- 07 May, 2014 6 commits
-
-
David S. Miller authored
Florian Westphal says: ==================== net: ip: push gso skb forwarding handling down the stack Turns out doing the segmentation in forwarding was not a bright idea, there are corner-cases where this has unintended side-effects. This patch pushes the segmentation downwards. After this, netif_skb_dev_features() function can be removed again, it was only added to fetch the features of the output device, we can just use skb->dev after the pushdown. Tested with following setup: host -> kvm_router -> kvm_host mtu 1500 mtu1280 - 'host' has route to kvm_host with locked mtu of 1500 - gso/gro enabled on all interfaces Did tests with all of following combinations: - netfilter conntrack off and on on kvm_router - virtio-net and e1000 driver on kvm_router - tcp and udp bulk xmit from host to kvm_host for tcp, I added TCPMSS mangling on kvm_host to make it lie about tcp mss. Also added a dummy '-t mangle -A POSTROUTING -p udp -f' rule to make sure no udp fragments are seen in the 'conntrack on' and 'virtio-net' case. Also checked (with ping -M do -s 1400)' that it still sends the wanted icmp error message when size exceeds 1280. ==================== Signed-off-by:David S. Miller <davem@davemloft.net>
-
Florian Westphal authored
This reverts commit d2069403, there are no more callers. Signed-off-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
-
Florian Westphal authored
Doing the segmentation in the forward path has one major drawback: When using virtio, we may process gso udp packets coming from host network stack. In that case, netfilter POSTROUTING will see one packet with udp header followed by multiple ip fragments. Delay the segmentation and do it after POSTROUTING invocation to avoid this. Fixes: fe6cc55f ("net: ip, ipv6: handle gso skbs in forwarding path") Signed-off-by:
-
Florian Westphal authored
If conntrack defragments incoming ipv6 frags it stores largest original frag size in ip6cb and sets ->local_df. We must thus first test the largest original frag size vs. mtu, and not vice versa. Without this patch PKTTOOBIG is still generated in ip6_fragment() later in the stack, but 1) IPSTATS_MIB_INTOOBIGERRORS won't increment 2) packet did (needlessly) traverse netfilter postrouting hook. Fixes: fe6cc55f ("net: ip, ipv6: handle gso skbs in forwarding path") Signed-off-by:
-
Florian Westphal authored
local_df means 'ignore DF bit if set', so if its set we're allowed to perform ip fragmentation. This wasn't noticed earlier because the output path also drops such skbs (and emits needed icmp error) and because netfilter ip defrag did not set local_df until couple of days ago. Only difference is that DF-packets-larger-than MTU now discarded earlier (f.e. we avoid pointless netfilter postrouting trip). While at it, drop the repeated test ip_exceeds_mtu, checking it once is enough... Fixes: fe6cc55f ("net: ip, ipv6: handle gso skbs in forwarding path") Signed-off-by:
-
Bjørn Mork authored
Fixes this warning introduced by commit 5b8f15f7 ("net: cdc_mbim: handle IPv6 Neigbor Solicitations"): =============================== [ INFO: suspicious RCU usage. ] 3.15.0-rc3 #213 Tainted: G W O ------------------------------- net/8021q/vlan_core.c:69 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 1 no locks held by ksoftirqd/0/3. stack backtrace: CPU: 0 PID: 3 Comm: ksoftirqd/0 Tainted: G W O 3.15.0-rc3 #213 Hardware name: LENOVO 2776LEG/2776LEG, BIOS 6EET55WW (3.15 ) 12/19/2011 0000000000000001 ffff880232533bf0 ffffffff813a5ee6 0000000000000006 ffff880232530090 ffff880232533c20 ffffffff81076b94 0000000000000081 0000000000000000 ffff8802085ac000 ffff88007fc8ea00 ffff880232533c50 Call Trace: [<ffffffff813a5ee6>] dump_stack+0x4e/0x68 [<ffffffff81076b94>] lockdep_rcu_suspicious+0xfa/0x103 [<ffffffff813978a6>] __vlan_find_dev_deep+0x54/0x94 [<ffffffffa04a1938>] cdc_mbim_rx_fixup+0x379/0x66a [cdc_mbim] [<ffffffff813ab76f>] ? _raw_spin_unlock_irqrestore+0x3a/0x49 [<ffffffff81079671>] ? trace_hardirqs_on_caller+0x192/0x1a1 [<ffffffffa059bd10>] usbnet_bh+0x59/0x287 [usbnet] [<ffffffff8104067d>] tasklet_action+0xbb/0xcd [<ffffffff81040057>] __do_softirq+0x14c/0x30d [<ffffffff81040237>] run_ksoftirqd+0x1f/0x50 [<ffffffff8105f13e>] smpboot_thread_fn+0x172/0x18e [<ffffffff8105efcc>] ? SyS_setgroups+0xdf/0xdf [<ffffffff810594b0>] kthread+0xb5/0xbd [<ffffffff813a84b1>] ? __wait_for_common+0x13b/0x170 [<ffffffff810593fb>] ? __kthread_parkme+0x5c/0x5c [<ffffffff813b147c>] ret_from_fork+0x7c/0xb0 [<ffffffff810593fb>] ? __kthread_parkme+0x5c/0x5c Fixes: 5b8f15f7 ("net: cdc_mbim: handle IPv6 Neigbor Solicitations") Signed-off-by:
Bjørn Mork <bjorn@mork.no> Signed-off-by:
-
- 05 May, 2014 34 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) e1000e computes header length incorrectly wrt vlans, fix from Vlad Yasevich. 2) ns_capable() check in sock_diag netlink code, from Andrew Lutomirski. 3) Fix invalid queue pairs handling in virtio_net, from Amos Kong. 4) Checksum offloading busted in sxgbe driver due to incorrect descriptor layout, fix from Byungho An. 5) Fix build failure with SMC_DEBUG set to 2 or larger, from Zi Shen Lim. 6) Fix uninitialized A and X registers in BPF interpreter, from Alexei Starovoitov. 7) Fix arch dependencies of candence driver. 8) Fix netlink capabilities checking tree-wide, from Eric W Biederman. 9) Don't dump IFLA_VF_PORTS if netlink request didn't ask for it in IFLA_EXT_MASK, from David Gibson. 10) IPV6 FIB dump restart doesn't handle table changes that happen meanwhile, causing the code to loop forever or emit dups, fix from Kumar Sandararajan. 11) Memory leak on VF removal in bnx2x, from Yuval Mintz. 12) Bug fixes for new Altera TSE driver from Vince Bridgers. 13) Fix route lookup key in SCTP, from Xugeng Zhang. 14) Use BH blocking spinlocks in SLIP, as per a similar fix to CAN/SLCAN driver. From Oliver Hartkopp. 15) TCP doesn't bump retransmit counters in some code paths, fix from Eric Dumazet. 16) Clamp delayed_ack in tcp_cubic to prevent theoretical divides by zero. Fix from Liu Yu. 17) Fix locking imbalance in error paths of HHF packet scheduler, from John Fastabend. 18) Properly reference the transport module when vsock_core_init() runs, from Andy King. 19) Fix buffer overflow in cdc_ncm driver, from Bjørn Mork. 20) IP_ECN_decapsulate() doesn't see a correct SKB network header in ip_tunnel_rcv(), fix from Ying Cai. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (132 commits) net: macb: Fix race between HW and driver net: macb: Remove 'unlikely' optimization net: macb: Re-enable RX interrupt only when RX is done net: macb: Clear interrupt flags net: macb: Pass same size to DMA_UNMAP as used for DMA_MAP ip_tunnel: Set network header properly for IP_ECN_decapsulate() e1000e: Restrict MDIO Slow Mode workaround to relevant parts e1000e: Fix issue with link flap on 82579 e1000e: Expand workaround for 10Mb HD throughput bug e1000e: Workaround for dropped packets in Gig/100 speeds on 82579 net/mlx4_core: Don't issue PCIe speed/width checks for VFs net/mlx4_core: Load the Eth driver first net/mlx4_core: Fix slave id computation for single port VF net/mlx4_core: Adjust port number in qp_attach wrapper when detaching net: cdc_ncm: fix buffer overflow Altera TSE: ALTERA_TSE should depend on HAS_DMA vsock: Make transport the proto owner net: sched: lock imbalance in hhf qdisc net: mvmdio: Check for a valid interrupt instead of an error net phy: Check for aneg completion before setting state to PHY_RUNNING ... -
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbLinus Torvalds authored
Pull USB fixes from Greg KH: "Here are some small fixes and device ids for 3.15-rc4. All have been in linux-next just fine" * tag 'usb-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: USB: Nokia 5300 should be treated as unusual dev USB: Nokia 305 should be treated as unusual dev fsl-usb: do not test for PHY_CLK_VALID bit on controller version 1.6 usb: storage: shuttle_usbat: fix discs being detected twice usb: qcserial: add a number of Dell devices USB: OHCI: fix problem with global suspend on ATI controllers usb: gadget: at91-udc: fix irq and iomem resource retrieval usb: phy: fsm: change "|" to "||" for condition OTG_STATE_A_WAIT_BCON at statemachine usb: phy: fsm: update OTG HNP state transition
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/ttyLinus Torvalds authored
Pull tty/serial fixes from Greg KH: "Here are some tty and serial driver fixes for things reported recently" * tag 'tty-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: tty: Fix lockless tty buffer race Revert "tty: Fix race condition between __tty_buffer_request_room and flush_to_ldisc" drivers/tty/hvc: don't free hvc_console_setup after init n_tty: Fix n_tty_write crash when echoing in raw mode tty: serial: 8250_core.c Bug fix for Exar chips.
