An error occurred fetching the project authors.
  1. 25 Apr, 2013 1 commit
  2. 07 Apr, 2013 1 commit
    • Mathias Krause's avatar
      NFC: llcp: fix info leaks via msg_name in llcp_sock_recvmsg() · d26d6504
      Mathias Krause authored
      The code in llcp_sock_recvmsg() does not initialize all the members of
      struct sockaddr_nfc_llcp when filling the sockaddr info. Nor does it
      initialize the padding bytes of the structure inserted by the compiler
      for alignment.
      
      Also, if the socket is in state LLCP_CLOSED or is shutting down during
      receive the msg_namelen member is not updated to 0 while otherwise
      returning with 0, i.e. "success". The msg_namelen update is also
      missing for stream and seqpacket sockets which don't fill the sockaddr
      info.
      
      Both issues lead to the fact that the code will leak uninitialized
      kernel stack bytes in net/socket.c.
      
      Fix the first issue by initializing the memory used for sockaddr info
      with memset(0). Fix the second one by setting msg_namelen to 0 early.
      It will be updated later if we're going to fill the msg_name member.
      
      Cc: Lauro Ramos Venancio <lauro.venancio@openbossa.org>
      Cc: Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
      Cc: Samuel Ortiz <sameo@linux.intel.com>
      Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d26d6504
  3. 26 Mar, 2013 1 commit
  4. 20 Mar, 2013 1 commit
  5. 08 Mar, 2013 1 commit
  6. 11 Jan, 2013 2 commits
  7. 09 Jan, 2013 2 commits
  8. 13 Dec, 2012 1 commit
  9. 26 Oct, 2012 3 commits
  10. 04 Oct, 2012 1 commit
  11. 27 Sep, 2012 1 commit
    • Thierry Escande's avatar
      NFC: LLCP raw socket support · 4463523b
      Thierry Escande authored
      This adds support for socket of type SOCK_RAW to LLCP.
      sk_buff are copied and sent to raw sockets with a 2 bytes extra header:
      The first byte header contains the nfc adapter index.
      The second one contains flags:
      - 0x01 - Direction (0=RX, 1=TX)
      - 0x02-0x80 - Reserved
      A raw socket has to be explicitly bound to a nfc adapter. This is achieved
      by specifying the adapter index to be bound to in the dev_idx field of the
      sockaddr_nfc_llcp struct passed to bind().
      Signed-off-by: default avatarThierry Escande <thierry.escande@linux.intel.com>
      Signed-off-by: default avatarSamuel Ortiz <sameo@linux.intel.com>
      4463523b
  12. 24 Sep, 2012 1 commit
  13. 09 Jul, 2012 6 commits
    • Samuel Ortiz's avatar
      NFC: Check for llcp_sock and its device from llcp_sock_getname · fe3c094a
      Samuel Ortiz authored
      They both can potentially be NULL.
      Signed-off-by: default avatarSamuel Ortiz <sameo@linux.intel.com>
      fe3c094a
    • Samuel Ortiz's avatar
    • Samuel Ortiz's avatar
      NFC: Forbid LLCP service name reusing · 8b7e8eda
      Samuel Ortiz authored
      This patch fixes a typo and return the correct error when trying to
      bind 2 sockets to the same service name.
      Signed-off-by: default avatarSamuel Ortiz <sameo@linux.intel.com>
      8b7e8eda
    • Samuel Ortiz's avatar
      NFC: Release LLCP SAP when the owner is released · cbbf4721
      Samuel Ortiz authored
      The LLCP SAP should only be freed when the socket owning it is released.
      As long as the socket is alive, the SAP should be reserved in order to
      e.g. send the right wks array when bringing the MAC up.
      Signed-off-by: default avatarSamuel Ortiz <sameo@linux.intel.com>
      cbbf4721
    • Samuel Ortiz's avatar
      NFC: Fix LLCP getname socket op · 12e5bdfe
      Samuel Ortiz authored
      Set the right target index and use a better socket declaration routine.
      Signed-off-by: default avatarSamuel Ortiz <sameo@linux.intel.com>
      12e5bdfe
    • Sasha Levin's avatar
      NFC: Prevent NULL deref when getting socket name · 147f20e3
      Sasha Levin authored
      llcp_sock_getname can be called without a device attached to the nfc_llcp_sock.
      
