<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/net, branch v3.18.1</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>netlink: use jhash as hashfn for rhashtable</title>
<updated>2014-12-16T17:39:06+00:00</updated>
<author>
<name>Daniel Borkmann</name>
<email>dborkman@redhat.com</email>
</author>
<published>2014-12-10T15:33:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4b1c83d8c3dd4e11da7e1f4fc8c5cd513b77a0fe'/>
<id>4b1c83d8c3dd4e11da7e1f4fc8c5cd513b77a0fe</id>
<content type='text'>
[ Upstream commit 7f19fc5e0b617593dcda0d9956adc78b559ef1f5 ]

For netlink, we shouldn't be using arch_fast_hash() as a hashing
discipline, but rather jhash() instead.

Since netlink sockets can be opened by any user, a local attacker
would be able to easily create collisions with the DPDK-derived
arch_fast_hash(), which trades off performance for security by
using crc32 CPU instructions on x86_64.

While it might have a legimite use case in other places, it should
be avoided in netlink context, though. As rhashtable's API is very
flexible, we could later on still decide on other hashing disciplines,
if legitimate.

Reference: http://thread.gmane.org/gmane.linux.kernel/1844123
Fixes: e341694e3eb5 ("netlink: Convert netlink_lookup() to use RCU protected hash table")
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Acked-by: Thomas Graf &lt;tgraf@suug.ch&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 7f19fc5e0b617593dcda0d9956adc78b559ef1f5 ]

For netlink, we shouldn't be using arch_fast_hash() as a hashing
discipline, but rather jhash() instead.

Since netlink sockets can be opened by any user, a local attacker
would be able to easily create collisions with the DPDK-derived
arch_fast_hash(), which trades off performance for security by
using crc32 CPU instructions on x86_64.

While it might have a legimite use case in other places, it should
be avoided in netlink context, though. As rhashtable's API is very
flexible, we could later on still decide on other hashing disciplines,
if legitimate.

Reference: http://thread.gmane.org/gmane.linux.kernel/1844123
Fixes: e341694e3eb5 ("netlink: Convert netlink_lookup() to use RCU protected hash table")
Cc: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Acked-by: Thomas Graf &lt;tgraf@suug.ch&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: fix suspicious rcu_dereference_check in net/sched/sch_fq_codel.c</title>
<updated>2014-12-16T17:39:06+00:00</updated>
<author>
<name>Valdis.Kletnieks@vt.edu</name>
<email>Valdis.Kletnieks@vt.edu</email>
</author>
<published>2014-12-09T21:15:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=01da9f8b6b2ccc4f24aea3d4c46af1a3efbd0241'/>
<id>01da9f8b6b2ccc4f24aea3d4c46af1a3efbd0241</id>
<content type='text'>
[ Upstream commit 69204cf7eb9c5a72067ce6922d4699378251d053 ]

commit 46e5da40ae (net: qdisc: use rcu prefix and silence
 sparse warnings) triggers a spurious warning:

net/sched/sch_fq_codel.c:97 suspicious rcu_dereference_check() usage!

The code should be using the _bh variant of rcu_dereference.

Signed-off-by: Valdis Kletnieks &lt;valdis.kletnieks@vt.edu&gt;
Acked-by: Eric Dumazet &lt;edumazet@google.com&gt;
Acked-by: John Fastabend &lt;john.r.fastabend@intel.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 69204cf7eb9c5a72067ce6922d4699378251d053 ]

commit 46e5da40ae (net: qdisc: use rcu prefix and silence
 sparse warnings) triggers a spurious warning:

net/sched/sch_fq_codel.c:97 suspicious rcu_dereference_check() usage!

The code should be using the _bh variant of rcu_dereference.

Signed-off-by: Valdis Kletnieks &lt;valdis.kletnieks@vt.edu&gt;
Acked-by: Eric Dumazet &lt;edumazet@google.com&gt;
Acked-by: John Fastabend &lt;john.r.fastabend@intel.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcp: fix more NULL deref after prequeue changes</title>
<updated>2014-12-16T17:39:05+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2014-12-09T17:56:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7efe8f1bb70588036edacab8b6c7f899092781f2'/>
<id>7efe8f1bb70588036edacab8b6c7f899092781f2</id>
<content type='text'>
[ Upstream commit 0f85feae6b710ced3abad5b2b47d31dfcb956b62 ]

When I cooked commit c3658e8d0f1 ("tcp: fix possible NULL dereference in
tcp_vX_send_reset()") I missed other spots we could deref a NULL
skb_dst(skb)

Again, if a socket is provided, we do not need skb_dst() to get a
pointer to network namespace : sock_net(sk) is good enough.

