)]}' { "log": [ { "commit": "0bae35e14b68f5e7075bc96e5ea608b42bdf8f59", "tree": "c7aaf04160c9278d2d4f9466980dfca501258442", "parents": [ "e172662d113ceb22db727a979bb35b9c02f703b5" ], "author": { "name": "Johannes Berg", "email": "johannes.berg@intel.com", "time": "Thu Dec 02 14:31:14 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Dec 02 14:51:15 2010 -0800" }, "message": "leds: fix up dependencies\n\nIt\u0027s not useful to build LED triggers when there\u0027s no LEDs that can be\ntriggered by them. Therefore, fix up the dependencies so that this\ncannot happen, and fix a few users that select triggers to depend on\nLEDS_CLASS as well (there is also one user that also selects LEDS_CLASS,\nwhich is OK).\n\nSigned-off-by: Johannes Berg \u003cjohannes.berg@intel.com\u003e\nReported-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nAcked-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nTested-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Arnd Hannemann \u003carnd@arndnet.de\u003e\nCc: Michal Hocko \u003cmhocko@suse.cz\u003e\nCc: Richard Purdie \u003crpurdie@linux.intel.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "a01af8e4a4ee1135598f157051959982418c38f8", "tree": "76c78a7cbd02204afbe7404880dfbf312ebd51a5", "parents": [ "a9735c81a43054a7e8cb8771c8e04c01fcacde10", "25888e30319f8896fc656fc68643e6a078263060" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Nov 29 14:36:33 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Mon Nov 29 14:36:33 2010 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (27 commits)\n af_unix: limit recursion level\n pch_gbe driver: The wrong of initializer entry\n pch_gbe dreiver: chang author\n ucc_geth: fix ucc halt problem in half duplex mode\n inet: Fix __inet_inherit_port() to correctly increment bsockets and num_owners\n ehea: Add some info messages and fix an issue\n hso: fix disable_net\n NET: wan/x25_asy, move lapb_unregister to x25_asy_close_tty\n cxgb4vf: fix setting unicast/multicast addresses ...\n net, ppp: Report correct error code if unit allocation failed\n DECnet: don\u0027t leak uninitialized stack byte\n au1000_eth: fix invalid address accessing the MAC enable register\n dccp: fix error in updating the GAR\n tcp: restrict net.ipv4.tcp_adv_win_scale (#20312)\n netns: Don\u0027t leak others\u0027 openreq-s in proc\n Net: ceph: Makefile: Remove unnessary code\n vhost/net: fix rcu check usage\n econet: fix CVE-2010-3848\n econet: fix CVE-2010-3850\n econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849\n ...\n" }, { "commit": "25888e30319f8896fc656fc68643e6a078263060", "tree": "ae484d38b1250da885d3939dd9a97e667fbc871d", "parents": [ "50a4205333c5e545551f1f82b3004ca635407c5c" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Thu Nov 25 04:11:39 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 29 09:45:15 2010 -0800" }, "message": "af_unix: limit recursion level\n\nIts easy to eat all kernel memory and trigger NMI watchdog, using an\nexploit program that queues unix sockets on top of others.\n\nlkml ref : http://lkml.org/lkml/2010/11/25/8\n\nThis mechanism is used in applications, one choice we have is to have a\nrecursion limit.\n\nOther limits might be needed as well (if we queue other types of files),\nsince the passfd mechanism is currently limited by socket receive queue\nsizes only.\n\nAdd a recursion_level to unix socket, allowing up to 4 levels.\n\nEach time we send an unix socket through sendfd mechanism, we copy its\nrecursion level (plus one) to receiver. This recursion level is cleared\nwhen socket receive queue is emptied.\n\nReported-by: Марк Коренберг \u003csocketpair@gmail.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b4ff3c90e6066bacc8a92111752fe9e4f4c45cca", "tree": "b64a78c4a7950e6b43c3e882dfc6dbe3a88aa2ea", "parents": [ "5c7e57f7cddb83d81d83fefa5822dfe80891130e" ], "author": { "name": "Nagendra Tomar", "email": "tomer_iisc@yahoo.com", "time": "Fri Nov 26 14:26:27 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Nov 28 18:18:44 2010 -0800" }, "message": "inet: Fix __inet_inherit_port() to correctly increment bsockets and num_owners\n\ninet sockets corresponding to passive connections are added to the bind hash\nusing ___inet_inherit_port(). These sockets are later removed from the bind\nhash using __inet_put_port(). These two functions are not exactly symmetrical.\n__inet_put_port() decrements hashinfo-\u003ebsockets and tb-\u003enum_owners, whereas\n___inet_inherit_port() does not increment them. This results in both of these\ngoing to -ve values.\n\nThis patch fixes this by calling inet_bind_hash() from ___inet_inherit_port(),\nwhich does the right thing.\n\n\u0027bsockets\u0027 and \u0027num_owners\u0027 were introduced by commit a9d8f9110d7e953c\n(inet: Allowing more than 64k connections and heavily optimize bind(0))\n\nSigned-off-by: Nagendra Singh Tomar \u003ctomer_iisc@yahoo.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Evgeniy Polyakov \u003czbr@ioremap.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3c6f27bf33052ea6ba9d82369fb460726fb779c0", "tree": "0159223767a5edaaad3133df1bc4f061da0723a0", "parents": [ "462ca99c2ff6caae94dde5c05b56b54f6c01602a" ], "author": { "name": "Dan Rosenberg", "email": "drosenberg@vsecurity.com", "time": "Tue Nov 23 11:02:13 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Nov 28 11:32:30 2010 -0800" }, "message": "DECnet: don\u0027t leak uninitialized stack byte\n\nA single uninitialized padding byte is leaked to userspace.\n\nSigned-off-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nCC: stable \u003cstable@kernel.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "0ac78870220b6e0ac74dd9292bcfa7b18718babd", "tree": "19b0359b9a805857acf9ab713afd4e485e4da692", "parents": [ "a301e1703edc088592f8c5c16f9bdd34a0792776" ], "author": { "name": "Gerrit Renker", "email": "gerrit@erg.abdn.ac.uk", "time": "Tue Nov 23 02:36:56 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Nov 28 11:29:27 2010 -0800" }, "message": "dccp: fix error in updating the GAR\n\nThis fixes a bug in updating the Greatest Acknowledgment number Received (GAR):\nthe current implementation does not track the greatest received value -\nlower values in the range AWL..AWH (RFC 4340, 7.5.1) erase higher ones.\n\nSigned-off-by: Gerrit Renker \u003cgerrit@erg.abdn.ac.uk\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "0147fc058d11bd4009b126d09974d2c8f48fef15", "tree": "f73f0e82f7774938dd7190c6a810e0ccb2466f2b", "parents": [ "8475ef9fd16cadbfc692f78e608d1941a340beb2" ], "author": { "name": "Alexey Dobriyan", "email": "adobriyan@gmail.com", "time": "Mon Nov 22 12:54:21 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Nov 28 10:39:45 2010 -0800" }, "message": "tcp: restrict net.ipv4.tcp_adv_win_scale (#20312)\n\ntcp_win_from_space() does the following:\n\n if (sysctl_tcp_adv_win_scale \u003c\u003d 0)\n return space \u003e\u003e (-sysctl_tcp_adv_win_scale);\n else\n return space - (space \u003e\u003e sysctl_tcp_adv_win_scale);\n\n\"space\" is int.\n\nAs per C99 6.5.7 (3) shifting int for 32 or more bits is\nundefined behaviour.\n\nIndeed, if sysctl_tcp_adv_win_scale is exactly 32,\nspace \u003e\u003e 32 equals space and function returns 0.\n\nWhich means we busyloop in tcp_fixup_rcvbuf().\n\nRestrict net.ipv4.tcp_adv_win_scale to [-31, 31].\n\nFix https://bugzilla.kernel.org/show_bug.cgi?id\u003d20312\n\nSteps to reproduce:\n\n echo 32 \u003e/proc/sys/net/ipv4/tcp_adv_win_scale\n wget www.kernel.org\n [softlockup]\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8475ef9fd16cadbfc692f78e608d1941a340beb2", "tree": "6e582cc6eed642094c87fd1075bc0d7eade41602", "parents": [ "4cb6a614ba0e58cae8abdadbf73bcb4d37a3f599" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@parallels.com", "time": "Mon Nov 22 03:26:12 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Nov 27 22:57:48 2010 -0800" }, "message": "netns: Don\u0027t leak others\u0027 openreq-s in proc\n\nThe /proc/net/tcp leaks openreq sockets from other namespaces.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4cb6a614ba0e58cae8abdadbf73bcb4d37a3f599", "tree": "09198ec9e4bbb9c751246d38db87da970a7740aa", "parents": [ "a27e13d370415add3487949c60810e36069a23a6" ], "author": { "name": "Tracey Dent", "email": "tdent48227@gmail.com", "time": "Sun Nov 21 15:23:50 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Nov 27 17:39:29 2010 -0800" }, "message": "Net: ceph: Makefile: Remove unnessary code\n\nRemove the if and else conditional because the code is in mainline and there\nis no need in it being there.\n\nSigned-off-by: Tracey Dent \u003ctdent48227@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "19650e8580987c0ffabc2fe2cbc16b944789df8b", "tree": "cf0cfb390a128e3b2d47daa46f59de0a62a8ff04", "parents": [ "1eb4c6362cb7d6a2f904c555c10dc45caeeefc31", "0b26a0bf6ff398185546432420bb772bcfdf8d94" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Nov 27 07:30:30 2010 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Nov 27 07:30:30 2010 +0900" }, "message": "Merge branch \u0027bugfixes\u0027 of git://git.linux-nfs.org/projects/trondmy/nfs-2.6\n\n* \u0027bugfixes\u0027 of git://git.linux-nfs.org/projects/trondmy/nfs-2.6:\n NFS: Ensure we return the dirent-\u003ed_type when it is known\n NFS: Correct the array bound calculation in nfs_readdir_add_to_array\n NFS: Don\u0027t ignore errors from nfs_do_filldir()\n NFS: Fix the error handling in \"uncached_readdir()\"\n NFS: Fix a page leak in uncached_readdir()\n NFS: Fix a page leak in nfs_do_filldir()\n NFS: Assume eof if the server returns no readdir records\n NFS: Buffer overflow in -\u003edecode_dirent() should not be fatal\n Pure nfs client performance using odirect.\n SUNRPC: Fix an infinite loop in call_refresh/call_refreshresult\n" }, { "commit": "a27e13d370415add3487949c60810e36069a23a6", "tree": "072e0ba8e2d629c55be4ef6fa5ae318e2a351e2f", "parents": [ "16c41745c7b92a243d0874f534c1655196c64b74" ], "author": { "name": "Phil Blundell", "email": "philb@gnu.org", "time": "Wed Nov 24 11:51:47 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 24 11:51:47 2010 -0800" }, "message": "econet: fix CVE-2010-3848\n\nDon\u0027t declare variable sized array of iovecs on the stack since this\ncould cause stack overflow if msg-\u003emsgiovlen is large. Instead, coalesce\nthe user-supplied data into a new buffer and use a single iovec for it.\n\nSigned-off-by: Phil Blundell \u003cphilb@gnu.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "16c41745c7b92a243d0874f534c1655196c64b74", "tree": "f30468ec3c9beb4d375ca1b0350c934e07d3b54f", "parents": [ "fa0e846494792e722d817b9d3d625a4ef4896c96" ], "author": { "name": "Phil Blundell", "email": "philb@gnu.org", "time": "Wed Nov 24 11:49:53 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 24 11:49:53 2010 -0800" }, "message": "econet: fix CVE-2010-3850\n\nAdd missing check for capable(CAP_NET_ADMIN) in SIOCSIFADDR operation.