| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: David S. Miller <[email protected]>
|
|
Signed-off-by: David S. Miller <[email protected]>
|
|
Signed-off-by: David S. Miller <[email protected]>
|
|
Signed-off-by: David S. Miller <[email protected]>
|
|
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
|
|
The variable _data is used in asm-generic to define sections
which causes sparse warnings, so just rename the variable.
Signed-off-by: Stephen Hemminger <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/bwh/sfc-next-2.6
|
|
Add proper RCU annotations/verbs to sk_wq and wq members
Fix __sctp_write_space() sk_sleep() abuse (and sock->wq access)
Fix sunrpc sk_sleep() abuse too
Signed-off-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Currently the bridge multicast snooping feature periodically issues
IPv6 general multicast listener queries to sense the absence of a
listener.
For this, it uses :: as its source address - however RFC 2710 requires:
"To be valid, the Query message MUST come from a link-local IPv6 Source
Address". Current Linux kernel versions seem to follow this requirement
and ignore our bogus MLD queries.
With this commit a link local address from the bridge interface is being
used to issue the MLD query, resulting in other Linux devices which are
multicast listeners in the network to respond with a MLD response (which
was not the case before).
Signed-off-by: Linus Lüssing <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Map the IPv6 header's destination multicast address to an ethernet
source address instead of the MLD queries multicast address.
For instance for a general MLD query (multicast address in the MLD query
set to ::), this would wrongly be mapped to 33:33:00:00:00:00, although
an MLD queries destination MAC should always be 33:33:00:00:00:01 which
matches the IPv6 header's multicast destination ff02::1.
Signed-off-by: Linus Lüssing <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Currently the multicast bridge snooping support is not active for
link local multicast. I assume this has been done to leave
important multicast data untouched, like IPv6 Neighborhood Discovery.
In larger, bridged, local networks it could however be desirable to
optimize for instance local multicast audio/video streaming too.
With the transient flag in IPv6 multicast addresses we have an easy
way to optimize such multimedia traffic without tempering with the
high priority multicast data from well-known addresses.
This patch alters the multicast bridge snooping for IPv6, to take
effect for transient multicast addresses instead of non-link-local
addresses.
Signed-off-by: Linus Lüssing <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The nsrcs number is 2 Byte wide, therefore we need to call ntohs()
before using it.
Signed-off-by: Linus Lüssing <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
We actually want a pointer to the grec_nsrcr and not the following
field. Otherwise we can get very high values for *nsrcs as the first two
bytes of the IPv6 multicast address are being used instead, leading to
a failing pskb_may_pull() which results in MLDv2 reports not being
parsed.
Signed-off-by: Linus Lüssing <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The protocol type for IPv6 entries in the hash table for multicast
bridge snooping is falsely set to ETH_P_IP, marking it as an IPv4
address, instead of setting it to ETH_P_IPV6, which results in negative
look-ups in the hash table later.
Signed-off-by: Linus Lüssing <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Linux-next as of 20110217 complains when building for OMAP1.
LD vmlinux
`hci_sock_cleanup' referenced in section `.init.text' of net/built-in.o: defined in discarded section `.exit.text' of net/built-in.o
`hci_sock_cleanup' referenced in section `.init.text' of net/built-in.o: defined in discarded section `.exit.text' of net/built-in.o
make: *** [vmlinux] Error 1
A recent patch by Gustavo (Bluetooth: Merge L2CAP and SCO modules
into bluetooth.ko) introduced this by calling the hci_sock_cleanup
function in the error path of bt_init.
Fix this by dropping the __exit marking for hci_sock_cleanup.
Signed-off-by: Anand Gadiyar <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
The current implementation of hidp_output_raw_report() relies only on
the Control channel even for Output reports, and the BT HID
specification [1] does not mention using the DATA message for Output
reports on the Control channel (see section 7.9.1 and also Figure 11:
SET_ Flow Chart), so let us just use SET_REPORT.
This also fixes sending Output reports to some devices (like Sony
Sixaxis) which are not able to handle DATA messages on the Control
channel.
Ideally hidp_output_raw_report() could be improved to use this scheme:
Feature Report -- SET_REPORT on the Control channel
Output Report -- DATA on the Interrupt channel
for more efficiency, but as said above, right now only the Control
channel is used.
