- 13 7月, 2016 5 次提交
-
-
由 David S. Miller 提交于
Florian Fainelli says: ==================== net: ethoc: Error path and transmit fixes This patch series contains two patches for the ethoc driver while testing on a TS-7300 board where ethoc is provided by an on-board FPGA. First patch was cooked after chasing crashes with invalid resources passed to the driver. Second patch was cooked after seeing that an interface configured with IP 192.168.2.2 was sending ARP packets for 192.168.0.0, no wonder why it could not work. I don't have access to any other platform using an ethoc interface so it could be good to some testing on Xtensa for instance. Changes in v3: - corrected the error path if skb_put_padto() fails, thanks to Max for spotting this! Changes in v2: - fixed the first commit message ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Florian Fainelli 提交于
Even though the hardware can be doing zero padding, we want the SKB to be going out on the wire with the appropriate size. This fixes packet truncations observed with e.g: ARP packets. Signed-off-by: NFlorian Fainelli <f.fainelli@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Florian Fainelli 提交于
In case any operation fails before we can successfully go the point where we would register a MDIO bus, we would be going to an error label which involves unregistering then freeing this yet to be created MDIO bus. Update all error paths to go to label free which is the only one valid until either the clock is enabled, or the MDIO bus is allocated and registered. This fixes kernel oops observed while trying to dereference the MDIO bus structure which is not yet allocated. Fixes: a1702857 ("net: Add support for the OpenCores 10/100 Mbps Ethernet MAC.") Signed-off-by: NFlorian Fainelli <f.fainelli@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Noam Camus 提交于
During commit b54b8c2d ("net: ezchip: adapt driver to little endian architecture") adapting to little endian architecture, zeroing of controller was left out. Signed-off-by: NElad Kanfi <eladkan@mellanox.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf由 David S. Miller 提交于
Pablo Neira Ayuso says: ==================== Netfilter/IPVS fixes for net The following patchset contains Netfilter/IPVS fixes for your net tree. they are: 1) Fix leak in the error path of nft_expr_init(), from Liping Zhang. 2) Tracing from nf_tables cannot be disabled, also from Zhang. 3) Fix an integer overflow on 32bit archs when setting the number of hashtable buckets, from Florian Westphal. 4) Fix configuration of ipvs sync in backup mode with IPv6 address, from Quentin Armitage via Simon Horman. 5) Fix incorrect timeout calculation in nft_ct NFT_CT_EXPIRATION, from Florian Westphal. 6) Skip clash resolution in conntrack insertion races if NAT is in place. ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 12 7月, 2016 12 次提交
-
-
由 Pablo Neira Ayuso 提交于
The clash resolution is not easy to apply if the NAT table is registered. Even if no NAT rules are installed, the nul-binding ensures that a unique tuple is used, thus, the packet that loses race gets a different source port number, as described by: http://marc.info/?l=netfilter-devel&m=146818011604484&w=2 Clash resolution with NAT is also problematic if addresses/port range ports are used since the conntrack that wins race may describe a different mangling that we may have earlier applied to the packet via nf_nat_setup_info(). Fixes: 71d8c47f ("netfilter: conntrack: introduce clash resolution on insertion race") Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Tested-by: NMarc Dionne <marc.c.dionne@gmail.com>
-
由 David S. Miller 提交于
Jon Maloy says: ==================== tipc: three small fixes Fixes for some broadcast link problems that may occur in large systems. ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jon Paul Maloy 提交于
