1. 31 Mar, 2016 6 commits
  2. 30 Mar, 2016 22 commits
  3. 29 Mar, 2016 1 commit
    • Bjørn Mork's avatar
      qmi_wwan: add "D-Link DWM-221 B1" device id · e84810c7
      Bjørn Mork authored
      Thomas reports:
      "Windows:
      
      00 diagnostics
      01 modem
      02 at-port
      03 nmea
      04 nic
      
      Linux:
      
      T:  Bus=02 Lev=01 Prnt=01 Port=03 Cnt=01 Dev#=  4 Spd=480 MxCh= 0
      D:  Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
      P:  Vendor=2001 ProdID=7e19 Rev=02.32
      S:  Manufacturer=Mobile Connect
      S:  Product=Mobile Connect
      S:  SerialNumber=0123456789ABCDEF
      C:  #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA
      I:  If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
      I:  If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      I:  If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
      I:  If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage"
      Reported-by: default avatarThomas Schäfer <tschaefer@t-online.de>
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e84810c7
  4. 28 Mar, 2016 11 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 0c84ea17
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for you net tree,
      they are:
      
      1) There was a race condition between parallel save/swap and delete,
         which resulted a kernel crash due to the increase ref for save, swap,
         wrong ref decrease operations. Reported and fixed by Vishwanath Pai.
      
      2) OVS should call into CT NAT for packets of new expected connections only
         when the conntrack state is persisted with the 'commit' option to the
         OVS CT action. From Jarno Rajahalme.
      
      3) Resolve kconfig dependencies with new OVS NAT support. From Arnd Bergmann.
      
      4) Early validation of entry->target_offset to make sure it doesn't take us
         out from the blob, from Florian Westphal.
      
      5) Again early validation of entry->next_offset to make sure it doesn't take
         out from the blob, also from Florian.
      
      6) Check that entry->target_offset is always of of sizeof(struct xt_entry)
         for unconditional entries, when checking both from check_underflow()
         and when checking for loops in mark_source_chains(), again from
         Florian.
      
      7) Fix inconsistent behaviour in nfnetlink_queue when
         NFQA_CFG_F_FAIL_OPEN is set and netlink_unicast() fails due to buffer
         overrun, we have to reinject the packet as the user expects.
      
      8) Enforce nul-terminated table names from getsockopt GET_ENTRIES
         requests.
      
      9) Don't assume skb->sk is set from nft_bridge_reject and synproxy,
         this fixes a recent update of the code to namespaceify
         ip_default_ttl, patch from Liping Zhang.
      
      This batch comes with four patches to validate x_tables blobs coming
      from userspace. CONFIG_USERNS exposes the x_tables interface to
      unpriviledged users and to be honest this interface never received the
      attention for this move away from the CAP_NET_ADMIN domain. Florian is
      working on another round with more patches with more sanity checks, so
      expect a bit more Netfilter fixes in this development cycle than usual.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0c84ea17
    • Liping Zhang's avatar
      netfilter: ipv4: fix NULL dereference · 29421198
      Liping Zhang authored
      Commit fa50d974 ("ipv4: Namespaceify ip_default_ttl sysctl knob")
      use sock_net(skb->sk) to get the net namespace, but we can't assume
      that sk_buff->sk is always exist, so when it is NULL, oops will happen.
      Signed-off-by: default avatarLiping Zhang <liping.zhang@spreadtrum.com>
      Reviewed-by: default avatarNikolay Borisov <kernel@kyup.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      29421198
    • Pablo Neira Ayuso's avatar
      netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES · b301f253
      Pablo Neira Ayuso authored
      Make sure the table names via getsockopt GET_ENTRIES is nul-terminated
      in ebtables and all the x_tables variants and their respective compat
      code. Uncovered by KASAN.
      Reported-by: default avatarBaozeng Ding <sploving1@gmail.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      b301f253
    • Pablo Neira Ayuso's avatar
      netfilter: nfnetlink_queue: honor NFQA_CFG_F_FAIL_OPEN when netlink unicast fails · 93140113
      Pablo Neira Ayuso authored
      When netlink unicast fails to deliver the message to userspace, we
      should also check if the NFQA_CFG_F_FAIL_OPEN flag is set so we reinject
      the packet back to the stack.
      
      I think the user expects no packet drops when this flag is set due to
      queueing to userspace errors, no matter if related to the internal queue
      or when sending the netlink message to userspace.
      
      The userspace application will still get the ENOBUFS error via recvmsg()
      so the user still knows that, with the current configuration that is in
      place, the userspace application is not consuming the messages at the
      pace that the kernel needs.
      Reported-by: default avatar"Yigal Reiss (yreiss)" <yreiss@cisco.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      Tested-by: default avatar"Yigal Reiss (yreiss)" <yreiss@cisco.com>
      93140113
    • Florian Westphal's avatar
      netfilter: x_tables: fix unconditional helper · 54d83fc7
      Florian Westphal authored
      Ben Hawkes says:
      
       In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it
       is possible for a user-supplied ipt_entry structure to have a large
       next_offset field. This field is not bounds checked prior to writing a
       counter value at the supplied offset.
      
      Problem is that mark_source_chains should not have been called --
      the rule doesn't have a next entry, so its supposed to return
      an absolute verdict of either ACCEPT or DROP.
      
      However, the function conditional() doesn't work as the name implies.
      It only checks that the rule is using wildcard address matching.
      
