- Linux-stable-mirror - lists.linaro.org

4b66af2d("af_key: Always verify length of provided sadb_key")

by Zubin Mithra

Hello, Syzkaller has reported a crash here[1] for a slab OOB read in pfkey_add. Could the following patch be applied to stable kernels for 4.14, 4.4, 3.18, 3.14, 3.10 and 3.8? 4b66af2d("af_key: Always verify length of provided sadb_key") [1] https://syzkaller.appspot.com/bug?id=26cb120b31cd24d984fc16da67f50fb375c432… Thanks, - Zubin

7 years, 6 months

2
1
0 0

[PATCH 3.18 00/21] 3.18.113-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.113 release. There are 21 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Jun 14 16:48:15 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.113-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.113-rc1 Eric Dumazet <edumazet(a)google.com> rtnetlink: validate attributes in do_setlink() Dan Carpenter <dan.carpenter(a)oracle.com> team: use netdev_features_t instead of u32 Jack Morgenstein <jackm(a)dev.mellanox.co.il> net/mlx4: Fix irq-unsafe spinlock usage Daniele Palmas <dnlplm(a)gmail.com> net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Eric Dumazet <edumazet(a)google.com> net/packet: refine check for priv area size Wenwen Wang <wang6495(a)umn.edu> isdn: eicon: fix a missing-check bug Sabrina Dubroca <sd(a)queasysnail.net> ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Govindarajulu Varadarajan <gvaradar(a)cisco.com> enic: set DMA mask to 47 bit Alexey Kodanev <alexey.kodanev(a)oracle.com> dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() Julia Lawall <Julia.Lawall(a)lip6.fr> bnx2x: use the right constant Dave Airlie <airlied(a)redhat.com> drm: set FMODE_UNSIGNED_OFFSET for drm files Linus Torvalds <torvalds(a)linux-foundation.org> mmap: relax file size limit for regular files Linus Torvalds <torvalds(a)linux-foundation.org> mmap: introduce sane default mmap limits Hugh Dickins <hughd(a)google.com> mm: fix the NULL mapping case in __isolate_lru_page() Al Viro <viro(a)zeniv.linux.org.uk> fix io_destroy()/aio_complete() race Ondrej Zary <linux(a)rainbow-software.org> drm/i915: Disable LVDS on Radiant P845 Maciej W. Rozycki <macro(a)mips.com> MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs Eric Dumazet <edumazet(a)google.com> tcp: avoid integer overflows in tcp_rcv_space_adjust() Eric Biggers <ebiggers(a)google.com> cfg80211: further limit wiphy names to 64 bytes Sachin Grover <sgrover(a)codeaurora.org> selinux: KASAN: slab-out-of-bounds in xattr_getsecurity Steven Rostedt (VMware) <rostedt(a)goodmis.org> tracing: Fix crash when freeing instances with event triggers ------------- Diffstat: Makefile | 4 +-- arch/mips/kernel/ptrace.c | 2 +- arch/mips/kernel/ptrace32.c | 2 +- drivers/gpu/drm/drm_fops.c | 1 + drivers/gpu/drm/i915/intel_lvds.c | 8 ++++++ drivers/isdn/hardware/eicon/diva.c | 22 ++++++++++------ drivers/isdn/hardware/eicon/diva.h | 5 ++-- drivers/isdn/hardware/eicon/divasmain.c | 18 +++++++------ drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 +- drivers/net/ethernet/cisco/enic/enic_main.c | 8 +++--- drivers/net/ethernet/mellanox/mlx4/qp.c | 4 +-- drivers/net/team/team.c | 3 ++- drivers/net/usb/cdc_mbim.c | 2 +- fs/aio.c | 3 +-- include/linux/tcp.h | 2 +- include/uapi/linux/nl80211.h | 2 +- kernel/trace/trace_events_trigger.c | 5 ++-- mm/mmap.c | 32 ++++++++++++++++++++++++ mm/vmscan.c | 2 +- net/core/rtnetlink.c | 8 +++--- net/dccp/proto.c | 2 -- net/ipv4/tcp_input.c | 10 +++++--- net/ipv6/ip6mr.c | 3 ++- net/packet/af_packet.c | 2 +- security/selinux/ss/services.c | 2 +- 25 files changed, 105 insertions(+), 49 deletions(-)

