* linux-next: manual merge of the selinux tree with the net-next tree
@ 2018-03-05 1:40 Stephen Rothwell
2018-03-05 7:03 ` Xin Long
2018-03-08 2:07 ` Stephen Rothwell
0 siblings, 2 replies; 20+ messages in thread
From: Stephen Rothwell @ 2018-03-05 1:40 UTC (permalink / raw)
To: Paul Moore, David Miller, Networking
Cc: Linux-Next Mailing List, Linux Kernel Mailing List,
Richard Haines, Xin Long
[-- Attachment #1: Type: text/plain, Size: 17358 bytes --]
Hi Paul,
Today's linux-next merge of the selinux tree got a conflict in:
net/sctp/socket.c
between several refactoring commits from the net-next tree and commit:
2277c7cd75e3 ("sctp: Add LSM hooks")
from the selinux tree.
I fixed it up (I think - see below) and can carry the fix as
necessary. This is now fixed as far as linux-next is concerned, but any
non trivial conflicts should be mentioned to your upstream maintainer
when your tree is submitted for merging. You may also want to consider
cooperating with the maintainer of the conflicting tree to minimise any
particularly complex conflicts.
--
Cheers,
Stephen Rothwell
diff --cc net/sctp/socket.c
index 7fa76031bb08,73b34a6b5b09..000000000000
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@@ -1606,193 -1622,362 +1622,209 @@@ static int sctp_error(struct sock *sk,
static int sctp_msghdr_parse(const struct msghdr *msg,
struct sctp_cmsgs *cmsgs);
-static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len)
+static int sctp_sendmsg_parse(struct sock *sk, struct sctp_cmsgs *cmsgs,
+ struct sctp_sndrcvinfo *srinfo,
+ const struct msghdr *msg, size_t msg_len)
{
- struct net *net = sock_net(sk);
- struct sctp_sock *sp;
- struct sctp_endpoint *ep;
- struct sctp_association *new_asoc = NULL, *asoc = NULL;
- struct sctp_transport *transport, *chunk_tp;
- struct sctp_chunk *chunk;
- union sctp_addr to;
- struct sctp_af *af;
- struct sockaddr *msg_name = NULL;
- struct sctp_sndrcvinfo default_sinfo;
- struct sctp_sndrcvinfo *sinfo;
- struct sctp_initmsg *sinit;
- sctp_assoc_t associd = 0;
- struct sctp_cmsgs cmsgs = { NULL };
- enum sctp_scope scope;
- bool fill_sinfo_ttl = false, wait_connect = false;
- struct sctp_datamsg *datamsg;
- int msg_flags = msg->msg_flags;
- __u16 sinfo_flags = 0;
- long timeo;
+ __u16 sflags;
int err;
- err = 0;
- sp = sctp_sk(sk);
- ep = sp->ep;
-
- pr_debug("%s: sk:%p, msg:%p, msg_len:%zu ep:%p\n", __func__, sk,
- msg, msg_len, ep);
+ if (sctp_sstate(sk, LISTENING) && sctp_style(sk, TCP))
+ return -EPIPE;
- /* We cannot send a message over a TCP-style listening socket. */
- if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)) {
- err = -EPIPE;
- goto out_nounlock;
- }
+ if (msg_len > sk->sk_sndbuf)
+ return -EMSGSIZE;
- /* Parse out the SCTP CMSGs. */
- err = sctp_msghdr_parse(msg, &cmsgs);
+ memset(cmsgs, 0, sizeof(*cmsgs));
+ err = sctp_msghdr_parse(msg, cmsgs);
if (err) {
pr_debug("%s: msghdr parse err:%x\n", __func__, err);
- goto out_nounlock;
+ return err;
}
- /* Fetch the destination address for this packet. This
- * address only selects the association--it is not necessarily
- * the address we will send to.
- * For a peeled-off socket, msg_name is ignored.
- */
- if (!sctp_style(sk, UDP_HIGH_BANDWIDTH) && msg->msg_name) {
- int msg_namelen = msg->msg_namelen;
-
- err = sctp_verify_addr(sk, (union sctp_addr *)msg->msg_name,
- msg_namelen);
- if (err)
- return err;
-
- if (msg_namelen > sizeof(to))
- msg_namelen = sizeof(to);
- memcpy(&to, msg->msg_name, msg_namelen);
- msg_name = msg->msg_name;
+ memset(srinfo, 0, sizeof(*srinfo));
+ if (cmsgs->srinfo) {
+ srinfo->sinfo_stream = cmsgs->srinfo->sinfo_stream;
+ srinfo->sinfo_flags = cmsgs->srinfo->sinfo_flags;
+ srinfo->sinfo_ppid = cmsgs->srinfo->sinfo_ppid;
+ srinfo->sinfo_context = cmsgs->srinfo->sinfo_context;
+ srinfo->sinfo_assoc_id = cmsgs->srinfo->sinfo_assoc_id;
+ srinfo->sinfo_timetolive = cmsgs->srinfo->sinfo_timetolive;
}
- sinit = cmsgs.init;
- if (cmsgs.sinfo != NULL) {
- memset(&default_sinfo, 0, sizeof(default_sinfo));
- default_sinfo.sinfo_stream = cmsgs.sinfo->snd_sid;
- default_sinfo.sinfo_flags = cmsgs.sinfo->snd_flags;
- default_sinfo.sinfo_ppid = cmsgs.sinfo->snd_ppid;
- default_sinfo.sinfo_context = cmsgs.sinfo->snd_context;
- default_sinfo.sinfo_assoc_id = cmsgs.sinfo->snd_assoc_id;
-
- sinfo = &default_sinfo;
- fill_sinfo_ttl = true;
- } else {
- sinfo = cmsgs.srinfo;
- }
- /* Did the user specify SNDINFO/SNDRCVINFO? */
- if (sinfo) {
- sinfo_flags = sinfo->sinfo_flags;
- associd = sinfo->sinfo_assoc_id;
+ if (cmsgs->sinfo) {
+ srinfo->sinfo_stream = cmsgs->sinfo->snd_sid;
+ srinfo->sinfo_flags = cmsgs->sinfo->snd_flags;
+ srinfo->sinfo_ppid = cmsgs->sinfo->snd_ppid;
+ srinfo->sinfo_context = cmsgs->sinfo->snd_context;
+ srinfo->sinfo_assoc_id = cmsgs->sinfo->snd_assoc_id;
}
- pr_debug("%s: msg_len:%zu, sinfo_flags:0x%x\n", __func__,
- msg_len, sinfo_flags);
+ sflags = srinfo->sinfo_flags;
+ if (!sflags && msg_len)
+ return 0;
- /* SCTP_EOF or SCTP_ABORT cannot be set on a TCP-style socket. */
- if (sctp_style(sk, TCP) && (sinfo_flags & (SCTP_EOF | SCTP_ABORT))) {
- err = -EINVAL;
- goto out_nounlock;
- }
+ if (sctp_style(sk, TCP) && (sflags & (SCTP_EOF | SCTP_ABORT)))
+ return -EINVAL;
- /* If SCTP_EOF is set, no data can be sent. Disallow sending zero
- * length messages when SCTP_EOF|SCTP_ABORT is not set.
- * If SCTP_ABORT is set, the message length could be non zero with
- * the msg_iov set to the user abort reason.
- */
- if (((sinfo_flags & SCTP_EOF) && (msg_len > 0)) ||
- (!(sinfo_flags & (SCTP_EOF|SCTP_ABORT)) && (msg_len == 0))) {
- err = -EINVAL;
- goto out_nounlock;
- }
+ if (((sflags & SCTP_EOF) && msg_len > 0) ||
+ (!(sflags & (SCTP_EOF | SCTP_ABORT)) && msg_len == 0))
+ return -EINVAL;
- /* If SCTP_ADDR_OVER is set, there must be an address
- * specified in msg_name.
- */
- if ((sinfo_flags & SCTP_ADDR_OVER) && (!msg->msg_name)) {
- err = -EINVAL;
- goto out_nounlock;
- }
+ if ((sflags & SCTP_ADDR_OVER) && !msg->msg_name)
+ return -EINVAL;
- transport = NULL;
+ return 0;
+}
- pr_debug("%s: about to look up association\n", __func__);
+static int sctp_sendmsg_new_asoc(struct sock *sk, __u16 sflags,
+ struct sctp_cmsgs *cmsgs,
+ union sctp_addr *daddr,
+ struct sctp_transport **tp)
+{
+ struct sctp_endpoint *ep = sctp_sk(sk)->ep;
+ struct net *net = sock_net(sk);
+ struct sctp_association *asoc;
+ enum sctp_scope scope;
++ struct sctp_af *af;
+ int err = -EINVAL;
- lock_sock(sk);
+ *tp = NULL;
- /* If a msg_name has been specified, assume this is to be used. */
- if (msg_name) {
- /* Look for a matching association on the endpoint. */
- asoc = sctp_endpoint_lookup_assoc(ep, &to, &transport);
+ if (sflags & (SCTP_EOF | SCTP_ABORT))
+ return -EINVAL;
- /* If we could not find a matching association on the
- * endpoint, make sure that it is not a TCP-style
- * socket that already has an association or there is
- * no peeled-off association on another socket.
- */
- if (!asoc &&
- ((sctp_style(sk, TCP) &&
- (sctp_sstate(sk, ESTABLISHED) ||
- sctp_sstate(sk, CLOSING))) ||
- sctp_endpoint_is_peeled_off(ep, &to))) {
- err = -EADDRNOTAVAIL;
- goto out_unlock;
- }
+ if (sctp_style(sk, TCP) && (sctp_sstate(sk, ESTABLISHED) ||
+ sctp_sstate(sk, CLOSING)))
+ return -EADDRNOTAVAIL;
+
+ if (sctp_endpoint_is_peeled_off(ep, daddr))
+ return -EADDRNOTAVAIL;
+
+ if (!ep->base.bind_addr.port) {
+ if (sctp_autobind(sk))
+ return -EAGAIN;
} else {
- asoc = sctp_id2assoc(sk, associd);
- if (!asoc) {
- err = -EPIPE;
- goto out_unlock;
- }
+ if (ep->base.bind_addr.port < inet_prot_sock(net) &&
+ !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
+ return -EACCES;
}
- if (asoc) {
- pr_debug("%s: just looked up association:%p\n", __func__, asoc);
+ scope = sctp_scope(daddr);
- /* We cannot send a message on a TCP-style SCTP_SS_ESTABLISHED
- * socket that has an association in CLOSED state. This can
- * happen when an accepted socket has an association that is
- * already CLOSED.
- */
- if (sctp_state(asoc, CLOSED) && sctp_style(sk, TCP)) {
- err = -EPIPE;
- goto out_unlock;
- }
++ /* Label connection socket for first association 1-to-many
++ * style for client sequence socket()->sendmsg(). This
++ * needs to be done before sctp_assoc_add_peer() as that will
++ * set up the initial packet that needs to account for any
++ * security ip options (CIPSO/CALIPSO) added to the packet.
++ */
++ af = sctp_get_af_specific(daddr->sa.sa_family);
++ if (!af)
++ return -EINVAL;
++ err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
++ (struct sockaddr *)daddr,
++ af->sockaddr_len);
++ if (err < 0)
++ return err;
+
- if (sinfo_flags & SCTP_EOF) {
- pr_debug("%s: shutting down association:%p\n",
- __func__, asoc);
+ asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
+ if (!asoc)
+ return -ENOMEM;
- sctp_primitive_SHUTDOWN(net, asoc, NULL);
- err = 0;
- goto out_unlock;
- }
- if (sinfo_flags & SCTP_ABORT) {
+ if (sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL) < 0) {
+ err = -ENOMEM;
+ goto free;
+ }
- chunk = sctp_make_abort_user(asoc, msg, msg_len);
- if (!chunk) {
- err = -ENOMEM;
- goto out_unlock;
- }
+ if (cmsgs->init) {
+ struct sctp_initmsg *init = cmsgs->init;
- pr_debug("%s: aborting association:%p\n",
- __func__, asoc);
+ if (init->sinit_num_ostreams) {
+ __u16 outcnt = init->sinit_num_ostreams;
- sctp_primitive_ABORT(net, asoc, chunk);
- err = 0;
- goto out_unlock;
+ asoc->c.sinit_num_ostreams = outcnt;
+ /* outcnt has been changed, need to re-init stream */
+ err = sctp_stream_init(&asoc->stream, outcnt, 0,
+ GFP_KERNEL);
+ if (err)
+ goto free;
}
- }
- /* Do we need to create the association? */
- if (!asoc) {
- pr_debug("%s: there is no association yet\n", __func__);
+ if (init->sinit_max_instreams)
+ asoc->c.sinit_max_instreams = init->sinit_max_instreams;
- if (sinfo_flags & (SCTP_EOF | SCTP_ABORT)) {
- err = -EINVAL;
- goto out_unlock;
- }
+ if (init->sinit_max_attempts)
+ asoc->max_init_attempts = init->sinit_max_attempts;
- /* Check for invalid stream against the stream counts,
- * either the default or the user specified stream counts.
- */
- if (sinfo) {
- if (!sinit || !sinit->sinit_num_ostreams) {
- /* Check against the defaults. */
- if (sinfo->sinfo_stream >=
- sp->initmsg.sinit_num_ostreams) {
- err = -EINVAL;
- goto out_unlock;
- }
- } else {
- /* Check against the requested. */
- if (sinfo->sinfo_stream >=
- sinit->sinit_num_ostreams) {
- err = -EINVAL;
- goto out_unlock;
- }
- }
- }
+ if (init->sinit_max_init_timeo)
+ asoc->max_init_timeo =
+ msecs_to_jiffies(init->sinit_max_init_timeo);
+ }
- /*
- * API 3.1.2 bind() - UDP Style Syntax
- * If a bind() or sctp_bindx() is not called prior to a
- * sendmsg() call that initiates a new association, the
- * system picks an ephemeral port and will choose an address
- * set equivalent to binding with a wildcard address.
