)]}' { "log": [ { "commit": "76db8ac45fc738f7d7664fe9b56d15c594a45228", "tree": "eca23feab074d505b375e27714473f4ad337bd85", "parents": [ "caf8394524fdc039b090cd3af99157e9e76f4f06", "3105c19c450ac7c18ab28c19d364b588767261b3" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 19 15:32:22 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 19 15:32:22 2010 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:\n ceph: fix readdir EOVERFLOW on 32-bit archs\n ceph: fix frag offset for non-leftmost frags\n ceph: fix dangling pointer\n ceph: explicitly specify page alignment in network messages\n ceph: make page alignment explicit in osd interface\n ceph: fix comment, remove extraneous args\n ceph: fix update of ctime from MDS\n ceph: fix version check on racing inode updates\n ceph: fix uid/gid on resent mds requests\n ceph: fix rdcache_gen usage and invalidate\n ceph: re-request max_size if cap auth changes\n ceph: only let auth caps update max_size\n ceph: fix open for write on clustered mds\n ceph: fix bad pointer dereference in ceph_fill_trace\n ceph: fix small seq message skipping\n Revert \"ceph: update issue_seq on cap grant\"\n" }, { "commit": "caf8394524fdc039b090cd3af99157e9e76f4f06", "tree": "c58af82b15459a55a66bfae3a9d83a23c2d2c62c", "parents": [ "6656b3fc8aba2eb7ca00c06c7fe4917938b0b652", "0302b8622ce696af1cda22fcf207d3793350e896" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 19 15:25:59 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 19 15:25:59 2010 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (31 commits)\n net: fix kernel-doc for sk_filter_rcu_release\n be2net: Fix to avoid firmware update when interface is not open.\n netfilter: fix IP_VS dependencies\n net: irda: irttp: sync error paths of data- and udata-requests\n ipv6: Expose reachable and retrans timer values as msecs\n ipv6: Expose IFLA_PROTINFO timer values in msecs instead of jiffies\n 3c59x: fix build failure on !CONFIG_PCI\n ipg.c: remove id [SUNDANCE, 0x1021]\n net: caif: spi: fix potential NULL dereference\n ath9k_htc: Avoid setting QoS control for non-QoS frames\n net: zero kobject in rx_queue_release\n net: Fix duplicate volatile warning.\n MAINTAINERS: Add stmmac maintainer\n bonding: fix a race in IGMP handling\n cfg80211: fix can_beacon_sec_chan, reenable HT40\n gianfar: fix signedness issue\n net: bnx2x: fix error value sign\n 8139cp: fix checksum broken\n r8169: fix checksum broken\n rds: Integer overflow in RDS cmsg handling\n ...\n" }, { "commit": "0302b8622ce696af1cda22fcf207d3793350e896", "tree": "70d8b124dcd37db847c5a6e997fca466458d024e", "parents": [ "d9efd2af461abb7b54c49c1b7e654d496dd1d379" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu Nov 18 13:02:37 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 19 09:27:15 2010 -0800" }, "message": "net: fix kernel-doc for sk_filter_rcu_release\n\nFix kernel-doc warning for sk_filter_rcu_release():\n\nWarning(net/core/filter.c:586): missing initial short description on line:\n * \tsk_filter_rcu_release: Release a socket filter by rcu_head\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nCc:\t\"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc:\tnetdev@vger.kernel.org\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "dba4490d22a496f9b7c21919cf3effbed5851213", "tree": "c66928ae2f6f7c9677266c2d84d3c92c0fc80b46", "parents": [ "925e277f5221defdc53cbef1ac3ed1803fa32357" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Thu Nov 18 08:20:57 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 13:14:33 2010 -0800" }, "message": "netfilter: fix IP_VS dependencies\n\nWhen NF_CONNTRACK is enabled, IP_VS uses conntrack symbols.\nTherefore IP_VS can\u0027t be linked statically when conntrack\nis built modular.\n\nReported-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nTested-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "925e277f5221defdc53cbef1ac3ed1803fa32357", "tree": "5d11dc5bf2e6ca2ef848a3722c9270e59e4def67", "parents": [ "18a31e1e282f9ed563b131526a88162ccbe04ee3" ], "author": { "name": "Wolfram Sang", "email": "w.sang@pengutronix.de", "time": "Tue Nov 16 09:40:02 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 12:24:25 2010 -0800" }, "message": "net: irda: irttp: sync error paths of data- and udata-requests\n\nirttp_data_request() returns meaningful errorcodes, while irttp_udata_request()\njust returns -1 in similar situations. Sync the two and the loglevels of the\naccompanying output.\n\nSigned-off-by: Wolfram Sang \u003cw.sang@pengutronix.de\u003e\nCc: Samuel Ortiz \u003csameo@linux.intel.com\u003e\nCc: David Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "18a31e1e282f9ed563b131526a88162ccbe04ee3", "tree": "1ab16b75f4302854d5b2840143624577189f9997", "parents": [ "07bfa524d4c67acbb6b6fbdd1dea923d07853c04" ], "author": { "name": "Thomas Graf", "email": "tgraf@infradead.org", "time": "Wed Nov 17 04:12:02 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 12:08:36 2010 -0800" }, "message": "ipv6: Expose reachable and retrans timer values as msecs\n\nExpose reachable and retrans timer values in msecs instead of jiffies.\nBoth timer values are already exposed as msecs in the neighbour table\nnetlink interface.\n\nThe creation timestamp format with increased precision is kept but\ncleaned up.\n\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nCc: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "07bfa524d4c67acbb6b6fbdd1dea923d07853c04", "tree": "6e3819f13d3f4efa9c099cf227b1d42b1bc78620", "parents": [ "93908d192686d8285dd6441ff855df92a40103d2", "3bf30b56c4f0a1c4fae34050b7db4527c92891e8" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 11:56:09 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 11:56:09 2010 -0800" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6\n" }, { "commit": "93908d192686d8285dd6441ff855df92a40103d2", "tree": "f5d22a57782538cb2fe3a794294eef72bc8ede08", "parents": [ "d530db0db90378b5674cb78d9c0cfcc83f851a5e" ], "author": { "name": "Thomas Graf", "email": "tgraf@infradead.org", "time": "Wed Nov 17 01:44:24 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 11:05:01 2010 -0800" }, "message": "ipv6: Expose IFLA_PROTINFO timer values in msecs instead of jiffies\n\nIFLA_PROTINFO exposes timer related per device settings in jiffies.\nChange it to expose these values in msecs like the sysctl interface\ndoes.\n\nI did not find any users of IFLA_PROTINFO which rely on any of these\nvalues and even if there are, they are likely already broken because\nthere is no way for them to reliably convert such a value to another\ntime format.\n\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nCc: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7d8e76bf9ac3604897f0ce12e8bf09b68c2a2c89", "tree": "c22856a3f630d3fb3067aa1a89f8f884f97dcc40", "parents": [ "ef22b7b65f0eda9015becc7bff225a399914a242" ], "author": { "name": "John Fastabend", "email": "john.r.fastabend@intel.com", "time": "Tue Nov 16 19:42:53 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 09:41:40 2010 -0800" }, "message": "net: zero kobject in rx_queue_release\n\nnetif_set_real_num_rx_queues() can decrement and increment\nthe number of rx queues. For example ixgbe does this as\nfeatures and offloads are toggled. Presumably this could\nalso happen across down/up on most devices if the available\nresources changed (cpu offlined).\n\nThe kobject needs to be zero\u0027d in this case so that the\nstate is not preserved across kobject_put()/kobject_init_and_add().\n\nThis resolves the following error report.\n\nixgbe 0000:03:00.0: eth2: NIC Link is Up 10 Gbps, Flow Control: RX/TX\nkobject (ffff880324b83210): tried to init an initialized object, something is seriously wrong.\nPid: 1972, comm: lldpad Not tainted 2.6.37-rc18021qaz+ #169\nCall Trace:\n [\u003cffffffff8121c940\u003e] kobject_init+0x3a/0x83\n [\u003cffffffff8121cf77\u003e] kobject_init_and_add+0x23/0x57\n [\u003cffffffff8107b800\u003e] ? mark_lock+0x21/0x267\n [\u003cffffffff813c6d11\u003e] net_rx_queue_update_kobjects+0x63/0xc6\n [\u003cffffffff813b5e0e\u003e] netif_set_real_num_rx_queues+0x5f/0x78\n [\u003cffffffffa0261d49\u003e] ixgbe_set_num_queues+0x1c6/0x1ca [ixgbe]\n [\u003cffffffffa0262509\u003e] ixgbe_init_interrupt_scheme+0x1e/0x79c [ixgbe]\n [\u003cffffffffa0274596\u003e] ixgbe_dcbnl_set_state+0x167/0x189 [ixgbe]\n\nSigned-off-by: John Fastabend \u003cjohn.r.fastabend@intel.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "09a02fdb919876c01e8f05960750a418b3f7fa48", "tree": "56be1e83394ba38590ab16a0d2905fe49e05414d", "parents": [ "9236d838c920e90708570d9bbd7bb82d30a38130" ], "author": { "name": "Mark Mentovai", "email": "mark@moxienet.com", "time": "Wed Nov 17 16:34:37 2010 -0500" }, "committer": { "name": "John W. Linville", "email": "linville@tuxdriver.com", "time": "Thu Nov 18 11:35:05 2010 -0500" }, "message": "cfg80211: fix can_beacon_sec_chan, reenable HT40\n\nThis follows wireless-testing 9236d838c920e90708570d9bbd7bb82d30a38130\n(\"cfg80211: fix extension channel checks to initiate communication\") and\nfixes accidental case fall-through. Without this fix, HT40 is entirely\nblocked.\n\nSigned-off-by: Mark Mentovai \u003cmark@moxienet.com\u003e\nCc: stable@kernel.org\nAcked-by: Luis R. Rodriguez \u003clrodriguez@atheros.com\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n" }, { "commit": "218854af84038d828a32f061858b1902ed2beec6", "tree": "d5c688bc9856b3763e354619ff46ebe20edad891", "parents": [ "7d98ffd8c2d1da6cec5d84eba42c4aa836a93f85" ], "author": { "name": "Dan Rosenberg", "email": "drosenberg@vsecurity.com", "time": "Wed Nov 17 06:37:16 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 17 12:20:52 2010 -0800" }, "message": "rds: Integer overflow in RDS cmsg handling\n\nIn rds_cmsg_rdma_args(), the user-provided args-\u003enr_local value is\nrestricted to less than UINT_MAX. This seems to need a tighter upper\nbound, since the calculation of total iov_size can overflow, resulting\nin a small sock_kmalloc() allocation. This would probably just result\nin walking off the heap and crashing when calling rds_rdma_pages() with\na high count value. If it somehow doesn\u0027t crash here, then memory\ncorruption could occur soon after.\n\nSigned-off-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "451a3c24b0135bce54542009b5fde43846c7cf67", "tree": "f0fbbcc155aef2a1ffcb8aa593fe7a966d0e6900", "parents": [ "55f6561c6941713ab5ae9180525b026dd40b7d14" ], "author": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Wed Nov 17 16:26:55 2010 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 17 08:59:32 2010 -0800" }, "message": "BKL: remove extraneous #include \u003csmp_lock.h\u003e\n\nThe big kernel lock has been removed from all these files at some point,\nleaving only the #include.\n\nRemove this too as a cleanup.\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9236d838c920e90708570d9bbd7bb82d30a38130", "tree": "ee2d9ae6b4f82efe3b28e33abebec96b7e136141", "parents": [ "b5261cf4f3860bd772346a3e692683b6144dd44c" ], "author": { "name": "Luis R. Rodriguez", "email": "lrodriguez@atheros.com", "time": "Fri Nov 12 16:31:23 2010 -0800" }, "committer": { "name": "John W. Linville", "email": "linville@tuxdriver.com", "time": "Tue Nov 16 15:59:39 2010 -0500" }, "message": "cfg80211: fix extension channel checks to initiate communication\n\nWhen operating in a mode that initiates communication and using\nHT40 we should fail if we cannot use both primary and secondary\nchannels to initiate communication. Our current ht40 allowmap\nonly covers STA mode of operation, for beaconing modes we need\na check on the fly as the mode of operation is dynamic and\nthere other flags other than disable which we should read\nto check if we can initiate communication.