1. 11 Jan, 2016 9 commits
  2. 10 Jan, 2016 5 commits
  3. 09 Jan, 2016 3 commits
  4. 08 Jan, 2016 2 commits
  5. 07 Jan, 2016 3 commits
    • Woojung.Huh@microchip.com's avatar
      net: lan78xx: Fix to write to OTP(One Time Programmable) per magic number. · 9fb6066d
      Woojung.Huh@microchip.com authored
      This patch fixes a bug writing to EEPROM in lan78xx_ethtool_set_eeprom()
      when asked to write to OTP.
      Signed-off-by: default avatarWoojung Huh <woojung.huh@microchip.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9fb6066d
    • Sven Eckelmann's avatar
      batman-adv: Fix invalid read while copying bat_iv.bcast_own · 13bbdd37
      Sven Eckelmann authored
      batadv_iv_ogm_orig_del_if removes a part of the bcast_own which previously
      belonged to the now removed interface. This is done by copying all data
      which comes before the removed interface and then appending all the data
      which comes after the removed interface.
      
      The address calculation for the position of the data which comes after the
      removed interface assumed that the bat_iv.bcast_own is a pointer to a
      single byte datatype. But it is a pointer to unsigned long and thus the
      calculated position was wrong off factor sizeof(unsigned long).
      
      Fixes: 83a8342678a0 ("more basic routing code added (forwarding packets /
      bitarray added)")
      Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
      Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
      Signed-off-by: default avatarAntonio Quartulli <a@unstable.cc>
      13bbdd37
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 51cb67c0
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "As usual, there are a couple straggler bug fixes:
      
         1) qlcnic_alloc_mbx_args() error returns are not checked in qlcnic
            driver.  Fix from Insu Yun.
      
         2) SKB refcounting bug in connector, from Florian Westphal.
      
         3) vrf_get_saddr() has to propagate fib_lookup() errors to it's
            callers, from David Ahern.
      
         4) Fix AF_UNIX splice/bind deadlock, from Rainer Weikusat.
      
         5) qdisc_rcu_free() fails to free the per-cpu qstats.  Fix from John
            Fastabend.
      
         6) vmxnet3 driver passes wrong page to dma_map_page(), fix from
           Shrikrishna Khare.
      
         7) Don't allow zero cwnd in tcp_cwnd_reduction(), from Yuchung Cheng"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        tcp: fix zero cwnd in tcp_cwnd_reduction
        Driver: Vmxnet3: Fix regression caused by 5738a09d
        net: qmi_wwan: Add WeTelecom-WPD600N
        mkiss: fix scribble on freed memory
        net: possible use after free in dst_release
        net: sched: fix missing free per cpu on qstats
        ARM: net: bpf: fix zero right shift
        6pack: fix free memory scribbles
        net: filter: make JITs zero A for SKF_AD_ALU_XOR_X
        bridge: Only call /sbin/bridge-stp for the initial network namespace
        af_unix: Fix splice-bind deadlock
        net: Propagate lookup failure in l3mdev_get_saddr to caller
        r8152: add reset_resume function
        connector: bump skb->users before callback invocation
        cxgb4: correctly handling failed allocation
        qlcnic: correctly handle qlcnic_alloc_mbx_args
      51cb67c0
  6. 06 Jan, 2016 9 commits
  7. 05 Jan, 2016 8 commits
    • Hannes Frederic Sowa's avatar
      bridge: Only call /sbin/bridge-stp for the initial network namespace · ff621985
      Hannes Frederic Sowa authored
      [I stole this patch from Eric Biederman. He wrote:]
      
      > There is no defined mechanism to pass network namespace information
      > into /sbin/bridge-stp therefore don't even try to invoke it except
      > for bridge devices in the initial network namespace.
      >
      > It is possible for unprivileged users to cause /sbin/bridge-stp to be
      > invoked for any network device name which if /sbin/bridge-stp does not
      > guard against unreasonable arguments or being invoked twice on the
      > same network device could cause problems.
      
      [Hannes: changed patch using netns_eq]
      
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ff621985
    • Linus Torvalds's avatar
      Merge tag 'trace-v4.4-rc4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · ee9a7d2c
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
       "Two more fixes:
      
        1. The recordmcount change had an output that used sprintf()
           (incorrectly) when it should have been a fprintf() to stderr.
      
        2. The printk_formats file could crash if someone added a
           trace_printk() in the core kernel, and also added one in a module.
           This does not affect production kernels.  Only kernels where
           developers add trace_printk() for debugging can crash"
      
      * tag 'trace-v4.4-rc4-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Fix setting of start_index in find_next()
        ftrace/scripts: Fix incorrect use of sprintf in recordmcount
      ee9a7d2c
    • Linus Torvalds's avatar
      Merge branch 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile · 3331f99a
      Linus Torvalds authored
      Pull tile bugfix from Chris Metcalf:
       "This fixes a bug that Sudip's buildbot found for tilepro allmodconfig.
      