- */
- if (!ep->base.bind_addr.port) {
- if (sctp_autobind(sk)) {
- err = -EAGAIN;
- goto out_unlock;
- }
- } else {
- /*
- * If an unprivileged user inherits a one-to-many
- * style socket with open associations on a privileged
- * port, it MAY be permitted to accept new associations,
- * but it SHOULD NOT be permitted to open new
- * associations.
- */
- if (ep->base.bind_addr.port < inet_prot_sock(net) &&
- !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) {
- err = -EACCES;
- goto out_unlock;
- }
- }
+ *tp = sctp_assoc_add_peer(asoc, daddr, GFP_KERNEL, SCTP_UNKNOWN);
+ if (!*tp) {
+ err = -ENOMEM;
+ goto free;
+ }
- scope = sctp_scope(&to);
+ return 0;
- /* Label connection socket for first association 1-to-many
- * style for client sequence socket()->sendmsg(). This
- * needs to be done before sctp_assoc_add_peer() as that will
- * set up the initial packet that needs to account for any
- * security ip options (CIPSO/CALIPSO) added to the packet.
- */
- af = sctp_get_af_specific(to.sa.sa_family);
- if (!af) {
- err = -EINVAL;
- goto out_unlock;
- }
- err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
- (struct sockaddr *)&to,
- af->sockaddr_len);
- if (err < 0)
- goto out_unlock;
+free:
+ sctp_association_free(asoc);
+ return err;
+}
- new_asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
- if (!new_asoc) {
- err = -ENOMEM;
- goto out_unlock;
- }
- asoc = new_asoc;
- err = sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL);
- if (err < 0) {
- err = -ENOMEM;
- goto out_free;
- }
+static int sctp_sendmsg_check_sflags(struct sctp_association *asoc,
+ __u16 sflags, struct msghdr *msg,
+ size_t msg_len)
+{
+ struct sock *sk = asoc->base.sk;
+ struct net *net = sock_net(sk);
- /* If the SCTP_INIT ancillary data is specified, set all
- * the association init values accordingly.
- */
- if (sinit) {
- if (sinit->sinit_num_ostreams) {
- __u16 outcnt = sinit->sinit_num_ostreams;
-
- asoc->c.sinit_num_ostreams = outcnt;
- /* outcnt has been changed, so re-init stream */
- err = sctp_stream_init(&asoc->stream, outcnt, 0,
- GFP_KERNEL);
- if (err)
- goto out_free;
- }
- if (sinit->sinit_max_instreams) {
- asoc->c.sinit_max_instreams =
- sinit->sinit_max_instreams;
- }
- if (sinit->sinit_max_attempts) {
- asoc->max_init_attempts
- = sinit->sinit_max_attempts;
- }
- if (sinit->sinit_max_init_timeo) {
- asoc->max_init_timeo =
- msecs_to_jiffies(sinit->sinit_max_init_timeo);
- }
- }
+ if (sctp_state(asoc, CLOSED) && sctp_style(sk, TCP))
+ return -EPIPE;
- /* Prime the peer's transport structures. */
- transport = sctp_assoc_add_peer(asoc, &to, GFP_KERNEL, SCTP_UNKNOWN);
- if (!transport) {
- err = -ENOMEM;
- goto out_free;
- }
+ if (sflags & SCTP_EOF) {
+ pr_debug("%s: shutting down association:%p\n", __func__, asoc);
+ sctp_primitive_SHUTDOWN(net, asoc, NULL);
+
+ return 0;
}
- /* ASSERT: we have a valid association at this point. */
- pr_debug("%s: we have a valid association\n", __func__);
+ if (sflags & SCTP_ABORT) {
+ struct sctp_chunk *chunk;
- if (!sinfo) {
- /* If the user didn't specify SNDINFO/SNDRCVINFO, make up
- * one with some defaults.
- */
- memset(&default_sinfo, 0, sizeof(default_sinfo));
- default_sinfo.sinfo_stream = asoc->default_stream;
- default_sinfo.sinfo_flags = asoc->default_flags;
- default_sinfo.sinfo_ppid = asoc->default_ppid;
- default_sinfo.sinfo_context = asoc->default_context;
- default_sinfo.sinfo_timetolive = asoc->default_timetolive;
- default_sinfo.sinfo_assoc_id = sctp_assoc2id(asoc);
-
- sinfo = &default_sinfo;
- } else if (fill_sinfo_ttl) {
- /* In case SNDINFO was specified, we still need to fill
- * it with a default ttl from the assoc here.
- */
- sinfo->sinfo_timetolive = asoc->default_timetolive;
- }
+ chunk = sctp_make_abort_user(asoc, msg, msg_len);
+ if (!chunk)
+ return -ENOMEM;
- /* API 7.1.7, the sndbuf size per association bounds the
- * maximum size of data that can be sent in a single send call.
- */
- if (msg_len > sk->sk_sndbuf) {
- err = -EMSGSIZE;
- goto out_free;
+ pr_debug("%s: aborting association:%p\n", __func__, asoc);
+ sctp_primitive_ABORT(net, asoc, chunk);
+
+ return 0;
}
- if (asoc->pmtu_pending)
- sctp_assoc_pending_pmtu(asoc);
+ return 1;
+}
- /* If fragmentation is disabled and the message length exceeds the
- * association fragmentation point, return EMSGSIZE. The I-D
- * does not specify what this error is, but this looks like
- * a great fit.
- */
- if (sctp_sk(sk)->disable_fragments && (msg_len > asoc->frag_point)) {
- err = -EMSGSIZE;
- goto out_free;
- }
+static int sctp_sendmsg_to_asoc(struct sctp_association *asoc,
+ struct msghdr *msg, size_t msg_len,
+ struct sctp_transport *transport,
+ struct sctp_sndrcvinfo *sinfo)
+{
+ struct sock *sk = asoc->base.sk;
+ struct net *net = sock_net(sk);
+ struct sctp_datamsg *datamsg;
+ bool wait_connect = false;
+ struct sctp_chunk *chunk;
+ long timeo;
+ int err;
- /* Check for invalid stream. */
if (sinfo->sinfo_stream >= asoc->stream.outcnt) {
err = -EINVAL;
- goto out_free;
+ goto err;
}
- /* Allocate sctp_stream_out_ext if not already done */
if (unlikely(!asoc->stream.out[sinfo->sinfo_stream].ext)) {
err = sctp_stream_init_ext(&asoc->stream, sinfo->sinfo_stream);
if (err)
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-05 1:40 linux-next: manual merge of the selinux tree with the net-next tree Stephen Rothwell
@ 2018-03-05 7:03 ` Xin Long
2018-03-07 16:34 ` Paul Moore
2018-03-08 2:07 ` Stephen Rothwell
1 sibling, 1 reply; 20+ messages in thread
From: Xin Long @ 2018-03-05 7:03 UTC (permalink / raw)
To: Stephen Rothwell
Cc: Paul Moore, David Miller, Networking, Linux-Next Mailing List,
Linux Kernel Mailing List, Richard Haines
On Mon, Mar 5, 2018 at 9:40 AM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> Hi Paul,
>
> Today's linux-next merge of the selinux tree got a conflict in:
>
> net/sctp/socket.c
>
> between several refactoring commits from the net-next tree and commit:
>
> 2277c7cd75e3 ("sctp: Add LSM hooks")
>
> from the selinux tree.
>
> I fixed it up (I think - see below) and can carry the fix as
The fixup is great! the same as I mentioned in:
https://patchwork.ozlabs.org/patch/879898/
for net-next.git
> necessary. This is now fixed as far as linux-next is concerned, but any
> non trivial conflicts should be mentioned to your upstream maintainer
> when your tree is submitted for merging. You may also want to consider
> cooperating with the maintainer of the conflicting tree to minimise any
> particularly complex conflicts.
[net-next,0/9] sctp: clean up sctp_sendmsg, this patchset was just applied
in net-next. So I just guess it might not yet be there when selinux tree was
being submitted.
>
> --
> Cheers,
> Stephen Rothwell
>
> diff --cc net/sctp/socket.c
> index 7fa76031bb08,73b34a6b5b09..000000000000
> --- a/net/sctp/socket.c
> +++ b/net/sctp/socket.c
> @@@ -1606,193 -1622,362 +1622,209 @@@ static int sctp_error(struct sock *sk,
> static int sctp_msghdr_parse(const struct msghdr *msg,
> struct sctp_cmsgs *cmsgs);
>
> -static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len)
> +static int sctp_sendmsg_parse(struct sock *sk, struct sctp_cmsgs *cmsgs,
> + struct sctp_sndrcvinfo *srinfo,
> + const struct msghdr *msg, size_t msg_len)
> {
> - struct net *net = sock_net(sk);
> - struct sctp_sock *sp;
> - struct sctp_endpoint *ep;
> - struct sctp_association *new_asoc = NULL, *asoc = NULL;
> - struct sctp_transport *transport, *chunk_tp;
> - struct sctp_chunk *chunk;
> - union sctp_addr to;
> - struct sctp_af *af;
> - struct sockaddr *msg_name = NULL;
> - struct sctp_sndrcvinfo default_sinfo;
> - struct sctp_sndrcvinfo *sinfo;
> - struct sctp_initmsg *sinit;
> - sctp_assoc_t associd = 0;
> - struct sctp_cmsgs cmsgs = { NULL };
> - enum sctp_scope scope;
> - bool fill_sinfo_ttl = false, wait_connect = false;
> - struct sctp_datamsg *datamsg;
> - int msg_flags = msg->msg_flags;
> - __u16 sinfo_flags = 0;
> - long timeo;
> + __u16 sflags;
> int err;
>
> - err = 0;
> - sp = sctp_sk(sk);
> - ep = sp->ep;
> -
> - pr_debug("%s: sk:%p, msg:%p, msg_len:%zu ep:%p\n", __func__, sk,
> - msg, msg_len, ep);
> + if (sctp_sstate(sk, LISTENING) && sctp_style(sk, TCP))
> + return -EPIPE;
>
> - /* We cannot send a message over a TCP-style listening socket. */
> - if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)) {
> - err = -EPIPE;
> - goto out_nounlock;
> - }
> + if (msg_len > sk->sk_sndbuf)
> + return -EMSGSIZE;
>
> - /* Parse out the SCTP CMSGs. */
> - err = sctp_msghdr_parse(msg, &cmsgs);
> + memset(cmsgs, 0, sizeof(*cmsgs));
> + err = sctp_msghdr_parse(msg, cmsgs);
> if (err) {
> pr_debug("%s: msghdr parse err:%x\n", __func__, err);
> - goto out_nounlock;
> + return err;
> }
>
> - /* Fetch the destination address for this packet. This
> - * address only selects the association--it is not necessarily
> - * the address we will send to.
> - * For a peeled-off socket, msg_name is ignored.
> - */
> - if (!sctp_style(sk, UDP_HIGH_BANDWIDTH) && msg->msg_name) {
> - int msg_namelen = msg->msg_namelen;
> -
> - err = sctp_verify_addr(sk, (union sctp_addr *)msg->msg_name,
> - msg_namelen);
> - if (err)
> - return err;
> -
> - if (msg_namelen > sizeof(to))
> - msg_namelen = sizeof(to);
> - memcpy(&to, msg->msg_name, msg_namelen);
> - msg_name = msg->msg_name;
> + memset(srinfo, 0, sizeof(*srinfo));
> + if (cmsgs->srinfo) {
> + srinfo->sinfo_stream = cmsgs->srinfo->sinfo_stream;
> + srinfo->sinfo_flags = cmsgs->srinfo->sinfo_flags;
> + srinfo->sinfo_ppid = cmsgs->srinfo->sinfo_ppid;
> + srinfo->sinfo_context = cmsgs->srinfo->sinfo_context;
> + srinfo->sinfo_assoc_id = cmsgs->srinfo->sinfo_assoc_id;
> + srinfo->sinfo_timetolive = cmsgs->srinfo->sinfo_timetolive;
> }
>
> - sinit = cmsgs.init;
> - if (cmsgs.sinfo != NULL) {
> - memset(&default_sinfo, 0, sizeof(default_sinfo));
> - default_sinfo.sinfo_stream = cmsgs.sinfo->snd_sid;
> - default_sinfo.sinfo_flags = cmsgs.sinfo->snd_flags;
> - default_sinfo.sinfo_ppid = cmsgs.sinfo->snd_ppid;
> - default_sinfo.sinfo_context = cmsgs.sinfo->snd_context;
> - default_sinfo.sinfo_assoc_id = cmsgs.sinfo->snd_assoc_id;
> -
> - sinfo = &default_sinfo;
> - fill_sinfo_ttl = true;
> - } else {
> - sinfo = cmsgs.srinfo;
> - }
> - /* Did the user specify SNDINFO/SNDRCVINFO? */
> - if (sinfo) {
> - sinfo_flags = sinfo->sinfo_flags;
> - associd = sinfo->sinfo_assoc_id;
> + if (cmsgs->sinfo) {
> + srinfo->sinfo_stream = cmsgs->sinfo->snd_sid;
> + srinfo->sinfo_flags = cmsgs->sinfo->snd_flags;
> + srinfo->sinfo_ppid = cmsgs->sinfo->snd_ppid;
> + srinfo->sinfo_context = cmsgs->sinfo->snd_context;
> + srinfo->sinfo_assoc_id = cmsgs->sinfo->snd_assoc_id;
> }
>
> - pr_debug("%s: msg_len:%zu, sinfo_flags:0x%x\n", __func__,
> - msg_len, sinfo_flags);
> + sflags = srinfo->sinfo_flags;
> + if (!sflags && msg_len)
> + return 0;
>
> - /* SCTP_EOF or SCTP_ABORT cannot be set on a TCP-style socket. */
> - if (sctp_style(sk, TCP) && (sinfo_flags & (SCTP_EOF | SCTP_ABORT))) {
> - err = -EINVAL;
> - goto out_nounlock;
> - }
> + if (sctp_style(sk, TCP) && (sflags & (SCTP_EOF | SCTP_ABORT)))
> + return -EINVAL;
>
> - /* If SCTP_EOF is set, no data can be sent. Disallow sending zero
> - * length messages when SCTP_EOF|SCTP_ABORT is not set.
