1. 19 2月, 2019 4 次提交
    • D
      r8152: Add support for MAC address pass through on RTL8153-BD · 8e29d23e
      David Chen 提交于
      RTL8153-BD is used in Dell DA300 type-C dongle.
      It should be added to the whitelist of devices to activate MAC address
      pass through.
      
      Per confirming with Realtek all devices containing RTL8153-BD should
      activate MAC pass through and there won't use pass through bit on efuse
      like in RTL8153-AD.
      Signed-off-by: NDavid Chen <david.chen7@dell.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8e29d23e
    • W
      mac80211: mesh: fix missing unlock on error in table_path_del() · f2ffff08
      Wei Yongjun 提交于
      spin_lock_bh() is used in table_path_del() but rcu_read_unlock()
      is used for unlocking. Fix it by using spin_unlock_bh() instead
      of rcu_read_unlock() in the error handling case.
      
      Fixes: b4c3fbe6 ("mac80211: Use linked list instead of rhashtable walk for mesh tables")
      Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NWei Yongjun <weiyongjun1@huawei.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f2ffff08
    • C
      net/mlx4_en: fix spelling mistake: "quiting" -> "quitting" · 21d2cb49
      Colin Ian King 提交于
      There is a spelling mistake in a en_err error message. Fix it.
      Signed-off-by: NColin Ian King <colin.king@canonical.com>
      Reviewed-by: NTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      21d2cb49
    • M
      net: crypto set sk to NULL when af_alg_release. · 9060cb71
      Mao Wenan 提交于
      KASAN has found use-after-free in sockfs_setattr.
      The existed commit 6d8c50dc ("socket: close race condition between sock_close()
      and sockfs_setattr()") is to fix this simillar issue, but it seems to ignore
      that crypto module forgets to set the sk to NULL after af_alg_release.
      
      KASAN report details as below:
      BUG: KASAN: use-after-free in sockfs_setattr+0x120/0x150
      Write of size 4 at addr ffff88837b956128 by task syz-executor0/4186
      
      CPU: 2 PID: 4186 Comm: syz-executor0 Not tainted xxx + #1
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
      1.10.2-1ubuntu1 04/01/2014
      Call Trace:
       dump_stack+0xca/0x13e
       print_address_description+0x79/0x330
       ? vprintk_func+0x5e/0xf0
       kasan_report+0x18a/0x2e0
       ? sockfs_setattr+0x120/0x150
       sockfs_setattr+0x120/0x150
       ? sock_register+0x2d0/0x2d0
       notify_change+0x90c/0xd40
       ? chown_common+0x2ef/0x510
       chown_common+0x2ef/0x510
       ? chmod_common+0x3b0/0x3b0
       ? __lock_is_held+0xbc/0x160
       ? __sb_start_write+0x13d/0x2b0
       ? __mnt_want_write+0x19a/0x250
       do_fchownat+0x15c/0x190
       ? __ia32_sys_chmod+0x80/0x80
       ? trace_hardirqs_on_thunk+0x1a/0x1c
       __x64_sys_fchownat+0xbf/0x160
       ? lockdep_hardirqs_on+0x39a/0x5e0
       do_syscall_64+0xc8/0x580
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x462589
      Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89
      f7 48 89 d6 48 89
      ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3
      48 c7 c1 bc ff ff
      ff f7 d8 64 89 01 48
      RSP: 002b:00007fb4b2c83c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000104
      RAX: ffffffffffffffda RBX: 000000000072bfa0 RCX: 0000000000462589
      RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000007
      RBP: 0000000000000005 R08: 0000000000001000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb4b2c846bc
      R13: 00000000004bc733 R14: 00000000006f5138 R15: 00000000ffffffff
      
