1. 28 9月, 2017 1 次提交
  2. 13 9月, 2017 1 次提交
    • A
      vti: fix NULL dereference in xfrm_input() · 23e9fcfe
      Alexey Kodanev 提交于
      Can be reproduced with LTP tests:
        # icmp-uni-vti.sh -p ah -a sha256 -m tunnel -S fffffffe -k 1 -s 10
      
      IPv4:
        RIP: 0010:xfrm_input+0x7f9/0x870
        ...
        Call Trace:
        <IRQ>
        vti_input+0xaa/0x110 [ip_vti]
        ? skb_free_head+0x21/0x40
        vti_rcv+0x33/0x40 [ip_vti]
        xfrm4_ah_rcv+0x33/0x60
        ip_local_deliver_finish+0x94/0x1e0
        ip_local_deliver+0x6f/0xe0
        ? ip_route_input_noref+0x28/0x50
        ...
      
        # icmp-uni-vti.sh -6 -p ah -a sha256 -m tunnel -S fffffffe -k 1 -s 10
      IPv6:
        RIP: 0010:xfrm_input+0x7f9/0x870
        ...
        Call Trace:
        <IRQ>
        xfrm6_rcv_tnl+0x3c/0x40
        vti6_rcv+0xd5/0xe0 [ip6_vti]
        xfrm6_ah_rcv+0x33/0x60
        ip6_input_finish+0xee/0x460
        ip6_input+0x3f/0xb0
        ip6_rcv_finish+0x45/0xa0
        ipv6_rcv+0x34b/0x540
      
      xfrm_input() invokes xfrm_rcv_cb() -> vti_rcv_cb(), the last callback
      might call skb_scrub_packet(), which in turn can reset secpath.
      
      Fix it by adding a check that skb->sp is not NULL.
      
      Fixes: 7e9e9202 ("xfrm: Clear RX SKB secpath xfrm_offload")
      Signed-off-by: NAlexey Kodanev <alexey.kodanev@oracle.com>
      Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com>
      23e9fcfe
  3. 11 9月, 2017 2 次提交
  4. 10 9月, 2017 7 次提交
    • D
      net: qualcomm: rmnet: Fix a double free · 1f4f554a
      Dan Carpenter 提交于
      There is a typo here so we accidentally free "skb" instead of "skbn".
      It leads to a double free and a leak.  After discussing with Subash,
      it's better to just move the check before the allocation and avoid the
      need to free.
      
      Fixes: ceed73a2 ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation")
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: NSubash Abhinov Kasiviswanathan <subashab@codeaurora.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1f4f554a
    • L
      Merge tag 'nfsd-4.14' of git://linux-nfs.org/~bfields/linux · ad9a19d0
      Linus Torvalds 提交于
      Pull nfsd updates from Bruce Fields:
       "More RDMA work and some op-structure constification from Chuck Lever,
        and a small cleanup to our xdr encoding"
      
      * tag 'nfsd-4.14' of git://linux-nfs.org/~bfields/linux:
        svcrdma: Estimate Send Queue depth properly
        rdma core: Add rdma_rw_mr_payload()
        svcrdma: Limit RQ depth
        svcrdma: Populate tail iovec when receiving
        nfsd: Incoming xdr_bufs may have content in tail buffer
        svcrdma: Clean up svc_rdma_build_read_chunk()
        sunrpc: Const-ify struct sv_serv_ops
        nfsd: Const-ify NFSv4 encoding and decoding ops arrays
        sunrpc: Const-ify instances of struct svc_xprt_ops
        nfsd4: individual encoders no longer see error cases
        nfsd4: skip encoder in trivial error cases
        nfsd4: define ->op_release for compound ops
        nfsd4: opdesc will be useful outside nfs4proc.c
        nfsd4: move some nfsd4 op definitions to xdr4.h
      ad9a19d0
    • L
      Merge branch 'for-4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 66ba772e
      Linus Torvalds 提交于
      Pull btrfs updates from David Sterba:
       "The changes range through all types: cleanups, core chagnes, sanity
        checks, fixes, other user visible changes, detailed list below:
      