> - * If SCTP_ABORT is set, the message length could be non zero with
> - * the msg_iov set to the user abort reason.
> - */
> - if (((sinfo_flags & SCTP_EOF) && (msg_len > 0)) ||
> - (!(sinfo_flags & (SCTP_EOF|SCTP_ABORT)) && (msg_len == 0))) {
> - err = -EINVAL;
> - goto out_nounlock;
> - }
> + if (((sflags & SCTP_EOF) && msg_len > 0) ||
> + (!(sflags & (SCTP_EOF | SCTP_ABORT)) && msg_len == 0))
> + return -EINVAL;
>
> - /* If SCTP_ADDR_OVER is set, there must be an address
> - * specified in msg_name.
> - */
> - if ((sinfo_flags & SCTP_ADDR_OVER) && (!msg->msg_name)) {
> - err = -EINVAL;
> - goto out_nounlock;
> - }
> + if ((sflags & SCTP_ADDR_OVER) && !msg->msg_name)
> + return -EINVAL;
>
> - transport = NULL;
> + return 0;
> +}
>
> - pr_debug("%s: about to look up association\n", __func__);
> +static int sctp_sendmsg_new_asoc(struct sock *sk, __u16 sflags,
> + struct sctp_cmsgs *cmsgs,
> + union sctp_addr *daddr,
> + struct sctp_transport **tp)
> +{
> + struct sctp_endpoint *ep = sctp_sk(sk)->ep;
> + struct net *net = sock_net(sk);
> + struct sctp_association *asoc;
> + enum sctp_scope scope;
> ++ struct sctp_af *af;
> + int err = -EINVAL;
>
> - lock_sock(sk);
> + *tp = NULL;
>
> - /* If a msg_name has been specified, assume this is to be used. */
> - if (msg_name) {
> - /* Look for a matching association on the endpoint. */
> - asoc = sctp_endpoint_lookup_assoc(ep, &to, &transport);
> + if (sflags & (SCTP_EOF | SCTP_ABORT))
> + return -EINVAL;
>
> - /* If we could not find a matching association on the
> - * endpoint, make sure that it is not a TCP-style
> - * socket that already has an association or there is
> - * no peeled-off association on another socket.
> - */
> - if (!asoc &&
> - ((sctp_style(sk, TCP) &&
> - (sctp_sstate(sk, ESTABLISHED) ||
> - sctp_sstate(sk, CLOSING))) ||
> - sctp_endpoint_is_peeled_off(ep, &to))) {
> - err = -EADDRNOTAVAIL;
> - goto out_unlock;
> - }
> + if (sctp_style(sk, TCP) && (sctp_sstate(sk, ESTABLISHED) ||
> + sctp_sstate(sk, CLOSING)))
> + return -EADDRNOTAVAIL;
> +
> + if (sctp_endpoint_is_peeled_off(ep, daddr))
> + return -EADDRNOTAVAIL;
> +
> + if (!ep->base.bind_addr.port) {
> + if (sctp_autobind(sk))
> + return -EAGAIN;
> } else {
> - asoc = sctp_id2assoc(sk, associd);
> - if (!asoc) {
> - err = -EPIPE;
> - goto out_unlock;
> - }
> + if (ep->base.bind_addr.port < inet_prot_sock(net) &&
> + !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
> + return -EACCES;
> }
>
> - if (asoc) {
> - pr_debug("%s: just looked up association:%p\n", __func__, asoc);
> + scope = sctp_scope(daddr);
>
> - /* We cannot send a message on a TCP-style SCTP_SS_ESTABLISHED
> - * socket that has an association in CLOSED state. This can
> - * happen when an accepted socket has an association that is
> - * already CLOSED.
> - */
> - if (sctp_state(asoc, CLOSED) && sctp_style(sk, TCP)) {
> - err = -EPIPE;
> - goto out_unlock;
> - }
> ++ /* Label connection socket for first association 1-to-many
> ++ * style for client sequence socket()->sendmsg(). This
> ++ * needs to be done before sctp_assoc_add_peer() as that will
> ++ * set up the initial packet that needs to account for any
> ++ * security ip options (CIPSO/CALIPSO) added to the packet.
> ++ */
> ++ af = sctp_get_af_specific(daddr->sa.sa_family);
> ++ if (!af)
> ++ return -EINVAL;
> ++ err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
> ++ (struct sockaddr *)daddr,
> ++ af->sockaddr_len);
> ++ if (err < 0)
> ++ return err;
> +
> - if (sinfo_flags & SCTP_EOF) {
> - pr_debug("%s: shutting down association:%p\n",
> - __func__, asoc);
> + asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
> + if (!asoc)
> + return -ENOMEM;
>
> - sctp_primitive_SHUTDOWN(net, asoc, NULL);
> - err = 0;
> - goto out_unlock;
> - }
> - if (sinfo_flags & SCTP_ABORT) {
> + if (sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL) < 0) {
> + err = -ENOMEM;
> + goto free;
> + }
>
> - chunk = sctp_make_abort_user(asoc, msg, msg_len);
> - if (!chunk) {
> - err = -ENOMEM;
> - goto out_unlock;
> - }
> + if (cmsgs->init) {
> + struct sctp_initmsg *init = cmsgs->init;
>
> - pr_debug("%s: aborting association:%p\n",
> - __func__, asoc);
> + if (init->sinit_num_ostreams) {
> + __u16 outcnt = init->sinit_num_ostreams;
>
> - sctp_primitive_ABORT(net, asoc, chunk);
> - err = 0;
> - goto out_unlock;
> + asoc->c.sinit_num_ostreams = outcnt;
> + /* outcnt has been changed, need to re-init stream */
> + err = sctp_stream_init(&asoc->stream, outcnt, 0,
> + GFP_KERNEL);
> + if (err)
> + goto free;
> }
> - }
>
> - /* Do we need to create the association? */
> - if (!asoc) {
> - pr_debug("%s: there is no association yet\n", __func__);
> + if (init->sinit_max_instreams)
> + asoc->c.sinit_max_instreams = init->sinit_max_instreams;
>
> - if (sinfo_flags & (SCTP_EOF | SCTP_ABORT)) {
> - err = -EINVAL;
> - goto out_unlock;
> - }
> + if (init->sinit_max_attempts)
> + asoc->max_init_attempts = init->sinit_max_attempts;
>
> - /* Check for invalid stream against the stream counts,
> - * either the default or the user specified stream counts.
> - */
> - if (sinfo) {
> - if (!sinit || !sinit->sinit_num_ostreams) {
> - /* Check against the defaults. */
> - if (sinfo->sinfo_stream >=
> - sp->initmsg.sinit_num_ostreams) {
> - err = -EINVAL;
> - goto out_unlock;
> - }
> - } else {
> - /* Check against the requested. */
> - if (sinfo->sinfo_stream >=
> - sinit->sinit_num_ostreams) {
> - err = -EINVAL;
> - goto out_unlock;
> - }
> - }
> - }
> + if (init->sinit_max_init_timeo)
> + asoc->max_init_timeo =
> + msecs_to_jiffies(init->sinit_max_init_timeo);
> + }
>
> - /*
> - * API 3.1.2 bind() - UDP Style Syntax
> - * If a bind() or sctp_bindx() is not called prior to a
> - * sendmsg() call that initiates a new association, the
> - * system picks an ephemeral port and will choose an address
> - * set equivalent to binding with a wildcard address.
> - */
> - if (!ep->base.bind_addr.port) {
> - if (sctp_autobind(sk)) {
> - err = -EAGAIN;
> - goto out_unlock;
> - }
> - } else {
> - /*
> - * If an unprivileged user inherits a one-to-many
> - * style socket with open associations on a privileged
> - * port, it MAY be permitted to accept new associations,
> - * but it SHOULD NOT be permitted to open new
> - * associations.
> - */
> - if (ep->base.bind_addr.port < inet_prot_sock(net) &&
> - !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) {
> - err = -EACCES;
> - goto out_unlock;
> - }
> - }
> + *tp = sctp_assoc_add_peer(asoc, daddr, GFP_KERNEL, SCTP_UNKNOWN);
> + if (!*tp) {
> + err = -ENOMEM;
> + goto free;
> + }
>
> - scope = sctp_scope(&to);
> + return 0;
>
> - /* Label connection socket for first association 1-to-many
> - * style for client sequence socket()->sendmsg(). This
> - * needs to be done before sctp_assoc_add_peer() as that will
> - * set up the initial packet that needs to account for any
> - * security ip options (CIPSO/CALIPSO) added to the packet.
> - */
> - af = sctp_get_af_specific(to.sa.sa_family);
> - if (!af) {
> - err = -EINVAL;
> - goto out_unlock;
> - }
> - err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
> - (struct sockaddr *)&to,
> - af->sockaddr_len);
> - if (err < 0)
> - goto out_unlock;
> +free:
> + sctp_association_free(asoc);
> + return err;
> +}
>
> - new_asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
> - if (!new_asoc) {
> - err = -ENOMEM;
> - goto out_unlock;
> - }
> - asoc = new_asoc;
> - err = sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL);
> - if (err < 0) {
> - err = -ENOMEM;
> - goto out_free;
> - }
> +static int sctp_sendmsg_check_sflags(struct sctp_association *asoc,
> + __u16 sflags, struct msghdr *msg,
> + size_t msg_len)
> +{
> + struct sock *sk = asoc->base.sk;
> + struct net *net = sock_net(sk);
>
> - /* If the SCTP_INIT ancillary data is specified, set all
> - * the association init values accordingly.
> - */
> - if (sinit) {
> - if (sinit->sinit_num_ostreams) {
> - __u16 outcnt = sinit->sinit_num_ostreams;
> -
> - asoc->c.sinit_num_ostreams = outcnt;
> - /* outcnt has been changed, so re-init stream */
> - err = sctp_stream_init(&asoc->stream, outcnt, 0,
> - GFP_KERNEL);
> - if (err)
> - goto out_free;
> - }
> - if (sinit->sinit_max_instreams) {
> - asoc->c.sinit_max_instreams =
> - sinit->sinit_max_instreams;
> - }
> - if (sinit->sinit_max_attempts) {
> - asoc->max_init_attempts
> - = sinit->sinit_max_attempts;
> - }
> - if (sinit->sinit_max_init_timeo) {
> - asoc->max_init_timeo =
> - msecs_to_jiffies(sinit->sinit_max_init_timeo);
> - }
> - }
> + if (sctp_state(asoc, CLOSED) && sctp_style(sk, TCP))
> + return -EPIPE;
>
> - /* Prime the peer's transport structures. */
> - transport = sctp_assoc_add_peer(asoc, &to, GFP_KERNEL, SCTP_UNKNOWN);
> - if (!transport) {
> - err = -ENOMEM;
> - goto out_free;
> - }
> + if (sflags & SCTP_EOF) {
> + pr_debug("%s: shutting down association:%p\n", __func__, asoc);
> + sctp_primitive_SHUTDOWN(net, asoc, NULL);
> +
> + return 0;
> }
>
> - /* ASSERT: we have a valid association at this point. */
> - pr_debug("%s: we have a valid association\n", __func__);
> + if (sflags & SCTP_ABORT) {
> + struct sctp_chunk *chunk;
>
> - if (!sinfo) {
> - /* If the user didn't specify SNDINFO/SNDRCVINFO, make up
> - * one with some defaults.
> - */
> - memset(&default_sinfo, 0, sizeof(default_sinfo));
> - default_sinfo.sinfo_stream = asoc->default_stream;
> - default_sinfo.sinfo_flags = asoc->default_flags;
> - default_sinfo.sinfo_ppid = asoc->default_ppid;
> - default_sinfo.sinfo_context = asoc->default_context;
> - default_sinfo.sinfo_timetolive = asoc->default_timetolive;
> - default_sinfo.sinfo_assoc_id = sctp_assoc2id(asoc);
> -
> - sinfo = &default_sinfo;
> - } else if (fill_sinfo_ttl) {
> - /* In case SNDINFO was specified, we still need to fill
> - * it with a default ttl from the assoc here.
> - */
> - sinfo->sinfo_timetolive = asoc->default_timetolive;
> - }
> + chunk = sctp_make_abort_user(asoc, msg, msg_len);
> + if (!chunk)
> + return -ENOMEM;
>
> - /* API 7.1.7, the sndbuf size per association bounds the
> - * maximum size of data that can be sent in a single send call.
> - */
> - if (msg_len > sk->sk_sndbuf) {
> - err = -EMSGSIZE;
> - goto out_free;
> + pr_debug("%s: aborting association:%p\n", __func__, asoc);
> + sctp_primitive_ABORT(net, asoc, chunk);
> +
> + return 0;
> }
>
> - if (asoc->pmtu_pending)
> - sctp_assoc_pending_pmtu(asoc);
> + return 1;
> +}
>
> - /* If fragmentation is disabled and the message length exceeds the
> - * association fragmentation point, return EMSGSIZE. The I-D
> - * does not specify what this error is, but this looks like
> - * a great fit.