\n\nSigned-off-by: Phil Blundell \u003cphilb@gnu.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "fa0e846494792e722d817b9d3d625a4ef4896c96", "tree": "0e842037f9f48fe0974fe854f7f2d13b69f23c7f", "parents": [ "c39508d6f118308355468314ff414644115a07f3" ], "author": { "name": "Phil Blundell", "email": "philb@gnu.org", "time": "Wed Nov 24 11:49:19 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 24 11:49:19 2010 -0800" }, "message": "econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849\n\nLater parts of econet_sendmsg() rely on saddr !\u003d NULL, so return early\nwith EINVAL if NULL was passed otherwise an oops may occur.\n\nSigned-off-by: Phil Blundell \u003cphilb@gnu.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c39508d6f118308355468314ff414644115a07f3", "tree": "c69cfd271855fa4b81398f9ddcb3dc286489d71a", "parents": [ "4448008eb12f4b6bb9993584de8ec1d20b708d6f" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 24 11:47:22 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 24 11:47:22 2010 -0800" }, "message": "tcp: Make TCP_MAXSEG minimum more correct.\n\nUse TCP_MIN_MSS instead of constant 64.\n\nReported-by: Min Zhang \u003cmzhang@mvista.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "9915672d41273f5b77f1b3c29b391ffb7732b84b", "tree": "191dbf657535e49265be7664755890630e69e329", "parents": [ "cf41a51db89850033efc11c18a5257de810b5417" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Wed Nov 24 09:15:27 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 24 09:15:27 2010 -0800" }, "message": "af_unix: limit unix_tot_inflight\n\nVegard Nossum found a unix socket OOM was possible, posting an exploit\nprogram.\n\nMy analysis is we can eat all LOWMEM memory before unix_gc() being\ncalled from unix_release_sock(). Moreover, the thread blocked in\nunix_gc() can consume huge amount of time to perform cleanup because of\nhuge working set.\n\nOne way to handle this is to have a sensible limit on unix_tot_inflight,\ntested from wait_for_unix_gc() and to force a call to unix_gc() if this\nlimit is hit.\n\nThis solves the OOM and also reduce overall latencies, and should not\nslowdown normal workloads.\n\nReported-by: Vegard Nossum \u003cvegard.nossum@gmail.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3cbaa0f7a78d3b970b566629ee298c310780b919", "tree": "5b392ab5d59cfd87d7a6869ab6681a63d14e7d04", "parents": [ "e94571653876922bbc247c8ef13c0b7839c3e503", "cf41a51db89850033efc11c18a5257de810b5417" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 24 08:22:34 2010 +0900" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 24 08:22:34 2010 +0900" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:\n of/phylib: Use device tree properties to initialize Marvell PHYs.\n phylib: Add support for Marvell 88E1149R devices.\n phylib: Use common page register definition for Marvell PHYs.\n qlge: Fix incorrect usage of module parameters and netdev msg level\n ipv6: fix missing in6_ifa_put in addrconf\n SuperH IrDA: correct Baud rate error correction\n atl1c: Fix hardware type check for enabling OTP CLK\n net: allow GFP_HIGHMEM in __vmalloc()\n bonding: change list contact to netdev@vger.kernel.org\n e1000: fix screaming IRQ\n" }, { "commit": "5fc43978a79e8021c189660ab63249fd29c5fb32", "tree": "cac3a18f6bc6c5b91e5c2592c2d7b0ad459db50e", "parents": [ "3561d43fd289f590fdae672e5eb831b8d5cf0bf6" ], "author": { "name": "Trond Myklebust", "email": "Trond.Myklebust@netapp.com", "time": "Sat Nov 20 11:13:31 2010 -0500" }, "committer": { "name": "Trond Myklebust", "email": "Trond.Myklebust@netapp.com", "time": "Mon Nov 22 13:22:39 2010 -0500" }, "message": "SUNRPC: Fix an infinite loop in call_refresh/call_refreshresult\n\nIf the rpcauth_refreshcred() call returns an error other than\nEACCES, ENOMEM or ETIMEDOUT, we currently end up looping forever\nbetween call_refresh and call_refreshresult.\n\nThe correct thing to do here is to exit on all errors except\nEAGAIN and ETIMEDOUT, for which case we retry 3 times, then\nreturn EACCES.\n\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n" }, { "commit": "88b2a9a3d98a19496d64aadda7158c0ad51cbe7d", "tree": "6e2fef13c006956efb6f592356d1c06874baf34c", "parents": [ "ddab1a3b30452bf6d2a2780dbb5fd962a85bec48" ], "author": { "name": "John Fastabend", "email": "john.r.fastabend@intel.com", "time": "Mon Nov 15 20:29:21 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 22 07:37:36 2010 -0800" }, "message": "ipv6: fix missing in6_ifa_put in addrconf\n\nFix ref count bug introduced by\n\ncommit 2de795707294972f6c34bae9de713e502c431296\nAuthor: Lorenzo Colitti \u003clorenzo@google.com\u003e\nDate: Wed Oct 27 18:16:49 2010 +0000\n\nipv6: addrconf: don\u0027t remove address state on ifdown if the address\nis being kept\n\nFix logic so that addrconf_ifdown() decrements the inet6_ifaddr\nrefcnt correctly with in6_ifa_put().\n\nReported-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: John Fastabend \u003cjohn.r.fastabend@intel.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7a1c8e5ab120a5f352e78bbc1fa5bb64e6f23639", "tree": "9c9b81e173c59d4be5590be5101c405457acab83", "parents": [ "a6c36ee677607b02d8ecc88e8a12785418b88107" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Sat Nov 20 07:46:35 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Nov 21 10:04:04 2010 -0800" }, "message": "net: allow GFP_HIGHMEM in __vmalloc()\n\nWe forgot to use __GFP_HIGHMEM in several __vmalloc() calls.\n\nIn ceph, add the missing flag.\n\nIn fib_trie.c, xfrm_hash.c and request_sock.c, using vzalloc() is\ncleaner and allows using HIGHMEM pages as well.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "76db8ac45fc738f7d7664fe9b56d15c594a45228", "tree": "eca23feab074d505b375e27714473f4ad337bd85", "parents": [ "caf8394524fdc039b090cd3af99157e9e76f4f06", "3105c19c450ac7c18ab28c19d364b588767261b3" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 19 15:32:22 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 19 15:32:22 2010 -0800" }, "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:\n ceph: fix readdir EOVERFLOW on 32-bit archs\n ceph: fix frag offset for non-leftmost frags\n ceph: fix dangling pointer\n ceph: explicitly specify page alignment in network messages\n ceph: make page alignment explicit in osd interface\n ceph: fix comment, remove extraneous args\n ceph: fix update of ctime from MDS\n ceph: fix version check on racing inode updates\n ceph: fix uid/gid on resent mds requests\n ceph: fix rdcache_gen usage and invalidate\n ceph: re-request max_size if cap auth changes\n ceph: only let auth caps update max_size\n ceph: fix open for write on clustered mds\n ceph: fix bad pointer dereference in ceph_fill_trace\n ceph: fix small seq message skipping\n Revert \"ceph: update issue_seq on cap grant\"\n" }, { "commit": "caf8394524fdc039b090cd3af99157e9e76f4f06", "tree": "c58af82b15459a55a66bfae3a9d83a23c2d2c62c", "parents": [ "6656b3fc8aba2eb7ca00c06c7fe4917938b0b652", "0302b8622ce696af1cda22fcf207d3793350e896" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 19 15:25:59 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 19 15:25:59 2010 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (31 commits)\n net: fix kernel-doc for sk_filter_rcu_release\n be2net: Fix to avoid firmware update when interface is not open.\n netfilter: fix IP_VS dependencies\n net: irda: irttp: sync error paths of data- and udata-requests\n ipv6: Expose reachable and retrans timer values as msecs\n ipv6: Expose IFLA_PROTINFO timer values in msecs instead of jiffies\n 3c59x: fix build failure on !CONFIG_PCI\n ipg.c: remove id [SUNDANCE, 0x1021]\n net: caif: spi: fix potential NULL dereference\n ath9k_htc: Avoid setting QoS control for non-QoS frames\n net: zero kobject in rx_queue_release\n net: Fix duplicate volatile warning.\n MAINTAINERS: Add stmmac maintainer\n bonding: fix a race in IGMP handling\n cfg80211: fix can_beacon_sec_chan, reenable HT40\n gianfar: fix signedness issue\n net: bnx2x: fix error value sign\n 8139cp: fix checksum broken\n r8169: fix checksum broken\n rds: Integer overflow in RDS cmsg handling\n ...\n" }, { "commit": "0302b8622ce696af1cda22fcf207d3793350e896", "tree": "70d8b124dcd37db847c5a6e997fca466458d024e", "parents": [ "d9efd2af461abb7b54c49c1b7e654d496dd1d379" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Thu Nov 18 13:02:37 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 19 09:27:15 2010 -0800" }, "message": "net: fix kernel-doc for sk_filter_rcu_release\n\nFix kernel-doc warning for sk_filter_rcu_release():\n\nWarning(net/core/filter.c:586): missing initial short description on line:\n * \tsk_filter_rcu_release: Release a socket filter by rcu_head\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nCc:\t\"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc:\tnetdev@vger.kernel.org\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "dba4490d22a496f9b7c21919cf3effbed5851213", "tree": "c66928ae2f6f7c9677266c2d84d3c92c0fc80b46", "parents": [ "925e277f5221defdc53cbef1ac3ed1803fa32357" ], "author": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Thu Nov 18 08:20:57 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 13:14:33 2010 -0800" }, "message": "netfilter: fix IP_VS dependencies\n\nWhen NF_CONNTRACK is enabled, IP_VS uses conntrack symbols.\nTherefore IP_VS can\u0027t be linked statically when conntrack\nis built modular.\n\nReported-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nTested-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "925e277f5221defdc53cbef1ac3ed1803fa32357", "tree": "5d11dc5bf2e6ca2ef848a3722c9270e59e4def67", "parents": [ "18a31e1e282f9ed563b131526a88162ccbe04ee3" ], "author": { "name": "Wolfram Sang", "email": "w.sang@pengutronix.de", "time": "Tue Nov 16 09:40:02 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 12:24:25 2010 -0800" }, "message": "net: irda: irttp: sync error paths of data- and udata-requests\n\nirttp_data_request() returns meaningful errorcodes, while irttp_udata_request()\njust returns -1 in similar situations. Sync the two and the loglevels of the\naccompanying output.\n\nSigned-off-by: Wolfram Sang \u003cw.sang@pengutronix.de\u003e\nCc: Samuel Ortiz \u003csameo@linux.intel.com\u003e\nCc: David Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "18a31e1e282f9ed563b131526a88162ccbe04ee3", "tree": "1ab16b75f4302854d5b2840143624577189f9997", "parents": [ "07bfa524d4c67acbb6b6fbdd1dea923d07853c04" ], "author": { "name": "Thomas Graf", "email": "tgraf@infradead.org", "time": "Wed Nov 17 04:12:02 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 12:08:36 2010 -0800" }, "message": "ipv6: Expose reachable and retrans timer values as msecs\n\nExpose reachable and retrans timer values in msecs instead of jiffies.\nBoth timer values are already exposed as msecs in the neighbour table\nnetlink interface.\n\nThe creation timestamp format with increased precision is kept but\ncleaned up.