lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Wed, 26 Jun 2013 17:53:43 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	torvalds@...ux-foundation.org
CC:	akpm@...ux-foundation.org, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [GIT] Networking


1) Found via trinity.

   If you connect up an ipv6 socket to an ipv4 mapped address then an
   ipv6 one, sendmsg() can croak because ip6_sk_dst_check() assumes
   the route cached in the socket is an ipv6 one.  In this case there
   is an ipv4 route attached, so it gets stomped on.

   Reported by Dave Jones and Hannes Frederic Sowa, fixed by Eric
   Dumazet.

2) AF_KEY notifications leak some kernel memory to userspace, fix
   from Mathias Krause.

3) DLCI calls __dev_get_by_name() without proper locking, and dlci_del
   doesn't validate that the device being deleted is actually a DLCI
   one.  Fixes from Li Zefan.

4) Length check on bluetooth l2cap information responses is wrong,
   each response type has a different lenth, so we should make sure
   it's in a given range rather than enforce one single valid length.
   From Jaganath Kanakkassery.

5) Receive FIFO overflow is really easy to trigger in stress scenerios
   in the sh_eth driver, but the event isn't being handled properly at
   all.  Specifically, the mask of error interrupts doesn't include the
   event so we never clear it, resulting in the driver becomming wedged
   processing an interrupt that never gets cleared.

   Fix from Sergei Shtylyov.

6) qlcnic sleeps while holding a spinlock, use mdelay() instead of
   msleep().  From Shahed Shaikh.

7) Missing curly braces causes SIP netfilter NAT module to always
   drop packets.  Fix from Balazs Peter Odor.

8) ipt_ULOG in netfilter passes the wrong value to timer setup, causing
   the timer to dereference crap when it fires.  Fix from Gao Feng.

9) Missing RCU protection around txq->axq_acq traversal in
   ath_txq_schedule().  Fix from Felix Fietkau.

10) Idle state transition test in ath9k_htc_config() is reversed, fix
    from Sujith Manoharan.

11) IPV6 forwarding handles unicast Router Alert packets incorrectly.
    It tests the wrong option state.  Previously opt->ra being
    non-zero indicated a router alert marking in the SKB, but now it's
    indicated by a bit in opt->flags.  Fix from YOSHIFUJI Hideaki.

12) SKB leak in GRE tunnel GSO handling, from Eric Dumazet.

13) get_user_pages_fast() error handling in TUN and MACVTAP use the
    same local variable for the base index and the loop iterator for
    page traversal, oops!  Fix from Michael S. Tsirkin.

14) ipv6_get_lladdr() can fail, and we must therefore check it's return
    value in inet6_set_iftoken().  For from Hannes Frederic Sowa.

15) If you change an interface name and meanwhile can sneak in something
    that looks up the name (like SO_BINDTODEVICE or SIOCGIFNAME) we can
    deadlock with CONFIG_PREEMPT=n.  Fix this by providing a helper function
    that properly uses raw_seqcount_begin().  From Nicolas Schichan.

16) Chain noise calibration test is inverted in iwlwifi, fix from Nikolay
    Martynov.

17) Properly set TX iwlwifi descriptor flags for back requests.  Fix from
    Emmanuel Grumbach.

18) We can't assume skb_transport_header() is set in xt_TCPOPTSTRAP module,
    fix from Pablo Neira Ayuso.

19) Some crummy APs don't provide the proper High Throughput info in
    association response frames.  Add a workaround by assume we'll use
    whatever is in the beacon/probe.  Fix from Johannes Berg.

20) mac80211 call to rate_idx_match_mask() swaps two arguments (mask
    and channel width).  Fix from Simon Wunderlich.

21) xt_TCPMSS (like xt_TCPOPTSTRAP) must not try to handle fragmented
    frames.  Fix from Phil Oester.