\n\nDo not allow for initiating communication if our secondary HT40\nchannel has is either disabled, has a passive scan flag, a\nno-ibss flag or is a radar channel. Userspace now has similar\nchecks but this is also needed in-kernel.\n\nReported-by: Jouni Malinen \u003cjouni.malinen@atheros.com\u003e\nCc: stable@kernel.org\nSigned-off-by: Luis R. Rodriguez \u003clrodriguez@atheros.com\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n" }, { "commit": "7d98ffd8c2d1da6cec5d84eba42c4aa836a93f85", "tree": "398437e234367d8184bbaed1b3af8dc8ed7d5d3a", "parents": [ "4c62ab9c538bc09c38093fa079e6902ea4d42b98" ], "author": { "name": "Ulrich Weber", "email": "uweber@astaro.com", "time": "Fri Nov 05 01:39:12 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 16 11:43:39 2010 -0800" }, "message": "xfrm: update flowi saddr in icmp_send if unset\n\notherwise xfrm_lookup will fail to find correct policy\n\nSigned-off-by: Ulrich Weber \u003cuweber@astaro.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4c62ab9c538bc09c38093fa079e6902ea4d42b98", "tree": "d67bb872f84197369d82985702b6517a7a3f289a", "parents": [ "3b42a96dc7870c53d20b419185737d3b8f7a7b74" ], "author": { "name": "Wolfram Sang", "email": "w.sang@pengutronix.de", "time": "Tue Nov 16 09:50:47 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 16 09:50:47 2010 -0800" }, "message": "irda: irttp: allow zero byte packets\n\nSending zero byte packets is not neccessarily an error (AF_INET accepts it,\ntoo), so just apply a shortcut. This was discovered because of a non-working\nsoftware with WINE. See\n\n http://bugs.winehq.org/show_bug.cgi?id\u003d19397#c86\n http://thread.gmane.org/gmane.linux.irda.general/1643\n\nfor very detailed debugging information and a testcase. Kudos to Wolfgang for\nthose!\n\nReported-by: Wolfgang Schwotzer \u003cwolfgang.schwotzer@gmx.net\u003e\nSigned-off-by: Wolfram Sang \u003cw.sang@pengutronix.de\u003e\nTested-by: Mike Evans \u003cmike.evans@cardolan.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "94f58df8e545657f0b2d16eca1ac7a4ec39ed6be", "tree": "cf914f47862fdabb86257f18b671754c38c2ca8f", "parents": [ "5685b971362651ee3d99ff3cc512c3bbd049d34d" ], "author": { "name": "Jesper Juhl", "email": "jj@chaosbits.net", "time": "Sun Nov 07 22:11:34 2010 +0100" }, "committer": { "name": "Trond Myklebust", "email": "Trond.Myklebust@netapp.com", "time": "Tue Nov 16 11:58:51 2010 -0500" }, "message": "SUNRPC: Simplify rpc_alloc_iostats by removing pointless local variable\n\nHi,\n\nWe can simplify net/sunrpc/stats.c::rpc_alloc_iostats() a bit by getting\nrid of the unneeded local variable \u0027new\u0027.\n\nPlease CC me on replies.\n\nSigned-off-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n" }, { "commit": "9457b24a0955bbdd2e89220a75de69fe09501bba", "tree": "cb484848e14cc2705c4513ad3ec1f0420a4d55db", "parents": [ "80ef913f5e6a84551545016cea709f5e96d0cda6", "0597d1b99fcfc2c0eada09a698f85ed413d4ba84" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 12 17:17:55 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 12 17:17:55 2010 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (66 commits)\n can-bcm: fix minor heap overflow\n gianfar: Do not call device_set_wakeup_enable() under a spinlock\n ipv6: Warn users if maximum number of routes is reached.\n docs: Add neigh/gc_thresh3 and route/max_size documentation.\n axnet_cs: fix resume problem for some Ax88790 chip\n ipv6: addrconf: don\u0027t remove address state on ifdown if the address is being kept\n tcp: Don\u0027t change unlocked socket state in tcp_v4_err().\n x25: Prevent crashing when parsing bad X.25 facilities\n cxgb4vf: add call to Firmware to reset VF State.\n cxgb4vf: Fail open if link_start() fails.\n cxgb4vf: flesh out PCI Device ID Table ...\n cxgb4vf: fix some errors in Gather List to skb conversion\n cxgb4vf: fix bug in Generic Receive Offload\n cxgb4vf: don\u0027t implement trivial (and incorrect) ndo_select_queue()\n ixgbe: Look inside vlan when determining offload protocol.\n bnx2x: Look inside vlan when determining checksum proto.\n vlan: Add function to retrieve EtherType from vlan packets.\n virtio-net: init link state correctly\n ucc_geth: Fix deadlock\n ucc_geth: Do not bring the whole IF down when TX failure.\n ...\n" }, { "commit": "0597d1b99fcfc2c0eada09a698f85ed413d4ba84", "tree": "c66d570cfa83daadde69179557183dafeeab7ed8", "parents": [ "6c4f199411f254bf3713b04ed8653f0955883309" ], "author": { "name": "Oliver Hartkopp", "email": "socketcan@hartkopp.net", "time": "Wed Nov 10 12:10:30 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 14:07:14 2010 -0800" }, "message": "can-bcm: fix minor heap overflow\n\nOn 64-bit platforms the ASCII representation of a pointer may be up to 17\nbytes long. This patch increases the length of the buffer accordingly.\n\nhttp://marc.info/?l\u003dlinux-netdev\u0026m\u003d128872251418192\u0026w\u003d2\n\nReported-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nSigned-off-by: Oliver Hartkopp \u003csocketcan@hartkopp.net\u003e\nCC: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "403856532734317d25ec86ab1e75b8133db7acc6", "tree": "a294c1cba6ba395cd50c24c4e0f696645d6e13e2", "parents": [ "cbaf087a9f5e4721e83e8681ef328158f2298c6f" ], "author": { "name": "Ben Greear", "email": "greearb@candelatech.com", "time": "Mon Nov 08 12:33:48 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 14:03:24 2010 -0800" }, "message": "ipv6: Warn users if maximum number of routes is reached.\n\nThis gives users at least some clue as to what the problem\nmight be and how to go about fixing it.\n\nSigned-off-by: Ben Greear \u003cgreearb@candelatech.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2de795707294972f6c34bae9de713e502c431296", "tree": "bd5ee45aee40d0c4a6a0c7d3c25202fd0f95f3f6", "parents": [ "8f49c2703b33519aaaccc63f571b465b9d2b3a2d" ], "author": { "name": "Lorenzo Colitti", "email": "lorenzo@google.com", "time": "Wed Oct 27 18:16:49 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 13:44:24 2010 -0800" }, "message": "ipv6: addrconf: don\u0027t remove address state on ifdown if the address is being kept\n\nCurrently, addrconf_ifdown does not delete statically configured IPv6\naddresses when the interface is brought down. The intent is that when\nthe interface comes back up the address will be usable again. However,\nthis doesn\u0027t actually work, because the system stops listening on the\ncorresponding solicited-node multicast address, so the address cannot\nrespond to neighbor solicitations and thus receive traffic. Also, the\ncode notifies the rest of the system that the address is being deleted\n(e.g, RTM_DELADDR), even though it is not. Fix it so that none of this\nstate is updated if the address is being kept on the interface.\n\nTested: Added a statically configured IPv6 address to an interface,\nstarted ping, brought link down, brought link up again. When link came\nup ping kept on going and \"ip -6 maddr\" showed that the host was still\nsubscribed to there\n\nSigned-off-by: Lorenzo Colitti \u003clorenzo@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8f49c2703b33519aaaccc63f571b465b9d2b3a2d", "tree": "3b2db10ae8642c87c7258522e06ee56910d5b420", "parents": [ "5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 13:35:00 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 13:35:00 2010 -0800" }, "message": "tcp: Don\u0027t change unlocked socket state in tcp_v4_err().\n\nAlexey Kuznetsov noticed a regression introduced by\ncommit f1ecd5d9e7366609d640ff4040304ea197fbc618\n(\"Revert Backoff [v3]: Revert RTO on ICMP destination unreachable\")\n\nThe RTO and timer modification code added to tcp_v4_err()\ndoesn\u0027t check sock_owned_by_user(), which if true means we\ndon\u0027t have exclusive access to the socket and therefore cannot\nmodify it\u0027s critical state.\n\nJust skip this new code block if sock_owned_by_user() is true\nand eliminate the now superfluous sock_owned_by_user() code\nblock contained within.\n\nReported-by: Alexey Kuznetsov \u003ckuznet@ms2.inr.ac.ru\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nCC: Damian Lukowski \u003cdamian@tvk.rwth-aachen.de\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\n" }, { "commit": "5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f", "tree": "c21d9c1c7f2792b0889432988d42e9b90f953358", "parents": [ "e68e6133e2daef6fc40e91621a1e26938e428e9e" ], "author": { "name": "Dan Rosenberg", "email": "drosenberg@vsecurity.com", "time": "Fri Nov 12 12:44:42 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 12:44:42 2010 -0800" }, "message": "x25: Prevent crashing when parsing bad X.25 facilities\n\nNow with improved comma support.\n\nOn parsing malformed X.25 facilities, decrementing the remaining length\nmay cause it to underflow. Since the length is an unsigned integer,\nthis will result in the loop continuing until the kernel crashes.\n\nThis patch adds checks to ensure decrementing the remaining length does\nnot cause it to wrap around.\n\nSigned-off-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1f18b7176e2e41fada24584ce3c80e9abfaca52b", "tree": "4f5cc10413729e16e8965c81afba3ca953ff3642", "parents": [ "7c13a0d9a1ac6875f6380763b947f4a5a016605f" ], "author": { "name": "Mariusz Kozlowski", "email": "mk@lab.zgora.pl", "time": "Mon Nov 08 11:58:45 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 11:06:46 2010 -0800" }, "message": "net: Fix header size check for GSO case in recvmsg (af_packet)\n\nParameter \u0027len\u0027 is size_t type so it will never get negative.\n\nSigned-off-by: Mariusz Kozlowski \u003cmk@lab.zgora.pl\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7c13a0d9a1ac6875f6380763b947f4a5a016605f", "tree": "fbf7b41bc8cc250e6f9add13541e7d1c408a33b8", "parents": [ "369cf77a6a3e41b1110506ddf43d45804103bfde", "22e091e5253da1e9ad7c0a82c2c84446fc403efe" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 11:04:26 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 11:04:26 2010 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6\n" }, { "commit": "369cf77a6a3e41b1110506ddf43d45804103bfde", "tree": "6bd88b669c8c68ac4d9008e00566ca15e43a6ff4", "parents": [ "8877870f8a8127b653f8c9a55c6b4de9f96f639b" ], "author": { "name": "Thomas Graf", "email": "tgraf@infradead.org", "time": "Thu Nov 11 15:47:59 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 10:53:09 2010 -0800" }, "message": "rtnetlink: Fix message size calculation for link messages\n\nnlmsg_total_size() calculates the length of a netlink message\nincluding header and alignment. nla_total_size() calculates the\nspace an individual attribute consumes which was meant to be used\nin this context.\n\nAlso, ensure to account for the attribute header for the\nIFLA_INFO_XSTATS attribute as implementations of get_xstats_size()\nseem to assume that we do so.