Enable SOCK_DESTROY for 4.4 , 3.18 and 3.14 kernels |
||||||||||||||
Issue descriptionBackport / Cherry-Pick patches to enable SOCK_DESTROY on 4.4, 3.18 and 3.14 . This is used to enable key scenarios for Android on Chrome OS.
,
Mar 30 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/815b71d99fbb9cee267c5fde31d1b595f95ac3c4 commit 815b71d99fbb9cee267c5fde31d1b595f95ac3c4 Author: Abhishek Bhardwaj <abhishekbh@google.com> Date: Thu Mar 30 02:03:06 2017 CHROMIUM: config: turn on inet diag and inet diag destroy Turn on CONFIG_INET_DIAG and CONFIG_INET_DIAG_DESTROY required by Android to nuke connections. BUG= 706213 TEST=Verified tcp connections were nuked on a WiFi toggle by \ checking with netstat -ant CQ-DEPEND=CL:461392, CL:461275 Change-Id: I9dd9bc558c607794e1e143abeba166c0bf010d74 Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/461393 Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/815b71d99fbb9cee267c5fde31d1b595f95ac3c4/chromeos/config/base.config
,
Mar 30 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/autotest/+/f06729f5b4d01be1a0c14691ab4d31b5987dabfe commit f06729f5b4d01be1a0c14691ab4d31b5987dabfe Author: Abhishek Bhardwaj <abhishekbh@google.com> Date: Thu Mar 30 02:03:05 2017 autotest: update test to expect INET_DIAG to be on In order to support SOCK_DESTROY the INET_DIAG configuration option is going to be turned on for all kernel versions >= 3.18. This change updates the test so that it no longer checks for INET_DIAG being turned off for kernel versions >= 3.18. It still checks it for kernel versions < 3.18. BUG= 706213 TEST=Run the test Change-Id: I1c12eb124641250d7b20260dec5170aac0ff08bb Reviewed-on: https://chromium-review.googlesource.com/461275 Commit-Ready: Abhishek Bhardwaj <abhishekbh@google.com> Tested-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/f06729f5b4d01be1a0c14691ab4d31b5987dabfe/client/site_tests/kernel_ConfigVerify/kernel_ConfigVerify.py
,
Mar 30 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/6aa5d1674544b5f327eb15182ae8bcdd7bde97a0 commit 6aa5d1674544b5f327eb15182ae8bcdd7bde97a0 Author: Lorenzo Colitti <lorenzo@google.com> Date: Thu Mar 30 03:48:30 2017 ANDROID: selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables Without this, using SOCK_DESTROY in enforcing mode results in: SELinux: unrecognized netlink message type=21 for sclass=32 This cherry picked commit actually adds SOCK_DESTROY_BACKPORT and not SOCK_DESTROY to the netlink mapping tables. BUG= 706213 TEST=Verified this messaged doesn't show when Android tries to nuke connections on a network toggle CQ-DEPEND=CL:451818, CL:461275 (cherry picked from commit 47be4c1862a864662721a98b6fbc415c6bda29df) android-review.googlesource.com/200245 kernel/common.git android-3.18 Change-Id: I7862bb0fc83573567243ffa9549a2c7405b5986d Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/451817 Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/6aa5d1674544b5f327eb15182ae8bcdd7bde97a0/security/selinux/nlmsgtab.c
,
Mar 30 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/84712ab35e12dd4c9947bf7ff48ae6c9d417bfde commit 84712ab35e12dd4c9947bf7ff48ae6c9d417bfde Author: Abhishek Bhardwaj <abhishekbh@google.com> Date: Thu Mar 30 03:48:31 2017 CHROMIUM: config: turn on inet diag and inet diag destroy Turn on CONFIG_INET_DIAG and CONFIG_INET_DIAG_DESTROY required by Android to nuke connections. BUG= 706213 TEST=Wrote and ran a test program to nuke all connections on user specified IP using SOCK_DESTROY. Verified all connections were nuked. CQ-DEPEND=CL:451817, CL:461275 Change-Id: I9dd9bc558c607794e1e143abeba166c0bf010d74 Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/451818 Reviewed-by: Dylan Reid <dgreid@chromium.org> [modify] https://crrev.com/84712ab35e12dd4c9947bf7ff48ae6c9d417bfde/chromeos/config/base.config