      Allocated by task 4185:
       kasan_kmalloc+0xa0/0xd0
       __kmalloc+0x14a/0x350
       sk_prot_alloc+0xf6/0x290
       sk_alloc+0x3d/0xc00
       af_alg_accept+0x9e/0x670
       hash_accept+0x4a3/0x650
       __sys_accept4+0x306/0x5c0
       __x64_sys_accept4+0x98/0x100
       do_syscall_64+0xc8/0x580
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      Freed by task 4184:
       __kasan_slab_free+0x12e/0x180
       kfree+0xeb/0x2f0
       __sk_destruct+0x4e6/0x6a0
       sk_destruct+0x48/0x70
       __sk_free+0xa9/0x270
       sk_free+0x2a/0x30
       af_alg_release+0x5c/0x70
       __sock_release+0xd3/0x280
       sock_close+0x1a/0x20
       __fput+0x27f/0x7f0
       task_work_run+0x136/0x1b0
       exit_to_usermode_loop+0x1a7/0x1d0
       do_syscall_64+0x461/0x580
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      Syzkaller reproducer:
      r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0,
      0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
      0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
      0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0,
      0xffffffffffffffff, 0x0)
      r1 = socket$alg(0x26, 0x5, 0x0)
      getrusage(0x0, 0x0)
      bind(r1, &(0x7f00000001c0)=@ALG={0x26, 'hash\x00', 0x0, 0x0,
      'sha256-ssse3\x00'}, 0x80)
      r2 = accept(r1, 0x0, 0x0)
      r3 = accept4$unix(r2, 0x0, 0x0, 0x0)
      r4 = dup3(r3, r0, 0x0)
      fchownat(r4, &(0x7f00000000c0)='\x00', 0x0, 0x0, 0x1000)
      
      Fixes: 6d8c50dc ("socket: close race condition between sock_close() and sockfs_setattr()")
      Signed-off-by: NMao Wenan <maowenan@huawei.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9060cb71
  2. 18 2月, 2019 11 次提交
  3. 17 2月, 2019 2 次提交
  4. 16 2月, 2019 19 次提交
    • D
      Merge branch 'net-dsa-b53-VLAN-and-L2-fixes' · 46f37666
      David S. Miller 提交于
      Florian Fainelli says:
      
      ====================
      net: dsa: b53: VLAN and L2 fixes
      
      This patch series contains a collection of fixes to the b53 driver in
      order to:
      
      - consistently program the same default VLAN ID when a port is bridged
        or not
      - properly account for VLAN filtering being turned on/off and turning
        on ingress VID checking accordingly
      - have SYSTEMPORT properly forward BPDU frames to the network stack
        (which it did not)
      - do not assume that WoL is supported by the DSA master network device
        we are connected to
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      46f37666
    • F
      net: dsa: b53: Do not program CPU port's PVID · 10163aae
      Florian Fainelli 提交于
      The CPU port is special and does not need to obey VLAN restrictions as
      far as untagged traffic goes, also, having the CPU port be part of a
      particular PVID is against the idea of keeping it tagged in all VLANs.
      
      Fixes: ca893194 ("net: dsa: b53: Keep CPU port as tagged in all VLANs")
      Signed-off-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      10163aae
    • F
      net: dsa: bcm_sf2: Do not assume DSA master supports WoL · c3152ec4
      Florian Fainelli 提交于
      We assume in the bcm_sf2 driver that the DSA master network device
      supports ethtool_ops::{get,set}_wol operations, which is not a given.
      Avoid de-referencing potentially non-existent function pointers and
      check them as we should.
      
      Fixes: 96e65d7f ("net: dsa: bcm_sf2: add support for Wake-on-LAN")
      Signed-off-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c3152ec4
    • F
      net: systemport: Fix reception of BPDUs · a40061ea
      Florian Fainelli 提交于
      SYSTEMPORT has its RXCHK parser block that attempts to validate the
      packet structures, unfortunately setting the L2 header check bit will
      cause Bridge PDUs (BPDUs) to be incorrectly rejected because they look
      like LLC/SNAP packets with a non-IPv4 or non-IPv6 Ethernet Type.
      
      Fixes: 4e8aedfe78c7 ("net: systemport: Turn on offloads by default")
      Signed-off-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a40061ea
    • F
      net: dsa: b53: Properly account for VLAN filtering · dad8d7c6
      Florian Fainelli 提交于
      VLAN filtering can be built into the kernel, and also dynamically turned
      on/off through the bridge master device. Allow re-configuring the switch
      appropriately to account for that by deciding whether VLAN table
      (v_table) misses should lead to a drop or forward.
      