\n\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nCc: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "07bfa524d4c67acbb6b6fbdd1dea923d07853c04", "tree": "6e3819f13d3f4efa9c099cf227b1d42b1bc78620", "parents": [ "93908d192686d8285dd6441ff855df92a40103d2", "3bf30b56c4f0a1c4fae34050b7db4527c92891e8" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 11:56:09 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 11:56:09 2010 -0800" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6\n" }, { "commit": "93908d192686d8285dd6441ff855df92a40103d2", "tree": "f5d22a57782538cb2fe3a794294eef72bc8ede08", "parents": [ "d530db0db90378b5674cb78d9c0cfcc83f851a5e" ], "author": { "name": "Thomas Graf", "email": "tgraf@infradead.org", "time": "Wed Nov 17 01:44:24 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 11:05:01 2010 -0800" }, "message": "ipv6: Expose IFLA_PROTINFO timer values in msecs instead of jiffies\n\nIFLA_PROTINFO exposes timer related per device settings in jiffies.\nChange it to expose these values in msecs like the sysctl interface\ndoes.\n\nI did not find any users of IFLA_PROTINFO which rely on any of these\nvalues and even if there are, they are likely already broken because\nthere is no way for them to reliably convert such a value to another\ntime format.\n\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nCc: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7d8e76bf9ac3604897f0ce12e8bf09b68c2a2c89", "tree": "c22856a3f630d3fb3067aa1a89f8f884f97dcc40", "parents": [ "ef22b7b65f0eda9015becc7bff225a399914a242" ], "author": { "name": "John Fastabend", "email": "john.r.fastabend@intel.com", "time": "Tue Nov 16 19:42:53 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 18 09:41:40 2010 -0800" }, "message": "net: zero kobject in rx_queue_release\n\nnetif_set_real_num_rx_queues() can decrement and increment\nthe number of rx queues. For example ixgbe does this as\nfeatures and offloads are toggled. Presumably this could\nalso happen across down/up on most devices if the available\nresources changed (cpu offlined).\n\nThe kobject needs to be zero\u0027d in this case so that the\nstate is not preserved across kobject_put()/kobject_init_and_add().\n\nThis resolves the following error report.\n\nixgbe 0000:03:00.0: eth2: NIC Link is Up 10 Gbps, Flow Control: RX/TX\nkobject (ffff880324b83210): tried to init an initialized object, something is seriously wrong.\nPid: 1972, comm: lldpad Not tainted 2.6.37-rc18021qaz+ #169\nCall Trace:\n [\u003cffffffff8121c940\u003e] kobject_init+0x3a/0x83\n [\u003cffffffff8121cf77\u003e] kobject_init_and_add+0x23/0x57\n [\u003cffffffff8107b800\u003e] ? mark_lock+0x21/0x267\n [\u003cffffffff813c6d11\u003e] net_rx_queue_update_kobjects+0x63/0xc6\n [\u003cffffffff813b5e0e\u003e] netif_set_real_num_rx_queues+0x5f/0x78\n [\u003cffffffffa0261d49\u003e] ixgbe_set_num_queues+0x1c6/0x1ca [ixgbe]\n [\u003cffffffffa0262509\u003e] ixgbe_init_interrupt_scheme+0x1e/0x79c [ixgbe]\n [\u003cffffffffa0274596\u003e] ixgbe_dcbnl_set_state+0x167/0x189 [ixgbe]\n\nSigned-off-by: John Fastabend \u003cjohn.r.fastabend@intel.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "09a02fdb919876c01e8f05960750a418b3f7fa48", "tree": "56be1e83394ba38590ab16a0d2905fe49e05414d", "parents": [ "9236d838c920e90708570d9bbd7bb82d30a38130" ], "author": { "name": "Mark Mentovai", "email": "mark@moxienet.com", "time": "Wed Nov 17 16:34:37 2010 -0500" }, "committer": { "name": "John W. Linville", "email": "linville@tuxdriver.com", "time": "Thu Nov 18 11:35:05 2010 -0500" }, "message": "cfg80211: fix can_beacon_sec_chan, reenable HT40\n\nThis follows wireless-testing 9236d838c920e90708570d9bbd7bb82d30a38130\n(\"cfg80211: fix extension channel checks to initiate communication\") and\nfixes accidental case fall-through. Without this fix, HT40 is entirely\nblocked.\n\nSigned-off-by: Mark Mentovai \u003cmark@moxienet.com\u003e\nCc: stable@kernel.org\nAcked-by: Luis R. Rodriguez \u003clrodriguez@atheros.com\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n" }, { "commit": "218854af84038d828a32f061858b1902ed2beec6", "tree": "d5c688bc9856b3763e354619ff46ebe20edad891", "parents": [ "7d98ffd8c2d1da6cec5d84eba42c4aa836a93f85" ], "author": { "name": "Dan Rosenberg", "email": "drosenberg@vsecurity.com", "time": "Wed Nov 17 06:37:16 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 17 12:20:52 2010 -0800" }, "message": "rds: Integer overflow in RDS cmsg handling\n\nIn rds_cmsg_rdma_args(), the user-provided args-\u003enr_local value is\nrestricted to less than UINT_MAX. This seems to need a tighter upper\nbound, since the calculation of total iov_size can overflow, resulting\nin a small sock_kmalloc() allocation. This would probably just result\nin walking off the heap and crashing when calling rds_rdma_pages() with\na high count value. If it somehow doesn\u0027t crash here, then memory\ncorruption could occur soon after.\n\nSigned-off-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "451a3c24b0135bce54542009b5fde43846c7cf67", "tree": "f0fbbcc155aef2a1ffcb8aa593fe7a966d0e6900", "parents": [ "55f6561c6941713ab5ae9180525b026dd40b7d14" ], "author": { "name": "Arnd Bergmann", "email": "arnd@arndb.de", "time": "Wed Nov 17 16:26:55 2010 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Wed Nov 17 08:59:32 2010 -0800" }, "message": "BKL: remove extraneous #include \u003csmp_lock.h\u003e\n\nThe big kernel lock has been removed from all these files at some point,\nleaving only the #include.\n\nRemove this too as a cleanup.\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "9236d838c920e90708570d9bbd7bb82d30a38130", "tree": "ee2d9ae6b4f82efe3b28e33abebec96b7e136141", "parents": [ "b5261cf4f3860bd772346a3e692683b6144dd44c" ], "author": { "name": "Luis R. Rodriguez", "email": "lrodriguez@atheros.com", "time": "Fri Nov 12 16:31:23 2010 -0800" }, "committer": { "name": "John W. Linville", "email": "linville@tuxdriver.com", "time": "Tue Nov 16 15:59:39 2010 -0500" }, "message": "cfg80211: fix extension channel checks to initiate communication\n\nWhen operating in a mode that initiates communication and using\nHT40 we should fail if we cannot use both primary and secondary\nchannels to initiate communication. Our current ht40 allowmap\nonly covers STA mode of operation, for beaconing modes we need\na check on the fly as the mode of operation is dynamic and\nthere other flags other than disable which we should read\nto check if we can initiate communication.\n\nDo not allow for initiating communication if our secondary HT40\nchannel has is either disabled, has a passive scan flag, a\nno-ibss flag or is a radar channel. Userspace now has similar\nchecks but this is also needed in-kernel.\n\nReported-by: Jouni Malinen \u003cjouni.malinen@atheros.com\u003e\nCc: stable@kernel.org\nSigned-off-by: Luis R. Rodriguez \u003clrodriguez@atheros.com\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n" }, { "commit": "7d98ffd8c2d1da6cec5d84eba42c4aa836a93f85", "tree": "398437e234367d8184bbaed1b3af8dc8ed7d5d3a", "parents": [ "4c62ab9c538bc09c38093fa079e6902ea4d42b98" ], "author": { "name": "Ulrich Weber", "email": "uweber@astaro.com", "time": "Fri Nov 05 01:39:12 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 16 11:43:39 2010 -0800" }, "message": "xfrm: update flowi saddr in icmp_send if unset\n\notherwise xfrm_lookup will fail to find correct policy\n\nSigned-off-by: Ulrich Weber \u003cuweber@astaro.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4c62ab9c538bc09c38093fa079e6902ea4d42b98", "tree": "d67bb872f84197369d82985702b6517a7a3f289a", "parents": [ "3b42a96dc7870c53d20b419185737d3b8f7a7b74" ], "author": { "name": "Wolfram Sang", "email": "w.sang@pengutronix.de", "time": "Tue Nov 16 09:50:47 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 16 09:50:47 2010 -0800" }, "message": "irda: irttp: allow zero byte packets\n\nSending zero byte packets is not neccessarily an error (AF_INET accepts it,\ntoo), so just apply a shortcut. This was discovered because of a non-working\nsoftware with WINE. See\n\n http://bugs.winehq.org/show_bug.cgi?id\u003d19397#c86\n http://thread.gmane.org/gmane.linux.irda.general/1643\n\nfor very detailed debugging information and a testcase. Kudos to Wolfgang for\nthose!\n\nReported-by: Wolfgang Schwotzer \u003cwolfgang.schwotzer@gmx.net\u003e\nSigned-off-by: Wolfram Sang \u003cw.sang@pengutronix.de\u003e\nTested-by: Mike Evans \u003cmike.evans@cardolan.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "94f58df8e545657f0b2d16eca1ac7a4ec39ed6be", "tree": "cf914f47862fdabb86257f18b671754c38c2ca8f", "parents": [ "5685b971362651ee3d99ff3cc512c3bbd049d34d" ], "author": { "name": "Jesper Juhl", "email": "jj@chaosbits.net", "time": "Sun Nov 07 22:11:34 2010 +0100" }, "committer": { "name": "Trond Myklebust", "email": "Trond.Myklebust@netapp.com", "time": "Tue Nov 16 11:58:51 2010 -0500" }, "message": "SUNRPC: Simplify rpc_alloc_iostats by removing pointless local variable\n\nHi,\n\nWe can simplify net/sunrpc/stats.c::rpc_alloc_iostats() a bit by getting\nrid of the unneeded local variable \u0027new\u0027.\n\nPlease CC me on replies.\n\nSigned-off-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n" }, { "commit": "9457b24a0955bbdd2e89220a75de69fe09501bba", "tree": "cb484848e14cc2705c4513ad3ec1f0420a4d55db", "parents": [ "80ef913f5e6a84551545016cea709f5e96d0cda6", "0597d1b99fcfc2c0eada09a698f85ed413d4ba84" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 12 17:17:55 2010 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 12 17:17:55 2010 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (66 commits)\n can-bcm: fix minor heap overflow\n gianfar: Do not call device_set_wakeup_enable() under a spinlock\n ipv6: Warn users if maximum number of routes is reached.\n docs: Add neigh/gc_thresh3 and route/max_size documentation.\n axnet_cs: fix resume problem for some Ax88790 chip\n ipv6: addrconf: don\u0027t remove address state on ifdown if the address is being kept\n tcp: Don\u0027t change unlocked socket state in tcp_v4_err().\n x25: Prevent crashing when parsing bad X.25 facilities\n cxgb4vf: add call to Firmware to reset VF State.\n cxgb4vf: Fail open if link_start() fails.\n cxgb4vf: flesh out PCI Device ID Table ...\n cxgb4vf: fix some errors in Gather List to skb conversion\n cxgb4vf: fix bug in Generic Receive Offload\n cxgb4vf: don\u0027t implement trivial (and incorrect) ndo_select_queue()\n ixgbe: Look inside vlan when determining offload protocol.\n bnx2x: Look inside vlan when determining checksum proto.\n vlan: Add function to retrieve EtherType from vlan packets.\n virtio-net: init link state correctly\n ucc_geth: Fix deadlock\n ucc_geth: Do not bring the whole IF down when TX failure.\n ...