[1] http://www.bluetooth.com/Specification%20Documents/HID_SPEC_V10.pdf
Signed-off-by: Antonio Ospite <[email protected]>
Acked-by: Gustavo F. Padovan <[email protected]>
Signed-off-by: Jiri Kosina <[email protected]>
|
|
Signed-off-by: Changli Gao <[email protected]>
Signed-off-by: Simon Horman <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
ceph: keep reference to parent inode on ceph_dentry
ceph: queue cap_snaps once per realm
libceph: fix socket write error handling
libceph: fix socket read error handling
|
|
This patch prevents a crash when remote host tries to create a LE
link which already exists. i.e.: call l2test twice passing the
same parameters.
Signed-off-by: Anderson Briglia <[email protected]>
Signed-off-by: Ville Tervo <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
All of the places that need to call mgmt_pending_remove already have a
pointer to the pending command, so searching for the command in the list
doesn't make sense. The added benefit is that many places that
previously had to call list_del + mgmt_pending_free can just call
mgmt_pending_remove now.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
The remote authentication requirements for conections need to be
initialized to 0xff (unknown) since it is possible that we receive a IO
Capability Request before we have received information about the remote
requirements.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
To properly track bonding completion an event to indicate authentication
failure is needed. This event will be sent whenever an authentication
complete HCI event with a non-zero status comes. It will also be sent
when we're acting in acceptor role for SSP authentication in which case
the controller will send a Simple Pairing Complete event.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
The command complete event for mgmt_pin_code_reply &
mgmt_pin_code_neg_reply should have the adapter index, Bluetooth address
as well as the status.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
The opcode for the ENODEV case was wrong (probably copy-paste mistake).
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
This patch adds support for the user confirmation (numeric comparison)
Secure Simple Pairing authentication method.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
This patch adds a new mgmt_pair_device which can be used to initiate a
dedicated bonding procedure. Some extra callbacks are added to the
hci_conn struct so that the pairing code can get notified of the
completion of the procedure.
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
This makes it more convenient to do manipulations on the entry (needed
by later commits).
Signed-off-by: Johan Hedberg <[email protected]>
Signed-off-by: Gustavo F. Padovan <[email protected]>
|
|
I previously managed to reproduce a hang while scanning wireless
channels (reproducible with airodump-ng hopping channels); subsequent
lockdep instrumentation revealed a lock ordering issue.
Without knowing the design intent, it looks like the locks should be
taken in reverse order; please comment.
=======================================================
[ INFO: possible circular locking dependency detected ]
2.6.38-rc5-341cd #4
-------------------------------------------------------
airodump-ng/15445 is trying to acquire lock:
(&rdev->devlist_mtx){+.+.+.}, at: [<ffffffff816b1266>]
cfg80211_wext_siwfreq+0xc6/0x100
but task is already holding lock:
(&wdev->mtx){+.+.+.}, at: [<ffffffff816b125c>] cfg80211_wext_siwfreq+0xbc/0x100
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&wdev->mtx){+.+.+.}:
[<ffffffff810a79d6>] lock_acquire+0xc6/0x280
[<ffffffff816d6bce>] mutex_lock_nested+0x6e/0x4b0
[<ffffffff81696080>] cfg80211_netdev_notifier_call+0x430/0x5f0
[<ffffffff8109351b>] notifier_call_chain+0x8b/0x100
[<ffffffff810935b1>] raw_notifier_call_chain+0x11/0x20
[<ffffffff81576d92>] call_netdevice_notifiers+0x32/0x60
[<ffffffff815771a4>] __dev_notify_flags+0x34/0x80
