exit
fi
done
-
-diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index 7a0c800..ec5ebbb 100644
---- a/drivers/net/ethernet/realtek/r8169.c
-+++ b/drivers/net/ethernet/realtek/r8169.c
-@@ -6927,6 +6927,14 @@ rtl_init_one(struct pci_dev *pdev, const
- for (i = 0; i < ETH_ALEN; i++)
- dev->dev_addr[i] = RTL_R8(MAC0 + i);
+--- a/Makefile 2016-11-10 20:41:43.646224629 +0100
++++ b/Makefile 2016-11-10 20:40:35.640323501 +0100
+@@ -784,6 +774,9 @@
+ # Prohibit date/time macros, which would make the build non-deterministic
+ KBUILD_CFLAGS += $(call cc-option,-Werror=date-time)
-+ if (!is_valid_ether_addr(dev->dev_addr)) {
-+ /* Report it and use a random ethernet address instead */
-+ netdev_err(dev, "Invalid MAC address: %pM\n", dev->dev_addr);
-+ random_ether_addr(dev->dev_addr);
-+ netdev_info(dev, "Using random MAC address: %pM\n",
-+ dev->dev_addr);
-+ }
++# enforce correct pointer usage
++KBUILD_CFLAGS += $(call cc-option,-Werror=incompatible-pointer-types)
+
- SET_ETHTOOL_OPS(dev, &rtl8169_ethtool_ops);
- dev->watchdog_timeo = RTL8169_TX_TIMEOUT;
+ # use the deterministic mode of AR if available
+ KBUILD_ARFLAGS := $(call ar-option,D)
-[PATCH] SCSI: Don't attempt to send extended INQUIRY command if skip_vpd_pages is set
-
-If a device has the skip_vpd_pages flag set we should simply fail the
-scsi_get_vpd_page() call.
-
-Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
-Acked-by: Alan Stern <stern@rowland.harvard.edu>
-Tested-by: Stuart Foster <smf.linux@ntlworld.com>
-Cc: stable@vger.kernel.org
+From 5d12f71723762a39435d054d02bbf5fb87c5cd14 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= <arekm@maven.pl>
+Date: Mon, 6 Feb 2017 14:45:15 +0100
+Subject: [PATCH] mac80211: Print text for disassociation reason
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
-diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
-index 3b1ea34..eaa808e 100644
---- a/drivers/scsi/scsi.c
-+++ b/drivers/scsi/scsi.c
-@@ -1031,6 +1031,9 @@
- {
- int i, result;
-
-+ if (sdev->skip_vpd_pages)
-+ goto fail;
-+
- /* Ask for all the pages supported by this device */
- result = scsi_vpd_inquiry(sdev, buf, 0, buf_len);
- if (result)
-commit 4d0ed18277cc6f07513ee0b04475f19cd69e75ef
-Author: Peter Hurley <peter@hurleysoftware.com>
-Date: Tue Dec 10 17:12:02 2013 -0500
+When disassociation happens only numeric reason is printed
+in ieee80211_rx_mgmt_disassoc(). Add text variant, too.
- n_tty: Fix buffer overruns with larger-than-4k pastes
-
- readline() inadvertently triggers an error recovery path when
- pastes larger than 4k overrun the line discipline buffer. The
- error recovery path discards input when the line discipline buffer
- is full and operating in canonical mode and no newline has been
- received. Because readline() changes the termios to non-canonical
- mode to read the line char-by-char, the line discipline buffer
- can become full, and then when readline() restores termios back
- to canonical mode for the caller, the now-full line discipline
- buffer triggers the error recovery.
-
- When changing termios from non-canon to canon mode and the read
- buffer contains data, simulate an EOF push _without_ the
- DISABLED_CHAR in the read buffer.
-
- Importantly for the readline() problem, the termios can be
- changed back to non-canonical mode without changes to the read
- buffer occurring; ie., as if the previous termios change had not
- happened (as long as no intervening read took place).
-
- Preserve existing userspace behavior which allows '\0's already
- received in non-canon mode to be read as '\0's in canon mode
- (rather than trigger add'l EOF pushes or an actual EOF).