\n" }, { "commit": "0597d1b99fcfc2c0eada09a698f85ed413d4ba84", "tree": "c66d570cfa83daadde69179557183dafeeab7ed8", "parents": [ "6c4f199411f254bf3713b04ed8653f0955883309" ], "author": { "name": "Oliver Hartkopp", "email": "socketcan@hartkopp.net", "time": "Wed Nov 10 12:10:30 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 14:07:14 2010 -0800" }, "message": "can-bcm: fix minor heap overflow\n\nOn 64-bit platforms the ASCII representation of a pointer may be up to 17\nbytes long. This patch increases the length of the buffer accordingly.\n\nhttp://marc.info/?l\u003dlinux-netdev\u0026m\u003d128872251418192\u0026w\u003d2\n\nReported-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nSigned-off-by: Oliver Hartkopp \u003csocketcan@hartkopp.net\u003e\nCC: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "403856532734317d25ec86ab1e75b8133db7acc6", "tree": "a294c1cba6ba395cd50c24c4e0f696645d6e13e2", "parents": [ "cbaf087a9f5e4721e83e8681ef328158f2298c6f" ], "author": { "name": "Ben Greear", "email": "greearb@candelatech.com", "time": "Mon Nov 08 12:33:48 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 14:03:24 2010 -0800" }, "message": "ipv6: Warn users if maximum number of routes is reached.\n\nThis gives users at least some clue as to what the problem\nmight be and how to go about fixing it.\n\nSigned-off-by: Ben Greear \u003cgreearb@candelatech.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "2de795707294972f6c34bae9de713e502c431296", "tree": "bd5ee45aee40d0c4a6a0c7d3c25202fd0f95f3f6", "parents": [ "8f49c2703b33519aaaccc63f571b465b9d2b3a2d" ], "author": { "name": "Lorenzo Colitti", "email": "lorenzo@google.com", "time": "Wed Oct 27 18:16:49 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 13:44:24 2010 -0800" }, "message": "ipv6: addrconf: don\u0027t remove address state on ifdown if the address is being kept\n\nCurrently, addrconf_ifdown does not delete statically configured IPv6\naddresses when the interface is brought down. The intent is that when\nthe interface comes back up the address will be usable again. However,\nthis doesn\u0027t actually work, because the system stops listening on the\ncorresponding solicited-node multicast address, so the address cannot\nrespond to neighbor solicitations and thus receive traffic. Also, the\ncode notifies the rest of the system that the address is being deleted\n(e.g, RTM_DELADDR), even though it is not. Fix it so that none of this\nstate is updated if the address is being kept on the interface.\n\nTested: Added a statically configured IPv6 address to an interface,\nstarted ping, brought link down, brought link up again. When link came\nup ping kept on going and \"ip -6 maddr\" showed that the host was still\nsubscribed to there\n\nSigned-off-by: Lorenzo Colitti \u003clorenzo@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8f49c2703b33519aaaccc63f571b465b9d2b3a2d", "tree": "3b2db10ae8642c87c7258522e06ee56910d5b420", "parents": [ "5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 13:35:00 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 13:35:00 2010 -0800" }, "message": "tcp: Don\u0027t change unlocked socket state in tcp_v4_err().\n\nAlexey Kuznetsov noticed a regression introduced by\ncommit f1ecd5d9e7366609d640ff4040304ea197fbc618\n(\"Revert Backoff [v3]: Revert RTO on ICMP destination unreachable\")\n\nThe RTO and timer modification code added to tcp_v4_err()\ndoesn\u0027t check sock_owned_by_user(), which if true means we\ndon\u0027t have exclusive access to the socket and therefore cannot\nmodify it\u0027s critical state.\n\nJust skip this new code block if sock_owned_by_user() is true\nand eliminate the now superfluous sock_owned_by_user() code\nblock contained within.\n\nReported-by: Alexey Kuznetsov \u003ckuznet@ms2.inr.ac.ru\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nCC: Damian Lukowski \u003cdamian@tvk.rwth-aachen.de\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\n" }, { "commit": "5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f", "tree": "c21d9c1c7f2792b0889432988d42e9b90f953358", "parents": [ "e68e6133e2daef6fc40e91621a1e26938e428e9e" ], "author": { "name": "Dan Rosenberg", "email": "drosenberg@vsecurity.com", "time": "Fri Nov 12 12:44:42 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 12:44:42 2010 -0800" }, "message": "x25: Prevent crashing when parsing bad X.25 facilities\n\nNow with improved comma support.\n\nOn parsing malformed X.25 facilities, decrementing the remaining length\nmay cause it to underflow. Since the length is an unsigned integer,\nthis will result in the loop continuing until the kernel crashes.\n\nThis patch adds checks to ensure decrementing the remaining length does\nnot cause it to wrap around.\n\nSigned-off-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1f18b7176e2e41fada24584ce3c80e9abfaca52b", "tree": "4f5cc10413729e16e8965c81afba3ca953ff3642", "parents": [ "7c13a0d9a1ac6875f6380763b947f4a5a016605f" ], "author": { "name": "Mariusz Kozlowski", "email": "mk@lab.zgora.pl", "time": "Mon Nov 08 11:58:45 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 11:06:46 2010 -0800" }, "message": "net: Fix header size check for GSO case in recvmsg (af_packet)\n\nParameter \u0027len\u0027 is size_t type so it will never get negative.\n\nSigned-off-by: Mariusz Kozlowski \u003cmk@lab.zgora.pl\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7c13a0d9a1ac6875f6380763b947f4a5a016605f", "tree": "fbf7b41bc8cc250e6f9add13541e7d1c408a33b8", "parents": [ "369cf77a6a3e41b1110506ddf43d45804103bfde", "22e091e5253da1e9ad7c0a82c2c84446fc403efe" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 11:04:26 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 11:04:26 2010 -0800" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6\n" }, { "commit": "369cf77a6a3e41b1110506ddf43d45804103bfde", "tree": "6bd88b669c8c68ac4d9008e00566ca15e43a6ff4", "parents": [ "8877870f8a8127b653f8c9a55c6b4de9f96f639b" ], "author": { "name": "Thomas Graf", "email": "tgraf@infradead.org", "time": "Thu Nov 11 15:47:59 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Nov 12 10:53:09 2010 -0800" }, "message": "rtnetlink: Fix message size calculation for link messages\n\nnlmsg_total_size() calculates the length of a netlink message\nincluding header and alignment. nla_total_size() calculates the\nspace an individual attribute consumes which was meant to be used\nin this context.\n\nAlso, ensure to account for the attribute header for the\nIFLA_INFO_XSTATS attribute as implementations of get_xstats_size()\nseem to assume that we do so.\n\nThe addition of two message headers minus the missing attribute\nheader resulted in a calculated message size that was larger than\nrequired. Therefore we never risked running out of skb tailroom.\n\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nAcked-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "22e091e5253da1e9ad7c0a82c2c84446fc403efe", "tree": "b3f892779ab637002bfb9e32c74905b13f81ec75", "parents": [ "ac5aa2e3332ec04889074afdbd1479424d0227a5" ], "author": { "name": "Shan Wei", "email": "shanwei@cn.fujitsu.com", "time": "Fri Nov 12 08:51:55 2010 +0100" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Fri Nov 12 08:51:55 2010 +0100" }, "message": "netfilter: ipv6: fix overlap check for fragments\n\nThe type of FRAG6_CB(prev)-\u003eoffset is int, skb-\u003elen is *unsigned* int,\nand offset is int.\n\nWithout this patch, type conversion occurred to this expression, when\n(FRAG6_CB(prev)-\u003eoffset + prev-\u003elen) is less than offset.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" }, { "commit": "8877870f8a8127b653f8c9a55c6b4de9f96f639b", "tree": "cc2629911f6b011ee2e3f4a85febbb9b6cc63604", "parents": [ "7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2", "7379efeacb707f49729080791a7a562d8996aec4" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 22:15:31 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 22:15:31 2010 -0800" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6\n" }, { "commit": "7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2", "tree": "f566af2a622e5416056c70633576a1a46b8bf6aa", "parents": [ "8d987e5c75107ca7515fa19e857cfa24aab6ec8f" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 21:35:37 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 21:35:37 2010 -0800" }, "message": "tcp: Increase TCP_MAXSEG socket option minimum.\n\nAs noted by Steve Chen, since commit\nf5fff5dc8a7a3f395b0525c02ba92c95d42b7390 (\"tcp: advertise MSS\nrequested by user\") we can end up with a situation where\ntcp_select_initial_window() does a divide by a zero (or\neven negative) mss value.\n\nThe problem is that sometimes we effectively subtract\nTCPOLEN_TSTAMP_ALIGNED and/or TCPOLEN_MD5SIG_ALIGNED from the mss.\n\nFix this by increasing the minimum from 8 to 64.\n\nReported-by: Steve Chen \u003cschen@mvista.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8d987e5c75107ca7515fa19e857cfa24aab6ec8f", "tree": "6392c5f08f0df39d42a079336f6be3960ac404dc", "parents": [ "67286640f638f5ad41a946b9a3dc75327950248f" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Tue Nov 09 23:24:26 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 12:12:00 2010 -0800" }, "message": "net: avoid limits overflow\n\nRobin Holt tried to boot a 16TB machine and found some limits were\nreached : sysctl_tcp_mem[2], sysctl_udp_mem[2]\n\nWe can switch infrastructure to use long \"instead\" of \"int\", now\natomic_long_t primitives are available for free.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nReported-by: Robin Holt \u003cholt@sgi.com\u003e\nReviewed-by: Robin Holt \u003cholt@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "67286640f638f5ad41a946b9a3dc75327950248f", "tree": "34844d5e00a54f78b384f75f6cded995423d7fc6", "parents": [ "57fe93b374a6b8711995c2d466c502af9f3a08bb" ], "author": { "name": "Vasiliy Kulikov", "email": "segooon@gmail.com", "time": "Wed Nov 10 12:09:10 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 12:09:10 2010 -0800" }, "message": "net: packet: fix information leak to userland\n\npacket_getname_spkt() doesn\u0027t initialize all members of sa_data field of\nsockaddr struct if strlen(dev-\u003ename) \u003c 13. This structure is then copied\nto userland. It leads to leaking of contents of kernel stack memory.\nWe have to fully fill sa_data with strncpy() instead of strlcpy().\n\nThe same with packet_getname(): it doesn\u0027t initialize sll_pkttype field of\nsockaddr_ll. Set it to zero.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "57fe93b374a6b8711995c2d466c502af9f3a08bb", "tree": "12648abf4c941275e5a12a8416e8fa6a92276753", "parents": [ "fe10ae53384e48c51996941b7720ee16995cbcb7" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 10:38:24 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 10:38:24 2010 -0800" }, "message": "filter: make sure filters dont read uninitialized memory\n\nThere is a possibility malicious users can get limited information about\nuninitialized stack mem array. Even if sk_run_filter() result is bound\nto packet length (0 .. 65535), we could imagine this can be used by\nhostile user.