that is established but on which userspace has not yet called accept): the UID of the socket it was cloned from. - For a socket that has never had an sk_socket: UID 0 inside the user namespace corresponding to the network namespace the socket belongs to. Kernel sockets created by sock_create_kern are a special case of #1 and sk_uid is the user that created them. For kernel sockets created at network namespace creation time, such as the per-processor ICMP and TCP sockets, this is the user that created the network namespace. Bug: 16355602 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 86741ec25462e4c8cdce6df2f41ead05568c7d5e) BUG= chromium:686577 TEST=compile-tested only Change-Id: Ib33add941ae9f8e2d1be316f7ee134ce1fdcf551 Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/524277 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/67512c7ba678c7a1172067f3761e69a8ebb33461/net/core/sock.c [modify] https://crrev.com/67512c7ba678c7a1172067f3761e69a8ebb33461/net/socket.c [modify] https://crrev.com/67512c7ba678c7a1172067f3761e69a8ebb33461/include/net/sock.h
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/5e24d65723c31b4b53bca2f3a3414c23f45ddae1 commit 5e24d65723c31b4b53bca2f3a3414c23f45ddae1 Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Jun 17 08:12:31 2017 BACKPORT: net: core: add UID to flows, rules, and routes - Define a new FIB rule attributes, FRA_UID_RANGE, to describe a range of UIDs. - Define a RTA_UID attribute for per-UID route lookups and dumps. - Support passing these attributes to and from userspace via rtnetlink. The value INVALID_UID indicates no UID was specified. - Add a UID field to the flow structures. Bug: 16355602 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 622ec2c9d52405973c9f1ca5116eb1c393adfc7d) BUG= chromium:686577 TEST=compile-tested only Change-Id: Iedf4280acd4517b9cf683f144e4b9047e6737e36 Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/524278 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/5e24d65723c31b4b53bca2f3a3414c23f45ddae1/net/ipv4/fib_frontend.c [modify] https://crrev.com/5e24d65723c31b4b53bca2f3a3414c23f45ddae1/net/core/fib_rules.c [modify] https://crrev.com/5e24d65723c31b4b53bca2f3a3414c23f45ddae1/include/net/fib_rules.h [modify] https://crrev.com/5e24d65723c31b4b53bca2f3a3414c23f45ddae1/include/uapi/linux/fib_rules.h [modify] https://crrev.com/5e24d65723c31b4b53bca2f3a3414c23f45ddae1/include/net/flow.h [modify] https://crrev.com/5e24d65723c31b4b53bca2f3a3414c23f45ddae1/net/ipv6/route.c [modify] https://crrev.com/5e24d65723c31b4b53bca2f3a3414c23f45ddae1/include/uapi/linux/rtnetlink.h [modify] https://crrev.com/5e24d65723c31b4b53bca2f3a3414c23f45ddae1/net/ipv4/route.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/19938fef622279f5e3662caec1ba0af7ffdf45fc commit 19938fef622279f5e3662caec1ba0af7ffdf45fc Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Jun 17 08:12:33 2017 BACKPORT: net: inet: Support UID-based routing in IP protocols. - Use the UID in routing lookups made by protocol connect() and sendmsg() functions. - Make sure that routing lookups triggered by incoming packets (e.g., Path MTU discovery) take the UID of the socket into account. - For packets not associated with a userspace socket, (e.g., ping replies) use UID 0 inside the user namespace corresponding to the network namespace the socket belongs to. This allows all namespaces to apply routing and iptables rules to kernel-originated traffic in that namespaces by matching UID 0. This is better than using the UID of the kernel socket that is sending the traffic, because the UID of kernel sockets created at namespace creation time (e.g., the per-processor ICMP and TCP sockets) is the UID of the user that created the socket, which might not be mapped in the namespace. Bug: 16355602 Tested: compiles allnoconfig, allyesconfig, allmodconfig Tested: https://android-review.googlesource.com/253302 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit e2d118a1cb5e60d077131a09db1d81b90a5295fe) BUG= chromium:686577 TEST=Disconnect Ethernet, disable WiFi. Route traffic from UID 1000 to interface lo (i.e. sudo ip route add default via 127.0.0.1 table 3; sudo ip rule add uidrange 1000-1000 table 3;). Then, check that "ping 8.8.8.8" sends packets through lo, but "sudo ping 8.8.8.8" gives "Network unreachable". Change-Id: I42b2867e0bd725a92151af49819278858a04f5d6 Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/524279 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/ping.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv4/icmp.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/include/net/ip.h [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv4/tcp_ipv4.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/netfilter.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/datagram.