1. 01 Jun, 2015 4 commits
    • Florian Fainelli's avatar
      net: dsa: Properly propagate errors from dsa_switch_setup_one · 24595346
      Florian Fainelli authored
      While shuffling some code around, dsa_switch_setup_one() was introduced,
      and it was modified to return either an error code using ERR_PTR() or a
      NULL pointer when running out of memory or failing to setup a switch.
      
      This is a problem for its caler: dsa_switch_setup() which uses IS_ERR()
      and expects to find an error code, not a NULL pointer, so we still try
      to proceed with dsa_switch_setup() and operate on invalid memory
      addresses. This can be easily reproduced by having e.g: the bcm_sf2
      driver built-in, but having no such switch, such that drv->setup will
      fail.
      
      Fix this by using PTR_ERR() consistently which is both more informative
      and avoids for the caller to use IS_ERR_OR_NULL().
      
      Fixes: df197195 ("net: dsa: split dsa_switch_setup into two functions")
      Reported-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Tested-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      24595346
    • Neal Cardwell's avatar
      tcp: fix child sockets to use system default congestion control if not set · 9f950415
      Neal Cardwell authored
      Linux 3.17 and earlier are explicitly engineered so that if the app
      doesn't specifically request a CC module on a listener before the SYN
      arrives, then the child gets the system default CC when the connection
      is established. See tcp_init_congestion_control() in 3.17 or earlier,
      which says "if no choice made yet assign the current value set as
      default". The change ("net: tcp: assign tcp cong_ops when tcp sk is
      created") altered these semantics, so that children got their parent
      listener's congestion control even if the system default had changed
      after the listener was created.
      
      This commit returns to those original semantics from 3.17 and earlier,
      since they are the original semantics from 2007 in 4d4d3d1e ("[TCP]:
      Congestion control initialization."), and some Linux congestion
      control workflows depend on that.
      
      In summary, if a listener socket specifically sets TCP_CONGESTION to
      "x", or the route locks the CC module to "x", then the child gets
      "x". Otherwise the child gets current system default from
      net.ipv4.tcp_congestion_control. That's the behavior in 3.17 and
      earlier, and this commit restores that.
      
      Fixes: 55d8694f ("net: tcp: assign tcp cong_ops when tcp sk is created")
      Cc: Florian Westphal <fw@strlen.de>
      Cc: Daniel Borkmann <dborkman@redhat.com>
      Cc: Glenn Judd <glenn.judd@morganstanley.com>
      Cc: Stephen Hemminger <stephen@networkplumber.org>
      Signed-off-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarYuchung Cheng <ycheng@google.com>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9f950415
    • Eric Dumazet's avatar
      udp: fix behavior of wrong checksums · beb39db5
      Eric Dumazet authored
      We have two problems in UDP stack related to bogus checksums :
      
      1) We return -EAGAIN to application even if receive queue is not empty.
         This breaks applications using edge trigger epoll()
      
      2) Under UDP flood, we can loop forever without yielding to other
         processes, potentially hanging the host, especially on non SMP.
      
      This patch is an attempt to make things better.
      
      We might in the future add extra support for rt applications
      wanting to better control time spent doing a recv() in a hostile
      environment. For example we could validate checksums before queuing
      packets in socket receive queue.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Willem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      beb39db5
    • Daniel Pieczko's avatar
      sfc: free multiple Rx buffers when required · 9eb0a5d1
      Daniel Pieczko authored
      When Rx packet data must be dropped, all the buffers
      associated with that Rx packet must be freed. Extend
      and rename efx_free_rx_buffer() to efx_free_rx_buffers()
      and loop through all the fragments.
      By doing so this patch fixes a possible memory leak.
      Signed-off-by: default avatarShradha Shah <sshah@solarflare.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9eb0a5d1
  2. 31 May, 2015 6 commits
  3. 29 May, 2015 2 commits
    • David S. Miller's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec · 5aab0e8a
      David S. Miller authored
      Steffen Klassert says:
      
      ====================
      pull request (net): ipsec 2015-05-28
      
      1) Fix a race in xfrm_state_lookup_byspi, we need to take
         the refcount before we release xfrm_state_lock.
         From Li RongQing.
      
      2) Fix IV generation on ESN state. We used just the
         low order sequence numbers for IV generation on
         ESN, as a result the IV can repeat on the same
         state. Fix this by using the  high order sequence
         number bits too and make sure to always initialize
         the high order bits with zero. These patches are
         serious stable candidates. Fixes from Herbert Xu.
      