        I've tagged it for stable only back to 3.19, which was when most of
        the other affected architectures added their support for working
        around this issue"
      
      * 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile:
        tile: provide CONFIG_PAGE_SIZE_64KB etc for tilepro
      3331f99a
    • Chris Metcalf's avatar
      tile: provide CONFIG_PAGE_SIZE_64KB etc for tilepro · c1b27ab5
      Chris Metcalf authored
      This allows the build system to know that it can't attempt to
      configure the Lustre virtual block device, for example, when tilepro
      is using 64KB pages (as it does by default).  The tilegx build
      already provided those symbols.
      
      Previously we required that the tilepro hypervisor be rebuilt with
      a different hardcoded page size in its headers, and then Linux be
      rebuilt using the updated hypervisor header.  Now we allow each of
      the hypervisor and Linux to be built independently.  We still check
      at boot time to ensure that the page size provided by the hypervisor
      matches what Linux expects.
      Signed-off-by: default avatarChris Metcalf <cmetcalf@ezchip.com>
      Cc: stable@vger.kernel.org [3.19+]
      c1b27ab5
    • Rainer Weikusat's avatar
      af_unix: Fix splice-bind deadlock · c845acb3
      Rainer Weikusat authored
      On 2015/11/06, Dmitry Vyukov reported a deadlock involving the splice
      system call and AF_UNIX sockets,
      
      http://lists.openwall.net/netdev/2015/11/06/24
      
      The situation was analyzed as
      
      (a while ago) A: socketpair()
      B: splice() from a pipe to /mnt/regular_file
      	does sb_start_write() on /mnt
      C: try to freeze /mnt
      	wait for B to finish with /mnt
      A: bind() try to bind our socket to /mnt/new_socket_name
      	lock our socket, see it not bound yet
      	decide that it needs to create something in /mnt
      	try to do sb_start_write() on /mnt, block (it's
      	waiting for C).
      D: splice() from the same pipe to our socket
      	lock the pipe, see that socket is connected
      	try to lock the socket, block waiting for A
      B:	get around to actually feeding a chunk from
      	pipe to file, try to lock the pipe.  Deadlock.
      
      on 2015/11/10 by Al Viro,
      
      http://lists.openwall.net/netdev/2015/11/10/4
      
      The patch fixes this by removing the kern_path_create related code from
      unix_mknod and executing it as part of unix_bind prior acquiring the
      readlock of the socket in question. This means that A (as used above)
      will sb_start_write on /mnt before it acquires the readlock, hence, it
      won't indirectly block B which first did a sb_start_write and then
      waited for a thread trying to acquire the readlock. Consequently, A
      being blocked by C waiting for B won't cause a deadlock anymore
      (effectively, both A and B acquire two locks in opposite order in the
      situation described above).
      
      Dmitry Vyukov(<dvyukov@google.com>) tested the original patch.
      Signed-off-by: default avatarRainer Weikusat <rweikusat@mobileactivedefense.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c845acb3
    • David Ahern's avatar
      net: Propagate lookup failure in l3mdev_get_saddr to caller · b5bdacf3
      David Ahern authored
      Commands run in a vrf context are not failing as expected on a route lookup:
          root@kenny:~# ip ro ls table vrf-red
          unreachable default
      
          root@kenny:~# ping -I vrf-red -c1 -w1 10.100.1.254
          ping: Warning: source address might be selected on device other than vrf-red.
          PING 10.100.1.254 (10.100.1.254) from 0.0.0.0 vrf-red: 56(84) bytes of data.
      
          --- 10.100.1.254 ping statistics ---
          2 packets transmitted, 0 received, 100% packet loss, time 999ms
      
      Since the vrf table does not have a route for 10.100.1.254 the ping
      should have failed. The saddr lookup causes a full VRF table lookup.
      Propogating a lookup failure to the user allows the command to fail as
      expected:
      
          root@kenny:~# ping -I vrf-red -c1 -w1 10.100.1.254
          connect: No route to host
      Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b5bdacf3
    • hayeswang's avatar
      r8152: add reset_resume function · 7ec2541a
      hayeswang authored
      When the reset_resume() is called, the flag of SELECTIVE_SUSPEND should be
      cleared and reinitialize the device, whether the SELECTIVE_SUSPEND is set
      or not. If reset_resume() is called, it means the power supply is cut or the
      device is reset. That is, the device wouldn't be in runtime suspend state and
      the reinitialization is necessary.
      Signed-off-by: default avatarHayes Wang <hayeswang@realtek.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7ec2541a
    • Florian Westphal's avatar
      connector: bump skb->users before callback invocation · 55285bf0
      Florian Westphal authored
      Dmitry reports memleak with syskaller program.
      Problem is that connector bumps skb usecount but might not invoke callback.
      
      So move skb_get to where we invoke the callback.
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      55285bf0
  8. 04 Jan, 2016 1 commit