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/stagingLinus Torvalds authored
Pull staging / iio fixes from Greg KH: "Here are some small IIO driver fixes for 3.15-rc4 that resolve some reported issues" * tag 'staging-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: iio: adc: Nothing in ADC should be a bool CONFIG iio: exynos_adc: use indio_dev->dev structure to handle child nodes iio:imu:mpu6050: Fixed segfault in Invensens MPU driver due to null dereference staging:iio:ad2s1200 fix missing parenthesis in a for statment.
-
git://github.com/czankel/xtensa-linuxLinus Torvalds authored
Pull Xtensa fixes from Chris Zankel: - Fixes allmodconfig, allnoconfig builds - Adds highmem support - Enables build-time exception table sorting. * tag 'xtensa-next-20140503' of git://github.com/czankel/xtensa-linux: xtensa: ISS: don't depend on CONFIG_TTY xtensa: xt2000: drop redundant sysmem initialization xtensa: add support for KC705 xtensa: xtfpga: introduce SoC I/O bus xtensa: add HIGHMEM support xtensa: optimize local_flush_tlb_kernel_range xtensa: dump sysmem from the bootmem_init xtensa: handle memmap kernel option xtensa: keep sysmem banks ordered in mem_reserve xtensa: keep sysmem banks ordered in add_sysmem_bank xtensa: split bootparam and kernel meminfo xtensa: enable sorting extable at build time xtensa: export __{invalidate,flush}_dcache_range xtensa: Export __invalidate_icache_range
-
git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-clientLinus Torvalds authored
Pull Ceph fixes from Sage Weil: "First, there is a critical fix for the new primary-affinity function that went into -rc1. The second batch of patches from Zheng fix a range of problems with directory fragmentation, readdir, and a few odds and ends for cephfs" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: ceph: reserve caps for file layout/lock MDS requests ceph: avoid releasing caps that are being used ceph: clear directory's completeness when creating file libceph: fix non-default values check in apply_primary_affinity() ceph: use fpos_cmp() to compare dentry positions ceph: check directory's completeness before emitting directory entry
-
Soren Brinkmann authored
Under "heavy" RX load, the driver cannot handle the descriptors fast enough. In detail, when a descriptor is consumed, its used flag is cleared and once the RX budget is consumed all descriptors with a cleared used flag are prepared to receive more data. Under load though, the HW may constantly receive more data and use those descriptors with a cleared used flag before they are actually prepared for next usage. The head and tail pointers into the RX-ring should always be valid and we can omit clearing and checking of the used flag. Signed-off-by:
Soren Brinkmann <soren.brinkmann@xilinx.com> Signed-off-by:
-
Soren Brinkmann authored
Coverage data suggests that the unlikely case of receiving data while the receive handler is running may not be that unlikely. Coverage data after running iperf for a while: 91320: 891: work_done = bp->macbgem_ops.mog_rx(bp, budget); 91320: 892: if (work_done < budget) { 2362: 893: napi_complete(napi); -: 894: -: 895: /* Packets received while interrupts were disabled */ 4724: 896: status = macb_readl(bp, RSR); 2362: 897: if (unlikely(status)) { 762: 898: if (bp->caps & MACB_CAPS_ISR_CLEAR_ON_WRITE) 762: 899: macb_writel(bp, ISR, MACB_BIT(RCOMP)); -: 900: napi_reschedule(napi); -: 901: } else { 1600: 902: macb_writel(bp, IER, MACB_RX_INT_FLAGS); -: 903: } -: 904: } Signed-off-by: -
Soren Brinkmann authored
When data is received during the driver processing received data the NAPI is re-scheduled. In that case the RX interrupt should not be re-enabled. Signed-off-by:
-
Soren Brinkmann authored
A few interrupt flags were not cleared in the ISR, resulting in a sytem trapped in the ISR in cases one of those interrupts occurred. Clear all flags to avoid such situations. Signed-off-by:
-
Soren Brinkmann authored
Just as commit "net: macb: DMA-unmap full rx-buffer" (48330e08), pass the size that was used for mapping the memory also to the unmap routine to avoid warnings from the DMA_API. Signed-off-by:
