<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/net, branch v2.6.34.4</title>
<subtitle>Linux kernel source tree</subtitle>
<id>https://git.amat.us/linux/atom/net?h=v2.6.34.4</id>
<link rel='self' href='https://git.amat.us/linux/atom/net?h=v2.6.34.4'/>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/'/>
<updated>2010-08-13T20:27:32Z</updated>
<entry>
<title>arp_notify: allow drivers to explicitly request a notification event.</title>
<updated>2010-08-13T20:27:32Z</updated>
<author>
<name>Ian Campbell</name>
<email>Ian.Campbell@citrix.com</email>
</author>
<published>2010-05-26T00:09:42Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=ae6e10251a1a2dc6c2f2ccbe7f8a963d49623069'/>
<id>urn:sha1:ae6e10251a1a2dc6c2f2ccbe7f8a963d49623069</id>
<content type='text'>
commit 06c4648d46d1b757d6b9591a86810be79818b60c upstream.

Currently such notifications are only generated when the device comes up or the
address changes. However one use case for these notifications is to enable
faster network recovery after a virtual machine migration (by causing switches
to relearn their MAC tables). A migration appears to the network stack as a
temporary loss of carrier and therefore does not trigger either of the current
conditions. Rather than adding carrier up as a trigger (which can cause issues
when interfaces a flapping) simply add an interface which the driver can use
to explicitly trigger the notification.

Signed-off-by: Ian Campbell &lt;ian.campbell@citrix.com&gt;
Cc: Stephen Hemminger &lt;shemminger@linux-foundation.org&gt;
Cc: Jeremy Fitzhardinge &lt;jeremy@goop.org&gt;
Cc: David S. Miller &lt;davem@davemloft.net&gt;
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>mac80211: avoid scheduling while atomic in mesh_rx_plink_frame</title>
<updated>2010-08-10T17:54:13Z</updated>
<author>
<name>John W. Linville</name>
<email>linville@tuxdriver.com</email>
</author>
<published>2010-06-21T21:14:07Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=6f3748cccb3c3a02265deb4cd66948d4ce2755d3'/>
<id>urn:sha1:6f3748cccb3c3a02265deb4cd66948d4ce2755d3</id>
<content type='text'>
commit c937019761a758f2749b1f3a032b7a91fb044753 upstream.

While mesh_rx_plink_frame holds sta-&gt;lock...

mesh_rx_plink_frame -&gt;
	mesh_plink_inc_estab_count -&gt;
		ieee80211_bss_info_change_notify

...but ieee80211_bss_info_change_notify is allowed to sleep.  A driver
taking advantage of that allowance can cause a scheduling while
atomic bug.  Similar paths exist for mesh_plink_dec_estab_count,
so work around those as well.

http://bugzilla.kernel.org/show_bug.cgi?id=16099

Also, correct a minor kerneldoc comment error (mismatched function names).

Signed-off-by: John W. Linville &lt;linville@tuxdriver.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>cfg80211: don't get expired BSSes</title>
<updated>2010-08-10T17:54:12Z</updated>
<author>
<name>Johannes Berg</name>
<email>johannes.berg@intel.com</email>
</author>
<published>2010-07-13T08:55:38Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=d3ae12acd666aadac7834b0389e4a15046aa4132'/>
<id>urn:sha1:d3ae12acd666aadac7834b0389e4a15046aa4132</id>
<content type='text'>
commit ccb6c1360f8dd43303c659db718e7e0b24175db5 upstream.

When kernel-internal users use cfg80211_get_bss()
to get a reference to a BSS struct, they may end
up getting one that would have been removed from
the list if there had been any userspace access
to the list. This leads to inconsistencies and
problems.

Fix it by making cfg80211_get_bss() ignore BSSes
that cfg80211_bss_expire() would remove.

Fixes http://bugzilla.intellinuxwireless.org/show_bug.cgi?id=2180

Reported-by: Jiajia Zheng &lt;jiajia.zheng@intel.com&gt;
Tested-by: Jiajia Zheng &lt;jiajia.zheng@intel.com&gt;
Signed-off-by: Johannes Berg &lt;johannes.berg@intel.com&gt;
Signed-off-by: John W. Linville &lt;linville@tuxdriver.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>cfg80211: ignore spurious deauth</title>
<updated>2010-08-10T17:54:12Z</updated>
<author>
<name>Johannes Berg</name>
<email>johannes.berg@intel.com</email>
</author>
<published>2010-07-12T12:46:43Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=512a9dbfd62bea0a8b9ec5654288e2f0336c7416'/>
<id>urn:sha1:512a9dbfd62bea0a8b9ec5654288e2f0336c7416</id>
<content type='text'>
commit 643f82e32f14faf0d0944c804203a6681b6b0a1e upstream.

Ever since mac80211/drivers are no longer
fully in charge of keeping track of the
auth status, trying to make them do so will
fail. Instead of warning and reporting the
deauthentication to userspace, cfg80211 must
simply ignore it so that spurious
deauthentications, e.g. before starting
authentication, aren't seen by userspace as
actual deauthentications.

Reported-by: Paul Stewart &lt;pstew@google.com&gt;
Signed-off-by: Johannes Berg &lt;johannes.berg@intel.com&gt;
Signed-off-by: John W. Linville &lt;linville@tuxdriver.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>9p: strlen() doesn't count the terminator</title>
<updated>2010-08-10T17:54:09Z</updated>
<author>
<name>Dan Carpenter</name>
<email>error27@gmail.com</email>
</author>
<published>2010-07-09T23:51:54Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=7ac2eb70d871029d6e7d3e6e5745d519de0b5a08'/>
<id>urn:sha1:7ac2eb70d871029d6e7d3e6e5745d519de0b5a08</id>
<content type='text'>
commit 5c4bfa17f3ec46becec4b23d12323f7605ebd696 upstream.

This is an off by one bug because strlen() doesn't count the NULL
terminator.  We strcpy() addr into a fixed length array of size
UNIX_PATH_MAX later on.

The addr variable is the name of the device being mounted.

Signed-off-by: Dan Carpenter &lt;error27@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>mac80211: fix supported rates IE if AP doesn't give us it's rates</title>
<updated>2010-08-02T17:30:16Z</updated>
<author>
<name>Stanislaw Gruszka</name>
<email>sgruszka@redhat.com</email>
</author>
<published>2010-04-28T15:03:15Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=131637b6e8287c90239ce1e5e6311d2e93986bce'/>
<id>urn:sha1:131637b6e8287c90239ce1e5e6311d2e93986bce</id>
<content type='text'>
commit 76f273640134f3eb8257179cd5b3bc6ba5fe4a96 upstream.

If AP do not provide us supported rates before assiociation, send
all rates we are supporting instead of empty information element.

v1 -&gt; v2: Add comment.

Signed-off-by: Stanislaw Gruszka &lt;sgruszka@redhat.com&gt;
Signed-off-by: John W. Linville &lt;linville@tuxdriver.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>ethtool: Fix potential user buffer overflow for ETHTOOL_{G, S}RXFH</title>
<updated>2010-08-02T17:30:05Z</updated>
<author>
<name>Ben Hutchings</name>
<email>ben@decadent.org.uk</email>
</author>
<published>2010-07-28T22:59:18Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=2a8b96d1e1100fbd27aaa69ea760dd10e38ab9cf'/>
<id>urn:sha1:2a8b96d1e1100fbd27aaa69ea760dd10e38ab9cf</id>
<content type='text'>
commit bf988435bd5b53529f4408a8efb1f433f6ddfda9 upstream.

struct ethtool_rxnfc was originally defined in 2.6.27 for the
ETHTOOL_{G,S}RXFH command with only the cmd, flow_type and data
fields.  It was then extended in 2.6.30 to support various additional
commands.  These commands should have been defined to use a new
structure, but it is too late to change that now.

Since user-space may still be using the old structure definition
for the ETHTOOL_{G,S}RXFH commands, and since they do not need the
additional fields, only copy the originally defined fields to and
from user-space.

Signed-off-by: Ben Hutchings &lt;bhutchings@solarflare.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;
</content>
</entry>
<entry>
<title>ethtool: Fix potential kernel buffer overflow in ETHTOOL_GRXCLSRLALL</title>
<updated>2010-08-02T17:29:49Z</updated>
<author>
<name>Ben Hutchings</name>
<email>bhutchings@solarflare.com</email>
</author>
<published>2010-06-28T08:44:07Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=b2ae72c4a8c172cd4fbe987c0f90764e5b63c55c'/>
<id>urn:sha1:b2ae72c4a8c172cd4fbe987c0f90764e5b63c55c</id>
<content type='text'>
commit db048b69037e7fa6a7d9e95a1271a50dc08ae233 upstream.

On a 32-bit machine, info.rule_cnt &gt;= 0x40000000 leads to integer
overflow and the buffer may be smaller than needed.  Since
ETHTOOL_GRXCLSRLALL is unprivileged, this can presumably be used for at
least denial of service.

Signed-off-by: Ben Hutchings &lt;bhutchings@solarflare.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>netfilter: ip6t_REJECT: fix a dst leak in ipv6 REJECT</title>
<updated>2010-08-02T17:29:41Z</updated>
<author>
<name>Eric Dumazet</name>
<email>eric.dumazet@gmail.com</email>
</author>
<published>2010-07-02T08:05:01Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=7501f55f2be0c60f3ec5efe8c15a790665e7ac1a'/>
<id>urn:sha1:7501f55f2be0c60f3ec5efe8c15a790665e7ac1a</id>
<content type='text'>
commit 499031ac8a3df6738f6186ded9da853e8ea18253 upstream.

We should release dst if dst-&gt;error is set.

Bug introduced in 2.6.14 by commit e104411b82f5c
([XFRM]: Always release dst_entry on error in xfrm_lookup)

Signed-off-by: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
<entry>
<title>ipv6: fix NULL reference in proxy neighbor discovery</title>
<updated>2010-08-02T17:29:41Z</updated>
<author>
<name>stephen hemminger</name>
<email>shemminger@vyatta.com</email>
</author>
<published>2010-06-21T11:00:13Z</published>
<link rel='alternate' type='text/html' href='https://git.amat.us/linux/commit/?id=1c77d470de34f59fc60e24c6e8f90ab9917503a0'/>
<id>urn:sha1:1c77d470de34f59fc60e24c6e8f90ab9917503a0</id>
<content type='text'>
commit 9f888160bdcccf0565dd2774956b8d9456e610be upstream.

The addition of TLLAO option created a kernel OOPS regression
for the case where neighbor advertisement is being sent via
proxy path.  When using proxy, ipv6_get_ifaddr() returns NULL
causing the NULL dereference.

Change causing the bug was:
commit f7734fdf61ec6bb848e0bafc1fb8bad2c124bb50
Author: Octavian Purdila &lt;opurdila@ixiacom.com&gt;
Date:   Fri Oct 2 11:39:15 2009 +0000

    make TLLAO option for NA packets configurable

Signed-off-by: Stephen Hemminger &lt;shemminger@vyatta.com&gt;
Acked-by: YOSHIFUJI Hideaki &lt;yoshfuji@linux-ipv6.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@suse.de&gt;

</content>
</entry>
</feed>