22) Fix rate control regression causing iwlwifi/iwlegacy chips to use
    1Mbit/s on pre-11n networks.  From Moshe Benji and Stanslaw
    Gruszka.

23) Disable brcmsmac power-save functions, they cause regressions.
    From Arend van Spriel.

24) Enforce a sane minimum MTU in l2cap_build_cmd() otherwise we can
    easily crash.  Fix from Anderson Lizardo.

25) If a learning packet arrives during vxlan_stop() we crash, easily
    fixed by checking netif_running().  From Stephen Hemminger.

26) Static vxlan FDB entries should not be migrated, also from
    Stephen.

27) skb_clone() failures not handled in vxlan_xmit(), oops.  Also
    from Stephen.

28) Add minimal driver for AR816x/AR817x ethernet chips, from Johannes
    Berg.

29) Fix regression in userspace VLAN acceleration control, added by
    the 802.1ad support changes.  Fix from Fernando Luis Vazquez Cao.

30) Interval selection for MLD queries in the bridging code was
    reversed.  Fix from Linus Lüssing.

31) ipv6's ndisc_send_redirect() erroneously writes to the packet we
    received not the packet we are building to send out.  Fix from
    Matthias Schiffer.

32) Don't free netdev before unregistering it, in usb_8dev can driver.
    From Marc Kleine-Budde.

33) Fix nl80211 attribute buffer races, from Johannes Berg.

34) Although netlink_diag.h is under uapi/ it isn't present in Kbuild.
    From Stephen Hemminger.

35) Wrong address and family passed to MD5 key lookups in TCP, from
    Aydin Arik.

36) phy_type attribute created by SFC driver should not be writable.
    From Ben Hutchings.

37) Receive/Transmit queue allocations in pxa168_eth and mv643xx_eth
    should use kzalloc().  Otherwise if setup fails half-way, we'll
    dereference garbage when trying to teardown the rings.  From
    Lubomir Rintel.

38) Fix double-allocation of dst (resulting in unfreeable net device)
    in ipv6's init_loopback().  From Gao Feng.

39) Fix fragmentation handling SKB leak in netfilter conntrack, we
    were freeing the wrong skb pointer.  From Phil Oester.

40) Don't report "-1" (SPEED_UNKNOWN) in bond_miimon_commit(), from
    Nikolay Aleksandrov.

41) davinci_cpdma doesn't check for DMA mapping errors, letting the
    device scribble to random addresses.  From Sebastian Siewior.

Please pull, thanks a lot!

The following changes since commit 8177a9d79c0e942dcac3312f15585d0344d505a5:

  lseek(fd, n, SEEK_END) does *not* go to eof - n (2013-06-16 08:10:53 -1000)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/davem/net master

for you to fetch changes up to 578a1310f2592ba90c5674bca21c1dbd1adf3f0a:

  dlci: validate the net device in dlci_del() (2013-06-26 15:36:42 -0700)

----------------------------------------------------------------
Amir Vadai (1):
      net/mlx_en: Timestamping is not supported in slave mode

Anderson Lizardo (1):
      Bluetooth: Fix crash in l2cap_build_cmd() with small MTU

Arend van Spriel (2):
      brcmsmac: disable power-save related functions
      brcmfmac: free primary net_device when brcmf_bus_start() fails

Aydin Arik (1):
      ipv4: Fixed MD5 key lookups when adding/ removing MD5 to/ from TCP sockets.

Balazs Peter Odor (1):
      netfilter: nf_nat_sip: fix mangling

Ben Hutchings (1):
      sfc: Remove write permission from phy_type attribute

Dan Williams (1):
      qmi_wwan: add various Novatel Gobi1K IDs

Daniel Drake (1):
      Bluetooth: btmrvl: fix thread stopping race

David Daney (2):
      netdev: octeon_mgmt: Correct tx IFG workaround.
      netdev: octeon_mgmt: Fix structure layout for little-endian.