-
Ying Cai authored
In ip_tunnel_rcv(), set skb->network_header to inner IP header before IP_ECN_decapsulate(). Without the fix, IP_ECN_decapsulate() takes outer IP header as inner IP header, possibly causing error messages or packet drops. Note that this skb_reset_network_header() call was in this spot when the original feature for checking consistency of ECN bits through tunnels was added in eccc1bb8 ("tunnel: drop packet if ECN present with not-ECT"). It was only removed from this spot in 3d7b46cd ("ip_tunnel: push generic protocol handling to ip_tunnel module."). Fixes: 3d7b46cd ("ip_tunnel: push generic protocol handling to ip_tunnel module.") Reported-by:
Neal Cardwell <ncardwell@google.com> Signed-off-by:
Ying Cai <ycai@google.com> Acked-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/netDavid S. Miller authored
Jeff Kirsher says: ==================== Intel Wired LAN Driver Updates This series contains updates to e1000e only. David provides four fixes for e1000e, first is a workaround for a hardware erratum on 82579 devices which experienced packet loss in gigabit and 100 speeds when interconnect between the PHY and MAC is exiting K1 power saving state. Second expands the scope of a workaround to include i217 and i218 parts as well to address over aggressive transmit behavior when connecting at 10Mbs half-duplex. Next is to resolve a reported link flap issue on 82579 parts which was root caused as an interoperability problem between 82579 and at least some Broadcom PHYs in the Energy Efficient Ethernet wake mechanism. Lastly, restricts the workaround of putting the PHY into MDIO slow mode to access the PHY id to relevant parts since this issue has been fixed on the newer hardware. ==================== Signed-off-by: -
David Ertman authored
It has been determined that the workaround of putting the PHY into MDIO slow mode to access the PHY id is not necessary with Lynx Point and newer parts. The issue that necessitated the workaround has been fixed on the newer hardware. We will maintains, as a last ditch attempt, the conversion to MDIO Slow Mode in the failure branch when attempting to access the PHY id so as to cover all contingencies. Signed-off-by:
Dave Ertman <davidx.m.ertman@intel.com> Tested-by:
Aaron Brown <aaron.f.brown@intel.com> Signed-off-by:
Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
David Ertman authored
Several customers have reported a link flap issue on 82579. The symptoms are random and intermittent link losses when 82579 is connected to specific link partners. Issue has been root caused as interoperability problem between 82579 and at least some Broadcom PHYs in the Energy Efficient Ethernet wake mechanism. To fix the issue, we are disabling the Phase Locked Loop shutdown in 100M Low Power Idle. This solution will cause an increase of power in 100M EEE link. It will cost additional 28mW in this specific mode. Cc: Lukasz Adamczuk <lukasz.adamczuk@intel.com> Signed-off-by:
-
David Ertman authored
In commit 772d05c5 "e1000e: slow performance between two 82579 connected via 10Mbit hub", a workaround was put into place to address the overaggressive transmit behavior of 82579 parts when connecting at 10Mbs half-duplex. This same behavior is seen on i217 and i218 parts as well. This patch expands the original workaround to encompass these parts. Signed-off-by:
-
David Ertman authored
This is a workaround for a HW erratum on 82579 devices. Erratum is #23 in Intel 6 Series Chipset and Intel C200 Series Chipset specification Update June 2013. Problem: 82579 parts experience packet loss in Gig and 100 speeds when interconnect between PHY and MAC is exiting K1 power saving state. This was previously believed to only affect 1Gig speed, but has been observed at 100Mbs also. Workaround: Disable K1 for 82579 devices at Gig and 100 speeds. Signed-off-by:
-
David S. Miller authored