Reported-by: Dann Frazier &lt;dann.frazier@canonical.com&gt;
Bisected-by: Dann Frazier &lt;dann.frazier@canonical.com&gt;
Tested-by: Dann Frazier &lt;dann.frazier@canonical.com&gt;
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Fixes: ca777eff51f7 ("tcp: remove dst refcount false sharing for prequeue mode")
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 0f85feae6b710ced3abad5b2b47d31dfcb956b62 ]

When I cooked commit c3658e8d0f1 ("tcp: fix possible NULL dereference in
tcp_vX_send_reset()") I missed other spots we could deref a NULL
skb_dst(skb)

Again, if a socket is provided, we do not need skb_dst() to get a
pointer to network namespace : sock_net(sk) is good enough.

Reported-by: Dann Frazier &lt;dann.frazier@canonical.com&gt;
Bisected-by: Dann Frazier &lt;dann.frazier@canonical.com&gt;
Tested-by: Dann Frazier &lt;dann.frazier@canonical.com&gt;
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Fixes: ca777eff51f7 ("tcp: remove dst refcount false sharing for prequeue mode")
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: sctp: use MAX_HEADER for headroom reserve in output path</title>
<updated>2014-12-16T17:39:05+00:00</updated>
<author>
<name>Daniel Borkmann</name>
<email>dborkman@redhat.com</email>
</author>
<published>2014-12-03T11:13:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ab12ec41d8d8fe5bb286daee450f64cf845c4a09'/>
<id>ab12ec41d8d8fe5bb286daee450f64cf845c4a09</id>
<content type='text'>
[ Upstream commit 9772b54c55266ce80c639a80aa68eeb908f8ecf5 ]

To accomodate for enough headroom for tunnels, use MAX_HEADER instead
of LL_MAX_HEADER. Robert reported that he has hit after roughly 40hrs
of trinity an skb_under_panic() via SCTP output path (see reference).
I couldn't reproduce it from here, but not using MAX_HEADER as elsewhere
in other protocols might be one possible cause for this.

In any case, it looks like accounting on chunks themself seems to look
good as the skb already passed the SCTP output path and did not hit
any skb_over_panic(). Given tunneling was enabled in his .config, the
headroom would have been expanded by MAX_HEADER in this case.

Reported-by: Robert Święcki &lt;robert@swiecki.net&gt;
Reference: https://lkml.org/lkml/2014/12/1/507
Fixes: 594ccc14dfe4d ("[SCTP] Replace incorrect use of dev_alloc_skb with alloc_skb in sctp_packet_transmit().")
Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 9772b54c55266ce80c639a80aa68eeb908f8ecf5 ]

To accomodate for enough headroom for tunnels, use MAX_HEADER instead
of LL_MAX_HEADER. Robert reported that he has hit after roughly 40hrs
of trinity an skb_under_panic() via SCTP output path (see reference).
I couldn't reproduce it from here, but not using MAX_HEADER as elsewhere
in other protocols might be one possible cause for this.

In any case, it looks like accounting on chunks themself seems to look
good as the skb already passed the SCTP output path and did not hit
any skb_over_panic(). Given tunneling was enabled in his .config, the
headroom would have been expanded by MAX_HEADER in this case.

Reported-by: Robert Święcki &lt;robert@swiecki.net&gt;
Reference: https://lkml.org/lkml/2014/12/1/507
Fixes: 594ccc14dfe4d ("[SCTP] Replace incorrect use of dev_alloc_skb with alloc_skb in sctp_packet_transmit().")
Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Acked-by: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Acked-by: Neil Horman &lt;nhorman@tuxdriver.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>openvswitch: Fix flow mask validation.</title>
<updated>2014-12-16T17:39:05+00:00</updated>
<author>
<name>Pravin B Shelar</name>
<email>pshelar@nicira.com</email>
</author>
<published>2014-12-01T07:04:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3e496d49f336db94714d16b36ae2a5377819d203'/>
<id>3e496d49f336db94714d16b36ae2a5377819d203</id>
<content type='text'>
[ Upstream commit f2a01517f2a1040a0b156f171a7cefd748f2fd03 ]

Following patch fixes typo in the flow validation. This prevented
installation of ARP and IPv6 flows.

