1. 11 Jun, 2014 3 commits
  2. 08 Jun, 2014 1 commit
  3. 06 Jun, 2014 4 commits
  4. 05 Jun, 2014 6 commits
  5. 04 Jun, 2014 7 commits
  6. 03 Jun, 2014 10 commits
    • Michal Kubecek's avatar
      xfrm: fix race between netns cleanup and state expire notification · 21ee543e
      Michal Kubecek authored
      The xfrm_user module registers its pernet init/exit after xfrm
      itself so that its net exit function xfrm_user_net_exit() is
      executed before xfrm_net_exit() which calls xfrm_state_fini() to
      cleanup the SA's (xfrm states). This opens a window between
      zeroing net->xfrm.nlsk pointer and deleting all xfrm_state
      instances which may access it (via the timer). If an xfrm state
      expires in this window, xfrm_exp_state_notify() will pass null
      pointer as socket to nlmsg_multicast().
      
      As the notifications are called inside rcu_read_lock() block, it
      is sufficient to retrieve the nlsk socket with rcu_dereference()
      and check the it for null.
      Signed-off-by: default avatarMichal Kubecek <mkubecek@suse.cz>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      21ee543e
    • David S. Miller's avatar
      Merge branch 'cnic' · 1299b3c4
      David S. Miller authored
      Michael Chan says:
      
      ====================
      cnic fixes
      
      Fix 2 sleeping function from invalid context bugs and 1 missing iscsi netlink
      message bug.
      
      v2: Fixed typo in rcu_dereference_protected() and tested with CONFIG_PROVE_RCU
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1299b3c4
    • Michael Chan's avatar
      cnic: Fix missing ISCSI_KEVENT_IF_DOWN message · 59436914
      Michael Chan authored
      The iSCSI netlink message needs to be sent before the ulp_ops is cleared
      as it is sent through a function pointer in the ulp_ops.  This bug
      causes iscsid to not get the message when the bnx2i driver is unloaded.
      Signed-off-by: default avatarMichael Chan <mchan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      59436914
    • Michael Chan's avatar
      cnic: Don't take cnic_dev_lock in cnic_alloc_uio_rings() · 437b8a26
      Michael Chan authored
      We are allocating memory with GFP_KERNEL under spinlock.  Since this is
      the only call manipulating the cnic_udev_list and it is always under
      rtnl_lock, cnic_dev_lock can be safely removed.
      Signed-off-by: default avatarMichael Chan <mchan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      437b8a26
    • Michael Chan's avatar
      cnic: Don't take rcu_read_lock in cnic_rcv_netevent() · 20f30c2d
      Michael Chan authored
      Because the called function, such as bnx2fc_indicate_netevent(), can sleep,
      we cannot take rcu_lock().  To prevent the rcu protected ulp_ops from going
      away, we use the cnic_lock mutex and set the ULP_F_CALL_PENDING flag.
      The code already waits for ULP_F_CALL_PENDING flag to clear in
      cnic_unregister_device().
      Signed-off-by: default avatarMichael Chan <mchan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      20f30c2d
    • Christian Riesch's avatar
      net: davinci_emac: Remove unwanted debug/error message · 74f43922
      Christian Riesch authored
      In commit cd11cf50 I accidentally
      added an error message. I used it for debugging and forgot to remove
      it before submitting the patch.
      Signed-off-by: default avatarChristian Riesch <christian.riesch@omicron.at>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      74f43922
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · cae61ba3
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Unbreak zebra and other netlink apps, from Eric W Biederman.
      
       2) Some new qmi_wwan device IDs, from Aleksander Morgado.
      
       3) Fix info leak in DCB netlink handler of qlcnic driver, from Dan
          Carpenter.
      
       4) inet_getid() and ipv6_select_ident() do not generate monotonically
          increasing ID numbers, fix from Eric Dumazet.
      
       5) Fix memory leak in __sk_prepare_filter(), from Leon Yu.
      
       6) Netlink leftover bytes warning message is user triggerable, rate
          limit it.  From Michal Schmidt.
      
       7) Fix non-linear SKB panic in ipvs, from Peter Christensen.
      
       8) Congestion window undo needs to be performed even if only never
          retransmitted data is SACK'd, fix from Yuching Cheng.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (24 commits)
        net: filter: fix possible memory leak in __sk_prepare_filter()
        net: ec_bhf: Add runtime dependencies
        tcp: fix cwnd undo on DSACK in F-RTO
        netlink: Only check file credentials for implicit destinations
        ipheth: Add support for iPad 2 and iPad 3
        team: fix mtu setting
        net: fix inet_getid() and ipv6_select_ident() bugs
        net: qmi_wwan: interface #11 in Sierra Wireless MC73xx is not QMI
        net: qmi_wwan: add additional Sierra Wireless QMI devices
        bridge: Prevent insertion of FDB entry with disallowed vlan
        netlink: rate-limit leftover bytes warning and print process name
        bridge: notify user space after fdb update
        net: qmi_wwan: add Netgear AirCard 341U
        net: fix wrong mac_len calculation for vlans
        batman-adv: fix NULL pointer dereferences
        net/mlx4_core: Reset RoCE VF gids when guest driver goes down
        emac: aggregation of v1-2 PLB errors for IER register
        emac: add missing support of 10mbit in emac/rgmii
        can: only rename enabled led triggers when changing the netdev name
        ipvs: Fix panic due to non-linear skb
        ...
      cae61ba3
    • Leon Yu's avatar
      net: filter: fix possible memory leak in __sk_prepare_filter() · 418c96ac
      Leon Yu authored
      __sk_prepare_filter() was reworked in commit bd4cf0ed (net: filter:
      rework/optimize internal BPF interpreter's instruction set) so that it should
      have uncharged memory once things went wrong. However that work isn't complete.
      Error is handled only in __sk_migrate_filter() while memory can still leak in
      the error path right after sk_chk_filter().
      