7 years, 6 months

5
27
0 0

[Backport request] blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers

by Bart Van Assche

Hello stable kernel maintainers, Please backport patch 327ea4adcfa3 ("blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers") to at least the v4.17.x and v4.14.y stable kernel series. That patch fixes a bug introduced in kernel v4.10. The entire patch is shown below. Thanks, Bart. commit cf0110698846fc5a93df89eb20ac7cc70a860c17 Author: Bart Van Assche <bart.vanassche(a)wdc.com> Date: Tue May 22 08:27:22 2018 -0700 blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers Avoid that complaints similar to the following appear in the kernel log if the number of zones is sufficiently large: fio: page allocation failure: order:9, mode:0x140c0c0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null) Call Trace: dump_stack+0x63/0x88 warn_alloc+0xf5/0x190 __alloc_pages_slowpath+0x8f0/0xb0d __alloc_pages_nodemask+0x242/0x260 alloc_pages_current+0x6a/0xb0 kmalloc_order+0x18/0x50 kmalloc_order_trace+0x26/0xb0 __kmalloc+0x20e/0x220 blkdev_report_zones_ioctl+0xa5/0x1a0 blkdev_ioctl+0x1ba/0x930 block_ioctl+0x41/0x50 do_vfs_ioctl+0xaa/0x610 SyS_ioctl+0x79/0x90 do_syscall_64+0x79/0x1b0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Fixes: 3ed05a987e0f ("blk-zoned: implement ioctls") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Shaun Tancheff <shaun.tancheff(a)seagate.com> Cc: Damien Le Moal <damien.lemoal(a)hgst.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Martin K. Petersen <martin.petersen(a)oracle.com> Cc: Hannes Reinecke <hare(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/blk-zoned.c b/block/blk-zoned.c index 08e84ef2bc05..3d08dc84db16 100644 --- a/block/blk-zoned.c +++ b/block/blk-zoned.c @@ -328,7 +328,11 @@ int blkdev_report_zones_ioctl(struct block_device *bdev, fmode_t mode, if (!rep.nr_zones) return -EINVAL; - zones = kcalloc(rep.nr_zones, sizeof(struct blk_zone), GFP_KERNEL); + if (rep.nr_zones > INT_MAX / sizeof(struct blk_zone)) + return -ERANGE; + + zones = kvmalloc(rep.nr_zones * sizeof(struct blk_zone), + GFP_KERNEL | __GFP_ZERO); if (!zones) return -ENOMEM; @@ -350,7 +354,7 @@ int blkdev_report_zones_ioctl(struct block_device *bdev, fmode_t mode, } out: - kfree(zones); + kvfree(zones); return ret; }

7 years, 6 months

2
1
0 0

Backport bonding patches to fix active-passive in 4.9

by Nate Clark

Hi, On the latest 4.9 stable active-passive bonding does not always failover to the passive slave when carrier is lost on the active slave. It seems that the issue stems from the backport of c4adfc822bf5d8e97660b6114b5a8892530ce8cb, bonding: make speed, duplex setting consistent with link state. There were subsequent patches which resolved issues with the change to bond_update_speed_duplex which were not backported. The three commits which seem to resolve the issue are b5bf0f5b16b9c316c34df9f31d4be8729eb86845, 3f3c278c94dd994fe0d9f21679ae19b9c0a55292 and ad729bc9acfb7c47112964b4877ef5404578ed13. There are other commits in mainline which also revolve around c4adfc822bf5d8e97660b6114b5a8892530ce8cb but are not necessary to resolving the active-passive failover problems. Would it be possible to queue up the three commits for backporting to 4.9 stable: b5bf0f5b16b9c316c34df9f31d4be8729eb86845 bonding: correctly update link status during mii-commit 3f3c278c94dd994fe0d9f21679ae19b9c0a55292 bonding: fix active-backup transition ad729bc9acfb7c47112964b4877ef5404578ed13 bonding: require speed/duplex only for 802.3ad, alb and tlb All of those commits apply cleanly to 4.9.107. Thanks, -nate

