1. 22 Apr, 2014 24 commits
  2. 17 Apr, 2014 1 commit
  3. 16 Apr, 2014 15 commits
    • Kees Cook's avatar
      seccomp: fix memory leak on filter attach · 0acf07d2
      Kees Cook authored
      This sets the correct error code when final filter memory is unavailable,
      and frees the raw filter no matter what.
      
      unreferenced object 0xffff8800d6ea4000 (size 512):
        comm "sshd", pid 278, jiffies 4294898315 (age 46.653s)
        hex dump (first 32 bytes):
          21 00 00 00 04 00 00 00 15 00 01 00 3e 00 00 c0  !...........>...
          06 00 00 00 00 00 00 00 21 00 00 00 00 00 00 00  ........!.......
        backtrace:
          [<ffffffff8151414e>] kmemleak_alloc+0x4e/0xb0
          [<ffffffff811a3a40>] __kmalloc+0x280/0x320
          [<ffffffff8110842e>] prctl_set_seccomp+0x11e/0x3b0
          [<ffffffff8107bb6b>] SyS_prctl+0x3bb/0x4a0
          [<ffffffff8152ef2d>] system_call_fastpath+0x1a/0x1f
          [<ffffffffffffffff>] 0xffffffffffffffff
      Reported-by: default avatarMasami Ichikawa <masami256@gmail.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Tested-by: default avatarMasami Ichikawa <masami256@gmail.com>
      Acked-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0acf07d2
    • Dan Carpenter's avatar
      isdn: icn: buffer overflow in icn_command() · b7a31405
      Dan Carpenter authored
      This buffer over was detected using static analysis:
      
      	drivers/isdn/icn/icn.c:1325 icn_command()
      	error: format string overflow. buf_size: 60 length: 98
      
      The calculation for the length of the string is off because it assumes
      that the dial[] buffer holds a 50 character string, but actually it is
      at most 31 characters and NUL.  I have removed the dial[] buffer because
      it isn't needed.
      
      The maximum length of the string is actually 79 characters and a NUL.  I
      have made the cbuf[] array large enough to hold it and changed the
      sprintf() to an snprintf() as a further safety enhancement.
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b7a31405
    • Nicolas Dichtel's avatar
      ip6_tunnel: use the right netns in ioctl handler · 74462f0d
      Nicolas Dichtel authored
      Because the netdevice may be in another netns than the i/o netns, we should
      use the i/o netns instead of dev_net(dev).
      Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      74462f0d
    • Nicolas Dichtel's avatar
      sit: use the right netns in ioctl handler · 9aad77c3
      Nicolas Dichtel authored
      Because the netdevice may be in another netns than the i/o netns, we should
      use the i/o netns instead of dev_net(dev).
      
      Note that netdev_priv(dev) cannot bu NULL, hence we can remove these useless
      checks.
      Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9aad77c3
    • Nicolas Dichtel's avatar
      ip_tunnel: use the right netns in ioctl handler · 8c923ce2
      Nicolas Dichtel authored
      Because the netdevice may be in another netns than the i/o netns, we should
      use the i/o netns instead of dev_net(dev).
      
      The variable 'tunnel' was used only to get 'itn', hence to simplify code I
      remove it and use 't' instead.
      Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8c923ce2
    • Jan Glauber's avatar
      net: use SYSCALL_DEFINEx for sys_recv · b7c0ddf5
      Jan Glauber authored
      Make sys_recv a first class citizen by using the SYSCALL_DEFINEx
      macro. Besides being cleaner this will also generate meta data
      for the system call so tracing tools like ftrace or LTTng can
      resolve this system call.
      Signed-off-by: default avatarJan Glauber <jan.glauber@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b7c0ddf5
    • David S. Miller's avatar
      Merge branch 'mdio-gpio' · c3206e6f
      David S. Miller authored
      Guenter Roeck says:
      
      ====================
      net: mdio-gpio enhancements
      
      The following series of patches adds support for active-low gpio pins
      as well as for systems with separate MDI and MDO pins to the mdio-gpio
      driver.
      