In test situations with many nodes and a heavily stressed system we have observed that the transmission broadcast link may fail due to an excessive number of retransmissions of the same packet. In such situations we need to reset all unicast links to all peers, in order to reset and re-synchronize the broadcast link. In this commit, we add a new function tipc_bearer_reset_all() to be used in such situations. The function scans across all bearers and resets all their pertaining links. Acked-by: NYing Xue <ying.xue@windriver.com> Signed-off-by: NJon Maloy <jon.maloy@ericsson.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jon Paul Maloy 提交于
After a new receiver peer has been added to the broadcast transmission link, we allow immediate transmission of new broadcast packets, trusting that the new peer will not accept the packets until it has received the previously sent unicast broadcast initialiation message. In the same way, the sender must not accept any acknowledges until it has itself received the broadcast initialization from the peer, as well as confirmation of the reception of its own initialization message. Furthermore, when a receiver peer goes down, the sender has to produce the missing acknowledges from the lost peer locally, in order ensure correct release of the buffers that were expected to be acknowledged by the said peer. In a highly stressed system we have observed that contact with a peer may come up and be lost before the above mentioned broadcast initial- ization and confirmation have been received. This leads to the locally produced acknowledges being rejected, and the non-acknowledged buffers to linger in the broadcast link transmission queue until it fills up and the link goes into permanent congestion. In this commit, we remedy this by temporarily setting the corresponding broadcast receive link state to ESTABLISHED and the 'bc_peer_is_up' state to true before we issue the local acknowledges. This ensures that those acknowledges will always be accepted. The mentioned state values are restored immediately afterwards when the link is reset. Acked-by: NYing Xue <ying.xue@windriver.com> Signed-off-by: NJon Maloy <jon.maloy@ericsson.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jon Paul Maloy 提交于
At first contact between two nodes, an endpoint might sometimes have time to send out a LINK_PROTOCOL/STATE packet before it has received the broadcast initialization packet from the peer, i.e., before it has received a valid broadcast packet number to add to the 'bc_ack' field of the protocol message. This means that the peer endpoint will receive a protocol packet with an invalid broadcast acknowledge value of 0. Under unlucky circumstances this may lead to the original, already received acknowledge value being overwritten, so that the whole broadcast link goes stale after a while. We fix this by delaying the setting of the link field 'bc_peer_is_up' until we know that the peer really has received our own broadcast initialization message. The latter is always sent out as the first unicast message on a link, and always with seqeunce number 1. Because of this, we only need to look for a non-zero unicast acknowledge value in the arriving STATE messages, and once that is confirmed we know we are safe and can set the mentioned field. Before this moment, we must ignore all broadcast acknowledges from the peer. Acked-by: NYing Xue <ying.xue@windriver.com> Signed-off-by: NJon Maloy <jon.maloy@ericsson.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Mario Limonciello 提交于
The RTL8153-AD supports a persistent system specific MAC address. This means a device plugged into two different systems with host side support will show different (but persistent) MAC addresses. This information for the system's persistent MAC address is burned in when the system HW is built and available under \_SB.AMAC in the DSDT at runtime. This technology is currently implemented in the Dell TB15 and WD15 Type-C docks. More information is available here: http://www.dell.com/support/article/us/en/04/SLN301147Signed-off-by: NMario Limonciello <mario_limonciello@dell.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Soheil Hassas Yeganeh 提交于