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv4/ip_output.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/raw.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/include/net/route.h [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/af_inet6.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/udp.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/include/net/flow.h [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv4/udp.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv4/ping.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/l2tp/l2tp_ip6.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/syncookies.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/ipcomp6.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/route.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/esp6.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv4/syncookies.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/ip6_vti.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/include/net/ip6_route.h [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv4/inet_connection_sock.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv4/route.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/tcp_ipv6.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/ah6.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv4/raw.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/icmp.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/inet6_connection_sock.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/ip6_tunnel.c [modify] https://crrev.com/19938fef622279f5e3662caec1ba0af7ffdf45fc/net/ipv6/ip6_gre.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/3a060da85ffac070cee409d26bfd4d7cf39cd448 commit 3a060da85ffac070cee409d26bfd4d7cf39cd448 Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Jun 17 08:12:34 2017 UPSTREAM: net: ipv4: Don't crash if passing a null sk to ip_rt_update_pmtu. Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") made __build_flow_key call sock_net(sk) to determine the network namespace of the passed-in socket. This crashes if sk is NULL. Fix this by getting the network namespace from the skb instead. Bug: 16355602 Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") Reported-by: Erez Shitrit <erezsh@dev.mellanox.co.il> Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit d109e61bfe7a468fd8df4a7ceb65635e7aa909a0) BUG= chromium:686577 TEST=compile-tested only Change-Id: Ide90e1e214179d2a397bd7d8e78fb9dc2449d0f3 Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/524280 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/3a060da85ffac070cee409d26bfd4d7cf39cd448/net/ipv4/route.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/e331ae2e93c7b76f958a6093fade994f9877a83c commit e331ae2e93c7b76f958a6093fade994f9877a83c Author: Eric Biggers <ebiggers@google.com> Date: Sat Jun 17 08:12:35 2017 UPSTREAM: net: socket: don't set sk_uid to garbage value in ->setattr() ->setattr() was recently implemented for socket files to sync the socket inode's uid to the new 'sk_uid' member of struct sock. It does this by copying over the ia_uid member of struct iattr. However, ia_uid is actually only valid when ATTR_UID is set in ia_valid, indicating that the uid is being changed, e.g. by chown. Other metadata operations such as chmod or utimes leave ia_uid uninitialized. Therefore, sk_uid could be set to a "garbage" value from the stack. Fix this by only copying the uid over when ATTR_UID is set. Bug: 16355602 Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.") Signed-off-by: Eric Biggers <ebiggers@google.com> Tested-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit e1a3a60a2ebe991605acb14cd58e39c0545e174e) BUG= chromium:686577 TEST=compile-tested only Change-Id: I742bb2f78850b666f59bd8f8faa514f626126960 Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/524281 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/e331ae2e93c7b76f958a6093fade994f9877a83c/net/socket.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/01878b760f696091fc6227ee698f0748b9d5a7f2 commit 01878b760f696091fc6227ee698f0748b9d5a7f2 Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Jun 17 08:12:37 2017 UPSTREAM: net: ipv4: Don't crash if passing a null sk to ip_do_redirect. Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") made ip_do_redirect call sock_net(sk) to determine the network namespace of the passed-in socket. This crashes if sk is NULL. Fix this by getting the network namespace from the skb instead. Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Amit Pundir <amit.pundir@linaro.org> (cherry picked from commit 7d99569460eae28b187d574aec930a4cf8b90441) BUG= chromium:686577 TEST=compile-tested only Change-Id: I3a909d126ad9bcc616c82761625c75194da7076e Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/524572 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/01878b760f696091fc6227ee698f0748b9d5a7f2/net/ipv4/route.c