> - */
> - if (sctp_sk(sk)->disable_fragments && (msg_len > asoc->frag_point)) {
> - err = -EMSGSIZE;
> - goto out_free;
> - }
> +static int sctp_sendmsg_to_asoc(struct sctp_association *asoc,
> + struct msghdr *msg, size_t msg_len,
> + struct sctp_transport *transport,
> + struct sctp_sndrcvinfo *sinfo)
> +{
> + struct sock *sk = asoc->base.sk;
> + struct net *net = sock_net(sk);
> + struct sctp_datamsg *datamsg;
> + bool wait_connect = false;
> + struct sctp_chunk *chunk;
> + long timeo;
> + int err;
>
> - /* Check for invalid stream. */
> if (sinfo->sinfo_stream >= asoc->stream.outcnt) {
> err = -EINVAL;
> - goto out_free;
> + goto err;
> }
>
> - /* Allocate sctp_stream_out_ext if not already done */
> if (unlikely(!asoc->stream.out[sinfo->sinfo_stream].ext)) {
> err = sctp_stream_init_ext(&asoc->stream, sinfo->sinfo_stream);
> if (err)
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-05 7:03 ` Xin Long
@ 2018-03-07 16:34 ` Paul Moore
2018-03-07 16:41 ` David Miller
0 siblings, 1 reply; 20+ messages in thread
From: Paul Moore @ 2018-03-07 16:34 UTC (permalink / raw)
To: Xin Long
Cc: Stephen Rothwell, David Miller, Networking,
Linux-Next Mailing List, Linux Kernel Mailing List,
Richard Haines
On Mon, Mar 5, 2018 at 2:03 AM, Xin Long <lucien.xin@gmail.com> wrote:
> On Mon, Mar 5, 2018 at 9:40 AM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>> Hi Paul,
>>
>> Today's linux-next merge of the selinux tree got a conflict in:
>>
>> net/sctp/socket.c
>>
>> between several refactoring commits from the net-next tree and commit:
>>
>> 2277c7cd75e3 ("sctp: Add LSM hooks")
>>
>> from the selinux tree.
>>
>> I fixed it up (I think - see below) and can carry the fix as
> The fixup is great! the same as I mentioned in:
> https://patchwork.ozlabs.org/patch/879898/
> for net-next.git
>
>> necessary. This is now fixed as far as linux-next is concerned, but any
>> non trivial conflicts should be mentioned to your upstream maintainer
>> when your tree is submitted for merging. You may also want to consider
>> cooperating with the maintainer of the conflicting tree to minimise any
>> particularly complex conflicts.
>
> [net-next,0/9] sctp: clean up sctp_sendmsg, this patchset was just applied
> in net-next. So I just guess it might not yet be there when selinux tree was
> being submitted.
The selinux/next branch is based on v4.16-rc1 and doesn't feed into
the netdev tree, it goes straight to Linus during the merge window so
unfortunately I think we may need to carry this for some time and
relay this fix-up patch up to Linus during the merge window.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-07 16:34 ` Paul Moore
@ 2018-03-07 16:41 ` David Miller
2018-03-07 17:27 ` Paul Moore
0 siblings, 1 reply; 20+ messages in thread
From: David Miller @ 2018-03-07 16:41 UTC (permalink / raw)
To: paul; +Cc: lucien.xin, sfr, netdev, linux-next, linux-kernel, richard_c_haines
From: Paul Moore <paul@paul-moore.com>
Date: Wed, 7 Mar 2018 11:34:31 -0500
> On Mon, Mar 5, 2018 at 2:03 AM, Xin Long <lucien.xin@gmail.com> wrote:
>> On Mon, Mar 5, 2018 at 9:40 AM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>>> Hi Paul,
>>>
>>> Today's linux-next merge of the selinux tree got a conflict in:
>>>
>>> net/sctp/socket.c
>>>
>>> between several refactoring commits from the net-next tree and commit:
>>>
>>> 2277c7cd75e3 ("sctp: Add LSM hooks")
>>>
>>> from the selinux tree.
>>>
>>> I fixed it up (I think - see below) and can carry the fix as
>> The fixup is great! the same as I mentioned in:
>> https://patchwork.ozlabs.org/patch/879898/
>> for net-next.git
>>
>>> necessary. This is now fixed as far as linux-next is concerned, but any
>>> non trivial conflicts should be mentioned to your upstream maintainer
>>> when your tree is submitted for merging. You may also want to consider
>>> cooperating with the maintainer of the conflicting tree to minimise any
>>> particularly complex conflicts.
>>
>> [net-next,0/9] sctp: clean up sctp_sendmsg, this patchset was just applied
>> in net-next. So I just guess it might not yet be there when selinux tree was
>> being submitted.
>
> The selinux/next branch is based on v4.16-rc1 and doesn't feed into
> the netdev tree, it goes straight to Linus during the merge window so
> unfortunately I think we may need to carry this for some time and
> relay this fix-up patch up to Linus during the merge window.
What a mess.
The SCTP option changes should have gone through my tree in retrospect.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-07 16:41 ` David Miller
@ 2018-03-07 17:27 ` Paul Moore
2018-03-07 17:45 ` David Miller
0 siblings, 1 reply; 20+ messages in thread
From: Paul Moore @ 2018-03-07 17:27 UTC (permalink / raw)
To: David Miller
Cc: lucien.xin, sfr, netdev, linux-next, linux-kernel, richard_c_haines
On Wed, Mar 7, 2018 at 11:41 AM, David Miller <davem@davemloft.net> wrote:
> From: Paul Moore <paul@paul-moore.com>
> Date: Wed, 7 Mar 2018 11:34:31 -0500
>> On Mon, Mar 5, 2018 at 2:03 AM, Xin Long <lucien.xin@gmail.com> wrote:
>>> On Mon, Mar 5, 2018 at 9:40 AM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>>>> Hi Paul,
>>>>
>>>> Today's linux-next merge of the selinux tree got a conflict in:
>>>>
>>>> net/sctp/socket.c
>>>>
>>>> between several refactoring commits from the net-next tree and commit:
>>>>
>>>> 2277c7cd75e3 ("sctp: Add LSM hooks")
>>>>
>>>> from the selinux tree.
>>>>
>>>> I fixed it up (I think - see below) and can carry the fix as
>>> The fixup is great! the same as I mentioned in:
>>> https://patchwork.ozlabs.org/patch/879898/
>>> for net-next.git
>>>
>>>> necessary. This is now fixed as far as linux-next is concerned, but any
>>>> non trivial conflicts should be mentioned to your upstream maintainer
>>>> when your tree is submitted for merging. You may also want to consider
>>>> cooperating with the maintainer of the conflicting tree to minimise any
>>>> particularly complex conflicts.
>>>
>>> [net-next,0/9] sctp: clean up sctp_sendmsg, this patchset was just applied
>>> in net-next. So I just guess it might not yet be there when selinux tree was
>>> being submitted.
>>
>> The selinux/next branch is based on v4.16-rc1 and doesn't feed into
>> the netdev tree, it goes straight to Linus during the merge window so
>> unfortunately I think we may need to carry this for some time and
>> relay this fix-up patch up to Linus during the merge window.
>
> What a mess.
>
> The SCTP option changes should have gone through my tree in retrospect.
It's unfortunate.
I'm not sure we could have cleanly separated the core network stack
changes from the rest of the SELinux/SCTP enablement, regardless it's
a bit late at this point. The only other thought would have been to
simply push Xin Long's cleanup patches until after the next merge
window, but that would only be worth considering if they truly were
just cleanup patches, and even then it doesn't seem very fair to Xin
Long to have to wait.
Thankfully stuff like this is rare (at least from a netdev/SELinux POV).
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-07 17:27 ` Paul Moore
@ 2018-03-07 17:45 ` David Miller
2018-03-07 20:20 ` Paul Moore
0 siblings, 1 reply; 20+ messages in thread
From: David Miller @ 2018-03-07 17:45 UTC (permalink / raw)
To: paul; +Cc: lucien.xin, sfr, netdev, linux-next, linux-kernel, richard_c_haines
From: Paul Moore <paul@paul-moore.com>
Date: Wed, 7 Mar 2018 12:27:52 -0500
> I'm not sure we could have cleanly separated the core network stack
> changes from the rest of the SELinux/SCTP enablement, regardless it's
> a bit late at this point. The only other thought would have been to
> simply push Xin Long's cleanup patches until after the next merge
> window, but that would only be worth considering if they truly were
> just cleanup patches, and even then it doesn't seem very fair to Xin
> Long to have to wait.
I think you wanted to have more integration, rather than less.
What others have done in the past, is they simply pull my networking
tree into their's.
I never rebase, ever.
My tree often goes in reasonable early in the merge window.
So you would only have to wait until my tree went in before
sending your pull request.
That's really the way to handle something like this.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-07 17:45 ` David Miller
@ 2018-03-07 20:20 ` Paul Moore
2018-03-07 20:24 ` David Miller
2018-03-07 20:26 ` David Miller
0 siblings, 2 replies; 20+ messages in thread
From: Paul Moore @ 2018-03-07 20:20 UTC (permalink / raw)
To: David Miller
Cc: lucien.xin, sfr, netdev, linux-next, linux-kernel, richard_c_haines
On Wed, Mar 7, 2018 at 12:45 PM, David Miller <davem@davemloft.net> wrote:
> From: Paul Moore <paul@paul-moore.com>
> Date: Wed, 7 Mar 2018 12:27:52 -0500
>
>> I'm not sure we could have cleanly separated the core network stack
>> changes from the rest of the SELinux/SCTP enablement, regardless it's
>> a bit late at this point. The only other thought would have been to
>> simply push Xin Long's cleanup patches until after the next merge
>> window, but that would only be worth considering if they truly were
>> just cleanup patches, and even then it doesn't seem very fair to Xin
>> Long to have to wait.
>
> I think you wanted to have more integration, rather than less.
I'm not quite sure where you are going here, I think we *all* want
integration - subtrees merge patches/trees, Linus merges subtrees,
etc. - and I don't believe I've said anything to the contrary.
> What others have done in the past, is they simply pull my networking
> tree into their's.
I only base the SELinux and audit trees on Linus' tree. Perhaps I'm
wrong, but a quick look at net-next makes me believe you do the same.
I think it is also worth mentioning that the SELinux/SCTP patches have
been in the selinux/next branch for several days now; from what I can
tell they predate these net-next cleanup patches. Not that it
matters, I just don't believe that pulling net-next would have solved
this problem; I suppose the right thing would have been for net-next
to pull selinux/next, yes?
> I never rebase, ever.
I've learned that saying "never" (or "never X, ever" in this case) is
a recipe for disaster, but if it works for you, go for it.
FWIW, I try to avoid rebases as much as possible; it's the nuclear
option as far as I'm concerned and the only time I regularly rebase
the SELinux and audit trees is after the merge window (e.g. we need
something in -rc1, or we are simply too far out of date).
Looking quickly at net-next, it looks like net-next/master is
refreshed/rebased on a regular basis too (it contains the
selinux-pr-20180130 tag)... and perhaps rebase is a term you don't
want to use, but I think we are on the same page here.
> My tree often goes in reasonable early in the merge window.
Generally speaking I send my pull request to Linus early in the merge
window too. It obviously tends to vary on when he does the pull, but
we generally haven't had any major problems.
> So you would only have to wait until my tree went in before
> sending your pull request.
So you would want me to rebase selinux/next on top of Linus' tree in
the middle of the merge window? I'm sure that isn't what you meant,
but that's how I keep reading the above ... which can't be right,
because in my experience that's one way to piss off Linus. Help me
understand what you are saying.
> That's really the way to handle something like this.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-07 20:20 ` Paul Moore
@ 2018-03-07 20:24 ` David Miller
2018-03-07 20:26 ` David Miller
1 sibling, 0 replies; 20+ messages in thread
From: David Miller @ 2018-03-07 20:24 UTC (permalink / raw)
To: paul; +Cc: lucien.xin, sfr, netdev, linux-next, linux-kernel, richard_c_haines
From: Paul Moore <paul@paul-moore.com>
Date: Wed, 7 Mar 2018 15:20:33 -0500
> I suppose the right thing would have been for net-next
> to pull selinux/next, yes?
Nope.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-07 20:20 ` Paul Moore
2018-03-07 20:24 ` David Miller
@ 2018-03-07 20:26 ` David Miller
2018-03-07 23:28 ` Paul Moore
1 sibling, 1 reply; 20+ messages in thread
From: David Miller @ 2018-03-07 20:26 UTC (permalink / raw)
To: paul; +Cc: lucien.xin, sfr, netdev, linux-next, linux-kernel, richard_c_haines
From: Paul Moore <paul@paul-moore.com>
Date: Wed, 7 Mar 2018 15:20:33 -0500
>> So you would only have to wait until my tree went in before
>> sending your pull request.
>
> So you would want me to rebase selinux/next on top of Linus' tree in
> the middle of the merge window? I'm sure that isn't what you meant,
> but that's how I keep reading the above ... which can't be right,
> because in my experience that's one way to piss off Linus. Help me
> understand what you are saying.
I never said you rebase anything. I wonder where you get that from.
I'm saying, you just defer your pull request until Linus takes my
networking tree in.
No changes or rebasing of your tree is necessary whatsoever. You just
ask him to pull your tree as-is.
Again, this is what other smaller subsystem trees do when they have a
situation like this.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-07 20:26 ` David Miller
@ 2018-03-07 23:28 ` Paul Moore
0 siblings, 0 replies; 20+ messages in thread
From: Paul Moore @ 2018-03-07 23:28 UTC (permalink / raw)
To: David Miller
Cc: lucien.xin, sfr, netdev, linux-next, linux-kernel, richard_c_haines
On Wed, Mar 7, 2018 at 3:26 PM, David Miller <davem@davemloft.net> wrote:
> From: Paul Moore <paul@paul-moore.com>
> Date: Wed, 7 Mar 2018 15:20:33 -0500
>
>>> So you would only have to wait until my tree went in before
>>> sending your pull request.
