1. 16 7月, 2017 8 次提交
    • A
      sctp: don't dereference ptr before leaving _sctp_walk_{params, errors}() · b1f5bfc2
      Alexander Potapenko 提交于
      If the length field of the iterator (|pos.p| or |err|) is past the end
      of the chunk, we shouldn't access it.
      
      This bug has been detected by KMSAN. For the following pair of system
      calls:
      
        socket(PF_INET6, SOCK_STREAM, 0x84 /* IPPROTO_??? */) = 3
        sendto(3, "A", 1, MSG_OOB, {sa_family=AF_INET6, sin6_port=htons(0),
               inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0,
               sin6_scope_id=0}, 28) = 1
      
      the tool has reported a use of uninitialized memory:
      
        ==================================================================
        BUG: KMSAN: use of uninitialized memory in sctp_rcv+0x17b8/0x43b0
        CPU: 1 PID: 2940 Comm: probe Not tainted 4.11.0-rc5+ #2926
        Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs
        01/01/2011
        Call Trace:
         <IRQ>
         __dump_stack lib/dump_stack.c:16
         dump_stack+0x172/0x1c0 lib/dump_stack.c:52
         kmsan_report+0x12a/0x180 mm/kmsan/kmsan.c:927
         __msan_warning_32+0x61/0xb0 mm/kmsan/kmsan_instr.c:469
         __sctp_rcv_init_lookup net/sctp/input.c:1074
         __sctp_rcv_lookup_harder net/sctp/input.c:1233
         __sctp_rcv_lookup net/sctp/input.c:1255
         sctp_rcv+0x17b8/0x43b0 net/sctp/input.c:170
         sctp6_rcv+0x32/0x70 net/sctp/ipv6.c:984
         ip6_input_finish+0x82f/0x1ee0 net/ipv6/ip6_input.c:279
         NF_HOOK ./include/linux/netfilter.h:257
         ip6_input+0x239/0x290 net/ipv6/ip6_input.c:322
         dst_input ./include/net/dst.h:492
         ip6_rcv_finish net/ipv6/ip6_input.c:69
         NF_HOOK ./include/linux/netfilter.h:257
         ipv6_rcv+0x1dbd/0x22e0 net/ipv6/ip6_input.c:203
         __netif_receive_skb_core+0x2f6f/0x3a20 net/core/dev.c:4208
         __netif_receive_skb net/core/dev.c:4246
         process_backlog+0x667/0xba0 net/core/dev.c:4866
         napi_poll net/core/dev.c:5268
         net_rx_action+0xc95/0x1590 net/core/dev.c:5333
         __do_softirq+0x485/0x942 kernel/softirq.c:284
         do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:902
         </IRQ>
         do_softirq kernel/softirq.c:328
         __local_bh_enable_ip+0x25b/0x290 kernel/softirq.c:181
         local_bh_enable+0x37/0x40 ./include/linux/bottom_half.h:31
         rcu_read_unlock_bh ./include/linux/rcupdate.h:931
         ip6_finish_output2+0x19b2/0x1cf0 net/ipv6/ip6_output.c:124
         ip6_finish_output+0x764/0x970 net/ipv6/ip6_output.c:149
         NF_HOOK_COND ./include/linux/netfilter.h:246
         ip6_output+0x456/0x520 net/ipv6/ip6_output.c:163
         dst_output ./include/net/dst.h:486
         NF_HOOK ./include/linux/netfilter.h:257
         ip6_xmit+0x1841/0x1c00 net/ipv6/ip6_output.c:261
         sctp_v6_xmit+0x3b7/0x470 net/sctp/ipv6.c:225
         sctp_packet_transmit+0x38cb/0x3a20 net/sctp/output.c:632
         sctp_outq_flush+0xeb3/0x46e0 net/sctp/outqueue.c:885