,
Jun 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/cb923dd8ddfa63b206429af0018567568fc7bccd commit cb923dd8ddfa63b206429af0018567568fc7bccd Author: Tobias Klauser <tklauser@distanz.ch> Date: Sat Jun 17 08:12:38 2017 UPSTREAM: net: socket: Make unnecessarily global sockfs_setattr() static Make sockfs_setattr() static as it is not used outside of net/socket.c This fixes the following GCC warning: net/socket.c:534:5: warning: no previous prototype for sockfs_setattr [-Wmissing-prototypes] Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.") Cc: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch> Acked-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit dc647ec88e029307e60e6bf9988056605f11051a) BUG= chromium:686577 TEST=compile-tested only Change-Id: If27e7efe0c89a0d0a21d36a2c6f0907a41e9e68d Signed-off-by: Satya Tangirala <satyat@google.com> Reviewed-on: https://chromium-review.googlesource.com/524573 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/cb923dd8ddfa63b206429af0018567568fc7bccd/net/socket.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/ba5e04912be721e430b4325b851be263d3d850fa commit ba5e04912be721e430b4325b851be263d3d850fa Author: Vasily Averin <vvs@parallels.com> Date: Sat Aug 26 04:52:22 2017 UPSTREAM: ipv4: dst_entry leak in ip_send_unicast_reply() [ Upstream commit 4062090e3e5caaf55bed4523a69f26c3265cc1d2 ] ip_setup_cork() called inside ip_append_data() steals dst entry from rt to cork and in case errors in __ip_append_data() nobody frees stolen dst entry Fixes: 2e77d89b2fa8 ("net: avoid a pair of dst_hold()/dst_release() in ip_append_data()") Signed-off-by: Vasily Averin <vvs@parallels.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 9a8955adfba0821f5b354d400303436b6e4b2e13) BUG= chromium:686577 TEST=compile-tested only Change-Id: I917a3862aec459ef0da82615041cb2441a51f98a Reviewed-on: https://chromium-review.googlesource.com/631178 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/ba5e04912be721e430b4325b851be263d3d850fa/net/ipv4/ip_output.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/43cb264b246b28c3b5937b158d8becc369c9b8b8 commit 43cb264b246b28c3b5937b158d8becc369c9b8b8 Author: Eric Dumazet <edumazet@google.com> Date: Sat Aug 26 04:52:23 2017 UPSTREAM: tcp: ipv4: initialize unicast_sock sk_pacing_rate [ Upstream commit 811230cd853d62f09ed0addd0ce9a1b9b0e13fb5 ] When I added sk_pacing_rate field, I forgot to initialize its value in the per cpu unicast_sock used in ip_send_unicast_reply() This means that for sch_fq users, RST packets, or ACK packets sent on behalf of TIME_WAIT sockets might be sent to slowly or even dropped once we reach the per flow limit. Signed-off-by: Eric Dumazet <edumazet@google.com> Fixes: 95bd09eb2750 ("tcp: TSO packets automatic sizing") Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 23990c29a7bc207bfcb3026e286e804c7cdee933) BUG= chromium:686577 TEST=compile-tested only Change-Id: Iecebf1358c638774e4ad912ab5e07299fcbfb09b Reviewed-on: https://chromium-review.googlesource.com/631179 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/43cb264b246b28c3b5937b158d8becc369c9b8b8/net/ipv4/ip_output.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/9e5b256d72c8ff9ca06b0e4a78cd060b39197244 commit 9e5b256d72c8ff9ca06b0e4a78cd060b39197244 Author: Eric Dumazet <edumazet@google.com> Date: Sat Aug 26 04:52:24 2017 BACKPORT: ipv4: tcp: get rid of ugly unicast_sock [ Upstream commit bdbbb8527b6f6a358dbcb70dac247034d665b8e4 ] In commit be9f4a44e7d41 ("ipv4: tcp: remove per net tcp_sock") I tried to address contention on a socket lock, but the solution I chose was horrible : commit 3a7c384ffd57e ("ipv4: tcp: unicast_sock should not land outside of TCP stack") addressed a selinux regression. commit 0980e56e506b ("ipv4: tcp: set unicast_sock uc_ttl to -1") took care of another regression. commit b5ec8eeac46 ("ipv4: fix ip_send_skb()") fixed another regression. commit 811230cd85 ("tcp: ipv4: initialize unicast_sock sk_pacing_rate") was another shot in the dark. Really, just use a proper socket per cpu, and remove the skb_orphan() call, to re-enable flow control. This solves a serious problem with FQ packet scheduler when used in hostile environments, as we do not want to allocate a flow structure for every RST packet sent in response to a spoofed packet. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 6bed3166d097a20ffcf2d440825c611500b0ff97) [cernekee: adjusted patch for missing context in 3.8] BUG= chromium:686577 TEST=compile-tested only Change-Id: I4b3cfba689efcc64e6bec343414c70e38acfe045 Reviewed-on: https://chromium-review.googlesource.com/631180 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/9e5b256d72c8ff9ca06b0e4a78cd060b39197244/net/ipv4/ip_output.c [modify] https://crrev.com/9e5b256d72c8ff9ca06b0e4a78cd060b39197244/include/net/ip.h [modify] https://crrev.com/9e5b256d72c8ff9ca06b0e4a78cd060b39197244/net/ipv4/tcp_ipv4.c [modify] https://crrev.com/9e5b256d72c8ff9ca06b0e4a78cd060b39197244/include/net/netns/ipv4.h