      Fixes: bd4cf0ed ("net: filter: rework/optimize internal BPF interpreter's instruction set")
      Signed-off-by: default avatarLeon Yu <chianglungyu@gmail.com>
      Acked-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
      Tested-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      418c96ac
    • Linus Torvalds's avatar
      Merge tag 'md/3.15-fixes' of git://neil.brown.name/md · ca755175
      Linus Torvalds authored
      Pull two md bugfixes from Neil Brown:
       "Two md bugfixes for possible corruption when restarting reshape
      
        If a raid5/6 reshape is restarted (After stopping and re-assembling
        the array) and the array is marked read-only (or read-auto), then the
        reshape will appear to complete immediately, without actually moving
        anything around.  This can result in corruption.
      
        There are two patches which do much the same thing in different
        places.  They are separate because one is an older bug and so can be
        applied to more -stable kernels"
      
      * tag 'md/3.15-fixes' of git://neil.brown.name/md:
        md: always set MD_RECOVERY_INTR when interrupting a reshape thread.
        md: always set MD_RECOVERY_INTR when aborting a reshape or other "resync".
      ca755175
    • Jean Delvare's avatar
      net: ec_bhf: Add runtime dependencies · 3aab01d8
      Jean Delvare authored
      The ec_bhf driver is specific to the Beckhoff CX embedded PC series.
      These are based on Intel x86 CPU. So we can add a dependency on
      X86, with COMPILE_TEST as an alternative to still allow for broader
      build-testing.
      Signed-off-by: default avatarJean Delvare <jdelvare@suse.de>
      Cc: Darek Marcinkiewicz <reksio@newterm.pl>
      Cc: David S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3aab01d8
  7. 02 Jun, 2014 9 commits
    • Martin K. Petersen's avatar
      libata: Blacklist queued trim for Crucial M500 · 3b8d2676
      Martin K. Petersen authored
      Queued trim only works for some users with MU05 firmware.  Revert to
      blacklisting all firmware versions.
      
      Introduced by commit d121f7d0 ("libata: Update queued trim blacklist
      for M5x0 drives") which this effectively reverts, while retaining the
      blacklisting of M550.
      
      See
      
          https://bugzilla.kernel.org/show_bug.cgi?id=71371
      
      for reports of trouble with MU05 firmware.
      Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3b8d2676
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 92b4e113
      Linus Torvalds authored
      Pull x86 fix from Peter Anvin:
       "A single quite small patch that managed to get overlooked earlier, to
        prevent a user space triggerable oops on systems without HPET"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86, vdso: Fix an OOPS accessing the HPET mapping w/o an HPET
      92b4e113
    • Linus Torvalds's avatar
      Merge tag 'usb-3.15-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 8ee7a330
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are some fixes for 3.15-rc8 that resolve a number of tiny USB
        issues that have been reported, and there are some new device ids as
        well.
      
        All have been tested in linux-next"
      
      * tag 'usb-3.15-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        xhci: delete endpoints from bandwidth list before freeing whole device
        usb: pci-quirks: Prevent Sony VAIO t-series from switching usb ports
        USB: cdc-wdm: properly include types.h
        usb: cdc-wdm: export cdc-wdm uapi header
        USB: serial: option: add support for Novatel E371 PCIe card
        USB: ftdi_sio: add NovaTech OrionLXm product ID
        USB: io_ti: fix firmware download on big-endian machines (part 2)
        USB: Avoid runtime suspend loops for HCDs that can't handle suspend/resume
      8ee7a330
    • Linus Torvalds's avatar
      Merge tag 'staging-3.15-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · da579dd6
      Linus Torvalds authored
      Pull staging driver fixes from Greg KH:
       "Here are some staging driver fixes for 3.15.
      