[<ffffffff81577230>] dev_change_flags+0x40/0x70
[<ffffffff8158587c>] do_setlink+0x1fc/0x8d0
[<ffffffff81586042>] rtnl_setlink+0xf2/0x140
[<ffffffff81586923>] rtnetlink_rcv_msg+0x163/0x270
[<ffffffff8159d741>] netlink_rcv_skb+0xa1/0xd0
[<ffffffff815867b0>] rtnetlink_rcv+0x20/0x30
[<ffffffff8159d39a>] netlink_unicast+0x2ba/0x300
[<ffffffff8159dd57>] netlink_sendmsg+0x267/0x3e0
[<ffffffff8155e364>] sock_sendmsg+0xe4/0x110
[<ffffffff8155f3a3>] sys_sendmsg+0x253/0x3b0
[<ffffffff81003192>] system_call_fastpath+0x16/0x1b
-> #0 (&rdev->devlist_mtx){+.+.+.}:
[<ffffffff810a7222>] __lock_acquire+0x1622/0x1d10
[<ffffffff810a79d6>] lock_acquire+0xc6/0x280
[<ffffffff816d6bce>] mutex_lock_nested+0x6e/0x4b0
[<ffffffff816b1266>] cfg80211_wext_siwfreq+0xc6/0x100
[<ffffffff816b2fad>] ioctl_standard_call+0x5d/0xd0
[<ffffffff816b3223>] T.808+0x163/0x170
[<ffffffff816b326a>] wext_handle_ioctl+0x3a/0x90
[<ffffffff815798d2>] dev_ioctl+0x6f2/0x830
[<ffffffff8155cf3d>] sock_ioctl+0xfd/0x290
[<ffffffff8117dffd>] do_vfs_ioctl+0x9d/0x590
[<ffffffff8117e53a>] sys_ioctl+0x4a/0x80
[<ffffffff81003192>] system_call_fastpath+0x16/0x1b
other info that might help us debug this:
2 locks held by airodump-ng/15445:
#0: (rtnl_mutex){+.+.+.}, at: [<ffffffff81586782>] rtnl_lock+0x12/0x20
#1: (&wdev->mtx){+.+.+.}, at: [<ffffffff816b125c>]
cfg80211_wext_siwfreq+0xbc/0x100
stack backtrace:
Pid: 15445, comm: airodump-ng Not tainted 2.6.38-rc5-341cd #4
Call Trace:
[<ffffffff810a3f0a>] ? print_circular_bug+0xfa/0x100
[<ffffffff810a7222>] ? __lock_acquire+0x1622/0x1d10
[<ffffffff810a1f99>] ? trace_hardirqs_off_caller+0x29/0xc0
[<ffffffff810a79d6>] ? lock_acquire+0xc6/0x280
[<ffffffff816b1266>] ? cfg80211_wext_siwfreq+0xc6/0x100
[<ffffffff810a31d7>] ? mark_held_locks+0x67/0x90
[<ffffffff816d6bce>] ? mutex_lock_nested+0x6e/0x4b0
[<ffffffff816b1266>] ? cfg80211_wext_siwfreq+0xc6/0x100
[<ffffffff810a31d7>] ? mark_held_locks+0x67/0x90
[<ffffffff816b1266>] ? cfg80211_wext_siwfreq+0xc6/0x100
[<ffffffff816b1266>] ? cfg80211_wext_siwfreq+0xc6/0x100
[<ffffffff816b2fad>] ? ioctl_standard_call+0x5d/0xd0
[<ffffffff8157818b>] ? __dev_get_by_name+0x9b/0xc0
[<ffffffff816b2f50>] ? ioctl_standard_call+0x0/0xd0
[<ffffffff816b3223>] ? T.808+0x163/0x170
[<ffffffff8112ddf2>] ? might_fault+0x72/0xd0
[<ffffffff816b326a>] ? wext_handle_ioctl+0x3a/0x90
[<ffffffff8112de3b>] ? might_fault+0xbb/0xd0
[<ffffffff815798d2>] ? dev_ioctl+0x6f2/0x830
[<ffffffff810a1bae>] ? put_lock_stats+0xe/0x40
[<ffffffff810a1c8c>] ? lock_release_holdtime+0xac/0x150
[<ffffffff8155cf3d>] ? sock_ioctl+0xfd/0x290
[<ffffffff8117dffd>] ? do_vfs_ioctl+0x9d/0x590
[<ffffffff8116c8ff>] ? fget_light+0x1df/0x3c0
[<ffffffff8117e53a>] ? sys_ioctl+0x4a/0x80
[<ffffffff81003192>] ? system_call_fastpath+0x16/0x1b
Signed-off-by: Daniel J Blueman <[email protected]>
Acked-by: Johannes Berg <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
Fix a bug that undo_retrans is incorrectly decremented when undo_marker is
not set or undo_retrans is already 0. This happens when sender receives
more DSACK ACKs than packets retransmitted during the current
undo phase. This may also happen when sender receives DSACK after
the undo operation is completed or cancelled.
Fix another bug that undo_retrans is incorrectly incremented when
sender retransmits an skb and tcp_skb_pcount(skb) > 1 (TSO). This case
is rare but not impossible.
Signed-off-by: Yuchung Cheng <[email protected]>
Acked-by: Ilpo Järvinen <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
|
|
From: Eric W. Biederman <[email protected]>
In the beginning with batching unreg_list was a list that was used only
once in the lifetime of a network device (I think). Now we have calls
using the unreg_list that can happen multiple times in the life of a
network device like dev_deactivate and dev_close that are also using the
unreg_list. In addition in unregister_netdevice_queue we also do a
list_move because for devices like veth pairs it is possible that
unregister_netdevice_queue will be called multiple times.