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/5fcb3e9169a5acf74eff825b2b6dde6ee7f101d4 commit 5fcb3e9169a5acf74eff825b2b6dde6ee7f101d4 Author: Johannes Berg <johannes.berg@intel.com> Date: Fri Mar 31 12:31:32 2017 UPSTREAM: netlink/genetlink: pass network namespace to bind/unbind Netlink families can exist in multiple namespaces, and for the most part multicast subscriptions are per network namespace. Thus it only makes sense to have bind/unbind notifications per network namespace. To achieve this, pass the network namespace of a given client socket to the bind/unbind functions. Also do this in generic netlink, and there also make sure that any bind for multicast groups that only exist in init_net is rejected. This isn't really a problem if it is accepted since a client in a different namespace will never receive any notifications from such a group, but it can confuse the family if not rejected (it's also possible to silently (without telling the family) accept it, but it would also have to be ignored on unbind so families that take any kind of action on bind/unbind won't do unnecessary work for invalid clients like that. BUG= 706213 TEST=Build and boot kernel Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 023e2cfa36c31b0ad28c159a1bb0d61ff57334c8) Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Change-Id: Ic6093f2ead5fab9744c629612777c6fc8b19843e Reviewed-on: https://chromium-review.googlesource.com/464188 Commit-Ready: Abhishek Bhardwaj <abhishekbh@google.com> Tested-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/5fcb3e9169a5acf74eff825b2b6dde6ee7f101d4/include/linux/netlink.h [modify] https://crrev.com/5fcb3e9169a5acf74eff825b2b6dde6ee7f101d4/net/netfilter/nfnetlink.c [modify] https://crrev.com/5fcb3e9169a5acf74eff825b2b6dde6ee7f101d4/net/netlink/af_netlink.c [modify] https://crrev.com/5fcb3e9169a5acf74eff825b2b6dde6ee7f101d4/net/netlink/af_netlink.h
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/2d0f44db4aad32c6354fad429be2146ab8658679 commit 2d0f44db4aad32c6354fad429be2146ab8658679 Author: Craig Gallek <kraig@google.com> Date: Fri Mar 31 12:31:33 2017 UPSTREAM: sock_diag: define destruction multicast groups These groups will contain socket-destruction events for AF_INET/AF_INET6, IPPROTO_TCP/IPPROTO_UDP. Near the end of socket destruction, a check for listeners is performed. In the presence of a listener, rather than completely cleanup the socket, a unit of work will be added to a private work queue which will first broadcast information about the socket and then finish the cleanup operation. BUG= 706213 TEST=Build and boot kernel Change-Id: Ia1d7cfde6166899688345dc54036cca6e2e492cf Signed-off-by: Craig Gallek <kraig@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit eb4cb008529ca08e0d8c0fa54e8f739520197a65) Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/464189 Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/2d0f44db4aad32c6354fad429be2146ab8658679/include/uapi/linux/sock_diag.h [modify] https://crrev.com/2d0f44db4aad32c6354fad429be2146ab8658679/net/core/sock.c [modify] https://crrev.com/2d0f44db4aad32c6354fad429be2146ab8658679/include/net/sock.h [modify] https://crrev.com/2d0f44db4aad32c6354fad429be2146ab8658679/net/core/sock_diag.c [modify] https://crrev.com/2d0f44db4aad32c6354fad429be2146ab8658679/include/linux/sock_diag.h
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/a97da7fbbf7fdc2fe32cda9373fe5de94ae9a09b commit a97da7fbbf7fdc2fe32cda9373fe5de94ae9a09b Author: Lorenzo Colitti <lorenzo@google.com> Date: Fri Mar 31 12:31:34 2017 BACKPORT: net: diag: Add the ability to destroy a socket. This patch adds a SOCK_DESTROY operation, a destroy function pointer to sock_diag_handler, and a diag_destroy function pointer. It does not include any implementation code. [backport of net-next 64be0aed59ad519d6f2160868734f7e278290ac1] BUG= 706213 TEST=Build and boot kernel Change-Id: Ic5327ff14b39dd268083ee4c1dc2c934b2820df5 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/464190 Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/a97da7fbbf7fdc2fe32cda9373fe5de94ae9a09b/include/uapi/linux/sock_diag.h [modify] https://crrev.com/a97da7fbbf7fdc2fe32cda9373fe5de94ae9a09b/include/net/sock.h [modify] https://crrev.com/a97da7fbbf7fdc2fe32cda9373fe5de94ae9a09b/net/core/sock_diag.c [modify] https://crrev.com/a97da7fbbf7fdc2fe32cda9373fe5de94ae9a09b/include/linux/sock_diag.h
