1. 22 Jun, 2014 4 commits
  2. 21 Jun, 2014 10 commits
  3. 19 Jun, 2014 5 commits
    • David S. Miller's avatar
      Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless · 1b0608fd
      David S. Miller authored
      John W. Linville says:
      pull request: wireless 2014-06-18
      Please pull this batch of fixes intended for the 3.16 stream!
      For the Bluetooth bits, Gustavo says:
      "This is our first batch of fixes for 3.16. Be aware that two patches here
      are not exactly bugfixes:
      * 71f28af57066 Bluetooth: Add clarifying comment for conn->auth_type
      This commit just add some important security comments to the code, we found
      it important enough to include it here for 3.16 since it is security related.
      * 9f7ec8871132 Bluetooth: Refactor discovery stopping into its own function
      This commit is just a refactor in a preparation for a fix in the next
      commit (f8680f12
      All the other patches are fixes for deadlocks and for the Bluetooth protocols,
      most of them related to authentication and encryption."
      On top of that...
      Chin-Ran Lo fixes a problems with overlapping DMA areas in mwifiex.
      Michael Braun corrects a couple of issues in order to enable a new
      device in rt2800usb.
      Rafał Miłecki reverts a b43 patch that caused a regression, fixes a
      Kconfig typo, and corrects a frequency reporting error with the G-PHY.
      Stanislaw Grsuzka fixes an rfkill regression for rt2500pci, and avoids
      a rt2x00 scheduling while atomic BUG.
      Please let me know if there are problems!
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Daniel Borkmann's avatar
      net: sctp: check proc_dointvec result in proc_sctp_do_auth · 24599e61
      Daniel Borkmann authored
      When writing to the sysctl field net.sctp.auth_enable, it can well
      be that the user buffer we handed over to proc_dointvec() via
      proc_sctp_do_auth() handler contains something other than integers.
      In that case, we would set an uninitialized 4-byte value from the
      stack to net->sctp.auth_enable that can be leaked back when reading
      the sysctl variable, and it can unintentionally turn auth_enable
      on/off based on the stack content since auth_enable is interpreted
      as a boolean.
      Fix it up by making sure proc_dointvec() returned sucessfully.
      Fixes: b14878cc
       ("net: sctp: cache auth_enable per endpoint")
      Reported-by: default avatarFlorian Westphal <fwestpha@redhat.com>
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Acked-by: default avatarVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Prashant Sreedharan's avatar
      tg3: Clear NETIF_F_TSO6 flag before doing software GSO · 40c1deaf
      Prashant Sreedharan authored
      Commit d3f6f3a1
       ("tg3: Prevent page
      allocation failure during TSO workaround") modified driver logic
      to use tg3_tso_bug() for any TSO fragment that hits hardware bug
      conditions thus the patch increased the scope of work for tg3_tso_bug()
      to cover devices that support NETIF_F_TSO6 as well. Prior to the
      patch, tg3_tso_bug() would only be used on devices supporting
      A regression was introduced for IPv6 packets requiring the workaround.
      To properly perform GSO on SKBs with TCPV6 gso_type, we need to call
      skb_gso_segment() with NETIF_F_TSO6 feature flag cleared, or the
      function will return NULL and cause a kernel oops as tg3 is not handling
      a NULL return value. This patch fixes the problem.
      Signed-off-by: default avatarPrashant Sreedharan <prashant@broadcom.com>
      Signed-off-by: default avatarMichael Chan <mchan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Neal Cardwell's avatar
      tcp: fix tcp_match_skb_to_sack() for unaligned SACK at end of an skb · 2cd0d743
      Neal Cardwell authored
      If there is an MSS change (or misbehaving receiver) that causes a SACK
      to arrive that covers the end of an skb but is less than one MSS, then
      tcp_match_skb_to_sack() was rounding up pkt_len to the full length of
      the skb ("Round if necessary..."), then chopping all bytes off the skb
      and creating a zero-byte skb in the write queue.
      This was visible now because the recently simplified TLP logic in
      bef1909e ("tcp: fixing TLP's FIN recovery") could find that 0-byte
      skb at the end of the write queue, and now that we do not check that
      skb's length we could send it as a TLP probe.
      Consider the following example scenario:
       mss: 1000
       skb: seq: 0 end_seq: 4000  len: 4000
       SACK: start_seq: 3999 end_seq: 4000
      The tcp_match_skb_to_sack() code will compute:
       in_sack = false
       pkt_len = start_seq - TCP_SKB_CB(skb)->seq = 3999 - 0 = 3999
       new_len = (pkt_len / mss) * mss = (3999/1000)*1000 = 3000
       new_len += mss = 4000
      Previously we would find the new_len > skb->len check failing, so we
      would fall through and set pkt_len = new_len = 4000 and chop off
      pkt_len of 4000 from the 4000-byte skb, leaving a 0-byte segment
      afterward in the write queue.
      With this new commit, we notice that the new new_len >= skb->len check
      succeeds, so that we return without trying to fragment.
      Fixes: adb92db8
       ("tcp: Make SACK code to split only at mss boundaries")
      Reported-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarNeal Cardwell <ncardwell@google.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Yuchung Cheng <ycheng@google.com>
      Cc: Ilpo Jarvinen <ilpo.jarvinen@helsinki.fi>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • David S. Miller's avatar
      Revert "net: return actual error on register_queue_kobjects" · 8e4946cc
      David S. Miller authored
      This reverts commit d36a4f4b
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  4. 18 Jun, 2014 8 commits
  5. 17 Jun, 2014 7 commits
  6. 16 Jun, 2014 6 commits