\n\nInitializing mem[] array, like Dan Rosenberg suggested in his patch is\nexpensive since most filters dont even use this array.\n\nIts hard to make the filter validation in sk_chk_filter(), because of\nthe jumps. This might be done later.\n\nIn this patch, I use a bitmap (a single long var) so that only filters\nusing mem[] loads/stores pay the price of added security checks.\n\nFor other filters, additional cost is a single instruction.\n\n[ Since we access fentry-\u003ek a lot now, cache it in a local variable\n and mark filter entry pointer as const. -DaveM ]\n\nReported-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "fe10ae53384e48c51996941b7720ee16995cbcb7", "tree": "b5a4332bd71d40a6193bc62d097808abfe62997a", "parents": [ "332dd96f7ac15e937088fe11f15cfe0210e8edd1" ], "author": { "name": "Vasiliy Kulikov", "email": "segooon@gmail.com", "time": "Wed Nov 10 10:14:33 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 10 10:14:33 2010 -0800" }, "message": "net: ax25: fix information leak to userland\n\nSometimes ax25_getname() doesn\u0027t initialize all members of fsa_digipeater\nfield of fsa struct, also the struct has padding bytes between\nsax25_call and sax25_ndigis fields. This structure is then copied to\nuserland. It leads to leaking of contents of kernel stack memory.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "c5c6b19d4b8f5431fca05f28ae9e141045022149", "tree": "0961d9aeee49f481134089ac5b93b7118cf3a34b", "parents": [ "b7495fc2ff941db6a118a93ab8d61149e3f4cef8" ], "author": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Nov 09 12:40:00 2010 -0800" }, "committer": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Nov 09 12:43:17 2010 -0800" }, "message": "ceph: explicitly specify page alignment in network messages\n\nThe alignment used for reading data into or out of pages used to be taken\nfrom the data_off field in the message header. This only worked as long\nas the page alignment matched the object offset, breaking direct io to\nnon-page aligned offsets.\n\nInstead, explicitly specify the page alignment next to the page vector\nin the ceph_msg struct, and use that instead of the message header (which\nprobably shouldn\u0027t be trusted). The alloc_msg callback is responsible for\nfilling in this field properly when it sets up the page vector.\n\nSigned-off-by: Sage Weil \u003csage@newdream.net\u003e\n" }, { "commit": "b7495fc2ff941db6a118a93ab8d61149e3f4cef8", "tree": "231c339d74760e2fa13e5e6f41c10bc28cea51b3", "parents": [ "e98b6fed84d0f0155d7b398e0dfeac74c792f2d0" ], "author": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Nov 09 12:43:12 2010 -0800" }, "committer": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Nov 09 12:43:12 2010 -0800" }, "message": "ceph: make page alignment explicit in osd interface\n\nWe used to infer alignment of IOs within a page based on the file offset,\nwhich assumed they matched. This broke with direct IO that was not aligned\nto pages (e.g., 512-byte aligned IO). We were also trusting the alignment\nspecified in the OSD reply, which could have been adjusted by the server.\n\nExplicitly specify the page alignment when setting up OSD IO requests.\n\nSigned-off-by: Sage Weil \u003csage@newdream.net\u003e\n" }, { "commit": "e98b6fed84d0f0155d7b398e0dfeac74c792f2d0", "tree": "0762cba398c39329dc5f056ddfccebf6768d2555", "parents": [ "d8672d64b88cdb7aa8139fb6d218f40b8cbf60af" ], "author": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Nov 09 12:24:53 2010 -0800" }, "committer": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Nov 09 12:24:53 2010 -0800" }, "message": "ceph: fix comment, remove extraneous args\n\nThe offset/length arguments aren\u0027t used.\n\nSigned-off-by: Sage Weil \u003csage@newdream.net\u003e\n" }, { "commit": "332dd96f7ac15e937088fe11f15cfe0210e8edd1", "tree": "8efe236b18c0abacee96f9ed5fa6cfd396cdedcf", "parents": [ "88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Tue Nov 09 11:46:33 2010 -0800" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 09 12:17:16 2010 -0800" }, "message": "net/dst: dst_dev_event() called after other notifiers\n\nFollowup of commit ef885afbf8a37689 (net: use rcu_barrier() in\nrollback_registered_many)\n\ndst_dev_event() scans a garbage dst list that might be feeded by various\nnetwork notifiers at device dismantle time.\n\nIts important to call dst_dev_event() after other notifiers, or we might\nenter the infamous msleep(250) in netdev_wait_allrefs(), and wait one\nsecond before calling again call_netdevice_notifiers(NETDEV_UNREGISTER,\ndev) to properly remove last device references.\n\nUse priority -10 to let dst_dev_notifier be called after other network\nnotifiers (they have the default 0 priority)\n\nReported-by: Ben Greear \u003cgreearb@candelatech.com\u003e\nReported-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nReported-by: Octavian Purdila \u003copurdila@ixiacom.com\u003e\nReported-by: Benjamin LaHaise \u003cbcrl@kvack.org\u003e\nTested-by: Ben Greear \u003cgreearb@candelatech.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52", "tree": "151d98558e8a210434e84d1e8127d681e975e80b", "parents": [ "ea80907ff066edd1dd43c5fe90ae6677d15e6384" ], "author": { "name": "Kulikov Vasiliy", "email": "segooon@gmail.com", "time": "Sun Oct 31 07:10:32 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 09 09:25:46 2010 -0800" }, "message": "net: tipc: fix information leak to userland\n\nStructure sockaddr_tipc is copied to userland with padding bytes after\n\"id\" field in union field \"name\" unitialized. It leads to leaking of\ncontents of kernel stack memory. We have to initialize them to zero.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "18943d292facbc70e6a36fc62399ae833f64671b", "tree": "337c4818e0cb478a4436ee5ad8d16822998bf8eb", "parents": [ "aa58163a76a3aef33c7220931543d45d0fe43753" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Mon Nov 08 11:15:54 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Nov 09 08:26:42 2010 -0800" }, "message": "inet: fix ip_mc_drop_socket()\n\ncommit 8723e1b4ad9be4444 (inet: RCU changes in inetdev_by_index())\nforgot one call site in ip_mc_drop_socket()\n\nWe should not decrease idev refcount after inetdev_by_index() call,\nsince refcount is not increased anymore.\n\nReported-by: Markus Trippelsdorf \u003cmarkus@trippelsdorf.de\u003e\nReported-by: Miles Lane \u003cmiles.lane@gmail.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "63ce0900d79645c714de6c8b66d8040670068c9e", "tree": "02bd4f20262db74e45fdd431bf5e8d0c18cf314e", "parents": [ "4f8b691c9fb02e72359e71592098c1de3b8ec712" ], "author": { "name": "Luiz Augusto von Dentz", "email": "luiz.dentz-von@nokia.com", "time": "Thu Aug 19 14:06:10 2010 +0300" }, "committer": { "name": "Gustavo F. Padovan", "email": "padovan@profusion.mobi", "time": "Tue Nov 09 00:56:10 2010 -0200" }, "message": "Bluetooth: fix not setting security level when creating a rfcomm session\n\nThis cause \u0027No Bonding\u0027 to be used if userspace has not yet been paired\nwith remote device since the l2cap socket used to create the rfcomm\nsession does not have any security level set.\n\nSigned-off-by: Luiz Augusto von Dentz \u003cluiz.dentz-von@nokia.com\u003e\nAcked-by: Ville Tervo \u003cville.tervo@nokia.com\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n" }, { "commit": "4f8b691c9fb02e72359e71592098c1de3b8ec712", "tree": "d74bf4427c1f92b79ba84e8c8159f02b3933430a", "parents": [ "bfaaeb3ed5533a2dd38e3aa9ea43efd619690aed" ], "author": { "name": "Gustavo F. Padovan", "email": "padovan@profusion.mobi", "time": "Mon Oct 18 14:25:53 2010 -0200" }, "committer": { "name": "Gustavo F. Padovan", "email": "padovan@profusion.mobi", "time": "Tue Nov 09 00:56:09 2010 -0200" }, "message": "Bluetooth: fix endianness conversion in L2CAP\n\nLast commit added a wrong endianness conversion. Fixing that.\n\nReported-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n" }, { "commit": "bfaaeb3ed5533a2dd38e3aa9ea43efd619690aed", "tree": "8a7a46f99f20d8a637e1867b6309c3e6b88f47da", "parents": [ "556ea928f78a390fe16ae584e6433dff304d3014" ], "author": { "name": "steven miao", "email": "realmz6@gmail.com", "time": "Sat Oct 16 18:29:47 2010 -0400" }, "committer": { "name": "Gustavo F. Padovan", "email": "padovan@profusion.mobi", "time": "Tue Nov 09 00:56:00 2010 -0200" }, "message": "Bluetooth: fix unaligned access to l2cap conf data\n\nIn function l2cap_get_conf_opt() and l2cap_add_conf_opt() the address of\nopt-\u003eval sometimes is not at the edge of 2-bytes/4-bytes, so 2-bytes/4 bytes\naccess will cause data misalignment exeception. Use get_unaligned_le16/32\nand put_unaligned_le16/32 function to avoid data misalignment execption.\n\nSigned-off-by: steven miao \u003crealmz6@gmail.com\u003e\nSigned-off-by: Mike Frysinger \u003cvapier@gentoo.org\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n" }, { "commit": "bdb7524a75e4716535a29abb314a82619301e068", "tree": "3da5f18d2eb0fd1eebdb8b51c0581a51773ac283", "parents": [ "96c99b473a8531188e2f6106c6ef0e33bb4500f2" ], "author": { "name": "Johan Hedberg", "email": "johan.hedberg@nokia.com", "time": "Fri Oct 15 10:46:09 2010 +0300" }, "committer": { "name": "Gustavo F. Padovan", "email": "padovan@profusion.mobi", "time": "Tue Nov 09 00:55:27 2010 -0200" }, "message": "Bluetooth: Fix non-SSP auth request for HIGH security level sockets\n\nWhen initiating dedicated bonding a L2CAP raw socket with HIGH security\nlevel is used. The kernel is supposed to trigger the authentication\nrequest in this case but this doesn\u0027t happen currently for non-SSP\n(pre-2.1) devices. The reason is that the authentication request happens\nin the remote extended features callback which never gets called for\nnon-SSP devices. This patch fixes the issue by requesting also\nauthentiation in the (normal) remote features callback in the case of\nnon-SSP devices.\n\nThis rule is applied only for HIGH security level which might at first\nseem unintuitive since on the server socket side MEDIUM is already\nenough for authentication. However, for the clients we really want to\nprefer the server side to decide the authentication requrement in most\ncases, and since most client sockets use MEDIUM it\u0027s better to be\navoided on the kernel side for these sockets. The important socket to\nrequest it for is the dedicated bonding one and that socket uses HIGH\nsecurity level.\n\nThe patch is based on the initial investigation and patch proposal from\nAndrei Emeltchenko \u003cendrei.emeltchenko@nokia.com\u003e.