1. 03 Jan, 2017 8 commits
  2. 02 Jan, 2017 9 commits
    • Alexander Alemayhu's avatar
      Documentation/networking: fix typo in mpls-sysctl · 4e5da369
      Alexander Alemayhu authored
      Signed-off-by: default avatarAlexander Alemayhu <alexander@alemayhu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Michal Tesar's avatar
      igmp: Make igmp group member RFC 3376 compliant · 7ababb78
      Michal Tesar authored
      5.2. Action on Reception of a Query
       When a system receives a Query, it does not respond immediately.
       Instead, it delays its response by a random amount of time, bounded
       by the Max Resp Time value derived from the Max Resp Code in the
       received Query message.  A system may receive a variety of Queries on
       different interfaces and of different kinds (e.g., General Queries,
       Group-Specific Queries, and Group-and-Source-Specific Queries), each
       of which may require its own delayed response.
       Before scheduling a response to a Query, the system must first
       consider previously scheduled pending responses and in many cases
       schedule a combined response.  Therefore, the system must be able to
       maintain the following state:
       o A timer per interface for scheduling responses to General Queries.
       o A per-group and interface timer for scheduling responses to Group-
         Specific and Group-and-Source-Specific Queries.
       o A per-group and interface list of sources to be reported in the
         response to a Group-and-Source-Specific Query.
       When a new Query with the Router-Alert option arrives on an
       interface, provided the system has state to report, a delay for a
       response is randomly selected in the range (0, [Max Resp Time]) where
       Max Resp Time is derived from Max Resp Code in the received Query
       message.  The following rules are then used to determine if a Report
       needs to be scheduled and the type of Report to schedule.  The rules
       are considered in order and only the first matching rule is applied.
       1. If there is a pending response to a previous General Query
          scheduled sooner than the selected delay, no additional response
          needs to be scheduled.
       2. If the received Query is a General Query, the interface timer is
          used to schedule a response to the General Query after the
          selected delay.  Any previously pending response to a General
          Query is canceled.
      Currently the timer is rearmed with new random expiration time for
      every incoming query regardless of possibly already pending report.
      Which is not aligned with the above RFE.
      It also might happen that higher rate of incoming queries can
      postpone the report after the expiration time of the first query
      causing group membership loss.
      Now the per interface general query timer is rearmed only
      when there is no pending report already scheduled on that interface or
      the newly selected expiration time is before the already pending
      scheduled report.
      Signed-off-by: default avatarMichal Tesar <mtesar@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Ian Kumlien's avatar
      flow_dissector: Update pptp handling to avoid null pointer deref. · d0af6834
      Ian Kumlien authored
      __skb_flow_dissect can be called with a skb or a data packet, either
      can be NULL. All calls seems to have been moved to __skb_header_pointer
      except the pptp handling which is still calling skb_header_pointer.
      skb_header_pointer will use skb->data and thus:
      [  109.556866] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
      [  109.557102] IP: [<ffffffff88dc02f8>] __skb_flow_dissect+0xa88/0xce0
      [  109.557263] PGD 0
      [  109.557338]
      [  109.557484] Oops: 0000 [#1] SMP
      [  109.557562] Modules linked in: chaoskey
      [  109.557783] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.9.0 #79
      [  109.557867] Hardware name: Supermicro A1SRM-LN7F/LN5F/A1SRM-LN7F-2758, BIOS 1.0c 11/04/2015
      [  109.557957] task: ffff94085c27bc00 task.stack: ffffb745c0068000
      [  109.558041] RIP: 0010:[<ffffffff88dc02f8>]  [<ffffffff88dc02f8>] __skb_flow_dissect+0xa88/0xce0
      [  109.558203] RSP: 0018:ffff94087fc83d40  EFLAGS: 00010206
      [  109.558286] RAX: 0000000000000130 RBX: ffffffff8975bf80 RCX: ffff94084fab6800
      [  109.558373] RDX: 0000000000000010 RSI: 000000000000000c RDI: 0000000000000000
      [  109.558460] RBP: 0000000000000b88 R08: 0000000000000000 R09: 0000000000000022
      [  109.558547] R10: 0000000000000008 R11: ffff94087fc83e04 R12: 0000000000000000
      [  109.558763] R13: ffff94084fab6800 R14: ffff94087fc83e04 R15: 000000000000002f
      [  109.558979] FS:  0000000000000000(0000) GS:ffff94087fc80000(0000) knlGS:0000000000000000
      [  109.559326] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  109.559539] CR2: 0000000000000080 CR3: 0000000281809000 CR4: 00000000001026e0
      [  109.559753] Stack:
      [  109.559957]  000000000000000c ffff94084fab6822 0000000000000001 ffff94085c2b5fc0