      3) Fix the skb->mark handling on vti. We don't
         reset skb->mark in skb_scrub_packet anymore,
         so vti must care to restore the original
         value back after it was used to lookup the
         vti policy and state. Fixes from Alexander Duyck.
      
      Please pull or let me know if there are problems.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5aab0e8a
    • Roger Luethi's avatar
      via-rhine: Resigning as maintainer · 210347e1
      Roger Luethi authored
      I don't have enough time to look after via-rhine anymore.
      Signed-off-by: default avatarRoger Luethi <rl@hellgate.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      210347e1
  4. 28 May, 2015 4 commits
  5. 27 May, 2015 18 commits
    • Linus Torvalds's avatar
      Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 · de182468
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Back from SambaXP - now have 8 small CIFS bug fixes to merge"
      
      * 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
        CIFS: Fix race condition on RFC1002_NEGATIVE_SESSION_RESPONSE
        Fix to convert SURROGATE PAIR
        cifs: potential missing check for posix_lock_file_wait
        Fix to check Unique id and FileType when client refer file directly.
        CIFS: remove an unneeded NULL check
        [cifs] fix null pointer check
        Fix that several functions handle incorrect value of mapchars
        cifs: Don't replace dentries for dfs mounts
      de182468
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 8f98bcdf
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Don't use MMIO on certain iwlwifi devices otherwise we get a
          firmware crash.
      
       2) Don't corrupt the GRO lists of mac80211 contexts by doing sends via
          timer interrupt, from Johannes Berg.
      
       3) SKB tailroom is miscalculated in AP_VLAN crypto code, from Michal
          Kazior.
      
       4) Fix fw_status memory leak in iwlwifi, from Haim Dreyfuss.
      
       5) Fix use after free in iwl_mvm_d0i3_enable_tx(), from Eliad Peller.
      
       6) JIT'ing of large BPF programs is broken on x86, from Alexei
          Starovoitov.
      
       7) EMAC driver ethtool register dump size is miscalculated, from Ivan
          Mikhaylov.
      
       8) Fix PHY initial link mode when autonegotiation is disabled in
          amd-xgbe, from Tom Lendacky.
      
       9) Fix NULL deref on SOCK_DEAD socket in AF_UNIX and CAIF protocols,
          from Mark Salyzyn.
      
      10) credit_bytes not initialized properly in xen-netback, from Ross
         Lagerwall.
      
      11) Fallback from MSI-X to INTx interrupts not handled properly in mlx4
          driver, fix from Benjamin Poirier.
      
      12) Perform ->attach() after binding dev->qdisc in packet scheduler,
          otherwise we can crash.  From Cong WANG.
      
      13) Don't clobber data in sctp_v4_map_v6().  From Jason Gunthorpe.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (30 commits)
        sctp: Fix mangled IPv4 addresses on a IPv6 listening socket
        net_sched: invoke ->attach() after setting dev->qdisc
        xen-netfront: properly destroy queues when removing device
        mlx4_core: Fix fallback from MSI-X to INTx
        xen/netback: Properly initialize credit_bytes
        net: netxen: correct sysfs bin attribute return code
        tools: bpf_jit_disasm: fix segfault on disabled debugging log output
        unix/caif: sk_socket can disappear when state is unlocked
        amd-xgbe-phy: Fix initial mode when autoneg is disabled
        net: dp83640: fix improper double spin locking.
        net: dp83640: reinforce locking rules.
        net: dp83640: fix broken calibration routine.
        net: stmmac: create one debugfs dir per net-device
        net/ibm/emac: fix size of emac dump memory areas
        x86: bpf_jit: fix compilation of large bpf programs
        net: phy: bcm7xxx: Fix 7425 PHY ID and flags
        iwlwifi: mvm: avoid use-after-free on iwl_mvm_d0i3_enable_tx()
        iwlwifi: mvm: clean net-detect info if device was reset during suspend
        iwlwifi: mvm: take the UCODE_DOWN reference when resuming
        iwlwifi: mvm: BT Coex - duplicate the command if sent ASYNC
        ...
      8f98bcdf
    • Jason Gunthorpe's avatar
      sctp: Fix mangled IPv4 addresses on a IPv6 listening socket · 9302d7bb
      Jason Gunthorpe authored
      sctp_v4_map_v6 was subtly writing and reading from members
      of a union in a way the clobbered data it needed to read before
      it read it.
      