\n\nSigned-off-by: Johan Hedberg \u003cjohan.hedberg@nokia.com\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n" }, { "commit": "96c99b473a8531188e2f6106c6ef0e33bb4500f2", "tree": "09df5d9f73e4b7d0c11359a25b78ed60a4866654", "parents": [ "48a7c3df14d0cda850337a9b3f9e667a0b12a996" ], "author": { "name": "Randy Dunlap", "email": "randy.dunlap@oracle.com", "time": "Wed Oct 13 18:16:52 2010 -0700" }, "committer": { "name": "Gustavo F. Padovan", "email": "padovan@profusion.mobi", "time": "Tue Nov 09 00:55:27 2010 -0200" }, "message": "Bluetooth: fix hidp kconfig dependency warning\n\nFix kconfig dependency warning to satisfy dependencies:\n\nwarning: (BT_HIDP \u0026\u0026 NET \u0026\u0026 BT \u0026\u0026 BT_L2CAP \u0026\u0026 INPUT || USB_HID \u0026\u0026 HID_SUPPORT \u0026\u0026 USB \u0026\u0026 INPUT) selects HID which has unmet direct dependencies (HID_SUPPORT \u0026\u0026 INPUT)\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n" }, { "commit": "352ffad646c0e0c5cf9ae8cea99710ee0d66ee27", "tree": "41987fe0c7e00dfc3aa6871f1a51007e42f22c03", "parents": [ "fbb078fcd2fa83646ad9504d8e4c54a67b8729ae" ], "author": { "name": "Brian Cavagnolo", "email": "brian@cozybit.com", "time": "Thu Nov 04 16:59:28 2010 -0700" }, "committer": { "name": "John W. Linville", "email": "linville@tuxdriver.com", "time": "Mon Nov 08 16:53:47 2010 -0500" }, "message": "mac80211: unset SDATA_STATE_OFFCHANNEL when cancelling a scan\n\nFor client STA interfaces, ieee80211_do_stop unsets the relevant\ninterface\u0027s SDATA_STATE_RUNNING state bit prior to cancelling an\ninterrupted scan. When ieee80211_offchannel_return is invoked as\npart of cancelling the scan, it doesn\u0027t bother unsetting the\nSDATA_STATE_OFFCHANNEL bit because it sees that the interface is\ndown. Normally this doesn\u0027t matter because when the client STA\ninterface is brought back up, it will probably issue a scan. But\nin some cases (e.g., the user changes the interface type while it\nis down), the SDATA_STATE_OFFCHANNEL bit will remain set. This\nprevents the interface queues from being started. So we\ncancel the scan before unsetting the SDATA_STATE_RUNNING bit.\n\nSigned-off-by: Brian Cavagnolo \u003cbrian@cozybit.com\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n" }, { "commit": "3cc25e510dfc36dc62ee0aa87344b36ed7c1742a", "tree": "aa485987c383ac5c2843e1f3d7b3eb3a628f111b", "parents": [ "8df86db9060ddd123d172c7adb6b2b71f31e77cd" ], "author": { "name": "Felix Fietkau", "email": "nbd@openwrt.org", "time": "Sun Oct 31 15:31:54 2010 +0100" }, "committer": { "name": "John W. Linville", "email": "linville@tuxdriver.com", "time": "Mon Nov 08 16:53:47 2010 -0500" }, "message": "cfg80211: fix a crash in dev lookup on dump commands\n\nIS_ERR and PTR_ERR were called with the wrong pointer, leading to a\ncrash when cfg80211_get_dev_from_ifindex fails.\n\nSigned-off-by: Felix Fietkau \u003cnbd@openwrt.org\u003e\nAcked-by: Johannes Berg \u003cjohannes@sipsolutions.net\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n" }, { "commit": "aa58163a76a3aef33c7220931543d45d0fe43753", "tree": "c88b5f62863053a83e7c9be1b978e1e44ff70f86", "parents": [ "0cffef48ebf5060f749d8b04ab0437a4ba009e77" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@parallels.com", "time": "Mon Nov 08 06:20:50 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 08 12:17:09 2010 -0800" }, "message": "rds: Fix rds message leak in rds_message_map_pages\n\nThe sgs allocation error path leaks the allocated message.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nAcked-by: Andy Grover \u003candy.grover@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "eb589063ed482f5592b1378e4136d6998419af6e", "tree": "bfc87b5e9d2efe293edaf4fa79a98e2773c7ff47", "parents": [ "18543a643fae694982c7d89c22436885f3506497" ], "author": { "name": "Junchang Wang", "email": "junchangwang@gmail.com", "time": "Sun Nov 07 23:19:43 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 08 12:17:07 2010 -0800" }, "message": "pktgen: correct uninitialized queue_map\n\nThis fix a bug reported by backyes.\nRight the first time pktgen\u0027s using queue_map that\u0027s not been initialized\nby set_cur_queue_map(pkt_dev);\n\nSigned-off-by: Junchang Wang \u003cjunchangwang@gmail.com\u003e\nSigned-off-by: Backyes \u003cbackyes@mail.ustc.edu.cn\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f46421416fb6b91513fb687d6503142cd99034a5", "tree": "cad8e340ce9bccec9ff261a1c0d73b18382019af", "parents": [ "4c46ee52589a4edd67447214eb489b10fed5c53a" ], "author": { "name": "Shan Wei", "email": "shanwei@cn.fujitsu.com", "time": "Fri Nov 05 01:56:34 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 08 12:17:06 2010 -0800" }, "message": "ipv6: fix overlap check for fragments\n\nThe type of FRAG6_CB(prev)-\u003eoffset is int, skb-\u003elen is *unsigned* int,\nand offset is int.\n\nWithout this patch, type conversion occurred to this expression, when\n(FRAG6_CB(prev)-\u003eoffset + prev-\u003elen) is less than offset.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4c46ee52589a4edd67447214eb489b10fed5c53a", "tree": "e495d87347d8632c7b16b0d537155bd6219ebcc6", "parents": [ "3ce1227c3c374c742ed78484226e24567f09ff99" ], "author": { "name": "stephen hemminger", "email": "shemminger@vyatta.com", "time": "Thu Nov 04 11:47:04 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 08 12:17:05 2010 -0800" }, "message": "classifier: report statistics for basic classifier\n\nThe basic classifier keeps statistics but does not report it to user space.\nThis showed up when using basic classifier (with police) as a default catch\nall on ingress; no statistics were reported.\n\nSigned-off-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "86c2c0a8a4965ae5cbc0ff97ed39a4472e8e9b23", "tree": "83be2471679b6b59658085972cf804eff200f33b", "parents": [ "22e76c849d505d87c5ecf3d3e6742a65f0ff4860" ], "author": { "name": "Dmitry Torokhov", "email": "dmitry.torokhov@gmail.com", "time": "Sat Nov 06 20:11:38 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Nov 07 05:28:01 2010 -0800" }, "message": "NET: pktgen - fix compile warning\n\nThis should fix the following warning:\n\nnet/core/pktgen.c: In function ‘pktgen_if_write’:\nnet/core/pktgen.c:890: warning: comparison of distinct pointer types lacks a cast\n\nSigned-off-by: Dmitry Torokhov \u003cdtor@mail.ru\u003e\nReviewed-by: Nelson Elhage \u003cnelhage@ksplice.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "4b4a2700f462102569b407102c60d3b9cf4432a0", "tree": "d326b404c99ca477d47aa0e06eb64f0b3e2d8347", "parents": [ "f69fa76482e654f7d94e4aa40ea0ebf04363396a", "22e76c849d505d87c5ecf3d3e6742a65f0ff4860" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 05 15:25:48 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Nov 05 15:25:48 2010 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (41 commits)\n inet_diag: Make sure we actually run the same bytecode we audited.\n netlink: Make nlmsg_find_attr take a const nlmsghdr*.\n fib: fib_result_assign() should not change fib refcounts\n netfilter: ip6_tables: fix information leak to userspace\n cls_cgroup: Fix crash on module unload\n memory corruption in X.25 facilities parsing\n net dst: fix percpu_counter list corruption and poison overwritten\n rds: Remove kfreed tcp conn from list\n rds: Lost locking in loop connection freeing\n de2104x: fix panic on load\n atl1 : fix panic on load\n netxen: remove unused firmware exports\n caif: Remove noisy printout when disconnecting caif socket\n caif: SPI-driver bugfix - incorrect padding.\n caif: Bugfix for socket priority, bindtodev and dbg channel.\n smsc911x: Set Ethernet EEPROM size to supported device\u0027s size\n ipv4: netfilter: ip_tables: fix information leak to userland\n ipv4: netfilter: arp_tables: fix information leak to userland\n cxgb4vf: remove call to stop TX queues at load time.\n cxgb4: remove call to stop TX queues at load time.\n ...\n" }, { "commit": "22e76c849d505d87c5ecf3d3e6742a65f0ff4860", "tree": "ba8ac3765ae60f1bc8ce20d280baa741eb7b046e", "parents": [ "6b8c92ba07287578718335ce409de8e8d7217e40" ], "author": { "name": "Nelson Elhage", "email": "nelhage@ksplice.com", "time": "Wed Nov 03 16:35:41 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 04 12:26:34 2010 -0700" }, "message": "inet_diag: Make sure we actually run the same bytecode we audited.\n\nWe were using nlmsg_find_attr() to look up the bytecode by attribute when\nauditing, but then just using the first attribute when actually running\nbytecode. So, if we received a message with two attribute elements, where only\nthe second had type INET_DIAG_REQ_BYTECODE, we would validate and run different\nbytecode strings.\n\nFix this by consistently using nlmsg_find_attr everywhere.\n\nSigned-off-by: Nelson Elhage \u003cnelhage@ksplice.com\u003e\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1f1b9c9990205759aae31b7734b0ede41a867f32", "tree": "aba367dd7280ff38932c881a0fcf5356bea53df2", "parents": [ "cccbe5ef85284621d19e5b2b1c61cc0506bc9dee" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Thu Nov 04 01:21:39 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Nov 04 12:05:32 2010 -0700" }, "message": "fib: fib_result_assign() should not change fib refcounts\n\nAfter commit ebc0ffae5 (RCU conversion of fib_lookup()),\nfib_result_assign() should not change fib refcounts anymore.\n\nThanks to Michael who did the bisection and bug report.\n\nReported-by: Michael Ellerman \u003cmichael@ellerman.id.au\u003e\nTested-by: Michael Ellerman \u003cmichael@ellerman.id.au\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "cccbe5ef85284621d19e5b2b1c61cc0506bc9dee", "tree": "f5caaa67b6e3ede98d691891f9cacf5d9886877d", "parents": [ "758cb41106e87d7e26ef3ee78f04360168460b9d" ], "author": { "name": "Jan Engelhardt", "email": "jengelh@medozas.de", "time": "Wed Nov 03 18:55:39 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:55:39 2010 -0700" }, "message": "netfilter: ip6_tables: fix information leak to userspace\n\nSigned-off-by: Jan Engelhardt \u003cjengelh@medozas.de\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "758cb41106e87d7e26ef3ee78f04360168460b9d", "tree": "873bc9328c6c210904382536eb6fdf82ff78004b", "parents": [ "c00b2c9e79466d61979cd21af526cc6d5d0ee04f", "b5f15ac4f89f84853544c934fc7a744289e95e34" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:52:32 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:52:32 2010 -0700" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6\n" }, { "commit": "c00b2c9e79466d61979cd21af526cc6d5d0ee04f", "tree": "300e44d04f76b860580cb1ca5f0fc7b37112375a", "parents": [ "a6331d6f9a4298173b413cf99a40cc86a9d92c37" ], "author": { "name": "Herbert Xu", "email": "herbert@gondor.apana.org.au", "time": "Wed Nov 03 13:31:05 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:50 2010 -0700" }, "message": "cls_cgroup: Fix crash on module unload\n\nSomewhere along the lines net_cls_subsys_id became a macro when\ncls_cgroup is built as a module. Not only did it make cls_cgroup\ncompletely useless, it also causes it to crash on module unload.\n\nThis patch fixes this by removing that macro.\n\nThanks to Eric Dumazet for diagnosing this problem.\n\nReported-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nReviewed-by: Li Zefan \u003clizf@cn.fujitsu.