1. 19 Aug, 2019 3 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 446bf64b
      David S. Miller authored
      Merge conflict of mlx5 resolved using instructions in merge
      commit 9566e650.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      446bf64b
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 06821504
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
        1) Fix jmp to 1st instruction in x64 JIT, from Alexei Starovoitov.
      
        2) Severl kTLS fixes in mlx5 driver, from Tariq Toukan.
      
        3) Fix severe performance regression due to lack of SKB coalescing of
           fragments during local delivery, from Guillaume Nault.
      
        4) Error path memory leak in sch_taprio, from Ivan Khoronzhuk.
      
        5) Fix batched events in skbedit packet action, from Roman Mashak.
      
        6) Propagate VLAN TX offload to hw_enc_features in bond and team
           drivers, from Yue Haibing.
      
        7) RXRPC local endpoint refcounting fix and read after free in
           rxrpc_queue_local(), from David Howells.
      
        8) Fix endian bug in ibmveth multicast list handling, from Thomas
           Falcon.
      
        9) Oops, make nlmsg_parse() wrap around the correct function,
           __nlmsg_parse not __nla_parse(). Fix from David Ahern.
      
       10) Memleak in sctp_scend_reset_streams(), fro Zheng Bin.
      
       11) Fix memory leak in cxgb4, from Wenwen Wang.
      
       12) Yet another race in AF_PACKET, from Eric Dumazet.
      
       13) Fix false detection of retransmit failures in tipc, from Tuong
           Lien.
      
       14) Use after free in ravb_tstamp_skb, from Tho Vu.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (101 commits)
        ravb: Fix use-after-free ravb_tstamp_skb
        netfilter: nf_tables: map basechain priority to hardware priority
        net: sched: use major priority number as hardware priority
        wimax/i2400m: fix a memory leak bug
        net: cavium: fix driver name
        ibmvnic: Unmap DMA address of TX descriptor buffers after use
        bnxt_en: Fix to include flow direction in L2 key
        bnxt_en: Use correct src_fid to determine direction of the flow
        bnxt_en: Suppress HWRM errors for HWRM_NVM_GET_VARIABLE command
        bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails
        bnxt_en: Improve RX doorbell sequence.
        bnxt_en: Fix VNIC clearing logic for 57500 chips.
        net: kalmia: fix memory leaks
        cx82310_eth: fix a memory leak bug
        bnx2x: Fix VF's VLAN reconfiguration in reload.
        Bluetooth: Add debug setting for changing minimum encryption key size
        tipc: fix false detection of retransmit failures
        lan78xx: Fix memory leaks
        MAINTAINERS: r8169: Update path to the driver
        MAINTAINERS: PHY LIBRARY: Update files in the record
        ...
      06821504
    • David Howells's avatar
      keys: Fix description size · 555df336
      David Howells authored
      The maximum key description size is 4095.  Commit f771fde8 ("keys:
      Simplify key description management") inadvertantly reduced that to 255
      and made sizes between 256 and 4095 work weirdly, and any size whereby
      size & 255 == 0 would cause an assertion in __key_link_begin() at the
      following line:
      
      	BUG_ON(index_key->desc_len == 0);
      
      This can be fixed by simply increasing the size of desc_len in struct
      keyring_index_key to a u16.
      
      Note the argument length test in keyutils only checked empty
      descriptions and descriptions with a size around the limit (ie.  4095)
      and not for all the values in between, so it missed this.  This has been
      addressed and
      
      	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/commit/?id=066bf56807c26cd3045a25f355b34c1d8a20a5aa
      
      now exhaustively tests all possible lengths of type, description and
      payload and then some.
      
      The assertion failure looks something like:
      
       kernel BUG at security/keys/keyring.c:1245!
       ...
       RIP: 0010:__key_link_begin+0x88/0xa0
       ...
       Call Trace:
        key_create_or_update+0x211/0x4b0
        __x64_sys_add_key+0x101/0x200
        do_syscall_64+0x5b/0x1e0
        entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      It can be triggered by:
      
      	keyctl add user "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" a @s
      
      Fixes: f771fde8 ("keys: Simplify key description management")
      Reported-by: default avatarkernel test robot <rong.a.chen@intel.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      555df336
  2. 18 Aug, 2019 37 commits