Sergei Trofimovich reported that pulse audio sends SCM_CREDENTIALS as a control message to TCP. Since __sock_cmsg_send does not support SCM_RIGHTS and SCM_CREDENTIALS, it returns an error and hence breaks pulse audio over TCP. SCM_RIGHTS and SCM_CREDENTIALS are sent on the SOL_SOCKET layer but they semantically belong to SOL_UNIX. Since all cmsg-processing functions including sock_cmsg_send ignore control messages of other layers, it is best to ignore SCM_RIGHTS and SCM_CREDENTIALS for consistency (and also for fixing pulse audio over TCP). Fixes: c14ac945 ("sock: enable timestamping using control messages") Signed-off-by: NSoheil Hassas Yeganeh <soheil@google.com> Reported-by: NSergei Trofimovich <slyfox@gentoo.org> Tested-by: NSergei Trofimovich <slyfox@gentoo.org> Cc: Eric Dumazet <edumazet@google.com> Cc: Willem de Bruijn <willemb@google.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Julian Anastasov 提交于
Vegard Nossum is reporting for a crash in fib_dump_info when nh_dev = NULL and fib_nhs == 1: Pid: 50, comm: netlink.exe Not tainted 4.7.0-rc5+ RIP: 0033:[<00000000602b3d18>] RSP: 0000000062623890 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 000000006261b800 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000024 RDI: 000000006245ba00 RBP: 00000000626238f0 R08: 000000000000029c R09: 0000000000000000 R10: 0000000062468038 R11: 000000006245ba00 R12: 000000006245ba00 R13: 00000000625f96c0 R14: 00000000601e16f0 R15: 0000000000000000 Kernel panic - not syncing: Kernel mode fault at addr 0x2e0, ip 0x602b3d18 CPU: 0 PID: 50 Comm: netlink.exe Not tainted 4.7.0-rc5+ #581 Stack: 626238f0 960226a02 00000400 000000fe 62623910 600afca7 62623970 62623a48 62468038 00000018 00000000 00000000 Call Trace: [<602b3e93>] rtmsg_fib+0xd3/0x190 [<602b6680>] fib_table_insert+0x260/0x500 [<602b0e5d>] inet_rtm_newroute+0x4d/0x60 [<60250def>] rtnetlink_rcv_msg+0x8f/0x270 [<60267079>] netlink_rcv_skb+0xc9/0xe0 [<60250d4b>] rtnetlink_rcv+0x3b/0x50 [<60265400>] netlink_unicast+0x1a0/0x2c0 [<60265e47>] netlink_sendmsg+0x3f7/0x470 [<6021dc9a>] sock_sendmsg+0x3a/0x90 [<6021e0d0>] ___sys_sendmsg+0x300/0x360 [<6021fa64>] __sys_sendmsg+0x54/0xa0 [<6021fac0>] SyS_sendmsg+0x10/0x20 [<6001ea68>] handle_syscall+0x88/0x90 [<600295fd>] userspace+0x3fd/0x500 [<6001ac55>] fork_handler+0x85/0x90 $ addr2line -e vmlinux -i 0x602b3d18 include/linux/inetdevice.h:222 net/ipv4/fib_semantics.c:1264 Problem happens when RTNH_F_LINKDOWN is provided from user space when creating routes that do not use the flag, catched with netlink fuzzer. Currently, the kernel allows user space to set both flags to nh_flags and fib_flags but this is not intentional, the assumption was that they are not set. Fix this by rejecting both flags with EINVAL. Reported-by: NVegard Nossum <vegard.nossum@oracle.com> Fixes: 0eeb075f ("net: ipv4 sysctl option to ignore routes when nexthop link is down") Signed-off-by: NJulian Anastasov <ja@ssi.bg> Cc: Andy Gospodarek <gospo@cumulusnetworks.com> Cc: Dinesh Dutt <ddutt@cumulusnetworks.com> Cc: Scott Feldman <sfeldma@gmail.com> Reviewed-by: NAndy Gospodarek <gospo@cumulusnetworks.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
Yue Cao claims that current host rate limiting of challenge ACKS (RFC 5961) could leak enough information to allow a patient attacker to hijack TCP sessions. He will soon provide details in an academic paper. This patch increases the default limit from 100 to 1000, and adds some randomization so that the attacker can no longer hijack sessions without spending a considerable amount of probes. Based on initial analysis and patch from Linus. Note that we also have per socket rate limiting, so it is tempting to remove the host limit in the future. v2: randomize the count of challenge acks per second, not the period. Fixes: 282f23c6 ("tcp: implement RFC 5961 3.2") Reported-by: NYue Cao <ycao009@ucr.edu> Signed-off-by: NEric Dumazet <edumazet@google.com> Suggested-by: NLinus Torvalds <torvalds@linux-foundation.org> Cc: Yuchung Cheng <ycheng@google.com> Cc: Neal Cardwell <ncardwell@google.com> Acked-by: NNeal Cardwell <ncardwell@google.com> Acked-by: NYuchung Cheng <ycheng@google.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Michal Kubeček 提交于