\n\nThe addition of two message headers minus the missing attribute\nheader resulted in a calculated message size that was larger than\nrequired. Therefore we never risked running out of skb tailroom.\n\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nAcked-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "22e091e5253da1e9ad7c0a82c2c84446fc403efe", "tree": "b3f892779ab637002bfb9e32c74905b13f81ec75", "parents": [ "ac5aa2e3332ec04889074afdbd1479424d0227a5" ], "author": { "name": "Shan Wei", "email": "shanwei@cn.fujitsu.com", "time": "Fri Nov 12 08:51:55 2010 +0100" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Fri Nov 12 08:51:55 2010 +0100" }, "message": "netfilter: ipv6: fix overlap check for fragments\n\nThe type of FRAG6_CB(prev)-\u003eoffset is int, skb-\u003elen is *unsigned* int,\nand offset is int.\n\nWithout this patch, type conversion occurred to this expression, when\n(FRAG6_CB(prev)-\u003eoffset + prev-\u003elen) is less than offset.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" }, { "commit": "8877870f8a8127b653f8c9a55c6b4de9f96f639b", "tree": "cc2629911f6b011ee2e3f4a85febbb9b6cc63604", "parents": [ "7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2", "7379efeacb707f49729080791a7a562d8996aec4" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 22:15:31 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 22:15:31 2010 -0800" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6\n" }, { "commit": "7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2", "tree": "f566af2a622e5416056c70633576a1a46b8bf6aa", "parents": [ "8d987e5c75107ca7515fa19e857cfa24aab6ec8f" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 21:35:37 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 21:35:37 2010 -0800" }, "message": "tcp: Increase TCP_MAXSEG socket option minimum.\n\nAs noted by Steve Chen, since commit\nf5fff5dc8a7a3f395b0525c02ba92c95d42b7390 (\"tcp: advertise MSS\nrequested by user\") we can end up with a situation where\ntcp_select_initial_window() does a divide by a zero (or\neven negative) mss value.\n\nThe problem is that sometimes we effectively subtract\nTCPOLEN_TSTAMP_ALIGNED and/or TCPOLEN_MD5SIG_ALIGNED from the mss.\n\nFix this by increasing the minimum from 8 to 64.\n\nReported-by: Steve Chen \u003cschen@mvista.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8d987e5c75107ca7515fa19e857cfa24aab6ec8f", "tree": "6392c5f08f0df39d42a079336f6be3960ac404dc", "parents": [ "67286640f638f5ad41a946b9a3dc75327950248f" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Tue Nov 09 23:24:26 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 12:12:00 2010 -0800" }, "message": "net: avoid limits overflow\n\nRobin Holt tried to boot a 16TB machine and found some limits were\nreached : sysctl_tcp_mem[2], sysctl_udp_mem[2]\n\nWe can switch infrastructure to use long \"instead\" of \"int\", now\natomic_long_t primitives are available for free.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nReported-by: Robin Holt \u003cholt@sgi.com\u003e\nReviewed-by: Robin Holt \u003cholt@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "67286640f638f5ad41a946b9a3dc75327950248f", "tree": "34844d5e00a54f78b384f75f6cded995423d7fc6", "parents": [ "57fe93b374a6b8711995c2d466c502af9f3a08bb" ], "author": { "name": "Vasiliy Kulikov", "email": "segooon@gmail.com", "time": "Wed Nov 10 12:09:10 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 12:09:10 2010 -0800" }, "message": "net: packet: fix information leak to userland\n\npacket_getname_spkt() doesn\u0027t initialize all members of sa_data field of\nsockaddr struct if strlen(dev-\u003ename) \u003c 13. This structure is then copied\nto userland. It leads to leaking of contents of kernel stack memory.\nWe have to fully fill sa_data with strncpy() instead of strlcpy().\n\nThe same with packet_getname(): it doesn\u0027t initialize sll_pkttype field of\nsockaddr_ll. Set it to zero.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "57fe93b374a6b8711995c2d466c502af9f3a08bb", "tree": "12648abf4c941275e5a12a8416e8fa6a92276753", "parents": [ "fe10ae53384e48c51996941b7720ee16995cbcb7" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 10:38:24 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 10:38:24 2010 -0800" }, "message": "filter: make sure filters dont read uninitialized memory\n\nThere is a possibility malicious users can get limited information about\nuninitialized stack mem array. Even if sk_run_filter() result is bound\nto packet length (0 .. 65535), we could imagine this can be used by\nhostile user.\n\nInitializing mem[] array, like Dan Rosenberg suggested in his patch is\nexpensive since most filters dont even use this array.\n\nIts hard to make the filter validation in sk_chk_filter(), because of\nthe jumps. This might be done later.\n\nIn this patch, I use a bitmap (a single long var) so that only filters\nusing mem[] loads/stores pay the price of added security checks.\n\nFor other filters, additional cost is a single instruction.\n\n[ Since we access fentry-\u003ek a lot now, cache it in a local variable\n and mark filter entry pointer as const. -DaveM ]\n\nReported-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "fe10ae53384e48c51996941b7720ee16995cbcb7", "tree": "b5a4332bd71d40a6193bc62d097808abfe62997a", "parents": [ "332dd96f7ac15e937088fe11f15cfe0210e8edd1" ], "author": { "name": "Vasiliy Kulikov", "email": "segooon@gmail.com", "time": "Wed Nov 10 10:14:33 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 10:14:33 2010 -0800" }, "message": "net: ax25: fix information leak to userland\n\nSometimes ax25_getname() doesn\u0027t initialize all members of fsa_digipeater\nfield of fsa struct, also the struct has padding bytes between\nsax25_call and sax25_ndigis fields. This structure is then copied to\nuserland. It leads to leaking of contents of kernel stack memory.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c5c6b19d4b8f5431fca05f28ae9e141045022149", "tree": "0961d9aeee49f481134089ac5b93b7118cf3a34b", "parents": [ "b7495fc2ff941db6a118a93ab8d61149e3f4cef8" ], "author": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Nov 09 12:40:00 2010 -0800" }, "committer": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Nov 09 12:43:17 2010 -0800" }, "message": "ceph: explicitly specify page alignment in network messages\n\nThe alignment used for reading data into or out of pages used to be taken\nfrom the data_off field in the message header. This only worked as long\nas the page alignment matched the object offset, breaking direct io to\nnon-page aligned offsets.\n\nInstead, explicitly specify the page alignment next to the page vector\nin the ceph_msg struct, and use that instead of the message header (which\nprobably shouldn\u0027t be trusted). The alloc_msg callback is responsible for\nfilling in this field properly when it sets up the page vector.\n\nSigned-off-by: Sage Weil \u003csage@newdream.net\u003e\n" }, { "commit": "b7495fc2ff941db6a118a93ab8d61149e3f4cef8", "tree": "231c339d74760e2fa13e5e6f41c10bc28cea51b3", "parents": [ "e98b6fed84d0f0155d7b398e0dfeac74c792f2d0" ], "author": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Nov 09 12:43:12 2010 -0800" }, "committer": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Nov 09 12:43:12 2010 -0800" }, "message": "ceph: make page alignment explicit in osd interface\n\nWe used to infer alignment of IOs within a page based on the file offset,\nwhich assumed they matched. This broke with direct IO that was not aligned\nto pages (e.g., 512-byte aligned IO). We were also trusting the alignment\nspecified in the OSD reply, which could have been adjusted by the server.\n\nExplicitly specify the page alignment when setting up OSD IO requests.\n\nSigned-off-by: Sage Weil \u003csage@newdream.net\u003e\n" }, { "commit": "e98b6fed84d0f0155d7b398e0dfeac74c792f2d0", "tree": "0762cba398c39329dc5f056ddfccebf6768d2555", "parents": [ "d8672d64b88cdb7aa8139fb6d218f40b8cbf60af" ], "author": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Nov 09 12:24:53 2010 -0800" }, "committer": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Nov 09 12:24:53 2010 -0800" }, "message": "ceph: fix comment, remove extraneous args\n\nThe offset/length arguments aren\u0027t used.\n\nSigned-off-by: Sage Weil \u003csage@newdream.net\u003e\n" }, { "commit": "332dd96f7ac15e937088fe11f15cfe0210e8edd1", "tree": "8efe236b18c0abacee96f9ed5fa6cfd396cdedcf", "parents": [ "88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Tue Nov 09 11:46:33 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 09 12:17:16 2010 -0800" }, "message": "net/dst: dst_dev_event() called after other notifiers\n\nFollowup of commit ef885afbf8a37689 (net: use rcu_barrier() in\nrollback_registered_many)\n\ndst_dev_event() scans a garbage dst list that might be feeded by various\nnetwork notifiers at device dismantle time.\n\nIts important to call dst_dev_event() after other notifiers, or we might\nenter the infamous msleep(250) in netdev_wait_allrefs(), and wait one\nsecond before calling again call_netdevice_notifiers(NETDEV_UNREGISTER,\ndev) to properly remove last device references.\n\nUse priority -10 to let dst_dev_notifier be called after other network\nnotifiers (they have the default 0 priority)\n\nReported-by: Ben Greear \u003cgreearb@candelatech.com\u003e\nReported-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nReported-by: Octavian Purdila \u003copurdila@ixiacom.com\u003e\nReported-by: Benjamin LaHaise \u003cbcrl@kvack.org\u003e\nTested-by: Ben Greear \u003cgreearb@candelatech.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52", "tree": "151d98558e8a210434e84d1e8127d681e975e80b", "parents": [ "ea80907ff066edd1dd43c5fe90ae6677d15e6384" ], "author": { "name": "Kulikov Vasiliy", "email": "segooon@gmail.com", "time": "Sun Oct 31 07:10:32 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 09 09:25:46 2010 -0800" }, "message": "net: tipc: fix information leak to userland\n\nStructure sockaddr_tipc is copied to userland with padding bytes after\n\"id\" field in union field \"name\" unitialized. It leads to leaking of\ncontents of kernel stack memory. We have to initialize them to zero.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "18943d292facbc70e6a36fc62399ae833f64671b", "tree": "337c4818e0cb478a4436ee5ad8d16822998bf8eb", "parents": [ "aa58163a76a3aef33c7220931543d45d0fe43753" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Mon Nov 08 11:15:54 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 09 08:26:42 2010 -0800" }, "message": "inet: fix ip_mc_drop_socket()\n\ncommit 8723e1b4ad9be4444 (inet: RCU changes in inetdev_by_index())\nforgot one call site in ip_mc_drop_socket()\n\nWe should not decrease idev refcount after inetdev_by_index() call,\nsince refcount is not increased anymore.\n\nReported-by: Markus Trippelsdorf \u003cmarkus@trippelsdorf.de\u003e\nReported-by: Miles Lane \u003cmiles.lane@gmail.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "63ce0900d79645c714de6c8b66d8040670068c9e", "tree": "02bd4f20262db74e45fdd431bf5e8d0c18cf314e", "parents": [ "4f8b691c9fb02e72359e71592098c1de3b8ec712" ], "author": { "name": "Luiz Augusto von Dentz", "email": "luiz.dentz-von@nokia.com", "time": "Thu Aug 19 14:06:10 2010 +0300" }, "committer": { "name": "Gustavo F. Padovan", "email": "padovan@profusion.mobi", "time": "Tue Nov 09 00:56:10 2010 -0200" }, "message": "Bluetooth: fix not setting security level when creating a rfcomm session\n\nThis cause \u0027No Bonding\u0027 to be used if userspace has not yet been paired\nwith remote device since the l2cap socket used to create the rfcomm\nsession does not have any security level set.