1. 02 Dec, 2015 2 commits
  2. 20 Nov, 2015 2 commits
  3. 17 Nov, 2015 2 commits
    • Johannes Berg's avatar
      mac80211: mesh: fix call_rcu() usage · c2e703a5
      Johannes Berg authored
      When using call_rcu(), the called function may be delayed quite
      significantly, and without a matching rcu_barrier() there's no
      way to be sure it has finished.
      Therefore, global state that could be gone/freed/reused should
      never be touched in the callback.
      
      Fix this in mesh by moving the atomic_dec() into the caller;
      that's not really a problem since we already unlinked the path
      and it will be destroyed anyway.
      
      This fixes a crash Jouni observed when running certain tests in
      a certain order, in which the mesh interface was torn down, the
      memory reused for a function pointer (work struct) and running
      that then crashed since the pointer had been decremented by 1,
      resulting in an invalid instruction byte stream.
      
      Cc: stable@vger.kernel.org
      Fixes: eb2b9311 ("mac80211: mesh path table implementation")
      Reported-by: default avatarJouni Malinen <j@w1.fi>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      c2e703a5
    • Johannes Berg's avatar
      mac80211: don't advertise NL80211_FEATURE_FULL_AP_CLIENT_STATE · 45bb780a
      Johannes Berg authored
      For now, this feature doesn't actually work. To avoid shipping a
      kernel that has it enabled but where it can't be used disable it
      for now - we can re-enable it when it's fixed.
      
      This partially reverts 44674d9c ("mac80211: advertise support
      for full station state in AP mode").
      
      Cc: Ayala Beker <ayala.beker@intel.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      45bb780a
  4. 16 Nov, 2015 7 commits
  5. 15 Nov, 2015 24 commits
  6. 12 Nov, 2015 3 commits
    • Arnd Bergmann's avatar
      stmmac: avoid ipq806x constant overflow warning · 49e4a229
      Arnd Bergmann authored
      Building dwmac-ipq806x on a 64-bit architecture produces a harmless
      warning from gcc:
      
      stmmac/dwmac-ipq806x.c: In function 'ipq806x_gmac_probe':
      include/linux/bitops.h:6:19: warning: overflow in implicit constant conversion [-Woverflow]
        val = QSGMII_PHY_CDR_EN |
      stmmac/dwmac-ipq806x.c:333:8: note: in expansion of macro 'QSGMII_PHY_CDR_EN'
       #define QSGMII_PHY_CDR_EN   BIT(0)
       #define BIT(nr)   (1UL << (nr))
      
      This is a result of the type conversion rules in C, when we take the
      logical OR of multiple different types. In particular, we have
      and unsigned long
      
      	QSGMII_PHY_CDR_EN == BIT(0) == (1ul << 0) == 0x0000000000000001ul
      
      and a signed int
      
      	0xC << QSGMII_PHY_TX_DRV_AMP_OFFSET == 0xc0000000
      
      which together gives a signed long value
      
      	0xffffffffc0000001l
      
      and when this is passed into a function that takes an unsigned int type,
      gcc warns about the signed overflow and the loss of the upper 32-bits that
      are all ones.
      
      This patch adds 'ul' type modifiers to the literal numbers passed in
      here, so now the expression remains an 'unsigned long' with the upper
      bits all zero, and that avoids the signed overflow and the warning.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Fixes: b1c17215 ("stmmac: add ipq806x glue layer")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      49e4a229
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 382a483e
      David S. Miller authored
      Pablo Neira Ayuso:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree. This
      large batch that includes fixes for ipset, netfilter ingress, nf_tables
      dynamic set instantiation and a longstanding Kconfig dependency problem.
      More specifically, they are:
      
      1) Add missing check for empty hook list at the ingress hook, from
         Florian Westphal.
      
      2) Input and output interface are swapped at the ingress hook,
         reported by Patrick McHardy.
      
      3) Resolve ipset extension alignment issues on ARM, patch from Jozsef
         Kadlecsik.
      
      4) Fix bit check on bitmap in ipset hash type, also from Jozsef.
      
      5) Release buckets when all entries have expired in ipset hash type,
         again from Jozsef.
      
      6) Oneliner to initialize conntrack tuple object in the PPTP helper,
         otherwise the conntrack lookup may fail due to random bits in the
         structure holes, patch from Anthony Lineham.
      
      7) Silence a bogus gcc warning in nfnetlink_log, from Arnd Bergmann.
      
      8) Fix Kconfig dependency problems with TPROXY, socket and dup, also
         from Arnd.
      
      9) Add __netdev_alloc_pcpu_stats() to allow creating percpu counters
         from atomic context, this is required by the follow up fix for
         nf_tables.
      
      10) Fix crash from the dynamic set expression, we have to add new clone
          operation that should be defined when a simple memcpy is not enough.
          This resolves a crash when using per-cpu counters with new Patrick
          McHardy's flow table nft support.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      382a483e
    • françois romieu's avatar
      r8169: fix kasan reported skb use-after-free. · 39174291
      françois romieu authored
      Signed-off-by: default avatarFrancois Romieu <romieu@fr.zoreil.com>
      Reported-by: default avatarDave Jones <davej@codemonkey.org.uk>
      Fixes: d7d2d89d ("r8169: Add software counter for multicast packages")
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarCorinna Vinschen <vinschen@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      39174291