      Zeroing the v6 flowinfo overwrites the v4 sin_addr with 0, meaning
      that every place that calls sctp_v4_map_v6 gets ::ffff:0.0.0.0 as the
      result.
      
      Reorder things to guarantee correct behaviour no matter what the
      union layout is.
      
      This impacts user space clients that open an IPv6 SCTP socket and
      receive IPv4 connections. Prior to 299ee user space would see a
      sockaddr with AF_INET and a correct address, after 299ee the sockaddr
      is AF_INET6, but the address is wrong.
      
      Fixes: 299ee123 (sctp: Fixup v4mapped behaviour to comply with Sock API)
      Signed-off-by: default avatarJason Gunthorpe <jgunthorpe@obsidianresearch.com>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9302d7bb
    • WANG Cong's avatar
      net_sched: invoke ->attach() after setting dev->qdisc · 86e363dc
      WANG Cong authored
      For mq qdisc, we add per tx queue qdisc to root qdisc
      for display purpose, however, that happens too early,
      before the new dev->qdisc is finally set, this causes
      q->list points to an old root qdisc which is going to be
      freed right before assigning with a new one.
      
      Fix this by moving ->attach() after setting dev->qdisc.
      
      For the record, this fixes the following crash:
      
       ------------[ cut here ]------------
       WARNING: CPU: 1 PID: 975 at lib/list_debug.c:59 __list_del_entry+0x5a/0x98()
       list_del corruption. prev->next should be ffff8800d1998ae8, but was 6b6b6b6b6b6b6b6b
       CPU: 1 PID: 975 Comm: tc Not tainted 4.1.0-rc4+ #1019
       Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
        0000000000000009 ffff8800d73fb928 ffffffff81a44e7f 0000000047574756
        ffff8800d73fb978 ffff8800d73fb968 ffffffff810790da ffff8800cfc4cd20
        ffffffff814e725b ffff8800d1998ae8 ffffffff82381250 0000000000000000
       Call Trace:
        [<ffffffff81a44e7f>] dump_stack+0x4c/0x65
        [<ffffffff810790da>] warn_slowpath_common+0x9c/0xb6
        [<ffffffff814e725b>] ? __list_del_entry+0x5a/0x98
        [<ffffffff81079162>] warn_slowpath_fmt+0x46/0x48
        [<ffffffff81820eb0>] ? dev_graft_qdisc+0x5e/0x6a
        [<ffffffff814e725b>] __list_del_entry+0x5a/0x98
        [<ffffffff814e72a7>] list_del+0xe/0x2d
        [<ffffffff81822f05>] qdisc_list_del+0x1e/0x20
        [<ffffffff81820cd1>] qdisc_destroy+0x30/0xd6
        [<ffffffff81822676>] qdisc_graft+0x11d/0x243
        [<ffffffff818233c1>] tc_get_qdisc+0x1a6/0x1d4
        [<ffffffff810b5eaf>] ? mark_lock+0x2e/0x226
        [<ffffffff817ff8f5>] rtnetlink_rcv_msg+0x181/0x194
        [<ffffffff817ff72e>] ? rtnl_lock+0x17/0x19
        [<ffffffff817ff72e>] ? rtnl_lock+0x17/0x19
        [<ffffffff817ff774>] ? __rtnl_unlock+0x17/0x17
        [<ffffffff81855dc6>] netlink_rcv_skb+0x4d/0x93
        [<ffffffff817ff756>] rtnetlink_rcv+0x26/0x2d
        [<ffffffff818544b2>] netlink_unicast+0xcb/0x150
        [<ffffffff81161db9>] ? might_fault+0x59/0xa9
        [<ffffffff81854f78>] netlink_sendmsg+0x4fa/0x51c
        [<ffffffff817d6e09>] sock_sendmsg_nosec+0x12/0x1d
        [<ffffffff817d8967>] sock_sendmsg+0x29/0x2e
        [<ffffffff817d8cf3>] ___sys_sendmsg+0x1b4/0x23a
        [<ffffffff8100a1b8>] ? native_sched_clock+0x35/0x37
        [<ffffffff810a1d83>] ? sched_clock_local+0x12/0x72
        [<ffffffff810a1fd4>] ? sched_clock_cpu+0x9e/0xb7
        [<ffffffff810def2a>] ? current_kernel_time+0xe/0x32
        [<ffffffff810b4bc5>] ? lock_release_holdtime.part.29+0x71/0x7f
        [<ffffffff810ddebf>] ? read_seqcount_begin.constprop.27+0x5f/0x76
        [<ffffffff810b6292>] ? trace_hardirqs_on_caller+0x17d/0x199
        [<ffffffff811b14d5>] ? __fget_light+0x50/0x78
        [<ffffffff817d9808>] __sys_sendmsg+0x42/0x60
        [<ffffffff817d9838>] SyS_sendmsg+0x12/0x1c
        [<ffffffff81a50e97>] system_call_fastpath+0x12/0x6f
       ---[ end trace ef29d3fb28e97ae7 ]---
      
