diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-11-21 20:20:36 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-11-21 20:20:36 -0500 |
| commit | 8a84e01e147f44111988f9d8ccd2eaa30215a0f2 (patch) | |
| tree | 77617b3ab40f5c97575400db348b120c36871ed8 /net/ipv4 | |
| parent | 928352e9eebabb814d0c38af1772af55677faf62 (diff) | |
| parent | 0c228e833c88e3aa029250f5db77d5968c5ce5b5 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Fix BUG when decrypting empty packets in mac80211, from Ronald Wahl.
2) nf_nat_range is not fully initialized and this is copied back to
userspace, from Daniel Borkmann.
3) Fix read past end of b uffer in netfilter ipset, also from Dan
Carpenter.
4) Signed integer overflow in ipv4 address mask creation helper
inet_make_mask(), from Vincent BENAYOUN.
5) VXLAN, be2net, mlx4_en, and qlcnic need ->ndo_gso_check() methods to
properly describe the device's capabilities, from Joe Stringer.
6) Fix memory leaks and checksum miscalculations in openvswitch, from
Pravin B SHelar and Jesse Gross.
7) FIB rules passes back ambiguous error code for unreachable routes,
making behavior confusing for userspace. Fix from Panu Matilainen.
8) ieee802154fake_probe() doesn't release resources properly on error,
from Alexey Khoroshilov.
9) Fix skb_over_panic in add_grhead(), from Daniel Borkmann.
10) Fix access of stale slave pointers in bonding code, from Nikolay
Aleksandrov.
11) Fix stack info leak in PPP pptp code, from Mathias Krause.
12) Cure locking bug in IPX stack, from Jiri Bohac.
13) Revert SKB fclone memory freeing optimization that is racey and can
allow accesses to freed up memory, from Eric Dumazet.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (71 commits)
tcp: Restore RFC5961-compliant behavior for SYN packets
net: Revert "net: avoid one atomic operation in skb_clone()"
virtio-net: validate features during probe
cxgb4 : Fix DCB priority groups being returned in wrong order
ipx: fix locking regression in ipx_sendmsg and ipx_recvmsg
openvswitch: Don't validate IPv6 label masks.
pptp: fix stack info leak in pptp_getname()
brcmfmac: don't include linux/unaligned/access_ok.h
cxgb4i : Don't block unload/cxgb4 unload when remote closes TCP connection
ipv6: delete protocol and unregister rtnetlink when cleanup
net/mlx4_en: Add VXLAN ndo calls to the PF net device ops too
bonding: fix curr_active_slave/carrier with loadbalance arp monitoring
mac80211: minstrel_ht: fix a crash in rate sorting
vxlan: Inline vxlan_gso_check().
can: m_can: update to support CAN FD features
can: m_can: fix incorrect error messages
can: m_can: add missing delay after setting CCCR_INIT bit
can: m_can: fix not set can_dlc for remote frame
can: m_can: fix possible sleep in napi poll
can: m_can: add missing message RAM initialization
...
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/fib_rules.c | 4 | ||||
| -rw-r--r-- | net/ipv4/igmp.c | 11 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nft_masq_ipv4.c | 1 | ||||
| -rw-r--r-- | net/ipv4/tcp_input.c | 4 |
4 files changed, 12 insertions, 8 deletions
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c index f2e15738534d..8f7bd56955b0 100644 --- a/net/ipv4/fib_rules.c +++ b/net/ipv4/fib_rules.c | |||
| @@ -62,6 +62,10 @@ int __fib_lookup(struct net *net, struct flowi4 *flp, struct fib_result *res) | |||
| 62 | else | 62 | else |
| 63 | res->tclassid = 0; | 63 | res->tclassid = 0; |
| 64 | #endif | 64 | #endif |
| 65 | |||
| 66 | if (err == -ESRCH) | ||
| 67 | err = -ENETUNREACH; | ||
| 68 | |||
| 65 | return err; | 69 | return err; |
| 66 | } | 70 | } |
| 67 | EXPORT_SYMBOL_GPL(__fib_lookup); | 71 | EXPORT_SYMBOL_GPL(__fib_lookup); |
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c index fb70e3ecc3e4..bb15d0e03d4f 100644 --- a/net/ipv4/igmp.c +++ b/net/ipv4/igmp.c | |||
| @@ -318,9 +318,7 @@ igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted) | |||
| 318 | return scount; | 318 | return scount; |
| 319 | } | 319 | } |
| 320 | 320 | ||
| 321 | #define igmp_skb_size(skb) (*(unsigned int *)((skb)->cb)) | 321 | static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu) |