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/6137bb5fe3578a482c8258c805e07bd78d34c4ff commit 6137bb5fe3578a482c8258c805e07bd78d34c4ff Author: Eric Dumazet <edumazet@google.com> Date: Fri Mar 31 12:31:35 2017 UPSTREAM: inet_diag: add const to inet_diag_req_v2 diag dumpers should not modify the request. BUG= 706213 TEST=Build and boot kernel Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 34160ea3f9c96b5ae71a11459f9b9f6c298b8930) Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Change-Id: Ie555e6d58ca3ebc6bfccaf2fe69a43e312a97943 Reviewed-on: https://chromium-review.googlesource.com/464191 Commit-Ready: Abhishek Bhardwaj <abhishekbh@google.com> Tested-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/6137bb5fe3578a482c8258c805e07bd78d34c4ff/net/dccp/diag.c [modify] https://crrev.com/6137bb5fe3578a482c8258c805e07bd78d34c4ff/net/ipv4/tcp_diag.c [modify] https://crrev.com/6137bb5fe3578a482c8258c805e07bd78d34c4ff/net/ipv4/udp_diag.c [modify] https://crrev.com/6137bb5fe3578a482c8258c805e07bd78d34c4ff/include/linux/inet_diag.h [modify] https://crrev.com/6137bb5fe3578a482c8258c805e07bd78d34c4ff/net/ipv4/inet_diag.c
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/9b06b613f73d5eb7d389d9665446d0142bc688d4 commit 9b06b613f73d5eb7d389d9665446d0142bc688d4 Author: Lorenzo Colitti <lorenzo@google.com> Date: Fri Mar 31 12:31:37 2017 BACKPORT: net: diag: Support SOCK_DESTROY for inet sockets. This passes the SOCK_DESTROY operation to the underlying protocol diag handler, or returns -EOPNOTSUPP if that handler does not define a destroy operation. Most of this patch is just renaming functions. This is not strictly necessary, but it would be fairly counterintuitive to have the code to destroy inet sockets be in a function whose name starts with inet_diag_get. [backport of net-next 6eb5d2e08f071c05ecbe135369c9ad418826cab2] BUG= 706213 TEST=Build and boot kernel Change-Id: Idc13a7def20f492a5323ad2f8de105426293bd37 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/464192 Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/9b06b613f73d5eb7d389d9665446d0142bc688d4/include/linux/inet_diag.h [modify] https://crrev.com/9b06b613f73d5eb7d389d9665446d0142bc688d4/net/ipv4/inet_diag.c
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/44dd7fb0158c9ec61ad1662b72f27ff34db19305 commit 44dd7fb0158c9ec61ad1662b72f27ff34db19305 Author: Lorenzo Colitti <lorenzo@google.com> Date: Fri Mar 31 12:31:38 2017 UPSTREAM: net: diag: split inet_diag_dump_one_icsk into two Currently, inet_diag_dump_one_icsk finds a socket and then dumps its information to userspace. Split it into a part that finds the socket and a part that dumps the information. [cherry-pick of net-next b613f56ec9baf30edf5d9d607b822532a273dad7] BUG= 706213 TEST=Build and boot kernel Change-Id: I144765afb6ff1cd66eb4757c9418112fb0b08a6f Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/464193 Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/44dd7fb0158c9ec61ad1662b72f27ff34db19305/include/linux/inet_diag.h [modify] https://crrev.com/44dd7fb0158c9ec61ad1662b72f27ff34db19305/net/ipv4/inet_diag.c