      A board using those features is based on a COM Express CPU board.
      The COM Express standard supports GPIO pins on its connector,
      with one caveat: The pins on the connector have fixed direction
      and are hard configured either as input or output pins.
      The COM Express Design Guide [1] provides additional details.
      
      The hardware uses three of the GPO/GPI pins from the COM Express board
      to drive an MDIO bus. Connectivity between GPI/GPO pins and the MDIO bus
      is as follows.
      
      GPI2 --------------------+------------ MDIO
                               |
                  +--------+   |
      GPO2 ---+---G        |   |
              |   |        |   |
             4.7k | 2N7002 D---+
      	|   |        |
      	+---S        |
      	|   +--------+
             GND
      
      GPO1 --------------------------------- MDC
      
      To support this hardware, two extensions to the driver were necessary.
      
      - Due to the FET in the MDO path (GPO2), the MDO signal is inverted.
        The driver therefore has to support active-low GPIO pins.
      
      - The MDIO signal must be separated into MDI and MDO.
      
      Those changes are implemented in patch 2/3 and 3/3.
      Patch 1/3 simplifies the error path and thus the subsequent
      patches.
      
      [1] http://www.picmg.org/pdf/picmg_comdg_100.pdf
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c3206e6f
    • Guenter Roeck's avatar
      net: mdio-gpio: Add support for separate MDI and MDO gpio pins · f1d54c47
      Guenter Roeck authored
      This is for a system with fixed assignments of input and output pins
      (various variants of Kontron COMe).
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f1d54c47
    • Guenter Roeck's avatar
      net: mdio-gpio: Add support for active low gpio pins · 1d251481
      Guenter Roeck authored
      Some systems using mdio-gpio may use active-low gpio pins
      (eg with inverters or FETs connected to all or some of the
      gpio pins).
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1d251481
    • Guenter Roeck's avatar
      net: mdio-gpio: Use devm_ functions where possible · 78cdb079
      Guenter Roeck authored
      This simplifies error path and deinit/removal functions.
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Tested-by: default avatarChris Healy <cphealy@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      78cdb079
    • David S. Miller's avatar
      Merge branch 'fib_validate_loopback' · bc383ea5
      David S. Miller authored
      Cong Wang says:
      
      ====================
      ipv4: fix flowi4_iif for input routing
      
      This patchset fixes ->flowi4_iif for input routing and rp filter,
      based on suggestion from Julian. See per patch for details.
      
      v1 -> v2:
      * merge the first two patches into one
      * fix fib_check_nh() too
      * add this cover letter
      ====================
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarCong Wang <cwang@twopensource.com>
      Reviewed-by: default avatarJulian Anastasov <ja@ssi.bg>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bc383ea5
    • Cong Wang's avatar
      ipv4, route: pass 0 instead of LOOPBACK_IFINDEX to fib_validate_source() · 0d5edc68
      Cong Wang authored
      In my special case, when a packet is redirected from veth0 to lo,
      its skb->dev->ifindex would be LOOPBACK_IFINDEX. Meanwhile we
      pass the hard-coded LOOPBACK_IFINDEX to fib_validate_source()
      in ip_route_input_slow(). This would cause the following check
      in fib_validate_source() fail:
      
                  (dev->ifindex != oif || !IN_DEV_TX_REDIRECTS(idev))
      
      when rp_filter is disabeld on loopback. As suggested by Julian,
      the caller should pass 0 here so that we will not end up by
      calling __fib_validate_source().
      
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: Julian Anastasov <ja@ssi.bg>
      Cc: David S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarCong Wang <cwang@twopensource.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0d5edc68
    • Cong Wang's avatar
      ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif · 6a662719
      Cong Wang authored
      As suggested by Julian:
      
      	Simply, flowi4_iif must not contain 0, it does not
      	look logical to ignore all ip rules with specified iif.
      
      because in fib_rule_match() we do:
      
              if (rule->iifindex && (rule->iifindex != fl->flowi_iif))
                      goto out;
      
      flowi4_iif should be LOOPBACK_IFINDEX by default.
      