>>
>> So you would want me to rebase selinux/next on top of Linus' tree in
>> the middle of the merge window? I'm sure that isn't what you meant,
>> but that's how I keep reading the above ... which can't be right,
>> because in my experience that's one way to piss off Linus. Help me
>> understand what you are saying.
>
> I never said you rebase anything. I wonder where you get that from.
As I said, I was just trying to figure out what you were suggesting.
Your email was not very clear in my opinion.
> I'm saying, you just defer your pull request until Linus takes my
> networking tree in.
>
> No changes or rebasing of your tree is necessary whatsoever. You just
> ask him to pull your tree as-is.
>
> Again, this is what other smaller subsystem trees do when they have a
> situation like this.
Which gets us back to what I originally suggested in my first email of
this thread: linux-next carries the fixup patch and when we send the
pull requests to Linus we mention this fixup/thread.
For what it's worth, if you mention the potential merge conflict, and
the fixup that Stephen provided, it shouldn't matter when the pull
requests are sent to Linus; he's a smart guy, he'll merge things in
the order he wants. I've seen more than a few people get burned by
deferring pull requests, I don't intend to have SELinux, or audit for
that matter, run into the same problem.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-05 1:40 linux-next: manual merge of the selinux tree with the net-next tree Stephen Rothwell
2018-03-05 7:03 ` Xin Long
@ 2018-03-08 2:07 ` Stephen Rothwell
2018-03-08 13:00 ` Paul Moore
` (2 more replies)
1 sibling, 3 replies; 20+ messages in thread
From: Stephen Rothwell @ 2018-03-08 2:07 UTC (permalink / raw)
To: Paul Moore, David Miller, Networking
Cc: Linux-Next Mailing List, Linux Kernel Mailing List,
Richard Haines, Xin Long
[-- Attachment #1: Type: text/plain, Size: 16301 bytes --]
Hi all,
On Mon, 5 Mar 2018 12:40:54 +1100 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Today's linux-next merge of the selinux tree got a conflict in:
>
> net/sctp/socket.c
>
> between several refactoring commits from the net-next tree and commit:
>
> 2277c7cd75e3 ("sctp: Add LSM hooks")
>
> from the selinux tree.
>
> I fixed it up (I think - see below) and can carry the fix as
> necessary. This is now fixed as far as linux-next is concerned, but any
> non trivial conflicts should be mentioned to your upstream maintainer
> when your tree is submitted for merging. You may also want to consider
> cooperating with the maintainer of the conflicting tree to minimise any
> particularly complex conflicts.
>
> --
> Cheers,
> Stephen Rothwell
The resolution now looks like below (there were more changes to this
file in the net-next tree). It will keep changing every time this file
is touched :-(
--
Cheers,
Stephen Rothwell
diff --cc net/sctp/socket.c
index 7d3476a4860d,73b34a6b5b09..000000000000
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@@ -1606,200 -1622,308 +1622,216 @@@ static int sctp_error(struct sock *sk,
static int sctp_msghdr_parse(const struct msghdr *msg,
struct sctp_cmsgs *cmsgs);
-static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len)
+static int sctp_sendmsg_parse(struct sock *sk, struct sctp_cmsgs *cmsgs,
+ struct sctp_sndrcvinfo *srinfo,
+ const struct msghdr *msg, size_t msg_len)
{
- struct net *net = sock_net(sk);
- struct sctp_sock *sp;
- struct sctp_endpoint *ep;
- struct sctp_association *new_asoc = NULL, *asoc = NULL;
- struct sctp_transport *transport, *chunk_tp;
- struct sctp_chunk *chunk;
- union sctp_addr to;
- struct sctp_af *af;
- struct sockaddr *msg_name = NULL;
- struct sctp_sndrcvinfo default_sinfo;
- struct sctp_sndrcvinfo *sinfo;
- struct sctp_initmsg *sinit;
- sctp_assoc_t associd = 0;
- struct sctp_cmsgs cmsgs = { NULL };
- enum sctp_scope scope;
- bool fill_sinfo_ttl = false, wait_connect = false;
- struct sctp_datamsg *datamsg;
- int msg_flags = msg->msg_flags;
- __u16 sinfo_flags = 0;
- long timeo;
+ __u16 sflags;
int err;
- err = 0;
- sp = sctp_sk(sk);
- ep = sp->ep;
+ if (sctp_sstate(sk, LISTENING) && sctp_style(sk, TCP))
+ return -EPIPE;
- pr_debug("%s: sk:%p, msg:%p, msg_len:%zu ep:%p\n", __func__, sk,
- msg, msg_len, ep);
-
- /* We cannot send a message over a TCP-style listening socket. */
- if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)) {
- err = -EPIPE;
- goto out_nounlock;
- }
+ if (msg_len > sk->sk_sndbuf)
+ return -EMSGSIZE;
- /* Parse out the SCTP CMSGs. */
- err = sctp_msghdr_parse(msg, &cmsgs);
+ memset(cmsgs, 0, sizeof(*cmsgs));
+ err = sctp_msghdr_parse(msg, cmsgs);
if (err) {
pr_debug("%s: msghdr parse err:%x\n", __func__, err);
- goto out_nounlock;
+ return err;
}
- /* Fetch the destination address for this packet. This
- * address only selects the association--it is not necessarily
- * the address we will send to.
- * For a peeled-off socket, msg_name is ignored.
- */
- if (!sctp_style(sk, UDP_HIGH_BANDWIDTH) && msg->msg_name) {
- int msg_namelen = msg->msg_namelen;
+ memset(srinfo, 0, sizeof(*srinfo));
+ if (cmsgs->srinfo) {
+ srinfo->sinfo_stream = cmsgs->srinfo->sinfo_stream;
+ srinfo->sinfo_flags = cmsgs->srinfo->sinfo_flags;
+ srinfo->sinfo_ppid = cmsgs->srinfo->sinfo_ppid;
+ srinfo->sinfo_context = cmsgs->srinfo->sinfo_context;
+ srinfo->sinfo_assoc_id = cmsgs->srinfo->sinfo_assoc_id;
+ srinfo->sinfo_timetolive = cmsgs->srinfo->sinfo_timetolive;
+ }
- err = sctp_verify_addr(sk, (union sctp_addr *)msg->msg_name,
- msg_namelen);
- if (err)
- return err;
+ if (cmsgs->sinfo) {
+ srinfo->sinfo_stream = cmsgs->sinfo->snd_sid;
+ srinfo->sinfo_flags = cmsgs->sinfo->snd_flags;
+ srinfo->sinfo_ppid = cmsgs->sinfo->snd_ppid;
+ srinfo->sinfo_context = cmsgs->sinfo->snd_context;
+ srinfo->sinfo_assoc_id = cmsgs->sinfo->snd_assoc_id;
+ }
- if (msg_namelen > sizeof(to))
- msg_namelen = sizeof(to);
- memcpy(&to, msg->msg_name, msg_namelen);
- msg_name = msg->msg_name;
+ if (cmsgs->prinfo) {
+ srinfo->sinfo_timetolive = cmsgs->prinfo->pr_value;
+ SCTP_PR_SET_POLICY(srinfo->sinfo_flags,
+ cmsgs->prinfo->pr_policy);
}
- sinit = cmsgs.init;
- if (cmsgs.sinfo != NULL) {
- memset(&default_sinfo, 0, sizeof(default_sinfo));
- default_sinfo.sinfo_stream = cmsgs.sinfo->snd_sid;
- default_sinfo.sinfo_flags = cmsgs.sinfo->snd_flags;
- default_sinfo.sinfo_ppid = cmsgs.sinfo->snd_ppid;
- default_sinfo.sinfo_context = cmsgs.sinfo->snd_context;
- default_sinfo.sinfo_assoc_id = cmsgs.sinfo->snd_assoc_id;
+ sflags = srinfo->sinfo_flags;
+ if (!sflags && msg_len)
+ return 0;
- sinfo = &default_sinfo;
- fill_sinfo_ttl = true;
- } else {
- sinfo = cmsgs.srinfo;
- }
- /* Did the user specify SNDINFO/SNDRCVINFO? */
- if (sinfo) {
- sinfo_flags = sinfo->sinfo_flags;
- associd = sinfo->sinfo_assoc_id;
- }
+ if (sctp_style(sk, TCP) && (sflags & (SCTP_EOF | SCTP_ABORT)))
+ return -EINVAL;
- pr_debug("%s: msg_len:%zu, sinfo_flags:0x%x\n", __func__,
- msg_len, sinfo_flags);
+ if (((sflags & SCTP_EOF) && msg_len > 0) ||
+ (!(sflags & (SCTP_EOF | SCTP_ABORT)) && msg_len == 0))
+ return -EINVAL;
- /* SCTP_EOF or SCTP_ABORT cannot be set on a TCP-style socket. */
- if (sctp_style(sk, TCP) && (sinfo_flags & (SCTP_EOF | SCTP_ABORT))) {
- err = -EINVAL;
- goto out_nounlock;
- }
+ if ((sflags & SCTP_ADDR_OVER) && !msg->msg_name)
+ return -EINVAL;
- /* If SCTP_EOF is set, no data can be sent. Disallow sending zero
- * length messages when SCTP_EOF|SCTP_ABORT is not set.
- * If SCTP_ABORT is set, the message length could be non zero with
- * the msg_iov set to the user abort reason.
- */
- if (((sinfo_flags & SCTP_EOF) && (msg_len > 0)) ||
- (!(sinfo_flags & (SCTP_EOF|SCTP_ABORT)) && (msg_len == 0))) {
- err = -EINVAL;
- goto out_nounlock;
- }
+ return 0;
+}
- /* If SCTP_ADDR_OVER is set, there must be an address
- * specified in msg_name.
- */
- if ((sinfo_flags & SCTP_ADDR_OVER) && (!msg->msg_name)) {
- err = -EINVAL;
- goto out_nounlock;
- }
+static int sctp_sendmsg_new_asoc(struct sock *sk, __u16 sflags,
+ struct sctp_cmsgs *cmsgs,
+ union sctp_addr *daddr,
+ struct sctp_transport **tp)
+{
+ struct sctp_endpoint *ep = sctp_sk(sk)->ep;
+ struct net *net = sock_net(sk);
+ struct sctp_association *asoc;
+ enum sctp_scope scope;
+ struct cmsghdr *cmsg;
++ struct sctp_af *af;
+ int err = -EINVAL;
- transport = NULL;
+ *tp = NULL;
- pr_debug("%s: about to look up association\n", __func__);
+ if (sflags & (SCTP_EOF | SCTP_ABORT))
+ return -EINVAL;
- lock_sock(sk);
+ if (sctp_style(sk, TCP) && (sctp_sstate(sk, ESTABLISHED) ||
+ sctp_sstate(sk, CLOSING)))
+ return -EADDRNOTAVAIL;
- /* If a msg_name has been specified, assume this is to be used. */
- if (msg_name) {
- /* Look for a matching association on the endpoint. */
- asoc = sctp_endpoint_lookup_assoc(ep, &to, &transport);
+ if (sctp_endpoint_is_peeled_off(ep, daddr))
+ return -EADDRNOTAVAIL;
- /* If we could not find a matching association on the
- * endpoint, make sure that it is not a TCP-style
- * socket that already has an association or there is
- * no peeled-off association on another socket.
- */
- if (!asoc &&
- ((sctp_style(sk, TCP) &&
- (sctp_sstate(sk, ESTABLISHED) ||
- sctp_sstate(sk, CLOSING))) ||
- sctp_endpoint_is_peeled_off(ep, &to))) {
- err = -EADDRNOTAVAIL;
- goto out_unlock;
- }
+ if (!ep->base.bind_addr.port) {
+ if (sctp_autobind(sk))
+ return -EAGAIN;
} else {
- asoc = sctp_id2assoc(sk, associd);
- if (!asoc) {
- err = -EPIPE;
- goto out_unlock;
- }
+ if (ep->base.bind_addr.port < inet_prot_sock(net) &&
+ !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
+ return -EACCES;
}
- if (asoc) {
- pr_debug("%s: just looked up association:%p\n", __func__, asoc);
+ scope = sctp_scope(daddr);
- /* We cannot send a message on a TCP-style SCTP_SS_ESTABLISHED
- * socket that has an association in CLOSED state. This can
- * happen when an accepted socket has an association that is
- * already CLOSED.
- */
- if (sctp_state(asoc, CLOSED) && sctp_style(sk, TCP)) {
- err = -EPIPE;
- goto out_unlock;
- }
++ /* Label connection socket for first association 1-to-many
++ * style for client sequence socket()->sendmsg(). This
++ * needs to be done before sctp_assoc_add_peer() as that will
++ * set up the initial packet that needs to account for any
++ * security ip options (CIPSO/CALIPSO) added to the packet.