\n\nSigned-off-by: Luiz Augusto von Dentz \u003cluiz.dentz-von@nokia.com\u003e\nAcked-by: Ville Tervo \u003cville.tervo@nokia.com\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n" }, { "commit": "4f8b691c9fb02e72359e71592098c1de3b8ec712", "tree": "d74bf4427c1f92b79ba84e8c8159f02b3933430a", "parents": [ "bfaaeb3ed5533a2dd38e3aa9ea43efd619690aed" ], "author": { "name": "Gustavo F. Padovan", "email": "padovan@profusion.mobi", "time": "Mon Oct 18 14:25:53 2010 -0200" }, "committer": { "name": "Gustavo F. Padovan", "email": "padovan@profusion.mobi", "time": "Tue Nov 09 00:56:09 2010 -0200" }, "message": "Bluetooth: fix endianness conversion in L2CAP\n\nLast commit added a wrong endianness conversion. Fixing that.\n\nReported-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n" }, { "commit": "bfaaeb3ed5533a2dd38e3aa9ea43efd619690aed", "tree": "8a7a46f99f20d8a637e1867b6309c3e6b88f47da", "parents": [ "556ea928f78a390fe16ae584e6433dff304d3014" ], "author": { "name": "steven miao", "email": "realmz6@gmail.com", "time": "Sat Oct 16 18:29:47 2010 -0400" }, "committer": { "name": "Gustavo F. Padovan", "email": "padovan@profusion.mobi", "time": "Tue Nov 09 00:56:00 2010 -0200" }, "message": "Bluetooth: fix unaligned access to l2cap conf data\n\nIn function l2cap_get_conf_opt() and l2cap_add_conf_opt() the address of\nopt-\u003eval sometimes is not at the edge of 2-bytes/4-bytes, so 2-bytes/4 bytes\naccess will cause data misalignment exeception. Use get_unaligned_le16/32\nand put_unaligned_le16/32 function to avoid data misalignment execption.\n\nSigned-off-by: steven miao \u003crealmz6@gmail.com\u003e\nSigned-off-by: Mike Frysinger \u003cvapier@gentoo.org\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n" }, { "commit": "bdb7524a75e4716535a29abb314a82619301e068", "tree": "3da5f18d2eb0fd1eebdb8b51c0581a51773ac283", "parents": [ "96c99b473a8531188e2f6106c6ef0e33bb4500f2" ], "author": { "name": "Johan Hedberg", "email": "johan.hedberg@nokia.com", "time": "Fri Oct 15 10:46:09 2010 +0300" }, "committer": { "name": "Gustavo F. Padovan", "email": "padovan@profusion.mobi", "time": "Tue Nov 09 00:55:27 2010 -0200" }, "message": "Bluetooth: Fix non-SSP auth request for HIGH security level sockets\n\nWhen initiating dedicated bonding a L2CAP raw socket with HIGH security\nlevel is used. The kernel is supposed to trigger the authentication\nrequest in this case but this doesn\u0027t happen currently for non-SSP\n(pre-2.1) devices. The reason is that the authentication request happens\nin the remote extended features callback which never gets called for\nnon-SSP devices. This patch fixes the issue by requesting also\nauthentiation in the (normal) remote features callback in the case of\nnon-SSP devices.\n\nThis rule is applied only for HIGH security level which might at first\nseem unintuitive since on the server socket side MEDIUM is already\nenough for authentication. However, for the clients we really want to\nprefer the server side to decide the authentication requrement in most\ncases, and since most client sockets use MEDIUM it\u0027s better to be\navoided on the kernel side for these sockets. The important socket to\nrequest it for is the dedicated bonding one and that socket uses HIGH\nsecurity level.\n\nThe patch is based on the initial investigation and patch proposal from\nAndrei Emeltchenko \u003cendrei.emeltchenko@nokia.com\u003e.\n\nSigned-off-by: Johan Hedberg \u003cjohan.hedberg@nokia.com\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n" }, { "commit": "96c99b473a8531188e2f6106c6ef0e33bb4500f2", "tree": "09df5d9f73e4b7d0c11359a25b78ed60a4866654", "parents": [ "48a7c3df14d0cda850337a9b3f9e667a0b12a996" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Wed Oct 13 18:16:52 2010 -0700" }, "committer": { "name": "Gustavo F. Padovan", "email": "padovan@profusion.mobi", "time": "Tue Nov 09 00:55:27 2010 -0200" }, "message": "Bluetooth: fix hidp kconfig dependency warning\n\nFix kconfig dependency warning to satisfy dependencies:\n\nwarning: (BT_HIDP \u0026\u0026 NET \u0026\u0026 BT \u0026\u0026 BT_L2CAP \u0026\u0026 INPUT || USB_HID \u0026\u0026 HID_SUPPORT \u0026\u0026 USB \u0026\u0026 INPUT) selects HID which has unmet direct dependencies (HID_SUPPORT \u0026\u0026 INPUT)\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n" }, { "commit": "352ffad646c0e0c5cf9ae8cea99710ee0d66ee27", "tree": "41987fe0c7e00dfc3aa6871f1a51007e42f22c03", "parents": [ "fbb078fcd2fa83646ad9504d8e4c54a67b8729ae" ], "author": { "name": "Brian Cavagnolo", "email": "brian@cozybit.com", "time": "Thu Nov 04 16:59:28 2010 -0700" }, "committer": { "name": "John W. Linville", "email": "linville@tuxdriver.com", "time": "Mon Nov 08 16:53:47 2010 -0500" }, "message": "mac80211: unset SDATA_STATE_OFFCHANNEL when cancelling a scan\n\nFor client STA interfaces, ieee80211_do_stop unsets the relevant\ninterface\u0027s SDATA_STATE_RUNNING state bit prior to cancelling an\ninterrupted scan. When ieee80211_offchannel_return is invoked as\npart of cancelling the scan, it doesn\u0027t bother unsetting the\nSDATA_STATE_OFFCHANNEL bit because it sees that the interface is\ndown. Normally this doesn\u0027t matter because when the client STA\ninterface is brought back up, it will probably issue a scan. But\nin some cases (e.g., the user changes the interface type while it\nis down), the SDATA_STATE_OFFCHANNEL bit will remain set. This\nprevents the interface queues from being started. So we\ncancel the scan before unsetting the SDATA_STATE_RUNNING bit.\n\nSigned-off-by: Brian Cavagnolo \u003cbrian@cozybit.com\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n" }, { "commit": "3cc25e510dfc36dc62ee0aa87344b36ed7c1742a", "tree": "aa485987c383ac5c2843e1f3d7b3eb3a628f111b", "parents": [ "8df86db9060ddd123d172c7adb6b2b71f31e77cd" ], "author": { "name": "Felix Fietkau", "email": "nbd@openwrt.org", "time": "Sun Oct 31 15:31:54 2010 +0100" }, "committer": { "name": "John W. Linville", "email": "linville@tuxdriver.com", "time": "Mon Nov 08 16:53:47 2010 -0500" }, "message": "cfg80211: fix a crash in dev lookup on dump commands\n\nIS_ERR and PTR_ERR were called with the wrong pointer, leading to a\ncrash when cfg80211_get_dev_from_ifindex fails.\n\nSigned-off-by: Felix Fietkau \u003cnbd@openwrt.org\u003e\nAcked-by: Johannes Berg \u003cjohannes@sipsolutions.net\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n" }, { "commit": "aa58163a76a3aef33c7220931543d45d0fe43753", "tree": "c88b5f62863053a83e7c9be1b978e1e44ff70f86", "parents": [ "0cffef48ebf5060f749d8b04ab0437a4ba009e77" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@parallels.com", "time": "Mon Nov 08 06:20:50 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 08 12:17:09 2010 -0800" }, "message": "rds: Fix rds message leak in rds_message_map_pages\n\nThe sgs allocation error path leaks the allocated message.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Andy Grover \u003candy.grover@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "eb589063ed482f5592b1378e4136d6998419af6e", "tree": "bfc87b5e9d2efe293edaf4fa79a98e2773c7ff47", "parents": [ "18543a643fae694982c7d89c22436885f3506497" ], "author": { "name": "Junchang Wang", "email": "junchangwang@gmail.com", "time": "Sun Nov 07 23:19:43 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 08 12:17:07 2010 -0800" }, "message": "pktgen: correct uninitialized queue_map\n\nThis fix a bug reported by backyes.\nRight the first time pktgen\u0027s using queue_map that\u0027s not been initialized\nby set_cur_queue_map(pkt_dev);\n\nSigned-off-by: Junchang Wang \u003cjunchangwang@gmail.com\u003e\nSigned-off-by: Backyes \u003cbackyes@mail.ustc.edu.cn\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f46421416fb6b91513fb687d6503142cd99034a5", "tree": "cad8e340ce9bccec9ff261a1c0d73b18382019af", "parents": [ "4c46ee52589a4edd67447214eb489b10fed5c53a" ], "author": { "name": "Shan Wei", "email": "shanwei@cn.fujitsu.com", "time": "Fri Nov 05 01:56:34 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 08 12:17:06 2010 -0800" }, "message": "ipv6: fix overlap check for fragments\n\nThe type of FRAG6_CB(prev)-\u003eoffset is int, skb-\u003elen is *unsigned* int,\nand offset is int.\n\nWithout this patch, type conversion occurred to this expression, when\n(FRAG6_CB(prev)-\u003eoffset + prev-\u003elen) is less than offset.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4c46ee52589a4edd67447214eb489b10fed5c53a", "tree": "e495d87347d8632c7b16b0d537155bd6219ebcc6", "parents": [ "3ce1227c3c374c742ed78484226e24567f09ff99" ], "author": { "name": "stephen hemminger", "email": "shemminger@vyatta.com", "time": "Thu Nov 04 11:47:04 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 08 12:17:05 2010 -0800" }, "message": "classifier: report statistics for basic classifier\n\nThe basic classifier keeps statistics but does not report it to user space.\nThis showed up when using basic classifier (with police) as a default catch\nall on ingress; no statistics were reported.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "86c2c0a8a4965ae5cbc0ff97ed39a4472e8e9b23", "tree": "83be2471679b6b59658085972cf804eff200f33b", "parents": [ "22e76c849d505d87c5ecf3d3e6742a65f0ff4860" ], "author": { "name": "Dmitry Torokhov", "email": "dmitry.torokhov@gmail.com", "time": "Sat Nov 06 20:11:38 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Nov 07 05:28:01 2010 -0800" }, "message": "NET: pktgen - fix compile warning\n\nThis should fix the following warning:\n\nnet/core/pktgen.c: In function ‘pktgen_if_write’:\nnet/core/pktgen.c:890: warning: comparison of distinct pointer types lacks a cast\n\nSigned-off-by: Dmitry Torokhov \u003cdtor@mail.ru\u003e\nReviewed-by: Nelson Elhage \u003cnelhage@ksplice.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4b4a2700f462102569b407102c60d3b9cf4432a0", "tree": "d326b404c99ca477d47aa0e06eb64f0b3e2d8347", "parents": [ "f69fa76482e654f7d94e4aa40ea0ebf04363396a", "22e76c849d505d87c5ecf3d3e6742a65f0ff4860" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 05 15:25:48 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 05 15:25:48 2010 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (41 commits)\n inet_diag: Make sure we actually run the same bytecode we audited.\n netlink: Make nlmsg_find_attr take a const nlmsghdr*.\n fib: fib_result_assign() should not change fib refcounts\n netfilter: ip6_tables: fix information leak to userspace\n cls_cgroup: Fix crash on module unload\n memory corruption in X.25 facilities parsing\n net dst: fix percpu_counter list corruption and poison overwritten\n rds: Remove kfreed tcp conn from list\n rds: Lost locking in loop connection freeing\n de2104x: fix panic on load\n atl1 : fix panic on load\n netxen: remove unused firmware exports\n caif: Remove noisy printout when disconnecting caif socket\n caif: SPI-driver bugfix - incorrect padding.\n caif: Bugfix for socket priority, bindtodev and dbg channel.