        Three are for the speakup drivers (one fixes a regression caused in
        3.15-rc, and the other two resolve a tty issue found by Ben Hutchings)
        The comedi and r8192e_pci driver fixes also resolve reported issues"
      
      * tag 'staging-3.15-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: r8192e_pci: fix htons error
        Staging: speakup: Update __speakup_paste_selection() tty (ab)usage to match vt
        Staging: speakup: Move pasting into a work item
        staging: comedi: ni_daq_700: add mux settling delay
        speakup: fix incorrect perms on speakup_acntsa.c
      da579dd6
    • Yuchung Cheng's avatar
      tcp: fix cwnd undo on DSACK in F-RTO · 0cfa5c07
      Yuchung Cheng authored
      This bug is discovered by an recent F-RTO issue on tcpm list
      https://www.ietf.org/mail-archive/web/tcpm/current/msg08794.html
      
      The bug is that currently F-RTO does not use DSACK to undo cwnd in
      certain cases: upon receiving an ACK after the RTO retransmission in
      F-RTO, and the ACK has DSACK indicating the retransmission is spurious,
      the sender only calls tcp_try_undo_loss() if some never retransmisted
      data is sacked (FLAG_ORIG_DATA_SACKED).
      
      The correct behavior is to unconditionally call tcp_try_undo_loss so
      the DSACK information is used properly to undo the cwnd reduction.
      Signed-off-by: default avatarYuchung Cheng <ycheng@google.com>
      Signed-off-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0cfa5c07
    • Eric W. Biederman's avatar
      netlink: Only check file credentials for implicit destinations · 2d7a85f4
      Eric W. Biederman authored
      It was possible to get a setuid root or setcap executable to write to
      it's stdout or stderr (which has been set made a netlink socket) and
      inadvertently reconfigure the networking stack.
      
      To prevent this we check that both the creator of the socket and
      the currentl applications has permission to reconfigure the network
      stack.
      
      Unfortunately this breaks Zebra which always uses sendto/sendmsg
      and creates it's socket without any privileges.
      
      To keep Zebra working don't bother checking if the creator of the
      socket has privilege when a destination address is specified.  Instead
      rely exclusively on the privileges of the sender of the socket.
      
      Note from Andy: This is exactly Eric's code except for some comment
      clarifications and formatting fixes.  Neither I nor, I think, anyone
      else is thrilled with this approach, but I'm hesitant to wait on a
      better fix since 3.15 is almost here.
      
      Note to stable maintainers: This is a mess.  An earlier series of
      patches in 3.15 fix a rather serious security issue (CVE-2014-0181),
      but they did so in a way that breaks Zebra.  The offending series
      includes:
      
          commit aa4cf945
          Author: Eric W. Biederman <ebiederm@xmission.com>
          Date:   Wed Apr 23 14:28:03 2014 -0700
      
              net: Add variants of capable for use on netlink messages
      
      If a given kernel version is missing that series of fixes, it's
      probably worth backporting it and this patch.  if that series is
      present, then this fix is critical if you care about Zebra.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarAndy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2d7a85f4
    • Kristian Evensen's avatar
      ipheth: Add support for iPad 2 and iPad 3 · 22fd2a52
      Kristian Evensen authored
      Each iPad model has a different product id, this patch adds support for iPad 2
      (pid 0x12a2) and iPad 3 (pid 0x12a6). Note that iPad 2 must be jailbroken and a
      third-party app must be used for tethering to work. On iPad 3, tethering works
      out of the box (assuming your ISP is nice).
      Signed-off-by: default avatarKristian Evensen <kristian.evensen@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      22fd2a52
    • Jiri Pirko's avatar
      team: fix mtu setting · 9d0d68fa
      Jiri Pirko authored
      Now it is not possible to set mtu to team device which has a port
      enslaved to it. The reason is that when team_change_mtu() calls
      dev_set_mtu() for port device, notificator for NETDEV_PRECHANGEMTU
      event is called and team_device_event() returns NOTIFY_BAD forbidding
      the change. So fix this by returning NOTIFY_DONE here in case team is
      changing mtu in team_change_mtu().
      
      Introduced-by: 3d249d4c "net: introduce ethernet teaming device"
      Signed-off-by: default avatarJiri Pirko <jiri@resnulli.us>
      Acked-by: default avatarFlavio Leitner <fbl@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9d0d68fa
    • Eric Dumazet's avatar
      net: fix inet_getid() and ipv6_select_ident() bugs · 39c36094
      Eric Dumazet authored
      I noticed we were sending wrong IPv4 ID in TCP flows when MTU discovery
      is disabled.
      Note how GSO/TSO packets do not have monotonically incrementing ID.
      
      06:37:41.575531 IP (id 14227, proto: TCP (6), length: 4396)
      06:37:41.575534 IP (id 14272, proto: TCP (6), length: 65212)
      06:37:41.575544 IP (id 14312, proto: TCP (6), length: 57972)
      06:37:41.575678 IP (id 14317, proto: TCP (6), length: 7292)
      06:37:41.575683 IP (id 14361, proto: TCP (6), length: 63764)
      
      It appears I introduced this bug in linux-3.1.
      
      inet_getid() must return the old value of peer->ip_id_count,
      not the new one.
      
      Lets revert this part, and remove the prevention of
      a null identification field in IPv6 Fragment Extension Header,
      which is dubious and not even done properly.
      
      Fixes: 87c48fa3 ("ipv6: make fragment identifications less predictable")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      39c36094