David S. Miller (4):
      Merge branch 'master' of git://git.kernel.org/.../pablo/nf
      Merge branch 'for-davem' of git://git.kernel.org/.../linville/wireless into wireless
      Merge branch 'master' of git://git.kernel.org/.../pablo/nf
      Merge branch 'for-davem' of git://git.kernel.org/.../linville/wireless

Emmanuel Grumbach (1):
      iwlwifi: mvm: correctly set the flags for BAR

Eric Dumazet (2):
      gre: fix a possible skb leak
      ipv6: ip6_sk_dst_check() must not assume ipv6 dst

Felix Fietkau (1):
      ath9k: fix an RCU issue in calling ieee80211_get_tx_rates

Fernando Luis Vazquez Cao (1):
      vlan: restore ethtool ABI to control VLAN hardware acceleration

Florian Westphal (1):
      netfilter: ctnetlink: send event when conntrack label was modified

Gao feng (2):
      ipv6: don't call addrconf_dst_alloc again when enable lo
      netfilter: ipt_ULOG: fix incorrect setting of ulog timer

Gavin Shan (1):
      net/tg3: Avoid delay during MMIO access

Giuseppe CAVALLARO (1):
      stmmac: fix EEE setup

Guenter Roeck (1):
      net: fec: Fix build for MCF5272

Haiyang Zhang (1):
      Fix the VLAN_TAG_PRESENT in netvsc_recv_callback()

Hannes Frederic Sowa (1):
      ipv6: check return value of ipv6_get_lladdr

Jaganath Kanakkassery (1):
      Bluetooth: Fix invalid length check in l2cap_information_rsp()

Johan Hedberg (1):
      Bluetooth: Fix conditions for HCI_Delete_Stored_Link_Key

Johannes Berg (4):
      iwlwifi: don't print module loading error if not modular
      mac80211: work around broken APs not including HT info
      alx: add a simple AR816x/AR817x device driver
      nl80211: fix attrbuf access race by allocating a separate one

John W. Linville (7):
      Merge branch 'for-john' of git://git.kernel.org/.../jberg/mac80211
      Merge branch 'for-john' of git://git.kernel.org/.../iwlwifi/iwlwifi-fixes
      Merge branch 'master' of git://git.kernel.org/.../linville/wireless into for-davem
      Merge branch 'for-john' of git://git.kernel.org/.../jberg/mac80211
      Merge branch 'master' of git://git.kernel.org/.../linville/wireless into for-davem
      Merge branch 'master' of git://git.kernel.org/.../bluetooth/bluetooth
      Merge branch 'master' of git://git.kernel.org/.../linville/wireless into for-davem

Julian Anastasov (1):
      ipvs: SCTP ports should be writable in ICMP packets

Linus Lüssing (1):
      bridge: fix switched interval for MLD Query types

Lubomir Rintel (2):
      pxa168_eth: Allocate receive queue initialized to zero
      mv643xx_eth: Allocate receive queue initialized to zero

Marc Kleine-Budde (1):
      can: usb_8dev: unregister netdev before free()ing

Mathias Krause (1):
      af_key: fix info leaks in notify messages

Matthias Schiffer (1):
      ipv6: ndisc: fix ndisc_send_redirect writing to the wrong skb

Michael S. Tsirkin (2):
      tun: fix recovery from gup errors
      macvtap: fix recovery from gup errors

Moshe Benji (1):
      iwlwifi: fix rate control regression

Mugunthan V N (2):
      drivers: net: cpsw: fix cpsw clock gating issue across suspend/resume
      drivers: net: cpsw: fix compilation error with cpsw driver

Nicolas Schichan (1):
      net: fix kernel deadlock with interface rename and netdev name retrieval.