      Fixes: a2482d2c ("net: dsa: b53: Plug in VLAN support")
      Signed-off-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dad8d7c6
    • F
      net: dsa: b53: Fix default VLAN ID · fea83353
      Florian Fainelli 提交于
      We were not consistent in how the default VID of a given port was
      defined, b53_br_leave() would make sure the VLAN ID would be either 0/1
      depending on the switch generation, but b53_configure_vlan(), which is
      the default configuration would unconditionally set it to 1. The correct
      value is 1 for 5325/5365 series and 0 otherwise. To avoid repeating that
      mistake ever again, introduce a helper function: b53_default_pvid() to
      factor that out.
      
      Fixes: 967dd82f ("net: dsa: b53: Add support for Broadcom RoboSwitch")
      Signed-off-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fea83353
    • W
      net: validate untrusted gso packets without csum offload · d5be7f63
      Willem de Bruijn 提交于
      Syzkaller again found a path to a kernel crash through bad gso input.
      By building an excessively large packet to cause an skb field to wrap.
      
      If VIRTIO_NET_HDR_F_NEEDS_CSUM was set this would have been dropped in
      skb_partial_csum_set.
      
      GSO packets that do not set checksum offload are suspicious and rare.
      Most callers of virtio_net_hdr_to_skb already pass them to
      skb_probe_transport_header.
      
      Move that test forward, change it to detect parse failure and drop
      packets on failure as those cleary are not one of the legitimate
      VIRTIO_NET_HDR_GSO types.
      
      Fixes: bfd5f4a3 ("packet: Add GSO/csum offload support.")
      Fixes: f43798c2 ("tun: Allow GSO using virtio_net_hdr")
      Reported-by: Nsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: NWillem de Bruijn <willemb@google.com>
      Reviewed-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d5be7f63
    • H
      net: Fix for_each_netdev_feature on Big endian · 3b89ea9c
      Hauke Mehrtens 提交于
      The features attribute is of type u64 and stored in the native endianes on
      the system. The for_each_set_bit() macro takes a pointer to a 32 bit array
      and goes over the bits in this area. On little Endian systems this also
      works with an u64 as the most significant bit is on the highest address,
      but on big endian the words are swapped. When we expect bit 15 here we get
      bit 47 (15 + 32).
      
      This patch converts it more or less to its own for_each_set_bit()
      implementation which works on 64 bit integers directly. This is then
      completely in host endianness and should work like expected.
      
      Fixes: fd867d51 ("net/core: generic support for disabling netdev features down stack")
      Signed-off-by: NHauke Mehrtens <hauke.mehrtens@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3b89ea9c
    • P
      net: phy: xgmiitorgmii: Support generic PHY status read · 197f9ab7
      Paul Kocialkowski 提交于
      Some PHY drivers like the generic one do not provide a read_status
      callback on their own but rely on genphy_read_status being called
      directly.
      
      With the current code, this results in a NULL function pointer call.
      Call genphy_read_status instead when there is no specific callback.
      Signed-off-by: NPaul Kocialkowski <paul.kocialkowski@bootlin.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      197f9ab7
    • L
      net: ip6_gre: initialize erspan_ver just for erspan tunnels · 4974d5f6
      Lorenzo Bianconi 提交于
      After commit c706863b ("net: ip6_gre: always reports o_key to
      userspace"), ip6gre and ip6gretap tunnels started reporting TUNNEL_KEY
      output flag even if it is not configured.
      ip6gre_fill_info checks erspan_ver value to add TUNNEL_KEY for
      erspan tunnels, however in commit 84581bda ("erspan: set
      erspan_ver to 1 by default when adding an erspan dev")
      erspan_ver is initialized to 1 even for ip6gre or ip6gretap
      Fix the issue moving erspan_ver initialization in a dedicated routine
      