      We need to move LOOPBACK_IFINDEX to include/net/flow.h:
      
      1) It is mostly used by flowi_iif
      
      2) Fix the following compile error if we use it in flow.h
      by the patches latter:
      
      In file included from include/linux/netfilter.h:277:0,
                       from include/net/netns/netfilter.h:5,
                       from include/net/net_namespace.h:21,
                       from include/linux/netdevice.h:43,
                       from include/linux/icmpv6.h:12,
                       from include/linux/ipv6.h:61,
                       from include/net/ipv6.h:16,
                       from include/linux/sunrpc/clnt.h:27,
                       from include/linux/nfs_fs.h:30,
                       from init/do_mounts.c:32:
      include/net/flow.h: In function ‘flowi4_init_output’:
      include/net/flow.h:84:32: error: ‘LOOPBACK_IFINDEX’ undeclared (first use in this function)
      
      Cc: Eric Biederman <ebiederm@xmission.com>
      Cc: Julian Anastasov <ja@ssi.bg>
      Cc: David S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarCong Wang <cwang@twopensource.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6a662719
    • Chris Mason's avatar
      mlx4_en: don't use napi_synchronize inside mlx4_en_netpoll · c98235cb
      Chris Mason authored
      The mlx4 driver is triggering schedules while atomic inside
      mlx4_en_netpoll:
      
      	spin_lock_irqsave(&cq->lock, flags);
      	napi_synchronize(&cq->napi);
      		^^^^^ msleep here
      	mlx4_en_process_rx_cq(dev, cq, 0);
      	spin_unlock_irqrestore(&cq->lock, flags);
      
      This was part of a patch by Alexander Guller from Mellanox in 2011,
      but it still isn't upstream.
      Signed-off-by: default avatarChris Mason <clm@fb.com>
      cc: stable@vger.kernel.org
      Acked-By: default avatarAmir Vadai <amirv@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c98235cb
    • David S. Miller's avatar
      Merge branch 'mvneta_qsgmii' · b07afe07
      David S. Miller authored
      Thomas Petazzoni says:
      
      ====================
      net: mvneta: fix usage as a module, and support QSGMII properly
      
      This set of patches is a new attempt at fixing the operation of the
      mvneta driver when built as a module. For the record, the previous
      attempt, merged in commit e3a8786c
      ('net: mvneta: fix usage as a module on RGMII configurations') caused
      problems for all RGMII configurations.
      
      In fact, it turned out that the MAC to PHY connection on the Armada XP
      GP, which was described as using RGMII-ID according to its Device
      Tree, is in fact a QSGMII connection. And the RGMII and QSGMII
      configurations have to be handled in a different way in the driver,
      because the SERDES configuration is different in those two cases.
      
      So, this patch series fixes that by:
      
       * Adding minimal handling of a "qsgmii" connection type in the PHY
         layer. Mainly to make sure that a "qsgmii" phy-mode in the Device
         Tree is recognized, and handed over to the driver as
         PHY_INTERFACE_QSGMII.
      
       * Changing the mvneta driver to properly configure the RGMIIEn and
         PCSEn bits in the GMAC_CTRL_2 register, and configure the SERDES
         register, in the three possible cases: RGMII, SGMII and QSGMII.
      
       * Updating the Device Tree of the Armada XP GP board to reflect the
         fact that it uses a QSGMII MAC/PHY connection.
      
      PATCH 1 and 2 would be merged by David Miller, through the net tree,
      while PATCH 3 would be merged by the mach-mvebu maintainers, through
      their tree and arm-soc.
      
      This set of patches has been tested on:
      
       * Armada XP GP (four QSGMII interfaces)
       * Armada XP DB (two RGMII interfaces and two SGMII interfaces)
       * Armada 370 Mirabox (two RGMII interfaces)
      
      I've tested both the driver built-in, and compiled as a module.
      
      Since the last attempt at fixing this was quite a fiasco, I'd like
      this new attempt to be tested more widely before being applied. I'll
      try to do some testing on other Armada boards I have, but independent
      testing from other persons would also be appreciated.
      
      Note that these patches apply after reverting the previous attempt,
      obviously.
      ====================
      Tested-by: default avatarArnaud Ebalard <arno@natisbad.org>
      Tested-by: default avatarWilly Tarreau <w@1wt.eu>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b07afe07