diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2016-02-01 18:56:08 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-02-01 18:56:08 -0500 |
| commit | 34229b277480f46c1e9a19f027f30b074512e68b (patch) | |
| tree | 90d8b43ebceb850b0e7852d75283aebbd2abbc00 /net/bluetooth | |
| parent | 2c923414d3963b959f65a8a6031972402e6a34a5 (diff) | |
| parent | 53729eb174c1589f9185340ffe8c10b3f39f3ef3 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
"This looks like a lot but it's a mixture of regression fixes as well
as fixes for longer standing issues.
1) Fix on-channel cancellation in mac80211, from Johannes Berg.
2) Handle CHECKSUM_COMPLETE properly in xt_TCPMSS netfilter xtables
module, from Eric Dumazet.
3) Avoid infinite loop in UDP SO_REUSEPORT logic, also from Eric
Dumazet.
4) Avoid a NULL deref if we try to set SO_REUSEPORT after a socket is
bound, from Craig Gallek.
5) GRO key comparisons don't take lightweight tunnels into account,
from Jesse Gross.
6) Fix struct pid leak via SCM credentials in AF_UNIX, from Eric
Dumazet.
7) We need to set the rtnl_link_ops of ipv6 SIT tunnels before we
register them, otherwise the NEWLINK netlink message is missing
the proper attributes. From Thadeu Lima de Souza Cascardo.
8) Several Spectrum chip bug fixes for mlxsw switch driver, from Ido
Schimmel
9) Handle fragments properly in ipv4 easly socket demux, from Eric
Dumazet.
10) Don't ignore the ifindex key specifier on ipv6 output route
lookups, from Paolo Abeni"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (128 commits)
tcp: avoid cwnd undo after receiving ECN
irda: fix a potential use-after-free in ircomm_param_request
net: tg3: avoid uninitialized variable warning
net: nb8800: avoid uninitialized variable warning
net: vxge: avoid unused function warnings
net: bgmac: clarify CONFIG_BCMA dependency
net: hp100: remove unnecessary #ifdefs
net: davinci_cpdma: use dma_addr_t for DMA address
ipv6/udp: use sticky pktinfo egress ifindex on connect()
ipv6: enforce flowi6_oif usage in ip6_dst_lookup_tail()
netlink: not trim skb for mmaped socket when dump
vxlan: fix a out of bounds access in __vxlan_find_mac
net: dsa: mv88e6xxx: fix port VLAN maps
fib_trie: Fix shift by 32 in fib_table_lookup
net: moxart: use correct accessors for DMA memory
ipv4: ipconfig: avoid unused ic_proto_used symbol
bnxt_en: Fix crash in bnxt_free_tx_skbs() during tx timeout.
bnxt_en: Exclude rx_drop_pkts hw counter from the stack's rx_dropped counter.
bnxt_en: Ring free response from close path should use completion ring
net_sched: drr: check for NULL pointer in drr_dequeue
...
