- 20 Nov, 2017 8 commits
-
-
Johannes Berg authored
When deleting a station or otherwise tearing down all aggregation sessions, make sure to delete requested but not yet started ones, to avoid the following scenario: * session is requested, added to tid_start_tx[] * ieee80211_ba_session_work() runs, gets past BLOCK_BA check * ieee80211_sta_tear_down_BA_sessions() runs, locks &sta->ampdu_mlme.mtx, e.g. while deleting the station - deleting all active sessions * ieee80211_ba_session_work() continues since tear down flushes it, and calls ieee80211_tx_ba_session_handle_start() for the new session, arms the timer for it * station deletion continues to __cleanup_single_sta() and frees the session struct, while the timer is armed Reported-by:
Fengguang Wu <fengguang.wu@intel.com> Signed-off-by:
Johannes Berg <johannes.berg@intel.com>
-
Ben Hutchings authored
hwsim_new_radio_nl() now copies the name attribute in order to add a null-terminator. mac80211_hwsim_new_radio() (indirectly) copies it again into the net_device structure, so the first copy is not used or freed later. Free the first copy before returning. Fixes: ff4dd73d ("mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length") Signed-off-by:
Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by:
-
Johannes Berg authored
When cfg80211 is built as a module, everything is fine, and we can keep the code as is; in fact, we have to, because there can only be a single module_init(). When cfg80211 is built-in, however, it needs to initialize before drivers (device_initcall/module_init), and thus used to be at subsys_initcall(). I'd moved it to fs_initcall() earlier, where it can remain. However, this is still too early because at that point the key infrastructure hasn't been initialized yet, so X.509 certificates can't be parsed yet. To work around this problem, load the regdb keys only later in a late_initcall(), at which point the necessary infrastructure has been initialized. Fixes: 90a53e44 ("cfg80211: implement regdb signature checking") Reported-by:
Xiaolong Ye <xiaolong.ye@intel.com> Signed-off-by:
-
Kees Cook authored
In preparation for unconditionally passing the struct timer_list pointer to all timer callbacks, switch to using the new timer_setup() and from_timer() to pass the timer pointer explicitly. This removes the tid mapping array and expands the tid structures to add a pointer back to the station, along with the tid index itself. Cc: Johannes Berg <johannes@sipsolutions.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by:
Kees Cook <keescook@chromium.org> [switch tid variables to u8, the valid range is 0-15 at most, initialize tid_tx->sta/tid properly] Signed-off-by:
-
Johannes Berg authored
For mesh, this is simply wrong - there's no SSID, only the mesh ID, so don't expose it at all. For (P2P) client, it's wrong, because it exposes an internal value that's only used when certain APIs are used. For AP, it's actually the only correct case, so leave that. All other interface types shouldn't be setting this anyway, so there it won't change anything. Fixes: b84e7a05 ("nl80211: send the NL80211_ATTR_SSID in nl80211_send_iface()") Signed-off-by:
-
Kees Cook authored
In preparation for unconditionally passing the struct timer_list pointer to all timer callbacks, switch to using the new timer_setup() and from_timer() to pass the timer pointer explicitly. Cc: Johannes Berg <johannes@sipsolutions.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-wireless@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by:
-
Christophe JAILLET authored
Some statements are not enough or too much indented. Fix it to improve readalbility. Signed-off-by:
Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Netanel Belgazal authored