7 years, 6 months

2
1
0 0

[PATCH] blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers

by Bart Van Assche

Avoid that complaints similar to the following appear in the kernel log if the number of zones is sufficiently large: fio: page allocation failure: order:9, mode:0x140c0c0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), nodemask=(null) Call Trace: dump_stack+0x63/0x88 warn_alloc+0xf5/0x190 __alloc_pages_slowpath+0x8f0/0xb0d __alloc_pages_nodemask+0x242/0x260 alloc_pages_current+0x6a/0xb0 kmalloc_order+0x18/0x50 kmalloc_order_trace+0x26/0xb0 __kmalloc+0x20e/0x220 blkdev_report_zones_ioctl+0xa5/0x1a0 blkdev_ioctl+0x1ba/0x930 block_ioctl+0x41/0x50 do_vfs_ioctl+0xaa/0x610 SyS_ioctl+0x79/0x90 do_syscall_64+0x79/0x1b0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Fixes: 3ed05a987e0f ("blk-zoned: implement ioctls") Signed-off-by: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Shaun Tancheff <shaun.tancheff(a)seagate.com> Cc: Damien Le Moal <damien.lemoal(a)hgst.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Martin K. Petersen <martin.petersen(a)oracle.com> Cc: Hannes Reinecke <hare(a)suse.com> Cc: <stable(a)vger.kernel.org> --- block/blk-zoned.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/block/blk-zoned.c b/block/blk-zoned.c index 20bfc37e1852..92e6108487c4 100644 --- a/block/blk-zoned.c +++ b/block/blk-zoned.c @@ -328,7 +328,11 @@ int blkdev_report_zones_ioctl(struct block_device *bdev, fmode_t mode, if (!rep.nr_zones) return -EINVAL; - zones = kcalloc(rep.nr_zones, sizeof(struct blk_zone), GFP_KERNEL); + if (rep.nr_zones > INT_MAX / sizeof(struct blk_zone)) + return -ERANGE; + + zones = kvmalloc(rep.nr_zones * sizeof(struct blk_zone), + GFP_KERNEL | __GFP_ZERO); if (!zones) return -ENOMEM; @@ -350,7 +354,7 @@ int blkdev_report_zones_ioctl(struct block_device *bdev, fmode_t mode, } out: - kfree(zones); + kvfree(zones); return ret; } -- 2.16.3

7 years, 6 months

3
4
0 0

[PATCH] serdev: fix memleak on module unload

by Johan Hovold

Make sure to free all resources associated with the ida on module exit. Fixes: cd6484e1830b ("serdev: Introduce new bus for serial attached devices") Cc: stable <stable(a)vger.kernel.org> # 4.11 Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/tty/serdev/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/serdev/core.c b/drivers/tty/serdev/core.c index df93b727e984..9e59f4788589 100644 --- a/drivers/tty/serdev/core.c +++ b/drivers/tty/serdev/core.c @@ -617,6 +617,7 @@ EXPORT_SYMBOL_GPL(__serdev_device_driver_register); static void __exit serdev_exit(void) { bus_unregister(&serdev_bus_type); + ida_destroy(&ctrl_ida); } module_exit(serdev_exit); -- 2.17.1

