X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=kernel-small_fixes.patch;h=3ac8a0bb6f5863a1b0df259a7772e02a99fae9d7;hb=4fed1ed8baad6c56e4111d29415de44215529fc1;hp=2d92e0bbc834c192335fcd551cdd4bf50b40f0f9;hpb=42b355f2bf012f3ac6f883b9d50227409d8d5f3d;p=packages%2Fkernel.git diff --git a/kernel-small_fixes.patch b/kernel-small_fixes.patch index 2d92e0bb..3ac8a0bb 100644 --- a/kernel-small_fixes.patch +++ b/kernel-small_fixes.patch @@ -26,160 +26,97 @@ exit fi done - -diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 7a0c800..ec5ebbb 100644 ---- a/drivers/net/ethernet/realtek/r8169.c -+++ b/drivers/net/ethernet/realtek/r8169.c -@@ -6927,6 +6927,14 @@ rtl_init_one(struct pci_dev *pdev, const - for (i = 0; i < ETH_ALEN; i++) - dev->dev_addr[i] = RTL_R8(MAC0 + i); +--- a/Makefile 2016-11-10 20:41:43.646224629 +0100 ++++ b/Makefile 2016-11-10 20:40:35.640323501 +0100 +@@ -784,6 +774,9 @@ + # Prohibit date/time macros, which would make the build non-deterministic + KBUILD_CFLAGS += $(call cc-option,-Werror=date-time) -+ if (!is_valid_ether_addr(dev->dev_addr)) { -+ /* Report it and use a random ethernet address instead */ -+ netdev_err(dev, "Invalid MAC address: %pM\n", dev->dev_addr); -+ random_ether_addr(dev->dev_addr); -+ netdev_info(dev, "Using random MAC address: %pM\n", -+ dev->dev_addr); -+ } ++# enforce correct pointer usage ++KBUILD_CFLAGS += $(call cc-option,-Werror=incompatible-pointer-types) + - SET_ETHTOOL_OPS(dev, &rtl8169_ethtool_ops); - dev->watchdog_timeo = RTL8169_TX_TIMEOUT; + # use the deterministic mode of AR if available + KBUILD_ARFLAGS := $(call ar-option,D) -[PATCH] SCSI: Don't attempt to send extended INQUIRY command if skip_vpd_pages is set - -If a device has the skip_vpd_pages flag set we should simply fail the -scsi_get_vpd_page() call. - -Signed-off-by: Martin K. Petersen -Acked-by: Alan Stern -Tested-by: Stuart Foster -Cc: stable@vger.kernel.org +From 5d12f71723762a39435d054d02bbf5fb87c5cd14 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= +Date: Mon, 6 Feb 2017 14:45:15 +0100 +Subject: [PATCH] mac80211: Print text for disassociation reason +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit -diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c -index 3b1ea34..eaa808e 100644 ---- a/drivers/scsi/scsi.c -+++ b/drivers/scsi/scsi.c -@@ -1031,6 +1031,9 @@ - { - int i, result; - -+ if (sdev->skip_vpd_pages) -+ goto fail; -+ - /* Ask for all the pages supported by this device */ - result = scsi_vpd_inquiry(sdev, buf, 0, buf_len); - if (result) -commit 4d0ed18277cc6f07513ee0b04475f19cd69e75ef -Author: Peter Hurley -Date: Tue Dec 10 17:12:02 2013 -0500 +When disassociation happens only numeric reason is printed +in ieee80211_rx_mgmt_disassoc(). Add text variant, too. - n_tty: Fix buffer overruns with larger-than-4k pastes - - readline() inadvertently triggers an error recovery path when - pastes larger than 4k overrun the line discipline buffer. The - error recovery path discards input when the line discipline buffer - is full and operating in canonical mode and no newline has been - received. Because readline() changes the termios to non-canonical - mode to read the line char-by-char, the line discipline buffer - can become full, and then when readline() restores termios back - to canonical mode for the caller, the now-full line discipline - buffer triggers the error recovery. - - When changing termios from non-canon to canon mode and the read - buffer contains data, simulate an EOF push _without_ the - DISABLED_CHAR in the read buffer. - - Importantly for the readline() problem, the termios can be - changed back to non-canonical mode without changes to the read - buffer occurring; ie., as if the previous termios change had not - happened (as long as no intervening read took place). - - Preserve existing userspace behavior which allows '\0's already - received in non-canon mode to be read as '\0's in canon mode - (rather than trigger add'l EOF pushes or an actual EOF). - - Patch based on original proposal and discussion here - https://bugzilla.kernel.org/show_bug.cgi?id=55991 - by Stas Sergeev - - Reported-by: Margarita Manterola - Cc: Maximiliano Curia - Cc: Pavel Machek - Cc: Arkadiusz Miskiewicz - Acked-by: Stas Sergeev - Signed-off-by: Peter Hurley - Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Arkadiusz Miśkiewicz +--- + net/mac80211/mlme.