In rare cases, ena driver would reset and re-start the device, for example, in case of misbehaving application that causes transmit timeout The first step in the reset procedure is to stop the Tx traffic by calling ena_carrier_off(). After the driver have just started the device reset procedure, device happens to send an asynchronous notification (via AENQ) to the driver than there was a link change (to link-up state). This link change is mapped to a call to netif_carrier_on() which re-activates the Tx queues, violating the assumption of no tx traffic until device reset is completed, as the reset task might still be in the process of queues initialization, leading to an access to uninitialized memory. Signed-off-by:
Netanel Belgazal <netanel@amazon.com> Signed-off-by:
-
- 19 Nov, 2017 6 commits
-
-
Heiner Kallweit authored
Adjust the code to use the same green settings as in the latest vendor driver. Signed-off-by:
Heiner Kallweit <hkallweit1@gmail.com> Signed-off-by:
-
Heiner Kallweit authored
Name of functions rtl_w0w1_eri and rtl_w0w1_phy is somewhat misleading regarding order of arguments. One could assume that w0w1 means argument with bits to be reset comes before argument with bits to set. However this is not the case. So fix the order of arguments in several statements. In addition fix EEE advertisement. The current code resets the bits for 100BaseT and 1000BaseT EEE advertisement what is not what we want. I have a little of a hard time to find a proper "Fixes" line as the issue seems to have been there forever (at least it existed already when the driver was moved to the current place in 2011). The patch was tested on a Zotac Mini-PC with a RTL8111E-VL chip. Before the patch EEE was disabled, now it's properly advertised and works fine. Signed-off-by:
-
Xin Long authored
rcu_read_lock in tun_build_skb is used to rcu_dereference tun->xdp_prog safely, rcu_read_unlock should be done in every return path. Now I could see one place missing it, where it returns NULL in switch-case XDP_REDIRECT, another palce using rcu_read_lock wrongly, where it returns NULL in if (xdp_xmit) chunk. So fix both in this patch. Fixes: 761876c8 ("tap: XDP support") Signed-off-by:
Xin Long <lucien.xin@gmail.com> Signed-off-by:
-
Neal Cardwell authored
Fix the TLP scheduling logic so that when scheduling a TLP probe, we ensure that the estimated time at which an RTO would fire accounts for the fact that ACKs indicating forward progress should push back RTO times. After the following fix: df92c839 ("tcp: fix xmit timer to only be reset if data ACKed/SACKed") we had an unintentional behavior change in the following kind of scenario: suppose the RTT variance has been very low recently. Then suppose we send out a flight of N packets and our RTT is 100ms: t=0: send a flight of N packets t=100ms: receive an ACK for N-1 packets The response before df92c839 that was: -> schedule a TLP for now + RTO_interval The response after df92c839 is: -> schedule a TLP for t=0 + RTO_interval Since RTO_interval = srtt + RTT_variance, this means that we have scheduled a TLP timer at a point in the future that only accounts for RTT_variance. If the RTT_variance term is small, this means that the timer fires soon. Before df92c839 this would not happen, because in that code, when we receive an ACK for a prefix of flight, we did: 1) Near the top of tcp_ack(), switch from TLP timer to RTO at write_queue_head->paket_tx_time + RTO_interval: if (icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) tcp_rearm_rto(sk); 2) In tcp_clean_rtx_queue(), update the RTO to now + RTO_interval: if (flag & FLAG_ACKED) { tcp_rearm_rto(sk); 3) In tcp_ack() after tcp_fastretrans_alert() switch from RTO to TLP at now + RTO_interval: if (icsk->icsk_pending == ICSK_TIME_RETRANS) tcp_schedule_loss_probe(sk); In df92c839 we removed that 3-phase dance, and instead directly set the TLP timer once: we set the TLP timer in cases like this to write_queue_head->packet_tx_time + RTO_interval. So if the RTT variance is small, then this means that this is setting the TLP timer to fire quite soon. This means if the ACK for the tail of the flight takes longer than an RTT to arrive (often due to delayed ACKs), then the TLP timer fires too quickly. Fixes: df92c839 ("tcp: fix xmit timer to only be reset if data ACKed/SACKed") Signed-off-by:
