Eric Lee / smarc-fsl-linux-kernel

17 Dec, 2011

1 commit

07 Nov, 2011

1 commit

  • 32aaeffbd   Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux ... Browse Code »

    * 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux: (230 commits)
    Revert "tracing: Include module.h in define_trace.h"
    irq: don't put module.h into irq.h for tracking irqgen modules.
    bluetooth: macroize two small inlines to avoid module.h
    ip_vs.h: fix implicit use of module_get/module_put from module.h
    nf_conntrack.h: fix up fallout from implicit moduleparam.h presence
    include: replace linux/module.h with "struct module" wherever possible
    include: convert various register fcns to macros to avoid include chaining
    crypto.h: remove unused crypto_tfm_alg_modname() inline
    uwb.h: fix implicit use of asm/page.h for PAGE_SIZE
    pm_runtime.h: explicitly requires notifier.h
    linux/dmaengine.h: fix implicit use of bitmap.h and asm/page.h
    miscdevice.h: fix up implicit use of lists and types
    stop_machine.h: fix implicit use of smp.h for smp_processor_id
    of: fix implicit use of errno.h in include/linux/of.h
    of_platform.h: delete needless include
    acpi: remove module.h include from platform/aclinux.h
    miscdevice.h: delete unnecessary inclusion of module.h
    device_cgroup.h: delete needless include
    net: sch_generic remove redundant use of
    net: inet_timewait_sock doesnt need
    ...

    Fix up trivial conflicts (other header files, and removal of the ab3550 mfd driver) in
    - drivers/media/dvb/frontends/dibx000_common.c
    - drivers/media/video/{mt9m111.c,ov6650.c}
    - drivers/mfd/ab3550-core.c
    - include/linux/dmaengine.h

    Linus Torvalds
     

02 Nov, 2011

1 commit

  • 501e89d3a   x25: Fix NULL dereference in x25_recvmsg ... Browse Code »

    commit cb101ed2 in 3.0 introduced a bug in x25_recvmsg()
    When passed bogus junk from userspace, x25->neighbour can be NULL,
    as shown in this oops..

    BUG: unable to handle kernel NULL pointer dereference at 000000000000001c
    IP: [] x25_recvmsg+0x4d/0x280 [x25]
    PGD 1015f3067 PUD 105072067 PMD 0
    Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
    CPU 0
    Pid: 27928, comm: iknowthis Not tainted 3.1.0+ #2 Gigabyte Technology Co., Ltd. GA-MA78GM-S2H/GA-MA78GM-S2H
    RIP: 0010:[] [] x25_recvmsg+0x4d/0x280 [x25]
    RSP: 0018:ffff88010c0b7cc8 EFLAGS: 00010282
    RAX: 0000000000000000 RBX: ffff88010c0b7d78 RCX: 0000000000000c02
    RDX: ffff88010c0b7d78 RSI: ffff88011c93dc00 RDI: ffff880103f667b0
    RBP: ffff88010c0b7d18 R08: 0000000000000000 R09: 0000000000000000
    R10: 0000000000000000 R11: 0000000000000000 R12: ffff880103f667b0
    R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
    FS: 00007f479ce7f700(0000) GS:ffff88012a600000(0000) knlGS:0000000000000000
    CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
    CR2: 000000000000001c CR3: 000000010529e000 CR4: 00000000000006f0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    Process iknowthis (pid: 27928, threadinfo ffff88010c0b6000, task ffff880103faa4f0)
    Stack:
    0000000000000c02 0000000000000c02 ffff88010c0b7d18 ffffff958153cb37
    ffffffff8153cb60 0000000000000c02 ffff88011c93dc00 0000000000000000
    0000000000000c02 ffff88010c0b7e10 ffff88010c0b7de8 ffffffff815372c2
    Call Trace:
    [] ? sock_update_classid+0xb0/0x180
    [] sock_aio_read.part.10+0x142/0x150
    [] ? inode_has_perm+0x62/0xa0
    [] sock_aio_read+0x2d/0x40
    [] do_sync_read+0xd2/0x110
    [] ? security_file_permission+0x96/0xb0
    [] ? rw_verify_area+0x61/0x100
    [] vfs_read+0x16d/0x180
    [] sys_read+0x4d/0x90
    [] system_call_fastpath+0x16/0x1b
    Code: 8b 66 20 4c 8b 32 48 89 d3 48 89 4d b8 45 89 c7 c7 45 cc 95 ff ff ff 4d 85 e4 0f 84 ed 01 00 00 49 8b 84 24 18 05 00 00 4c 89 e7
    78 1c 01 45 19 ed 31 f6 e8 d5 37 ff e0 41 0f b6 44 24 0e 41