         sctp_outq_uncork+0xb2/0xd0 net/sctp/outqueue.c:750
         sctp_side_effects net/sctp/sm_sideeffect.c:1773
         sctp_do_sm+0x6962/0x6ec0 net/sctp/sm_sideeffect.c:1147
         sctp_primitive_ASSOCIATE+0x12c/0x160 net/sctp/primitive.c:88
         sctp_sendmsg+0x43e5/0x4f90 net/sctp/socket.c:1954
         inet_sendmsg+0x498/0x670 net/ipv4/af_inet.c:762
         sock_sendmsg_nosec net/socket.c:633
         sock_sendmsg net/socket.c:643
         SYSC_sendto+0x608/0x710 net/socket.c:1696
         SyS_sendto+0x8a/0xb0 net/socket.c:1664
         do_syscall_64+0xe6/0x130 arch/x86/entry/common.c:285
         entry_SYSCALL64_slow_path+0x25/0x25 arch/x86/entry/entry_64.S:246
        RIP: 0033:0x401133
        RSP: 002b:00007fff6d99cd38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
        RAX: ffffffffffffffda RBX: 00000000004002b0 RCX: 0000000000401133
        RDX: 0000000000000001 RSI: 0000000000494088 RDI: 0000000000000003
        RBP: 00007fff6d99cd90 R08: 00007fff6d99cd50 R09: 000000000000001c
        R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
        R13: 00000000004063d0 R14: 0000000000406460 R15: 0000000000000000
        origin:
         save_stack_trace+0x37/0x40 arch/x86/kernel/stacktrace.c:59
         kmsan_save_stack_with_flags mm/kmsan/kmsan.c:302
         kmsan_internal_poison_shadow+0xb1/0x1a0 mm/kmsan/kmsan.c:198
         kmsan_poison_shadow+0x6d/0xc0 mm/kmsan/kmsan.c:211
         slab_alloc_node mm/slub.c:2743
         __kmalloc_node_track_caller+0x200/0x360 mm/slub.c:4351
         __kmalloc_reserve net/core/skbuff.c:138
         __alloc_skb+0x26b/0x840 net/core/skbuff.c:231
         alloc_skb ./include/linux/skbuff.h:933
         sctp_packet_transmit+0x31e/0x3a20 net/sctp/output.c:570
         sctp_outq_flush+0xeb3/0x46e0 net/sctp/outqueue.c:885
         sctp_outq_uncork+0xb2/0xd0 net/sctp/outqueue.c:750
         sctp_side_effects net/sctp/sm_sideeffect.c:1773
         sctp_do_sm+0x6962/0x6ec0 net/sctp/sm_sideeffect.c:1147
         sctp_primitive_ASSOCIATE+0x12c/0x160 net/sctp/primitive.c:88
         sctp_sendmsg+0x43e5/0x4f90 net/sctp/socket.c:1954
         inet_sendmsg+0x498/0x670 net/ipv4/af_inet.c:762
         sock_sendmsg_nosec net/socket.c:633
         sock_sendmsg net/socket.c:643
         SYSC_sendto+0x608/0x710 net/socket.c:1696
         SyS_sendto+0x8a/0xb0 net/socket.c:1664
         do_syscall_64+0xe6/0x130 arch/x86/entry/common.c:285
         return_from_SYSCALL_64+0x0/0x6a arch/x86/entry/entry_64.S:246
        ==================================================================
      Signed-off-by: NAlexander Potapenko <glider@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b1f5bfc2
    • V
      ipv4: ip_do_fragment: fix headroom tests · 254d900b
      Vasily Averin 提交于
      Some time ago David Woodhouse reported skb_under_panic
      when we try to push ethernet header to fragmented ipv6 skbs.
      It was fixed for ipv6 by Florian Westphal in
      commit 1d325d21 ("ipv6: ip6_fragment: fix headroom tests and skb leak")
      
      However similar problem still exist in ipv4.
      
