- 08 Jul, 2016 12 commits
-
-
Yvain THONNART authored
With current btusb.ko kernel module, Bluetooth pretends to be active but there is no real activity. I'm using an Acer Aspire VN7-791. Output of lsusb: Bus 003 Device 007: ID 0489:e092 Foxconn / Hon Hai On my laptop, this device is actually used as a combo with wifi chipset Atheros Qualcomm Killer N1525 Wireless-AC [168c:003e], * Fix by adding a declaration in kernel sources drivers/bluetooth/btusb.c { USB_DEVICE(0x0489, 0xe092), .driver_info = BTUSB_QCA_ROME }, * Compiled extra module /lib/modules/4.4.0-22-generic/extra/btusb.ko * Successfully tested against my phone (obex file transfer) Signed-off-by:Yvain THONNART <yvain.thonnart@m4x.org> Signed-off-by:
Marcel Holtmann <marcel@holtmann.org>
-
Ricky Liang authored
Kasan reported slab-out-of-bounds access in btmrvl_sdio: [ 33.055400] ================================================================== [ 33.062585] BUG: KASAN: slab-out-of-bounds in memcpy+0x24/0x50 at addr ffffffc0d89b4a00 [ 33.070529] Read of size 256 by task btmrvl_main_ser/3576 [ 33.075885] ============================================================================= [ 33.084002] BUG kmalloc-256 (Tainted: G B ): kasan: bad access detected [ 33.091511] ----------------------------------------------------------------------------- <snip...> [ 33.413498] Call trace: [ 33.415928] [<ffffffc00020a440>] dump_backtrace+0x0/0x190 [ 33.421288] [<ffffffc00020a5ec>] show_stack+0x1c/0x28 [ 33.426305] [<ffffffc000b3288c>] dump_stack+0xa0/0xf8 [ 33.431320] [<ffffffc000396130>] print_trailer+0x158/0x16c [ 33.436765] [<ffffffc0003962cc>] object_err+0x48/0x5c [ 33.441780] [<ffffffc00039be24>] kasan_report+0x344/0x510 [ 33.447141] [<ffffffc00039afd8>] __asan_loadN+0x20/0x150 [ 33.452413] [<ffffffc00039b60c>] memcpy+0x20/0x50 [ 33.457084] [<ffffffc000595fcc>] swiotlb_tbl_map_single+0x2ec/0x310 [ 33.463305] [<ffffffc000596b54>] map_single+0x24/0x30 [ 33.468320] [<ffffffc0005970c8>] swiotlb_map_sg_attrs+0xec/0x21c [ 33.474286] [<ffffffc000219d4c>] __swiotlb_map_sg_attrs+0x48/0xec [ 33.480339] [<ffffffc0008ea610>] msdc_prepare_data.isra.11+0xf0/0x11c [ 33.486733] [<ffffffc0008ecbd0>] msdc_ops_request+0x74/0xf0 [ 33.492266] [<ffffffc0008c6b38>] __mmc_start_request+0x78/0x8c [ 33.498057] [<ffffffc0008c6d6c>] mmc_start_request+0x220/0x240 [ 33.503848] [<ffffffc0008c6e04>] mmc_wait_for_req+0x78/0x250 [ 33.509468] [<ffffffc0008d70fc>] mmc_io_rw_extended+0x2ec/0x388 [ 33.515347] [<ffffffc0008d8fc0>] sdio_io_rw_ext_helper+0x160/0x268 [ 33.521483] [<ffffffc0008d93fc>] sdio_writesb+0x40/0x50 [ 33.526677] [<ffffffbffc338b38>] btmrvl_sdio_host_to_card+0x124/0x1bc [btmrvl_sdio] [ 33.534283] [<ffffffbffc3290a0>] btmrvl_service_main_thread+0x384/0x428 [btmrvl] [ 33.541626] [<ffffffc0002518e8>] kthread+0x140/0x158 [ 33.546550] Memory state around the buggy address: [ 33.551305] ffffffc0d89b4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.558474] ffffffc0d89b4a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.565643] >ffffffc0d89b4a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.572809] ^ [ 33.579889] ffffffc0d89b4b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.587055] ffffffc0d89b4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.594221] ================================================================== The cause of this is that btmrvl_sdio_host_to_card can access memory region out of its allocated space due to: 1. the requested block size is smaller than SDIO_BLOCK_SIZE, and/or 2. the allocated memory is not BTSDIO_DMA_ALIGN-aligned. This patch fixes the issue by allocating a buffer which is big enough for SDIO_BLOCK_SIZE transfer and/or BTSDIO_DMA_ALIGN address relocation. Signed-off-by:
Ricky Liang <jcliang@chromium.org> Signed-off-by:
-
Tedd Ho-Jeong An authored