      Fixes: c706863b ("net: ip6_gre: always reports o_key to userspace")
      Signed-off-by: NLorenzo Bianconi <lorenzo.bianconi@redhat.com>
      Reviewed-by: NGreg Rose <gvrose8192@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4974d5f6
    • D
      Merge tag 'mac80211-for-davem-2019-02-15' of... · a31687e8
      David S. Miller 提交于
      Merge tag 'mac80211-for-davem-2019-02-15' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      
      Johannes Berg says:
      
      ====================
      Just a few fixes this time:
       * mesh rhashtable fixes from Herbert
       * a small error path fix when starting AP interfaces
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a31687e8
    • P
      MIPS: eBPF: Remove REG_32BIT_ZERO_EX · 1910faeb
      Paul Burton 提交于
      REG_32BIT_ZERO_EX and REG_64BIT are always handled in exactly the same
      way, and reg_val_propagate_range() never actually sets any register to
      type REG_32BIT_ZERO_EX.
      
      Remove the redundant & unused REG_32BIT_ZERO_EX.
      Signed-off-by: NPaul Burton <paul.burton@mips.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      1910faeb
    • P
      MIPS: eBPF: Always return sign extended 32b values · 13443154
      Paul Burton 提交于
      The function prototype used to call JITed eBPF code (ie. the type of the
      struct bpf_prog bpf_func field) returns an unsigned int. The MIPS n64
      ABI that MIPS64 kernels target defines that 32 bit integers should
      always be sign extended when passed in registers as either arguments or
      return values.
      
      This means that when returning any value which may not already be sign
      extended (ie. of type REG_64BIT or REG_32BIT_ZERO_EX) we need to perform
      that sign extension in order to comply with the n64 ABI. Without this we
      see strange looking test failures from test_bpf.ko, such as:
      
        test_bpf: #65 ALU64_MOV_X:
          dst = 4294967295 jited:1 ret -1 != -1 FAIL (1 times)
      
      Although the return value printed matches the expected value, this is
      only because printf is only examining the least significant 32 bits of
      the 64 bit register value we returned. The register holding the expected
      value is sign extended whilst the v0 register was set to a zero extended
      value by our JITed code, so when compared by a conditional branch
      instruction the values are not equal.
      
      We already handle this when the return value register is of type
      REG_32BIT_ZERO_EX, so simply extend this to also cover REG_64BIT.
      Signed-off-by: NPaul Burton <paul.burton@mips.com>
      Fixes: b6bd53f9 ("MIPS: Add missing file for eBPF JIT.")
      Cc: stable@vger.kernel.org # v4.13+
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      13443154
    • L
      Merge tag 'for-linus-20190215' of git://git.kernel.dk/linux-block · 24f0a487
      Linus Torvalds 提交于
      Pull block fixes from Jens Axboe:
      
       - Ensure we insert into the hctx dispatch list, if a request is marked
         as DONTPREP (Jianchao)
      
       - NVMe pull request, single missing unlock on error fix (Keith)
      
       - MD pull request, single fix for a potentially data corrupting issue
         (Nate)
      
       - Floppy check_events regression fix (Yufen)
      
      * tag 'for-linus-20190215' of git://git.kernel.dk/linux-block:
        md/raid1: don't clear bitmap bits on interrupted recovery.
        floppy: check_events callback should not return a negative number
        nvme-pci: add missing unlock for reset error
        blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue
      24f0a487
    • L
      Merge tag 'for-5.0/dm-fixes-3' of... · ae3fa8bd
      Linus Torvalds 提交于
      Merge tag 'for-5.0/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - Fix bug in DM crypt's sizing of its block integrity tag space,
         resulting in less memory use when DM crypt layers on DM integrity.
      
       - Fix a long-standing DM thinp crash consistency bug that was due to
         improper handling of FUA. This issue is specific to writes that fill
         an entire thinp block which needs to be allocated.
      
      * tag 'for-5.0/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm thin: fix bug where bio that overwrites thin block ignores FUA
        dm crypt: don't overallocate the integrity tag space
      ae3fa8bd
    • L
      Merge tag 'mmc-v5.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · dfeae337
      Linus Torvalds 提交于
      Pull MMC fixes from Ulf Hansson:
       "A couple of MMC fixes intended for v5.0-rc7.
      