      It does not trigger skb_under_panic due paranoid check
      in ip_finish_output2, however according to Alexey Kuznetsov
      current state is abnormal and ip_fragment should be fixed too.
      Signed-off-by: NVasily Averin <vvs@virtuozzo.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      254d900b
    • Z
      mlx4_en: remove unnecessary returned value check · e36fef66
      Zhu Yanjun 提交于
      The function __mlx4_zone_remove_one_entry always returns zero. So
      it is not necessary to check it.
      
      Cc: Joe Jin <joe.jin@oracle.com>
      Cc: Junxiao Bi <junxiao.bi@oracle.com>
      Signed-off-by: NZhu Yanjun <yanjun.zhu@oracle.com>
      Reviewed-by: NYuval Shaia <yuval.shaia@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e36fef66
    • J
      ioc3-eth: store pointer to net_device for priviate area · dfcc16c9
      Jason A. Donenfeld 提交于
      Computing the alignment manually for going from priv to pub is probably
      not such a good idea, and in general the assumption that going from priv
      to pub is possible trivially could change, so rather than relying on
      that, we change things to just store a pointer to pub. This was sugested
      by DaveM in [1].
      
      [1] http://www.spinics.net/lists/netdev/msg443992.htmlSigned-off-by: NJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dfcc16c9
    • D
      Merge branch 'bgmac-stingray-soc' · 521ea952
      David S. Miller 提交于
      Abhishek Shah says:
      
      ====================
      Extend BGMAC driver for Stingray SoC
      
      The patchset extends Broadcom BGMAC driver for Broadcom Stingray SoC.
      
      This patchset is based on Linux-4.12 and tested on NS2 and Stingray.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      521ea952
    • A
      Documentation: devicetree: net: optional idm regs for bgmac · 10d79f7d
      Abhishek Shah 提交于
      Specifying IDM register space in DT is not mendatory for SoCs
      where firmware takes care of IDM operations. This patch updates
      BGMAC driver's DT binding documentation indicating the same.
      Signed-off-by: NAbhishek Shah <abhishek.shah@broadcom.com>
      Reviewed-by: NRay Jui <ray.jui@broadcom.com>
      Reviewed-by: NOza Oza <oza.oza@broadcom.com>
      Reviewed-by: NScott Branden <scott.branden@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      10d79f7d
    • A
      net: ethernet: bgmac: Make IDM register space optional · a163bdb0
      Abhishek Shah 提交于
      IDM operations are usually one time ops and should be done in
      firmware itself. Driver is not supposed to touch IDM registers.
      
      However, for some SoCs', driver is performing IDM read/writes.
      So this patch masks IDM operations in case firmware is taking
      care of IDM operations.
      Signed-off-by: NAbhishek Shah <abhishek.shah@broadcom.com>
      Reviewed-by: NOza Oza <oza.oza@broadcom.com>
      Reviewed-by: NRay Jui <ray.jui@broadcom.com>
      Reviewed-by: NScott Branden <scott.branden@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a163bdb0
    • A
      net: ethernet: bgmac: Remove unnecessary 'return' from platform_bgmac_idm_write · 83a5c5af
      Abhishek Shah 提交于
      Return type for idm register write callback should be void as 'writel'
      API is used for write operation. However, there no need to have 'return'
      in this function.
      Signed-off-by: NAbhishek Shah <abhishek.shah@broadcom.com>
      Reviewed-by: NOza Oza <oza.oza@broadcom.com>
      Reviewed-by: NRay Jui <ray.jui@broadcom.com>
      Reviewed-by: NScott Branden <scott.branden@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      83a5c5af
  2. 15 7月, 2017 7 次提交
    • X
      sctp: fix an array overflow when all ext chunks are set · 10b3bf54
      Xin Long 提交于
      Marcelo noticed an array overflow caused by commit c28445c3
      ("sctp: add reconf_enable in asoc ep and netns"), in which sctp
      would add SCTP_CID_RECONF into extensions when reconf_enable is
      set in sctp_make_init and sctp_make_init_ack.
      
      Then now when all ext chunks are set, 4 ext chunk ids can be put
      into extensions array while extensions array size is 3. It would
      cause a kernel panic because of this overflow.
      