Or Gerlitz says: ==================== This series contains fixes for 3.15-rc, mostly around SRIOV. The patches by Jack, Matan and myself fix few issues related to mlx4 SRIOV support for RoCE and single port VFs, and the patch from Eyal eliminates checking PCI caps for VFs which is misleading. Patches done against the net tree, commit 014f1b20 "net: bonding: Fix format string mismatch in bond_sysfs.c" We'd be happy to get Eyal's patch queued in your -stable list for 3.14.y ==================== Signed-off-by:
-
Eyal Perry authored
Carrying out PCI speed/width checks through pcie_get_minimum_link() on VFs yield wrong results, so remove them. Fixes: b912b2f8 ('net/mlx4_core: Warn if device doesn't have enough PCI bandwidth') Signed-off-by:
Eyal Perry <eyalpe@mellanox.com> Signed-off-by:
Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by:
-
Or Gerlitz authored
When running in SRIOV mode, VM that is assigned with a non-provisioned Ethernet VFs get themselves a random mac when the Eth driver starts. In this case, if the IB driver startup code that deals with RoCE runs first, it will use a zero mac as the source mac for the Para-Virtual CM MADs which is buggy. To handle that, we change the order of loading. Signed-off-by:
-
Matan Barak authored
The code that deals with computing the slave id based on a given GID gave wrong results when the number of single port VFs wasn't the same for port 1 vs. port 2 and the relevant VF is single ported on port 2. As a result, incoming CM MADs were dispatched to the wrong VF. Fixed that and added documentation to clarify the computation steps. Fixes: 449fc488 ('net/mlx4: Adapt code for N-Port VF') Signed-off-by:
Matan Barak <matanb@mellanox.com> Signed-off-by:
-
Jack Morgenstein authored
When using single ported VFs and the VF is using port 2, we need to adjust the port accordingly (change it from 1 to 2). Fixes: 449fc488 ('net/mlx4: Adapt code for N-Port VF') Signed-off-by:
Jack Morgenstein <jackm@mellanox.com> Signed-off-by:
-
Bjørn Mork authored
Commit 4d619f62 ("net: cdc_ncm: no point in filling up the NTBs if we send ZLPs") changed the padding logic for devices with the ZLP flag set. This meant that frames of any size will be sent without additional padding, except for the single byte added if the size is a multiple of the USB packet size. But if the unpadded size is identical to the maximum frame size, and the maximum size is a multiplum of the USB packet size, then this one-byte padding will overflow the buffer. Prevent padding if already at maximum frame size, letting usbnet transmit a ZLP instead in this case. Fixes: 4d619f62 ("net: cdc_ncm: no point in filling up the NTBs if we send ZLPs") Reported by: Yu-an Shih <yshih@nvidia.com> Signed-off-by:
-
Geert Uytterhoeven authored
If NO_DMA=y: drivers/built-in.o: In function `altera_tse_probe': altera_tse_main.c:(.text+0x25ec2e): undefined reference to `dma_set_mask' altera_tse_main.c:(.text+0x25ec78): undefined reference to `dma_supported' altera_tse_main.c:(.text+0x25ecb6): undefined reference to `dma_supported' drivers/built-in.o: In function `sgdma_async_read': altera_sgdma.c:(.text+0x25f620): undefined reference to `dma_sync_single_for_cpu' drivers/built-in.o: In function `sgdma_uninitialize': (.text+0x25f678): undefined reference to `dma_unmap_single' drivers/built-in.o: In function `sgdma_uninitialize': (.text+0x25f696): undefined reference to `dma_unmap_single' drivers/built-in.o: In function `sgdma_initialize': (.text+0x25f6f0): undefined reference to `dma_map_single' drivers/built-in.o: In function `sgdma_initialize': (.text+0x25f702): undefined reference to `dma_mapping_error' drivers/built-in.o: In function `sgdma_tx_buffer': (.text+0x25f92a): undefined reference to `dma_sync_single_for_cpu' drivers/built-in.o: In function `sgdma_rx_status': (.text+0x25fa24): undefined reference to `dma_sync_single_for_cpu' make[3]: *** [vmlinux] Error 1 Signed-off-by:
Geert Uytterhoeven <geert@linux-m68k.org> Acked-by:
Vince Bridgers <vbridgers2013@gmail.com> Signed-off-by:
-
Andy King authored