      However, an unconditional rule must also not be using any matches
      (no -m args).
      
      The underflow validator only checked the addresses, therefore
      passing the 'unconditional absolute verdict' test, while
      mark_source_chains also tested for presence of matches, and thus
      proceeeded to the next (not-existent) rule.
      
      Unify this so that all the callers have same idea of 'unconditional rule'.
      Reported-by: default avatarBen Hawkes <hawkes@google.com>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      54d83fc7
    • Florian Westphal's avatar
      netfilter: x_tables: make sure e->next_offset covers remaining blob size · 6e94e0cf
      Florian Westphal authored
      Otherwise this function may read data beyond the ruleset blob.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      6e94e0cf
    • Florian Westphal's avatar
      netfilter: x_tables: validate e->target_offset early · bdf533de
      Florian Westphal authored
      We should check that e->target_offset is sane before
      mark_source_chains gets called since it will fetch the target entry
      for loop detection.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      bdf533de
    • Arnd Bergmann's avatar
      openvswitch: call only into reachable nf-nat code · 99b7248e
      Arnd Bergmann authored
      The openvswitch code has gained support for calling into the
      nf-nat-ipv4/ipv6 modules, however those can be loadable modules
      in a configuration in which openvswitch is built-in, leading
      to link errors:
      
      net/built-in.o: In function `__ovs_ct_lookup':
      :(.text+0x2cc2c8): undefined reference to `nf_nat_icmp_reply_translation'
      :(.text+0x2cc66c): undefined reference to `nf_nat_icmpv6_reply_translation'
      
      The dependency on (!NF_NAT || NF_NAT) prevents similar issues,
      but NF_NAT is set to 'y' if any of the symbols selecting
      it are built-in, but the link error happens when any of them
      are modular.
      
      A second issue is that even if CONFIG_NF_NAT_IPV6 is built-in,
      CONFIG_NF_NAT_IPV4 might be completely disabled. This is unlikely
      to be useful in practice, but the driver currently only handles
      IPv6 being optional.
      
      This patch improves the Kconfig dependency so that openvswitch
      cannot be built-in if either of the two other symbols are set
      to 'm', and it replaces the incorrect #ifdef in ovs_ct_nat_execute()
      with two "if (IS_ENABLED())" checks that should catch all corner
      cases also make the code more readable.
      
      The same #ifdef exists ovs_ct_nat_to_attr(), where it does not
      cause a link error, but for consistency I'm changing it the same
      way.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: 05752523 ("openvswitch: Interface with NAT.")
      Acked-by: default avatarJoe Stringer <joe@ovn.org>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      99b7248e
    • Jarno Rajahalme's avatar
      openvswitch: Fix checking for new expected connections. · 5745b0be
      Jarno Rajahalme authored
      OVS should call into CT NAT for packets of new expected connections only
      when the conntrack state is persisted with the 'commit' option to the
      OVS CT action.  The test for this condition is doubly wrong, as the CT
      status field is ANDed with the bit number (IPS_EXPECTED_BIT) rather
      than the mask (IPS_EXPECTED), and due to the wrong assumption that the
      expected bit would apply only for the first (i.e., 'new') packet of a
      connection, while in fact the expected bit remains on for the lifetime of
      an expected connection.  The 'ctinfo' value IP_CT_RELATED derived from
      the ct status can be used instead, as it is only ever applicable to
      the 'new' packets of the expected connection.
      
      Fixes: 05752523 ('openvswitch: Interface with NAT.')
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarJarno Rajahalme <jarno@ovn.org>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      5745b0be
    • Vishwanath Pai's avatar
      netfilter: ipset: fix race condition in ipset save, swap and delete · 596cf3fe
      Vishwanath Pai authored
      This fix adds a new reference counter (ref_netlink) for the struct ip_set.
      The other reference counter (ref) can be swapped out by ip_set_swap and we
      need a separate counter to keep track of references for netlink events
      like dump. Using the same ref counter for dump causes a race condition
      which can be demonstrated by the following script:
      
      ipset create hash_ip1 hash:ip family inet hashsize 1024 maxelem 500000 \
      counters
      ipset create hash_ip2 hash:ip family inet hashsize 300000 maxelem 500000 \
      counters
      ipset create hash_ip3 hash:ip family inet hashsize 1024 maxelem 500000 \
      counters
      
      ipset save &
      
      ipset swap hash_ip3 hash_ip2
      ipset destroy hash_ip3 /* will crash the machine */
      
      Swap will exchange the values of ref so destroy will see ref = 0 instead of
      ref = 1. With this fix in place swap will not succeed because ipset save
      still has ref_netlink on the set (ip_set_swap doesn't swap ref_netlink).
      
      Both delete and swap will error out if ref_netlink != 0 on the set.
      
      Note: The changes to *_head functions is because previously we would
      increment ref whenever we called these functions, we don't do that
      anymore.
      Reviewed-by: default avatarJoshua Hunt <johunt@akamai.com>
      Signed-off-by: default avatarVishwanath Pai <vpai@akamai.com>
      Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      596cf3fe
    • Charles Keepax's avatar
      net: macb: Only call GPIO functions if there is a valid GPIO · 0e3e7999
      Charles Keepax authored
      GPIOlib will print warning messages if we call GPIO functions without a
      valid GPIO. Change the code to avoid doing so.
      Signed-off-by: default avatarCharles Keepax <ckeepax@opensource.wolfsonmicro.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0e3e7999