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a6331d6f9a4298173b413cf99a40cc86a9d92c37", "tree": "b665efee7dae4472e0f4521bbdd3aef626813ba6", "parents": [ "41bb78b4b9adb21cf2c395b6b880aaae99c788b7" ], "author": { "name": "andrew hendry", "email": "andrew.hendry@gmail.com", "time": "Wed Nov 03 12:54:53 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:50 2010 -0700" }, "message": "memory corruption in X.25 facilities parsing\n\nSigned-of-by: Andrew Hendry \u003candrew.hendry@gmail.com\u003e\n\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "41bb78b4b9adb21cf2c395b6b880aaae99c788b7", "tree": "34f099b4773150e0fa850d56be33fd46c3d29907", "parents": [ "8200a59f24aeca379660f80658a8c0c343ca5c31" ], "author": { "name": "Xiaotian Feng", "email": "dfeng@redhat.com", "time": "Tue Nov 02 16:11:05 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:07 2010 -0700" }, "message": "net dst: fix percpu_counter list corruption and poison overwritten\n\nThere\u0027re some percpu_counter list corruption and poison overwritten warnings\nin recent kernel, which is resulted by fc66f95c.\n\ncommit fc66f95c switches to use percpu_counter, in ip6_route_net_init, kernel\ninit the percpu_counter for dst entries, but, the percpu_counter is never destroyed\nin ip6_route_net_exit. So if the related data is freed by kernel, the freed percpu_counter\nis still on the list, then if we insert/remove other percpu_counter, list corruption\nresulted. Also, if the insert/remove option modifies the -\u003eprev,-\u003enext pointer of\nthe freed value, the poison overwritten is resulted then.\n\nWith the following patch, the percpu_counter list corruption and poison overwritten\nwarnings disappeared.\n\nSigned-off-by: Xiaotian Feng \u003cdfeng@redhat.com\u003e\nCc: \"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc: Alexey Kuznetsov \u003ckuznet@ms2.inr.ac.ru\u003e\nCc: \"Pekka Savola (ipv6)\" \u003cpekkas@netcore.fi\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Hideaki YOSHIFUJI \u003cyoshfuji@linux-ipv6.org\u003e\nCc: Patrick McHardy \u003ckaber@trash.net\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "8200a59f24aeca379660f80658a8c0c343ca5c31", "tree": "fc21336c6dd33ee96d7cf9f07f20132d4a46994e", "parents": [ "58c490babd4b425310363cbd1f406d7e508f77a5" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@parallels.com", "time": "Tue Nov 02 01:54:01 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:07 2010 -0700" }, "message": "rds: Remove kfreed tcp conn from list\n\nAll the rds_tcp_connection objects are stored list, but when\nbeing freed it should be removed from there.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "58c490babd4b425310363cbd1f406d7e508f77a5", "tree": "48b4697403815b06da6a6dcf4c3495bd1401a51f", "parents": [ "53ab2221da7676dd0f161bec5e1520e56b74a865" ], "author": { "name": "Pavel Emelyanov", "email": "xemul@parallels.com", "time": "Tue Nov 02 01:52:05 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:06 2010 -0700" }, "message": "rds: Lost locking in loop connection freeing\n\nThe conn is removed from list in there and this requires\nproper lock protection.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "47d1ff176553fec3cb17854a7ca85036d3b0c4e7", "tree": "b5c212fb0a972cab95e9ddc3851622adc4be9693", "parents": [ "2c24a5d1b4f48900f3ed1b1ad70c51f1983df822" ], "author": { "name": "sjur.brandeland@stericsson.com", "email": "sjur.brandeland@stericsson.com", "time": "Wed Nov 03 10:19:25 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:04 2010 -0700" }, "message": "caif: Remove noisy printout when disconnecting caif socket\n\nSigned-off-by: Sjur Brændeland \u003csjur.brandeland@stericsson.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f2527ec436fd675f08a8e7434f6e940688cb96d0", "tree": "f3c723c652b58cd4862d635e598a4ad88eedec64", "parents": [ "6cc0e949afe757d240fba4ad1839a27f66c3bd72" ], "author": { "name": "André Carvalho de Matos", "email": "andre.carvalho.matos@stericsson.com", "time": "Mon Nov 01 11:52:47 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Nov 03 18:50:03 2010 -0700" }, "message": "caif: Bugfix for socket priority, bindtodev and dbg channel.\n\nChanges:\no Bugfix: SO_PRIORITY for SOL_SOCKET could not be handled\n in caif\u0027s setsockopt, using the struct sock attribute priority instead.\n\no Bugfix: SO_BINDTODEVICE for SOL_SOCKET could not be handled\n in caif\u0027s setsockopt, using the struct sock attribute ifindex instead.\n\no Wrong assert statement for RFM layer segmentation.\n\no CAIF Debug channels was not working over SPI, caif_payload_info\n containing padding info must be initialized.\n\no Check on pointer before dereferencing when unregister dev in caif_dev.c\n\nSigned-off-by: Sjur Braendeland \u003csjur.brandeland@stericsson.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "b5f15ac4f89f84853544c934fc7a744289e95e34", "tree": "35f89a706003f9e9343bd63fc5d560cf33a579a7", "parents": [ "1a8b7a67224eb0c9dbd883b9bfc4938278bad370" ], "author": { "name": "Vasiliy Kulikov", "email": "segooon@gmail.com", "time": "Wed Nov 03 08:45:06 2010 +0100" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Wed Nov 03 08:45:06 2010 +0100" }, "message": "ipv4: netfilter: ip_tables: fix information leak to userland\n\nStructure ipt_getinfo is copied to userland with the field \"name\"\nthat has the last elements unitialized. It leads to leaking of\ncontents of kernel stack memory.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" }, { "commit": "1a8b7a67224eb0c9dbd883b9bfc4938278bad370", "tree": "31697d77831109c760001a8a78053dab0fb74ac5", "parents": [ "d817d29d0b37290d90b3a9e2a61162f1dbf2be4f" ], "author": { "name": "Vasiliy Kulikov", "email": "segooon@gmail.com", "time": "Wed Nov 03 08:44:12 2010 +0100" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Wed Nov 03 08:44:12 2010 +0100" }, "message": "ipv4: netfilter: arp_tables: fix information leak to userland\n\nStructure arpt_getinfo is copied to userland with the field \"name\"\nthat has the last elements unitialized. It leads to leaking of\ncontents of kernel stack memory.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" }, { "commit": "df9f86faf3ee610527ed02031fe7dd3c8b752e44", "tree": "361ecdca449c3f80d45ff33a291ad0ae544d7470", "parents": [ "2f56f56ad991edd51ffd0baf1182245ee1277a04" ], "author": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Mon Nov 01 15:49:23 2010 -0700" }, "committer": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Mon Nov 01 15:49:23 2010 -0700" }, "message": "ceph: fix small seq message skipping\n\nIf the client gets out of sync with the server message sequence number, we\nnormally skip low seq messages (ones we already received). The skip code\nwas also incrementing the expected seq, such that all subsequent messages\nalso appeared old and got skipped, and an eventual timeout on the osd\nconnection. This resulted in some lagging requests and console messages\nlike\n\n[233480.882885] ceph: skipping osd22 10.138.138.13:6804 seq 2016, expected 2017\n[233480.882919] ceph: skipping osd22 10.138.138.13:6804 seq 2017, expected 2018\n[233480.882963] ceph: skipping osd22 10.138.138.13:6804 seq 2018, expected 2019\n[233480.883488] ceph: skipping osd22 10.138.138.13:6804 seq 2019, expected 2020\n[233485.219558] ceph: skipping osd22 10.138.138.13:6804 seq 2020, expected 2021\n[233485.906595] ceph: skipping osd22 10.138.138.13:6804 seq 2021, expected 2022\n[233490.379536] ceph: skipping osd22 10.138.138.13:6804 seq 2022, expected 2023\n[233495.523260] ceph: skipping osd22 10.138.138.13:6804 seq 2023, expected 2024\n[233495.923194] ceph: skipping osd22 10.138.138.13:6804 seq 2024, expected 2025\n[233500.534614] ceph: tid 6023602 timed out on osd22, will reset osd\n\nReported-by: Theodore Ts\u0027o \u003ctytso@mit.edu\u003e\nSigned-off-by: Sage Weil \u003csage@newdream.net\u003e\n" }, { "commit": "df32cc193ad88f7b1326b90af799c927b27f7654", "tree": "535d945c8507f8ac85575aed481bad9892a5e243", "parents": [ "315daea9481277d9b8109b47e974835a901e4bc5" ], "author": { "name": "Tom Herbert", "email": "therbert@google.com", "time": "Mon Nov 01 12:55:52 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 01 12:55:52 2010 -0700" }, "message": "net: check queue_index from sock is valid for device\n\nIn dev_pick_tx recompute the queue index if the value stored in the\nsocket is greater than or equal to the number of real queues for the\ndevice. The saved index in the sock structure is not guaranteed to\nbe appropriate for the egress device (this could happen on a route\nchange or in presence of tunnelling). The result of the queue index\nbeing bad would be to return a bogus queue (crash could prersumably\nfollow).\n\nSigned-off-by: Tom Herbert \u003ctherbert@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "6f9b901823aafd14a84ae27f61ff28bafed01260", "tree": "b7625065b95573275a59197db8db6877ce010dd1", "parents": [ "eae61ae15b752b919ea45746f6dff449ff6d3281" ], "author": { "name": "Dr. David Alan Gilbert", "email": "linux@treblig.org", "time": "Sun Oct 31 07:26:03 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Mon Nov 01 06:56:02 2010 -0700" }, "message": "l2tp: kzalloc with swapped params in l2tp_dfs_seq_open\n\n \u0027sparse\u0027 spotted that the parameters to kzalloc in l2tp_dfs_seq_open\nwere swapped.\n\nTested on current git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git\nat 1792f17b7210280a3d7ff29da9614ba779cfcedb build, boots and I can see that directory,\nbut there again I could see /sys/kernel/debug/l2tp with it swapped; I don\u0027t have\nany l2tp in use.\n\nSigned-off-by: Dr. David Alan Gilbert \u003clinux@treblig.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "5ec1cea057495b8f10bab0c1396a9d8e46b7b0a8", "tree": "2115be233a12ce363f669831f5a2a554bafc8565", "parents": [ "636f8c6f682ee179ff39c94dc4d0be0ddd6c8cdd" ], "author": { "name": "Thomas Graf", "email": "tgraf@infradead.org", "time": "Sun Oct 31 09:37:38 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sun Oct 31 09:37:38 2010 -0700" }, "message": "text ematch: check for NULL pointer before destroying textsearch config\n\nWhile validating the configuration em_ops is already set, thus the\nindividual destroy functions are called, but the ematch data has\nnot been allocated and associated with the ematch yet.\n\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3985c7ce85039adacdf882904ca096f091d39346", "tree": "afaf4161c4c3d9516cc09295eb30c0e22a8c3008", "parents": [ "fcf744a96c66ca6ad7301a372034b771e57f30c4", "ce384d91cd7a4269a1ed5d4307a70aa4c6fa14f2" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 30 18:42:58 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 30 18:42:58 2010 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:\n isdn: mISDN: socket: fix information leak to userland\n netdev: can: Change mail address of Hans J. Koch\n pcnet_cs: add new_id\n net: Truncate recvfrom and sendto length to INT_MAX.