Diffstat (limited to 'net/bluetooth')
| -rw-r--r-- | net/bluetooth/6lowpan.c | 7 | ||||
| -rw-r--r-- | net/bluetooth/hci_request.c | 28 | ||||
| -rw-r--r-- | net/bluetooth/l2cap_core.c | 14 | ||||
| -rw-r--r-- | net/bluetooth/l2cap_sock.c | 12 | ||||
| -rw-r--r-- | net/bluetooth/smp.c | 16 |
5 files changed, 42 insertions, 35 deletions
diff --git a/net/bluetooth/6lowpan.c b/net/bluetooth/6lowpan.c index d040365ba98e..8a4cc2f7f0db 100644 --- a/net/bluetooth/6lowpan.c +++ b/net/bluetooth/6lowpan.c | |||
| @@ -307,6 +307,9 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev, | |||
| 307 | 307 | ||
| 308 | /* check that it's our buffer */ | 308 | /* check that it's our buffer */ |
| 309 | if (lowpan_is_ipv6(*skb_network_header(skb))) { | 309 | if (lowpan_is_ipv6(*skb_network_header(skb))) { |
| 310 | /* Pull off the 1-byte of 6lowpan header. */ | ||
| 311 | skb_pull(skb, 1); | ||
| 312 | |||
| 310 | /* Copy the packet so that the IPv6 header is | 313 | /* Copy the packet so that the IPv6 header is |
| 311 | * properly aligned. | 314 | * properly aligned. |
| 312 | */ | 315 | */ |
| @@ -317,6 +320,7 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev, | |||
| 317 | 320 | ||
| 318 | local_skb->protocol = htons(ETH_P_IPV6); | 321 | local_skb->protocol = htons(ETH_P_IPV6); |
| 319 | local_skb->pkt_type = PACKET_HOST; | 322 | local_skb->pkt_type = PACKET_HOST; |
| 323 | local_skb->dev = dev; | ||
| 320 | 324 | ||
| 321 | skb_set_transport_header(local_skb, sizeof(struct ipv6hdr)); | 325 | skb_set_transport_header(local_skb, sizeof(struct ipv6hdr)); |
| 322 | 326 | ||
| @@ -335,6 +339,8 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev, | |||
| 335 | if (!local_skb) | 339 | if (!local_skb) |
| 336 | goto drop; | 340 | goto drop; |
| 337 | 341 | ||
| 342 | local_skb->dev = dev; | ||
| 343 | |||
| 338 | ret = iphc_decompress(local_skb, dev, chan); | 344 | ret = iphc_decompress(local_skb, dev, chan); |
| 339 | if (ret < 0) { | 345 | if (ret < 0) { |
| 340 | kfree_skb(local_skb); | 346 | kfree_skb(local_skb); |
| @@ -343,7 +349,6 @@ static int recv_pkt(struct sk_buff *skb, struct net_device *dev, | |||
| 343 | 349 | ||
| 344 | local_skb->protocol = htons(ETH_P_IPV6); | 350 | local_skb->protocol = htons(ETH_P_IPV6); |
| 345 | local_skb->pkt_type = PACKET_HOST; | 351 | local_skb->pkt_type = PACKET_HOST; |
| 346 | local_skb->dev = dev; | ||
| 347 | 352 | ||
| 348 | if (give_skb_to_upper(local_skb, dev) | 353 | if (give_skb_to_upper(local_skb, dev) |
| 349 | != NET_RX_SUCCESS) { | 354 | != NET_RX_SUCCESS) { |
diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c index 41b5f3813f02..c78ee2dc9323 100644 --- a/net/bluetooth/hci_request.c +++ b/net/bluetooth/hci_request.c | |||
| @@ -688,21 +688,29 @@ static u8 update_white_list(struct hci_request *req) | |||
| 688 | * command to remove it from the controller. | 688 | * command to remove it from the controller. |
| 689 | */ | 689 | */ |
| 690 | list_for_each_entry(b, &hdev->le_white_list, list) { | 690 | list_for_each_entry(b, &hdev->le_white_list, list) { |
| 691 | struct hci_cp_le_del_from_white_list cp; | 691 | /* If the device is neither in pend_le_conns nor |
