Linux kernel source tree https://git.amat.us/linux/atom/net?h=v3.9-rc7 2013-04-10T21:15:27Z 2013-04-10T21:15:27Z Linus Torvalds torvalds@linux-foundation.org 2013-04-10T21:15:27Z urn:sha1:fe2971a01762963c62e9872bfcf0632546342c0f Pull networking fixes from David Miller: 1) cfg80211_conn_scan() must be called with the sched_scan_mutex, fix from Artem Savkov. 2) Fix regression in TCP ICMPv6 processing, we do not want to treat redirects as socket errors, from Christoph Paasch. 3) Fix several recvmsg() msg_name kernel memory leaks into userspace, in ATM, AX25, Bluetooth, CAIF, IRDA, s390 IUCV, L2TP, LLC, Netrom, NFC, Rose, TIPC, and VSOCK. From Mathias Krause and Wei Yongjun. 4) Fix AF_IUCV handling of segmented SKBs in recvmsg(), from Ursula Braun and Eric Dumazet. 5) CAN gw.c code does kfree() on SLAB cache memory, use kmem_cache_free() instead. Fix from Wei Yongjun. 6) Fix LSM regression on TCP SYN/ACKs, some LSMs such as SELINUX want an skb->sk socket context available for these packets, but nothing else requires it. From Eric Dumazet and Paul Moore. 7) Fix ipv4 address lifetime processing so that we don't perform sleepable acts inside of rcu_read_lock() sections, do them in an rtnl_lock() section instead. From Jiri Pirko. 8) mvneta driver accidently sets HW features after device registry, it should do so beforehand. Fix from Willy Tarreau. 9) Fix bonding unload races more correctly, from Nikolay Aleksandrov and Veaceslav Falico. 10) rtnl_dump_ifinfo() and rtnl_calcit() invoke nlmsg_parse() with wrong header size argument. Fix from Michael Riesch. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits) lsm: add the missing documentation for the security_skb_owned_by() hook bnx2x: Prevent null pointer dereference in AFEX mode e100: Add dma mapping error check selinux: add a skb_owned_by() hook can: gw: use kmem_cache_free() instead of kfree() netrom: fix invalid use of sizeof in nr_recvmsg() qeth: fix qeth_wait_for_threads() deadlock for OSN devices af_iucv: fix recvmsg by replacing skb_pull() function rtnetlink: Call nlmsg_parse() with correct header length bonding: fix bonding_masters race condition in bond unloading Revert "bonding: remove sysfs before removing devices" net: mvneta: enable features before registering the driver hyperv: Fix RNDIS send_completion code path hyperv: Fix a kernel warning from netvsc_linkstatus_callback() net: ipv4: fix schedule while atomic bug in check_lifetime() net: ipv4: reset check_lifetime_work after changing lifetime bnx2x: Fix KR2 rapid link flap sctp: remove 'sridhar' from maintainers list VSOCK: Fix missing msg_namelen update in vsock_stream_recvmsg() VSOCK: vmci - fix possible info leak in vmci_transport_dgram_dequeue() ... 2013-04-10T16:00:51Z Linus Torvalds torvalds@linux-foundation.org 2013-04-10T16:00:51Z urn:sha1:f94eeb423bd6061fe68c490dcb11c74e5267f6a2 Pull NFS client bugfixes from Trond Myklebust: - fix for memory corruption issues in nfs4[01]_walk_client_list (stable) - fix for an Oopsable bug in rpc_clone_client (stable) - another state manager deadlock in the NFSv4 open code - memory leaks in nfs4_discover_server_trunking and rpc_new_client * tag 'nfs-for-3.9-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFSv4: Fix another potential state manager deadlock SUNRPC: Fix a potential memory leak in rpc_new_client NFSv4/4.1: Fix bugs in nfs4[01]_walk_client_list NFSv4: Fix a memory leak in nfs4_discover_server_trunking SUNRPC: Remove extra xprt_put() 2013-04-09T17:24:35Z David S. Miller davem@davemloft.net 2013-04-09T17:24:35Z urn:sha1:7b9a035f0ce08e7a77831075e8ac6bf971d0f637 Marc Kleine-Budde says: ==================== here's a fix for the v3.9 release cycle, if not too late: Wei Yongjun contributes a patch for the can-gw protocoll. The patch fixes the memory allocated with kmem_cache_alloc(), is now freed using kmem_cache_free(), not kfree(). ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 2013-04-09T17:23:11Z Eric Dumazet edumazet@google.com 2013-04-08T17:58:11Z urn:sha1:ca10b9e9a8ca7342ee07065289cbe74ac128c169 Commit 90ba9b1986b5ac (tcp: tcp_make_synack() can use alloc_skb()) broke certain SELinux/NetLabel configurations by no longer correctly assigning the sock to the outgoing SYNACK packet. Cost of atomic operations on the LISTEN socket is quite big, and we would like it to happen only if really needed. This patch introduces a new security_ops->skb_owned_by() method, that is a void operation unless selinux is active. Reported-by: Miroslav Vadkerti <mvadkert@redhat.com> Diagnosed-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-security-module@vger.kernel.org Acked-by: James Morris <james.l.morris@oracle.com> Tested-by: Paul Moore <pmoore@redhat.com> Acked-by: Paul Moore <pmoore@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-04-09T07:58:44Z Wei Yongjun yongjun_wei@trendmicro.com.cn 2013-04-09T06:16:04Z urn:sha1:3480a2125923e4b7a56d79efc76743089bf273fc Memory allocated by kmem_cache_alloc() should be freed using kmem_cache_free(), not kfree(). Cc: linux-stable <stable@vger.kernel.org> # >= v3.2 Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2013-04-09T02:49:23Z Wei Yongjun yongjun_wei@trendmicro.com.cn 2013-04-09T02:07:19Z urn:sha1:c802d759623acbd6e1ee9fbdabae89159a513913 sizeof() when applied to a pointer typed expression gives the size of the pointer, not that of the pointed data. Introduced by commit 3ce5ef(netrom: fix info leak via msg_name in nr_recvmsg) Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-04-08T21:16:57Z Ursula Braun ursula.braun@de.ibm.com 2013-04-07T22:19:26Z urn:sha1:f9c41a62bba3f3f7ef3541b2a025e3371bcbba97 When receiving data messages, the "BUG_ON(skb->len < skb->data_len)" in the skb_pull() function triggers a kernel panic. Replace the skb_pull logic by a per skb offset as advised by Eric Dumazet. Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com> Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com> Reviewed-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-04-08T21:12:26Z Michael Riesch michael.riesch@omicron.at 2013-04-08T05:45:26Z urn:sha1:88c5b5ce5cb57af6ca2a7cf4d5715fa320448ff9 Signed-off-by: Michael Riesch <michael.riesch@omicron.at> Cc: "David S. Miller" <davem@davemloft.net> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Jiri Benc <jbenc@redhat.com> Cc: "Theodore Ts'o" <tytso@mit.edu> Cc: linux-kernel@vger.kernel.org Acked-by: Mark Rustad <mark.d.rustad@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-04-08T18:26:57Z John W. Linville linville@tuxdriver.com 2013-04-08T18:26:57Z urn:sha1:64e5751918b4d03015b185750a46ecd050e1ce77 2013-04-08T16:04:51Z Jiri Pirko jiri@resnulli.us 2013-04-04T23:39:39Z urn:sha1:c988d1e8cbf722e34ee6124b8b89d47fec655b51 move might_sleep operations out of the rcu_read_lock() section. Also fix iterating over ifa_dev->ifa_list Introduced by: commit 5c766d642bcaf "ipv4: introduce address lifetime" Signed-off-by: Jiri Pirko <jiri@resnulli.us> Signed-off-by: David S. Miller <davem@davemloft.net>