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/9cd5cc67d833ae4a6aef2bf33ba8fba22a07e658 commit 9cd5cc67d833ae4a6aef2bf33ba8fba22a07e658 Author: Eric Dumazet <edumazet@google.com> Date: Fri Mar 31 12:31:39 2017 UPSTREAM: net: diag: support v4mapped sockets in inet_diag_find_one_icsk() Lorenzo reported that we could not properly find v4mapped sockets in inet_diag_find_one_icsk(). This patch fixes the issue. BUG= 706213 TEST=Build and boot kernel Reported-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 7c1306723ee916ea9f1fa7d9e4c7a6d029ca7aaf) Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Change-Id: I784bb5d31d5a91df222be3845d1c9f10e1bb12b7 Reviewed-on: https://chromium-review.googlesource.com/464194 Commit-Ready: Abhishek Bhardwaj <abhishekbh@google.com> Tested-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/9cd5cc67d833ae4a6aef2bf33ba8fba22a07e658/net/ipv4/inet_diag.c
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/64eb22143dfa95625ab701e551d2483b35b67b99 commit 64eb22143dfa95625ab701e551d2483b35b67b99 Author: Lorenzo Colitti <lorenzo@google.com> Date: Fri Mar 31 12:31:40 2017 UPSTREAM: net: diag: Support destroying TCP sockets. This implements SOCK_DESTROY for TCP sockets. It causes all blocking calls on the socket to fail fast with ECONNABORTED and causes a protocol close of the socket. It informs the other end of the connection by sending a RST, i.e., initiating a TCP ABORT as per RFC 793. ECONNABORTED was chosen for consistency with FreeBSD. [cherry-pick of net-next c1e64e298b8cad309091b95d8436a0255c84f54a] BUG= 706213 TEST=Build and boot kernel Change-Id: I728a01ef03f2ccfb9016a3f3051ef00975980e49 Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/464195 Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/64eb22143dfa95625ab701e551d2483b35b67b99/net/ipv4/Kconfig [modify] https://crrev.com/64eb22143dfa95625ab701e551d2483b35b67b99/net/ipv4/tcp.c [modify] https://crrev.com/64eb22143dfa95625ab701e551d2483b35b67b99/net/ipv6/tcp_ipv6.c [modify] https://crrev.com/64eb22143dfa95625ab701e551d2483b35b67b99/net/ipv4/tcp_ipv4.c [modify] https://crrev.com/64eb22143dfa95625ab701e551d2483b35b67b99/net/ipv4/tcp_diag.c [modify] https://crrev.com/64eb22143dfa95625ab701e551d2483b35b67b99/include/net/tcp.h
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/8013de3663805ee2cbd1cc7bd2ba186013360b17 commit 8013de3663805ee2cbd1cc7bd2ba186013360b17 Author: Lorenzo Colitti <lorenzo@google.com> Date: Fri Mar 31 12:31:41 2017 UPSTREAM: net: tcp: deal with listen sockets properly in tcp_abort. When closing a listen socket, tcp_abort currently calls tcp_done without clearing the request queue. If the socket has a child socket that is established but not yet accepted, the child socket is then left without a parent, causing a leak. Fix this by setting the socket state to TCP_CLOSE and calling inet_csk_listen_stop with the socket lock held, like tcp_close does. Tested using net_test. With this patch, calling SOCK_DESTROY on a listen socket that has an established but not yet accepted child socket results in the parent and the child being closed, such that they no longer appear in sock_diag dumps. BUG= 706213 TEST=Build and boot kernel Change-Id: I0555a142f11d8b36362ffd7c8ef4a5ecae8987c9 Reported-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from net-next commit 2010b93e9317cc12acd20c4aed385af7f9d1681e) Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/464196 Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/8013de3663805ee2cbd1cc7bd2ba186013360b17/net/ipv4/tcp.c
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/df99cbb8e73828e63970e6f117f89da9c1cb6ed2 commit df99cbb8e73828e63970e6f117f89da9c1cb6ed2 Author: Lorenzo Colitti <lorenzo@google.com> Date: Fri Mar 31 12:31:42 2017 ANDROID: selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables Without this, using SOCK_DESTROY in enforcing mode results in: SELinux: unrecognized netlink message type=21 for sclass=32 This cherry picked commit actually adds SOCK_DESTROY_BACKPORT and not SOCK_DESTROY to the netlink mapping tables. BUG= 706213 TEST=Verified this messaged doesn't show when Android tries to nuke connections on a network toggle (cherry picked from commit 47be4c1862a864662721a98b6fbc415c6bda29df) android-review.googlesource.com/200245 kernel/common.git android-3.18 Change-Id: I7862bb0fc83573567243ffa9549a2c7405b5986d Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/464197 Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/df99cbb8e73828e63970e6f117f89da9c1cb6ed2/security/selinux/nlmsgtab.c
