- 19 Dec, 2013 4 commits
-
-
Salva Peiró authored
The yam_ioctl() code fails to initialise the cmd field of the struct yamdrv_ioctl_cfg. Add an explicit memset(0) before filling the structure to avoid the 4-byte info leak. Signed-off-by: Salva Peiró <speiro@ai2.upv.es> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Wenliang Fan authored
The local variable 'bi' comes from userspace. If userspace passed a large number to 'bi.data.calibrate', there would be an integer overflow in the following line: s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16; Signed-off-by: Wenliang Fan <fanwlexca@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Wei Yongjun authored
'err' is overwrited to 0 after maybe_pull_tail() call, so the error code was not set if skb_partial_csum_set() call failed. Fix to return error -EPROTO from those error handling case instead of 0. Fixes: d52eb0d4 ('xen-netback: make sure skb linear area covers checksum field') Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Acked-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Daniel Borkmann authored
Jakub reported while working with nlmon netlink sniffer that parts of the inet_diag_sockid are not initialized when r->idiag_family != AF_INET6. That is, fields of r->id.idiag_src[1 ... 3], r->id.idiag_dst[1 ... 3]. In fact, it seems that we can leak 6 * sizeof(u32) byte of kernel [slab] memory through this. At least, in udp_dump_one(), we allocate a skb in ... rep = nlmsg_new(sizeof(struct inet_diag_msg) + ..., GFP_KERNEL); ... and then pass that to inet_sk_diag_fill() that puts the whole struct inet_diag_msg into the skb, where we only fill out r->id.idiag_src[0], r->id.idiag_dst[0] and leave the rest untouched: r->id.idiag_src[0] = inet->inet_rcv_saddr; r->id.idiag_dst[0] = inet->inet_daddr; struct inet_diag_msg embeds struct inet_diag_sockid that is correctly / fully filled out in IPv6 case, but for IPv4 not. So just zero them out by using plain memset (for this little amount of bytes it's probably not worth the extra check for idiag_family == AF_INET). Similarly, fix also other places where we fill that out. Reported-by: Jakub Zawadzki <darkjames-ws@darkjames.pl> Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 18 Dec, 2013 13 commits
-
-
Eric Dumazet authored
While testing my changes for TSO support in SIT devices, I was using sit0 tunnel which appears to include nopmtudisc flag. But using : ip tun add sittun mode sit remote $REMOTE_IPV4 local $LOCAL_IPV4 \ dev $IFACE We get a tunnel which rejects too long packets because of the mtu check which is not yet GSO aware. erd:~# ip tunnel sittun: ipv6/ip remote 10.246.17.84 local 10.246.17.83 ttl inherit 6rd-prefix 2002::/16 sit0: ipv6/ip remote any local any ttl 64 nopmtudisc 6rd-prefix 2002::/16 This patch is based on an excellent report from Michal Shmidt. In the future, we probably want to extend the MTU check to do the right thing for GSO packets... Fixes: ("61c1db7f ipv6: sit: add GSO/TSO support") Reported-by: Michal Schmidt <mschmidt@redhat.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Tested-by: Michal Schmidt <mschmidt@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Hannes Frederic Sowa authored
Sockets marked with IPV6_PMTUDISC_PROBE (or later IPV6_PMTUDISC_INTERFACE) don't respect this setting when the outgoing interface supports UFO. We had the same problem in IPv4, which was fixed in commit daba287b ("ipv4: fix DO and PROBE pmtu mode regarding local fragmentation with UFO/CORK"). Also IPV6_DONTFRAG mode did not care about already corked data, thus it may generate a fragmented frame even if this socket option was specified. It also did not care about the length of the ipv6 header and possible options. In the error path allow the user to receive the pmtu notifications via both, rxpmtu method or error queue. The user may opted in for both, so deliver the notification to both error handlers (the handlers check if the error needs to be enqueued). Also report back consistent pmtu values when sending on an already cork-appended socket. Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Peter Korsgaard authored
Certain dm962x revisions contain an bug, where if a USB bulk transfer retry (E.G. if bulk crc mismatch) happens right after a transfer with odd or maxpacket length, the internal tx hardware fifo gets out of sync causing the interface to stop working. Work around it by adding up to 3 bytes of padding to ensure this situation cannot trigger. This workaround also means we never pass multiple-of-maxpacket size skb's to usbnet, so the length adjustment to handle usbnet's padding of those can be removed. Cc: <stable@vger.kernel.org> Reported-by: Joseph Chang <joseph_chang@davicom.com.tw> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Peter Korsgaard authored
The driver nowadays also support dm9620/dm9621a based USB 2.0 ethernet adapters, so adjust module/driver description and Kconfig help text to match. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Peter Korsgaard authored
dm9620/dm9621a require room for 4 byte padding even in dm9601 (3 byte header) mode. Cc: <stable@vger.kernel.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Peter Korsgaard authored