Fixes: 19e7a3df72 ("openvswitch: Fix NDP flow mask validation")
Signed-off-by: Pravin B Shelar &lt;pshelar@nicira.com&gt;
Reviewed-by: Thomas Graf &lt;tgraf@suug.ch&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit f2a01517f2a1040a0b156f171a7cefd748f2fd03 ]

Following patch fixes typo in the flow validation. This prevented
installation of ARP and IPv6 flows.

Fixes: 19e7a3df72 ("openvswitch: Fix NDP flow mask validation")
Signed-off-by: Pravin B Shelar &lt;pshelar@nicira.com&gt;
Reviewed-by: Thomas Graf &lt;tgraf@suug.ch&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>gre: Set inner mac header in gro complete</title>
<updated>2014-12-16T17:39:04+00:00</updated>
<author>
<name>Tom Herbert</name>
<email>therbert@google.com</email>
</author>
<published>2014-11-29T17:59:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=435dcf66f0136e58e786ee81d69faecbb445b4d6'/>
<id>435dcf66f0136e58e786ee81d69faecbb445b4d6</id>
<content type='text'>
[ Upstream commit 6fb2a756739aa507c1fd5b8126f0bfc2f070dc46 ]

Set the inner mac header to point to the GRE payload when
doing GRO. This is needed if we proceed to send the packet
through GRE GSO which now uses the inner mac header instead
of inner network header to determine the length of encapsulation
headers.

Fixes: 14051f0452a2 ("gre: Use inner mac length when computing tunnel length")
Reported-by: Wolfgang Walter &lt;linux@stwm.de&gt;
Signed-off-by: Tom Herbert &lt;therbert@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 6fb2a756739aa507c1fd5b8126f0bfc2f070dc46 ]

Set the inner mac header to point to the GRE payload when
doing GRO. This is needed if we proceed to send the packet
through GRE GSO which now uses the inner mac header instead
of inner network header to determine the length of encapsulation
headers.

Fixes: 14051f0452a2 ("gre: Use inner mac length when computing tunnel length")
Reported-by: Wolfgang Walter &lt;linux@stwm.de&gt;
Signed-off-by: Tom Herbert &lt;therbert@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>rtnetlink: release net refcnt on error in do_setlink()</title>
<updated>2014-11-30T05:05:43+00:00</updated>
<author>
<name>Nicolas Dichtel</name>
<email>nicolas.dichtel@6wind.com</email>
</author>
<published>2014-11-27T09:16:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e0ebde0e131b529fd721b24f62872def5ec3718c'/>
<id>e0ebde0e131b529fd721b24f62872def5ec3718c</id>
<content type='text'>
rtnl_link_get_net() holds a reference on the 'struct net', we need to release
it in case of error.

CC: Eric W. Biederman &lt;ebiederm@xmission.com&gt;
Fixes: b51642f6d77b ("net: Enable a userns root rtnl calls that are safe for unprivilged users")
Signed-off-by: Nicolas Dichtel &lt;nicolas.dichtel@6wind.com&gt;
Reviewed-by: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
rtnl_link_get_net() holds a reference on the 'struct net', we need to release
it in case of error.

CC: Eric W. Biederman &lt;ebiederm@xmission.com&gt;
Fixes: b51642f6d77b ("net: Enable a userns root rtnl calls that are safe for unprivilged users")
Signed-off-by: Nicolas Dichtel &lt;nicolas.dichtel@6wind.com&gt;
Reviewed-by: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net</title>
<updated>2014-11-28T02:05:05+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2014-11-28T02:05:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=8e8459719cd129e6a91ebfcd46f68f8396f8f735'/>
<id>8e8459719cd129e6a91ebfcd46f68f8396f8f735</id>
<content type='text'>
Pull networking fixes from David Miller:
 "Several small fixes here:

   1) Don't crash in tg3 driver when the number of tx queues has been
      configured to be different from the number of rx queues.  From
      Thadeu Lima de Souza Cascardo.