Neal Cardwell <ncardwell@google.com> Signed-off-by:
Yuchung Cheng <ycheng@google.com> Signed-off-by:
Eric Dumazet <edumazet@google.com> Acked-by:
Soheil Hassas Yeganeh <soheil@google.com> Signed-off-by:
-
Gustavo A. R. Silva authored
_dev_ is being dereferenced before it is null checked, hence there is a potential null pointer dereference. Fix this by moving the pointer dereference after _dev_ has been null checked. Addresses-Coverity-ID: 1462020 Fixes: bb1b40c7 ("usbnet: ipheth: prevent TX queue timeouts when device not ready") Signed-off-by:
Gustavo A. R. Silva <garsilva@embeddedor.com> Signed-off-by:
-
Alexey Kodanev authored
After commit 308edfdf ("gre6: Cleanup GREv6 receive path, call common GRE functions") it's not used anywhere in the module, but previously was used in ip6gre_rcv(). Fixes: 308edfdf ("gre6: Cleanup GREv6 receive path, call common GRE functions") Signed-off-by:
Alexey Kodanev <alexey.kodanev@oracle.com> Signed-off-by:
-
- 18 Nov, 2017 26 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparcLinus Torvalds authored
Pull sparc updates from David Miller: 1) Add missing cmpxchg64() for 32-bit sparc. 2) Timer conversions from Allen Pais and Kees Cook. 3) vDSO support, from Nagarathnam Muthusamy. 4) Fix sparc64 huge page table walks based upon bug report by Al Viro, from Nitin Gupta. 5) Optimized fls() for T4 and above, from Vijay Kumar. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc64: Fix page table walk for PUD hugepages sparc64: Convert timers to user timer_setup() sparc64: convert mdesc_handle.refcnt from atomic_t to refcount_t sparc/led: Convert timers to use timer_setup() sparc64: Use sparc optimized fls and __fls for T4 and above sparc64: SPARC optimized __fls function sparc64: SPARC optimized fls function sparc64: Define SPARC default __fls function sparc64: Define SPARC default fls function vDSO for sparc sparc32: Add cmpxchg64(). sbus: char: Move D7S_MINOR to include/linux/miscdevice.h sparc: time: Remove unneeded linux/miscdevice.h include sparc64: mmu_context: Add missing include files -
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Revert regression inducing change to the IPSEC template resolver, from Steffen Klassert. 2) Peeloffs can cause the wrong sk to be waken up in SCTP, fix from Xin Long. 3) Min packet MTU size is wrong in cpsw driver, from Grygorii Strashko. 4) Fix build failure in netfilter ctnetlink, from Arnd Bergmann. 5) ISDN hisax driver checks pnp_irq() for errors incorrectly, from Arvind Yadav. 6) Fix fealnx driver build failure on MIPS, from Huacai Chen. 7) Fix into leak in SCTP, the scope_id of socket addresses is not always filled in. From Eric W. Biederman. 8) MTU inheritance between physical function and representor fix in nfp driver, from Dirk van der Merwe. 9) Fix memory leak in rsi driver, from Colin Ian King. 10) Fix expiration and generation ID handling of cached ipv4 redirect routes, from Xin Long. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (40 commits) net: usb: hso.c: remove unneeded DRIVER_LICENSE #define ibmvnic: fix dma_mapping_error call ipvlan: NULL pointer dereference panic in ipvlan_port_destroy route: also update fnhe_genid when updating a route cache route: update fnhe_expires for redirect when the fnhe exists sctp: set frag_point in sctp_setsockopt_maxseg correctly rsi: fix memory leak on buf and usb_reg_buf net/netlabel: Add list_next_rcu() in rcu_dereference(). nfp: remove false positive offloads in flower vxlan nfp: register flower reprs for egress dev offload nfp: inherit the max_mtu from the PF netdev nfp: fix vlan receive MAC statistics typo nfp: fix flower offload metadata flag usage virto_net: remove empty file 'virtio_net.' net/sctp: Always set scope_id in sctp_inet6_skb_msgname fealnx: Fix building error on MIPS isdn: hisax: Fix pnp_irq's error checking for setup_teles3 isdn: hisax: Fix pnp_irq's error checking for setup_sedlbauer_isapnp isdn: hisax: Fix pnp_irq's error checking for setup_niccy isdn: hisax: Fix pnp_irq's error checking for setup_ix1micro ... -