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/a2b97112034e58093d232f5cd956830aeeefcf35 commit a2b97112034e58093d232f5cd956830aeeefcf35 Author: Eric Dumazet <edumazet@google.com> Date: Sat Aug 26 04:52:25 2017 BACKPORT: tcp: fix more NULL deref after prequeue changes When I cooked commit c3658e8d0f1 ("tcp: fix possible NULL dereference in tcp_vX_send_reset()") I missed other spots we could deref a NULL skb_dst(skb) Again, if a socket is provided, we do not need skb_dst() to get a pointer to network namespace : sock_net(sk) is good enough. Reported-by: Dann Frazier <dann.frazier@canonical.com> Bisected-by: Dann Frazier <dann.frazier@canonical.com> Tested-by: Dann Frazier <dann.frazier@canonical.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Fixes: ca777eff51f7 ("tcp: remove dst refcount false sharing for prequeue mode") Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 0f85feae6b710ced3abad5b2b47d31dfcb956b62) [cernekee: adjusted patch for different context in 3.8] BUG= chromium:686577 TEST=compile-tested only Change-Id: If6be7762fc9f7daeba4a7da0b8a4676f0323755d Reviewed-on: https://chromium-review.googlesource.com/631181 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/a2b97112034e58093d232f5cd956830aeeefcf35/net/ipv6/tcp_ipv6.c [modify] https://crrev.com/a2b97112034e58093d232f5cd956830aeeefcf35/net/ipv4/tcp_ipv4.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/f3349a65e60a6cf89c1e0a46573ba0767a45c5c3 commit f3349a65e60a6cf89c1e0a46573ba0767a45c5c3 Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Aug 26 04:52:26 2017 BACKPORT: net: core: Add a UID field to struct sock. Protocol sockets (struct sock) don't have UIDs, but most of the time, they map 1:1 to userspace sockets (struct socket) which do. Various operations such as the iptables xt_owner match need access to the "UID of a socket", and do so by following the backpointer to the struct socket. This involves taking sk_callback_lock and doesn't work when there is no socket because userspace has already called close(). Simplify this by adding a sk_uid field to struct sock whose value matches the UID of the corresponding struct socket. The semantics are as follows: 1. Whenever sk_socket is non-null: sk_uid is the same as the UID in sk_socket, i.e., matches the return value of sock_i_uid. Specifically, the UID is set when userspace calls socket(), fchown(), or accept(). 2. When sk_socket is NULL, sk_uid is defined as follows: - For a socket that no longer has a sk_socket because userspace has called close(): the previous UID. - For a cloned socket (e.g., an incoming connection that is established but on which userspace has not yet called accept): the UID of the socket it was cloned from. - For a socket that has never had an sk_socket: UID 0 inside the user namespace corresponding to the network namespace the socket belongs to. Kernel sockets created by sock_create_kern are a special case of #1 and sk_uid is the user that created them. For kernel sockets created at network namespace creation time, such as the per-processor ICMP and TCP sockets, this is the user that created the network namespace. Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 86741ec25462e4c8cdce6df2f41ead05568c7d5e) [cernekee: adjusted patch for different context, missing helpers in 3.8] BUG= chromium:686577 TEST=compile-tested only Change-Id: Ia10a62eed16b9a039d022527647ec8dac5b74ae3 Reviewed-on: https://chromium-review.googlesource.com/631182 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/f3349a65e60a6cf89c1e0a46573ba0767a45c5c3/net/core/sock.c [modify] https://crrev.com/f3349a65e60a6cf89c1e0a46573ba0767a45c5c3/net/socket.c [modify] https://crrev.com/f3349a65e60a6cf89c1e0a46573ba0767a45c5c3/include/net/sock.h
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/578f75a339d32b2e7f6b6647977a36530f19ee15 commit 578f75a339d32b2e7f6b6647977a36530f19ee15 Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Aug 26 04:52:27 2017 BACKPORT: net: core: add UID to flows, rules, and routes - Define a new FIB rule attributes, FRA_UID_RANGE, to describe a range of UIDs. - Define a RTA_UID attribute for per-UID route lookups and dumps. - Support passing these attributes to and from userspace via rtnetlink. The value INVALID_UID indicates no UID was specified. - Add a UID field to the flow structures. Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 622ec2c9d52405973c9f1ca5116eb1c393adfc7d) [cernekee: used the backported version from the android-3.10 branch] BUG= chromium:686577 TEST=compile-tested only Change-Id: I91a304f6f9d72057fde0be9007dfd03dead33a34 Reviewed-on: https://chromium-review.googlesource.com/631183 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/578f75a339d32b2e7f6b6647977a36530f19ee15/net/ipv4/fib_frontend.c [modify] https://crrev.com/578f75a339d32b2e7f6b6647977a36530f19ee15/net/core/fib_rules.c [modify] https://crrev.com/578f75a339d32b2e7f6b6647977a36530f19ee15/include/net/fib_rules.h [modify] https://crrev.com/578f75a339d32b2e7f6b6647977a36530f19ee15/include/uapi/linux/fib_rules.h [modify] https://crrev.com/578f75a339d32b2e7f6b6647977a36530f19ee15/include/net/flow.h [modify] https://crrev.com/578f75a339d32b2e7f6b6647977a36530f19ee15/net/ipv6/route.c [modify] https://crrev.com/578f75a339d32b2e7f6b6647977a36530f19ee15/include/uapi/linux/rtnetlink.h [modify] https://crrev.com/578f75a339d32b2e7f6b6647977a36530f19ee15/net/ipv4/route.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/684858aaf1e12a92e57219c23125a07f34fdd359 commit 684858aaf1e12a92e57219c23125a07f34fdd359 Author: Michal Kubecek <mkubecek@suse.cz> Date: Sat Aug 26 04:52:28 2017 UPSTREAM: ipv4: fix redirect handling for TCP packets Unlike ipv4_redirect() and ipv4_sk_redirect(), ip_do_redirect() doesn't call __build_flow_key() directly but via ip_rt_build_flow_key() wrapper. This leads to __build_flow_key() getting pointer to IPv4 header of the ICMP redirect packet rather than pointer to the embedded IPv4 header of the packet initiating the redirect. As a result, handling of ICMP redirects initiated by TCP packets is broken. Issue was introduced by 4895c771c ("ipv4: Add FIB nexthop exceptions.") Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit f96ef988cc603487c03a6de07807b06cbe641829) BUG= chromium:686577 TEST=compile-tested only Change-Id: I7922a887213a25d09e5baefb63c3fd753fda5df2 Reviewed-on: https://chromium-review.googlesource.com/631184 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/684858aaf1e12a92e57219c23125a07f34fdd359/net/ipv4/route.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/44f1e7ade6014fb8bd7cb22428db34c371d9e087 commit 44f1e7ade6014fb8bd7cb22428db34c371d9e087 Author: Eric Dumazet <edumazet@google.com> Date: Sat Aug 26 04:52:29 2017 BACKPORT: net: add sk_fullsock() helper We have many places where we want to check if a socket is not a timewait or request socket. Use a helper to avoid hard coding this. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 1d0ab253872cdd3d8e7913f59c266c7fd01771d0) [cernekee: Drop TCPF_NEW_SYN_RECV check, because it doesn't exist in 3.8. Other places that use sk_fullsock() on master used to check for TCPF_TIME_WAIT only, in 3.8.] BUG= chromium:686577 TEST=compile-tested only Change-Id: I41fe26de220468121df8c4337fb8d1c2771a3f64 Reviewed-on: https://chromium-review.googlesource.com/631185 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/44f1e7ade6014fb8bd7cb22428db34c371d9e087/include/net/sock.h
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/f61a5558d4a33f4b305f7da121682366e066b182 commit f61a5558d4a33f4b305f7da121682366e066b182 Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Aug 26 04:52:30 2017 BACKPORT: net: inet: Support UID-based routing in IP protocols. - Use the UID in routing lookups made by protocol connect() and sendmsg() functions. - Make sure that routing lookups triggered by incoming packets (e.g., Path MTU discovery) take the UID of the socket into account. - For packets not associated with a userspace socket, (e.g., ping replies) use UID 0 inside the user namespace corresponding to the network namespace the socket belongs to. This allows all namespaces to apply routing and iptables rules to kernel-originated traffic in that namespaces by matching UID 0. This is better than using the UID of the kernel socket that is sending the traffic, because the UID of kernel sockets created at namespace creation time (e.g., the per-processor ICMP and TCP sockets) is the UID of the user that created the socket, which might not be mapped in the namespace. Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit e2d118a1cb5e60d077131a09db1d81b90a5295fe) [cernekee: backported from android-3.10 branch, with fixups for context] BUG= chromium:686577 TEST=compile-tested only Change-Id: I222e718d7da96caa71a44ee97b1150cf18c279c3 Reviewed-on: https://chromium-review.googlesource.com/631186 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv4/icmp.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/include/net/ip.h [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv4/tcp_ipv4.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/netfilter.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/datagram.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv4/ip_output.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/raw.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/include/net/route.h [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/af_inet6.