        MMC core:
         - Fix deadlock bug for block I/O requests
      
        MMC host:
         - sunxi: Disable broken HS-DDR mode for H5 by default
         - sunxi: Avoid unsupported speed modes declared via DT
         - meson-gx: Restore interrupt name"
      
      * tag 'mmc-v5.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: meson-gx: fix interrupt name
        mmc: block: handle complete_work on separate workqueue
        mmc: sunxi: Filter out unsupported modes declared in the device tree
        mmc: sunxi: Disable HS-DDR mode for H5 eMMC controller by default
      dfeae337
    • L
      Merge tag 'drm-fixes-2019-02-15-1' of git://anongit.freedesktop.org/drm/drm · 545aabcb
      Linus Torvalds 提交于
      Pull drm fixes from Dave Airlie:
       "Usual pull request, little larger than I'd like but nothing too
        strange in it. Willy found an bug in the lease ioctl calculations, but
        it's a drm master only ioctl which makes it harder to mess with.
      
       i915:
         - combo phy programming fix
         - opregion version check fix for VBT RVDA lookup
         - gem mmap ioctl race fix
         - fbdev hpd during suspend fix
         - array size bounds check fix in pmu
      
        amdgpu:
         - Vega20 psp fix
         - Add vrr range to debugfs for freesync debugging
      
        sched:
         - Scheduler race fix
      
        vkms:
         - license header fixups
      
        imx:
         - Fix CSI register offsets for i.MX51 and i.MX53.
         - Fix delayed page flip completion events on i.MX6QP due to
           unexpected behaviour of the PRE when issuing NOP buffer updates to
           the same buffer address.
         - Stop throwing errors for plane updates on disabled CRTCs when a
           userspace process is killed while a plane update is pending.
         - Add missing of_node_put cleanup in imx_ldb_bind"
      
      * tag 'drm-fixes-2019-02-15-1' of git://anongit.freedesktop.org/drm/drm:
        drm: Use array_size() when creating lease
        drm/amdgpu/psp11: TA firmware is optional (v3)
        drm/i915/opregion: rvda is relative from opregion base in opregion 2.1+
        drm/i915/opregion: fix version check
        drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set
        drm/i915: Block fbdev HPD processing during suspend
        drm/i915/pmu: Fix enable count array size and bounds checking
        drm/i915/cnl: Fix CNL macros for Voltage Swing programming
        drm/i915/icl: combo port vswing programming changes per BSPEC
        drm/vkms: Fix license inconsistent
        drm/amd/display: Expose connector VRR range via debugfs
        drm/sched: Always trace the dependencies we wait on, to fix a race.
        gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change
        gpu: ipu-v3: Fix CSI offsets for imx53
        drm/imx: imx-ldb: add missing of_node_puts
        gpu: ipu-v3: Fix i.MX51 CSI control registers offset
        drm/imx: ignore plane updates on disabled crtcs
      545aabcb
    • L
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 2aba3220
      Linus Torvalds 提交于
      Pull crypto fix from Herbert Xu:
       "This fixes a crash on resume in the ccree driver"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: ccree - fix resume race condition on init
      2aba3220
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 6e7bd3b5
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Fix MAC address setting in mac80211 pmsr code, from Johannes Berg.
      
       2) Probe SFP modules after being attached, from Russell King.
      
       3) Byte ordering bug in SMC rx_curs_confirmed code, from Ursula Braun.
      
       4) Revert some r8169 changes that are causing regressions, from Heiner
          Kallweit.
      
       5) Fix spurious connection timeouts in netfilter nat code, from Florian
          Westphal.
      
       6) SKB leak in tipc, from Hoang Le.
      
       7) Short packet checkum issue in mlx4, similar to a previous mlx5
          change, from Saeed Mahameed. The issue is that whilst padding bytes
          are usually zero, it is not guarateed and the hardware doesn't take
          the padding bytes into consideration when generating the checksum.
      
       8) Fix various races in cls_tcindex, from Cong Wang.
      