The format of Intel Bluetooth firmware filename for bootloader product is ibt-<hw_variant>-<device_revision_id>.sfi Currently the driver uses a constant value 11 (0x0b) for hw_variant to support LnP/SfP product. But new product like WsP product has a different value such as 12 (0x0c). To support the multiple products, this patch replaces the constant value of hw_variant to the actual hw_variant value read from the device. Signed-off-by:
Tedd Ho-Jeong An <tedd.an@intel.com> Signed-off-by:
-
Denis Kenzior authored
If recvmsg is called with a destination buffer that is too small to receive the contents of skb in its entirety, the return value from recvmsg was inconsistent with common SOCK_SEQPACKET or SOCK_DGRAM semantics. If destination buffer provided by userspace is too small (e.g. len < copied), then MSG_TRUNC flag is set and copied is returned. Instead, it should return the length of the message, which is consistent with how other datagram based sockets act. Quoting 'man recv': "All three calls return the length of the message on successful comple‐ tion. If a message is too long to fit in the supplied buffer, excess bytes may be discarded depending on the type of socket the message is received from." and "MSG_TRUNC (since Linux 2.2) For raw (AF_PACKET), Internet datagram (since Linux 2.4.27/2.6.8), netlink (since Linux 2.6.22), and UNIX datagram (since Linux 3.4) sockets: return the real length of the packet or datagram, even when it was longer than the passed buffer." Signed-off-by:Denis Kenzior <denkenz@gmail.com> Signed-off-by:
-
Denis Kenzior authored
If recvmsg is called with a destination buffer that is too small to receive the contents of skb in its entirety, the return value from recvmsg was inconsistent with common SOCK_SEQPACKET or SOCK_DGRAM semantics. If destination buffer provided by userspace is too small (e.g. len < copied), then MSG_TRUNC flag is set and copied is returned. Instead, it should return the length of the message, which is consistent with how other datagram based sockets act. Quoting 'man recv': "All three calls return the length of the message on successful comple‐ tion. If a message is too long to fit in the supplied buffer, excess bytes may be discarded depending on the type of socket the message is received from." and "MSG_TRUNC (since Linux 2.2) For raw (AF_PACKET), Internet datagram (since Linux 2.4.27/2.6.8), netlink (since Linux 2.6.22), and UNIX datagram (since Linux 3.4) sockets: return the real length of the packet or datagram, even when it was longer than the passed buffer." Signed-off-by: -
Alexander Aring authored
This patch reverts commit f9d1ce8f ("ieee802154: fix netns settings"). The lowpan interface need to be created inside the net namespace where the wpan interface is available. The wpan namespace can be changed only by nl802154 before. Without this patch it's not possible to create a lowpan interface for a wpan interface which isn't inside init_net namespace. Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com> Reviewed-by:
Stefan Schmidt <stefan@osg.samsung.com> Signed-off-by:
Alexander Aring <aar@pengutronix.de> Signed-off-by:
-
Alexander Aring authored
This patch adds netns support for 802.15.4 subsystem. Most parts are copy&pasted from wireless subsystem, it has the identically userspace API. Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com> Reviewed-by:
-
Alexander Aring authored
The PAD define should be above the experimental support. We don't care about if we break userspace in experimental stuff but PAD is part of the existing UAPI. Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com> Acked-by:
Nicolas Dichtel <nicolas.dichtel@6wind.com> Reviewed-by: Stefan Schmidt<stefan@osg.samsung.com> Signed-off-by:
-
Tedd Ho-Jeong An authored
This patch adds support for Intel Bluetooth device 3168 also known as Sandy Peak (SdP). T: Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 4 Spd=12 MxCh= 0 D: Ver= 2.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=8087 ProdID=0aa7 Rev= 0.01 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 64 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Signed-off-by:
-
Alexander Aring authored
This patch adds a missing check to handle short address parsing for 802.15.4 6LoWPAN only. Signed-off-by:
-
Alexander Aring authored
This patch removes a double unlock case to accessing neighbour private data. Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
Andy Lutomirski authored
SMP does ECB crypto on stack buffers. This is complicated and fragile, and it will not work if the stack is virtually allocated. Switch to the crypto_cipher interface, which is simpler and safer. Signed-off-by:
Andy Lutomirski <luto@kernel.org> Acked-by:
Herbert Xu <herbert@gondor.apana.org.au> Acked-by:
Johan Hedberg <johan.hedberg@intel.com> Tested-by:
-
- 07 Jul, 2016 2 commits
-
-
David S. Miller authored
Merge tag 'mac80211-next-for-davem-2016-07-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next Johannes Berg says: ==================== One more set of new features: * beacon report (for radio measurement) support in cfg80211/mac80211 * hwsim: allow wmediumd in namespaces * mac80211: extend 160MHz workaround to CSA IEs * mesh: properly encrypt group-addressed privacy action frames * mesh: allow setting peer AID * first steps for MU-MIMO monitor mode * along with various other cleanups and improvements ==================== Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Wei Yongjun authored
Remove .owner field since calls to module_platform_driver() will set it automatically. Signed-off-by:
Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by:
-
- 06 Jul, 2016 14 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller authored
Conflicts: drivers/net/ethernet/mellanox/mlx5/core/en.h drivers/net/ethernet/mellanox/mlx5/core/en_main.c drivers/net/usb/r8152.c All three conflicts were overlapping changes. Signed-off-by: -
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) All users of AF_PACKET's fanout feature want a symmetric packet header hash for load balancing purposes, so give it to them. 2) Fix vlan state synchronization in e1000e, from Jarod Wilson. 3) Use correct socket pointer in ip_skb_dst_mtu(), from Shmulik Ladkani. 4) mlx5 bug fixes from Mohamad Haj Yahia, Daniel Jurgens, Matthew Finlay, Rana Shahout, and Shaker Daibes. Mostly to do with operation timeouts and PCI error handling. 5) Fix checksum handling in mirred packet action, from WANG Cong. 6) Set skb->dev correctly when transmitting in !protect_frames case of macsec driver, from Daniel Borkmann. 7) Fix MTU calculation in geneve driver, from Haishuang Yan. 8) Missing netif_napi_del() in unregister path of qeth driver, from Ursula Braun. 9) Handle malformed route netlink messages in decnet properly, from Vergard Nossum. 10) Memory leak of percpu data in ipv6 routing code, from Martin KaFai Lau. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (41 commits) ipv6: Fix mem leak in rt6i_pcpu net: fix decnet rtnexthop parsing cxgb4: update latest firmware version supported net/mlx5: Avoid setting unused var when modifying vport node GUID bonding: fix enslavement slave link notifications r8152: fix runtime function for RTL8152 qeth: delete napi struct when removing a qeth device Revert "fsl/fman: fix error handling" fsl/fman: fix error handling cdc_ncm: workaround for EM7455 "silent" data interface RDS: fix rds_tcp_init() error path geneve: fix max_mtu setting net: phy: dp83867: Fix initialization of PHYCR register enc28j60: Fix race condition in enc28j60 driver net: stmmac: Fix null-function call in ISR on stmmac1000 tipc: fix nl compat regression for link statistics net: bcmsysport: Device stats are unsigned long macsec: set actual real device for xmit when !protect_frames net_sched: fix mirrored packets checksum packet: Use symmetric hash for PACKET_FANOUT_HASH. ... -