So I think the change below to fix dev_deactivate which Eric D. missed
will fix this problem. Now to go test that.
Signed-off-by: David S. Miller <[email protected]>
|
|
net/sctp/tsnmap.c: In function ‘sctp_tsnmap_num_gabs’:
net/sctp/tsnmap.c:347: warning: ‘start’ may be used uninitialized in this function
net/sctp/tsnmap.c:347: warning: ‘end’ may be used uninitialized in this function
Signed-off-by: Shan Wei <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Now, TCP_CHECK_TIMER is not used for debuging, it does nothing.
And, it has been there for several years, maybe 6 years.
Remove it to keep code clearer.
Signed-off-by: Shan Wei <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Conflicts:
Documentation/feature-removal-schedule.txt
drivers/net/e1000e/netdev.c
net/xfrm/xfrm_policy.c
|
|
commit 5fa782c2f5ef6c2e4f04d3e228412c9b4a4c8809 re-worked the
handling of unknown parameters. sctp_init_cause_fixed() can now
return -ENOSPC if there is not enough tailroom in the error
chunk skb. When this happens, the error header is not appended to
the error chunk. In that case, the payload of the unknown parameter
should not be appended either.
Signed-off-by: Jiri Bohac <[email protected]>
Acked-by: Vlad Yasevich <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Eric W. Biederman reported a lockdep splat in inet_twsk_deschedule()
This is caused by inet_twsk_purge(), run from process context,
and commit 575f4cd5a5b6394577 (net: Use rcu lookups in inet_twsk_purge.)
removed the BH disabling that was necessary.
Add the BH disabling but fine grained, right before calling
inet_twsk_deschedule(), instead of whole function.
With help from Linus Torvalds and Eric W. Biederman
Reported-by: Eric W. Biederman <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
CC: Daniel Lezcano <[email protected]>
CC: Pavel Emelyanov <[email protected]>
CC: Arnaldo Carvalho de Melo <[email protected]>
CC: stable <[email protected]> (# 2.6.33+)
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (37 commits)
net: deinit automatic LIST_HEAD
net: dont leave active on stack LIST_HEAD
net: provide default_advmss() methods to blackhole dst_ops
tg3: Restrict phy ioctl access
drivers/net: Call netif_carrier_off at the end of the probe
ixgbe: work around for DDP last buffer size
ixgbe: fix panic due to uninitialised pointer
e1000e: flush all writebacks before unload
e1000e: check down flag in tasks
isdn: hisax: Use l2headersize() instead of dup (and buggy) func.
arp_notify: unconditionally send gratuitous ARP for NETDEV_NOTIFY_PEERS.
cxgb4vf: Use defined Mailbox Timeout
cxgb4vf: Quiesce Virtual Interfaces on shutdown ...
cxgb4vf: Behave properly when CONFIG_DEBUG_FS isn't defined ...
cxgb4vf: Check driver parameters in the right place ...
pch_gbe: Fix the MAC Address load issue.
iwlwifi: Delete iwl3945_good_plcp_health.
net/can/softing: make CAN_SOFTING_CS depend on CAN_SOFTING
netfilter: nf_iterate: fix incorrect RCU usage
pch_gbe: Fix the issue that the receiving data is not normal.
...
|
|
Conflicts:
drivers/bluetooth/ath3k.c
drivers/bluetooth/btusb.c
|
|
Clear IEEE80211_STA_NULLFUNC_ACKED flag on disabling power
save. Without this fix, there is a chance of setting CONF_PS
before sending nullfunc frame.
Signed-off-by: Vivek Natarajan <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
"def_bool n" without prompt is pointless, this should be just "bool".
Signed-off-by: Jan Beulich <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
The module parameter ieee80211_disable_40mhz_24ghz
was meant to allow disabling 40 MHz operation in
the 2.4 GHz band by default. However, it is buggy
as implemented because while it advertises to the
AP that the device doesn't support 40 MHz, it will
itself still use 40 MHz configurations.
To fix this, clear the 40 MHz bits from the sband
completely instead of overriding where used.