      This patch is to fix it by defining extensions array size is 4 in
      both sctp_make_init and sctp_make_init_ack.
      
      Fixes: c28445c3 ("sctp: add reconf_enable in asoc ep and netns")
      Signed-off-by: NXin Long <lucien.xin@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      10b3bf54
    • A
      liquidio: fix possible eeprom format string overflow · 56c0da49
      Arnd Bergmann 提交于
      gcc reports that the temporary buffer for computing the
      string length may be too small here:
      
      drivers/net/ethernet/cavium/liquidio/lio_ethtool.c: In function 'lio_get_eeprom_len':
      /drivers/net/ethernet/cavium/liquidio/lio_ethtool.c:345:21: error: 'sprintf' may write a terminating nul past the end of the destination [-Werror=format-overflow=]
        len = sprintf(buf, "boardname:%s serialnum:%s maj:%lld min:%lld\n",
                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      drivers/net/ethernet/cavium/liquidio/lio_ethtool.c:345:6: note: 'sprintf' output between 35 and 167 bytes into a destination of size 128
        len = sprintf(buf, "boardname:%s serialnum:%s maj:%lld min:%lld\n",
      
      This extends it to 192 bytes, which is certainly enough. As far
      as I could tell, there are no other constraints that require a specific
      maximum size.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      56c0da49
    • A
      vmxnet3: avoid format strint overflow warning · c7673e4d
      Arnd Bergmann 提交于
      gcc-7 notices that "-event-%d" could be more than 11 characters long
      if we had larger 'vector' numbers:
      
      drivers/net/vmxnet3/vmxnet3_drv.c: In function 'vmxnet3_activate_dev':
      drivers/net/vmxnet3/vmxnet3_drv.c:2095:40: error: 'sprintf' may write a terminating nul past the end of the destination [-Werror=format-overflow=]
      sprintf(intr->event_msi_vector_name, "%s-event-%d",
                                           ^~~~~~~~~~~~~
      drivers/net/vmxnet3/vmxnet3_drv.c:2095:3: note: 'sprintf' output between 9 and 33 bytes into a destination of size 32
      
      The current code is safe, but making the string a little longer
      is harmless and lets gcc see that it's ok.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c7673e4d
    • A
      net: thunder_bgx: avoid format string overflow warning · c41626ce
      Arnd Bergmann 提交于
      gcc warns that the temporary buffer might be too small here:
      
      drivers/net/ethernet/cavium/thunder/thunder_bgx.c: In function 'bgx_probe':
      drivers/net/ethernet/cavium/thunder/thunder_bgx.c:1020:16: error: '%d' directive writing between 1 and 10 bytes into a region of size between 9 and 11 [-Werror=format-overflow=]
      sprintf(str, "BGX%d LMAC%d mode", bgx->bgx_id, lmacid);
                   ^~~~~~~~~~~~~~~~~~~
      drivers/net/ethernet/cavium/thunder/thunder_bgx.c:1020:16: note: directive argument in the range [0, 2147483647]
      drivers/net/ethernet/cavium/thunder/thunder_bgx.c:1020:3: note: 'sprintf' output between 16 and 27 bytes into a destination of size 20
      
      This probably can't happen, but it can't hurt to make it long
      enough for the theoretical limit.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c41626ce
    • A
      bnx2x: fix format overflow warning · be9cdf1b
      Arnd Bergmann 提交于
      gcc notices that large queue numbers would overflow the queue name
      string:
      
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c: In function 'bnx2x_get_strings':
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c:3165:25: error: '%d' directive writing between 1 and 10 bytes into a region of size 5 [-Werror=format-overflow=]
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c:3165:25: note: directive argument in the range [0, 2147483647]
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c:3165:5: note: 'sprintf' output between 2 and 11 bytes into a destination of size 5
      