| 692 | * pend_le_reports then remove it from the whitelist. | ||
| 693 | */ | ||
| 694 | if (!hci_pend_le_action_lookup(&hdev->pend_le_conns, | ||
| 695 | &b->bdaddr, b->bdaddr_type) && | ||
| 696 | !hci_pend_le_action_lookup(&hdev->pend_le_reports, | ||
| 697 | &b->bdaddr, b->bdaddr_type)) { | ||
| 698 | struct hci_cp_le_del_from_white_list cp; | ||
| 699 | |||
| 700 | cp.bdaddr_type = b->bdaddr_type; | ||
| 701 | bacpy(&cp.bdaddr, &b->bdaddr); | ||
| 692 | 702 | ||
| 693 | if (hci_pend_le_action_lookup(&hdev->pend_le_conns, | 703 | hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, |
| 694 | &b->bdaddr, b->bdaddr_type) || | 704 | sizeof(cp), &cp); |
| 695 | hci_pend_le_action_lookup(&hdev->pend_le_reports, | ||
| 696 | &b->bdaddr, b->bdaddr_type)) { | ||
| 697 | white_list_entries++; | ||
| 698 | continue; | 705 | continue; |
| 699 | } | 706 | } |
| 700 | 707 | ||
| 701 | cp.bdaddr_type = b->bdaddr_type; | 708 | if (hci_find_irk_by_addr(hdev, &b->bdaddr, b->bdaddr_type)) { |
| 702 | bacpy(&cp.bdaddr, &b->bdaddr); | 709 | /* White list can not be used with RPAs */ |
| 710 | return 0x00; | ||
| 711 | } | ||
| 703 | 712 | ||
| 704 | hci_req_add(req, HCI_OP_LE_DEL_FROM_WHITE_LIST, | 713 | white_list_entries++; |
| 705 | sizeof(cp), &cp); | ||
| 706 | } | 714 | } |
| 707 | 715 | ||
| 708 | /* Since all no longer valid white list entries have been | 716 | /* Since all no longer valid white list entries have been |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 39a5149f3010..eb4f5f24cbe3 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c | |||
| @@ -197,10 +197,20 @@ int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm) | |||
| 197 | chan->sport = psm; | 197 | chan->sport = psm; |
| 198 | err = 0; | 198 | err = 0; |
| 199 | } else { | 199 | } else { |
| 200 | u16 p; | 200 | u16 p, start, end, incr; |
| 201 | |||
| 202 | if (chan->src_type == BDADDR_BREDR) { | ||
| 203 | start = L2CAP_PSM_DYN_START; | ||
| 204 | end = L2CAP_PSM_AUTO_END; | ||
| 205 | incr = 2; | ||
| 206 | } else { | ||
| 207 | start = L2CAP_PSM_LE_DYN_START; | ||
| 208 | end = L2CAP_PSM_LE_DYN_END; | ||
| 209 | incr = 1; | ||
| 210 | } | ||
| 201 | 211 | ||
| 202 | err = -EINVAL; | 212 | err = -EINVAL; |
| 203 | for (p = 0x1001; p < 0x1100; p += 2) | 213 | for (p = start; p <= end; p += incr) |
| 204 | if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) { | 214 | if (!__l2cap_global_chan_by_addr(cpu_to_le16(p), src)) { |
| 205 | chan->psm = cpu_to_le16(p); | 215 | chan->psm = cpu_to_le16(p); |
| 206 | chan->sport = cpu_to_le16(p); | 216 | chan->sport = cpu_to_le16(p); |
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 1bb551527044..e4cae72895a7 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c | |||
| @@ -58,7 +58,7 @@ static int l2cap_validate_bredr_psm(u16 psm) | |||
| 58 | return -EINVAL; | 58 | return -EINVAL; |
| 59 | 59 | ||
| 60 | /* Restrict usage of well-known PSMs */ | 60 | /* Restrict usage of well-known PSMs */ |
| 61 | if (psm < 0x1001 && !capable(CAP_NET_BIND_SERVICE)) | 61 | if (psm < L2CAP_PSM_DYN_START && !capable(CAP_NET_BIND_SERVICE)) |
| 62 | return -EACCES; | 62 | return -EACCES; |