      For long term, we probably need to clean up the qdisc_graft() code
      in case it hides other bugs like this.
      
      Fixes: 95dc1929 ("pkt_sched: give visibility to mq slave qdiscs")
      Cc: Jamal Hadi Salim <jhs@mojatatu.com>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      86e363dc
    • David Vrabel's avatar
      xen-netfront: properly destroy queues when removing device · ad068118
      David Vrabel authored
      xennet_remove() freed the queues before freeing the netdevice which
      results in a use-after-free when free_netdev() tries to delete the
      napi instances that have already been freed.
      
      Fix this by fully destroy the queues (which includes deleting the napi
      instances) before freeing the netdevice.
      Signed-off-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
      Reviewed-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ad068118
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7ffb9e11
      Linus Torvalds authored
      Pull x86 fixes from Ingo Molnar:
       "This tree includes:
      
         - a fix that disables the compacted FPU XSAVE format by disabling
           XSAVES support: the fixes are too complex and the breakages
           ABI-affecting, so we want this to be quirked off in a robust way
           and backported, to make sure no broken kernel is exposed to the new
           hardware (which exposure is still very limited).
      
         - an MCE printk message fix
      
         - a documentation fix"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/fpu: Disable XSAVES* support for now
        x86/Documentation: Update the contact email for L3 cache index disable functionality
        x86/mce: Fix MCE severity messages
      7ffb9e11
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha · 70d7d88f
      Linus Torvalds authored
      Pull alpha updates from Matt Turner:
       "Please pull a small collection of patches that I've been neglecting.
      
        Probably most importantly are the patches that wire up the new
        syscalls needed by udev and the fix to the bootp{,z}file targets"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha:
        alpha: kernel: osf_sys: Set 'kts.tv_nsec' only when 'tv' has effect
        alpha: Wire up all missing implemented syscalls
        alpha: Fix bootpfile and bootpzfile make targets
        alpha: copy_thread(): rename 'arg' argument to 'kthread_arg'
        alpha: delete non-required instances of <linux/init.h>
        alpha: don't use module_init for non-modular core code
        smp, alpha: kill SMP single function call interrupt
        alpha: Remove #include <uapi/asm/types.h> from <asm/types.h>
        alpha: clean up unnecessary MSI/MSI-X capability find
      70d7d88f
    • Benjamin Poirier's avatar
      mlx4_core: Fix fallback from MSI-X to INTx · f4ecf29f
      Benjamin Poirier authored
      The test in mlx4_load_one() to remove MLX4_FLAG_MSI_X expects mlx4_NOP() to
      fail with -EBUSY. It is also necessary to avoid the reset since the device
      is not fully reinitialized before calling mlx4_start_hca() a second time.
      
      Note that this will also affect mlx4_test_interrupts(), the only other user
      of MLX4_CMD_NOP.
      
      Fixes: f5aef5aa ("net/mlx4_core: Activate reset flow upon fatal command cases")
      Signed-off-by: default avatarBenjamin Poirier <bpoirier@suse.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f4ecf29f
    • Rusty Russell's avatar
      lguest: fix out-by-one error in address checking. · 83a35114
      Rusty Russell authored
      This bug has been there since day 1; addresses in the top guest physical
      page weren't considered valid.  You could map that page (the check in
      check_gpte() is correct), but if a guest tried to put a pagetable there
      we'd check that address manually when walking it, and kill the guest.
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Cc: stable@kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      83a35114
    • Ross Lagerwall's avatar
      xen/netback: Properly initialize credit_bytes · ce0e5c52
      Ross Lagerwall authored
      Commit e9ce7cb6 ("xen-netback: Factor queue-specific data into queue
      struct") introduced a regression when moving queue-specific data into
      the queue struct by failing to set the credit_bytes field. This
      prevented bandwidth limiting from working. Initialize the field as it
      was done before multiqueue support was added.
      Signed-off-by: default avatarRoss Lagerwall <ross.lagerwall@citrix.com>
      Acked-by: default avatarWei Liu <wei.liu2@citrix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ce0e5c52
    • Linus Torvalds's avatar
      Merge branch 'overlayfs-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs · 3cfd4ba7
      Linus Torvalds authored
      Pull two overlayfs fixes from Miklos Szeredi:
       "Overlayfs rmdir() failed to check for emptiness in one case; this was
        introduced in 4.0.  The other bug was there since day one: failure to
        mount if upper fs is full, which bit some OpenWRT folks"
      