Signed-off-by: Johannes Berg <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
Signed-off-by: Ben Greear <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-next-2.6
|
|
Low level driver could pass rx frames to us after disassociate, what
can lead to run conn_mon_timer by ieee80211_sta_rx_notify(). That
is obviously wrong, but nothing happens until we unload modules and
resources are used after free. If kernel debugging is enabled following
warning could be observed:
WARNING: at lib/debugobjects.c:259 debug_print_object+0x65/0x70()
Hardware name: HP xw8600 Workstation
ODEBUG: free active (active state 0) object type: timer_list
Modules linked in: iwlagn(-) iwlcore mac80211 cfg80211 aes_x86_64 aes_generic fuse cpufreq_ondemand acpi_cpufreq freq_table mperf xt_physdev ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 ext3 jbd dm_mirror dm_region_hash dm_log dm_mod uinput hp_wmi sparse_keymap sg wmi arc4 microcode serio_raw ecb tg3 shpchp rfkill ext4 mbcache jbd2 sr_mod cdrom sd_mod crc_t10dif firewire_ohci firewire_core crc_itu_t mptsas mptscsih mptbase scsi_transport_sas ahci libahci pata_acpi ata_generic ata_piix floppy nouveau ttm drm_kms_helper drm i2c_algo_bit i2c_core video [last unloaded: cfg80211]
Pid: 13827, comm: rmmod Tainted: G W 2.6.38-rc4-wl+ #22
Call Trace:
[<ffffffff810649cf>] ? warn_slowpath_common+0x7f/0xc0
[<ffffffff81064ac6>] ? warn_slowpath_fmt+0x46/0x50
[<ffffffff81226fc5>] ? debug_print_object+0x65/0x70
[<ffffffff81227625>] ? debug_check_no_obj_freed+0x125/0x210
[<ffffffff8109ebd7>] ? debug_check_no_locks_freed+0xf7/0x170
[<ffffffff81156092>] ? kfree+0xc2/0x2f0
[<ffffffff813ec5c5>] ? netdev_release+0x45/0x60
[<ffffffff812f1067>] ? device_release+0x27/0xa0
[<ffffffff81216ddd>] ? kobject_release+0x8d/0x1a0
[<ffffffff81216d50>] ? kobject_release+0x0/0x1a0
[<ffffffff812183b7>] ? kref_put+0x37/0x70
[<ffffffff81216c57>] ? kobject_put+0x27/0x60
[<ffffffff813d5d1b>] ? netdev_run_todo+0x1ab/0x270
[<ffffffff813e771e>] ? rtnl_unlock+0xe/0x10
[<ffffffffa0581188>] ? ieee80211_unregister_hw+0x58/0x120 [mac80211]
[<ffffffffa0377ed7>] ? iwl_pci_remove+0xdb/0x22a [iwlagn]
[<ffffffff8123cde2>] ? pci_device_remove+0x52/0x120
[<ffffffff812f5205>] ? __device_release_driver+0x75/0xe0
[<ffffffff812f5348>] ? driver_detach+0xd8/0xe0
[<ffffffff812f4111>] ? bus_remove_driver+0x91/0x100
[<ffffffff812f5b62>] ? driver_unregister+0x62/0xa0
[<ffffffff8123d194>] ? pci_unregister_driver+0x44/0xa0
[<ffffffffa0377df5>] ? iwl_exit+0x15/0x1c [iwlagn]
[<ffffffff810ab492>] ? sys_delete_module+0x1a2/0x270
[<ffffffff81498889>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<ffffffff8100bf42>] ? system_call_fastpath+0x16/0x1b
Acked-by: Johannes Berg <[email protected]>
Signed-off-by: Stanislaw Gruszka <[email protected]>
Signed-off-by: John W. Linville <[email protected]>
|
|
Much quicker than going through the FIB tables.
Signed-off-by: David S. Miller <[email protected]>
|
|
This will be used to optimize __ip_dev_find() and friends.
With help from Eric Dumazet.
Signed-off-by: David S. Miller <[email protected]>
|
|
commit 9b5e383c11b08784 (net: Introduce
unregister_netdevice_many()) left an active LIST_HEAD() in
rollback_registered(), with possible memory corruption.
Even if device is freed without touching its unreg_list (and therefore
touching the previous memory location holding LISTE_HEAD(single), better
close the bug for good, since its really subtle.
(Same fix for default_device_exit_batch() for completeness)
Reported-by: Michal Hocko <[email protected]>
Tested-by: Michal Hocko <[email protected]>
Reported-by: Eric W. Biderman <[email protected]>
Tested-by: Eric W. Biderman <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
CC: Ingo Molnar <[email protected]>
CC: Octavian Purdila <[email protected]>
CC: stable <[email protected]> [.33+]
Signed-off-by: David S. Miller <[email protected]>
|