++ */
++ af = sctp_get_af_specific(daddr->sa.sa_family);
++ if (!af)
++ return -EINVAL;
++ err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
++ (struct sockaddr *)daddr,
++ af->sockaddr_len);
++ if (err < 0)
++ return err;
+
- if (sinfo_flags & SCTP_EOF) {
- pr_debug("%s: shutting down association:%p\n",
- __func__, asoc);
+ asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
+ if (!asoc)
+ return -ENOMEM;
- sctp_primitive_SHUTDOWN(net, asoc, NULL);
- err = 0;
- goto out_unlock;
- }
- if (sinfo_flags & SCTP_ABORT) {
+ if (sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL) < 0) {
+ err = -ENOMEM;
+ goto free;
+ }
- chunk = sctp_make_abort_user(asoc, msg, msg_len);
- if (!chunk) {
- err = -ENOMEM;
- goto out_unlock;
- }
+ if (cmsgs->init) {
+ struct sctp_initmsg *init = cmsgs->init;
- pr_debug("%s: aborting association:%p\n",
- __func__, asoc);
+ if (init->sinit_num_ostreams) {
+ __u16 outcnt = init->sinit_num_ostreams;
- sctp_primitive_ABORT(net, asoc, chunk);
- err = 0;
- goto out_unlock;
+ asoc->c.sinit_num_ostreams = outcnt;
+ /* outcnt has been changed, need to re-init stream */
+ err = sctp_stream_init(&asoc->stream, outcnt, 0,
+ GFP_KERNEL);
+ if (err)
+ goto free;
}
+
+ if (init->sinit_max_instreams)
+ asoc->c.sinit_max_instreams = init->sinit_max_instreams;
+
+ if (init->sinit_max_attempts)
+ asoc->max_init_attempts = init->sinit_max_attempts;
+
+ if (init->sinit_max_init_timeo)
+ asoc->max_init_timeo =
+ msecs_to_jiffies(init->sinit_max_init_timeo);
}
- /* Do we need to create the association? */
- if (!asoc) {
- pr_debug("%s: there is no association yet\n", __func__);
+ *tp = sctp_assoc_add_peer(asoc, daddr, GFP_KERNEL, SCTP_UNKNOWN);
+ if (!*tp) {
+ err = -ENOMEM;
+ goto free;
+ }
- if (sinfo_flags & (SCTP_EOF | SCTP_ABORT)) {
- err = -EINVAL;
- goto out_unlock;
- }
+ if (!cmsgs->addrs_msg)
+ return 0;
- /* Check for invalid stream against the stream counts,
- * either the default or the user specified stream counts.
- */
- if (sinfo) {
- if (!sinit || !sinit->sinit_num_ostreams) {
- /* Check against the defaults. */
- if (sinfo->sinfo_stream >=
- sp->initmsg.sinit_num_ostreams) {
- err = -EINVAL;
- goto out_unlock;
- }
- } else {
- /* Check against the requested. */
- if (sinfo->sinfo_stream >=
- sinit->sinit_num_ostreams) {
- err = -EINVAL;
- goto out_unlock;
- }
- }
- }
+ /* sendv addr list parse */
+ for_each_cmsghdr(cmsg, cmsgs->addrs_msg) {
+ struct sctp_transport *transport;
+ struct sctp_association *old;
+ union sctp_addr _daddr;
+ int dlen;
- /*
- * API 3.1.2 bind() - UDP Style Syntax
- * If a bind() or sctp_bindx() is not called prior to a
- * sendmsg() call that initiates a new association, the
- * system picks an ephemeral port and will choose an address
- * set equivalent to binding with a wildcard address.
- */
- if (!ep->base.bind_addr.port) {
- if (sctp_autobind(sk)) {
- err = -EAGAIN;
- goto out_unlock;
- }
- } else {
- /*
- * If an unprivileged user inherits a one-to-many
- * style socket with open associations on a privileged
- * port, it MAY be permitted to accept new associations,
- * but it SHOULD NOT be permitted to open new
- * associations.
- */
- if (ep->base.bind_addr.port < inet_prot_sock(net) &&
- !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) {
- err = -EACCES;
- goto out_unlock;
- }
- }
+ if (cmsg->cmsg_level != IPPROTO_SCTP ||
+ (cmsg->cmsg_type != SCTP_DSTADDRV4 &&
+ cmsg->cmsg_type != SCTP_DSTADDRV6))
+ continue;
- scope = sctp_scope(&to);
+ daddr = &_daddr;
+ memset(daddr, 0, sizeof(*daddr));
+ dlen = cmsg->cmsg_len - sizeof(struct cmsghdr);
+ if (cmsg->cmsg_type == SCTP_DSTADDRV4) {
+ if (dlen < sizeof(struct in_addr))
+ goto free;
+
+ dlen = sizeof(struct in_addr);
+ daddr->v4.sin_family = AF_INET;
+ daddr->v4.sin_port = htons(asoc->peer.port);
+ memcpy(&daddr->v4.sin_addr, CMSG_DATA(cmsg), dlen);
+ } else {
+ if (dlen < sizeof(struct in6_addr))
+ goto free;
- /* Label connection socket for first association 1-to-many
- * style for client sequence socket()->sendmsg(). This
- * needs to be done before sctp_assoc_add_peer() as that will
- * set up the initial packet that needs to account for any
- * security ip options (CIPSO/CALIPSO) added to the packet.
- */
- af = sctp_get_af_specific(to.sa.sa_family);
- if (!af) {
- err = -EINVAL;
- goto out_unlock;
+ dlen = sizeof(struct in6_addr);
+ daddr->v6.sin6_family = AF_INET6;
+ daddr->v6.sin6_port = htons(asoc->peer.port);
+ memcpy(&daddr->v6.sin6_addr, CMSG_DATA(cmsg), dlen);
}
- err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
- (struct sockaddr *)&to,
- af->sockaddr_len);
- if (err < 0)
- goto out_unlock;
+ err = sctp_verify_addr(sk, daddr, sizeof(*daddr));
+ if (err)
+ goto free;
- new_asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
- if (!new_asoc) {
- err = -ENOMEM;
- goto out_unlock;
- }
- asoc = new_asoc;
- err = sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL);
- if (err < 0) {
- err = -ENOMEM;
- goto out_free;
+ old = sctp_endpoint_lookup_assoc(ep, daddr, &transport);
+ if (old && old != asoc) {
+ if (old->state >= SCTP_STATE_ESTABLISHED)
+ err = -EISCONN;
+ else
+ err = -EALREADY;
+ goto free;
}
- /* If the SCTP_INIT ancillary data is specified, set all
- * the association init values accordingly.
- */
- if (sinit) {
- if (sinit->sinit_num_ostreams) {
- __u16 outcnt = sinit->sinit_num_ostreams;
-
- asoc->c.sinit_num_ostreams = outcnt;
- /* outcnt has been changed, so re-init stream */
- err = sctp_stream_init(&asoc->stream, outcnt, 0,
- GFP_KERNEL);
- if (err)
- goto out_free;
- }
- if (sinit->sinit_max_instreams) {
- asoc->c.sinit_max_instreams =
- sinit->sinit_max_instreams;
- }
- if (sinit->sinit_max_attempts) {
- asoc->max_init_attempts
- = sinit->sinit_max_attempts;
- }
- if (sinit->sinit_max_init_timeo) {
- asoc->max_init_timeo =
- msecs_to_jiffies(sinit->sinit_max_init_timeo);
- }
+ if (sctp_endpoint_is_peeled_off(ep, daddr)) {
+ err = -EADDRNOTAVAIL;
+ goto free;
}
- /* Prime the peer's transport structures. */
- transport = sctp_assoc_add_peer(asoc, &to, GFP_KERNEL, SCTP_UNKNOWN);
+ transport = sctp_assoc_add_peer(asoc, daddr, GFP_KERNEL,
+ SCTP_UNKNOWN);
if (!transport) {
err = -ENOMEM;
- goto out_free;
+ goto free;
}
}
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-08 2:07 ` Stephen Rothwell
@ 2018-03-08 13:00 ` Paul Moore
2018-03-08 13:12 ` Xin Long
2018-03-08 13:29 ` Xin Long
2018-03-09 12:52 ` Marcelo Ricardo Leitner
2 siblings, 1 reply; 20+ messages in thread
From: Paul Moore @ 2018-03-08 13:00 UTC (permalink / raw)
To: Xin Long
Cc: David Miller, Networking, Linux-Next Mailing List,
Linux Kernel Mailing List, Richard Haines, Stephen Rothwell
On Wed, Mar 7, 2018 at 9:07 PM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> Hi all,
>
> On Mon, 5 Mar 2018 12:40:54 +1100 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>>
>> Today's linux-next merge of the selinux tree got a conflict in:
>>
>> net/sctp/socket.c
>>
>> between several refactoring commits from the net-next tree and commit:
>>
>> 2277c7cd75e3 ("sctp: Add LSM hooks")
>>
>> from the selinux tree.
>>
>> I fixed it up (I think - see below) and can carry the fix as
>> necessary. This is now fixed as far as linux-next is concerned, but any
>> non trivial conflicts should be mentioned to your upstream maintainer
>> when your tree is submitted for merging. You may also want to consider
>> cooperating with the maintainer of the conflicting tree to minimise any
>> particularly complex conflicts.
>>
>> --
>> Cheers,
>> Stephen Rothwell
>
> The resolution now looks like below (there were more changes to this
> file in the net-next tree). It will keep changing every time this file
> is touched :-(
Xin Long, does this still look okay to you?
> diff --cc net/sctp/socket.c
> index 7d3476a4860d,73b34a6b5b09..000000000000
> --- a/net/sctp/socket.c
> +++ b/net/sctp/socket.c
> @@@ -1606,200 -1622,308 +1622,216 @@@ static int sctp_error(struct sock *sk,
> static int sctp_msghdr_parse(const struct msghdr *msg,
> struct sctp_cmsgs *cmsgs);
>
> -static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len)
> +static int sctp_sendmsg_parse(struct sock *sk, struct sctp_cmsgs *cmsgs,
> + struct sctp_sndrcvinfo *srinfo,
> + const struct msghdr *msg, size_t msg_len)
> {
> - struct net *net = sock_net(sk);
> - struct sctp_sock *sp;
> - struct sctp_endpoint *ep;
> - struct sctp_association *new_asoc = NULL, *asoc = NULL;
> - struct sctp_transport *transport, *chunk_tp;
> - struct sctp_chunk *chunk;
> - union sctp_addr to;
> - struct sctp_af *af;
> - struct sockaddr *msg_name = NULL;
> - struct sctp_sndrcvinfo default_sinfo;
> - struct sctp_sndrcvinfo *sinfo;
> - struct sctp_initmsg *sinit;
> - sctp_assoc_t associd = 0;
> - struct sctp_cmsgs cmsgs = { NULL };
> - enum sctp_scope scope;
> - bool fill_sinfo_ttl = false, wait_connect = false;
> - struct sctp_datamsg *datamsg;
> - int msg_flags = msg->msg_flags;
> - __u16 sinfo_flags = 0;
> - long timeo;
> + __u16 sflags;
> int err;
>
> - err = 0;
> - sp = sctp_sk(sk);
> - ep = sp->ep;
> + if (sctp_sstate(sk, LISTENING) && sctp_style(sk, TCP))
> + return -EPIPE;
>
> - pr_debug("%s: sk:%p, msg:%p, msg_len:%zu ep:%p\n", __func__, sk,
> - msg, msg_len, ep);
> -
> - /* We cannot send a message over a TCP-style listening socket. */
> - if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)) {
> - err = -EPIPE;
> - goto out_nounlock;
> - }
> + if (msg_len > sk->sk_sndbuf)
> + return -EMSGSIZE;
>
> - /* Parse out the SCTP CMSGs. */
> - err = sctp_msghdr_parse(msg, &cmsgs);
> + memset(cmsgs, 0, sizeof(*cmsgs));
> + err = sctp_msghdr_parse(msg, cmsgs);
> if (err) {
> pr_debug("%s: msghdr parse err:%x\n", __func__, err);
> - goto out_nounlock;
> + return err;
> }
>
> - /* Fetch the destination address for this packet. This
> - * address only selects the association--it is not necessarily
> - * the address we will send to.
> - * For a peeled-off socket, msg_name is ignored.
> - */
> - if (!sctp_style(sk, UDP_HIGH_BANDWIDTH) && msg->msg_name) {
> - int msg_namelen = msg->msg_namelen;
> + memset(srinfo, 0, sizeof(*srinfo));
> + if (cmsgs->srinfo) {
> + srinfo->sinfo_stream = cmsgs->srinfo->sinfo_stream;
> + srinfo->sinfo_flags = cmsgs->srinfo->sinfo_flags;
> + srinfo->sinfo_ppid = cmsgs->srinfo->sinfo_ppid;
> + srinfo->sinfo_context = cmsgs->srinfo->sinfo_context;
> + srinfo->sinfo_assoc_id = cmsgs->srinfo->sinfo_assoc_id;
> + srinfo->sinfo_timetolive = cmsgs->srinfo->sinfo_timetolive;
> + }
>
> - err = sctp_verify_addr(sk, (union sctp_addr *)msg->msg_name,
> - msg_namelen);
> - if (err)
> - return err;
> + if (cmsgs->sinfo) {
> + srinfo->sinfo_stream = cmsgs->sinfo->snd_sid;
> + srinfo->sinfo_flags = cmsgs->sinfo->snd_flags;
> + srinfo->sinfo_ppid = cmsgs->sinfo->snd_ppid;
> + srinfo->sinfo_context = cmsgs->sinfo->snd_context;
> + srinfo->sinfo_assoc_id = cmsgs->sinfo->snd_assoc_id;
> + }
>
> - if (msg_namelen > sizeof(to))
> - msg_namelen = sizeof(to);
> - memcpy(&to, msg->msg_name, msg_namelen);
> - msg_name = msg->msg_name;
> + if (cmsgs->prinfo) {
> + srinfo->sinfo_timetolive = cmsgs->prinfo->pr_value;
> + SCTP_PR_SET_POLICY(srinfo->sinfo_flags,
> + cmsgs->prinfo->pr_policy);
> }
>
> - sinit = cmsgs.init;
> - if (cmsgs.sinfo != NULL) {
> - memset(&default_sinfo, 0, sizeof(default_sinfo));
> - default_sinfo.sinfo_stream = cmsgs.sinfo->snd_sid;
> - default_sinfo.sinfo_flags = cmsgs.sinfo->snd_flags;
> - default_sinfo.sinfo_ppid = cmsgs.sinfo->snd_ppid;
> - default_sinfo.sinfo_context = cmsgs.sinfo->snd_context;
> - default_sinfo.sinfo_assoc_id = cmsgs.sinfo->snd_assoc_id;
> + sflags = srinfo->sinfo_flags;
> + if (!sflags && msg_len)
> + return 0;
>
> - sinfo = &default_sinfo;
> - fill_sinfo_ttl = true;
> - } else {
> - sinfo = cmsgs.srinfo;
> - }
> - /* Did the user specify SNDINFO/SNDRCVINFO? */
> - if (sinfo) {
> - sinfo_flags = sinfo->sinfo_flags;
> - associd = sinfo->sinfo_assoc_id;
> - }
> + if (sctp_style(sk, TCP) && (sflags & (SCTP_EOF | SCTP_ABORT)))
> + return -EINVAL;
>
> - pr_debug("%s: msg_len:%zu, sinfo_flags:0x%x\n", __func__,
> - msg_len, sinfo_flags);
> + if (((sflags & SCTP_EOF) && msg_len > 0) ||
> + (!(sflags & (SCTP_EOF | SCTP_ABORT)) && msg_len == 0))
> + return -EINVAL;
>
> - /* SCTP_EOF or SCTP_ABORT cannot be set on a TCP-style socket. */
> - if (sctp_style(sk, TCP) && (sinfo_flags & (SCTP_EOF | SCTP_ABORT))) {
> - err = -EINVAL;
> - goto out_nounlock;
> - }
> + if ((sflags & SCTP_ADDR_OVER) && !msg->msg_name)
> + return -EINVAL;
>
> - /* If SCTP_EOF is set, no data can be sent. Disallow sending zero
> - * length messages when SCTP_EOF|SCTP_ABORT is not set.