\n smsc911x: Set Ethernet EEPROM size to supported device\u0027s size\n ipv4: netfilter: ip_tables: fix information leak to userland\n ipv4: netfilter: arp_tables: fix information leak to userland\n cxgb4vf: remove call to stop TX queues at load time.\n cxgb4: remove call to stop TX queues at load time.\n ...\n" }, { "commit": "22e76c849d505d87c5ecf3d3e6742a65f0ff4860", "tree": "ba8ac3765ae60f1bc8ce20d280baa741eb7b046e", "parents": [ "6b8c92ba07287578718335ce409de8e8d7217e40" ], "author": { "name": "Nelson Elhage", "email": "nelhage@ksplice.com", "time": "Wed Nov 03 16:35:41 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 04 12:26:34 2010 -0700" }, "message": "inet_diag: Make sure we actually run the same bytecode we audited.\n\nWe were using nlmsg_find_attr() to look up the bytecode by attribute when\nauditing, but then just using the first attribute when actually running\nbytecode. So, if we received a message with two attribute elements, where only\nthe second had type INET_DIAG_REQ_BYTECODE, we would validate and run different\nbytecode strings.\n\nFix this by consistently using nlmsg_find_attr everywhere.\n\nSigned-off-by: Nelson Elhage \u003cnelhage@ksplice.com\u003e\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1f1b9c9990205759aae31b7734b0ede41a867f32", "tree": "aba367dd7280ff38932c881a0fcf5356bea53df2", "parents": [ "cccbe5ef85284621d19e5b2b1c61cc0506bc9dee" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Thu Nov 04 01:21:39 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 04 12:05:32 2010 -0700" }, "message": "fib: fib_result_assign() should not change fib refcounts\n\nAfter commit ebc0ffae5 (RCU conversion of fib_lookup()),\nfib_result_assign() should not change fib refcounts anymore.\n\nThanks to Michael who did the bisection and bug report.\n\nReported-by: Michael Ellerman \u003cmichael@ellerman.id.au\u003e\nTested-by: Michael Ellerman \u003cmichael@ellerman.id.au\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "cccbe5ef85284621d19e5b2b1c61cc0506bc9dee", "tree": "f5caaa67b6e3ede98d691891f9cacf5d9886877d", "parents": [ "758cb41106e87d7e26ef3ee78f04360168460b9d" ], "author": { "name": "Jan Engelhardt", "email": "jengelh@medozas.de", "time": "Wed Nov 03 18:55:39 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:55:39 2010 -0700" }, "message": "netfilter: ip6_tables: fix information leak to userspace\n\nSigned-off-by: Jan Engelhardt \u003cjengelh@medozas.de\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "758cb41106e87d7e26ef3ee78f04360168460b9d", "tree": "873bc9328c6c210904382536eb6fdf82ff78004b", "parents": [ "c00b2c9e79466d61979cd21af526cc6d5d0ee04f", "b5f15ac4f89f84853544c934fc7a744289e95e34" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:52:32 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:52:32 2010 -0700" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6\n" }, { "commit": "c00b2c9e79466d61979cd21af526cc6d5d0ee04f", "tree": "300e44d04f76b860580cb1ca5f0fc7b37112375a", "parents": [ "a6331d6f9a4298173b413cf99a40cc86a9d92c37" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Wed Nov 03 13:31:05 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:50 2010 -0700" }, "message": "cls_cgroup: Fix crash on module unload\n\nSomewhere along the lines net_cls_subsys_id became a macro when\ncls_cgroup is built as a module. Not only did it make cls_cgroup\ncompletely useless, it also causes it to crash on module unload.\n\nThis patch fixes this by removing that macro.\n\nThanks to Eric Dumazet for diagnosing this problem.\n\nReported-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nReviewed-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a6331d6f9a4298173b413cf99a40cc86a9d92c37", "tree": "b665efee7dae4472e0f4521bbdd3aef626813ba6", "parents": [ "41bb78b4b9adb21cf2c395b6b880aaae99c788b7" ], "author": { "name": "andrew hendry", "email": "andrew.hendry@gmail.com", "time": "Wed Nov 03 12:54:53 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:50 2010 -0700" }, "message": "memory corruption in X.25 facilities parsing\n\nSigned-of-by: Andrew Hendry \u003candrew.hendry@gmail.com\u003e\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "41bb78b4b9adb21cf2c395b6b880aaae99c788b7", "tree": "34f099b4773150e0fa850d56be33fd46c3d29907", "parents": [ "8200a59f24aeca379660f80658a8c0c343ca5c31" ], "author": { "name": "Xiaotian Feng", "email": "dfeng@redhat.com", "time": "Tue Nov 02 16:11:05 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:07 2010 -0700" }, "message": "net dst: fix percpu_counter list corruption and poison overwritten\n\nThere\u0027re some percpu_counter list corruption and poison overwritten warnings\nin recent kernel, which is resulted by fc66f95c.\n\ncommit fc66f95c switches to use percpu_counter, in ip6_route_net_init, kernel\ninit the percpu_counter for dst entries, but, the percpu_counter is never destroyed\nin ip6_route_net_exit. So if the related data is freed by kernel, the freed percpu_counter\nis still on the list, then if we insert/remove other percpu_counter, list corruption\nresulted. Also, if the insert/remove option modifies the -\u003eprev,-\u003enext pointer of\nthe freed value, the poison overwritten is resulted then.\n\nWith the following patch, the percpu_counter list corruption and poison overwritten\nwarnings disappeared.\n\nSigned-off-by: Xiaotian Feng \u003cdfeng@redhat.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Alexey Kuznetsov \u003ckuznet@ms2.inr.ac.ru\u003e\nCc: \"Pekka Savola (ipv6)\" \u003cpekkas@netcore.fi\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Hideaki YOSHIFUJI \u003cyoshfuji@linux-ipv6.org\u003e\nCc: Patrick McHardy \u003ckaber@trash.net\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8200a59f24aeca379660f80658a8c0c343ca5c31", "tree": "fc21336c6dd33ee96d7cf9f07f20132d4a46994e", "parents": [ "58c490babd4b425310363cbd1f406d7e508f77a5" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@parallels.com", "time": "Tue Nov 02 01:54:01 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:07 2010 -0700" }, "message": "rds: Remove kfreed tcp conn from list\n\nAll the rds_tcp_connection objects are stored list, but when\nbeing freed it should be removed from there.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "58c490babd4b425310363cbd1f406d7e508f77a5", "tree": "48b4697403815b06da6a6dcf4c3495bd1401a51f", "parents": [ "53ab2221da7676dd0f161bec5e1520e56b74a865" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@parallels.com", "time": "Tue Nov 02 01:52:05 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:06 2010 -0700" }, "message": "rds: Lost locking in loop connection freeing\n\nThe conn is removed from list in there and this requires\nproper lock protection.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "47d1ff176553fec3cb17854a7ca85036d3b0c4e7", "tree": "b5c212fb0a972cab95e9ddc3851622adc4be9693", "parents": [ "2c24a5d1b4f48900f3ed1b1ad70c51f1983df822" ], "author": { "name": "sjur.brandeland@stericsson.com", "email": "sjur.brandeland@stericsson.com", "time": "Wed Nov 03 10:19:25 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:04 2010 -0700" }, "message": "caif: Remove noisy printout when disconnecting caif socket\n\nSigned-off-by: Sjur Brændeland \u003csjur.brandeland@stericsson.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f2527ec436fd675f08a8e7434f6e940688cb96d0", "tree": "f3c723c652b58cd4862d635e598a4ad88eedec64", "parents": [ "6cc0e949afe757d240fba4ad1839a27f66c3bd72" ], "author": { "name": "André Carvalho de Matos", "email": "andre.carvalho.matos@stericsson.com", "time": "Mon Nov 01 11:52:47 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:03 2010 -0700" }, "message": "caif: Bugfix for socket priority, bindtodev and dbg channel.\n\nChanges:\no Bugfix: SO_PRIORITY for SOL_SOCKET could not be handled\n in caif\u0027s setsockopt, using the struct sock attribute priority instead.\n\no Bugfix: SO_BINDTODEVICE for SOL_SOCKET could not be handled\n in caif\u0027s setsockopt, using the struct sock attribute ifindex instead.\n\no Wrong assert statement for RFM layer segmentation.\n\no CAIF Debug channels was not working over SPI, caif_payload_info\n containing padding info must be initialized.\n\no Check on pointer before dereferencing when unregister dev in caif_dev.c\n\nSigned-off-by: Sjur Braendeland \u003csjur.brandeland@stericsson.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b5f15ac4f89f84853544c934fc7a744289e95e34", "tree": "35f89a706003f9e9343bd63fc5d560cf33a579a7", "parents": [ "1a8b7a67224eb0c9dbd883b9bfc4938278bad370" ], "author": { "name": "Vasiliy Kulikov", "email": "segooon@gmail.com", "time": "Wed Nov 03 08:45:06 2010 +0100" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Wed Nov 03 08:45:06 2010 +0100" }, "message": "ipv4: netfilter: ip_tables: fix information leak to userland\n\nStructure ipt_getinfo is copied to userland with the field \"name\"\nthat has the last elements unitialized. It leads to leaking of\ncontents of kernel stack memory.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" }, { "commit": "1a8b7a67224eb0c9dbd883b9bfc4938278bad370", "tree": "31697d77831109c760001a8a78053dab0fb74ac5", "parents": [ "d817d29d0b37290d90b3a9e2a61162f1dbf2be4f" ], "author": { "name": "Vasiliy Kulikov", "email": "segooon@gmail.com", "time": "Wed Nov 03 08:44:12 2010 +0100" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Wed Nov 03 08:44:12 2010 +0100" }, "message": "ipv4: netfilter: arp_tables: fix information leak to userland\n\nStructure arpt_getinfo is copied to userland with the field \"name\"\nthat has the last elements unitialized. It leads to leaking of\ncontents of kernel stack memory.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" }, { "commit": "df9f86faf3ee610527ed02031fe7dd3c8b752e44", "tree": "361ecdca449c3f80d45ff33a291ad0ae544d7470", "parents": [ "2f56f56ad991edd51ffd0baf1182245ee1277a04" ], "author": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Mon Nov 01 15:49:23 2010 -0700" }, "committer": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Mon Nov 01 15:49:23 2010 -0700" }, "message": "ceph: fix small seq message skipping\n\nIf the client gets out of sync with the server message sequence number, we\nnormally skip low seq messages (ones we already received). The skip code\nwas also incrementing the expected seq, such that all subsequent messages\nalso appeared old and got skipped, and an eventual timeout on the osd\nconnection. This resulted in some lagging requests and console messages\nlike\n\n[233480.882885] ceph: skipping osd22 10.138.138.13:6804 seq 2016, expected 2017\n[233480.882919] ceph: skipping osd22 10.138.138.13:6804 seq 2017, expected 2018\n[233480.882963] ceph: skipping osd22 10.138.138.13:6804 seq 2018, expected 2019\n[233480.883488] ceph: skipping osd22 10.138.138.13:6804 seq 2019, expected 2020\n[233485.219558] ceph: skipping osd22 10.138.138.13:6804 seq 2020, expected 2021\n[233485.906595] ceph: skipping osd22 10.138.138.13:6804 seq 2021, expected 2022\n[233490.379536] ceph: skipping osd22 10.138.138.13:6804 seq 2022, expected 2023\n[233495.523260] ceph: skipping osd22 10.138.138.13:6804 seq 2023, expected 2024\n[233495.923194] ceph: skipping osd22 10.138.138.13:6804 seq 2024, expected 2025\n[233500.534614] ceph: tid 6023602 timed out on osd22, will reset osd\n\nReported-by: Theodore Ts\u0027o \u003ctytso@mit.edu\u003e\nSigned-off-by: Sage Weil \u003csage@newdream.net\u003e\n" }, { "commit": "df32cc193ad88f7b1326b90af799c927b27f7654", "tree": "535d945c8507f8ac85575aed481bad9892a5e243", "parents": [ "315daea9481277d9b8109b47e974835a901e4bc5" ], "author": { "name": "Tom Herbert", "email": "therbert@google.com", "time": "Mon Nov 01 12:55:52 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 01 12:55:52 2010 -0700" }, "message": "net: check queue_index from sock is valid for device\n\nIn dev_pick_tx recompute the queue index if the value stored in the\nsocket is greater than or equal to the number of real queues for the\ndevice. The saved index in the sock structure is not guaranteed to\nbe appropriate for the egress device (this could happen on a route\nchange or in presence of tunnelling). The result of the queue index\nbeing bad would be to return a bogus queue (crash could prersumably\nfollow).