    Signed-off-by: Dave Jones
    Acked-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Dave Jones
     

01 Nov, 2011

1 commit

18 Oct, 2011

3 commits

  • 7f81e25be   x25: Prevent skb overreads when checking call user data ... Browse Code »
    1

    x25_find_listener does not check that the amount of call user data given
    in the skb is big enough in per-socket comparisons, hence buffer
    overreads may occur. Fix this by adding a check.

    Signed-off-by: Matthew Daley
    Cc: Eric Dumazet
    Cc: Andrew Hendry
    Cc: stable
    Acked-by: Andrew Hendry
    Signed-off-by: David S. Miller

    Matthew Daley
     
  • cb101ed2c   x25: Handle undersized/fragmented skbs ... Browse Code »

    There are multiple locations in the X.25 packet layer where a skb is
    assumed to be of at least a certain size and that all its data is
    currently available at skb->data. These assumptions are not checked,
    hence buffer overreads may occur. Use pskb_may_pull to check these
    minimal size assumptions and ensure that data is available at skb->data
    when necessary, as well as use skb_copy_bits where needed.

    Signed-off-by: Matthew Daley
    Cc: Eric Dumazet
    Cc: Andrew Hendry
    Cc: stable
    Acked-by: Andrew Hendry
    Signed-off-by: David S. Miller

    Matthew Daley
     
  • c7fd0d48b   x25: Validate incoming call user data lengths ... Browse Code »

    X.25 call user data is being copied in its entirety from incoming messages
    without consideration to the size of the destination buffers, leading to
    possible buffer overflows. Validate incoming call user data lengths before
    these copies are performed.

    It appears this issue was noticed some time ago, however nothing seemed to
    come of it: see http://www.spinics.net/lists/linux-x25/msg00043.html and
    commit 8db09f26f912f7c90c764806e804b558da520d4f.

    Signed-off-by: Matthew Daley
    Acked-by: Eric Dumazet
    Tested-by: Andrew Hendry
    Cc: stable
    Signed-off-by: David S. Miller

    Matthew Daley
     

02 Jul, 2011

1 commit

31 Mar, 2011

1 commit

05 Mar, 2011

1 commit

  • 77b228360   x25: remove the BKL ... Browse Code »

    This replaces all instances of lock_kernel in x25
    with lock_sock, taking care to release the socket
    lock around sleeping functions (sock_alloc_send_skb
    and skb_recv_datagram). It is not clear whether
    this is a correct solution, but it seem to be what
    other protocols do in the same situation.

    Includes a fix suggested by Eric Dumazet.

    Signed-off-by: Arnd Bergmann
    Acked-by: David S. Miller
    Tested-by: Andrew Hendry
    Cc: linux-x25@vger.kernel.org
    Cc: netdev@vger.kernel.org
    Cc: Eric Dumazet

    Arnd Bergmann
     

10 Feb, 2011

1 commit

08 Feb, 2011

1 commit

  • 95c304300   x25: possible skb leak on bad facilities ... Browse Code »

    Originally x25_parse_facilities returned
    -1 for an error
    0 meaning 0 length facilities
    >0 the length of the facilities parsed.

    5ef41308f94dc ("x25: Prevent crashing when parsing bad X.25 facilities") introduced more
    error checking in x25_parse_facilities however used 0 to indicate bad parsing
    a6331d6f9a429 ("memory corruption in X.25 facilities parsing") followed this further for
    DTE facilities, again using 0 for bad parsing.

    The meaning of 0 got confused in the callers.
    If the facilities are messed up we can't determine where the data starts.
    So patch makes all parsing errors return -1 and ensures callers close and don't use the skb further.

    Reported-by: Andy Whitcroft
    Signed-off-by: Andrew Hendry
    Signed-off-by: David S. Miller

    andrew hendry
     

09 Dec, 2010

2 commits

29 Nov, 2010

5 commits

20 Nov, 2010

4 commits

13 Nov, 2010

1 commit

  • 5ef41308f   x25: Prevent crashing when parsing bad X.25 facilities ... Browse Code »

    Now with improved comma support.