\n RDS: Let rds_message_alloc_sgs() return NULL\n RDS: Copy rds_iovecs into kernel memory instead of rereading from userspace\n RDS: Clean up error handling in rds_cmsg_rdma_args\n RDS: Return -EINVAL if rds_rdma_pages returns an error\n net: fix rds_iovec page count overflow\n can: pch_can: fix section mismatch warning by using a whitelisted name\n can: pch_can: fix sparse warning\n netxen_nic: Fix the tx queue manipulation bug in netxen_nic_probe\n ip_gre: fix fallback tunnel setup\n vmxnet: trivial annotation of protocol constant\n vmxnet3: remove unnecessary byteswapping in BAR writing macros\n ipv6/udp: report SndbufErrors and RcvbufErrors\n phy/marvell: rename 88ec048 to 88e1318s and fix mscr1 addr\n" }, { "commit": "253eacc070b114c2ec1f81b067d2fed7305467b0", "tree": "cf55d167c9a1a3fac2b7796f046674a53fbf47b0", "parents": [ "d139ff0907dac9ef72fb2cf301e345bac3aec42f" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Sat Oct 30 16:43:10 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:44:07 2010 -0700" }, "message": "net: Truncate recvfrom and sendto length to INT_MAX.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "d139ff0907dac9ef72fb2cf301e345bac3aec42f", "tree": "0ba63235a10b7640bc8b613da0d0cda220a55087", "parents": [ "fc8162e3c034af743d8def435fda6396603d321f" ], "author": { "name": "Andy Grover", "email": "andy.grover@oracle.com", "time": "Thu Oct 28 15:40:59 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:34:18 2010 -0700" }, "message": "RDS: Let rds_message_alloc_sgs() return NULL\n\nEven with the previous fix, we still are reading the iovecs once\nto determine SGs needed, and then again later on. Preallocating\nspace for sg lists as part of rds_message seemed like a good idea\nbut it might be better to not do this. While working to redo that\ncode, this patch attempts to protect against userspace rewriting\nthe rds_iovec array between the first and second accesses.\n\nThe consequences of this would be either a too-small or too-large\nsg list array. Too large is not an issue. This patch changes all\ncallers of message_alloc_sgs to handle running out of preallocated\nsgs, and fail gracefully.\n\nSigned-off-by: Andy Grover \u003candy.grover@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "fc8162e3c034af743d8def435fda6396603d321f", "tree": "b003a652740eb0de1fe71c634618b6666e9bae3c", "parents": [ "f4a3fc03c1d73753879fb655b8cd628b29f6706b" ], "author": { "name": "Andy Grover", "email": "andy.grover@oracle.com", "time": "Thu Oct 28 15:40:58 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:34:17 2010 -0700" }, "message": "RDS: Copy rds_iovecs into kernel memory instead of rereading from userspace\n\nChange rds_rdma_pages to take a passed-in rds_iovec array instead\nof doing copy_from_user itself.\n\nChange rds_cmsg_rdma_args to copy rds_iovec array once only. This\neliminates the possibility of userspace changing it after our\nsanity checks.\n\nImplement stack-based storage for small numbers of iovecs, based\non net/socket.c, to save an alloc in the extremely common case.\n\nAlthough this patch reduces iovec copies in cmsg_rdma_args to 1,\nwe still do another one in rds_rdma_extra_size. Getting rid of\nthat one will be trickier, so it\u0027ll be a separate patch.\n\nSigned-off-by: Andy Grover \u003candy.grover@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "f4a3fc03c1d73753879fb655b8cd628b29f6706b", "tree": "ad16a35e587408a396f2ab8e485428b8730fe733", "parents": [ "a09f69c49b84b161ebd4dd09d3cce1b68297f1d3" ], "author": { "name": "Andy Grover", "email": "andy.grover@oracle.com", "time": "Thu Oct 28 15:40:57 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:34:17 2010 -0700" }, "message": "RDS: Clean up error handling in rds_cmsg_rdma_args\n\nWe don\u0027t need to set ret \u003d 0 at the end -- it\u0027s initialized to 0.\n\nAlso, don\u0027t increment s_send_rdma stat if we\u0027re exiting with an\nerror.\n\nSigned-off-by: Andy Grover \u003candy.grover@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "a09f69c49b84b161ebd4dd09d3cce1b68297f1d3", "tree": "295290736f0a4dbbfc495e035adbbe0cafe447e4", "parents": [ "1b1f693d7ad6d193862dcb1118540a030c5e761f" ], "author": { "name": "Andy Grover", "email": "andy.grover@oracle.com", "time": "Thu Oct 28 15:40:56 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:34:16 2010 -0700" }, "message": "RDS: Return -EINVAL if rds_rdma_pages returns an error\n\nrds_cmsg_rdma_args would still return success even if rds_rdma_pages\nreturned an error (or overflowed).\n\nSigned-off-by: Andy Grover \u003candy.grover@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1b1f693d7ad6d193862dcb1118540a030c5e761f", "tree": "cf216d1bfb8a51f3df2c989dcffd5381a0e446f1", "parents": [ "bdfa3d8fe123a940be121daf374581727b3b6547" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Thu Oct 28 15:40:55 2010 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:34:16 2010 -0700" }, "message": "net: fix rds_iovec page count overflow\n\nAs reported by Thomas Pollet, the rdma page counting can overflow. We\nget the rdma sizes in 64-bit unsigned entities, but then limit it to\nUINT_MAX bytes and shift them down to pages (so with a possible \"+1\" for\nan unaligned address).\n\nSo each individual page count fits comfortably in an \u0027unsigned int\u0027 (not\neven close to overflowing into signed), but as they are added up, they\nmight end up resulting in a signed return value. Which would be wrong.\n\nCatch the case of tot_pages turning negative, and return the appropriate\nerror code.\n\nReported-by: Thomas Pollet \u003cthomas.pollet@gmail.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Andy Grover \u003candy.grover@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "3285ee3bb2e158299ff19b947e41da735980d954", "tree": "8235c80ec137fd080e23bdeab8eefa0d9d5c395f", "parents": [ "1b803fbfcd1c35857fe52844158213507a8a5bfa" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Sat Oct 30 16:21:28 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:21:28 2010 -0700" }, "message": "ip_gre: fix fallback tunnel setup\n\nBefore making the fallback tunnel visible to lookups, we should make\nsure it is completely setup, once ipgre_tunnel_init() had been called\nand tstats per_cpu pointer allocated.\n\nmove rcu_assign_pointer(ign-\u003etunnels_wc[0], tunnel); from\nipgre_fb_tunnel_init() to ipgre_init_net()\n\nBased on a patch from Pavel Emelyanov\n\nReported-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Pavel Emelyanov \u003cxemul@openvz.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "870be39258cf84b65accf629f5f9e816b1b8512e", "tree": "ef9ff9af22efbcddf0b9bb961ff0bb8edc414501", "parents": [ "337ac9d5218cc19f40fca13fa4deb3c658c4241b" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Sat Oct 30 16:17:23 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Sat Oct 30 16:17:23 2010 -0700" }, "message": "ipv6/udp: report SndbufErrors and RcvbufErrors\n\ncommit a18135eb9389 (Add UDP_MIB_{SND,RCV}BUFERRORS handling.)\nforgot to make the necessary changes in net/ipv6/proc.c to report\nadditional counters in /proc/net/snmp6\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "1840897ab5d39b2e510c610ee262ded79919e718", "tree": "0b7fe95e3eda357d35b0d017f2b678b652307827", "parents": [ "d56f84e7e317c69adefb2454a3d538a6d7e11e4b", "a4765fa7bfb92d5b9de19a503674b6624f95a7ae" ], "author": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Oct 29 14:17:12 2010 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Fri Oct 29 14:17:12 2010 -0700" }, "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (34 commits)\n b43: Fix warning at drivers/mmc/core/core.c:237 in mmc_wait_for_cmd\n mac80211: fix failure to check kmalloc return value in key_key_read\n libertas: Fix sd8686 firmware reload\n ath9k: Fix incorrect access of rate flags in RC\n netfilter: xt_socket: Make tproto signed in socket_mt6_v1().\n stmmac: enable/disable rx/tx in the core with a single write.\n net: atarilance - flags should be unsigned long\n netxen: fix kdump\n pktgen: Limit how much data we copy onto the stack.\n net: Limit socket I/O iovec total length to INT_MAX.\n USB: gadget: fix ethernet gadget crash in gether_setup\n fib: Fix fib zone and its hash leak on namespace stop\n cxgb3: Fix panic in free_tx_desc()\n cxgb3: fix crash due to manipulating queues before registration\n 8390: Don\u0027t oops on starting dev queue\n dccp ccid-2: Stop polling\n dccp: Refine the wait-for-ccid mechanism\n dccp: Extend CCID packet dequeueing interface\n dccp: Return-value convention of hc_tx_send_packet()\n igbvf: fix panic on load\n ...\n" }, { "commit": "a4765fa7bfb92d5b9de19a503674b6624f95a7ae", "tree": "27fa2b40b2fb4843043cc1583cd139844ee3f5fe", "parents": [ "089282fb028198169a0f62f8f833ab6d06bdbb3c", "9f2a0fac625bcef9c579bcf0b0c904ab1a56e7c4" ], "author": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Oct 29 12:23:15 2010 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Fri Oct 29 12:23:15 2010 -0700" }, "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6\n" }, { "commit": "520efd1ace3f826120482e57a95d649b4e1c1684", "tree": "04445d2fde489b7b7a3d8fa4898a0731817f6ca0", "parents": [ "731b2034999bbfe86c9074f1b0d611940bf7c323" ], "author": { "name": "Jesper Juhl", "email": "jj@chaosbits.net", "time": "Fri Oct 29 16:10:26 2010 +0200" }, "committer": { "name": "John W. Linville", "email": "linville@tuxdriver.com", "time": "Fri Oct 29 14:33:26 2010 -0400" }, "message": "mac80211: fix failure to check kmalloc return value in key_key_read\n\nI noticed two small issues in mac80211/debugfs_key.c::key_key_read while\nreading through the code. Patch below.\n\nThe key_key_read() function returns ssize_t and the value that\u0027s actually\nreturned is the return value of simple_read_from_buffer() which also\nreturns ssize_t, so let\u0027s hold the return value in a ssize_t local\nvariable rather than a int one.\n\nAlso, memory is allocated dynamically with kmalloc() which can fail, but\nthe return value of kmalloc() is not checked, so we may end up operating\non a null pointer further on. So check for a NULL return and bail out with\n-ENOMEM in that case.\n\nSigned-off-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n" }, { "commit": "d817d29d0b37290d90b3a9e2a61162f1dbf2be4f", "tree": "7414a1334cdac82a61340623a23109c3222f4a48", "parents": [ "64e46749224aa658d8fc0d37ea83ab20b1d7955d" ], "author": { "name": "Eric Dumazet", "email": "eric.dumazet@gmail.com", "time": "Fri Oct 29 19:59:40 2010 +0200" }, "committer": { "name": "Patrick McHardy", "email": "kaber@trash.net", "time": "Fri Oct 29 19:59:40 2010 +0200" }, "message": "netfilter: fix nf_conntrack_l4proto_register()\n\nWhile doing __rcu annotations work on net/netfilter I found following\nbug. On some arches, it is possible we publish a table while its content\nis not yet committed to memory, and lockless reader can dereference wild\npointer.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n" } ], "next": "64e46749224aa658d8fc0d37ea83ab20b1d7955d" }