git://github.com/andersson/remoteprocLinus Torvalds authored
Pull hwspinlock update from Bjorn Andersson: "This changes the HWSPINLOCK core Kconfig option to bool, to aid when other core code depends on it" * tag 'hwlock-v4.15' of git://github.com/andersson/remoteproc: hwspinlock: Change hwspinlock to a bool
-
git://github.com/andersson/remoteprocLinus Torvalds authored
Pull remoteproc updates from Bjorn Andersson: "This adds an interface for configuring Qualcomm's "secure SMMU" and adds support for booting the modem Hexagon on MSM8996. Two new debugfs entries are added in the remoteproc core to introspect the list of memory carveouts and the loaded resource table" * tag 'rproc-v4.15' of git://github.com/andersson/remoteproc: remoteproc: qcom: Fix error handling paths in order to avoid memory leaks remoteproc: qcom: Drop pr_err in q6v5_xfer_mem_ownership() remoteproc: debug: add carveouts list dump feature remoteproc: debug: add resource table dump feature remoteproc: qcom: Add support for mss remoteproc on msm8996 remoteproc: qcom: Make secure world call for mem ownership switch remoteproc: qcom: refactor mss fw image loading sequence firmware: scm: Add new SCM call API for switching memory ownership
-
git://github.com/andersson/remoteprocLinus Torvalds authored
Pull rpmsg updates from Bjorn Andersson: - turn RPMSG_VIRTIO into a user selectable config - fix few bugs in GLINK - provide the support for specifying initial buffer sizes for GLINK channels. * tag 'rpmsg-v4.15' of git://github.com/andersson/remoteproc: rpmsg: glink: The mbox client knows_txdone rpmsg: glink: Add missing MODULE_LICENSE rpmsg: glink: Use best fit intent during tx rpmsg: glink: Add support to preallocate intents dt-bindings: soc: qcom: Support GLINK intents rpmsg: glink: Initialize the "intent_req_comp" completion variable rpmsg: Allow RPMSG_VIRTIO to be enabled via menuconfig or defconfig
-
Linus Torvalds authored
Merge tag 'hwmon-for-linus-v4.15-take2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull more hwmon updates/fixes from Guenter Roeck: - minor bug fix in k10temp driver - take advantage of added NULL check in i2c_unregister_device() * tag 'hwmon-for-linus-v4.15-take2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (w83793) Remove duplicate NULL check hwmon: (w83792d) Remove duplicate NULL check hwmon: (w83791d) Remove duplicate NULL check hwmon: (w83781d) Remove duplicate NULL check hwmon: (k10temp) Correct model name for Ryzen 1600X
-
git://git.kernel.org/pub/scm/linux/kernel/git/clk/linuxLinus Torvalds authored
Pull clk updates from Stephen Boyd: "We have two changes to the core framework this time around. The first being a large change that introduces runtime PM support to the clk framework. Now we properly call runtime PM operations on the device providing a clk when the clk is in use. This helps on SoCs where the clks provided by a device need something to be powered on before using the clks, like power domains or regulators. It also helps power those things down when clks aren't in use. The other core change is a devm API addition for clk providers so we can get rid of a bunch of clk driver remove functions that are just doing of_clk_del_provider(). Outside of the core, we have the usual addition of clk drivers and smattering of non-critical fixes to existing drivers. The biggest diff is support for Mediatek MT2712 and MT7622 SoCs, but those patches really just add a bunch of data. By the way, we're trying something new here where we build the tree up with topic branches. We plan