1. 09 1月, 2018 2 次提交
  2. 06 1月, 2018 3 次提交
  3. 05 1月, 2018 8 次提交
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · f737be8d
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree,
      they are:
      
      1) Fix chain filtering when dumping rules via nf_tables_dump_rules().
      
      2) Fix accidental change in NF_CT_STATE_UNTRACKED_BIT through uapi,
         introduced when removing the untracked conntrack object, from
         Florian Westphal.
      
      3) Fix potential nul-dereference when releasing dump filter in
         nf_tables_dump_obj_done(), patch from Hangbin Liu.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f737be8d
    • H
      uapi/if_ether.h: prevent redefinition of struct ethhdr · 6926e041
      Hauke Mehrtens 提交于
      Musl provides its own ethhdr struct definition. Add a guard to prevent
      its definition of the appropriate musl header has already been included.
      
      glibc does not implement this header, but when glibc will implement this
      they can just define __UAPI_DEF_ETHHDR 0 to make it work with the
      kernel.
      Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6926e041
    • W
      ipv6: fix general protection fault in fib6_add() · 7bbfe00e
      Wei Wang 提交于
      In fib6_add(), pn could be NULL if fib6_add_1() failed to return a fib6
      node. Checking pn != fn before accessing pn->leaf makes sure pn is not
      NULL.
      This fixes the following GPF reported by syzkaller:
      general protection fault: 0000 [#1] SMP KASAN
      Dumping ftrace buffer:
         (ftrace buffer empty)
      Modules linked in:
      CPU: 0 PID: 3201 Comm: syzkaller001778 Not tainted 4.15.0-rc5+ #151
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:fib6_add+0x736/0x15a0 net/ipv6/ip6_fib.c:1244
      RSP: 0018:ffff8801c7626a70 EFLAGS: 00010202
      RAX: dffffc0000000000 RBX: 0000000000000020 RCX: ffffffff84794465
      RDX: 0000000000000004 RSI: ffff8801d38935f0 RDI: 0000000000000282
      RBP: ffff8801c7626da0 R08: 1ffff10038ec4c35 R09: 0000000000000000
      R10: ffff8801c7626c68 R11: 0000000000000000 R12: 00000000fffffffe
      R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000009
      FS:  0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:0000000009b70840
      CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
      CR2: 0000000020be1000 CR3: 00000001d585a006 CR4: 00000000001606f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       __ip6_ins_rt+0x6c/0x90 net/ipv6/route.c:1006
       ip6_route_multipath_add+0xd14/0x16c0 net/ipv6/route.c:3833
       inet6_rtm_newroute+0xdc/0x160 net/ipv6/route.c:3957
       rtnetlink_rcv_msg+0x733/0x1020 net/core/rtnetlink.c:4411
       netlink_rcv_skb+0x21e/0x460 net/netlink/af_netlink.c:2408
       rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4423
       netlink_unicast_kernel net/netlink/af_netlink.c:1275 [inline]
       netlink_unicast+0x4e8/0x6f0 net/netlink/af_netlink.c:1301
       netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1864
       sock_sendmsg_nosec net/socket.c:636 [inline]
       sock_sendmsg+0xca/0x110 net/socket.c:646
       sock_write_iter+0x31a/0x5d0 net/socket.c:915
       call_write_iter include/linux/fs.h:1772 [inline]
       do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653
       do_iter_write+0x154/0x540 fs/read_write.c:932
       compat_writev+0x225/0x420 fs/read_write.c:1246
       do_compat_writev+0x115/0x220 fs/read_write.c:1267
       C_SYSC_writev fs/read_write.c:1278 [inline]
       compat_SyS_writev+0x26/0x30 fs/read_write.c:1274
       do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
       do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
       entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:125
      Reported-by: Nsyzbot <syzkaller@googlegroups.com>
      Fixes: 66f5d6ce ("ipv6: replace rwlock with rcu and spinlock in fib6_table")
      Signed-off-by: NWei Wang <weiwan@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7bbfe00e
    • M
      RDS: null pointer dereference in rds_atomic_free_op · 7d11f77f
      Mohamed Ghannam 提交于
      set rm->atomic.op_active to 0 when rds_pin_pages() fails
      or the user supplied address is invalid,
      this prevents a NULL pointer usage in rds_atomic_free_op()
      Signed-off-by: NMohamed Ghannam <simo.ghannam@gmail.com>
      Acked-by: NSantosh Shilimkar <santosh.shilimkar@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7d11f77f
    • S
      sh_eth: fix TSU resource handling · dfe8266b
      Sergei Shtylyov 提交于
      When switching  the driver to the managed device API,  I managed to break
      the  case of a  dual Ether devices sharing a single TSU: the 2nd Ether port
      wouldn't probe. Iwamatsu-san has tried to fix this but his patch was buggy
      and he then dropped the ball...
      