| 63 | 63 | ||
| 64 | return 0; | 64 | return 0; |
| @@ -67,11 +67,11 @@ static int l2cap_validate_bredr_psm(u16 psm) | |||
| 67 | static int l2cap_validate_le_psm(u16 psm) | 67 | static int l2cap_validate_le_psm(u16 psm) |
| 68 | { | 68 | { |
| 69 | /* Valid LE_PSM ranges are defined only until 0x00ff */ | 69 | /* Valid LE_PSM ranges are defined only until 0x00ff */ |
| 70 | if (psm > 0x00ff) | 70 | if (psm > L2CAP_PSM_LE_DYN_END) |
| 71 | return -EINVAL; | 71 | return -EINVAL; |
| 72 | 72 | ||
| 73 | /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ | 73 | /* Restrict fixed, SIG assigned PSM values to CAP_NET_BIND_SERVICE */ |
| 74 | if (psm <= 0x007f && !capable(CAP_NET_BIND_SERVICE)) | 74 | if (psm < L2CAP_PSM_LE_DYN_START && !capable(CAP_NET_BIND_SERVICE)) |
| 75 | return -EACCES; | 75 | return -EACCES; |
| 76 | 76 | ||
| 77 | return 0; | 77 | return 0; |
| @@ -125,6 +125,9 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) | |||
| 125 | goto done; | 125 | goto done; |
| 126 | } | 126 | } |
| 127 | 127 | ||
| 128 | bacpy(&chan->src, &la.l2_bdaddr); | ||
| 129 | chan->src_type = la.l2_bdaddr_type; | ||
| 130 | |||
| 128 | if (la.l2_cid) | 131 | if (la.l2_cid) |
| 129 | err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); | 132 | err = l2cap_add_scid(chan, __le16_to_cpu(la.l2_cid)); |
| 130 | else | 133 | else |
| @@ -156,9 +159,6 @@ static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) | |||
| 156 | break; | 159 | break; |
| 157 | } | 160 | } |
| 158 | 161 | ||
| 159 | bacpy(&chan->src, &la.l2_bdaddr); | ||
| 160 | chan->src_type = la.l2_bdaddr_type; | ||
| 161 | |||
| 162 | if (chan->psm && bdaddr_type_is_le(chan->src_type)) | 162 | if (chan->psm && bdaddr_type_is_le(chan->src_type)) |
| 163 | chan->mode = L2CAP_MODE_LE_FLOWCTL; | 163 | chan->mode = L2CAP_MODE_LE_FLOWCTL; |
| 164 | 164 | ||
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c index ffed8a1d4f27..4b175df35184 100644 --- a/net/bluetooth/smp.c +++ b/net/bluetooth/smp.c | |||
| @@ -1072,22 +1072,6 @@ static void smp_notify_keys(struct l2cap_conn *conn) | |||
| 1072 | hcon->dst_type = smp->remote_irk->addr_type; | 1072 | hcon->dst_type = smp->remote_irk->addr_type; |
| 1073 | queue_work(hdev->workqueue, &conn->id_addr_update_work); | 1073 | queue_work(hdev->workqueue, &conn->id_addr_update_work); |
| 1074 | } | 1074 | } |
| 1075 | |||
| 1076 | /* When receiving an indentity resolving key for | ||
| 1077 | * a remote device that does not use a resolvable | ||
| 1078 | * private address, just remove the key so that | ||
| 1079 | * it is possible to use the controller white | ||
| 1080 | * list for scanning. | ||
| 1081 | * | ||
| 1082 | * Userspace will have been told to not store | ||
| 1083 | * this key at this point. So it is safe to | ||
| 1084 | * just remove it. | ||
| 1085 | */ | ||
| 1086 | if (!bacmp(&smp->remote_irk->rpa, BDADDR_ANY)) { | ||
| 1087 | list_del_rcu(&smp->remote_irk->list); | ||
| 1088 | kfree_rcu(smp->remote_irk, rcu); | ||
| 1089 | smp->remote_irk = NULL; | ||
| 1090 | } | ||
| 1091 | } | 1075 | } |
| 1092 | 1076 | ||
| 1093 | if (smp->csrk) { | 1077 | if (smp->csrk) { |