to work this into our workflow so that we don't step on each other's toes, and so the fixes branch can be merged on an as-needed basis. Summary: Core: - runtime PM support for clk providers - devm API for of_clk_add_hw_provider() New Drivers: - Mediatek MT2712 and MT7622 - Renesas R-Car V3M SoC Updates: - runtime PM support for Samsung exynos5433/exynos4412 providers - removal of clkdev aliases on Samsung SoCs - convert clk-gpio to use gpio descriptors - various driver cleanups to match kernel coding style - Amlogic Video Processing Unit VPU and VAPB clks - sigma-delta modulation for Allwinner audio PLLs - Allwinner A83t Display clks - support for the second display unit clock on Renesas RZ/G1E - suspend/resume support for Renesas R-Car Gen3 CPG/MSSR - new clock ids for Rockchip rk3188 and rk3368 SoCs - various 'const' markings on clk_ops structures - RPM clk support on Qualcomm MSM8996/MSM8660 SoCs" * tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (137 commits) clk: stm32h7: fix test of clock config clk: pxa: fix building on older compilers clk: sunxi-ng: a83t: Fix i2c buses bits clk: ti: dra7-atl-clock: fix child-node lookups clk: qcom: common: fix legacy board-clock registration clk: uniphier: fix DAPLL2 clock rate of Pro5 clk: uniphier: fix parent of miodmac clock data clk: hi3798cv200: correct parent mux clock for 'clk_sdio0_ciu' clk: hisilicon: Delete an error message for a failed memory allocation in hisi_register_clkgate_sep() clk: hi3660: fix incorrect uart3 clock freqency clk: kona-setup: Delete error messages for failed memory allocations ARC: clk: fix spelling mistake: "configurarion" -> "configuration" clk: cdce925: remove redundant check for non-null parent_name clk: versatile: Improve sizeof() usage clk: versatile: Delete error messages for failed memory allocations clk: ux500: Improve sizeof() usage clk: ux500: Delete error messages for failed memory allocations clk: spear: Delete error messages for failed memory allocations clk: ti: Delete error messages for failed memory allocations clk: mmp: Adjust checks for NULL pointers ...
-
Linus Torvalds authored
Merge tag 'kbuild-misc-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild misc updates from Masahiro Yamada: - Clean up and fix RPM package build - Fix a warning in DEB package build - Improve coccicheck script - Improve some semantic patches * tag 'kbuild-misc-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: docs: dev-tools: coccinelle: delete out of date wiki reference coccinelle: orplus: reorganize to improve performance coccinelle: use exists to improve efficiency builddeb: Pass the kernel:debarch substvar to dpkg-genchanges Coccinelle: use false positive annotation coccinelle: fix verbose message about .cocci file being run coccinelle: grep Options and Requires fields more precisely Coccinelle: make DEBUG_FILE option more useful coccinelle: api: detect identical chip data arrays coccinelle: Improve setup_timer.cocci matching Coccinelle: setup_timer: improve messages from setup_timer kbuild: rpm-pkg: do not force -jN in submake kbuild: rpm-pkg: keep spec file until make mrproper kbuild: rpm-pkg: fix jobserver unavailable warning kbuild: rpm-pkg: replace $RPM_BUILD_ROOT with %{buildroot} kbuild: rpm-pkg: fix build error when CONFIG_MODULES is disabled kbuild: rpm-pkg: refactor mkspec with here doc kbuild: rpm-pkg: clean up mkspec kbuild: rpm-pkg: install vmlinux.bz2 unconditionally kbuild: rpm-pkg: remove ppc64 specific image handling
-
git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuildLinus Torvalds authored