dm9621a is functionally identical to dm9620, so the existing handling can directly be used. Thanks to Davicom for sending me a dongle. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Timo Teräs authored
ipgre_header_parse() needs to parse the tunnel's ip header and it uses mac_header to locate the iphdr. This got broken when gre tunneling was refactored as mac_header is no longer updated to point to iphdr. Introduce skb_pop_mac_header() helper to do the mac_header assignment and use it in ipgre_rcv() to fix msg_name parsing. Bug introduced in commit c5441932 (GRE: Refactor GRE tunneling code.) Cc: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: Timo Teräs <timo.teras@iki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mugunthan V N authored
This patch adds support for enabling In Band mode in 10 mbps speed. RGMII supports 1 Gig and 100 mbps mode for Forced mode of operation. For 10mbps mode it should be configured to in band mode so that link status, duplexity and speed are determined from the RGMII input data stream Signed-off-by: Mugunthan V N <mugunthanvnm@ti.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Ding Tianhong says: ==================== Jay Vosburgh said that the bond_3ad_adapter_speed_changed and bond_3ad_adapter_duplex_changed is called with RTNL only, and the functions will modify the port's information with no further locking, they will not mutex against bond state machine and incoming LACPDU which do not hold RTNL, So I add port lock to protect the port information. But they are not critical bugs, they exist since day one, and till now they have never been hit and reported, because change for speed and duplex is very rare, and will not occur critical problem. The comments in the function is very old, cleanup the comments together. ==================== Signed-off-by: Jay Vosburgh <fubar@us.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
dingtianhong authored
The bond_3ad_handle_link_change is called with RTNL only, and the function will modify the port's information with no further locking, it will not mutex against bond state machine and incoming LACPDU which do not hold RTNL, So I add __get_state_machine_lock to protect the port. But it is not a critical bug, it exist since day one, and till now it has never been hit and reported, because changes to speed is very rare, and will not occur critical problem. The comments in the function is very old, cleanup it and add a new pr_debug to debug the port message. Signed-off-by: Ding Tianhong <dingtianhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
dingtianhong authored
Jay Vosburgh said that the bond_3ad_adapter_duplex_changed is called with RTNL only, and the function will modify the port's information with no further locking, it will not mutex against bond state machine and incoming LACPDU which do not hold RTNL, So I add __get_state_machine_lock to protect the port. But it is not a critical bug, it exist since day one, and till now it has never been hit and reported, because changes to speed is very rare, and will not occur critical problem. The comments in the function is very old, cleanup it. Suggested-by: Jay Vosburgh <fubar@us.ibm.com> Signed-off-by: Ding Tianhong <dingtianhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
dingtianhong authored
Jay Vosburgh said that the bond_3ad_adapter_speed_changed is called with RTNL only, and the function will modify the port's information with no further locking, it will not mutex against bond state machine and incoming LACPDU which do not hold RTNL, So I add __get_state_machine_lock to protect the port. But it is not a critical bug, it exist since day one, and till now it has never been hit and reported, because changes to speed is very rare, and will not occur critical problem. The comment in the function is very old, cleanup it. Suggested-by: Jay Vosburgh <fubar@us.ibm.com> Signed-off-by: Ding Tianhong <dingtianhong@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://people.freedesktop.org/~airlied/linuxLinus Torvalds authored
Pull drm fixes from Dave Airlie: "Definitely seems quieter this week, Radeon, intel, intel broadwell, vmwgfx, ttm, armada, and a couple of core fixes, one revert in radeon Most of these are either going to stable or fixes for things introduced in the merge window" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (30 commits) drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook drm/ttm: Fix accesses through vmas with only partial coverage drm/nouveau: only runtime suspend by default in optimus configuration drm: don't double-free on driver load error Revert "drm/radeon: Implement radeon_pci_shutdown" drm/radeon: add missing display tiling setup for oland drm/radeon: fix typo in cik_copy_dma drm/radeon/cik: plug in missing blit callback drm/radeon/dpm: Fix hwmon crash drm/radeon: Fix sideport problems on certain RS690 boards drm/i915: don't update the dri1 breadcrumb with modesetting DRM: Armada: prime refcounting bug fix DRM: Armada: fix printing of phys_addr_t/dma_addr_t DRM: Armada: destroy framebuffer after helper DRM: Armada: implement lastclose() for fbhelper drm/i915: Repeat eviction search after idling the GPU drm/vmwgfx: Add max surface memory param drm/i915: Fix use-after-free in do_switch drm/i915: fix pm init ordering drm/i915: Hold mutex across i915_gem_release ...