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/udp.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/include/net/flow.h [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv4/udp.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv4/ping.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/l2tp/l2tp_ip6.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/syncookies.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/ipcomp6.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/route.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/esp6.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv4/syncookies.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/include/net/ip6_route.h [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv4/inet_connection_sock.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv4/route.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/tcp_ipv6.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/ah6.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv4/raw.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/icmp.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/inet6_connection_sock.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/ip6_tunnel.c [modify] https://crrev.com/f61a5558d4a33f4b305f7da121682366e066b182/net/ipv6/ip6_gre.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/51d758a17287552205f333c6cf0c43706506e48c commit 51d758a17287552205f333c6cf0c43706506e48c Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Aug 26 04:52:31 2017 UPSTREAM: net: ipv4: Don't crash if passing a null sk to ip_rt_update_pmtu. Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") made __build_flow_key call sock_net(sk) to determine the network namespace of the passed-in socket. This crashes if sk is NULL. Fix this by getting the network namespace from the skb instead. Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") Reported-by: Erez Shitrit <erezsh@dev.mellanox.co.il> Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit d109e61bfe7a468fd8df4a7ceb65635e7aa909a0) BUG= chromium:686577 TEST=compile-tested only Change-Id: I6c82609e586f799e20f132aa59f8c8a2c3eca503 Reviewed-on: https://chromium-review.googlesource.com/631187 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/51d758a17287552205f333c6cf0c43706506e48c/net/ipv4/route.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/ebb5095f9d0d1994546b517a30e9eacf05058613 commit ebb5095f9d0d1994546b517a30e9eacf05058613 Author: Eric Biggers <ebiggers@google.com> Date: Sat Aug 26 04:52:33 2017 BACKPORT: net: socket: don't set sk_uid to garbage value in ->setattr() ->setattr() was recently implemented for socket files to sync the socket inode's uid to the new 'sk_uid' member of struct sock. It does this by copying over the ia_uid member of struct iattr. However, ia_uid is actually only valid when ATTR_UID is set in ia_valid, indicating that the uid is being changed, e.g. by chown. Other metadata operations such as chmod or utimes leave ia_uid uninitialized. Therefore, sk_uid could be set to a "garbage" value from the stack. Fix this by only copying the uid over when ATTR_UID is set. Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.") Signed-off-by: Eric Biggers <ebiggers@google.com> Tested-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit e1a3a60a2ebe991605acb14cd58e39c0545e174e) [cernekee: adjusted patch for different context in 3.8] BUG= chromium:686577 TEST=compile-tested only Change-Id: I4a07f0e571596c3751927d83ab8a31e1b03edbfa Reviewed-on: https://chromium-review.googlesource.com/631188 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/ebb5095f9d0d1994546b517a30e9eacf05058613/net/socket.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/f4d03ecc90657b01463bffb806538941ebf1f68b commit f4d03ecc90657b01463bffb806538941ebf1f68b Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Aug 26 04:52:34 2017 UPSTREAM: net: ipv4: Don't crash if passing a null sk to ip_do_redirect. Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") made ip_do_redirect call sock_net(sk) to determine the network namespace of the passed-in socket. This crashes if sk is NULL. Fix this by getting the network namespace from the skb instead. Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 7d99569460eae28b187d574aec930a4cf8b90441) BUG= chromium:686577 TEST=su chronos -c 'ping 8.8.8.8' & \ ip route add blackhole 0.0.0.0/0 table 86 ; \ ip rule add prio 100 uidrange 1000-1000 table 86 Change-Id: I74ee1276990443f01fbbd74ce03c973f367bd431 Reviewed-on: https://chromium-review.googlesource.com/634446 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/f4d03ecc90657b01463bffb806538941ebf1f68b/net/ipv4/route.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/84fe8ba14fbf33874b510b37ccf563565101f1a1 commit 84fe8ba14fbf33874b510b37ccf563565101f1a1 Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Aug 26 04:52:40 2017 BACKPORT: net: core: add UID to flows, rules, and routes - Define a new FIB rule attributes, FRA_UID_RANGE, to describe a range of UIDs. - Define a RTA_UID attribute for per-UID route lookups and dumps. - Support passing these attributes to and from userspace via rtnetlink. The value INVALID_UID indicates no UID was specified. - Add a UID field to the flow structures. Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 622ec2c9d52405973c9f1ca5116eb1c393adfc7d) [cernekee: used the backported version from the android-3.10 branch] BUG= chromium:686577 TEST=compile-tested only Change-Id: I91a304f6f9d72057fde0be9007dfd03dead33a34 Reviewed-on: https://chromium-review.googlesource.com/633880 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/84fe8ba14fbf33874b510b37ccf563565101f1a1/net/ipv4/fib_frontend.c [modify] https://crrev.com/84fe8ba14fbf33874b510b37ccf563565101f1a1/net/core/fib_rules.c [modify] https://crrev.com/84fe8ba14fbf33874b510b37ccf563565101f1a1/include/net/fib_rules.h [modify] https://crrev.com/84fe8ba14fbf33874b510b37ccf563565101f1a1/include/uapi/linux/fib_rules.h [modify] https://crrev.com/84fe8ba14fbf33874b510b37ccf563565101f1a1/include/net/flow.h [modify] https://crrev.com/84fe8ba14fbf33874b510b37ccf563565101f1a1/net/ipv6/route.c [modify] https://crrev.com/84fe8ba14fbf33874b510b37ccf563565101f1a1/include/uapi/linux/rtnetlink.h [modify] https://crrev.com/84fe8ba14fbf33874b510b37ccf563565101f1a1/net/ipv4/route.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/0ea035213cde4e9d58b4367d2f28bb27ef79daba commit 0ea035213cde4e9d58b4367d2f28bb27ef79daba Author: Eric Dumazet <edumazet@google.com> Date: Sat Aug 26 04:52:41 2017 BACKPORT: net: add sk_fullsock() helper We have many places where we want to check if a socket is not a timewait or request socket. Use a helper to avoid hard coding this. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 1d0ab253872cdd3d8e7913f59c266c7fd01771d0) [cernekee: Drop TCPF_NEW_SYN_RECV check, because it doesn't exist in 3.10. Other places that use sk_fullsock() on master used to check for TCPF_TIME_WAIT only, in 3.10.] BUG= chromium:686577 TEST=compile-tested only Change-Id: I41fe26de220468121df8c4337fb8d1c2771a3f64 Reviewed-on: https://chromium-review.googlesource.com/633881 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/0ea035213cde4e9d58b4367d2f28bb27ef79daba/include/net/sock.h
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/48482b427b999c95e932e7f9da792903547daef8 commit 48482b427b999c95e932e7f9da792903547daef8 Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Aug 26 04:52:43 2017 BACKPORT: net: inet: Support UID-based routing in IP protocols. - Use the UID in routing lookups made by protocol connect() and sendmsg() functions. - Make sure that routing lookups triggered by incoming packets (e.g., Path MTU discovery) take the UID of the socket into account. - For packets not associated with a userspace socket, (e.g., ping replies) use UID 0 inside the user namespace corresponding to the network namespace the socket belongs to. This allows all namespaces to apply routing and iptables rules to kernel-originated traffic in that namespaces by matching UID 0. This is better than using the UID of the kernel socket that is sending the traffic, because the UID of kernel sockets created at namespace creation time (e.g., the per-processor ICMP and TCP sockets) is the UID of the user that created the socket, which might not be mapped in the namespace. Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit e2d118a1cb5e60d077131a09db1d81b90a5295fe) [cernekee: backported from android-3.10 branch, with fixups for context] BUG= chromium:686577 TEST=compile-tested only Change-Id: I222e718d7da96caa71a44ee97b1150cf18c279c3 Reviewed-on: https://chromium-review.googlesource.com/633882 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv4/icmp.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/include/net/ip.h [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv4/tcp_ipv4.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/netfilter.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/datagram.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv4/ip_output.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/raw.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/include/net/route.h [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/af_inet6.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/udp.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/include/net/flow.h [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv4/udp.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv4/ping.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/l2tp/l2tp_ip6.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/syncookies.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/ipcomp6.