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) -diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index fdc2ecd..961e6a9 100644 ---- a/drivers/tty/n_tty.c -+++ b/drivers/tty/n_tty.c -@@ -104,6 +104,7 @@ struct n_tty_data { +diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c +index 098ce9b179ee..fcf8d0aa66ec 100644 +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -2801,8 +2801,9 @@ static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata, - /* must hold exclusive termios_rwsem to reset these */ - unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1; -+ unsigned char push:1; + reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); - /* shared by producer and consumer */ - char read_buf[N_TTY_BUF_SIZE]; -@@ -341,6 +342,7 @@ static void reset_buffer_flags(struct n_tty_data *ldata) +- sdata_info(sdata, "disassociated from %pM (Reason: %u)\n", +- mgmt->sa, reason_code); ++ sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n", ++ mgmt->sa, reason_code, ++ ieee80211_get_reason_code_string(reason_code)); - ldata->erasing = 0; - bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE); -+ ldata->push = 0; - } + ieee80211_set_disassoc(sdata, 0, 0, false, NULL); - static void n_tty_packet_mode_flush(struct tty_struct *tty) -@@ -1745,7 +1747,16 @@ static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old) - - if (!old || (old->c_lflag ^ tty->termios.c_lflag) & ICANON) { - bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE); -- ldata->line_start = ldata->canon_head = ldata->read_tail; -+ ldata->line_start = ldata->read_tail; -+ if (!L_ICANON(tty) || !read_cnt(ldata)) { -+ ldata->canon_head = ldata->read_tail; -+ ldata->push = 0; -+ } else { -+ set_bit((ldata->read_head - 1) & (N_TTY_BUF_SIZE - 1), -+ ldata->read_flags); -+ ldata->canon_head = ldata->read_head; -+ ldata->push = 1; -+ } - ldata->erasing = 0; - ldata->lnext = 0; - } -@@ -1951,6 +1962,12 @@ static int copy_from_read_buf(struct tty_struct *tty, - * it copies one line of input up to and including the line-delimiting - * character into the user-space buffer. - * -+ * NB: When termios is changed from non-canonical to canonical mode and -+ * the read buffer contains data, n_tty_set_termios() simulates an EOF -+ * push (as if C-d were input) _without_ the DISABLED_CHAR in the buffer. -+ * This causes data already processed as input to be immediately available -+ * as input although a newline has not been received. -+ * - * Called under the atomic_read_lock mutex - * - * n_tty_read()/consumer path: -@@ -1997,7 +2014,7 @@ static int canon_copy_from_read_buf(struct tty_struct *tty, - n += found; - c = n; - -- if (found && read_buf(ldata, eol) == __DISABLED_CHAR) { -+ if (found && !ldata->push && read_buf(ldata, eol) == __DISABLED_CHAR) { - n--; - eof_push = !n && ldata->read_tail != ldata->line_start; - } -@@ -2024,7 +2041,10 @@ static int canon_copy_from_read_buf(struct tty_struct *tty, - ldata->read_tail += c; - - if (found) { -- ldata->line_start = ldata->read_tail; -+ if (!ldata->push) -+ ldata->line_start = ldata->read_tail; -+ else -+ ldata->push = 0; - tty_audit_push(tty); - } - return eof_push ? -EAGAIN : 0; +-- +2.11.0 + +From 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 Mon Sep 17 00:00:00 2001 +From: Andrey Konovalov +Date: Thu, 16 Feb 2017 17:22:46 +0100 +Subject: dccp: fix freeing skb too early for IPV6_RECVPKTINFO + +In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet +is forcibly freed via __kfree_skb in dccp_rcv_state_process if +dccp_v6_conn_request successfully returns. + +However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb +is saved to ireq->pktopts and the ref count for skb is incremented in +dccp_v6_conn_request, so skb is still in use. Nevertheless, it gets freed +in dccp_rcv_state_process. + +Fix by calling consume_skb instead of doing goto discard and therefore +calling __kfree_skb. + +Similar fixes for TCP: + +fb7e2399ec17f1004c0e0ccfd17439f8759ede01 [TCP]: skb is unexpectedly freed. +0aea76d35c9651d55bbaf746e7914e5f9ae5a25d tcp: SYN packets are now +simply consumed + +Signed-off-by: Andrey Konovalov +Acked-by: Eric Dumazet +Signed-off-by: David S. Miller +--- + net/dccp/input.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/dccp/input.c b/net/dccp/input.c +index ba34718..8fedc2d 100644 +--- a/net/dccp/input.c ++++ b/net/dccp/input.c +@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb, + if (inet_csk(sk)->icsk_af_ops->conn_request(sk, + skb) < 0) + return 1; +- goto discard; ++ consume_skb(skb); ++ return 0; + } + if (dh->dccph_type == DCCP_PKT_RESET) + goto discard; +-- +cgit v0.12 +