> - * If SCTP_ABORT is set, the message length could be non zero with
> - * the msg_iov set to the user abort reason.
> - */
> - if (((sinfo_flags & SCTP_EOF) && (msg_len > 0)) ||
> - (!(sinfo_flags & (SCTP_EOF|SCTP_ABORT)) && (msg_len == 0))) {
> - err = -EINVAL;
> - goto out_nounlock;
> - }
> + return 0;
> +}
>
> - /* If SCTP_ADDR_OVER is set, there must be an address
> - * specified in msg_name.
> - */
> - if ((sinfo_flags & SCTP_ADDR_OVER) && (!msg->msg_name)) {
> - err = -EINVAL;
> - goto out_nounlock;
> - }
> +static int sctp_sendmsg_new_asoc(struct sock *sk, __u16 sflags,
> + struct sctp_cmsgs *cmsgs,
> + union sctp_addr *daddr,
> + struct sctp_transport **tp)
> +{
> + struct sctp_endpoint *ep = sctp_sk(sk)->ep;
> + struct net *net = sock_net(sk);
> + struct sctp_association *asoc;
> + enum sctp_scope scope;
> + struct cmsghdr *cmsg;
> ++ struct sctp_af *af;
> + int err = -EINVAL;
>
> - transport = NULL;
> + *tp = NULL;
>
> - pr_debug("%s: about to look up association\n", __func__);
> + if (sflags & (SCTP_EOF | SCTP_ABORT))
> + return -EINVAL;
>
> - lock_sock(sk);
> + if (sctp_style(sk, TCP) && (sctp_sstate(sk, ESTABLISHED) ||
> + sctp_sstate(sk, CLOSING)))
> + return -EADDRNOTAVAIL;
>
> - /* If a msg_name has been specified, assume this is to be used. */
> - if (msg_name) {
> - /* Look for a matching association on the endpoint. */
> - asoc = sctp_endpoint_lookup_assoc(ep, &to, &transport);
> + if (sctp_endpoint_is_peeled_off(ep, daddr))
> + return -EADDRNOTAVAIL;
>
> - /* If we could not find a matching association on the
> - * endpoint, make sure that it is not a TCP-style
> - * socket that already has an association or there is
> - * no peeled-off association on another socket.
> - */
> - if (!asoc &&
> - ((sctp_style(sk, TCP) &&
> - (sctp_sstate(sk, ESTABLISHED) ||
> - sctp_sstate(sk, CLOSING))) ||
> - sctp_endpoint_is_peeled_off(ep, &to))) {
> - err = -EADDRNOTAVAIL;
> - goto out_unlock;
> - }
> + if (!ep->base.bind_addr.port) {
> + if (sctp_autobind(sk))
> + return -EAGAIN;
> } else {
> - asoc = sctp_id2assoc(sk, associd);
> - if (!asoc) {
> - err = -EPIPE;
> - goto out_unlock;
> - }
> + if (ep->base.bind_addr.port < inet_prot_sock(net) &&
> + !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
> + return -EACCES;
> }
>
> - if (asoc) {
> - pr_debug("%s: just looked up association:%p\n", __func__, asoc);
> + scope = sctp_scope(daddr);
>
> - /* We cannot send a message on a TCP-style SCTP_SS_ESTABLISHED
> - * socket that has an association in CLOSED state. This can
> - * happen when an accepted socket has an association that is
> - * already CLOSED.
> - */
> - if (sctp_state(asoc, CLOSED) && sctp_style(sk, TCP)) {
> - err = -EPIPE;
> - goto out_unlock;
> - }
> ++ /* Label connection socket for first association 1-to-many
> ++ * style for client sequence socket()->sendmsg(). This
> ++ * needs to be done before sctp_assoc_add_peer() as that will
> ++ * set up the initial packet that needs to account for any
> ++ * security ip options (CIPSO/CALIPSO) added to the packet.
> ++ */
> ++ af = sctp_get_af_specific(daddr->sa.sa_family);
> ++ if (!af)
> ++ return -EINVAL;
> ++ err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
> ++ (struct sockaddr *)daddr,
> ++ af->sockaddr_len);
> ++ if (err < 0)
> ++ return err;
> +
> - if (sinfo_flags & SCTP_EOF) {
> - pr_debug("%s: shutting down association:%p\n",
> - __func__, asoc);
> + asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
> + if (!asoc)
> + return -ENOMEM;
>
> - sctp_primitive_SHUTDOWN(net, asoc, NULL);
> - err = 0;
> - goto out_unlock;
> - }
> - if (sinfo_flags & SCTP_ABORT) {
> + if (sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL) < 0) {
> + err = -ENOMEM;
> + goto free;
> + }
>
> - chunk = sctp_make_abort_user(asoc, msg, msg_len);
> - if (!chunk) {
> - err = -ENOMEM;
> - goto out_unlock;
> - }
> + if (cmsgs->init) {
> + struct sctp_initmsg *init = cmsgs->init;
>
> - pr_debug("%s: aborting association:%p\n",
> - __func__, asoc);
> + if (init->sinit_num_ostreams) {
> + __u16 outcnt = init->sinit_num_ostreams;
>
> - sctp_primitive_ABORT(net, asoc, chunk);
> - err = 0;
> - goto out_unlock;
> + asoc->c.sinit_num_ostreams = outcnt;
> + /* outcnt has been changed, need to re-init stream */
> + err = sctp_stream_init(&asoc->stream, outcnt, 0,
> + GFP_KERNEL);
> + if (err)
> + goto free;
> }
> +
> + if (init->sinit_max_instreams)
> + asoc->c.sinit_max_instreams = init->sinit_max_instreams;
> +
> + if (init->sinit_max_attempts)
> + asoc->max_init_attempts = init->sinit_max_attempts;
> +
> + if (init->sinit_max_init_timeo)
> + asoc->max_init_timeo =
> + msecs_to_jiffies(init->sinit_max_init_timeo);
> }
>
> - /* Do we need to create the association? */
> - if (!asoc) {
> - pr_debug("%s: there is no association yet\n", __func__);
> + *tp = sctp_assoc_add_peer(asoc, daddr, GFP_KERNEL, SCTP_UNKNOWN);
> + if (!*tp) {
> + err = -ENOMEM;
> + goto free;
> + }
>
> - if (sinfo_flags & (SCTP_EOF | SCTP_ABORT)) {
> - err = -EINVAL;
> - goto out_unlock;
> - }
> + if (!cmsgs->addrs_msg)
> + return 0;
>
> - /* Check for invalid stream against the stream counts,
> - * either the default or the user specified stream counts.
> - */
> - if (sinfo) {
> - if (!sinit || !sinit->sinit_num_ostreams) {
> - /* Check against the defaults. */
> - if (sinfo->sinfo_stream >=
> - sp->initmsg.sinit_num_ostreams) {
> - err = -EINVAL;
> - goto out_unlock;
> - }
> - } else {
> - /* Check against the requested. */
> - if (sinfo->sinfo_stream >=
> - sinit->sinit_num_ostreams) {
> - err = -EINVAL;
> - goto out_unlock;
> - }
> - }
> - }
> + /* sendv addr list parse */
> + for_each_cmsghdr(cmsg, cmsgs->addrs_msg) {
> + struct sctp_transport *transport;
> + struct sctp_association *old;
> + union sctp_addr _daddr;
> + int dlen;
>
> - /*
> - * API 3.1.2 bind() - UDP Style Syntax
> - * If a bind() or sctp_bindx() is not called prior to a
> - * sendmsg() call that initiates a new association, the
> - * system picks an ephemeral port and will choose an address
> - * set equivalent to binding with a wildcard address.
> - */
> - if (!ep->base.bind_addr.port) {
> - if (sctp_autobind(sk)) {
> - err = -EAGAIN;
> - goto out_unlock;
> - }
> - } else {
> - /*
> - * If an unprivileged user inherits a one-to-many
> - * style socket with open associations on a privileged
> - * port, it MAY be permitted to accept new associations,
> - * but it SHOULD NOT be permitted to open new
> - * associations.
> - */
> - if (ep->base.bind_addr.port < inet_prot_sock(net) &&
> - !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) {
> - err = -EACCES;
> - goto out_unlock;
> - }
> - }
> + if (cmsg->cmsg_level != IPPROTO_SCTP ||
> + (cmsg->cmsg_type != SCTP_DSTADDRV4 &&
> + cmsg->cmsg_type != SCTP_DSTADDRV6))
> + continue;
>
> - scope = sctp_scope(&to);
> + daddr = &_daddr;
> + memset(daddr, 0, sizeof(*daddr));
> + dlen = cmsg->cmsg_len - sizeof(struct cmsghdr);
> + if (cmsg->cmsg_type == SCTP_DSTADDRV4) {
> + if (dlen < sizeof(struct in_addr))
> + goto free;
> +
> + dlen = sizeof(struct in_addr);
> + daddr->v4.sin_family = AF_INET;
> + daddr->v4.sin_port = htons(asoc->peer.port);
> + memcpy(&daddr->v4.sin_addr, CMSG_DATA(cmsg), dlen);
> + } else {
> + if (dlen < sizeof(struct in6_addr))
> + goto free;
>
> - /* Label connection socket for first association 1-to-many
> - * style for client sequence socket()->sendmsg(). This
> - * needs to be done before sctp_assoc_add_peer() as that will
> - * set up the initial packet that needs to account for any
> - * security ip options (CIPSO/CALIPSO) added to the packet.
> - */
> - af = sctp_get_af_specific(to.sa.sa_family);
> - if (!af) {
> - err = -EINVAL;
> - goto out_unlock;
> + dlen = sizeof(struct in6_addr);
> + daddr->v6.sin6_family = AF_INET6;
> + daddr->v6.sin6_port = htons(asoc->peer.port);
> + memcpy(&daddr->v6.sin6_addr, CMSG_DATA(cmsg), dlen);
> }
> - err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
> - (struct sockaddr *)&to,
> - af->sockaddr_len);
> - if (err < 0)
> - goto out_unlock;
> + err = sctp_verify_addr(sk, daddr, sizeof(*daddr));
> + if (err)
> + goto free;
>
> - new_asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
> - if (!new_asoc) {
> - err = -ENOMEM;
> - goto out_unlock;
> - }
> - asoc = new_asoc;
> - err = sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL);
> - if (err < 0) {
> - err = -ENOMEM;
> - goto out_free;
> + old = sctp_endpoint_lookup_assoc(ep, daddr, &transport);
> + if (old && old != asoc) {
> + if (old->state >= SCTP_STATE_ESTABLISHED)
> + err = -EISCONN;
> + else
> + err = -EALREADY;
> + goto free;
> }
>
> - /* If the SCTP_INIT ancillary data is specified, set all
> - * the association init values accordingly.
> - */
> - if (sinit) {
> - if (sinit->sinit_num_ostreams) {
> - __u16 outcnt = sinit->sinit_num_ostreams;
> -
> - asoc->c.sinit_num_ostreams = outcnt;
> - /* outcnt has been changed, so re-init stream */
> - err = sctp_stream_init(&asoc->stream, outcnt, 0,
> - GFP_KERNEL);
> - if (err)
> - goto out_free;
> - }
> - if (sinit->sinit_max_instreams) {
> - asoc->c.sinit_max_instreams =
> - sinit->sinit_max_instreams;
> - }
> - if (sinit->sinit_max_attempts) {
> - asoc->max_init_attempts
> - = sinit->sinit_max_attempts;
> - }
> - if (sinit->sinit_max_init_timeo) {
> - asoc->max_init_timeo =
> - msecs_to_jiffies(sinit->sinit_max_init_timeo);
> - }
> + if (sctp_endpoint_is_peeled_off(ep, daddr)) {
> + err = -EADDRNOTAVAIL;
> + goto free;
> }
>
> - /* Prime the peer's transport structures. */
> - transport = sctp_assoc_add_peer(asoc, &to, GFP_KERNEL, SCTP_UNKNOWN);
> + transport = sctp_assoc_add_peer(asoc, daddr, GFP_KERNEL,
> + SCTP_UNKNOWN);
> if (!transport) {
> err = -ENOMEM;
> - goto out_free;
> + goto free;
> }
> }
>
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-08 13:00 ` Paul Moore
@ 2018-03-08 13:12 ` Xin Long
0 siblings, 0 replies; 20+ messages in thread
From: Xin Long @ 2018-03-08 13:12 UTC (permalink / raw)
To: Paul Moore
Cc: David Miller, Networking, Linux-Next Mailing List,
Linux Kernel Mailing List, Richard Haines, Stephen Rothwell
On Thu, Mar 8, 2018 at 9:00 PM, Paul Moore <paul@paul-moore.com> wrote:
> On Wed, Mar 7, 2018 at 9:07 PM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>> Hi all,
>>
>> On Mon, 5 Mar 2018 12:40:54 +1100 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>>>
>>> Today's linux-next merge of the selinux tree got a conflict in:
>>>
>>> net/sctp/socket.c
>>>
>>> between several refactoring commits from the net-next tree and commit:
>>>
>>> 2277c7cd75e3 ("sctp: Add LSM hooks")
>>>
>>> from the selinux tree.