      There is a hard limit in place that makes the number at most two
      digits, so the code is fine. This changes it to use snprintf()
      to truncate instead of overflowing, which shuts up that warning.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      be9cdf1b
    • A
      net: niu: fix format string overflow warning: · 73066f6c
      Arnd Bergmann 提交于
      We get a warning for the port_name string that might be longer than
      six characters if we had more than 10 ports:
      
      drivers/net/ethernet/sun/niu.c: In function 'niu_put_parent':
      drivers/net/ethernet/sun/niu.c:9563:21: error: '%d' directive writing between 1 and 3 bytes into a region of size 2 [-Werror=format-overflow=]
        sprintf(port_name, "port%d", port);
                           ^~~~~~~~
      drivers/net/ethernet/sun/niu.c:9563:21: note: directive argument in the range [0, 255]
      drivers/net/ethernet/sun/niu.c:9563:2: note: 'sprintf' output between 6 and 8 bytes into a destination of size 6
        sprintf(port_name, "port%d", port);
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      drivers/net/ethernet/sun/niu.c: In function 'niu_pci_init_one':
      drivers/net/ethernet/sun/niu.c:9538:22: error: '%d' directive writing between 1 and 3 bytes into a region of size 2 [-Werror=format-overflow=]
         sprintf(port_name, "port%d", port);
                            ^~~~~~~~
      drivers/net/ethernet/sun/niu.c:9538:22: note: directive argument in the range [0, 255]
      drivers/net/ethernet/sun/niu.c:9538:3: note: 'sprintf' output between 6 and 8 bytes into a destination of size 6
      
      While we know that the port number is small, there is no harm in
      making the format string two bytes longer to avoid the warning.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      73066f6c
    • A
      isdn: divert: fix sprintf buffer overflow warning · 45e0b4b3
      Arnd Bergmann 提交于
      One string we pass into the cs->info buffer might be too long,
      as pointed out by gcc:
      
      drivers/isdn/divert/isdn_divert.c: In function 'll_callback':
      drivers/isdn/divert/isdn_divert.c:488:22: error: '%d' directive writing between 1 and 3 bytes into a region of size between 1 and 69 [-Werror=format-overflow=]
       sprintf(cs->info, "%d 0x%lx %s %s %s %s 0x%x 0x%x %d %d %s\n",
                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      drivers/isdn/divert/isdn_divert.c:488:22: note: directive argument in the range [0, 255]
      drivers/isdn/divert/isdn_divert.c:488:4: note: 'sprintf' output 25 or more bytes (assuming 129) into a destination of size 90
      
      This is unlikely to actually cause problems, so let's use snprintf
      as a simple workaround to shut  up the warning and truncate the
      buffer instead.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      45e0b4b3
  3. 14 7月, 2017 19 次提交
  4. 13 7月, 2017 6 次提交
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · edaf3825
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
      1) Fix 64-bit division in mlx5 IPSEC offload support, from Ilan Tayari
         and Arnd Bergmann.
      
      2) Fix race in statistics gathering in bnxt_en driver, from Michael
         Chan.
      
      3) Can't use a mutex in RCU reader protected section on tap driver, from
         Cong WANG.
      
      4) Fix mdb leak in bridging code, from Eduardo Valentin.
      
      5) Fix free of wrong pointer variable in nfp driver, from Dan Carpenter.
      
      6) Buffer overflow in brcmfmac driver, from Arend van SPriel.
      