Pull Kbuild updates from Masahiro Yamada: "One of the most remarkable improvements in this cycle is, Kbuild is now able to cache the result of shell commands. Some variables are expensive to compute, for example, $(call cc-option,...) invokes the compiler. It is not efficient to redo this computation every time, even when we are not actually building anything. Kbuild creates a hidden file ".cache.mk" that contains invoked shell commands and their results. The speed-up should be noticeable. Summary: - Fix arch build issues (hexagon, sh) - Clean up various Makefiles and scripts - Fix wrong usage of {CFLAGS,LDFLAGS}_MODULE in arch Makefiles - Cache variables that are expensive to compute - Improve cc-ldopton and ld-option for Clang - Optimize output directory creation" * tag 'kbuild-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (30 commits) kbuild: move coccicheck help from scripts/Makefile.help to top Makefile sh: decompressor: add shipped files to .gitignore frv: .gitignore: ignore vmlinux.lds selinux: remove unnecessary assignment to subdir- kbuild: specify FORCE in Makefile.headersinst as .PHONY target kbuild: remove redundant mkdir from ./Kbuild kbuild: optimize object directory creation for incremental build kbuild: create object directories simpler and faster kbuild: filter-out PHONY targets from "targets" kbuild: remove redundant $(wildcard ...) for cmd_files calculation kbuild: create directory for make cache only when necessary sh: select KBUILD_DEFCONFIG depending on ARCH kbuild: fix linker feature test macros when cross compiling with Clang kbuild: shrink .cache.mk when it exceeds 1000 lines kbuild: do not call cc-option before KBUILD_CFLAGS initialization kbuild: Cache a few more calls to the compiler kbuild: Add a cache for generated variables kbuild: add forward declaration of default target to Makefile.asm-generic kbuild: remove KBUILD_SUBDIR_ASFLAGS and KBUILD_SUBDIR_CCFLAGS hexagon/kbuild: replace CFLAGS_MODULE with KBUILD_CFLAGS_MODULE ... -
Greg Kroah-Hartman authored
There is no need to #define the license of the driver, just put it in the MODULE_LICENSE() line directly as a text string. This allows tools that check that the module license matches the source code license to work properly, as there is no need to unwind the unneeded dereference. Cc: "David S. Miller" <davem@davemloft.net> Cc: Andreas Kemnade <andreas@kemnade.info> Cc: Johan Hovold <johan@kernel.org> Reported-by:
Philippe Ombredanne <pombredanne@nexb.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by:
-
Desnes Augusto Nunes do Rosario authored
This patch fixes the dma_mapping_error call to use the correct dma_addr which is inside the ibmvnic_vpd struct. Moreover, it fixes an uninitialized warning regarding a local dma_addr variable which is not used anymore. Fixes: 4e6759be ("ibmvnic: Feature implementation of VPD for the ibmvnic driver") Reported-by:
Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by:
Desnes A. Nunes do Rosario <desnesn@linux.vnet.ibm.com> Signed-off-by:
-
Girish Moodalbail authored
When call to register_netdevice() (called from ipvlan_link_new()) fails, we call ipvlan_uninit() (through ndo_uninit()) to destroy the ipvlan port. After returning unsuccessfully from register_netdevice() we go ahead and call ipvlan_port_destroy() again which causes NULL pointer dereference panic. Fix the issue by making ipvlan_init() and ipvlan_uninit() call symmetric. The ipvlan port will now be created inside ipvlan_init() and will be destroyed in ipvlan_uninit(). Fixes: 2ad7bf36 (ipvlan: Initial check-in of the IPVLAN driver) Signed-off-by:
Girish Moodalbail <girish.moodalbail@oracle.com> Signed-off-by:
-
Xin Long authored
Now when ip route flush cache and it turn out all fnhe_genid != genid. If a redirect/pmtu icmp packet comes and the old fnhe is found and all it's members but fnhe_genid will be updated. Then next time when it looks up route and tries to rebind this fnhe to the new dst, the fnhe will be flushed due to fnhe_genid != genid. It causes this redirect/pmtu icmp packet acutally not to be applied. This patch is to also reset fnhe_genid when updating a route cache. Fixes: 5aad1de5 ("ipv4: use separate genid for next hop exceptions") Acked-by:
Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by:
-
Xin Long authored
Now when creating fnhe for redirect, it sets fnhe_expires for this new route cache. But when updating the exist one, it doesn't do it. It will cause this fnhe never to be expired. Paolo already noticed it before, in Jianlin's test case, it became even worse: When ip route flush cache, the old fnhe is not to be removed, but only clean it's members. When redirect comes again, this fnhe will be found and updated, but never be expired due to fnhe_expires not being set. So fix it by simply updating fnhe_expires even it's for redirect. Fixes: aee06da6 ("ipv4: use seqlock for nh_exceptions") Reported-by:
Jianlin Shi <jishi@redhat.com> Acked-by:
-
Xin Long authored
Now in sctp_setsockopt_maxseg user_frag or frag_point can be set with val >= 8 and val <= SCTP_MAX_CHUNK_LEN. But both checks are incorrect. val >= 8 means frag_point can even be less than SCTP_DEFAULT_MINSEGMENT. Then in sctp_datamsg_from_user(), when it's value is greater than cookie echo len and trying to bundle with cookie echo chunk, the first_len will overflow. The worse case is when it's value is equal as cookie echo len, first_len becomes 0, it will go into a dead loop for fragment later on. In Hangbin syzkaller testing env, oom was even triggered due to consecutive memory allocation in that loop. Besides, SCTP_MAX_CHUNK_LEN is the max size of the whole chunk, it should deduct the data header for frag_point or user_frag check. This patch does a proper check with SCTP_DEFAULT_MINSEGMENT subtracting the sctphdr and datahdr, SCTP_MAX_CHUNK_LEN subtracting datahdr when setting frag_point via sockopt. It also improves sctp_setsockopt_maxseg codes. Suggested-by:
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Reported-by:
Hangbin Liu <liuhangbin@gmail.com> Signed-off-by:
-
Colin Ian King authored
In the cases where len is too long, the error return path fails to kfree allocated buffers buf and usb_reg_buf. The simplest fix is to perform the sanity check on len before the allocations to avoid having to do the kfree'ing in the first place. Detected by CoverityScan, CID#1452258,1452259 ("Resource Leak") Fixes: 59f73e2a ("rsi: check length before USB read/write register") Signed-off-by:Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Tim Hansen authored
Add list_next_rcu() for fetching next list in rcu_deference safely. Found with sparse in linux-next tree on tag next-20171116. Signed-off-by:
Tim Hansen <devtimhansen@gmail.com> Signed-off-by:
-
Linus Torvalds authored
Merge more updates from Andrew Morton: - a bit more MM - procfs updates - dynamic-debug fixes - lib/ updates - checkpatch - epoll - nilfs2 - signals - rapidio - PID management cleanup and optimization - kcov updates - sysvipc updates - quite a few misc things all over the place * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (94 commits) EXPERT Kconfig menu: fix broken EXPERT menu include/asm-generic/topology.h: remove unused parent_node() macro arch/tile/include/asm/topology.h: remove unused parent_node() macro arch/sparc/include/asm/topology_64.h: remove unused parent_node() macro arch/sh/include/asm/topology.h: remove unused parent_node() macro arch/ia64/include/asm/topology.h: remove unused parent_node() macro drivers/pcmcia/sa1111_badge4.c: avoid unused function warning mm: add infrastructure for get_user_pages_fast() benchmarking sysvipc: make get_maxid O(1) again sysvipc: properly name ipc_addid() limit parameter sysvipc: duplicate lock comments wrt ipc_addid() sysvipc: unteach ids->next_id for !CHECKPOINT_RESTORE initramfs: use time64_t timestamps drivers/watchdog: make use of devm_register_reboot_notifier() kernel/reboot.c: add devm_register_reboot_notifier() kcov: update documentation Makefile: support flag -fsanitizer-coverage=trace-cmp kcov: support comparison operands collection kcov: remove pointless current != NULL check kernel/panic.c: add TAINT_AUX ...