-
- 17 Dec, 2013 23 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: "A quick batch of fixes, including the annoying bad lock stack problem introduced by udp_sk_rx_dst_set() locking change: 1) Use xchg() instead of sk_dst_lock() in udp_sk_rx_dst_set(), from Eric Dumazet. 2) qlcnic bug fixes from Himanshu Madhani and Manish Chopra. 3) Update IPSEC MAINTAINERS entry, from Steffen Klassert. 4) Administrative neigh entry changes should generate netlink notifications the same as event generated ones. From Bob Gilligan. 5) Netfilter SYNPROXY fixes from Patrick McHardy. 6) Netfilter nft_reject endianness fixes from Eric Leblond" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: qlcnic: Dump mailbox registers when mailbox command times out. qlcnic: Fix mailbox processing during diagnostic test qlcnic: Allow firmware dump collection when auto firmware recovery is disabled qlcnic: Fix memory allocation qlcnic: Fix TSS/RSS validation for 83xx/84xx series adapter. qlcnic: Fix TSS/RSS ring validation logic. qlcnic: Fix diagnostic test for all adapters. qlcnic: Fix usage of netif_tx_{wake, stop} api during link change. xen-netback: fix fragments error handling in checksum_setup_ip() neigh: Netlink notification for administrative NUD state change ipv4: improve documentation of ip_no_pmtu_disc net: unix: allow bind to fail on mutex lock MAINTAINERS: Update the IPsec maintainer entry udp: ipv4: do not use sk_dst_lock from softirq context netvsc: don't flush peers notifying work during setting mtu can: peak_usb: fix mem leak in pcan_usb_pro_init() can: ems_usb: fix urb leaks on failure paths sctp: loading sctp when load sctp_probe netfilter: nft_reject: fix endianness in dump function netfilter: SYNPROXY target: restrict to INPUT/FORWARD
-
git://gitorious.org/linux-can/linux-canDavid S. Miller authored
Marc Kleine-Budde says: ==================== this is a pull request with two fixes for net/master, the current release cycle. It consists of a patch by Alexey Khoroshilov from the Linux Driver Verification project, which fixes a memory leak in ems_usb's failure patch. And a patch by me which fixes a memory leak in the peak usb driver. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Himanshu Madhani says: ==================== qlcnic: Bug fixes. This series contains bug fixes for mailbox handling and multi Tx queue support for all supported adapters. changes from v1 -> v2 o updated patch to fix usage of netif_tx_{wake,stop} api during link change as per David Miller's suggestion. o Dropped patch to use spinklock per tx queue for more work. o Added reworked patch for memory allocation failures. o Added patch to allow capturing of dump, when auto recovery is disabled in firmware. o Added patches for mailbox interrupt handling and debugging data for mailbox failure. Please apply to net. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Manish chopra authored
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Manish chopra authored
o Do not enable mailbox polling in case of legacy interrupt. Process mailbox AEN/response from the interrupt. Signed-off-by: Manish Chopra <manish.chopra@qlogic.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Manish Chopra authored
o Allow driver to collect firmware dump, during a forced firmware dump operation, when auto firmware recovery is disabled. Also, during this operation, driver should not allow reset recovery to be performed. Signed-off-by: Manish Chopra <manish.chopra@qlogic.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Manish Chopra authored
o Use vzalloc() instead of kzalloc() for allocation of bootloader size memory. kzalloc() may fail to allocate the size of bootloader Signed-off-by: Manish Chopra <manish.chopra@qlogic.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Himanshu Madhani authored
o Current code was not allowing the user to configure more than one Tx ring using ethtool for 83xx/84xx adapter. This regression was introduced by commit id 18afc102 ("qlcnic: Enable multiple Tx queue support for 83xx/84xx Series adapter.") Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Himanshu Madhani authored
o TSS/RSS ring validation does not take into account that either of these ring values can be 0. This patch fixes this validation and would fail set_channel operation if any of these ring value is 0. This regression was added as part of commit id 34e8c406 ("qlcnic: refactor Tx/SDS ring calculation and validation in driver.") Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Himanshu Madhani authored
o Driver should re-allocate all Tx queues after completing diagnostic tests. This regression was added by commit id c2c5e3a0 ("qlcnic: Enable diagnostic test for multiple Tx queues.") Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Himanshu Madhani authored
o Driver was using netif_tx_{stop,wake}_all_queues() api during link change event. Remove these api calls to manage queue start/stop event, as core networking stack will manage this based on netif_carrier_{on,off} call. These API's were modified as part of commit id 012ec812 ("qlcnic: Multi Tx queue support for 82xx Series adapter.") Signed-off-by: Shahed Shaikh <shahed.shaikh@qlogic.com> Signed-off-by: Himanshu Madhani <himanshu.madhani@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Wei Yongjun authored