Right now the core vsock module is the owner of the proto family. This means there's nothing preventing the transport module from unloading if there are open sockets, which results in a panic. Fix that by allowing the transport to be the owner, which will refcount it properly. Includes version bump to 1.0.1.0-k Passes checkpatch this time, I swear... Acked-by:
Dmitry Torokhov <dtor@vmware.com> Signed-off-by:
Andy King <acking@vmware.com> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirelessDavid S. Miller authored
John W. Linville says: ==================== pull request: wireless 2014-05-01 Please pull the following batch of fixes intended for the 3.15 stream! For the Bluetooth bits, Gustavo says: "Some fixes for 3.15. There is a revert for the intel driver, a new device id, and two important SSP fixes from Johan." On top of that... Ben Hutchings gives us a fix for an unbalanced irq enable in an rtl8192cu error path. Colin Ian King provides an rtlwifi fix for an uninitialized variable. Felix Fietkau brings a pair of ath9k fixes, one that corrects a hardware initialization value and another that removes an (unnecessary) flag that was being used in a way that led to a software tx queue hang in ath9k. Gertjan van Wingerde pushes a MAINTAINERS change to remove himself from the rt2x00 maintainer team. Hans de Goede fixes a brcmfmac firmware load hang. Larry Finger changes rtlwifi to use the correct queue for V0 traffic on rtl8192se. Rajkumar Manoharan corrects a race in ath9k driver initialization. Stanislaw Gruszka fixes an rt2x00 bug in which disabling beaconing once on USB devices led to permanently disabling beaconing for those devices. Tim Harvey provides fixes for a pair of ath9k issues that can lead to soft lockups in that driver. Please let me know if there are problems! ==================== Signed-off-by: -
Max Filippov authored
Build console support only when CONFIG_TTY is selected. This restores ISS as the default platform for allnoconfig builds. Signed-off-by:
Max Filippov <jcmvbkbc@gmail.com> Signed-off-by:
Chris Zankel <chris@zankel.net>
-
Christoph Hellwig authored
Unpaired quotes really confuse mutt when copy & pasting it into the To: form. Signed-off-by:
Christoph Hellwig <hch@lst.de> [ I'm going to remove all silly quotes entirely one day, but that day is not today. So I'll just apply this - Linus ] Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.infradead.org/linux-ubifsLinus Torvalds authored
Pull ubifs fixes from Artem Bityutskiy: "This includes the following fixes: - two real bug-fixes from Tanya for the still "experimental" UBI fastmap feature - a one-liner from Kees which hardens kernel security - a small error-path fix, where we forget to free various resources in case of failure - spotted by the 'smatch' tool" * tag 'upstream-3.15-rc5' of git://git.infradead.org/linux-ubifs: UBI: avoid workqueue format string leak UBI: fix ubi free PEBs count calculation UBI: fix error path in __wl_get_peb UBIFS: fix remount error path -
Matthew Daley authored
Do not leak kernel-only floppy_raw_cmd structure members to userspace. This includes the linked-list pointer and the pointer to the allocated DMA space. Signed-off-by:
Matthew Daley <mattd@bugfuzz.com> Signed-off-by:
-
Matthew Daley authored
Always clear out these floppy_raw_cmd struct members after copying the entire structure from userspace so that the in-kernel version is always valid and never left in an interdeterminate state. Signed-off-by:
-
Kees Cook authored
When building the name for the workqueue thread, make sure a format string cannot leak in from the disk name. Signed-off-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
-
Tanya Brokhman authored
The ubi->free_count should be updated with every insert/remove to/from the ubi->free list. Signed-off-by:
Tanya Brokhman <tlinder@codeaurora.org> Reviewed-by:
Dolev Raviv <draviv@codeaurora.org> Acked-by:
Richard Weinberger <richard@nod.at> Signed-off-by:
-
Tanya Brokhman authored
In case of an error (if there are not free PEB's for example), __wl_get_peb will return a negative value. In order to prevent access violation we need to test the returned value prior to using it later on. Signed-off-by:
-