-
Randy Dunlap authored
Clean up the EXPERT menu (yet again). Move FHANDLE and CHECKPOINT_RESTORE into the primary EXPERT menu since they already depend on EXPERT. Move BPF_SYSCALL and USERFAULTFD out of the EXPERT Kconfig symbols menu list since they do not depend on EXPERT and were breaking the continuity of that menu list. Move all of the KALLSYMS Kconfig symbols to the end of the EXPERT menu. This separates the kernel services from the build options. This patch depends on [PATCH] pci: move PCI_QUIRKS to the PCI bus menu (https://lkml.org/lkml/2017/11/2/907). Link: http://lkml.kernel.org/r/72e4465a-a5ff-cb3c-1a90-11aa4861b161@infradead.orgSigned-off-by:
Randy Dunlap <rdunlap@infradead.org> Acked-by: Daniel Borkmann <daniel@iogearbox.net> [BPF] Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Alexei Starovoitov <ast@kernel.org> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Dou Liyang authored
Commit a7be6e5a ("mm: drop useless local parameters of __register_one_node()") removed the last user of parent_node(). The parent_node() macro in generic situation is unnecessary. Remove it for cleanup. Link: http://lkml.kernel.org/r/1504234599-29533-8-git-send-email-douly.fnst@cn.fujitsu.comSigned-off-by:
Dou Liyang <douly.fnst@cn.fujitsu.com> Reported-by:
Michael Ellerman <mpe@ellerman.id.au> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by:
-
Dou Liyang authored
Commit a7be6e5a ("mm: drop useless local parameters of __register_one_node()") removed the last user of parent_node(). The parent_node() macro in tile platform is unnecessary. Remove it for cleanup. Link: http://lkml.kernel.org/r/1504234599-29533-7-git-send-email-douly.fnst@cn.fujitsu.comSigned-off-by:
Chris Metcalf <cmetcalf@mellanox.com> Signed-off-by:
-
Dou Liyang authored
Commit a7be6e5a ("mm: drop useless local parameters of __register_one_node()") removed the last user of parent_node(). The parent_node() macro in SPARC64 platform is unnecessary. Remove it for cleanup. Link: http://lkml.kernel.org/r/1504234599-29533-6-git-send-email-douly.fnst@cn.fujitsu.comSigned-off-by:
-
Dou Liyang authored
Commit a7be6e5a ("mm: drop useless local parameters of __register_one_node()") removed the last user of parent_node(). The parent_node() macro in SUPERH platform is unnecessary. Remove it for cleanup. Link: http://lkml.kernel.org/r/1504234599-29533-5-git-send-email-douly.fnst@cn.fujitsu.comSigned-off-by:
-
Dou Liyang authored
Commit a7be6e5a ("mm: drop useless local parameters of __register_one_node()") removed the last user of parent_node(). The parent_node() macro in IA64(Itanium) platform is unnecessary. Remove it for cleanup. Link: http://lkml.kernel.org/r/1504234599-29533-2-git-send-email-douly.fnst@cn.fujitsu.comSigned-off-by:
-
Arnd Bergmann authored
pcmv_setup() is only used when the badge4 driver is built-in, but not when it is a loadable module: drivers/pcmcia/sa1111_badge4.c:153:122: error: 'pcmv_setup' defined but not used [-Werror=unused-function] This adds an #ifdef to avoid the definition of the unused function in the modular case. Link: http://lkml.kernel.org/r/20170911201133.3421636-1-arnd@arndb.deSigned-off-by:
Arnd Bergmann <arnd@arndb.de> Cc: Russell King <rmk@armlinux.org.uk> Signed-off-by:
-
Kirill A. Shutemov authored
Performance of get_user_pages_fast() is critical for some workloads, but it's tricky to test it directly. This patch provides /sys/kernel/debug/gup_benchmark that helps with testing performance of it. See tools/testing/selftests/vm/gup_benchmark.c for userspace counterpart. Link: http://lkml.kernel.org/r/20170908215603.9189-2-kirill.shutemov@linux.intel.comSigned-off-by:
Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Shuah Khan <shuah@kernel.org> Cc: Ingo Molnar <mingo@kernel.org> Cc: Thorsten Leemhuis <regressions@leemhuis.info> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Huang Ying <ying.huang@intel.com> Signed-off-by:
-