If socket filter truncates an udp packet below the length of UDP header in udpv6_queue_rcv_skb() or udp_queue_rcv_skb(), it will trigger a BUG_ON in skb_pull_rcsum(). This BUG_ON (and therefore a system crash if kernel is configured that way) can be easily enforced by an unprivileged user which was reported as CVE-2016-6162. For a reproducer, see http://seclists.org/oss-sec/2016/q3/8 Fixes: e6afc8ac ("udp: remove headers from UDP packets before queueing") Reported-by: NMarco Grassi <marco.gra@gmail.com> Signed-off-by: NMichal Kubecek <mkubecek@suse.cz> Acked-by: NEric Dumazet <edumazet@google.com> Acked-by: NWillem de Bruijn <willemb@google.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Colin Ian King 提交于
rc is not initialized so it can contain garbage if it is not set by the call to bnxt_read_sfp_module_eeprom_info. Ensure garbage is not returned by initializing rc to 0. Signed-off-by: NColin Ian King <colin.king@canonical.com> Acked-by: NMichael Chan <michael.chan@broadcom.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
git://git.open-mesh.org/linux-merge由 David S. Miller 提交于
Simon Wunderlich says: ==================== Here are a couple batman-adv bugfix patches, all by Sven Eckelmann: - Fix possible NULL pointer dereference for vlan_insert_tag (two patches) - Fix reference handling in some features, which may lead to reference leaks or invalid memory access (four patches) - Fix speedy join: DHCP packets handled by the gateway feature should be sent with 4-address unicast instead of 3-address unicast to make speedy join work. This fixes/speeds up DHCP assignment for clients which join a mesh for the first time. (one patch) ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 11 7月, 2016 1 次提交
-
-
https://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs由 Pablo Neira Ayuso 提交于
Simon Horman says: ==================== Second Round of IPVS Fixes for v4.7 The fix from Quentin Armitage allows the backup sync daemon to be bound to a link-local mcast IPv6 address as is already the case for IPv4. ==================== Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
- 10 7月, 2016 6 次提交
-
-
由 Eric Dumazet 提交于
In the prep work I did before enabling BH while handling socket backlog, I missed two points in DCCP : 1) dccp_v4_ctl_send_reset() uses bh_lock_sock(), assuming BH were blocked. It is not anymore always true. 2) dccp_v4_route_skb() was using __IP_INC_STATS() instead of IP_INC_STATS() A similar fix was done for TCP, in commit 47dcc20a ("ipv4: tcp: ip_send_unicast_reply() is not BH safe") Fixes: 7309f882 ("dccp: do not assume DCCP code is non preemptible") Fixes: 5413d1ba ("net: do not block BH while processing socket backlog") Signed-off-by: NEric Dumazet <edumazet@google.com> Reported-by: NDmitry Vyukov <dvyukov@google.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 David S. Miller 提交于
Thomas Falcon says: ==================== ibmvnic driver bugfixes and improvements Miscellaneous fixes and improvements on the ibmvnic driver. ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Thomas Falcon 提交于
In some cases, if there is no VNIC server available during the driver probe, the driver should wait until it receives an initialization request from the VNIC Server to start the login process. Recent testing has show that this is incorrectly handled in the current driver. The proposed solution handles this initialization request by scheduling a task in the shared workqueue that completes the login process and registers the net device. Signed-off-by: NThomas Falcon <tlfalcon@linux.vnet.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Thomas Falcon 提交于
This patch creates a function that handles sub-CRQ IRQ creation separately from sub-CRQ initialization. Another function is then needed to release sub-CRQ resources prior to sub-CRQ IRQ creation. These additions allow the driver probe function to be simplified, specifically during the VNIC Server login process. A timeout is also included while waiting for completion of the login process in case the VNIC Server is not available or some other error occurs. Signed-off-by: NThomas Falcon <tlfalcon@linux.vnet.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Thomas Falcon 提交于