7 years, 6 months

1
0
0 0

Linux 4.9.108

by Greg KH

I'm announcing the release of the 4.9.108 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/networking/netdev-FAQ.txt | 9 ++++++ Makefile | 2 - arch/x86/kernel/vmlinux.lds.S | 2 - arch/x86/kvm/cpuid.h | 2 - drivers/char/tpm/tpm-chip.c | 13 +++++++++ drivers/char/tpm/tpm-interface.c | 7 +++++ drivers/char/tpm/tpm.h | 1 drivers/gpu/drm/drm_fops.c | 1 drivers/isdn/hardware/eicon/diva.c | 22 ++++++++++----- drivers/isdn/hardware/eicon/diva.h | 5 ++- drivers/isdn/hardware/eicon/divasmain.c | 18 +++++++----- drivers/md/dm-bufio.c | 17 +++++------- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 - drivers/net/ethernet/cisco/enic/enic_main.c | 8 ++--- drivers/net/ethernet/mellanox/mlx4/qp.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_cxt.c | 2 - drivers/net/phy/bcm-cygnus.c | 6 ++-- drivers/net/phy/bcm-phy-lib.h | 7 +++++ drivers/net/phy/bcm7xxx.c | 4 +- drivers/net/team/team.c | 3 +- drivers/net/usb/cdc_mbim.c | 2 - drivers/vhost/vhost.c | 3 ++ fs/btrfs/disk-io.c | 3 +- include/linux/compiler-gcc.h | 2 - include/uapi/linux/btrfs_tree.h | 1 mm/mmap.c | 32 +++++++++++++++++++++++ net/core/rtnetlink.c | 8 ++--- net/dccp/proto.c | 2 - net/ipv4/fib_semantics.c | 2 + net/ipv4/ip_sockglue.c | 2 - net/ipv6/ip6_output.c | 3 +- net/ipv6/ip6mr.c | 3 +- net/ipv6/ndisc.c | 6 ++++ net/kcm/kcmsock.c | 2 - net/packet/af_packet.c | 4 +- net/sctp/transport.c | 2 - scripts/Makefile.build | 3 ++ scripts/kconfig/confdata.c | 2 - 38 files changed, 155 insertions(+), 62 deletions(-) Alexey Kodanev (1): dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() Anand Jain (1): btrfs: define SUPER_FLAG_METADUMP_V2 Arnd Bergmann (1): dm bufio: avoid false-positive Wmaybe-uninitialized warning Ben Hutchings (1): KVM: VMX: Expose SSBD properly to guests, 4.9 supplement Chris Chiu (1): tpm: self test failure should not cause suspend to fail Cong Wang (1): netdev-FAQ: clarify DaveM's position for stable backports Dan Carpenter (1): team: use netdev_features_t instead of u32 Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Dave Airlie (1): drm: set FMODE_UNSIGNED_OFFSET for drm files Enric Balletbo i Serra (1): tpm: do not suspend/resume if power stays on Eric Dumazet (3): net/packet: refine check for priv area size rtnetlink: validate attributes in do_setlink() net: metrics: add proper netlink validation Florian Fainelli (1): net: phy: broadcom: Fix bcm_write_exp() Govindarajulu Varadarajan (1): enic: set DMA mask to 47 bit Greg Kroah-Hartman (1): Linux 4.9.108 Jack Morgenstein (1): net/mlx4: Fix irq-unsafe spinlock usage Jason Wang (1): vhost: synchronize IOTLB message with dev cleanup Josh Poimboeuf (1): objtool: Fix gcov check for older versions of GCC Julia Lawall (1): bnx2x: use the right constant Kirill Tkhai (1): kcm: Fix use-after-free caused by clonned sockets Linus Torvalds (2): mmap: introduce sane default mmap limits mmap: relax file size limit for regular files Nathan Chancellor (1): kconfig: Avoid format overflow warning from GCC 8.1 Philip Müller (1): complete e390f9a port for v4.9.106 Sabrina Dubroca (1): ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Shahed Shaikh (1): qed: Fix mask for physical address in ILT entry Stephen Suryaputra (1): vrf: check the original netdevice for generating redirect Wenwen Wang (1): isdn: eicon: fix a missing-check bug Willem de Bruijn (2): ipv4: remove warning in ip_recv_error packet: fix reserve calculation Xin Long (1): sctp: not allow transport timeout value less than HZ/5 for hb_timer