   2) VLAN filter not disabled properly in promisc mode in ixgbe driver,
      from Vlad Yasevich.

   3) Fix OOPS on dellink op in VTI tunnel driver, from Xin Long.

   4) IPV6 GRE driver WCCP code checks skb-&gt;protocol for ETH_P_IP
      instead of ETH_P_IPV6, whoops.  From Yuri Chislov.

   5) Socket matching in ping driver is buggy when packet AF does not
      match socket's AF.  Fix from Jane Zhou.

   6) Fix checksum calculation errors in VXLAN due to where the
      udp_tunnel6_xmit_skb() helper gets it's saddr/daddr from.  From
      Alexander Duyck.

   7) Fix 5G detection problem in rtlwifi driver, from Larry Finger.

   8) Fix NULL deref in tcp_v{4,6}_send_reset, from Eric Dumazet.

   9) Various missing netlink attribute verifications in bridging code,
      from Thomas Graf.

  10) tcp_recvmsg() unconditionally calls ipv4 ip_recv_error even for
      ipv6 sockets, whoops.  Fix from Willem de Bruijn"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (29 commits)
  net-timestamp: make tcp_recvmsg call ipv6_recv_error for AF_INET6 socks
  bridge: Sanitize IFLA_EXT_MASK for AF_BRIDGE:RTM_GETLINK
  bridge: Add missing policy entry for IFLA_BRPORT_FAST_LEAVE
  net: Check for presence of IFLA_AF_SPEC
  net: Validate IFLA_BRIDGE_MODE attribute length
  bridge: Validate IFLA_BRIDGE_FLAGS attribute length
  stmmac: platform: fix default values of the filter bins setting
  net/mlx4_core: Limit count field to 24 bits in qp_alloc_res
  net: dsa: bcm_sf2: reset switch prior to initialization
  net: dsa: bcm_sf2: fix unmapping registers in case of errors
  tg3: fix ring init when there are more TX than RX channels
  tcp: fix possible NULL dereference in tcp_vX_send_reset()
  rtlwifi: Change order in device startup
  rtlwifi: rtl8821ae: Fix 5G detection problem
  Revert "netfilter: conntrack: fix race in __nf_conntrack_confirm against get_next_corpse"
  vxlan: Fix boolean flip in VXLAN_F_UDP_ZERO_CSUM6_[TX|RX]
  ip6_udp_tunnel: Fix checksum calculation
  net-timestamp: Fix a documentation typo
  net/ping: handle protocol mismatching scenario
  af_packet: fix sparse warning
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull networking fixes from David Miller:
 "Several small fixes here:

   1) Don't crash in tg3 driver when the number of tx queues has been
      configured to be different from the number of rx queues.  From
      Thadeu Lima de Souza Cascardo.

   2) VLAN filter not disabled properly in promisc mode in ixgbe driver,
      from Vlad Yasevich.

   3) Fix OOPS on dellink op in VTI tunnel driver, from Xin Long.

   4) IPV6 GRE driver WCCP code checks skb-&gt;protocol for ETH_P_IP
      instead of ETH_P_IPV6, whoops.  From Yuri Chislov.

   5) Socket matching in ping driver is buggy when packet AF does not
      match socket's AF.  Fix from Jane Zhou.

   6) Fix checksum calculation errors in VXLAN due to where the
      udp_tunnel6_xmit_skb() helper gets it's saddr/daddr from.  From
      Alexander Duyck.

   7) Fix 5G detection problem in rtlwifi driver, from Larry Finger.

   8) Fix NULL deref in tcp_v{4,6}_send_reset, from Eric Dumazet.

   9) Various missing netlink attribute verifications in bridging code,
      from Thomas Graf.