IRQ mappings were not being properly disposed when releasing sub-CRQ's. Signed-off-by: NThomas Falcon <tlfalcon@linux.vnet.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Thomas Falcon 提交于
Since ibmvnic uses multiple tx queues, start and stop all queues when opening and closing devices. Signed-off-by: NThomas Falcon <tlfalcon@linux.vnet.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 09 7月, 2016 4 次提交
-
-
由 David S. Miller 提交于
Merge tag 'mac80211-for-davem-2016-07-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Two more fixes: * handle allocation failures in new(ish) A-MSDU decapsulation * don't leak memory on nl80211 ACL parse errors ==================== Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 hayeswang 提交于
The LAN_WAKE_EN is not used to determine if the device could support WOL. It is used to signal a GPIO pin when a WOL event occurs. The WOL still works even though it is disabled. Signed-off-by: NHayes Wang <hayeswang@realtek.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 WANG Cong 提交于
Matt reported that we have a NULL pointer dereference in ppp_pernet() from ppp_connect_channel(), i.e. pch->chan_net is NULL. This is due to that a parallel ppp_unregister_channel() could happen while we are in ppp_connect_channel(), during which pch->chan_net set to NULL. Since we need a reference to net per channel, it makes sense to sync the refcnt with the life time of the channel, therefore we should release this reference when we destroy it. Fixes: 1f461dcd ("ppp: take reference on channels netns") Reported-by: NMatt Bennett <Matt.Bennett@alliedtelesis.co.nz> Cc: Paul Mackerras <paulus@samba.org> Cc: linux-ppp@vger.kernel.org Cc: Guillaume Nault <g.nault@alphalink.fr> Cc: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com> Reviewed-by: NCyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Dmitri Epshtein 提交于
Commit aebea2ba ("net: mvneta: fix Tx interrupt delay") intended to set coalescing threshold to a value guaranteeing interrupt generation per each sent packet, so that buffers can be released with no delay. In fact setting threshold to '1' was wrong, because it causes interrupt every two packets. According to the documentation a reason behind it is following - interrupt occurs once sent buffers counter reaches a value, which is higher than one specified in MVNETA_TXQ_SIZE_REG(q). This behavior was confirmed during tests. Also when testing the SoC working as a NAS device, better performance was observed with int-per-packet, as it strongly depends on the fact that all transmitted packets are released immediately. This commit enables NETA controller work in interrupt per sent packet mode by setting coalescing threshold to 0. Signed-off-by: NDmitri Epshtein <dima@marvell.com> Signed-off-by: NMarcin Wojtas <mw@semihalf.com> Cc: <stable@vger.kernel.org> # v3.10+ Fixes aebea2ba ("net: mvneta: fix Tx interrupt delay") Acked-by: NWilly Tarreau <w@1wt.eu> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 08 7月, 2016 2 次提交
-
-
由 Florian Westphal 提交于
We need to compute timeout.expires - jiffies, not the other way around. Add a helper, another patch can then later change more places in conntrack code where we currently open-code this. Will allow us to only change one place later when we remove per-ct timer. Signed-off-by: NFlorian Westphal <fw@strlen.de> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
-
由 Quentin Armitage 提交于
When using HEAD from https://git.kernel.org/cgit/utils/kernel/ipvsadm/ipvsadm.git/, the command: ipvsadm --start-daemon backup --mcast-interface eth0.60 \ --mcast-group ff02::1:81 fails with the error message: Argument list too long whereas both: ipvsadm --start-daemon master --mcast-interface eth0.60 \ --mcast-group ff02::1:81 and: ipvsadm --start-daemon backup --mcast-interface eth0.60 \ --mcast-group 224.0.0.81 are successful. The error message "Argument list too long" isn't helpful. The error occurs because an IPv6 address is given in backup mode. The error is in make_receive_sock() in net/netfilter/ipvs/ip_vs_sync.c, since it fails to set the interface on the address or the socket before calling inet6_bind() (via sock->ops->bind), where the test 'if (!sk->sk_bound_dev_if)' failed. Setting sock->sk->sk_bound_dev_if on the socket before calling inet6_bind() resolves the issue. Fixes: d3328817 ("ipvs: add more mcast parameters for the sync daemon") Signed-off-by: NQuentin Armitage <quentin@armitage.org.uk> Acked-by: NJulian Anastasov <ja@ssi.bg> Signed-off-by: NSimon Horman <horms@verge.net.au>
-
- 07 7月, 2016 3 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net由 Linus Torvalds 提交于
Pull networking fixes from David Miller: 1) All users of AF_PACKET's fanout feature want a symmetric packet header hash for load balancing purposes, so give it to them. 2) Fix vlan state synchronization in e1000e, from Jarod Wilson. 3) Use correct socket pointer in ip_skb_dst_mtu(), from Shmulik Ladkani. 4) mlx5 bug fixes from Mohamad Haj Yahia, Daniel Jurgens, Matthew Finlay, Rana Shahout, and Shaker Daibes. Mostly to do with operation timeouts and PCI error handling. 5) Fix checksum handling in mirred packet action, from WANG Cong. 6) Set skb->dev correctly when transmitting in !protect_frames case of macsec driver, from Daniel Borkmann. 7) Fix MTU calculation in geneve driver, from Haishuang Yan. 8) Missing netif_napi_del() in unregister path of qeth driver, from Ursula Braun. 9) Handle malformed route netlink messages in decnet properly, from Vergard Nossum. 10) Memory leak of percpu data in ipv6 routing code, from Martin KaFai Lau. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (41 commits) ipv6: Fix mem leak in rt6i_pcpu net: fix decnet rtnexthop parsing cxgb4: update latest firmware version supported net/mlx5: Avoid setting unused var when modifying vport node GUID bonding: fix enslavement slave link notifications r8152: fix runtime function for RTL8152 qeth: delete napi struct when removing a qeth device Revert "fsl/fman: fix error handling" fsl/fman: fix error handling cdc_ncm: workaround for EM7455 "silent" data interface RDS: fix rds_tcp_init() error path geneve: fix max_mtu setting net: phy: dp83867: Fix initialization of PHYCR register enc28j60: Fix race condition in enc28j60 driver net: stmmac: Fix null-function call in ISR on stmmac1000 tipc: fix nl compat regression for link statistics net: bcmsysport: Device stats are unsigned long macsec: set actual real device for xmit when !protect_frames net_sched: fix mirrored packets checksum packet: Use symmetric hash for PACKET_FANOUT_HASH. ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound由 Linus Torvalds 提交于
Pull sound fixes from Takashi Iwai: "Here are a collection of small fixes: at this time, we've got a slightly high amount, but all small and trivial fixes, and nothing scary can be seen there" * tag 'sound-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (21 commits) ALSA: hda/realtek: Add Lenovo L460 to docking unit fixup ALSA: timer: Fix negative queue usage by racy accesses ASoC: rt5645: fix reg-2f default value. ASoC: fsl_ssi: Fix number of words per frame for I2S-slave mode ALSA: au88x0: Fix calculation in vortex_wtdma_bufshift() ALSA: hda - Add PCI ID for Kabylake-H ALSA: echoaudio: Fix memory allocation ASoC: Intel: atom: fix missing breaks that would cause the wrong operation to execute ALSA: hda - fix read before array start ASoC: cx20442: set tty->receiver_room in v253_open ASoC: ak4613: Enable cache usage to fix crashes on resume ASoC: wm8940: Enable cache usage to fix crashes on resume ASoC: Intel: Skylake: Initialize module list for Broxton ASoC: wm5102: Correct supported channels on trace compressed DAI ASoC: wm5110: Add missing route from OUT3R to SYSCLK ASoC: rt5670: fix HP Playback Volume control ASoC: hdmi-codec: select CONFIG_HDMI ASoC: davinci-mcasp: Fix dra7 DMA offset when using CFG port ASoC: hdac_hdmi: Fix potential NULL dereference ASoC: ak4613: Remove owner assignment from platform_driver ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/olof/chrome-platform由 Linus Torvalds 提交于