7 years, 6 months

1
1
0 0

Linux 4.4.137

by Greg KH

I'm announcing the release of the 4.4.137 kernel. All users of the 4.4 kernel series must upgrade. The updated 4.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.4.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/networking/netdev-FAQ.txt | 9 +++++ Makefile | 2 - drivers/char/tpm/tpm-chip.c | 13 ++++++++ drivers/char/tpm/tpm-interface.c | 7 ++++ drivers/char/tpm/tpm.h | 1 drivers/gpu/drm/drm_fops.c | 1 drivers/isdn/hardware/eicon/diva.c | 22 +++++++++----- drivers/isdn/hardware/eicon/diva.h | 5 +-- drivers/isdn/hardware/eicon/divasmain.c | 18 +++++++---- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 - drivers/net/ethernet/cisco/enic/enic_main.c | 8 ++--- drivers/net/ethernet/mellanox/mlx4/qp.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_cxt.c | 2 - drivers/net/phy/bcm-cygnus.c | 6 +-- drivers/net/phy/bcm-phy-lib.h | 7 ++++ drivers/net/phy/bcm7xxx.c | 4 +- drivers/net/team/team.c | 3 + drivers/net/usb/cdc_mbim.c | 2 - drivers/net/wireless/brcm80211/brcmfmac/cfg80211.c | 2 - fs/xfs/xfs_log.c | 7 ---- mm/mmap.c | 32 +++++++++++++++++++++ net/core/rtnetlink.c | 8 ++--- net/dccp/proto.c | 2 - net/ipv4/fib_semantics.c | 2 + net/ipv4/ip_sockglue.c | 2 - net/ipv6/ip6mr.c | 3 + net/packet/af_packet.c | 4 +- scripts/kconfig/confdata.c | 2 - 28 files changed, 128 insertions(+), 52 deletions(-) Alexey Kodanev (1): dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() Amir Goldstein (1): xfs: fix incorrect log_flushed on fsync Chris Chiu (1): tpm: self test failure should not cause suspend to fail Cong Wang (1): netdev-FAQ: clarify DaveM's position for stable backports Dan Carpenter (1): team: use netdev_features_t instead of u32 Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Dave Airlie (1): drm: set FMODE_UNSIGNED_OFFSET for drm files Enric Balletbo i Serra (1): tpm: do not suspend/resume if power stays on Eric Dumazet (3): net/packet: refine check for priv area size rtnetlink: validate attributes in do_setlink() net: metrics: add proper netlink validation Florian Fainelli (1): net: phy: broadcom: Fix bcm_write_exp() Govindarajulu Varadarajan (1): enic: set DMA mask to 47 bit Greg Kroah-Hartman (1): Linux 4.4.137 Jack Morgenstein (1): net/mlx4: Fix irq-unsafe spinlock usage Julia Lawall (1): bnx2x: use the right constant Linus Torvalds (2): mmap: introduce sane default mmap limits mmap: relax file size limit for regular files Nathan Chancellor (1): kconfig: Avoid format overflow warning from GCC 8.1 Sabrina Dubroca (1): ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Shahed Shaikh (1): qed: Fix mask for physical address in ILT entry Stefan Wahren (1): brcmfmac: Fix check for ISO3166 code Wenwen Wang (1): isdn: eicon: fix a missing-check bug Willem de Bruijn (2): ipv4: remove warning in ip_recv_error packet: fix reserve calculation

7 years, 6 months

1
1
0 0

Linux 3.18.113

by Greg KH

I'm announcing the release of the 3.18.113 kernel. All users of the 3.18 kernel series must upgrade. The updated 3.18.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.18.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/mips/kernel/ptrace.c | 2 - arch/mips/kernel/ptrace32.c | 2 - drivers/gpu/drm/drm_fops.c | 1 drivers/gpu/drm/i915/intel_lvds.c | 8 +++++ drivers/isdn/hardware/eicon/diva.c | 22 ++++++++++----- drivers/isdn/hardware/eicon/diva.h | 5 ++- drivers/isdn/hardware/eicon/divasmain.c | 18 +++++++----- drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c | 2 - drivers/net/ethernet/cisco/enic/enic_main.c | 8 ++--- drivers/net/ethernet/mellanox/mlx4/qp.c | 4 +- drivers/net/team/team.c | 3 +- drivers/net/usb/cdc_mbim.c | 2 - fs/aio.c | 3 -- include/linux/tcp.h | 2 - include/uapi/linux/nl80211.h | 2 - kernel/trace/trace_events_trigger.c | 5 ++- mm/mmap.c | 32 +++++++++++++++++++++++ mm/vmscan.c | 2 - net/core/rtnetlink.c | 8 ++--- net/dccp/proto.c | 2 - net/ipv4/tcp_input.c | 10 ++++--- net/ipv6/ip6mr.c | 3 +- net/packet/af_packet.c | 2 - security/selinux/ss/services.c | 2 - 25 files changed, 104 insertions(+), 48 deletions(-) Al Viro (1): fix io_destroy()/aio_complete() race Alexey Kodanev (1): dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() Dan Carpenter (1): team: use netdev_features_t instead of u32 Daniele Palmas (1): net: usb: cdc_mbim: add flag FLAG_SEND_ZLP Dave Airlie (1): drm: set FMODE_UNSIGNED_OFFSET for drm files Eric Biggers (1): cfg80211: further limit wiphy names to 64 bytes Eric Dumazet (3): tcp: avoid integer overflows in tcp_rcv_space_adjust() net/packet: refine check for priv area size rtnetlink: validate attributes in do_setlink() Govindarajulu Varadarajan (1): enic: set DMA mask to 47 bit Greg Kroah-Hartman (1): Linux 3.18.113 Hugh Dickins (1): mm: fix the NULL mapping case in __isolate_lru_page() Jack Morgenstein (1): net/mlx4: Fix irq-unsafe spinlock usage Julia Lawall (1): bnx2x: use the right constant Linus Torvalds (2): mmap: introduce sane default mmap limits mmap: relax file size limit for regular files Maciej W. Rozycki (1): MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs Ondrej Zary (1): drm/i915: Disable LVDS on Radiant P845 Sabrina Dubroca (1): ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Sachin Grover (1): selinux: KASAN: slab-out-of-bounds in xattr_getsecurity Steven Rostedt (VMware) (1): tracing: Fix crash when freeing instances with event triggers Wenwen Wang (1): isdn: eicon: fix a missing-check bug