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/839c4733b0086a91b51c9b30d617cdc7b46f1ebe commit 839c4733b0086a91b51c9b30d617cdc7b46f1ebe Author: Abhishek Bhardwaj <abhishekbh@google.com> Date: Fri Mar 31 12:31:43 2017 CHROMIUM: config: turn on inet diag and inet diag destroy Turn on CONFIG_INET_DIAG and CONFIG_INET_DIAG_DESTROY required by Android to nuke connections. BUG= 706213 TEST=Verified sockets were destroyed with an independent program using SOCK_DESTROY CQ-DEPEND=CL:464187 Change-Id: I9dd9bc558c607794e1e143abeba166c0bf010d74 Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/464198 Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/839c4733b0086a91b51c9b30d617cdc7b46f1ebe/chromeos/config/base.config
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/4d63d95b7d355861a0e07259e9c1f16372593122 commit 4d63d95b7d355861a0e07259e9c1f16372593122 Author: Eric Dumazet <edumazet@google.com> Date: Fri Mar 31 12:31:45 2017 UPSTREAM net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. BUG= 706213 TEST=Build and boot kernel Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 33cf7c90fe2f97afb1cadaa0cfb782cb9d1b9ee2) Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Change-Id: I91ab2fb01d97be92ae605adc3cf720fa87d06403 Reviewed-on: https://chromium-review.googlesource.com/464199 Commit-Ready: Abhishek Bhardwaj <abhishekbh@google.com> Tested-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/4d63d95b7d355861a0e07259e9c1f16372593122/net/ipv4/inet_connection_sock.c [modify] https://crrev.com/4d63d95b7d355861a0e07259e9c1f16372593122/net/core/sock_diag.c [modify] https://crrev.com/4d63d95b7d355861a0e07259e9c1f16372593122/net/ipv4/inet_diag.c [modify] https://crrev.com/4d63d95b7d355861a0e07259e9c1f16372593122/include/net/inet_timewait_sock.h [modify] https://crrev.com/4d63d95b7d355861a0e07259e9c1f16372593122/net/ipv4/inet_timewait_sock.c [modify] https://crrev.com/4d63d95b7d355861a0e07259e9c1f16372593122/include/net/net_namespace.h [modify] https://crrev.com/4d63d95b7d355861a0e07259e9c1f16372593122/include/net/sock.h [modify] https://crrev.com/4d63d95b7d355861a0e07259e9c1f16372593122/include/net/inet_sock.h [modify] https://crrev.com/4d63d95b7d355861a0e07259e9c1f16372593122/net/dccp/ipv4.c [modify] https://crrev.com/4d63d95b7d355861a0e07259e9c1f16372593122/net/core/sock.c [modify] https://crrev.com/4d63d95b7d355861a0e07259e9c1f16372593122/include/linux/sock_diag.h [modify] https://crrev.com/4d63d95b7d355861a0e07259e9c1f16372593122/net/ipv4/syncookies.c
,
Mar 31 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/autotest/+/1edcdf21701a821fac365067ba9fc8bc665cdd77 commit 1edcdf21701a821fac365067ba9fc8bc665cdd77 Author: Abhishek Bhardwaj <abhishekbh@google.com> Date: Fri Mar 31 12:31:44 2017 autotest: update test to expect INET_DIAG to be on for 3.14 Update the kernel_ConfigVerify test to expect INET_DIAG to be on for 3.14. BUG= 706213 TEST=Run test against 3.14 CQ-DEPEND=CL:464198 Change-Id: Ie809e2029af2b74b8080b99f147bb0962843b819 Reviewed-on: https://chromium-review.googlesource.com/464187 Commit-Ready: Abhishek Bhardwaj <abhishekbh@google.com> Tested-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-by: Kevin Cernekee <cernekee@chromium.org> [modify] https://crrev.com/1edcdf21701a821fac365067ba9fc8bc665cdd77/client/site_tests/kernel_ConfigVerify/kernel_ConfigVerify.py
,
Apr 5 2017
,