      The solution is to  limit calling devm_request_mem_region() to the first
      of  the two  ports  sharing the same TSU, so devm_ioremap_resource() can't
      be used anymore for the TSU resource...
      
      Fixes: d5e07e69 ("sh_eth: use managed device API")
      Reported-by: NNobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com>
      Signed-off-by: NSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dfe8266b
    • J
      net: stmmac: enable EEE in MII, GMII or RGMII only · 879626e3
      Jerome Brunet 提交于
      Note in the databook - Section 4.4 - EEE :
      " The EEE feature is not supported when the MAC is configured to use the
      TBI, RTBI, SMII, RMII or SGMII single PHY interface. Even if the MAC
      supports multiple PHY interfaces, you should activate the EEE mode only
      when the MAC is operating with GMII, MII, or RGMII interface."
      
      Applying this restriction solves a stability issue observed on Amlogic
      gxl platforms operating with RMII interface and the internal PHY.
      
      Fixes: 83bf79b6 ("stmmac: disable at run-time the EEE if not supported")
      Signed-off-by: NJerome Brunet <jbrunet@baylibre.com>
      Tested-by: NArnaud Patard <arnaud.patard@rtp-net.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      879626e3
    • A
      rtnetlink: give a user socket to get_target_net() · f428fe4a
      Andrei Vagin 提交于
      This function is used from two places: rtnl_dump_ifinfo and
      rtnl_getlink. In rtnl_getlink(), we give a request skb into
      get_target_net(), but in rtnl_dump_ifinfo, we give a response skb
      into get_target_net().
      The problem here is that NETLINK_CB() isn't initialized for the response
      skb. In both cases we can get a user socket and give it instead of skb
      into get_target_net().
      
      This bug was found by syzkaller with this call-trace:
      
      kasan: GPF could be caused by NULL-ptr deref or user memory access
      general protection fault: 0000 [#1] SMP KASAN
      Modules linked in:
      CPU: 1 PID: 3149 Comm: syzkaller140561 Not tainted 4.15.0-rc4-mm1+ #47
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
      Google 01/01/2011
      RIP: 0010:__netlink_ns_capable+0x8b/0x120 net/netlink/af_netlink.c:868
      RSP: 0018:ffff8801c880f348 EFLAGS: 00010206
      RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8443f900
      RDX: 000000000000007b RSI: ffffffff86510f40 RDI: 00000000000003d8
      RBP: ffff8801c880f360 R08: 0000000000000000 R09: 1ffff10039101e4f
      R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff86510f40
      R13: 000000000000000c R14: 0000000000000004 R15: 0000000000000011
      FS:  0000000001a1a880(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000020151000 CR3: 00000001c9511005 CR4: 00000000001606e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
        netlink_ns_capable+0x26/0x30 net/netlink/af_netlink.c:886
        get_target_net+0x9d/0x120 net/core/rtnetlink.c:1765
        rtnl_dump_ifinfo+0x2e5/0xee0 net/core/rtnetlink.c:1806
        netlink_dump+0x48c/0xce0 net/netlink/af_netlink.c:2222
        __netlink_dump_start+0x4f0/0x6d0 net/netlink/af_netlink.c:2319
        netlink_dump_start include/linux/netlink.h:214 [inline]
        rtnetlink_rcv_msg+0x7f0/0xb10 net/core/rtnetlink.c:4485
        netlink_rcv_skb+0x21e/0x460 net/netlink/af_netlink.c:2441
        rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4540
        netlink_unicast_kernel net/netlink/af_netlink.c:1308 [inline]
        netlink_unicast+0x4be/0x6a0 net/netlink/af_netlink.c:1334
        netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1897
      
