1. 19 8月, 2016 6 次提交
    • R
      net: bgmac: fix reversed check for MII registration error · b9f63ae7
      Rafał Miłecki 提交于
      It was failing on successful registration returning meaningless errors.
      Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
      Fixes: 55954f3b ("net: ethernet: bgmac: move BCMA MDIO Phy code into a separate file")
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b9f63ae7
    • E
      tcp: fix use after free in tcp_xmit_retransmit_queue() · bb1fceca
      Eric Dumazet 提交于
      When tcp_sendmsg() allocates a fresh and empty skb, it puts it at the
      tail of the write queue using tcp_add_write_queue_tail()
      
      Then it attempts to copy user data into this fresh skb.
      
      If the copy fails, we undo the work and remove the fresh skb.
      
      Unfortunately, this undo lacks the change done to tp->highest_sack and
      we can leave a dangling pointer (to a freed skb)
      
      Later, tcp_xmit_retransmit_queue() can dereference this pointer and
      access freed memory. For regular kernels where memory is not unmapped,
      this might cause SACK bugs because tcp_highest_sack_seq() is buggy,
      returning garbage instead of tp->snd_nxt, but with various debug
      features like CONFIG_DEBUG_PAGEALLOC, this can crash the kernel.
      
      This bug was found by Marco Grassi thanks to syzkaller.
      
      Fixes: 6859d494 ("[TCP]: Abstract tp->highest_sack accessing & point to next skb")
      Reported-by: NMarco Grassi <marco.gra@gmail.com>
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Cc: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Cc: Yuchung Cheng <ycheng@google.com>
      Cc: Neal Cardwell <ncardwell@google.com>
      Acked-by: NNeal Cardwell <ncardwell@google.com>
      Reviewed-by: NCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bb1fceca
    • H
      cxgb4: Fixes resource allocation for ULD's in kdump kernel · e0d8b290
      Hariprasad Shenai 提交于
      At present the code to check in kdump kernel was not disabling
      allocation of resources when CONFIG_CHELSIO_T4_DCB is defined, move the
      code outside #defines so that it gets disabled irrespective of #define,
      when in kdump kernel.
      Signed-off-by: NHariprasad Shenai <hariprasad@chelsio.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e0d8b290
    • D
      net: thunderx: Fix OOPs with ethtool --register-dump · 1423661f
      David Daney 提交于
      The ethtool_ops .get_regs function attempts to read the nonexistent
      register NIC_QSET_SQ_0_7_CNM_CHG, which produces a "bus error" type
      OOPs.
      
      Fix by not attempting to read, and removing the definition of,
      NIC_QSET_SQ_0_7_CNM_CHG.  A zero is written into the register dump to
      keep the layout unchanged.
      Signed-off-by: NDavid Daney <david.daney@cavium.com>
      Cc: <stable@vger.kernel.org> # 4.4.x-
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1423661f
    • Y
      qede: Fix Tx timeout due to xmit_more · 039a3927
      Yuval Mintz 提交于
      Driver uses netif_tx_queue_stopped() to make sure the xmit_more
      indication will be honored, but that only checks for DRV_XOFF.
      
      At the same time, it's possible that during transmission the DQL will
      close the transmission queue with STACK_XOFF indication.
      In re-configuration flows, when the threshold is relatively low, it's
      possible that the device has no pending tranmissions, and during
      tranmission the driver would miss doorbelling the HW.
      Since there are no pending transmission, there will never be a Tx
      completion [and thus the DQL would not remove the STACK_XOFF indication],
      eventually causing the Tx queue to timeout.
      
      While we're at it - also doorbell in case driver has to close the
      transmission queue on its own [although this one is less important -
      if the ring is full, we're bound to receive completion eventually,
      which means the doorbell would only be postponed and not indefinetly
      blocked].
      
      Fixes: 312e0676 ("qede: Utilize xmit_more")
      Signed-off-by: NYuval Mintz <Yuval.Mintz@qlogic.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      039a3927
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 53409afd
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter updates for your net tree,
      they are:
      
      1) Dump only conntrack that belong to this namespace via /proc file.
         This is some fallout from the conversion to single conntrack table
         for all netns, patch from Liping Zhang.
      
      2) Missing MODULE_ALIAS_NF_LOGGER() for the ARP family that prevents
         module autoloading, also from Liping Zhang.
      
      3) Report overquota event to the right netnamespace, again from Liping.
      
      4) Fix tproxy listener sk refcount that leads to crash, from
         Eric Dumazet.
      
      5) Fix racy refcounting on object deletion from nfnetlink and rule
         removal both for nfacct and cttimeout, from Liping Zhang.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      53409afd
  2. 18 8月, 2016 26 次提交
  3. 17 8月, 2016 8 次提交