Fix to return -EPROTO error if fragments detected in checksum_setup_ip(). Fixes: 1431fb31 ('xen-netback: fix fragment detection in checksum setup') Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Reviewed-by: Paul Durrant <paul.durrant@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Bob Gilligan authored
The neighbour code sends up an RTM_NEWNEIGH netlink notification if the NUD state of a neighbour cache entry is changed by a timer (e.g. from REACHABLE to STALE), even if the lladdr of the entry has not changed. But an administrative change to the the NUD state of a neighbour cache entry that does not change the lladdr (e.g. via "ip -4 neigh change ... nud ...") does not trigger a netlink notification. This means that netlink listeners will not hear about administrative NUD state changes such as from a resolved state to PERMANENT. This patch changes the neighbor code to generate an RTM_NEWNEIGH message when the NUD state of an entry is changed administratively. Signed-off-by: Bob Gilligan <gilligan@aristanetworks.com> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulatorLinus Torvalds authored
Pull regulator/clk fix from Mark Brown: "Fix s2mps11 build This patch fixes a build failure that appeared in v3.13-rc4 due to an RTC/MFD update merged via -mm" * tag 's2mps11-build' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: mfd: s2mps11: Fix build after regmap field rename in sec-core.c
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull timer fixes from Ingo Molnar: "Five self-contained fixlets: - fix clocksource driver build bug - fix two sched_clock() bugs triggering on specific hardware - fix devicetree enumeration bug affecting specific hardware - fix irq handler registration race resulting in boot crash - fix device node refcount bug" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: clocksource: dw_apb_timer_of: Fix support for dts binding "snps,dw-apb-timer" clocksource: dw_apb_timer_of: Fix read_sched_clock clocksource: sunxi: Stop timer from ticking before enabling interrupts clocksource: clksrc-of: Do not drop unheld reference on device node clocksource: armada-370-xp: Register sched_clock after the counter reset clocksource: time-efm32: Select CLKSRC_MMIO
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull scheduler fixes from Ingo Molnar: "Three fixes for scheduler crashes, each triggers in relatively rare, hardware environment dependent situations" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/fair: Rework sched_fair time accounting math64: Add mul_u64_u32_shr() sched: Remove PREEMPT_NEED_RESCHED from generic code sched: Initialize power_orig for overlapping groups
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull perf fix from Ingo Molnar: "An x86/intel event constraint fix" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86: Fix constraint table end marker bug
-
Hannes Frederic Sowa authored
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nfDavid S. Miller authored
Pablo Neira Ayuso says: ==================== The following patchset contains two Netfilter fixes for your net tree, they are: * Fix endianness in nft_reject, the NFTA_REJECT_TYPE netlink attributes was not converted to network byte order as needed by all nfnetlink subsystems, from Eric Leblond. * Restrict SYNPROXY target to INPUT and FORWARD chains, this avoid a possible crash due to misconfigurations, from Patrick McHardy. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sasha Levin authored
This is similar to the set_peek_off patch where calling bind while the socket is stuck in unix_dgram_recvmsg() will block and cause a hung task spew after a while. This is also the last place that did a straightforward mutex_lock(), so there shouldn't be any more of these patches. Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Steffen Klassert authored
Add the IPsec git trees and some pure IPsec modules to the IPsec section in the MAINTAINERS file. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Using sk_dst_lock from softirq context is not supported right now. Instead of adding BH protection everywhere, udp_sk_rx_dst_set() can instead use xchg(), as suggested by David. Reported-by: Fengguang Wu <fengguang.wu@intel.com> Fixes: 97502231 ("udp: ipv4: must add synchronization in udp_sk_rx_dst_set()") Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpioLinus Torvalds authored
Pull GPIO fixes from Linus Walleij: "All but one are long-standing bug fixes that are also tagged for stable - Driver bug fixes for SH PFC, TWL4030, MSM and RCAR. - Update the MAINTAINERS" * tag 'gpio-v3.13-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio: rcar: Fix level interrupt handling gpio: msm: Fix irq mask/unmask by writing bits instead of numbers gpio: twl4030: Fix regression for twl gpio LED output sh-pfc: Fix PINMUX_GPIO macro MAINTAINERS: update GPIO maintainers entry
-