      7) ioremap_nocache() return value needs to be checked in smsc911x
         driver, from Alexey Khoroshilov.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (34 commits)
        net: stmmac: revert "support future possible different internal phy mode"
        sfc: don't read beyond unicast address list
        datagram: fix kernel-doc comments
        socket: add documentation for missing elements
        smsc911x: Add check for ioremap_nocache() return code
        brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
        net: hns: Bugfix for Tx timeout handling in hns driver
        net: ipmr: ipmr_get_table() returns NULL
        nfp: freeing the wrong variable
        mlxsw: spectrum_switchdev: Check status of memory allocation
        mlxsw: spectrum_switchdev: Remove unused variable
        mlxsw: spectrum_router: Fix use-after-free in route replace
        mlxsw: spectrum_router: Add missing rollback
        samples/bpf: fix a build issue
        bridge: mdb: fix leak on complete_info ptr on fail path
        tap: convert a mutex to a spinlock
        cxgb4: fix BUG() on interrupt deallocating path of ULD
        qed: Fix printk option passed when printing ipv6 addresses
        net: Fix minor code bug in timestamping.txt
        net: stmmac: Make 'alloc_dma_[rt]x_desc_resources()' look even closer
        ...
      edaf3825
    • L
      disable new gcc-7.1.1 warnings for now · bd664f6b
      Linus Torvalds 提交于
      I made the mistake of upgrading my desktop to the new Fedora 26 that
      comes with gcc-7.1.1.
      
      There's nothing wrong per se that I've noticed, but I now have 1500
      lines of warnings, mostly from the new format-truncation warning
      triggering all over the tree.
      
      We use 'snprintf()' and friends in a lot of places, and often know that
      the numbers are fairly small (ie a controller index or similar), but gcc
      doesn't know that, and sees an 'int', and thinks that it could be some
      huge number.  And then complains when our buffers are not able to fit
      the name for the ten millionth controller.
      
      These warnings aren't necessarily bad per se, and we probably want to
      look through them subsystem by subsystem, but at least during the merge
      window they just mean that I can't even see if somebody is introducing
      any *real* problems when I pull.
      
      So warnings disabled for now.
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      bd664f6b
    • L
      Merge tag 'modules-for-v4.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux · 3a75ad14
      Linus Torvalds 提交于
      Pull modules updates from Jessica Yu:
       "Summary of modules changes for the 4.13 merge window:
      
         - Minor code cleanups
      
         - Avoid accessing mod struct prior to checking module struct version,
           from Kees
      
         - Fix racy atomic inc/dec logic of kmod_concurrent_max in kmod, from
           Luis"
      
      * tag 'modules-for-v4.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux:
        module: make the modinfo name const
        kmod: reduce atomic operations on kmod_concurrent and simplify
        module: use list_for_each_entry_rcu() on find_module_all()
        kernel/module.c: suppress warning about unused nowarn variable
        module: Add module name to modinfo
        module: Pass struct load_info into symbol checks
      3a75ad14
    • L
      net: stmmac: revert "support future possible different internal phy mode" · d93b07f8
      LABBE Corentin 提交于
      Since internal phy-mode is reserved for non-xMII protocol we cannot use
      it with dwmac-sun8i.
      Furthermore, all DT patchs which comes with this patch were cleaned, so
      the current state is broken.
      This reverts commit 1c2fa5f8 ("net: stmmac: support future possible different internal phy mode")
      
      Fixes: 1c2fa5f8 ("net: stmmac: support future possible different internal phy mode")
      Signed-off-by: NCorentin Labbe <clabbe.montjoie@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d93b07f8
    • B
      sfc: don't read beyond unicast address list · c70d6815
      Bert Kenward 提交于
      If we have more than 32 unicast MAC addresses assigned to an interface
      we will read beyond the end of the address table in the driver when
      adding filters. The next 256 entries store multicast addresses, so we
      will end up attempting to insert duplicate filters, which is mostly
      harmless. If we add more than 288 unicast addresses we will then read
      past the multicast address table, which is likely to be more exciting.
      
      Fixes: 12fb0da4 ("sfc: clean fallbacks between promisc/normal in efx_ef10_filter_sync_rx_mode")
      Signed-off-by: NBert Kenward <bkenward@solarflare.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c70d6815
    • D
      Merge branch 'net-doc-fixes' · 07b8a7cf
      David S. Miller 提交于
      Stephen Hemminger says:
      
      ====================
      minor net kernel-doc fixes
      
      Fix a couple of small errors in kernel-doc for networking
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      07b8a7cf