    On parsing malformed X.25 facilities, decrementing the remaining length
    may cause it to underflow. Since the length is an unsigned integer,
    this will result in the loop continuing until the kernel crashes.

    This patch adds checks to ensure decrementing the remaining length does
    not cause it to wrap around.

    Signed-off-by: Dan Rosenberg
    Signed-off-by: David S. Miller

    Dan Rosenberg
     

04 Nov, 2010

1 commit

24 Oct, 2010

1 commit

  • 5f05647dd   Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 ... Browse Code »

    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1699 commits)
    bnx2/bnx2x: Unsupported Ethtool operations should return -EINVAL.
    vlan: Calling vlan_hwaccel_do_receive() is always valid.
    tproxy: use the interface primary IP address as a default value for --on-ip
    tproxy: added IPv6 support to the socket match
    cxgb3: function namespace cleanup
    tproxy: added IPv6 support to the TPROXY target
    tproxy: added IPv6 socket lookup function to nf_tproxy_core
    be2net: Changes to use only priority codes allowed by f/w
    tproxy: allow non-local binds of IPv6 sockets if IP_TRANSPARENT is enabled
    tproxy: added tproxy sockopt interface in the IPV6 layer
    tproxy: added udp6_lib_lookup function
    tproxy: added const specifiers to udp lookup functions
    tproxy: split off ipv6 defragmentation to a separate module
    l2tp: small cleanup
    nf_nat: restrict ICMP translation for embedded header
    can: mcp251x: fix generation of error frames
    can: mcp251x: fix endless loop in interrupt handler if CANINTF_MERRF is set
    can-raw: add msg_flags to distinguish local traffic
    9p: client code cleanup
    rds: make local functions/variables static
    ...

    Fix up conflicts in net/core/dev.c, drivers/net/pcmcia/smc91c92_cs.c and
    drivers/net/wireless/ath/ath9k/debug.c as per David

    Linus Torvalds
     

21 Oct, 2010

1 commit

  • 6de5bd128   BKL: introduce CONFIG_BKL. ... Browse Code »

    With all the patches we have queued in the BKL removal tree, only a
    few dozen modules are left that actually rely on the BKL, and even
    there are lots of low-hanging fruit. We need to decide what to do
    about them, this patch illustrates one of the options:

    Every user of the BKL is marked as 'depends on BKL' in Kconfig,
    and the CONFIG_BKL becomes a user-visible option. If it gets
    disabled, no BKL using module can be built any more and the BKL
    code itself is compiled out.

    The one exception is file locking, which is practically always
    enabled and does a 'select BKL' instead. This effectively forces
    CONFIG_BKL to be enabled until we have solved the fs/lockd
    mess and can apply the patch that removes the BKL from fs/locks.c.

    Signed-off-by: Arnd Bergmann

    Arnd Bergmann
     

23 Sep, 2010

2 commits

15 Sep, 2010

4 commits

18 May, 2010

4 commits

28 Apr, 2010

1 commit

23 Apr, 2010

1 commit

  • 5ebfbc06a   X25: Add if_x25.h and x25 to device identifiers ... Browse Code »

    V2 Feedback from John Hughes.
    - Add header for userspace implementations such as xot/xoe to use
    - Use explicit values for interface stability
    - No changes to driver patches

    V1
    - Use identifiers instead of magic numbers for X25 layer 3 to device interface.
    - Also fixed checkpatch notes on updated code.

    [ Add new user header to include/linux/Kbuild -DaveM ]

    Signed-off-by: Andrew Hendry
    Signed-off-by: David S. Miller

    Andrew Hendry
     

22 Apr, 2010

1 commit

  • 2cec6b014   X25 fix dead unaccepted sockets ... Browse Code »

    1, An X25 program binds and listens
    2, calls arrive waiting to be accepted
    3, Program exits without accepting
    4, Sockets time out but don't get correctly cleaned up
    5, cat /proc/net/x25/socket shows the dead sockets with bad inode fields.

    This line borrowed from AX25 sets the dying socket so the timers clean up later.

    Signed-off-by: Andrew Hendry
    Signed-off-by: David S. Miller

    andrew hendry