>>>
>>> I fixed it up (I think - see below) and can carry the fix as
>>> necessary. This is now fixed as far as linux-next is concerned, but any
>>> non trivial conflicts should be mentioned to your upstream maintainer
>>> when your tree is submitted for merging. You may also want to consider
>>> cooperating with the maintainer of the conflicting tree to minimise any
>>> particularly complex conflicts.
>>>
>>> --
>>> Cheers,
>>> Stephen Rothwell
>>
>> The resolution now looks like below (there were more changes to this
>> file in the net-next tree). It will keep changing every time this file
>> is touched :-(
>
> Xin Long, does this still look okay to you?
Yes, it's good.
I forgot "struct sctp_af *af;" would be there there when submitting:
commit 2c0dbaa sctp: add support for SCTP_DSTADDRV4/6 Information for sendmsg
and should have put some notes for David.
Thanks for your reminding.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-08 2:07 ` Stephen Rothwell
2018-03-08 13:00 ` Paul Moore
@ 2018-03-08 13:29 ` Xin Long
2018-03-09 12:52 ` Marcelo Ricardo Leitner
2 siblings, 0 replies; 20+ messages in thread
From: Xin Long @ 2018-03-08 13:29 UTC (permalink / raw)
To: Stephen Rothwell
Cc: Paul Moore, David Miller, Networking, Linux-Next Mailing List,
Linux Kernel Mailing List, Richard Haines,
Marcelo Ricardo Leitner
On Thu, Mar 8, 2018 at 10:07 AM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> Hi all,
>
> On Mon, 5 Mar 2018 12:40:54 +1100 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>>
>> Today's linux-next merge of the selinux tree got a conflict in:
>>
>> net/sctp/socket.c
>>
>> between several refactoring commits from the net-next tree and commit:
>>
>> 2277c7cd75e3 ("sctp: Add LSM hooks")
>>
>> from the selinux tree.
>>
>> I fixed it up (I think - see below) and can carry the fix as
>> necessary. This is now fixed as far as linux-next is concerned, but any
>> non trivial conflicts should be mentioned to your upstream maintainer
>> when your tree is submitted for merging. You may also want to consider
>> cooperating with the maintainer of the conflicting tree to minimise any
>> particularly complex conflicts.
>>
>> --
>> Cheers, it
>> Stephen Rothwell
>
> The resolution now looks like below (there were more changes to this
> file in the net-next tree). It will keep changing every time this file
> is touched :-(
This is the last change causing this conflict, as it touched
sctp_sendmsg_new_asoc.
The following patches for sctp update that will be posted soon will
NOT touch this function again.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2018-03-08 2:07 ` Stephen Rothwell
2018-03-08 13:00 ` Paul Moore
2018-03-08 13:29 ` Xin Long
@ 2018-03-09 12:52 ` Marcelo Ricardo Leitner
2 siblings, 0 replies; 20+ messages in thread
From: Marcelo Ricardo Leitner @ 2018-03-09 12:52 UTC (permalink / raw)
To: Stephen Rothwell
Cc: Paul Moore, David Miller, Networking, Linux-Next Mailing List,
Linux Kernel Mailing List, Richard Haines, Xin Long
On Thu, Mar 08, 2018 at 01:07:03PM +1100, Stephen Rothwell wrote:
> The resolution now looks like below (there were more changes to this
> file in the net-next tree). It will keep changing every time this file
> is touched :-(
Ugh, sorry for that, Stephen.
Considering how much of a hassle this already is, I'll hold off the
mtu refactoring I have and only post it when all this reaches Linus'
tree. This refactoring is touching nearly every single line that the
SELinux patches touched too (where it added accounting for the IP
options) and the fixup would be a complete nightmare.
Probably I won't be able to post the sctp_outq_flush refactoring too,
but I have to check that more carefully.
Marcelo
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2012-01-05 22:15 ` Stephen Rothwell
@ 2012-01-05 22:51 ` Eric Paris
0 siblings, 0 replies; 20+ messages in thread
From: Eric Paris @ 2012-01-05 22:51 UTC (permalink / raw)
To: Stephen Rothwell
Cc: Paul Moore, linux-next, linux-kernel, Andrei Emeltchenko,
David Miller, netdev, Gustavo F. Padovan
On Fri, 2012-01-06 at 09:15 +1100, Stephen Rothwell wrote:
> Hi Paul,
>
> On Thu, 05 Jan 2012 16:25:53 -0500 Paul Moore <pmoore@redhat.com> wrote:
> >
> > On Thursday, January 05, 2012 03:12:55 PM Stephen Rothwell wrote:
> > >
> > > Today's linux-next merge of the selinux tree got a conflict in
> > > net/bluetooth/l2cap_sock.c between commit 15770b1ab974 ("Bluetooth:
> > > convert force_active variable to flag in l2cap chan") from the net-next
> > > tree and commit 53860f3d0499 ("bluetooth: Properly clone LSM attributes
> > > to newly created child connections") from the selinux tree.
> > >
> > > These both remove the same line, but there is probably something more
> > > subtle going on ... I just used the version from the net-next tree.
> >
> > Something is a bit odd. When I look in the current linux-next tree I see two
> > commits which fix a Bluetooth/LSM bug; the first is correct, the second one
> > appears to be some other commit which just hijacked the description from the
> > first ... I have no idea what is going on in the second commit; I'll leave
> > that to you git gurus :)
> >
> > * Correct commit -> 6230c9b4f8957c8938ee4cf2d03166d3c2dc89de
>
> That is a commit in Linus' tree before v3.1
>
> > * Garbage commit -> 53860f3d0499992855d58e33f0f79bfe642dfccb
>
> That is the commit in the selinux tree. This should be unnecessary as
> the selinux tree is based on v3.1 (and I basically ignored it in the
> merge resolution).
Thanks paul... This must be a result of me rebasing my tree onto 3.1.
No way I should have left this garbage. It doesn't make sense. I think
I'll rewrite history for tomorrow since noone is going to notice or
care...
-Eric
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2012-01-05 21:25 ` Paul Moore
@ 2012-01-05 22:15 ` Stephen Rothwell
2012-01-05 22:51 ` Eric Paris
0 siblings, 1 reply; 20+ messages in thread
From: Stephen Rothwell @ 2012-01-05 22:15 UTC (permalink / raw)
To: Paul Moore
Cc: Eric Paris, linux-next, linux-kernel, Andrei Emeltchenko,
David Miller, netdev, Gustavo F. Padovan
[-- Attachment #1: Type: text/plain, Size: 1489 bytes --]
Hi Paul,
On Thu, 05 Jan 2012 16:25:53 -0500 Paul Moore <pmoore@redhat.com> wrote:
>
> On Thursday, January 05, 2012 03:12:55 PM Stephen Rothwell wrote:
> >
> > Today's linux-next merge of the selinux tree got a conflict in
> > net/bluetooth/l2cap_sock.c between commit 15770b1ab974 ("Bluetooth:
> > convert force_active variable to flag in l2cap chan") from the net-next
> > tree and commit 53860f3d0499 ("bluetooth: Properly clone LSM attributes
> > to newly created child connections") from the selinux tree.
> >
> > These both remove the same line, but there is probably something more
> > subtle going on ... I just used the version from the net-next tree.
>
> Something is a bit odd. When I look in the current linux-next tree I see two
> commits which fix a Bluetooth/LSM bug; the first is correct, the second one
> appears to be some other commit which just hijacked the description from the
> first ... I have no idea what is going on in the second commit; I'll leave
> that to you git gurus :)
>
> * Correct commit -> 6230c9b4f8957c8938ee4cf2d03166d3c2dc89de
That is a commit in Linus' tree before v3.1
> * Garbage commit -> 53860f3d0499992855d58e33f0f79bfe642dfccb
That is the commit in the selinux tree. This should be unnecessary as
the selinux tree is based on v3.1 (and I basically ignored it in the
merge resolution).
--
Cheers,
Stephen Rothwell sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: linux-next: manual merge of the selinux tree with the net-next tree
2012-01-05 4:12 ` Stephen Rothwell
(?)
@ 2012-01-05 21:25 ` Paul Moore
2012-01-05 22:15 ` Stephen Rothwell
-1 siblings, 1 reply; 20+ messages in thread
From: Paul Moore @ 2012-01-05 21:25 UTC (permalink / raw)
To: Stephen Rothwell
Cc: Eric Paris, linux-next, linux-kernel, Andrei Emeltchenko,
David Miller, netdev, Gustavo F. Padovan
On Thursday, January 05, 2012 03:12:55 PM Stephen Rothwell wrote:
> Hi Eric,
>
> Today's linux-next merge of the selinux tree got a conflict in
> net/bluetooth/l2cap_sock.c between commit 15770b1ab974 ("Bluetooth:
> convert force_active variable to flag in l2cap chan") from the net-next
> tree and commit 53860f3d0499 ("bluetooth: Properly clone LSM attributes
> to newly created child connections") from the selinux tree.
>
> These both remove the same line, but there is probably something more
> subtle going on ... I just used the version from the net-next tree.
Something is a bit odd. When I look in the current linux-next tree I see two
commits which fix a Bluetooth/LSM bug; the first is correct, the second one
appears to be some other commit which just hijacked the description from the
first ... I have no idea what is going on in the second commit; I'll leave
that to you git gurus :)
* Correct commit -> 6230c9b4f8957c8938ee4cf2d03166d3c2dc89de
* Garbage commit -> 53860f3d0499992855d58e33f0f79bfe642dfccb
--
paul moore
virtualization @ redhat
^ permalink raw reply [flat|nested] 20+ messages in thread
* linux-next: manual merge of the selinux tree with the net-next tree
@ 2012-01-05 4:12 ` Stephen Rothwell
0 siblings, 0 replies; 20+ messages in thread
From: Stephen Rothwell @ 2012-01-05 4:12 UTC (permalink / raw)
To: Eric Paris
Cc: linux-next, linux-kernel, Paul Moore, Andrei Emeltchenko,
David Miller, netdev, Gustavo F. Padovan
[-- Attachment #1: Type: text/plain, Size: 602 bytes --]
Hi Eric,
Today's linux-next merge of the selinux tree got a conflict in
net/bluetooth/l2cap_sock.c between commit 15770b1ab974 ("Bluetooth:
convert force_active variable to flag in l2cap chan") from the net-next
tree and commit 53860f3d0499 ("bluetooth: Properly clone LSM attributes
to newly created child connections") from the selinux tree.
These both remove the same line, but there is probably something more
subtle going on ... I just used the version from the net-next tree.
--
Cheers,
Stephen Rothwell sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 20+ messages in thread
* linux-next: manual merge of the selinux tree with the net-next tree
@ 2012-01-05 4:12 ` Stephen Rothwell
0 siblings, 0 replies; 20+ messages in thread
From: Stephen Rothwell @ 2012-01-05 4:12 UTC (permalink / raw)
To: Eric Paris
Cc: linux-next, linux-kernel, Paul Moore, Andrei Emeltchenko,
David Miller, netdev, Gustavo F. Padovan
[-- Attachment #1: Type: text/plain, Size: 602 bytes --]
Hi Eric,
Today's linux-next merge of the selinux tree got a conflict in
net/bluetooth/l2cap_sock.c between commit 15770b1ab974 ("Bluetooth:
convert force_active variable to flag in l2cap chan") from the net-next
tree and commit 53860f3d0499 ("bluetooth: Properly clone LSM attributes
to newly created child connections") from the selinux tree.
These both remove the same line, but there is probably something more
subtle going on ... I just used the version from the net-next tree.
--
Cheers,
Stephen Rothwell sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2018-03-09 12:52 UTC | newest]
Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-05 1:40 linux-next: manual merge of the selinux tree with the net-next tree Stephen Rothwell
2018-03-05 7:03 ` Xin Long
2018-03-07 16:34 ` Paul Moore
2018-03-07 16:41 ` David Miller
2018-03-07 17:27 ` Paul Moore
2018-03-07 17:45 ` David Miller
2018-03-07 20:20 ` Paul Moore
2018-03-07 20:24 ` David Miller
2018-03-07 20:26 ` David Miller
2018-03-07 23:28 ` Paul Moore
2018-03-08 2:07 ` Stephen Rothwell
2018-03-08 13:00 ` Paul Moore
2018-03-08 13:12 ` Xin Long
2018-03-08 13:29 ` Xin Long
2018-03-09 12:52 ` Marcelo Ricardo Leitner
-- strict thread matches above, loose matches on Subject: below --
2012-01-05 4:12 Stephen Rothwell
2012-01-05 4:12 ` Stephen Rothwell
2012-01-05 21:25 ` Paul Moore
2012-01-05 22:15 ` Stephen Rothwell
2012-01-05 22:51 ` Eric Paris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.