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller authored
Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains Netfilter updates for net-next, they are: 1) Don't use userspace datatypes in bridge netfilter code, from Tobin Harding. 2) Iterate only once over the expectation table when removing the helper module, instead of once per-netns, from Florian Westphal. 3) Extra sanitization in xt_hook_ops_alloc() to return error in case we ever pass zero hooks, xt_hook_ops_alloc(): 4) Handle NFPROTO_INET from the logging core infrastructure, from Liping Zhang. 5) Autoload loggers when TRACE target is used from rules, this doesn't change the behaviour in case the user already selected nfnetlink_log as preferred way to print tracing logs, also from Liping Zhang. 6) Conntrack slabs with SLAB_HWCACHE_ALIGN to allow rearranging fields by cache lines, increases the size of entries in 11% per entry. From Florian Westphal. 7) Skip zone comparison if CONFIG_NF_CONNTRACK_ZONES=n, from Florian. 8) Remove useless defensive check in nf_logger_find_get() from Shivani Bhardwaj. 9) Remove zone extension as place it in the conntrack object, this is always include in the hashing and we expect more intensive use of zones since containers are in place. Also from Florian Westphal. 10) Owner match now works from any namespace, from Eric Bierdeman. 11) Make sure we only reply with TCP reset to TCP traffic from nf_reject_ipv4, patch from Liping Zhang. 12) Introduce --nflog-size to indicate amount of network packet bytes that are copied to userspace via log message, from Vishwanath Pai. This obsoletes --nflog-range that has never worked, it was designed to achieve this but it has never worked. 13) Introduce generic macros for nf_tables object generation masks. 14) Use generation mask in table, chain and set objects in nf_tables. This allows fixes interferences with ongoing preparation phase of the commit protocol and object listings going on at the same time. This update is introduced in three patches, one per object. 15) Check if the object is active in the next generation for element deactivation in the rbtree implementation, given that deactivation happens from the commit phase path we have to observe the future status of the object. 16) Support for deletion of just added elements in the hash set type. 17) Allow to resize hashtable from /proc entry, not only from the obscure /sys entry that maps to the module parameter, from Florian Westphal. 18) Get rid of NFT_BASECHAIN_DISABLED, this code is not exercised anymore since we tear down the ruleset whenever the netdevice goes away. 19) Support for matching inverted set lookups, from Arturo Borrero. 20) Simplify the iptables_mangle_hook() by removing a superfluous extra branch. 21) Introduce ether_addr_equal_masked() and use it from the netfilter codebase, from Joe Perches. 22) Remove references to "Use netfilter MARK value as routing key" from the Netfilter Kconfig description given that this toggle doesn't exists already for 10 years, from Moritz Sichert. 23) Introduce generic NF_INVF() and use it from the xtables codebase, from Joe Perches. 24) Setting logger to NONE via /proc was not working unless explicit nul-termination was included in the string. This fixes seems to leave the former behaviour there, so we don't break backward. ==================== Signed-off-by: -
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/soundLinus Torvalds authored
