user/sven/linux.git/net, branch v4.8.16 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.8.16 2017-01-06T10:16:25Z Revert "netfilter: move nat hlist_head to nf_conn" 2017-01-06T10:16:25Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2017-01-04T17:29:16Z urn:sha1:f199bdbaab37585ff6912dfb5524cf2a0ef06a05 This reverts commit 7c9664351980aaa6a4b8837a314360b3a4ad382a as it is not working properly. Please move to 4.9 to get the full fix. Reported-by: Pablo Neira Ayuso <pablo@netfilter.org> Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Revert "netfilter: nat: convert nat bysrc hash to rhashtable" 2017-01-06T10:16:25Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2017-01-04T17:27:19Z urn:sha1:99d6d4e0c50c6e64e3cca11dc77538cadcf3b2e2 This reverts commit 870190a9ec9075205c0fa795a09fa931694a3ff1 as it is not working properly. Please move to 4.9 to get the full fix. Reported-by: Pablo Neira Ayuso <pablo@netfilter.org> Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> batman-adv: Check for alloc errors when preparing TT local data 2016-12-15T16:50:36Z Sven Eckelmann sven@narfation.org 2016-11-30T20:47:09Z urn:sha1:3527ad05b46ee204c1636cdb1c2a526d61486947 commit c2d0f48a13e53b4747704c9e692f5e765e52041a upstream. batadv_tt_prepare_tvlv_local_data can fail to allocate the memory for the new TVLV block. The caller is informed about this problem with the returned length of 0. Not checking this value results in an invalid memory access when either tt_data or tt_change is accessed. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: 7ea7b4a14275 ("batman-adv: make the TT CRC logic VLAN specific") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> can: raw: raw_setsockopt: limit number of can_filter that can be set 2016-12-15T16:50:36Z Marc Kleine-Budde mkl@pengutronix.de 2016-12-05T10:44:23Z urn:sha1:212e0ff809706c60630defd38d479d00968e1456 commit 332b05ca7a438f857c61a3c21a88489a21532364 upstream. This patch adds a check to limit the number of can_filters that can be set via setsockopt on CAN_RAW sockets. Otherwise allocations > MAX_ORDER are not prevented resulting in a warning. Reference: https://lkml.org/lkml/2016/12/2/230 Reported-by: Andrey Konovalov <andreyknvl@google.com> Tested-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> esp6: Fix integrity verification when ESN are used 2016-12-10T18:09:44Z Tobias Brunner tobias@strongswan.org 2016-11-29T16:05:25Z urn:sha1:1670d1584701d691db9a8bbabc5c54e0428eb56c commit a55e23864d381c5a4ef110df94b00b2fe121a70d upstream. When handling inbound packets, the two halves of the sequence number stored on the skb are already in network order. Fixes: 000ae7b2690e ("esp6: Switch to new AEAD interface") Signed-off-by: Tobias Brunner <tobias@strongswan.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> esp4: Fix integrity verification when ESN are used 2016-12-10T18:09:44Z Tobias Brunner tobias@strongswan.org 2016-11-29T16:05:20Z urn:sha1:b3e9d498293926d96446d04696e044a900b1fa1f commit 7c7fedd51c02f4418e8b2eed64bdab601f882aa4 upstream. When handling inbound packets, the two halves of the sequence number stored on the skb are already in network order. Fixes: 7021b2e1cddd ("esp4: Switch to new AEAD interface") Signed-off-by: Tobias Brunner <tobias@strongswan.org> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> flowcache: Increase threshold for refusing new allocations 2016-12-10T18:09:44Z Miroslav Urbanek mu@miroslavurbanek.com 2016-11-21T14:48:21Z urn:sha1:be5339492b2919a910bf06630a861d5da8a478bd commit 6b226487815574193c1da864f2eac274781a2b0c upstream. The threshold for OOM protection is too small for systems with large number of CPUs. Applications report ENOBUFs on connect() every 10 minutes. The problem is that the variable net->xfrm.flow_cache_gc_count is a global counter while the variable fc->high_watermark is a per-CPU constant. Take the number of CPUs into account as well. Fixes: 6ad3122a08e3 ("flowcache: Avoid OOM condition under preasure") Reported-by: Lukáš Koldrt <lk@excello.cz> Tested-by: Jan Hejl <jh@excello.cz> Signed-off-by: Miroslav Urbanek <mu@miroslavurbanek.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Revert: "ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit()" 2016-12-10T18:09:44Z Eli Cooper elicooper@gmx.com 2016-12-01T02:05:12Z urn:sha1:3a116fa8c95d4c16f864475c4fdd395fd2a6cce4 commit 80d1106aeaf689ab5fdf33020c5fecd269b31c88 upstream. This reverts commit ae148b085876fa771d9ef2c05f85d4b4bf09ce0d ("ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit()"). skb->protocol is now set in __ip_local_out() and __ip6_local_out() before dst_output() is called. It is no longer necessary to do it for each tunnel. Signed-off-by: Eli Cooper <elicooper@gmx.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ipv4: Set skb->protocol properly for local output 2016-12-10T18:09:44Z Eli Cooper elicooper@gmx.com 2016-12-01T02:05:10Z urn:sha1:686182870c6a7dce62c432aeba4aaedd113322e7 commit f4180439109aa720774baafdd798b3234ab1a0d2 upstream. When xfrm is applied to TSO/GSO packets, it follows this path: xfrm_output() -> xfrm_output_gso() -> skb_gso_segment() where skb_gso_segment() relies on skb->protocol to function properly. This patch sets skb->protocol to ETH_P_IP before dst_output() is called, fixing a bug where GSO packets sent through a sit tunnel are dropped when xfrm is involved. Signed-off-by: Eli Cooper <elicooper@gmx.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ipv6: Set skb->protocol properly for local output 2016-12-10T18:09:43Z Eli Cooper elicooper@gmx.com 2016-12-01T02:05:11Z urn:sha1:e67bd82fb79d04426f8f5f8bc52c31e9fbb8b69d commit b4e479a96fc398ccf83bb1cffb4ffef8631beaf1 upstream. When xfrm is applied to TSO/GSO packets, it follows this path: xfrm_output() -> xfrm_output_gso() -> skb_gso_segment() where skb_gso_segment() relies on skb->protocol to function properly. This patch sets skb->protocol to ETH_P_IPV6 before dst_output() is called, fixing a bug where GSO packets sent through an ipip6 tunnel are dropped when xfrm is involved. Signed-off-by: Eli Cooper <elicooper@gmx.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>