      [  109.560578]  0000000000000001 0000000000002000 0000000000000000 0000000000000000
      [  109.561200]  0000000000000000 0000000000000000 0000000000000000 0000000000000000
      [  109.561820] Call Trace:
      [  109.562027]  <IRQ>
      [  109.562108]  [<ffffffff88dfb4fa>] ? eth_get_headlen+0x7a/0xf0
      [  109.562522]  [<ffffffff88c5a35a>] ? igb_poll+0x96a/0xe80
      [  109.562737]  [<ffffffff88dc912b>] ? net_rx_action+0x20b/0x350
      [  109.562953]  [<ffffffff88546d68>] ? __do_softirq+0xe8/0x280
      [  109.563169]  [<ffffffff8854704a>] ? irq_exit+0xaa/0xb0
      [  109.563382]  [<ffffffff8847229b>] ? do_IRQ+0x4b/0xc0
      [  109.563597]  [<ffffffff8902d4ff>] ? common_interrupt+0x7f/0x7f
      [  109.563810]  <EOI>
      [  109.563890]  [<ffffffff88d57530>] ? cpuidle_enter_state+0x130/0x2c0
      [  109.564304]  [<ffffffff88d57520>] ? cpuidle_enter_state+0x120/0x2c0
      [  109.564520]  [<ffffffff8857eacf>] ? cpu_startup_entry+0x19f/0x1f0
      [  109.564737]  [<ffffffff8848d55a>] ? start_secondary+0x12a/0x140
      [  109.564950] Code: 83 e2 20 a8 80 0f 84 60 01 00 00 c7 04 24 08 00
      00 00 66 85 d2 0f 84 be fe ff ff e9 69 fe ff ff 8b 34 24 89 f2 83 c2
      04 66 85 c0 <41> 8b 84 24 80 00 00 00 0f 49 d6 41 8d 31 01 d6 41 2b 84
      24 84
      [  109.569959] RIP  [<ffffffff88dc02f8>] __skb_flow_dissect+0xa88/0xce0
      [  109.570245]  RSP <ffff94087fc83d40>
      [  109.570453] CR2: 0000000000000080
      Fixes: ab10dccb ("rps: Inspect PPTP encapsulated by GRE to get flow hash")
      Signed-off-by: default avatarIan Kumlien <ian.kumlien@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • David S. Miller's avatar
      Merge tag 'mac80211-for-davem-2017-01-02' of... · 94ba998b
      David S. Miller authored
      Merge tag 'mac80211-for-davem-2017-01-02' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      Johannes Berg says:
      A single fix to avoid loading an skb->cb pointer too early.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Johannes Berg's avatar
      mac80211: initialize fast-xmit 'info' later · 35f432a0
      Johannes Berg authored
      In ieee80211_xmit_fast(), 'info' is initialized to point to the skb
      that's passed in, but that skb may later be replaced by a clone (if
      it was shared), leading to an invalid pointer.
      This can lead to use-after-free and also later crashes since the
      real SKB's info->hw_queue doesn't get initialized properly.
      Fix this by assigning info only later, when it's needed, after the
      skb replacement (may have) happened.
      Cc: stable@vger.kernel.org
      Reported-by: default avatarBen Greear <greearb@candelatech.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
    • David S. Miller's avatar
      Merge branch 'l2tp-socket-lookup-fixes' · eb7903bb
      David S. Miller authored
      Guillaume Nault says:
      l2tp: socket lookup fixes for l2tp_ip and l2tp_ip6
      There are still some cases that aren't correctly handled in the socket
      lookup functions of l2tp_ip and l2tp_ip6. This series fixes lookups for
      connected sockets and for sockets bound to the IPv6 unspecified
      bind() and connect() should now work as expected on IPPROTO_L2TP
      sockets. Extra features, like SO_REUSEADDR, remain unsupported.
      The matching conditions in __l2tp_ip6_bind_lookup() and
      __l2tp_ip_bind_lookup() are getting hard to read. I've kept the single
      test approach to make the intend of the patches clear. I'll split the
      conditionals once these fixes reach net-next.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Guillaume Nault's avatar
      l2tp: take remote address into account in l2tp_ip and l2tp_ip6 socket lookups · a9b2dff8
      Guillaume Nault authored
      For connected sockets, __l2tp_ip{,6}_bind_lookup() needs to check the
      remote IP when looking for a matching socket. Otherwise a connected
      socket can receive traffic not originating from its peer.
      Drop l2tp_ip_bind_lookup() and l2tp_ip6_bind_lookup() instead of
      updating their prototype, as these functions aren't used.
      Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Guillaume Nault's avatar
      l2tp: consider '::' as wildcard address in l2tp_ip6 socket lookup · 97b84fd6
      Guillaume Nault authored
      An L2TP socket bound to the unspecified address should match with any
      address. If not, it can't receive any packet and __l2tp_ip6_bind_lookup()
      can't prevent another socket from binding on the same device/tunnel ID.
      While there, rename the 'addr' variable to 'sk_laddr' (local addr), to
      make following patch clearer.
      Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    • Reiter Wolfgang's avatar
      drop_monitor: add missing call to genlmsg_end · 4200462d
      Reiter Wolfgang authored
      Update nlmsg_len field with genlmsg_end to enable userspace processing
      using nlmsg_next helper. Also adds error handling.
      Signed-off-by: default avatarReiter Wolfgang <wr0112358@gmail.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
  3. 01 Jan, 2017 1 commit
  4. 30 Dec, 2016 2 commits
  5. 29 Dec, 2016 10 commits
  6. 28 Dec, 2016 10 commits