1. 28 Aug, 2017 18 commits
  2. 26 Aug, 2017 8 commits
  3. 25 Aug, 2017 10 commits
  4. 24 Aug, 2017 4 commits
    • Bob Peterson's avatar
      tipc: Fix tipc_sk_reinit handling of -EAGAIN · 6c7e983b
      Bob Peterson authored
      In 9dbbfb0a function tipc_sk_reinit
      had additional logic added to loop in the event that function
      rhashtable_walk_next() returned -EAGAIN. No worries.
      
      However, if rhashtable_walk_start returns -EAGAIN, it does "continue",
      and therefore skips the call to rhashtable_walk_stop(). That has
      the effect of calling rcu_read_lock() without its paired call to
      rcu_read_unlock(). Since rcu_read_lock() may be nested, the problem
      may not be apparent for a while, especially since resize events may
      be rare. But the comments to rhashtable_walk_start() state:
      
       * ...Note that we take the RCU lock in all
       * cases including when we return an error.  So you must always call
       * rhashtable_walk_stop to clean up.
      
      This patch replaces the continue with a goto and label to ensure a
      matching call to rhashtable_walk_stop().
      Signed-off-by: default avatarBob Peterson <rpeterso@redhat.com>
      Acked-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6c7e983b
    • Arnd Bergmann's avatar
      qlge: avoid memcpy buffer overflow · e58f9583
      Arnd Bergmann authored
      gcc-8.0.0 (snapshot) points out that we copy a variable-length string
      into a fixed length field using memcpy() with the destination length,
      and that ends up copying whatever follows the string:
      
          inlined from 'ql_core_dump' at drivers/net/ethernet/qlogic/qlge/qlge_dbg.c:1106:2:
      drivers/net/ethernet/qlogic/qlge/qlge_dbg.c:708:2: error: 'memcpy' reading 15 bytes from a region of size 14 [-Werror=stringop-overflow=]
        memcpy(seg_hdr->description, desc, (sizeof(seg_hdr->description)) - 1);
      
      Changing it to use strncpy() will instead zero-pad the destination,
      which seems to be the right thing to do here.
      
      The bug is probably harmless, but it seems like a good idea to address
      it in stable kernels as well, if only for the purpose of building with
      gcc-8 without warnings.
      
      Fixes: a61f8026 ("qlge: Add ethtool register dump function.")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e58f9583
    • Eric Dumazet's avatar
      virtio_net: be drop monitor friendly · dadc0736
      Eric Dumazet authored
      This change is needed to not fool drop monitor.
      (perf record ... -e skb:kfree_skb )
      
      Packets were properly sent and are consumed after TX completion.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dadc0736
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · af57d2b7
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree,
      they are:
      
      1) Fix use after free of struct proc_dir_entry in ipt_CLUSTERIP, patch
         from Sabrina Dubroca.
      
      2) Fix spurious EINVAL errors from iptables over nft compatibility layer.
      
      3) Reload pointer to ip header only if there is non-terminal verdict,
         ie. XT_CONTINUE, otherwise invalid memory access may happen, patch
         from Taehee Yoo.
      
      4) Fix interaction between SYNPROXY and NAT, SYNPROXY adds sequence
         adjustment already, however from nf_nat_setup() assumes there's not.
         Patch from Xin Long.
      
      5) Fix burst arithmetics in nft_limit as Joe Stringer mentioned during
         NFWS in Faro. Patch from Andy Zhou.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      af57d2b7