-
- Patch based on original proposal and discussion here
- https://bugzilla.kernel.org/show_bug.cgi?id=55991
- by Stas Sergeev <stsp@users.sourceforge.net>
-
- Reported-by: Margarita Manterola <margamanterola@gmail.com>
- Cc: Maximiliano Curia <maxy@gnuservers.com.ar>
- Cc: Pavel Machek <pavel@ucw.cz>
- Cc: Arkadiusz Miskiewicz <a.miskiewicz@gmail.com>
- Acked-by: Stas Sergeev <stsp@users.sourceforge.net>
- Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
- Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Arkadiusz MiĆkiewicz <arekm@maven.pl>
+---
+ net/mac80211/mlme.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
-diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index fdc2ecd..961e6a9 100644
---- a/drivers/tty/n_tty.c
-+++ b/drivers/tty/n_tty.c
-@@ -104,6 +104,7 @@ struct n_tty_data {
+diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
+index 098ce9b179ee..fcf8d0aa66ec 100644
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -2801,8 +2801,9 @@ static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
- /* must hold exclusive termios_rwsem to reset these */
- unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
-+ unsigned char push:1;
+ reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
- /* shared by producer and consumer */
- char read_buf[N_TTY_BUF_SIZE];
-@@ -341,6 +342,7 @@ static void reset_buffer_flags(struct n_tty_data *ldata)
+- sdata_info(sdata, "disassociated from %pM (Reason: %u)\n",
+- mgmt->sa, reason_code);
++ sdata_info(sdata, "disassociated from %pM (Reason: %u=%s)\n",
++ mgmt->sa, reason_code,
++ ieee80211_get_reason_code_string(reason_code));
- ldata->erasing = 0;
- bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
-+ ldata->push = 0;
- }
+ ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
- static void n_tty_packet_mode_flush(struct tty_struct *tty)
-@@ -1745,7 +1747,16 @@ static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
-
- if (!old || (old->c_lflag ^ tty->termios.c_lflag) & ICANON) {
- bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
-- ldata->line_start = ldata->canon_head = ldata->read_tail;
-+ ldata->line_start = ldata->read_tail;
-+ if (!L_ICANON(tty) || !read_cnt(ldata)) {
-+ ldata->canon_head = ldata->read_tail;
-+ ldata->push = 0;
-+ } else {
-+ set_bit((ldata->read_head - 1) & (N_TTY_BUF_SIZE - 1),
-+ ldata->read_flags);
-+ ldata->canon_head = ldata->read_head;
-+ ldata->push = 1;
-+ }
- ldata->erasing = 0;
- ldata->lnext = 0;
- }
-@@ -1951,6 +1962,12 @@ static int copy_from_read_buf(struct tty_struct *tty,
- * it copies one line of input up to and including the line-delimiting
- * character into the user-space buffer.
- *
-+ * NB: When termios is changed from non-canonical to canonical mode and
-+ * the read buffer contains data, n_tty_set_termios() simulates an EOF
-+ * push (as if C-d were input) _without_ the DISABLED_CHAR in the buffer.
-+ * This causes data already processed as input to be immediately available
-+ * as input although a newline has not been received.
-+ *
- * Called under the atomic_read_lock mutex
- *
- * n_tty_read()/consumer path:
-@@ -1997,7 +2014,7 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
- n += found;
- c = n;
-
-- if (found && read_buf(ldata, eol) == __DISABLED_CHAR) {
-+ if (found && !ldata->push && read_buf(ldata, eol) == __DISABLED_CHAR) {
- n--;
- eof_push = !n && ldata->read_tail != ldata->line_start;
- }
-@@ -2024,7 +2041,10 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
- ldata->read_tail += c;
-
- if (found) {
-- ldata->line_start = ldata->read_tail;
-+ if (!ldata->push)
-+ ldata->line_start = ldata->read_tail;
-+ else
-+ ldata->push = 0;
- tty_audit_push(tty);
- }
- return eof_push ? -EAGAIN : 0;
+--
+2.11.0
+
+From 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 Mon Sep 17 00:00:00 2001
+From: Andrey Konovalov <andreyknvl@google.com>
+Date: Thu, 16 Feb 2017 17:22:46 +0100
+Subject: dccp: fix freeing skb too early for IPV6_RECVPKTINFO
+
+In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet
+is forcibly freed via __kfree_skb in dccp_rcv_state_process if
+dccp_v6_conn_request successfully returns.
+
+However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb
+is saved to ireq->pktopts and the ref count for skb is incremented in
+dccp_v6_conn_request, so skb is still in use. Nevertheless, it gets freed
+in dccp_rcv_state_process.
+
+Fix by calling consume_skb instead of doing goto discard and therefore
+calling __kfree_skb.
+
+Similar fixes for TCP:
+
+fb7e2399ec17f1004c0e0ccfd17439f8759ede01 [TCP]: skb is unexpectedly freed.
+0aea76d35c9651d55bbaf746e7914e5f9ae5a25d tcp: SYN packets are now
+simply consumed
+
+Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/dccp/input.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/net/dccp/input.c b/net/dccp/input.c
+index ba34718..8fedc2d 100644
+--- a/net/dccp/input.c
++++ b/net/dccp/input.c
+@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+ if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
+ skb) < 0)
+ return 1;
+- goto discard;
++ consume_skb(skb);
++ return 0;
+ }
+ if (dh->dccph_type == DCCP_PKT_RESET)
+ goto discard;
+--
+cgit v0.12
+
projects / packages / kernel.git / blobdiff