       9) Need to set stream ext to NULL before freeing in SCTP code, from Xin
          Long.
      
      10) Fix locking in phy_is_started, from Heiner Kallweit.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (54 commits)
        net: ethernet: freescale: set FEC ethtool regs version
        net: hns: Fix object reference leaks in hns_dsaf_roce_reset()
        mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs
        net: phy: fix potential race in the phylib state machine
        net: phy: don't use locking in phy_is_started
        selftests: fix timestamping Makefile
        net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend()
        net: fix possible overflow in __sk_mem_raise_allocated()
        dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit
        net: phy: fix interrupt handling in non-started states
        sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate
        sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment
        net/mlx5e: XDP, fix redirect resources availability check
        net/mlx5: Fix a compilation warning in events.c
        net/mlx5: No command allowed when command interface is not ready
        net/mlx5e: Fix NULL pointer derefernce in set channels error flow
        netfilter: nft_compat: use-after-free when deleting targets
        team: avoid complex list operations in team_nl_cmd_options_set()
        net_sched: fix two more memory leaks in cls_tcindex
        net_sched: fix a memory leak in cls_tcindex
        ...
      6e7bd3b5
  5. 15 2月, 2019 4 次提交
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace · 02d75040
      Linus Torvalds 提交于
      Pull signal fix from Eric Biederman:
       "Just a single patch that restores PTRACE_EVENT_EXIT functionality that
        was accidentally broken by last weeks fixes"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
        signal: Restore the stop PTRACE_EVENT_EXIT
      02d75040
    • R
      mac80211: Restore vif beacon interval if start ap fails · 83e37e0b
      Rakesh Pillai 提交于
      The starting of AP interface can fail due to invalid
      beacon interval, which does not match the minimum gcd
      requirement set by the wifi driver. In such case, the
      beacon interval of that interface gets updated with
      that invalid beacon interval.
      
      The next time that interface is brought up in AP mode,
      an interface combination check is performed and the
      beacon interval is taken from the previously set value.
      
      In a case where an invalid beacon interval, i.e. a beacon
      interval value which does not satisfy the minimum gcd criteria
      set by the driver, is set, all the subsequent trials to
      bring that interface in AP mode will fail, even if the
      subsequent trials have a valid beacon interval.
      
      To avoid this, in case of a failure in bringing up an
      interface in AP mode due to interface combination error,
      the interface beacon interval which is stored in bss
      conf, needs to be restored with the last working value
      of beacon interval.
      
      Tested on ath10k using WCN3990.
      
      Cc: stable@vger.kernel.org
      Fixes: 0c317a02 ("cfg80211: support virtual interfaces with different beacon intervals")
      Signed-off-by: NRakesh Pillai <pillair@codeaurora.org>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      83e37e0b
    • H
      mac80211: Free mpath object when rhashtable insertion fails · 4ff3a9d1
      Herbert Xu 提交于
      When rhashtable insertion fails the mesh table code doesn't free
      the now-orphan mesh path object.  This patch fixes that.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      4ff3a9d1
    • H
      mac80211: Use linked list instead of rhashtable walk for mesh tables · b4c3fbe6
      Herbert Xu 提交于
      The mesh table code walks over hash tables for two purposes.  First of
      all it's used as part of a netlink dump process, but it is also used
      for looking up entries to delete using criteria other than the hash
      key.
      
      The second purpose is directly contrary to the design specification
      of rhashtable walks.  It is only meant for use by netlink dumps.
      
      This is because rhashtable is resizable and you cannot obtain a
      stable walk over it during a resize process.
      
      In fact mesh's use of rhashtable for dumping is bogus too.  Rather
      than using rhashtable walk's iterator to keep track of the current
      position, it always converts the current position to an integer
      which defeats the purpose of the iterator.
      
      Therefore this patch converts all uses of rhashtable walk into a
      simple linked list.
      
      This patch also adds a new spin lock to protect the hash table
      insertion/removal as well as the walk list modifications.  In fact
      the previous code was buggy as the removals can race with each
      other, potentially resulting in a double-free.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      b4c3fbe6