7 years, 6 months

1
1
0 0

crypto: chelsio - request to HW should wrap

by Herbert Xu

commit 4c826fed675dfffd8485c5477b616d61d1ec9e9a crypto: chelsio - request to HW should wrap -Tx request and data is copied to HW Q in 64B desc, check for end of queue and adjust the current position to start from beginning before passing the additional request info. -key context copy should check key length only -Few reverse christmas tree correction Fixes: 6dad4e8ab3ec ("chcr: Add support for Inline IPSec") Signed-off-by: Atul Gupta <atul.gupta(a)chelsio.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/chelsio/chcr_ipsec.c b/drivers/crypto/chelsio/chcr_ipsec.c index 8e0aa3f..461b97e 100644 --- a/drivers/crypto/chelsio/chcr_ipsec.c +++ b/drivers/crypto/chelsio/chcr_ipsec.c @@ -346,18 +346,23 @@ inline void *copy_cpltx_pktxt(struct sk_buff *skb, struct net_device *dev, void *pos) { + struct cpl_tx_pkt_core *cpl; + struct sge_eth_txq *q; struct adapter *adap; struct port_info *pi; - struct sge_eth_txq *q; - struct cpl_tx_pkt_core *cpl; - u64 cntrl = 0; u32 ctrl0, qidx; + u64 cntrl = 0; + int left; pi = netdev_priv(dev); adap = pi->adapter; qidx = skb->queue_mapping; q = &adap->sge.ethtxq[qidx + pi->first_qset]; + left = (void *)q->q.stat - pos; + if (!left) + pos = q->q.desc; + cpl = (struct cpl_tx_pkt_core *)pos; cntrl = TXPKT_L4CSUM_DIS_F | TXPKT_IPCSUM_DIS_F; @@ -382,18 +387,17 @@ inline void *copy_key_cpltx_pktxt(struct sk_buff *skb, void *pos, struct ipsec_sa_entry *sa_entry) { - struct adapter *adap; - struct port_info *pi; - struct sge_eth_txq *q; - unsigned int len, qidx; struct _key_ctx *key_ctx; int left, eoq, key_len; + struct sge_eth_txq *q; + struct adapter *adap; + struct port_info *pi; + unsigned int qidx; pi = netdev_priv(dev); adap = pi->adapter; qidx = skb->queue_mapping; q = &adap->sge.ethtxq[qidx + pi->first_qset]; - len = sa_entry->enckey_len + sizeof(struct cpl_tx_pkt_core); key_len = sa_entry->kctx_len; /* end of queue, reset pos to start of queue */ @@ -411,19 +415,14 @@ inline void *copy_key_cpltx_pktxt(struct sk_buff *skb, pos += sizeof(struct _key_ctx); left -= sizeof(struct _key_ctx); - if (likely(len <= left)) { + if (likely(key_len <= left)) { memcpy(key_ctx->key, sa_entry->key, key_len); pos += key_len; } else { - if (key_len <= left) { - memcpy(pos, sa_entry->key, key_len); - pos += key_len; - } else { - memcpy(pos, sa_entry->key, left); - memcpy(q->q.desc, sa_entry->key + left, - key_len - left); - pos = (u8 *)q->q.desc + (key_len - left); - } + memcpy(pos, sa_entry->key, left); + memcpy(q->q.desc, sa_entry->key + left, + key_len - left); + pos = (u8 *)q->q.desc + (key_len - left); } /* Copy CPL TX PKT XT */ pos = copy_cpltx_pktxt(skb, dev, pos); -- Email: Herbert Xu <herbert(a)gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

7 years, 6 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror