1. 01 Oct, 2017 4 commits
  2. 30 Sep, 2017 1 commit
    • Jason A. Donenfeld's avatar
      netlink: do not proceed if dump's start() errs · fef0035c
      Jason A. Donenfeld authored
      Drivers that use the start method for netlink dumping rely on dumpit not
      being called if start fails. For example, ila_xlat.c allocates memory
      and assigns it to cb->args[0] in its start() function. It might fail to
      do that and return -ENOMEM instead. However, even when returning an
      error, dumpit will be called, which, in the example above, quickly
      dereferences the memory in cb->args[0], which will OOPS the kernel. This
      is but one example of how this goes wrong.
      
      Since start() has always been a function with an int return type, it
      therefore makes sense to use it properly, rather than ignoring it. This
      patch thus returns early and does not call dumpit() when start() fails.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Reviewed-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fef0035c
  3. 29 Sep, 2017 1 commit
  4. 28 Sep, 2017 25 commits
  5. 27 Sep, 2017 2 commits
    • Dan Carpenter's avatar
      sctp: Fix a big endian bug in sctp_diag_dump() · c2cc187e
      Dan Carpenter authored
      The sctp_for_each_transport() function takes an pointer to int.  The
      cb->args[] array holds longs so it's only using the high 32 bits.  It
      works on little endian system but will break on big endian 64 bit
      machines.
      
      Fixes: d25adbeb ("sctp: fix an use-after-free issue in sctp_sock_dump")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Reviewed-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c2cc187e
    • David S. Miller's avatar
      Merge tag 'wireless-drivers-for-davem-2017-09-25' of... · 20c62c79
      David S. Miller authored
      Merge tag 'wireless-drivers-for-davem-2017-09-25' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
      
      Kalle Valo says:
      
      ====================
      wireless-drivers fixes for 4.14
      
      Quite a lot of fixes this time. Most notable is the brcmfmac fix for a
      CVE issue.
      
      iwlwifi
      
      * a couple of bugzilla bugs related to multicast handling
      
      * two fixes for WoWLAN bugs that were causing queue hangs and
        re-initialization problems
      
      * two fixes for potential uninitialized variable use reported by Dan
        Carpenter in relation to a recently introduced patch
      
      * a fix for buffer reordering in the newly supported 9000 device
        family
      
      * fix a race when starting aggregation
      
      * small fix for a recent patch to wake mac80211 queues
      
      * send non-bufferable management frames in the generic queue so they
        are not sent on queues that are under power-save
      
      ath10k
      
      * fix a PCI PM related gcc warning
      
      brcmfmac
      
      * CVE-2017-0786: add length check scan results from firmware
      
      * respect passive scan requests from user space
      
      qtnfmac
      
      * fix race in tx path when using multiple interfaces
      
      * cancel ongoing scan when removing the wireless interface
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      20c62c79
  6. 26 Sep, 2017 7 commits