kernel/linux.git/net, branch v3.0.28Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v3.0.282012-04-13T15:14:08+00:00Bluetooth: Fix l2cap conn failures for ssp devices2012-04-13T15:14:08+00:00Peter Hurleypeter@hurleysoftware.com2012-04-02T11:44:56+00:00urn:sha1:073c4aec557b87d0c5b6f8b6b1910b356088eaf3
commit 18daf1644e634bae951a6e3d4d19d89170209762 upstream
Commit 330605423c fixed l2cap conn establishment for non-ssp remote
devices by not setting HCI_CONN_ENCRYPT_PEND every time conn security
is tested (which was always returning failure on any subsequent
security checks).
However, this broke l2cap conn establishment for ssp remote devices
when an ACL link was already established at SDP-level security. This
fix ensures that encryption must be pending whenever authentication
is also pending.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
Acked-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
mac80211: fix possible tid_rx->reorder_timer use after free2012-04-13T15:14:06+00:00Stanislaw Gruszkasgruszka@redhat.com2012-03-19T15:00:26+00:00urn:sha1:eb221774b352966c562b5c92a28d01ddc1bc4393
commit d72308bff5c2fa207949a5925b020bce74495e33 upstream.
Is possible that we will arm the tid_rx->reorder_timer after
del_timer_sync() in ___ieee80211_stop_rx_ba_session(). We need to stop
timer after RCU grace period finish, so move it to
ieee80211_free_tid_rx(). Timer will not be armed again, as
rcu_dereference(sta->ampdu_mlme.tid_rx[tid]) will return NULL.
Debug object detected problem with the following warning:
ODEBUG: free active (active state 0) object type: timer_list hint: sta_rx_agg_reorder_timer_expired+0x0/0xf0 [mac80211]
Bug report (with all warning messages):
https://bugzilla.redhat.com/show_bug.cgi?id=804007
Reported-by: "jan p. springer" <jsd@igroup.org>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
rose_dev: fix memcpy-bug in rose_set_mac_address2012-04-13T15:14:05+00:00danborkmann@iogearbox.netdanborkmann@iogearbox.net2012-03-27T22:47:43+00:00urn:sha1:cea90bebaab0e962cf9a954ef41cc1893da7b3bf
[ Upstream commit 81213b5e8ae68e204aa7a3f83c4f9100405dbff9 ]
If both addresses equal, nothing needs to be done. If the device is down,
then we simply copy the new address to dev->dev_addr. If the device is up,
then we add another loopback device with the new address, and if that does
not fail, we remove the loopback device with the old address. And only
then, we update the dev->dev_addr.
Signed-off-by: Daniel Borkmann <daniel.borkmann@tik.ee.ethz.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
nfsd: don't allow zero length strings in cache_parse()2012-04-02T16:27:21+00:00Dan Carpenterdan.carpenter@oracle.com2012-01-18T09:56:02+00:00urn:sha1:8bb8ebe7b77228209006ea945104e37294608b93
commit 6d8d17499810479eabd10731179c04b2ca22152f upstream.
There is no point in passing a zero length string here and quite a
few of that cache_parse() implementations will Oops if count is
zero.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
xfrm: Access the replay notify functions via the registered callbacks2012-04-02T16:27:21+00:00Steffen Klassertsteffen.klassert@secunet.com2012-03-21T23:36:13+00:00urn:sha1:096e4eafb36436b6ce6e8dc372bc5f6e11804e68
[ Upstream commit 1265fd616782ef03b98fd19f65c2b47fcd4ea11f ]
We call the wrong replay notify function when we use ESN replay
handling. This leads to the fact that we don't send notifications
if we use ESN. Fix this by calling the registered callbacks instead
of xfrm_replay_notify().
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Remove printk from rds_sendmsg2012-04-02T16:27:21+00:00Dave Jonesdavej@redhat.com2012-03-19T13:01:07+00:00urn:sha1:276b5b3b43807632637cdd160eba2c5facb7e14a
[ Upstream commit a6506e1486181975d318344143aca722b2b91621 ]
no socket layer outputs a message for this error and neither should rds.
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net: fix napi_reuse_skb() skb reserve2012-04-02T16:27:21+00:00Eric Dumazeteric.dumazet@gmail.com2012-03-21T06:58:03+00:00urn:sha1:99b8230daca979e0c0b988cfb80566791354a077
[ Upstream commit 2a2a459eeeff48640dc557548ce576d666ab06ed ]
napi->skb is allocated in napi_get_frags() using
netdev_alloc_skb_ip_align(), with a reserve of NET_SKB_PAD +
NET_IP_ALIGN bytes.
However, when such skb is recycled in napi_reuse_skb(), it ends with a
reserve of NET_IP_ALIGN which is suboptimal.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net: fix a potential rcu_read_lock() imbalance in rt6_fill_node()2012-04-02T16:27:20+00:00Eric Dumazeteric.dumazet@gmail.com2012-03-27T09:53:52+00:00urn:sha1:e033155d0b495becfdc28f46ad20089dc8a13060
[ Upstream commit 94f826b8076e2cb92242061e92f21b5baa3eccc2 ]
Commit f2c31e32b378 (net: fix NULL dereferences in check_peer_redir() )
added a regression in rt6_fill_node(), leading to rcu_read_lock()
imbalance.
Thats because NLA_PUT() can make a jump to nla_put_failure label.
Fix this by using nla_put()
Many thanks to Ben Greear for his help
Reported-by: Ben Greear <greearb@candelatech.com>
Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fix pppol2tp getsockname()2012-04-02T16:27:20+00:00Benjamin LaHaisebcrl@kvack.org2012-03-20T03:57:54+00:00urn:sha1:6a26d49c67b852cfd9144f86f628f57c8ca00977
[ Upstream commit bbdb32cb5b73597386913d052165423b9d736145 ]
While testing L2TP functionality, I came across a bug in getsockname(). The
IP address returned within the pppol2tp_addr's addr memember was not being
set to the IP address in use. This bug is caused by using inet_sk() on the
wrong socket (the L2TP socket rather than the underlying UDP socket), and was
likely introduced during the addition of L2TPv3 support.
Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
SUNRPC: We must not use list_for_each_entry_safe() in rpc_wake_up()2012-04-02T16:27:17+00:00Trond MyklebustTrond.Myklebust@netapp.com2012-03-19T17:39:35+00:00urn:sha1:77d77ab09b1b57cf3cc30d0dbdf8c55137146a8f
commit 540a0f7584169651f485e8ab67461fcb06934e38 upstream.
The problem is that for the case of priority queues, we
have to assume that __rpc_remove_wait_queue_priority will move new
elements from the tk_wait.links lists into the queue->tasks[] list.
We therefore cannot use list_for_each_entry_safe() on queue->tasks[],
since that will skip these new tasks that __rpc_remove_wait_queue_priority
is adding.
Without this fix, rpc_wake_up and rpc_wake_up_status will both fail
to wake up all functions on priority wait queues, which can result
in some nasty hangs.
Reported-by: Andy Adamson <andros@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>