      * 'overlayfs-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
        ovl: mount read-only if workdir can't be created
        ovl: don't remove non-empty opaque directory
      3cfd4ba7
    • Linus Torvalds's avatar
      Merge tag 'mfd-fixes-4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd · 1b887bf3
      Linus Torvalds authored
      Pull an MFD fix from Lee Jones:
       "One simple fix to repair broken regulator probe() in DA9052"
      
      * tag 'mfd-fixes-4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd:
        mfd: da9052: Fix broken regulator probe
      1b887bf3
    • Linus Torvalds's avatar
      Merge tag 'backlight-fixes-4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight · 30a7266f
      Linus Torvalds authored
      Pull backlight fix from Lee Jones:
       "One simple fix to correctly handle -EPROBE_DEFER"
      
      * tag 'backlight-fixes-4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight:
        backlight: pwm: Handle EPROBE_DEFER while requesting the PWM
      30a7266f
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · c09b5cbd
      Linus Torvalds authored
      Pull crypto fix from Herbert Xu:
       "This disables the newly (4.1) added user-space AEAD interface so that
        we can fix issues in the underlying kernel AEAD interface.  Once the
        new kernel AEAD interface is ready we can then reenable the user-space
        AEAD interface"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: algif_aead - Disable AEAD user-space for now
      c09b5cbd
    • Johan Hovold's avatar
      mfd: da9052: Fix broken regulator probe · e0c21530
      Johan Hovold authored
      Fix broken probe of da9052 regulators, which since commit b3f6c73d
      ("mfd: da9052-core: Fix platform-device id collision") use a
      non-deterministic platform-device id to retrieve static regulator
      information. Fortunately, adequate error handling was in place so probe
      would simply fail with an error message.
      
      Update the mfd-cell ids to be zero-based and use those to identify the
      cells when probing the regulator devices.
      
      Fixes: b3f6c73d ("mfd: da9052-core: Fix platform-device id collision")
      Cc: stable <stable@vger.kernel.org>	# v3.19
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Acked-by: default avatarBartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
      Reviewed-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarLee Jones <lee.jones@linaro.org>
      e0c21530
    • Vladimir Zapolskiy's avatar
      net: netxen: correct sysfs bin attribute return code · 748a7295
      Vladimir Zapolskiy authored
      If read() syscall requests unexpected number of bytes from "dimm" binary
      attribute file, return EINVAL instead of EPERM.
      
      At the same time pin down sysfs file size to the fixed
      sizeof(struct netxen_dimm_cfg), which allows to exploit some missing
      sanity checks from kernfs (file boundary checks vs offset etc.)
      Signed-off-by: default avatarVladimir Zapolskiy <vz@mleia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      748a7295
    • Daniel Borkmann's avatar
      tools: bpf_jit_disasm: fix segfault on disabled debugging log output · 082739aa
      Daniel Borkmann authored
      With recent debugging, I noticed that bpf_jit_disasm segfaults when
      there's no debugging output from the JIT compiler to the kernel log.
      
      Reason is that when regexec(3) doesn't match on anything, start/end
      offsets are not being filled out and contain some uninitialized garbage
      from stack. Thus, we need zero out offsets first.
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      082739aa
    • Mark Salyzyn's avatar
      unix/caif: sk_socket can disappear when state is unlocked · b48732e4
      Mark Salyzyn authored
      got a rare NULL pointer dereference in clear_bit
      Signed-off-by: default avatarMark Salyzyn <salyzyn@android.com>
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      ----
      v2: switch to sock_flag(sk, SOCK_DEAD) and added net/caif/caif_socket.c
      v3: return -ECONNRESET in upstream caller of wait function for SOCK_DEAD
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b48732e4
  6. 26 May, 2015 6 commits