         - deprecated: user transaction ioctl
      
         - mount option ssd does not change allocation alignments
      
         - degraded read-write mount is allowed if all the raid profile
           constraints are met, now based on more accurate check
      
         - defrag: do not reset compression afterwards; the NOCOMPRESS flag
           can be now overriden by defrag
      
         - prep work for better extent reference tracking (related to the
           qgroup slowness with balance)
      
         - prep work for compression heuristics
      
         - memory allocation reductions (may help latencies on a loaded
           system)
      
         - better accounting for io waiting states
      
         - error handling improvements (removed BUGs)
      
         - added more sanity checks for shared refs
      
         - fix readdir vs pagefault deadlock under some circumstances
      
         - fix for 'no-hole' mode, certain combination of compressed and
           inline extents
      
         - send: fix emission of invalid clone operations
      
         - fixup file mode if setting acls fail
      
         - more fixes from fuzzing
      
         - oher cleanups"
      
      * 'for-4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: (104 commits)
        btrfs: submit superblock io with REQ_META and REQ_PRIO
        btrfs: remove unnecessary memory barrier in btrfs_direct_IO
        btrfs: remove superfluous chunk_tree argument from btrfs_alloc_dev_extent
        btrfs: Remove chunk_objectid parameter of btrfs_alloc_dev_extent
        btrfs: pass fs_info to btrfs_del_root instead of tree_root
        Btrfs: add one more sanity check for shared ref type
        Btrfs: remove BUG_ON in __add_tree_block
        Btrfs: remove BUG() in add_data_reference
        Btrfs: remove BUG() in print_extent_item
        Btrfs: remove BUG() in btrfs_extent_inline_ref_size
        Btrfs: convert to use btrfs_get_extent_inline_ref_type
        Btrfs: add a helper to retrive extent inline ref type
        btrfs: scrub: simplify scrub worker initialization
        btrfs: scrub: clean up division in scrub_find_csum
        btrfs: scrub: clean up division in __scrub_mark_bitmap
        btrfs: scrub: use bool for flush_all_writes
        btrfs: preserve i_mode if __btrfs_set_acl() fails
        btrfs: Remove extraneous chunk_objectid variable
        btrfs: Remove chunk_objectid argument from btrfs_make_block_group
        btrfs: Remove extra parentheses from condition in copy_items()
        ...
      66ba772e
    • L
      Merge branch 'for-4.14/block-postmerge' of git://git.kernel.dk/linux-block · 126e76ff
      Linus Torvalds 提交于
      Pull followup block layer updates from Jens Axboe:
       "I ended up splitting the main pull request for this series into two,
        mainly because of clashes between NVMe fixes that went into 4.13 after
        the for-4.14 branches were split off. This pull request is mostly
        NVMe, but not exclusively. In detail, it contains:
      
         - Two pull request for NVMe changes from Christoph. Nothing new on
           the feature front, basically just fixes all over the map for the
           core bits, transport, rdma, etc.
      
         - Series from Bart, cleaning up various bits in the BFQ scheduler.
      
         - Series of bcache fixes, which has been lingering for a release or
           two. Coly sent this in, but patches from various people in this
           area.
      
         - Set of patches for BFQ from Paolo himself, updating both
           documentation and fixing some corner cases in performance.
      
         - Series from Omar, attempting to now get the 4k loop support
           correct. Our confidence level is higher this time.
      
         - Series from Shaohua for loop as well, improving O_DIRECT
           performance and fixing a use-after-free"
      
      * 'for-4.14/block-postmerge' of git://git.kernel.dk/linux-block: (74 commits)
        bcache: initialize dirty stripes in flash_dev_run()
        loop: set physical block size to logical block size
        bcache: fix bch_hprint crash and improve output
        bcache: Update continue_at() documentation
        bcache: silence static checker warning
        bcache: fix for gc and write-back race
        bcache: increase the number of open buckets
        bcache: Correct return value for sysfs attach errors
        bcache: correct cache_dirty_target in __update_writeback_rate()
        bcache: gc does not work when triggering by manual command
        bcache: Don't reinvent the wheel but use existing llist API
        bcache: do not subtract sectors_to_gc for bypassed IO
        bcache: fix sequential large write IO bypass
        bcache: Fix leak of bdev reference
        block/loop: remove unused field
        block/loop: fix use after free
        bfq: Use icq_to_bic() consistently
        bfq: Suppress compiler warnings about comparisons
        bfq: Check kstrtoul() return value
        bfq: Declare local functions static
        ...
      126e76ff
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · fbd01410
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
       "The iwlwifi firmware compat fix is in here as well as some other
        stuff:
      
        1) Fix request socket leak introduced by BPF deadlock fix, from Eric
           Dumazet.
      