\n\nSigned-off-by: Tom Herbert \u003ctherbert@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6f9b901823aafd14a84ae27f61ff28bafed01260", "tree": "b7625065b95573275a59197db8db6877ce010dd1", "parents": [ "eae61ae15b752b919ea45746f6dff449ff6d3281" ], "author": { "name": "Dr. David Alan Gilbert", "email": "linux@treblig.org", "time": "Sun Oct 31 07:26:03 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 01 06:56:02 2010 -0700" }, "message": "l2tp: kzalloc with swapped params in l2tp_dfs_seq_open\n\n \u0027sparse\u0027 spotted that the parameters to kzalloc in l2tp_dfs_seq_open\nwere swapped.\n\nTested on current git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git\nat 1792f17b7210280a3d7ff29da9614ba779cfcedb build, boots and I can see that directory,\nbut there again I could see /sys/kernel/debug/l2tp with it swapped; I don\u0027t have\nany l2tp in use.\n\nSigned-off-by: Dr. David Alan Gilbert \u003clinux@treblig.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5ec1cea057495b8f10bab0c1396a9d8e46b7b0a8", "tree": "2115be233a12ce363f669831f5a2a554bafc8565", "parents": [ "636f8c6f682ee179ff39c94dc4d0be0ddd6c8cdd" ], "author": { "name": "Thomas Graf", "email": "tgraf@infradead.org", "time": "Sun Oct 31 09:37:38 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Oct 31 09:37:38 2010 -0700" }, "message": "text ematch: check for NULL pointer before destroying textsearch config\n\nWhile validating the configuration em_ops is already set, thus the\nindividual destroy functions are called, but the ematch data has\nnot been allocated and associated with the ematch yet.\n\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3985c7ce85039adacdf882904ca096f091d39346", "tree": "afaf4161c4c3d9516cc09295eb30c0e22a8c3008", "parents": [ "fcf744a96c66ca6ad7301a372034b771e57f30c4", "ce384d91cd7a4269a1ed5d4307a70aa4c6fa14f2" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 30 18:42:58 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 30 18:42:58 2010 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:\n isdn: mISDN: socket: fix information leak to userland\n netdev: can: Change mail address of Hans J. Koch\n pcnet_cs: add new_id\n net: Truncate recvfrom and sendto length to INT_MAX.\n RDS: Let rds_message_alloc_sgs() return NULL\n RDS: Copy rds_iovecs into kernel memory instead of rereading from userspace\n RDS: Clean up error handling in rds_cmsg_rdma_args\n RDS: Return -EINVAL if rds_rdma_pages returns an error\n net: fix rds_iovec page count overflow\n can: pch_can: fix section mismatch warning by using a whitelisted name\n can: pch_can: fix sparse warning\n netxen_nic: Fix the tx queue manipulation bug in netxen_nic_probe\n ip_gre: fix fallback tunnel setup\n vmxnet: trivial annotation of protocol constant\n vmxnet3: remove unnecessary byteswapping in BAR writing macros\n ipv6/udp: report SndbufErrors and RcvbufErrors\n phy/marvell: rename 88ec048 to 88e1318s and fix mscr1 addr\n" }, { "commit": "253eacc070b114c2ec1f81b067d2fed7305467b0", "tree": "cf55d167c9a1a3fac2b7796f046674a53fbf47b0", "parents": [ "d139ff0907dac9ef72fb2cf301e345bac3aec42f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 30 16:43:10 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:44:07 2010 -0700" }, "message": "net: Truncate recvfrom and sendto length to INT_MAX.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d139ff0907dac9ef72fb2cf301e345bac3aec42f", "tree": "0ba63235a10b7640bc8b613da0d0cda220a55087", "parents": [ "fc8162e3c034af743d8def435fda6396603d321f" ], "author": { "name": "Andy Grover", "email": "andy.grover@oracle.com", "time": "Thu Oct 28 15:40:59 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:34:18 2010 -0700" }, "message": "RDS: Let rds_message_alloc_sgs() return NULL\n\nEven with the previous fix, we still are reading the iovecs once\nto determine SGs needed, and then again later on. Preallocating\nspace for sg lists as part of rds_message seemed like a good idea\nbut it might be better to not do this. While working to redo that\ncode, this patch attempts to protect against userspace rewriting\nthe rds_iovec array between the first and second accesses.\n\nThe consequences of this would be either a too-small or too-large\nsg list array. Too large is not an issue. This patch changes all\ncallers of message_alloc_sgs to handle running out of preallocated\nsgs, and fail gracefully.\n\nSigned-off-by: Andy Grover \u003candy.grover@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "fc8162e3c034af743d8def435fda6396603d321f", "tree": "b003a652740eb0de1fe71c634618b6666e9bae3c", "parents": [ "f4a3fc03c1d73753879fb655b8cd628b29f6706b" ], "author": { "name": "Andy Grover", "email": "andy.grover@oracle.com", "time": "Thu Oct 28 15:40:58 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:34:17 2010 -0700" }, "message": "RDS: Copy rds_iovecs into kernel memory instead of rereading from userspace\n\nChange rds_rdma_pages to take a passed-in rds_iovec array instead\nof doing copy_from_user itself.\n\nChange rds_cmsg_rdma_args to copy rds_iovec array once only. This\neliminates the possibility of userspace changing it after our\nsanity checks.\n\nImplement stack-based storage for small numbers of iovecs, based\non net/socket.c, to save an alloc in the extremely common case.\n\nAlthough this patch reduces iovec copies in cmsg_rdma_args to 1,\nwe still do another one in rds_rdma_extra_size. Getting rid of\nthat one will be trickier, so it\u0027ll be a separate patch.\n\nSigned-off-by: Andy Grover \u003candy.grover@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f4a3fc03c1d73753879fb655b8cd628b29f6706b", "tree": "ad16a35e587408a396f2ab8e485428b8730fe733", "parents": [ "a09f69c49b84b161ebd4dd09d3cce1b68297f1d3" ], "author": { "name": "Andy Grover", "email": "andy.grover@oracle.com", "time": "Thu Oct 28 15:40:57 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:34:17 2010 -0700" }, "message": "RDS: Clean up error handling in rds_cmsg_rdma_args\n\nWe don\u0027t need to set ret \u003d 0 at the end -- it\u0027s initialized to 0.\n\nAlso, don\u0027t increment s_send_rdma stat if we\u0027re exiting with an\nerror.\n\nSigned-off-by: Andy Grover \u003candy.grover@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a09f69c49b84b161ebd4dd09d3cce1b68297f1d3", "tree": "295290736f0a4dbbfc495e035adbbe0cafe447e4", "parents": [ "1b1f693d7ad6d193862dcb1118540a030c5e761f" ], "author": { "name": "Andy Grover", "email": "andy.grover@oracle.com", "time": "Thu Oct 28 15:40:56 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:34:16 2010 -0700" }, "message": "RDS: Return -EINVAL if rds_rdma_pages returns an error\n\nrds_cmsg_rdma_args would still return success even if rds_rdma_pages\nreturned an error (or overflowed).\n\nSigned-off-by: Andy Grover \u003candy.grover@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1b1f693d7ad6d193862dcb1118540a030c5e761f", "tree": "cf216d1bfb8a51f3df2c989dcffd5381a0e446f1", "parents": [ "bdfa3d8fe123a940be121daf374581727b3b6547" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 28 15:40:55 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:34:16 2010 -0700" }, "message": "net: fix rds_iovec page count overflow\n\nAs reported by Thomas Pollet, the rdma page counting can overflow. We\nget the rdma sizes in 64-bit unsigned entities, but then limit it to\nUINT_MAX bytes and shift them down to pages (so with a possible \"+1\" for\nan unaligned address).\n\nSo each individual page count fits comfortably in an \u0027unsigned int\u0027 (not\neven close to overflowing into signed), but as they are added up, they\nmight end up resulting in a signed return value. Which would be wrong.\n\nCatch the case of tot_pages turning negative, and return the appropriate\nerror code.\n\nReported-by: Thomas Pollet \u003cthomas.pollet@gmail.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Andy Grover \u003candy.grover@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3285ee3bb2e158299ff19b947e41da735980d954", "tree": "8235c80ec137fd080e23bdeab8eefa0d9d5c395f", "parents": [ "1b803fbfcd1c35857fe52844158213507a8a5bfa" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Sat Oct 30 16:21:28 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:21:28 2010 -0700" }, "message": "ip_gre: fix fallback tunnel setup\n\nBefore making the fallback tunnel visible to lookups, we should make\nsure it is completely setup, once ipgre_tunnel_init() had been called\nand tstats per_cpu pointer allocated.\n\nmove rcu_assign_pointer(ign-\u003etunnels_wc[0], tunnel); from\nipgre_fb_tunnel_init() to ipgre_init_net()\n\nBased on a patch from Pavel Emelyanov\n\nReported-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "870be39258cf84b65accf629f5f9e816b1b8512e", "tree": "ef9ff9af22efbcddf0b9bb961ff0bb8edc414501", "parents": [ "337ac9d5218cc19f40fca13fa4deb3c658c4241b" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Sat Oct 30 16:17:23 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:17:23 2010 -0700" }, "message": "ipv6/udp: report SndbufErrors and RcvbufErrors\n\ncommit a18135eb9389 (Add UDP_MIB_{SND,RCV}BUFERRORS handling.)\nforgot to make the necessary changes in net/ipv6/proc.c to report\nadditional counters in /proc/net/snmp6\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1840897ab5d39b2e510c610ee262ded79919e718", "tree": "0b7fe95e3eda357d35b0d017f2b678b652307827", "parents": [ "d56f84e7e317c69adefb2454a3d538a6d7e11e4b", "a4765fa7bfb92d5b9de19a503674b6624f95a7ae" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Oct 29 14:17:12 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Oct 29 14:17:12 2010 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (34 commits)\n b43: Fix warning at drivers/mmc/core/core.c:237 in mmc_wait_for_cmd\n mac80211: fix failure to check kmalloc return value in key_key_read\n libertas: Fix sd8686 firmware reload\n ath9k: Fix incorrect access of rate flags in RC\n netfilter: xt_socket: Make tproto signed in socket_mt6_v1().\n stmmac: enable/disable rx/tx in the core with a single write.\n net: atarilance - flags should be unsigned long\n netxen: fix kdump\n pktgen: Limit how much data we copy onto the stack.\n net: Limit socket I/O iovec total length to INT_MAX.