Apr 5 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/e32fc2197e1e8413fec7efbde3140df701fb8181 commit e32fc2197e1e8413fec7efbde3140df701fb8181 Author: Lorenzo Colitti <lorenzo@google.com> Date: Wed Apr 05 16:46:26 2017 ANDROID: selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables Without this, using SOCK_DESTROY in enforcing mode results in: SELinux: unrecognized netlink message type=21 for sclass=32 This cherry picked commit actually adds SOCK_DESTROY_BACKPORT and not SOCK_DESTROY to the netlink mapping tables. BUG= 706213 TEST=Verified this messaged doesn't show when Android tries to nuke connections on a network toggle CQ-DEPEND=CL:468398, CL:468408 (cherry picked from commit 47be4c1862a864662721a98b6fbc415c6bda29df) android-review.googlesource.com/200245 kernel/common.git android-3.18 Change-Id: I7862bb0fc83573567243ffa9549a2c7405b5986d Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/451817 Reviewed-by: Kevin Cernekee <cernekee@chromium.org> (cherry picked from commit 6aa5d1674544b5f327eb15182ae8bcdd7bde97a0) Reviewed-on: https://chromium-review.googlesource.com/468397 [modify] https://crrev.com/e32fc2197e1e8413fec7efbde3140df701fb8181/security/selinux/nlmsgtab.c
,
Apr 5 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/d45255c5542ded7ea1588589e32840dc646f6cb9 commit d45255c5542ded7ea1588589e32840dc646f6cb9 Author: Abhishek Bhardwaj <abhishekbh@google.com> Date: Wed Apr 05 16:46:36 2017 CHROMIUM: config: turn on inet diag and inet diag destroy Turn on CONFIG_INET_DIAG and CONFIG_INET_DIAG_DESTROY required by Android to nuke connections. BUG= 706213 TEST=Wrote and ran a test program to nuke all connections on user specified IP using SOCK_DESTROY. Verified all connections were nuked. CQ-DEPEND=CL:468397, CL:468408 Change-Id: I9dd9bc558c607794e1e143abeba166c0bf010d74 Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/451818 Reviewed-by: Dylan Reid <dgreid@chromium.org> (cherry picked from commit 84712ab35e12dd4c9947bf7ff48ae6c9d417bfde) Reviewed-on: https://chromium-review.googlesource.com/468398 [modify] https://crrev.com/d45255c5542ded7ea1588589e32840dc646f6cb9/chromeos/config/base.config
,
Apr 5 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/autotest/+/15f172962b8aeec7b2ac97a2c4c2273b447999b2 commit 15f172962b8aeec7b2ac97a2c4c2273b447999b2 Author: Abhishek Bhardwaj <abhishekbh@google.com> Date: Wed Apr 05 16:47:04 2017 autotest: update test to expect INET_DIAG to be on In order to support SOCK_DESTROY the INET_DIAG configuration option is going to be turned on for all kernel versions >= 3.18. This change updates the test so that it no longer checks for INET_DIAG being turned off for kernel versions >= 3.18. It still checks it for kernel versions < 3.18. BUG= 706213 TEST=Run the test Change-Id: I1c12eb124641250d7b20260dec5170aac0ff08bb Reviewed-on: https://chromium-review.googlesource.com/461275 Commit-Ready: Abhishek Bhardwaj <abhishekbh@google.com> Tested-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-by: Kevin Cernekee <cernekee@chromium.org> (cherry picked from commit f06729f5b4d01be1a0c14691ab4d31b5987dabfe) Reviewed-on: https://chromium-review.googlesource.com/468408 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> Commit-Queue: Abhishek Bhardwaj <abhishekbh@google.com> Trybot-Ready: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/15f172962b8aeec7b2ac97a2c4c2273b447999b2/client/site_tests/kernel_ConfigVerify/kernel_ConfigVerify.py
,
Apr 5 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/771d7889abf4746ec7a6ed6fed4f25e0b21d8916 commit 771d7889abf4746ec7a6ed6fed4f25e0b21d8916 Author: Abhishek Bhardwaj <abhishekbh@google.com> Date: Wed Apr 05 16:47:41 2017 CHROMIUM: config: turn on inet diag and inet diag destroy Turn on CONFIG_INET_DIAG and CONFIG_INET_DIAG_DESTROY required by Android to nuke connections. BUG= 706213 TEST=Verified tcp connections were nuked on a WiFi toggle by \ checking with netstat -ant CQ-DEPEND=CL:468395, CL:468408 Change-Id: I9dd9bc558c607794e1e143abeba166c0bf010d74 Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-on: https://chromium-review.googlesource.com/461393 Reviewed-by: Kevin Cernekee <cernekee@chromium.org> (cherry picked from commit 815b71d99fbb9cee267c5fde31d1b595f95ac3c4) Reviewed-on: https://chromium-review.googlesource.com/468399 [modify] https://crrev.com/771d7889abf4746ec7a6ed6fed4f25e0b21d8916/chromeos/config/base.config