Pull sound fixes from Takashi Iwai: "Here are a collection of small fixes: at this time, we've got a slightly high amount, but all small and trivial fixes, and nothing scary can be seen there" * tag 'sound-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (21 commits) ALSA: hda/realtek: Add Lenovo L460 to docking unit fixup ALSA: timer: Fix negative queue usage by racy accesses ASoC: rt5645: fix reg-2f default value. ASoC: fsl_ssi: Fix number of words per frame for I2S-slave mode ALSA: au88x0: Fix calculation in vortex_wtdma_bufshift() ALSA: hda - Add PCI ID for Kabylake-H ALSA: echoaudio: Fix memory allocation ASoC: Intel: atom: fix missing breaks that would cause the wrong operation to execute ALSA: hda - fix read before array start ASoC: cx20442: set tty->receiver_room in v253_open ASoC: ak4613: Enable cache usage to fix crashes on resume ASoC: wm8940: Enable cache usage to fix crashes on resume ASoC: Intel: Skylake: Initialize module list for Broxton ASoC: wm5102: Correct supported channels on trace compressed DAI ASoC: wm5110: Add missing route from OUT3R to SYSCLK ASoC: rt5670: fix HP Playback Volume control ASoC: hdmi-codec: select CONFIG_HDMI ASoC: davinci-mcasp: Fix dra7 DMA offset when using CFG port ASoC: hdac_hdmi: Fix potential NULL dereference ASoC: ak4613: Remove owner assignment from platform_driver ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/olof/chrome-platformLinus Torvalds authored
Pull chrome platform fix from Olof Johansson: "A single fix this time, closing a window where ioctl args are fetched twice" * tag 'chrome-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/olof/chrome-platform: platform/chrome: cros_ec_dev - double fetch bug in ioctl
-
Masashi Honma authored
Previously, mesh power management functionality works only with kernel MPM. Because user space MPM did not report mesh peer AID to kernel, the kernel could not identify the bit in TIM element. So this patch adds mesh peer AID setting API. Signed-off-by:
Masashi Honma <masashi.honma@gmail.com> Signed-off-by:
Johannes Berg <johannes.berg@intel.com>
-
Johannes Berg authored
Continuing the workaround implemented in commit 23665aaf ("mac80211: Interoperability workaround for 80+80 and 160 MHz channels") use the same code to parse the Wide Bandwidth Channel Switch element by converting to VHT Operation element since the spec also just refers to that for parsing semantics, particularly with the workaround. While at it, remove some dead code - the IEEE80211_STA_DISABLE_40MHZ flag can never be set at this point since it's checked earlier and the wide_bw_chansw_ie pointer is set to NULL if it's set. Signed-off-by:
-
Johannes Berg authored
Rather than reporting the scan as having completed, report it as being aborted. Signed-off-by: -
Avraham Stern authored
Add the following to support beacon report radio measurement with the measurement mode field set to passive or active: 1. Propagate the required scan duration to the device 2. Report the scan start time (in terms of TSF) 3. Report each BSS's detection time (also in terms of TSF) TSF times refer to the BSS that the interface that requested the scan is connected to. Signed-off-by:
Assaf Krauss <assaf.krauss@intel.com> Signed-off-by:
Avraham Stern <avraham.stern@intel.com> [changed ath9k/10k, at76c59x-usb, iwlegacy, wl1251 and wlcore to match the new API] Signed-off-by:
Luca Coelho <luciano.coelho@intel.com> Signed-off-by:
-
Avraham Stern authored
Beacon report radio measurement requires reporting observed BSSs on the channels specified in the beacon request. If the measurement mode is set to passive or active, it requires actually performing a scan (passive or active, accordingly), and reporting the time that the scan was started and the time each beacon/probe was received (both in terms of TSF of the BSS of the requesting AP). If the request mode is table, this information is optional. In addition, the radio measurement request specifies the channel dwell time for the measurement. In order to use scan for beacon report when the mode is active or passive, add a parameter to scan request that specifies the channel dwell time, and add scan start time and beacon received time to scan results information. Supporting beacon report is required for Multi Band Operation (MBO). Signed-off-by:
David Spinadel <david.spinadel@intel.com> Signed-off-by:
-