Nikolay Aleksandrov (1):
      bonding: fix slave speed reporting in bond_miimon_commit

Nikolay Martynov (1):
      iwlwifi: dvm: fix chain noise calibration

Olaf Hering (1):
      net: vlan: fix comment for vlan_ethhdr->h_vlan_proto

Pablo Neira Ayuso (1):
      netfilter: xt_TCPOPTSTRIP: don't use tcp_hdr()

Phil Oester (3):
      netfilter: xt_TCPMSS: Fix IPv6 default MSS too
      netfilter: xt_TCPMSS: Fix missing fragmentation handling
      netfilter: nf_conntrack_ipv6: Plug sk_buff leak in fragment handling

Sebastian Siewior (2):
      net: cpsw: check for cpts pointer after its allocation
      net: eth: davicnci_cpdma: check dma map error

Sergei Shtylyov (2):
      sh_eth: fix unhandled RFE interrupt
      sh_eth: fix misreporting of transmit abort

Shahed Shaikh (1):
      qlcnic: Do not sleep while holding spinlock

Shan Wei (1):
      tcp: doc : fix the syncookies default value

Simon Wunderlich (2):
      mac80211: abort CAC in stop_ap()
      mac80211: Fix rate control mask matching call

Stanislaw Gruszka (2):
      iwlegacy: fix rate control regression
      rt2800: fix RT5390 & RT3290 TX power settings regression

Sujith Manoharan (1):
      ath9k_htc: Handle IDLE state transition properly

YOSHIFUJI Hideaki / 吉藤英明 (1):
      ipv6: Process unicast packet with Router Alert by checking flag in skb.

Zefan Li (2):
      dlci: acquire rtnl_lock before calling __dev_get_by_name()
      dlci: validate the net device in dlci_del()

stephen hemminger (5):
      vxlan: fix race between flush and incoming learning
      vxlan: only migrate dynamic FDB entries
      vxlan: handle skb_clone failure
      vxlan: fix check for migration of static entry
      netlink: export netlink_diag.h header