        2) Fix VLAN handling with TXQs in mac80211, from Johannes Berg.
      
        3) Missing __qdisc_drop conversions in prio and qfq schedulers, from
           Gao Feng.
      
        4) Use after free in netlink nlk groups handling, from Xin Long.
      
        5) Handle MTU update properly in ipv6 gre tunnels, from Xin Long.
      
        6) Fix leak of ipv6 fib tables on netns teardown, from Sabrina Dubroca
           with follow-on fix from Eric Dumazet.
      
        7) Need RCU and preemption disabled during generic XDP data patch,
           from John Fastabend"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (54 commits)
        bpf: make error reporting in bpf_warn_invalid_xdp_action more clear
        Revert "mdio_bus: Remove unneeded gpiod NULL check"
        bpf: devmap, use cond_resched instead of cpu_relax
        bpf: add support for sockmap detach programs
        net: rcu lock and preempt disable missing around generic xdp
        bpf: don't select potentially stale ri->map from buggy xdp progs
        net: tulip: Constify tulip_tbl
        net: ethernet: ti: netcp_core: no need in netif_napi_del
        davicom: Display proper debug level up to 6
        net: phy: sfp: rename dt properties to match the binding
        dt-binding: net: sfp binding documentation
        dt-bindings: add SFF vendor prefix
        dt-bindings: net: don't confuse with generic PHY property
        ip6_tunnel: fix setting hop_limit value for ipv6 tunnel
        ip_tunnel: fix setting ttl and tos value in collect_md mode
        ipv6: fix typo in fib6_net_exit()
        tcp: fix a request socket leak
        sctp: fix missing wake ups in some situations
        netfilter: xt_hashlimit: fix build error caused by 64bit division
        netfilter: xt_hashlimit: alloc hashtable with right size
        ...
      fbd01410
    • L
      Merge branch 'akpm' (patches from Andrew) · fbf4432f
      Linus Torvalds 提交于
      Merge more updates from Andrew Morton:
      
       - most of the rest of MM
      
       - a small number of misc things
      
       - lib/ updates
      
       - checkpatch
      
       - autofs updates
      
       - ipc/ updates
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (126 commits)
        ipc: optimize semget/shmget/msgget for lots of keys
        ipc/sem: play nicer with large nsops allocations
        ipc/sem: drop sem_checkid helper
        ipc: convert kern_ipc_perm.refcount from atomic_t to refcount_t
        ipc: convert sem_undo_list.refcnt from atomic_t to refcount_t
        ipc: convert ipc_namespace.count from atomic_t to refcount_t
        kcov: support compat processes
        sh: defconfig: cleanup from old Kconfig options
        mn10300: defconfig: cleanup from old Kconfig options
        m32r: defconfig: cleanup from old Kconfig options
        drivers/pps: use surrounding "if PPS" to remove numerous dependency checks
        drivers/pps: aesthetic tweaks to PPS-related content
        cpumask: make cpumask_next() out-of-line
        kmod: move #ifdef CONFIG_MODULES wrapper to Makefile
        kmod: split off umh headers into its own file
        MAINTAINERS: clarify kmod is just a kernel module loader
        kmod: split out umh code into its own file
        test_kmod: flip INT checks to be consistent
        test_kmod: remove paranoid UINT_MAX check on uint range processing
        vfat: deduplicate hex2bin()
        ...
      fbf4432f
    • L
      remove gperf left-overs from build system · c054be10
      Linus Torvalds 提交于
      I removed all the gperf use, but not the Makefile rules.  Sam Ravnborg
      says I get bonus points for cleaning this up.  I'll hold him to it.
      Requested-by: NSam Ravnborg <sam@ravnborg.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      c054be10
  5. 09 9月, 2017 29 次提交