| 322 | |||
| 323 | static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size) | ||
| 324 | { | 322 | { |
| 325 | struct sk_buff *skb; | 323 | struct sk_buff *skb; |
| 326 | struct rtable *rt; | 324 | struct rtable *rt; |
| @@ -330,6 +328,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size) | |||
| 330 | struct flowi4 fl4; | 328 | struct flowi4 fl4; |
| 331 | int hlen = LL_RESERVED_SPACE(dev); | 329 | int hlen = LL_RESERVED_SPACE(dev); |
| 332 | int tlen = dev->needed_tailroom; | 330 | int tlen = dev->needed_tailroom; |
| 331 | unsigned int size = mtu; | ||
| 333 | 332 | ||
| 334 | while (1) { | 333 | while (1) { |
| 335 | skb = alloc_skb(size + hlen + tlen, | 334 | skb = alloc_skb(size + hlen + tlen, |
| @@ -341,7 +340,6 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size) | |||
| 341 | return NULL; | 340 | return NULL; |
| 342 | } | 341 | } |
| 343 | skb->priority = TC_PRIO_CONTROL; | 342 | skb->priority = TC_PRIO_CONTROL; |
| 344 | igmp_skb_size(skb) = size; | ||
| 345 | 343 | ||
| 346 | rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0, | 344 | rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0, |
| 347 | 0, 0, | 345 | 0, 0, |
| @@ -354,6 +352,8 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size) | |||
| 354 | skb_dst_set(skb, &rt->dst); | 352 | skb_dst_set(skb, &rt->dst); |
| 355 | skb->dev = dev; | 353 | skb->dev = dev; |
| 356 | 354 | ||
| 355 | skb->reserved_tailroom = skb_end_offset(skb) - | ||
| 356 | min(mtu, skb_end_offset(skb)); | ||
| 357 | skb_reserve(skb, hlen); | 357 | skb_reserve(skb, hlen); |
| 358 | 358 | ||
| 359 | skb_reset_network_header(skb); | 359 | skb_reset_network_header(skb); |
| @@ -423,8 +423,7 @@ static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc, | |||
| 423 | return skb; | 423 | return skb; |
| 424 | } | 424 | } |
| 425 | 425 | ||
| 426 | #define AVAILABLE(skb) ((skb) ? ((skb)->dev ? igmp_skb_size(skb) - (skb)->len : \ | 426 | #define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) |
| 427 | skb_tailroom(skb)) : 0) | ||
| 428 | 427 | ||
| 429 | static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, | 428 | static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, |
| 430 | int type, int gdeleted, int sdeleted) | 429 | int type, int gdeleted, int sdeleted) |
diff --git a/net/ipv4/netfilter/nft_masq_ipv4.c b/net/ipv4/netfilter/nft_masq_ipv4.c index c1023c445920..665de06561cd 100644 --- a/net/ipv4/netfilter/nft_masq_ipv4.c +++ b/net/ipv4/netfilter/nft_masq_ipv4.c | |||
| @@ -24,6 +24,7 @@ static void nft_masq_ipv4_eval(const struct nft_expr *expr, | |||
| 24 | struct nf_nat_range range; | 24 | struct nf_nat_range range; |
| 25 | unsigned int verdict; | 25 | unsigned int verdict; |
| 26 | 26 | ||
| 27 | memset(&range, 0, sizeof(range)); | ||
| 27 | range.flags = priv->flags; | 28 | range.flags = priv->flags; |
| 28 | 29 | ||
| 29 | verdict = nf_nat_masquerade_ipv4(pkt->skb, pkt->ops->hooknum, | 30 | verdict = nf_nat_masquerade_ipv4(pkt->skb, pkt->ops->hooknum, |
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 88fa2d160685..d107ee246a1d 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c | |||
| @@ -5231,7 +5231,7 @@ slow_path: | |||
| 5231 | if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) | 5231 | if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) |
| 5232 | goto csum_error; | 5232 | goto csum_error; |
| 5233 | 5233 | ||
| 5234 | if (!th->ack && !th->rst) | 5234 | if (!th->ack && !th->rst && !th->syn) |
| 5235 | goto discard; | 5235 | goto discard; |
| 5236 | 5236 | ||
| 5237 | /* | 5237 | /* |
| @@ -5650,7 +5650,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, | |||
| 5650 | goto discard; | 5650 | goto discard; |
| 5651 | } | 5651 | } |
| 5652 | 5652 | ||
| 5653 | if (!th->ack && !th->rst) | 5653 | if (!th->ack && !th->rst && !th->syn) |
| 5654 | goto discard; | 5654 | goto discard; |
| 5655 | 5655 | ||
| 5656 | if (!tcp_validate_incoming(sk, skb, th, 0)) | 5656 | if (!tcp_validate_incoming(sk, skb, th, 0)) |