      Cc: Jiri Benc <jbenc@redhat.com>
      Fixes: 79e1ad14 ("rtnetlink: use netnsid to query interface")
      Signed-off-by: NAndrei Vagin <avagin@openvz.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f428fe4a
    • P
      MAINTAINERS: Update my email address. · fb32dd3a
      Pravin B Shelar 提交于
      Signed-off-by: NPravin Shelar <pshelar@ovn.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fb32dd3a
  4. 04 1月, 2018 25 次提交
  5. 03 1月, 2018 2 次提交
    • F
      uapi libc compat: add fallback for unsupported libcs · c0bace79
      Felix Janda 提交于
      libc-compat.h aims to prevent symbol collisions between uapi and libc
      headers for each supported libc. This requires continuous coordination
      between them.
      
      The goal of this commit is to improve the situation for libcs (such as
      musl) which are not yet supported and/or do not wish to be explicitly
      supported, while not affecting supported libcs. More precisely, with
      this commit, unsupported libcs can request the suppression of any
      specific uapi definition by defining the correspondings _UAPI_DEF_*
      macro as 0. This can fix symbol collisions for them, as long as the
      libc headers are included before the uapi headers. Inclusion in the
      other order is outside the scope of this commit.
      
      All infrastructure in order to enable this fallback for unsupported
      libcs is already in place, except that libc-compat.h unconditionally
      defines all _UAPI_DEF_* macros to 1 for all unsupported libcs so that
      any previous definitions are ignored. In order to fix this, this commit
      merely makes these definitions conditional.
      
      This commit together with the musl libc commit
      
      http://git.musl-libc.org/cgit/musl/commit/?id=04983f2272382af92eb8f8838964ff944fbb8258
      
      fixes for example the following compiler errors when <linux/in6.h> is
      included after musl's <netinet/in.h>:
      
      ./linux/in6.h:32:8: error: redefinition of 'struct in6_addr'
      ./linux/in6.h:49:8: error: redefinition of 'struct sockaddr_in6'
      ./linux/in6.h:59:8: error: redefinition of 'struct ipv6_mreq'
      
      The comments referencing glibc are still correct, but this file is not
      only used for glibc any more.
      Signed-off-by: NFelix Janda <felix.janda@posteo.de>
      Reviewed-by: NHauke Mehrtens <hauke@hauke-m.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c0bace79
    • J
      tipc: fix problems with multipoint-to-point flow control · f9c935db
      Jon Maloy 提交于
      In commit 04d7b574 ("tipc: add multipoint-to-point flow control") we
      introduced a protocol for preventing buffer overflow when many group
      members try to simultaneously send messages to the same receiving member.
      
      Stress test of this mechanism has revealed a couple of related bugs:
      
      - When the receiving member receives an advertisement REMIT message from
        one of the senders, it will sometimes prematurely activate a pending
        member and send it the remitted advertisement, although the upper
        limit for active senders has been reached. This leads to accumulation
        of illegal advertisements, and eventually to messages being dropped
        because of receive buffer overflow.
      
      - When the receiving member leaves REMITTED state while a received
        message is being read, we miss to look at the pending queue, to
        activate the oldest pending peer. This leads to some pending senders
        being starved out, and never getting the opportunity to profit from
        the remitted advertisement.
      
      We fix the former in the function tipc_group_proto_rcv() by returning
      directly from the function once it becomes clear that the remitting
      peer cannot leave REMITTED state at that point.
      
      We fix the latter in the function tipc_group_update_rcv_win() by looking
      up and activate the longest pending peer when it becomes clear that the
      remitting peer now can leave REMITTED state.
      Signed-off-by: NJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f9c935db