Pull chrome platform fix from Olof Johansson: "A single fix this time, closing a window where ioctl args are fetched twice" * tag 'chrome-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/olof/chrome-platform: platform/chrome: cros_ec_dev - double fetch bug in ioctl
-
- 06 7月, 2016 7 次提交
-
-
由 Sven Eckelmann 提交于
Speedy join only works when the received packet is either broadcast or an 4addr unicast packet. Thus packets converted from broadcast to unicast via the gateway handling code have to be converted to 4addr packets to allow the receiving gateway server to add the sender address as temporary entry to the translation table. Not doing it will make the batman-adv gateway server drop the DHCP response in many situations because it doesn't yet have the TT entry for the destination of the DHCP response. Fixes: 37135173 ("batman-adv: change interface_rx to get orig node") Signed-off-by: NSven Eckelmann <sven@narfation.org> Acked-by: NAntonio Quartulli <a@unstable.cc> Signed-off-by: NMarek Lindner <mareklindner@neomailbox.ch> Signed-off-by: NSimon Wunderlich <sw@simonwunderlich.de>
-
由 Gregory Greenman 提交于
Handle the case when dev_alloc_skb returns NULL. Cc: stable@vger.kernel.org Fixes: 2b67f944 ("cfg80211: reuse existing page fragments in A-MSDU rx") Signed-off-by: NGregory Greenman <gregory.greenman@intel.com> Signed-off-by: NLuca Coelho <luciano.coelho@intel.com> Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
-
由 Purushottam Kushwaha 提交于
No support for pbss results in a memory leak for the acl_data (if parse_acl_data succeeds). Fix this by moving the ACL parsing later. Cc: stable@vger.kernel.org Fixes: 34d50519 ("cfg80211: basic support for PBSS network type") Signed-off-by: NPurushottam Kushwaha <pkushwah@qti.qualcomm.com> Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
-
由 Martin KaFai Lau 提交于
It was first reported and reproduced by Petr (thanks!) in https://bugzilla.kernel.org/show_bug.cgi?id=119581 free_percpu(rt->rt6i_pcpu) used to always happen in ip6_dst_destroy(). However, after fixing a deadlock bug in commit 9c7370a1 ("ipv6: Fix a potential deadlock when creating pcpu rt"), free_percpu() is not called before setting non_pcpu_rt->rt6i_pcpu to NULL. It is worth to note that rt6i_pcpu is protected by table->tb6_lock. kmemleak somehow did not report it. We nailed it down by observing the pcpu entries in /proc/vmallocinfo (first suggested by Hannes, thanks!). Signed-off-by: NMartin KaFai Lau <kafai@fb.com> Fixes: 9c7370a1 ("ipv6: Fix a potential deadlock when creating pcpu rt") Reported-by: NPetr Novopashenniy <pety@rusnet.ru> Tested-by: NPetr Novopashenniy <pety@rusnet.ru> Acked-by: NHannes Frederic Sowa <hannes@stressinduktion.org> Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Cc: Petr Novopashenniy <pety@rusnet.ru> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Vegard Nossum 提交于
dn_fib_count_nhs() could enter an infinite loop if nhp->rtnh_len == 0 (i.e. if userspace passes a malformed netlink message). Let's use the helpers from net/nexthop.h which take care of all this stuff. We can do exactly the same as e.g. fib_count_nexthops() and fib_get_nhs() from net/ipv4/fib_semantics.c. This fixes the softlockup for me. Cc: Thomas Graf <tgraf@suug.ch> Signed-off-by: NVegard Nossum <vegard.nossum@oracle.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Dan Carpenter 提交于
We verify "u_cmd.outsize" and "u_cmd.insize" but we need to make sure that those values have not changed between the two copy_from_user() calls. Otherwise it could lead to a buffer overflow. Additionally, cros_ec_cmd_xfer() can set s_cmd->insize to a lower value. We should use the new smaller value so we don't copy too much data to the user. Reported-by: NPengfei Wang <wpengfeinudt@gmail.com> Fixes: a8411784 ('mfd: cros_ec: Use a zero-length array for command data') Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Reviewed-by: NKees Cook <keescook@chromium.org> Tested-by: NGwendal Grignou <gwendal@chromium.org> Cc: <stable@vger.kernel.org> # v4.2+ Signed-off-by: NOlof Johansson <olof@lixom.net>
-
由 Ganesh Goudar 提交于
Change t4fw_version.h to update latest firmware version number Signed-off-by: NGanesh Goudar <ganeshgr@chelsio.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-