Johannes Berg authored
The API expects a pointer to a signed int so we should not use an unsigned int for it. Signed-off-by: -
Ilan Peer authored
Add radar_detect_widths to the interface combination that allows concurrent P2P Device dedicated interface and AP interfaces, to enable testing of radar detection when P2P Device interface is used. Clear the radar_detect_widths in case of multi channel contexts as this is not currently supported. As radar_detect_widths are now supported in all combinations, remove the hwsim_if_dfs_limits definition since it is no longer needed. Signed-off-by:
Ilan Peer <ilan.peer@intel.com> Signed-off-by:
-
Aviya Erenfeld authored
add API to support VHT MU-MIMO air sniffer. in MU-MIMO there are parallel frames on the air while the HW has only one RX. add the capability to sniff one of the MU-MIMO parallel frames by giving the sniffer additional information so it'll know which of the parallel frames it shall follow. Add attribute - NL80211_ATTR_MU_MIMO_GROUP_DATA - for getting a MU-MIMO groupID in order to monitor packets from that group using VHT MU-MIMO. And add attribute -NL80211_ATTR_MU_MIMO_FOLLOW_ADDR - for passing MAC address to monitor mode. that option will be used by VHT MU-MIMO air sniffer to follow a station according to it's MAC address using VHT MU-MIMO. Signed-off-by:
Aviya Erenfeld <aviya.erenfeld@intel.com> Signed-off-by:
-
Johannes Berg authored
The current implementation of handling ADDBA Request while a session is already active with the peer is wrong - in case the peer is using the existing session's dialog token this should be treated as update to the session, which can update the timeout value. We don't really have a good way of supporting that, so reject, but implement the required behaviour in the spec of "Even if the updated ADDBA Request frame is not accepted, the original Block ACK setup remains active." (802.11-2012 10.5.4) Signed-off-by:
-
- 05 Jul, 2016 12 commits
-
-
Martin KaFai Lau authored
It was first reported and reproduced by Petr (thanks!) in https://bugzilla.kernel.org/show_bug.cgi?id=119581 free_percpu(rt->rt6i_pcpu) used to always happen in ip6_dst_destroy(). However, after fixing a deadlock bug in commit 9c7370a1 ("ipv6: Fix a potential deadlock when creating pcpu rt"), free_percpu() is not called before setting non_pcpu_rt->rt6i_pcpu to NULL. It is worth to note that rt6i_pcpu is protected by table->tb6_lock. kmemleak somehow did not report it. We nailed it down by observing the pcpu entries in /proc/vmallocinfo (first suggested by Hannes, thanks!). Signed-off-by:
Martin KaFai Lau <kafai@fb.com> Fixes: 9c7370a1 ("ipv6: Fix a potential deadlock when creating pcpu rt") Reported-by:
Petr Novopashenniy <pety@rusnet.ru> Tested-by:
Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: Petr Novopashenniy <pety@rusnet.ru> Signed-off-by:
-
Vegard Nossum authored
dn_fib_count_nhs() could enter an infinite loop if nhp->rtnh_len == 0 (i.e. if userspace passes a malformed netlink message). Let's use the helpers from net/nexthop.h which take care of all this stuff. We can do exactly the same as e.g. fib_count_nexthops() and fib_get_nhs() from net/ipv4/fib_semantics.c. This fixes the softlockup for me. Cc: Thomas Graf <tgraf@suug.ch> Signed-off-by:
Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by:
-
Dan Carpenter authored
We verify "u_cmd.outsize" and "u_cmd.insize" but we need to make sure that those values have not changed between the two copy_from_user() calls. Otherwise it could lead to a buffer overflow. Additionally, cros_ec_cmd_xfer() can set s_cmd->insize to a lower value. We should use the new smaller value so we don't copy too much data to the user. Reported-by:
Pengfei Wang <wpengfeinudt@gmail.com> Fixes: a8411784 ('mfd: cros_ec: Use a zero-length array for command data') Signed-off-by:
Kees Cook <keescook@chromium.org> Tested-by:
Gwendal Grignou <gwendal@chromium.org> Cc: <stable@vger.kernel.org> # v4.2+ Signed-off-by:
Olof Johansson <olof@lixom.net>
-
Ganesh Goudar authored
Change t4fw_version.h to update latest firmware version number Signed-off-by:
Ganesh Goudar <ganeshgr@chelsio.com> Signed-off-by:
-
Or Gerlitz authored
GCC complains on unused-but-set-variable, clean this up. Fixes: 23898c76 ('net/mlx5: E-Switch, Modify node guid on vf set MAC') Signed-off-by:
Or Gerlitz <ogerlitz@mellanox.com> Acked-by:
Saeed Mahameed <saeedm@mellanox.com> Signed-off-by:
-
Aviv Heller authored
Currently, link notifications are not sent by bond_set_slave_link_state() upon enslavement if the slave is enslaved when up. This happens because slave->link default init value is 0, which is the same as BOND_LINK_UP, resulting in bond_set_slave_link_state() ignoring this transition. This patch sets the default value of slave->link to BOND_LINK_NOCHANGE, assuring it will count as a state transition and thus trigger notification logic. Signed-off-by:
Aviv Heller <avivh@mellanox.com> Reviewed-by:
Jiri Pirko <jiri@mellanox.com> Signed-off-by:
-
David Ahern authored
Add support for PREROUTING rules with skb->dev set to the vrf device. INPUT rules are already allowed. Provides symmetry with the output path which allows POSTROUTING rules. Signed-off-by:
David Ahern <dsa@cumulusnetworks.com> Signed-off-by:
-
Paul Gortmaker authored
The Kconfig controlling build of this code is currently: drivers/connector/Kconfig:config PROC_EVENTS drivers/connector/Kconfig: bool "Report process events to userspace" ...meaning that it currently is not being built as a module by anyone. Lets remove the two modular references, so that when reading the driver there is no doubt it is builtin-only. Since module_init translates to device_initcall in the non-modular case, the init ordering remains unchanged with this commit. Cc: Evgeniy Polyakov <zbr@ioremap.net> Cc: netdev@vger.kernel.org Signed-off-by:
Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by:
-
hayeswang authored
The RTL8152 doesn't have U1U2 and U2P3 features, so use different runtime functions for RTL812 and RTL8153 by adding autosuspend_en() to rtl_ops. Signed-off-by:
Hayes Wang <hayeswang@realtek.com> Signed-off-by:
-
Wei Yongjun authored
In case of error, function devm_ioremap_resource() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Signed-off-by:
-
David S. Miller authored
Jiri Pirko says: ==================== mlxsw: Implement IPV4 unicast routing This patchset enables IPv4 unicast routing in the Mellanox Spectrum ASIC switch driver. This builds upon the work that was done by a couple of previous patchsets. Patches 1,2,6 add a couple of dependencies outside the driver. Namely, the ability to propagate ndo_neigh_construct()/destroy() through stacked devices and a notification whenever DELAY_PROBE_TIME changes. When propagated down, the ndos allow drivers to add and remove neighbour entries from their private neighbour table. The DELAY_PROBE_TIME notification gives drivers the ability to correctly configure their polling interval for neighbour activity, so that active neighbour won't be marked as STALE. Patches 3-5,7-8 add the neighbour offloading infrastructure, where patch 7 uses the DELAY_PROBE_TIME notification in order to correctly configure the device's polling interval. Patch 8 finally programs neighbours to the device's table based on NEIGH_UPDATE notifications, so that directly connected routes can be used. Patches 9-16 build upon the previous patches and extend the router with remote routes (nexthop) support. ==================== Signed-off-by: -
Yotam Gigi authored
Now, the driver sends arp probes for all unresolved neighbours that are currently a nexthop for some route on the system. The job is set periodically every 5 seconds. Signed-off-by:
Yotam Gigi <yotamg@mellanox.com> Signed-off-by:
Ido Schimmel <idosch@mellanox.com> Signed-off-by:
-