      This would lead to the following BUG:
      
      [  362.341807] BUG: unable to handle kernel NULL pointer dereference at           (null)
      [  362.341815] IP: [<ffffffff836258e5>] llcp_sock_getname+0x75/0xc0
      [  362.341818] PGD 31b35067 PUD 30631067 PMD 0
      [  362.341821] Oops: 0000 [#627] PREEMPT SMP DEBUG_PAGEALLOC
      [  362.341826] CPU 3
      [  362.341827] Pid: 7816, comm: trinity-child55 Tainted: G      D W    3.5.0-rc4-next-20120628-sasha-00005-g9f23eb7 #479
      [  362.341831] RIP: 0010:[<ffffffff836258e5>]  [<ffffffff836258e5>] llcp_sock_getname+0x75/0xc0
      [  362.341832] RSP: 0018:ffff8800304fde88  EFLAGS: 00010286
      [  362.341834] RAX: 0000000000000000 RBX: ffff880033cb8000 RCX: 0000000000000001
      [  362.341835] RDX: ffff8800304fdec4 RSI: ffff8800304fdec8 RDI: ffff8800304fdeda
      [  362.341836] RBP: ffff8800304fdea8 R08: 7ebcebcb772b7ffb R09: 5fbfcb9c35bdfd53
      [  362.341838] R10: 4220020c54326244 R11: 0000000000000246 R12: ffff8800304fdec8
      [  362.341839] R13: ffff8800304fdec4 R14: ffff8800304fdec8 R15: 0000000000000044
      [  362.341841] FS:  00007effa376e700(0000) GS:ffff880035a00000(0000) knlGS:0000000000000000
      [  362.341843] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  362.341844] CR2: 0000000000000000 CR3: 0000000030438000 CR4: 00000000000406e0
      [  362.341851] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [  362.341856] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      [  362.341858] Process trinity-child55 (pid: 7816, threadinfo ffff8800304fc000, task ffff880031270000)
      [  362.341858] Stack:
      [  362.341862]  ffff8800304fdea8 ffff880035156780 0000000000000000 0000000000001000
      [  362.341865]  ffff8800304fdf78 ffffffff83183b40 00000000304fdec8 0000006000000000
      [  362.341868]  ffff8800304f0027 ffffffff83729649 ffff8800304fdee8 ffff8800304fdf48
      [  362.341869] Call Trace:
      [  362.341874]  [<ffffffff83183b40>] sys_getpeername+0xa0/0x110
      [  362.341877]  [<ffffffff83729649>] ? _raw_spin_unlock_irq+0x59/0x80
      [  362.341882]  [<ffffffff810f342b>] ? do_setitimer+0x23b/0x290
      [  362.341886]  [<ffffffff81985ede>] ? trace_hardirqs_on_thunk+0x3a/0x3f
      [  362.341889]  [<ffffffff8372a539>] system_call_fastpath+0x16/0x1b
      [  362.341921] Code: 84 00 00 00 00 00 b8 b3 ff ff ff 48 85 db 74 54 66 41 c7 04 24 27 00 49 8d 7c 24 12 41 c7 45 00 60 00 00 00 48 8b 83 28 05 00 00 <8b> 00 41 89 44 24 04 0f b6 83 41 05 00 00 41 88 44 24 10 0f b6
      [  362.341924] RIP  [<ffffffff836258e5>] llcp_sock_getname+0x75/0xc0
      [  362.341925]  RSP <ffff8800304fde88>
      [  362.341926] CR2: 0000000000000000
      [  362.341928] ---[ end trace 6d450e935ee18bf3 ]---
      Signed-off-by: default avatarSasha Levin <levinsasha928@gmail.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      147f20e3
  14. 08 Jun, 2012 1 commit
  15. 04 Jun, 2012 4 commits
  16. 15 May, 2012 2 commits
  17. 06 Mar, 2012 4 commits
  18. 14 Dec, 2011 1 commit
    • Samuel Ortiz's avatar
      NFC: Initial LLCP support · d646960f
      Samuel Ortiz authored
      This patch is an initial implementation for the NFC Logical Link Control
      protocol. It's also known as NFC peer to peer mode.
      This is a basic implementation as it lacks SDP (services Discovery
      Protocol), frames aggregation support, and frame rejecion parsing.
      Follow up patches will implement those missing features.
      This code has been tested against a Nexus S phone implementing LLCP 1.0.
      Signed-off-by: default avatarSamuel Ortiz <sameo@linux.intel.com>
      Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      d646960f