1. 03 6月, 2017 7 次提交
  2. 02 6月, 2017 12 次提交
  3. 01 6月, 2017 8 次提交
  4. 31 5月, 2017 9 次提交
  5. 30 5月, 2017 2 次提交
    • J
      mac80211: fix TX aggregation start/stop callback race · 7a7c0a64
      Johannes Berg 提交于
      When starting or stopping an aggregation session, one of the steps
      is that the driver calls back to mac80211 that the start/stop can
      proceed. This is handled by queueing up a fake SKB and processing
      it from the normal iface/sdata work. Since this isn't flushed when
      disassociating, the following race is possible:
      
       * associate
       * start aggregation session
       * driver callback
       * disassociate
       * associate again to the same AP
       * callback processing runs, leading to a WARN_ON() that
         the TID hadn't requested aggregation
      
      If the second association isn't to the same AP, there would only
      be a message printed ("Could not find station: <addr>"), but the
      same race could happen.
      
      Fix this by not going the whole detour with a fake SKB etc. but
      simply looking up the aggregation session in the driver callback,
      marking it with a START_CB/STOP_CB bit and then scheduling the
      regular aggregation work that will now process these bits as well.
      This also simplifies the code and gets rid of the whole problem
      with allocation failures of said skb, which could have left the
      session in limbo.
      Reported-by: NJouni Malinen <j@w1.fi>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      7a7c0a64
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 468b0df6
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree,
      they are:
      
      1) Conntrack SCTP CRC32c checksum mangling may operate on non-linear
         skbuff, patch from Davide Caratti.
      
      2) nf_tables rb-tree set backend does not handle element re-addition
         after deletion in the same transaction, leading to infinite loop.
      
      3) Atomically unclear the IPS_SRC_NAT_DONE_BIT on nat module removal,
         from Liping Zhang.
      
      4) Conntrack hashtable resizing while ctnetlink dump is progress leads
         to a dead reference to released objects in the lists, also from
         Liping.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      468b0df6
  6. 28 5月, 2017 2 次提交