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/route.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/esp6.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv4/syncookies.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/include/net/ip6_route.h [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv4/inet_connection_sock.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv4/route.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/tcp_ipv6.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/ah6.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv4/raw.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/icmp.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/inet6_connection_sock.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/ip6_tunnel.c [modify] https://crrev.com/48482b427b999c95e932e7f9da792903547daef8/net/ipv6/ip6_gre.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/acec833a4df24e9037e7da77eec19110c0634a54 commit acec833a4df24e9037e7da77eec19110c0634a54 Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Aug 26 04:52:44 2017 UPSTREAM: net: ipv4: Don't crash if passing a null sk to ip_rt_update_pmtu. Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") made __build_flow_key call sock_net(sk) to determine the network namespace of the passed-in socket. This crashes if sk is NULL. Fix this by getting the network namespace from the skb instead. Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") Reported-by: Erez Shitrit <erezsh@dev.mellanox.co.il> Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit d109e61bfe7a468fd8df4a7ceb65635e7aa909a0) BUG= chromium:686577 TEST=compile-tested only Change-Id: I6c82609e586f799e20f132aa59f8c8a2c3eca503 Reviewed-on: https://chromium-review.googlesource.com/634443 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/acec833a4df24e9037e7da77eec19110c0634a54/net/ipv4/route.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/6535d7c93d756342eb70014046925f8f486c6112 commit 6535d7c93d756342eb70014046925f8f486c6112 Author: Eric Biggers <ebiggers@google.com> Date: Sat Aug 26 04:52:45 2017 BACKPORT: net: socket: don't set sk_uid to garbage value in ->setattr() ->setattr() was recently implemented for socket files to sync the socket inode's uid to the new 'sk_uid' member of struct sock. It does this by copying over the ia_uid member of struct iattr. However, ia_uid is actually only valid when ATTR_UID is set in ia_valid, indicating that the uid is being changed, e.g. by chown. Other metadata operations such as chmod or utimes leave ia_uid uninitialized. Therefore, sk_uid could be set to a "garbage" value from the stack. Fix this by only copying the uid over when ATTR_UID is set. Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.") Signed-off-by: Eric Biggers <ebiggers@google.com> Tested-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit e1a3a60a2ebe991605acb14cd58e39c0545e174e) [cernekee: adjusted patch for different context in 3.8] BUG= chromium:686577 TEST=compile-tested only Change-Id: I4a07f0e571596c3751927d83ab8a31e1b03edbfa Reviewed-on: https://chromium-review.googlesource.com/634444 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/6535d7c93d756342eb70014046925f8f486c6112/net/socket.c
,
Aug 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/24619232285bcf2f534dac0c9732b8c7e50a5fc4 commit 24619232285bcf2f534dac0c9732b8c7e50a5fc4 Author: Lorenzo Colitti <lorenzo@google.com> Date: Sat Aug 26 04:52:46 2017 UPSTREAM: net: ipv4: Don't crash if passing a null sk to ip_do_redirect. Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") made ip_do_redirect call sock_net(sk) to determine the network namespace of the passed-in socket. This crashes if sk is NULL. Fix this by getting the network namespace from the skb instead. Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 7d99569460eae28b187d574aec930a4cf8b90441) BUG= chromium:686577 TEST=su chronos -c 'ping 8.8.8.8' & \ ip route add blackhole 0.0.0.0/0 table 86 ; \ ip rule add prio 100 uidrange 1000-1000 table 86 Change-Id: I74ee1276990443f01fbbd74ce03c973f367bd431 Reviewed-on: https://chromium-review.googlesource.com/634445 Commit-Ready: Kevin Cernekee <cernekee@chromium.org> Tested-by: Kevin Cernekee <cernekee@chromium.org> Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/24619232285bcf2f534dac0c9732b8c7e50a5fc4/net/ipv4/route.c
,
Aug 26 2017
,
Sep 7 2017
Since this bug was referenced in the 4.4->4.12 rebase notes document: Modern Linux kernels will return EINVAL if a user program specifies the old "pre-upstream" uidrange attributes. This breaks Android networking. The fix for NYC is http://go/ag/2814116 which is a backport of upstream netd commit 882e467ff7b83de868fa0b9a9beb9036bf14aede. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by bugdroid1@chromium.org
, Mar 1 2017