,
Apr 5 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/0e0a1d1b71c43d778cabc0942759f0e70347251e commit 0e0a1d1b71c43d778cabc0942759f0e70347251e Author: Eric Dumazet <edumazet@google.com> Date: Wed Apr 05 16:47:24 2017 UPSTREAM: net: add real socket cookies A long standing problem in netlink socket dumps is the use of kernel socket addresses as cookies. 1) It is a security concern. 2) Sockets can be reused quite quickly, so there is no guarantee a cookie is used once and identify a flow. 3) request sock, establish sock, and timewait socks for a given flow have different cookies. Part of our effort to bring better TCP statistics requires to switch to a different allocator. In this patch, I chose to use a per network namespace 64bit generator, and to use it only in the case a socket needs to be dumped to netlink. (This might be refined later if needed) Note that I tried to carry cookies from request sock, to establish sock, then timewait sockets. BUG= 706213 TEST=Wrote and ran a test program to nuke all connections on user specified IP using SOCK_DESTROY. Verified all connections were nuked. CQ-DEPEND=CL:468399, CL:468408 Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Eric Salo <salo@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 33cf7c90fe2f97afb1cadaa0cfb782cb9d1b9ee2) Signed-off-by: Abhishek Bhardwaj <abhishekbh@google.com> Change-Id: I8a727c57fe741c57fbcfe7f4a36342409f6c7e80 Reviewed-on: https://chromium-review.googlesource.com/461392 Commit-Ready: Abhishek Bhardwaj <abhishekbh@google.com> Tested-by: Abhishek Bhardwaj <abhishekbh@google.com> Reviewed-by: Kevin Cernekee <cernekee@chromium.org> (cherry picked from commit f9553f2349f77eae42412c5cf1edb7f36f3384c1) Reviewed-on: https://chromium-review.googlesource.com/468395 Reviewed-by: Abhishek Bhardwaj <abhishekbh@google.com> Commit-Queue: Abhishek Bhardwaj <abhishekbh@google.com> Trybot-Ready: Abhishek Bhardwaj <abhishekbh@google.com> [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/net/ipv4/tcp_input.c [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/net/ipv4/inet_connection_sock.c [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/net/core/sock_diag.c [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/net/ipv4/inet_diag.c [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/include/net/inet_timewait_sock.h [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/net/ipv4/inet_timewait_sock.c [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/include/net/net_namespace.h [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/include/net/sock.h [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/include/net/inet_sock.h [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/net/dccp/ipv4.c [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/net/core/sock.c [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/include/linux/sock_diag.h [modify] https://crrev.com/0e0a1d1b71c43d778cabc0942759f0e70347251e/net/ipv4/syncookies.c
,
Apr 6 2017
Your change meets the bar and is auto-approved for M58. Please go ahead and merge the CL to branch 3029 manually. Please contact milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 10 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 14 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 29 2017
This issue hasn't been updated in the last 6 weeks, so removing its merge approval label. Please re-request a merge if needed. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 30 2017
,
Aug 1 2017
,
Jan 22 2018
|
||||||||||||||
►
Sign in to add a comment |
||||||||||||||
Comment 1 by bugdroid1@chromium.org
, Mar 30 2017