  10) tcp_recvmsg() unconditionally calls ipv4 ip_recv_error even for
      ipv6 sockets, whoops.  Fix from Willem de Bruijn"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (29 commits)
  net-timestamp: make tcp_recvmsg call ipv6_recv_error for AF_INET6 socks
  bridge: Sanitize IFLA_EXT_MASK for AF_BRIDGE:RTM_GETLINK
  bridge: Add missing policy entry for IFLA_BRPORT_FAST_LEAVE
  net: Check for presence of IFLA_AF_SPEC
  net: Validate IFLA_BRIDGE_MODE attribute length
  bridge: Validate IFLA_BRIDGE_FLAGS attribute length
  stmmac: platform: fix default values of the filter bins setting
  net/mlx4_core: Limit count field to 24 bits in qp_alloc_res
  net: dsa: bcm_sf2: reset switch prior to initialization
  net: dsa: bcm_sf2: fix unmapping registers in case of errors
  tg3: fix ring init when there are more TX than RX channels
  tcp: fix possible NULL dereference in tcp_vX_send_reset()
  rtlwifi: Change order in device startup
  rtlwifi: rtl8821ae: Fix 5G detection problem
  Revert "netfilter: conntrack: fix race in __nf_conntrack_confirm against get_next_corpse"
  vxlan: Fix boolean flip in VXLAN_F_UDP_ZERO_CSUM6_[TX|RX]
  ip6_udp_tunnel: Fix checksum calculation
  net-timestamp: Fix a documentation typo
  net/ping: handle protocol mismatching scenario
  af_packet: fix sparse warning
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>net-timestamp: make tcp_recvmsg call ipv6_recv_error for AF_INET6 socks</title>
<updated>2014-11-26T20:45:04+00:00</updated>
<author>
<name>Willem de Bruijn</name>
<email>willemb@google.com</email>
</author>
<published>2014-11-26T19:53:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f4713a3dfad045d46afcb9c2a7d0bba288920ed4'/>
<id>f4713a3dfad045d46afcb9c2a7d0bba288920ed4</id>
<content type='text'>
TCP timestamping introduced MSG_ERRQUEUE handling for TCP sockets.
If the socket is of family AF_INET6, call ipv6_recv_error instead
of ip_recv_error.

This change is more complex than a single branch due to the loadable
ipv6 module. It reuses a pre-existing indirect function call from
ping. The ping code is safe to call, because it is part of the core
ipv6 module and always present when AF_INET6 sockets are active.

Fixes: 4ed2d765 (net-timestamp: TCP timestamping)
Signed-off-by: Willem de Bruijn &lt;willemb@google.com&gt;

----

It may also be worthwhile to add WARN_ON_ONCE(sk-&gt;family == AF_INET6)
to ip_recv_error.
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
TCP timestamping introduced MSG_ERRQUEUE handling for TCP sockets.
If the socket is of family AF_INET6, call ipv6_recv_error instead
of ip_recv_error.

This change is more complex than a single branch due to the loadable
ipv6 module. It reuses a pre-existing indirect function call from
ping. The ping code is safe to call, because it is part of the core
ipv6 module and always present when AF_INET6 sockets are active.

Fixes: 4ed2d765 (net-timestamp: TCP timestamping)
Signed-off-by: Willem de Bruijn &lt;willemb@google.com&gt;

----

It may also be worthwhile to add WARN_ON_ONCE(sk-&gt;family == AF_INET6)
to ip_recv_error.
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>bridge: Sanitize IFLA_EXT_MASK for AF_BRIDGE:RTM_GETLINK</title>
<updated>2014-11-26T20:29:01+00:00</updated>
<author>
<name>Thomas Graf</name>
<email>tgraf@suug.ch</email>
</author>
<published>2014-11-26T12:42:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=aa68c20ff32f9a6fb3ca7f93ed9beae01899d00d'/>
<id>aa68c20ff32f9a6fb3ca7f93ed9beae01899d00d</id>
<content type='text'>
Only search for IFLA_EXT_MASK if the message actually carries a
ifinfomsg header and validate minimal length requirements for
IFLA_EXT_MASK.

Fixes: 6cbdceeb ("bridge: Dump vlan information from a bridge port")
Cc: Vlad Yasevich &lt;vyasevic@redhat.com&gt;
Signed-off-by: Thomas Graf &lt;tgraf@suug.ch&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Only search for IFLA_EXT_MASK if the message actually carries a
ifinfomsg header and validate minimal length requirements for
IFLA_EXT_MASK.

Fixes: 6cbdceeb ("bridge: Dump vlan information from a bridge port")
Cc: Vlad Yasevich &lt;vyasevic@redhat.com&gt;
Signed-off-by: Thomas Graf &lt;tgraf@suug.ch&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
</feed>