\n USB: gadget: fix ethernet gadget crash in gether_setup\n fib: Fix fib zone and its hash leak on namespace stop\n cxgb3: Fix panic in free_tx_desc()\n cxgb3: fix crash due to manipulating queues before registration\n 8390: Don\u0027t oops on starting dev queue\n dccp ccid-2: Stop polling\n dccp: Refine the wait-for-ccid mechanism\n dccp: Extend CCID packet dequeueing interface\n dccp: Return-value convention of hc_tx_send_packet()\n igbvf: fix panic on load\n ...\n" }, { "commit": "a4765fa7bfb92d5b9de19a503674b6624f95a7ae", "tree": "27fa2b40b2fb4843043cc1583cd139844ee3f5fe", "parents": [ "089282fb028198169a0f62f8f833ab6d06bdbb3c", "9f2a0fac625bcef9c579bcf0b0c904ab1a56e7c4" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Oct 29 12:23:15 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Oct 29 12:23:15 2010 -0700" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6\n" }, { "commit": "520efd1ace3f826120482e57a95d649b4e1c1684", "tree": "04445d2fde489b7b7a3d8fa4898a0731817f6ca0", "parents": [ "731b2034999bbfe86c9074f1b0d611940bf7c323" ], "author": { "name": "Jesper Juhl", "email": "jj@chaosbits.net", "time": "Fri Oct 29 16:10:26 2010 +0200" }, "committer": { "name": "John W. Linville", "email": "linville@tuxdriver.com", "time": "Fri Oct 29 14:33:26 2010 -0400" }, "message": "mac80211: fix failure to check kmalloc return value in key_key_read\n\nI noticed two small issues in mac80211/debugfs_key.c::key_key_read while\nreading through the code. Patch below.\n\nThe key_key_read() function returns ssize_t and the value that\u0027s actually\nreturned is the return value of simple_read_from_buffer() which also\nreturns ssize_t, so let\u0027s hold the return value in a ssize_t local\nvariable rather than a int one.\n\nAlso, memory is allocated dynamically with kmalloc() which can fail, but\nthe return value of kmalloc() is not checked, so we may end up operating\non a null pointer further on. So check for a NULL return and bail out with\n-ENOMEM in that case.\n\nSigned-off-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n" }, { "commit": "d817d29d0b37290d90b3a9e2a61162f1dbf2be4f", "tree": "7414a1334cdac82a61340623a23109c3222f4a48", "parents": [ "64e46749224aa658d8fc0d37ea83ab20b1d7955d" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Fri Oct 29 19:59:40 2010 +0200" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Fri Oct 29 19:59:40 2010 +0200" }, "message": "netfilter: fix nf_conntrack_l4proto_register()\n\nWhile doing __rcu annotations work on net/netfilter I found following\nbug. On some arches, it is possible we publish a table while its content\nis not yet committed to memory, and lockless reader can dereference wild\npointer.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" }, { "commit": "64e46749224aa658d8fc0d37ea83ab20b1d7955d", "tree": "ac3bbe77967718ba3022c58dbbe47142ee77c6f8", "parents": [ "6b1686a71e3158d3c5f125260effce171cc7852b" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Fri Oct 29 16:28:07 2010 +0200" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Fri Oct 29 16:28:07 2010 +0200" }, "message": "netfilter: nf_nat: fix compiler warning with CONFIG_NF_CT_NETLINK\u003dn\n\nnet/ipv4/netfilter/nf_nat_core.c:52: warning: \u0027nf_nat_proto_find_get\u0027 defined but not used\nnet/ipv4/netfilter/nf_nat_core.c:66: warning: \u0027nf_nat_proto_put\u0027 defined but not used\n\nReported-by: Geert Uytterhoeven \u003cgeert@linux-m68k.org\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" }, { "commit": "51139adac92f7160ad3ca1cab2de1b4b8d19dc96", "tree": "ea12df0927809e8d5333e82d51cbdb96288c9e6b", "parents": [ "3c26ff6e499ee7e6f9f2bc7da5f2f30d80862ecf" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 25 23:47:46 2010 +0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 29 04:16:33 2010 -0400" }, "message": "convert get_sb_pseudo() users\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "fc14f2fef682df677d64a145256dbd263df2aa7b", "tree": "74f6b939fbad959a43c04ec646cd0adc8af5f53a", "parents": [ "848b83a59b772b8f102bc5e3f1187c2fa5676959" ], "author": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Sun Jul 25 01:48:30 2010 +0400" }, "committer": { "name": "Al Viro", "email": "viro@zeniv.linux.org.uk", "time": "Fri Oct 29 04:16:28 2010 -0400" }, "message": "convert get_sb_single() users\n\nSigned-off-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e\n" }, { "commit": "089282fb028198169a0f62f8f833ab6d06bdbb3c", "tree": "ad5377fa1310bdf3e8c24694ac729eba4cdada0c", "parents": [ "19449bfc10d163f0024dd5ae5808e28cda32e7b4" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Oct 28 12:59:53 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Oct 28 12:59:53 2010 -0700" }, "message": "netfilter: xt_socket: Make tproto signed in socket_mt6_v1().\n\nOtherwise error indications from ipv6_find_hdr() won\u0027t be noticed.\n\nThis required making the protocol argument to extract_icmp6_fields()\nsigned too.\n\nReported-by: Geert Uytterhoeven \u003cgeert@linux-m68k.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "448d7b5daf043d109df98e3e8f8deb165c2e8896", "tree": "475844d92c01fae639bda19988ba1375272c857a", "parents": [ "8acfe468b0384e834a303f08ebc4953d72fb690a" ], "author": { "name": "Nelson Elhage", "email": "nelhage@ksplice.com", "time": "Thu Oct 28 11:31:07 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Oct 28 11:47:53 2010 -0700" }, "message": "pktgen: Limit how much data we copy onto the stack.\n\nA program that accidentally writes too much data to the pktgen file can overflow\nthe kernel stack and oops the machine. This is only triggerable by root, so\nthere\u0027s no security issue, but it\u0027s still an unfortunate bug.\n\nprintk() won\u0027t print more than 1024 bytes in a single call, anyways, so let\u0027s\njust never copy more than that much data. We\u0027re on a fairly shallow stack, so\nthat should be safe even with CONFIG_4KSTACKS.\n\nSigned-off-by: Nelson Elhage \u003cnelhage@ksplice.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8acfe468b0384e834a303f08ebc4953d72fb690a", "tree": "7ecee335efdbd283a122bcba1d5d9b533906142a", "parents": [ "349f6c5c5d827db909a69e5b9e844e8623c8e881" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Oct 28 11:41:55 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Oct 28 11:47:52 2010 -0700" }, "message": "net: Limit socket I/O iovec total length to INT_MAX.\n\nThis helps protect us from overflow issues down in the\nindividual protocol sendmsg/recvmsg handlers. Once\nwe hit INT_MAX we truncate out the rest of the iovec\nby setting the iov_len members to zero.\n\nThis works because:\n\n1) For SOCK_STREAM and SOCK_SEQPACKET sockets, partial\n writes are allowed and the application will just continue\n with another write to send the rest of the data.\n\n2) For datagram oriented sockets, where there must be a\n one-to-one correspondance between write() calls and\n packets on the wire, INT_MAX is going to be far larger\n than the packet size limit the protocol is going to\n check for and signal with -EMSGSIZE.\n\nBased upon a patch by Linus Torvalds.\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4aa2c466a7733af093a526e9d1cdd0b3b90d47e9", "tree": "093d99b6c728867a8eb9548463d94661e3d0799e", "parents": [ "b1424ed91076db0b19ba4141856150df9b717dde" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@parallels.com", "time": "Thu Oct 28 02:00:43 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Oct 28 10:27:03 2010 -0700" }, "message": "fib: Fix fib zone and its hash leak on namespace stop\n\nWhen we stop a namespace we flush the table and free one, but the\nadded fn_zone-s (and their hashes if grown) are leaked. Need to free.\nTries releases all its stuff in the flushing code.\n\nShame on us - this bug exists since the very first make-fib-per-net\npatches in 2.6.27 :(\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1c0e0a0569e925220c2948ea9b92fc013895917f", "tree": "533f97f037679a7ba92867baf816dda21a3c9f84", "parents": [ "b1fcf55eea541af9efa5d39f5a0d1aec8ceca55d" ], "author": { "name": "Gerrit Renker", "email": "gerrit@erg.abdn.ac.uk", "time": "Wed Oct 27 19:16:28 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Oct 28 10:27:01 2010 -0700" }, "message": "dccp ccid-2: Stop polling\n\nThis updates CCID-2 to use the CCID dequeuing mechanism, converting from\nprevious continuous-polling to a now event-driven mechanism.\n\nSigned-off-by: Gerrit Renker \u003cgerrit@erg.abdn.ac.uk\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b1fcf55eea541af9efa5d39f5a0d1aec8ceca55d", "tree": "a021b6abde9c784d67ee0de3bb7fb31f7d5b2e9f", "parents": [ "dc841e30eaea9f9f83c9ab1ee0b3ef9e5c95ce8a" ], "author": { "name": "Gerrit Renker", "email": "gerrit@erg.abdn.ac.uk", "time": "Wed Oct 27 19:16:27 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Oct 28 10:27:01 2010 -0700" }, "message": "dccp: Refine the wait-for-ccid mechanism\n\nThis extends the existing wait-for-ccid routine so that it may be used with\ndifferent types of CCID, addressing the following problems:\n\n 1) The queue-drain mechanism only works with rate-based CCIDs. If CCID-2 for\n example has a full TX queue and becomes network-limited just as the\n application wants to close, then waiting for CCID-2 to become unblocked\n could lead to an indefinite delay (i.e., application \"hangs\").\n 2) Since each TX CCID in turn uses a feedback mechanism, there may be changes\n in its sending policy while the queue is being drained. This can lead to\n further delays during which the application will not be able to terminate.\n 3) The minimum wait time for CCID-3/4 can be expected to be the queue length\n times the current inter-packet delay. For example if tx_qlen\u003d100 and a delay\n of 15 ms is used for each packet, then the application would have to wait\n for a minimum of 1.5 seconds before being allowed to exit.\n 4) There is no way for the user/application to control this behaviour. It would\n be good to use the timeout argument of dccp_close() as an upper bound. Then\n the maximum time that an application is willing to wait for its CCIDs to can\n be set via the SO_LINGER option.\n\nThese problems are addressed by giving the CCID a grace period of up to the\n`timeout\u0027 value.\n\nThe wait-for-ccid function is, as before, used when the application\n (a) has read all the data in its receive buffer and\n (b) if SO_LINGER was set with a non-zero linger time, or\n (c) the socket is either in the OPEN (active close) or in the PASSIVE_CLOSEREQ\n state (client application closes after receiving CloseReq).\n\nIn addition, there is a catch-all case of __skb_queue_purge() after waiting for\nthe CCID. This is necessary since the write queue may still have data when\n (a) the host has been passively-closed,\n (b) abnormal termination (unread data, zero linger time),\n (c) wait-for-ccid could not finish within the given time limit.\n\nSigned-off-by: Gerrit Renker \u003cgerrit@erg.abdn.ac.uk\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "dc841e30eaea9f9f83c9ab1ee0b3ef9e5c95ce8a", "tree": "921458d0ea02f1478dbac9305c1925dbea8c0dd9", "parents": [ "fe84f4140f0d24deca8591e38926b95cfd097e62" ], "author": { "name": "Gerrit Renker", "email": "gerrit@erg.abdn.ac.uk", "time": "Wed Oct 27 19:16:26 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Oct 28 10:27:00 2010 -0700" }, "message": "dccp: Extend CCID packet dequeueing interface\n\nThis extends the packet dequeuing interface of dccp_write_xmit() to allow\n 1. CCIDs to take care of timing when the next packet may be sent;\n 2. delayed sending (as before, with an inter-packet gap up to 65.535 seconds).