 Documentation/networking/ip-sysctl.txt              |    4 +-
 drivers/bluetooth/btmrvl_main.c                     |    9 +-
 drivers/net/bonding/bond_main.c                     |    3 +-
 drivers/net/can/usb/usb_8dev.c                      |    5 +-
 drivers/net/ethernet/atheros/Kconfig                |   18 +
 drivers/net/ethernet/atheros/Makefile               |    1 +
 drivers/net/ethernet/atheros/alx/Makefile           |    3 +
 drivers/net/ethernet/atheros/alx/alx.h              |  114 ++++++
 drivers/net/ethernet/atheros/alx/ethtool.c          |  272 +++++++++++++
 drivers/net/ethernet/atheros/alx/hw.c               | 1226 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 drivers/net/ethernet/atheros/alx/hw.h               |  499 +++++++++++++++++++++++
 drivers/net/ethernet/atheros/alx/main.c             | 1625 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 drivers/net/ethernet/atheros/alx/reg.h              |  810 +++++++++++++++++++++++++++++++++++++
 drivers/net/ethernet/broadcom/tg3.c                 |   36 ++
 drivers/net/ethernet/freescale/fec_main.c           |   14 +
 drivers/net/ethernet/marvell/mv643xx_eth.c          |    2 +-
 drivers/net/ethernet/marvell/pxa168_eth.c           |    4 +-
 drivers/net/ethernet/mellanox/mlx4/main.c           |    3 +
 drivers/net/ethernet/octeon/octeon_mgmt.c           |   31 +-
 drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c     |    2 +-
 drivers/net/ethernet/renesas/sh_eth.c               |   38 +-
 drivers/net/ethernet/renesas/sh_eth.h               |    2 +-
 drivers/net/ethernet/sfc/efx.c                      |    2 +-
 drivers/net/ethernet/stmicro/stmmac/common.h        |    4 +-
 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c   |   66 ++-
 drivers/net/ethernet/ti/cpsw.c                      |    5 +-
 drivers/net/ethernet/ti/davinci_cpdma.c             |    7 +
 drivers/net/hyperv/netvsc_drv.c                     |    4 +-
 drivers/net/macvtap.c                               |    6 +-
 drivers/net/tun.c                                   |    6 +-
 drivers/net/usb/qmi_wwan.c                          |    8 +-
 drivers/net/vxlan.c                                 |   40 +-
 drivers/net/wan/dlci.c                              |   26 +-
 drivers/net/wireless/ath/ath9k/htc_drv_main.c       |    2 +-
 drivers/net/wireless/ath/ath9k/xmit.c               |    6 +-
 drivers/net/wireless/brcm80211/brcmfmac/dhd_linux.c |    4 +
 drivers/net/wireless/brcm80211/brcmsmac/main.c      |   17 +-
 drivers/net/wireless/iwlegacy/3945-rs.c             |    1 +
 drivers/net/wireless/iwlegacy/4965-rs.c             |    2 +-
 drivers/net/wireless/iwlwifi/dvm/rs.c               |    2 +-
 drivers/net/wireless/iwlwifi/dvm/rxon.c             |    2 +-
 drivers/net/wireless/iwlwifi/iwl-drv.c              |    2 +
 drivers/net/wireless/iwlwifi/mvm/rs.c               |    1 +
 drivers/net/wireless/iwlwifi/mvm/tx.c               |    3 +-
 drivers/net/wireless/rt2x00/rt2800lib.c             |   29 +-
 include/linux/if_vlan.h                             |    2 +-
 include/linux/netdevice.h                           |    1 +
 include/linux/skbuff.h                              |    1 +
 include/uapi/linux/Kbuild                           |    1 +
 net/bluetooth/hci_core.c                            |   15 +-
 net/bluetooth/l2cap_core.c                          |    5 +-
 net/bridge/br_multicast.c                           |    5 +-
 net/core/dev.c                                      |   34 ++
 net/core/dev_ioctl.c                                |   19 +-
 net/core/ethtool.c                                  |    6 +-
 net/core/skbuff.c                                   |   20 +-
 net/core/sock.c                                     |   17 +-
 net/ipv4/gre.c                                      |    2 +-
 net/ipv4/netfilter/ipt_ULOG.c                       |   12 +-
 net/ipv4/tcp_ipv4.c                                 |    4 +-
 net/ipv6/addrconf.c                                 |   12 +-
 net/ipv6/ip6_output.c                               |   13 +-
 net/ipv6/ndisc.c                                    |    2 +-
 net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c      |    2 +-
 net/key/af_key.c                                    |    2 +
 net/mac80211/cfg.c                                  |    6 +
 net/mac80211/ieee80211_i.h                          |    5 +-
 net/mac80211/mlme.c                                 |   87 +++-
 net/mac80211/rate.c                                 |    2 +-
 net/mac80211/util.c                                 |    4 +-
 net/netfilter/ipvs/ip_vs_core.c                     |    3 +-
 net/netfilter/nf_conntrack_labels.c                 |    2 +-
 net/netfilter/nf_conntrack_netlink.c                |    1 +
 net/netfilter/nf_nat_sip.c                          |    3 +-
 net/netfilter/xt_TCPMSS.c                           |   25 +-
 net/netfilter/xt_TCPOPTSTRIP.c                      |    6 +-
 net/wireless/nl80211.c                              |   11 +-
 77 files changed, 5065 insertions(+), 231 deletions(-)
 create mode 100644 drivers/net/ethernet/atheros/alx/Makefile
 create mode 100644 drivers/net/ethernet/atheros/alx/alx.h
 create mode 100644 drivers/net/ethernet/atheros/alx/ethtool.c
 create mode 100644 drivers/net/ethernet/atheros/alx/hw.c
 create mode 100644 drivers/net/ethernet/atheros/alx/hw.h
 create mode 100644 drivers/net/ethernet/atheros/alx/main.c
 create mode 100644 drivers/net/ethernet/atheros/alx/reg.h

Powered by blists - more mailing lists