\n\nThe main purpose is to take CCID-2 out of its polling mode (when it is network-\nlimited, it tries every millisecond to send, without interruption).\n\nThe mode of operation for (2) is as follows:\n * new packet is enqueued via dccp_sendmsg() \u003d\u003e dccp_write_xmit(),\n * ccid_hc_tx_send_packet() detects that it may not send (e.g. window full),\n * it signals this condition via `CCID_PACKET_WILL_DEQUEUE_LATER\u0027,\n * dccp_write_xmit() returns without further action;\n * after some time the wait-condition for CCID becomes true,\n * that CCID schedules the tasklet,\n * tasklet function calls ccid_hc_tx_send_packet() via dccp_write_xmit(),\n * since the wait-condition is now true, ccid_hc_tx_packet() returns \"send now\",\n * packet is sent, and possibly more (since dccp_write_xmit() loops).\n\nCode reuse: the taskled function calls dccp_write_xmit(), the timer function\n reduces to a wrapper around the same code.\n\nSigned-off-by: Gerrit Renker \u003cgerrit@erg.abdn.ac.uk\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "fe84f4140f0d24deca8591e38926b95cfd097e62", "tree": "5b4c809f131105fddb533776632ff1d546b604a7", "parents": [ "de7fe7874dc55e8226245c50f07dec3c7b285044" ], "author": { "name": "Gerrit Renker", "email": "gerrit@erg.abdn.ac.uk", "time": "Wed Oct 27 19:16:25 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Oct 28 10:27:00 2010 -0700" }, "message": "dccp: Return-value convention of hc_tx_send_packet()\n\nThis patch reorganises the return value convention of the CCID TX sending\nfunction, to permit more flexible schemes, as required by subsequent patches.\n\nCurrently the convention is\n * values \u003c 0 mean error,\n * a value \u003d\u003d 0 means \"send now\", and\n * a value x \u003e 0 means \"send in x milliseconds\".\n\nThe patch provides symbolic constants and a function to interpret return values.\n\nIn addition, it caps the maximum positive return value to 0xFFFF milliseconds,\ncorresponding to 65.535 seconds. This is possible since in CCID-3/4 the\nmaximum possible inter-packet gap is fixed at t_mbi \u003d 64 sec.\n\nSigned-off-by: Gerrit Renker \u003cgerrit@erg.abdn.ac.uk\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f6ac55b6c156cebf750376dc08e06ffdade82717", "tree": "fd173ac547ec84f90b56cf6d8a90f737b4b2748f", "parents": [ "b165d60145b717261a0234f989c442c2b68b6ec0" ], "author": { "name": "Sanchit Garg", "email": "sancgarg@linux.vnet.ibm.com", "time": "Wed Oct 27 09:41:01 2010 +0530" }, "committer": { "name": "Eric Van Hensbergen", "email": "ericvh@gmail.com", "time": "Thu Oct 28 09:08:49 2010 -0500" }, "message": "net/9p: Return error on read with NULL buffer\n\nThis patch ensures that a read(fd, NULL, 10) returns EFAULT on a 9p file.\n\nSigned-off-by: Sanchit Garg \u003csancgarg@linux.vnet.ibm.com\u003e\nSigned-off-by: Aneesh Kumar K.V \u003caneesh.kumar@linux.vnet.ibm.com\u003e\nSigned-off-by: Eric Van Hensbergen \u003cericvh@gmail.com\u003e\n" }, { "commit": "b165d60145b717261a0234f989c442c2b68b6ec0", "tree": "024f9f2c71ff85a806ed47cbbf451edeaa7111a5", "parents": [ "7b3bb3fe166702b504f1068359c9550d3b277eaf" ], "author": { "name": "Venkateswararao Jujjuri (JV)", "email": "jvrao@linux.vnet.ibm.com", "time": "Fri Oct 22 10:13:12 2010 -0700" }, "committer": { "name": "Eric Van Hensbergen", "email": "ericvh@gmail.com", "time": "Thu Oct 28 09:08:49 2010 -0500" }, "message": "9p: Add datasync to client side TFSYNC/RFSYNC for dotl\n\nSYNOPSIS\n size[4] Tfsync tag[2] fid[4] datasync[4]\n\n size[4] Rfsync tag[2]\n\nDESCRIPTION\n\n The Tfsync transaction transfers (\"flushes\") all modified in-core data of\n file identified by fid to the disk device (or other permanent storage\n device) where that file resides.\n\n If datasync flag is specified data will be fleshed but does not flush\n modified metadata unless that metadata is needed in order to allow a\n subsequent data retrieval to be correctly handled.\n\nSigned-off-by: Venkateswararao Jujjuri \u003cjvrao@linux.vnet.ibm.com\u003e\nSigned-off-by: Eric Van Hensbergen \u003cericvh@gmail.com\u003e\n" }, { "commit": "7b3bb3fe166702b504f1068359c9550d3b277eaf", "tree": "8a3c8039f55126dbafb23a06d7b03a1e5abf3d24", "parents": [ "877cb3d4dd73838adcc6b79f2a3d29b155e7ebbe" ], "author": { "name": "Aneesh Kumar K.V", "email": "aneesh.kumar@linux.vnet.ibm.com", "time": "Tue Oct 19 09:17:02 2010 +0530" }, "committer": { "name": "Eric Van Hensbergen", "email": "ericvh@gmail.com", "time": "Thu Oct 28 09:08:49 2010 -0500" }, "message": "net/9p: Return error if we fail to encode protocol data\n\nWe need to return error in case we fail to encode data in protocol buffer.\nThis patch also return error in case of a failed copy_from_user.\n\nSigned-off-by: Aneesh Kumar K.V \u003caneesh.kumar@linux.vnet.ibm.com\u003e\nSigned-off-by: Venkateswararao Jujjuri \u003cjvrao@linux.vnet.ibm.com\u003e\nSigned-off-by: Eric Van Hensbergen \u003cericvh@gmail.com\u003e\n" }, { "commit": "52f44e0d08ff1a065bf06615483c608163575cb1", "tree": "44292212cecafac6ed870812b882b9af545bdaa6", "parents": [ "419b39561e698d73a42f8010655d22e0134486da" ], "author": { "name": "Venkateswararao Jujjuri (JV)", "email": "jvrao@linux.vnet.ibm.com", "time": "Wed Sep 29 18:33:41 2010 -0700" }, "committer": { "name": "Eric Van Hensbergen", "email": "ericvh@gmail.com", "time": "Thu Oct 28 09:08:48 2010 -0500" }, "message": "net/9p: Add waitq to VirtIO transport.\n\nIf there is not enough space for the PDU on the VirtIO ring, current\ncode returns -EIO propagating the error to user.\n\nThis patch introduced a wqit_queue on the channel, and lets the process\nwait on this queue until VirtIO ring frees up.\n\nSigned-off-by: Venkateswararao Jujjuri \u003cjvrao@linux.vnet.ibm.com\u003e\nSigned-off-by: Eric Van Hensbergen \u003cericvh@gmail.com\u003e\n" }, { "commit": "419b39561e698d73a42f8010655d22e0134486da", "tree": "76b6bd98dcaaa89d27b2d804d1ed67f049f070bd", "parents": [ "329176cc2c50e63c580ddaabb385876db5af1360" ], "author": { "name": "Venkateswararao Jujjuri (JV)", "email": "jvrao@linux.vnet.ibm.com", "time": "Wed Sep 29 18:06:54 2010 -0700" }, "committer": { "name": "Eric Van Hensbergen", "email": "ericvh@gmail.com", "time": "Thu Oct 28 09:08:48 2010 -0500" }, "message": "[net/9p]Serialize virtqueue operations to make VirtIO transport SMP safe.\n\nSigned-off-by: Venkateswararao Jujjuri \u003cjvrao@linux.vnet.ibm.com\u003e\nSigned-off-by: Eric Van Hensbergen \u003cericvh@gmail.com\u003e\n" }, { "commit": "329176cc2c50e63c580ddaabb385876db5af1360", "tree": "c7a95364c6339f75d37e1b63890d94114cd1935e", "parents": [ "368c09d2a303c39e9f37193b23e945e6754cf0a7" ], "author": { "name": "M. Mohan Kumar", "email": "mohan@in.ibm.com", "time": "Tue Sep 28 19:59:25 2010 +0530" }, "committer": { "name": "Eric Van Hensbergen", "email": "ericvh@gmail.com", "time": "Thu Oct 28 09:08:48 2010 -0500" }, "message": "9p: Implement TREADLINK operation for 9p2000.L\n\nSynopsis\n\n\tsize[4] TReadlink tag[2] fid[4]\n\tsize[4] RReadlink tag[2] target[s]\n\nDescription\n\tReadlink is used to return the contents of the symoblic link\n referred by fid. Contents of symboic link is returned as a\n response.\n\n\ttarget[s] - Contents of the symbolic link referred by fid.\n\nSigned-off-by: M. Mohan Kumar \u003cmohan@in.ibm.com\u003e\nReviewed-by: Aneesh Kumar K.V \u003caneesh.kumar@linux.vnet.ibm.com\u003e\nSigned-off-by: Venkateswararao Jujjuri \u003cjvrao@linux.vnet.ibm.com\u003e\nSigned-off-by: Eric Van Hensbergen \u003cericvh@gmail.com\u003e\n" }, { "commit": "1d769cd192fc8c4097b1e2cd41fdee6ba3d1b2af", "tree": "16fd71ff9178bbfe144a28a2e168c85fb541a11b", "parents": [ "a099027c779068b834f335cfdc3f2bf10f531dd9" ], "author": { "name": "M. Mohan Kumar", "email": "mohan@in.ibm.com", "time": "Mon Sep 27 12:22:13 2010 +0530" }, "committer": { "name": "Eric Van Hensbergen", "email": "ericvh@gmail.com", "time": "Thu Oct 28 09:08:47 2010 -0500" }, "message": "9p: Implement TGETLOCK\n\nSynopsis\n\n size[4] TGetlock tag[2] fid[4] getlock[n]\n size[4] RGetlock tag[2] getlock[n]\n\nDescription\n\nTGetlock is used to test for the existence of byte range posix locks on a file\nidentified by given fid. The reply contains getlock structure. If the lock could\nbe placed it returns F_UNLCK in type field of getlock structure. Otherwise it\nreturns the details of the conflicting locks in the getlock structure\n\n getlock structure:\n type[1] - Type of lock: F_RDLCK, F_WRLCK\n start[8] - Starting offset for lock\n length[8] - Number of bytes to check for the lock\n If length is 0, check for lock in all bytes starting at the location\n \u0027start\u0027 through to the end of file\n pid[4] - PID of the process that wants to take lock/owns the task\n in case of reply\n client[4] - Client id of the system that owns the process which\n has the conflicting lock\n\nSigned-off-by: M. Mohan Kumar \u003cmohan@in.ibm.com\u003e\nSigned-off-by: Aneesh Kumar K.V \u003caneesh.kumar@linux.vnet.ibm.com\u003e\nSigned-off-by: Venkateswararao Jujjuri \u003cjvrao@linux.vnet.ibm.com\u003e\nSigned-off-by: Eric Van Hensbergen \u003cericvh@gmail.com\u003e\n" }, { "commit": "a099027c779068b834f335cfdc3f2bf10f531dd9", "tree": "eee43443cce85a03c13b1cfdd25bf451445cf78f", "parents": [ "920e65dc6911da28a58e17f4b683302636fc6d8e" ], "author": { "name": "M. Mohan Kumar", "email": "mohan@in.ibm.com", "time": "Mon Sep 27 11:34:24 2010 +0530" }, "committer": { "name": "Eric Van Hensbergen", "email": "ericvh@gmail.com", "time": "Thu Oct 28 09:08:47 2010 -0500" }, "message": "9p: Implement TLOCK\n\nSynopsis\n\n size[4] TLock tag[2] fid[4] flock[n]\n size[4] RLock tag[2] status[1]\n\nDescription\n\nTlock is used to acquire/release byte range posix locks on a file\nidentified by given fid. The reply contains status of the lock request\n\n flock structure:\n type[1] - Type of lock: F_RDLCK, F_WRLCK, F_UNLCK\n flags[4] - Flags could be either of\n P9_LOCK_FLAGS_BLOCK - Blocked lock request, if there is a\n conflicting lock exists, wait for that lock to be released.\n P9_LOCK_FLAGS_RECLAIM - Reclaim lock request, used when client is\n trying to reclaim a lock after a server restrart (due to crash)\n start[8] - Starting offset for lock\n length[8] - Number of bytes to lock\n If length is 0, lock all bytes starting at the location \u0027start\u0027\n through to the end of file\n pid[4] - PID of the process that wants to take lock\n client_id[4] - Unique client id\n\n status[1] - Status of the lock request, can be\n P9_LOCK_SUCCESS(0), P9_LOCK_BLOCKED(1), P9_LOCK_ERROR(2) or\n P9_LOCK_GRACE(3)\n P9_LOCK_SUCCESS - Request was successful\n P9_LOCK_BLOCKED - A conflicting lock is held by another process\n P9_LOCK_ERROR - Error while processing the lock request\n P9_LOCK_GRACE - Server is in grace period, it can\u0027t accept new lock\n requests in this period (except locks with\n P9_LOCK_FLAGS_RECLAIM flag set)\n\nSigned-off-by: M. Mohan Kumar \u003cmohan@in.ibm.com\u003e\nSigned-off-by: Aneesh Kumar K.V \u003caneesh.kumar@linux.vnet.ibm.com\u003e\nSigned-off-by: Venkateswararao Jujjuri \u003cjvrao@linux.vnet.ibm.com\u003e\nSigned-off-by: Eric Van Hensbergen \u003cericvh@gmail.com\u003e\n" } ], "next": "920e65dc6911da28a58e17f4b683302636fc6d8e" }