1. 24 Mar, 2020 9 commits
    • Michael Chan's avatar
      bnxt_en: Return error if bnxt_alloc_ctx_mem() fails. · 0b5b561c
      Michael Chan authored
      The current code ignores the return value from
      bnxt_hwrm_func_backing_store_cfg(), causing the driver to proceed in
      the init path even when this vital firmware call has failed.  Fix it
      by propagating the error code to the caller.
      
      Fixes: 1b9394e5 ("bnxt_en: Configure context memory on new devices.")
      Signed-off-by: default avatarMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0b5b561c
    • Edwin Peer's avatar
      bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() · 62d4073e
      Edwin Peer authored
      The allocated ieee_ets structure goes out of scope without being freed,
      leaking memory. Appropriate result codes should be returned so that
      callers do not rely on invalid data passed by reference.
      
      Also cache the ETS config retrieved from the device so that it doesn't
      need to be freed. The balance of the code was clearly written with the
      intent of having the results of querying the hardware cached in the
      device structure. The commensurate store was evidently missed though.
      
      Fixes: 7df4ae9f ("bnxt_en: Implement DCBNL to support host-based DCBX.")
      Signed-off-by: default avatarEdwin Peer <edwin.peer@broadcom.com>
      Signed-off-by: default avatarMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      62d4073e
    • Michael Chan's avatar
      bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S. · a24ec322
      Michael Chan authored
      There is an indexing bug in determining these ethtool priority
      counters.  Instead of using the queue ID to index, we need to
      normalize by modulo 10 to get the index.  This index is then used
      to obtain the proper CoS queue counter.  Rename bp->pri2cos to
      bp->pri2cos_idx to make this more clear.
      
      Fixes: e37fed79 ("bnxt_en: Add ethtool -S priority counters.")
      Signed-off-by: default avatarMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a24ec322
    • Willem de Bruijn's avatar
      macsec: restrict to ethernet devices · b06d072c
      Willem de Bruijn authored
      Only attach macsec to ethernet devices.
      
      Syzbot was able to trigger a KMSAN warning in macsec_handle_frame
      by attaching to a phonet device.
      
      Macvlan has a similar check in macvlan_port_create.
      
      v1->v2
        - fix commit message typo
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b06d072c
    • Michal Kubecek's avatar
      netlink: check for null extack in cookie helpers · 55b474c4
      Michal Kubecek authored
      Unlike NL_SET_ERR_* macros, nl_set_extack_cookie_u64() and
      nl_set_extack_cookie_u32() helpers do not check extack argument for null
      and neither do their callers, as syzbot recently discovered for
      ethnl_parse_header().
      
      Instead of fixing the callers and leaving the trap in place, add check of
      null extack to both helpers to make them consistent with NL_SET_ERR_*
      macros.
      
      v2: drop incorrect second Fixes tag
      
      Fixes: 2363d73a ("ethtool: reject unrecognized request flags")
      Reported-by: syzbot+258a9089477493cea67b@syzkaller.appspotmail.com
      Signed-off-by: default avatarMichal Kubecek <mkubecek@suse.cz>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      55b474c4
    • Pawel Dembicki's avatar
      net: qmi_wwan: add support for ASKEY WWHC050 · 12a5ba5a
      Pawel Dembicki authored
      ASKEY WWHC050 is a mcie LTE modem.
      The oem configuration states:
      
      T:  Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=480  MxCh= 0
      D:  Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
      P:  Vendor=1690 ProdID=7588 Rev=ff.ff
      S:  Manufacturer=Android
      S:  Product=Android
      S:  SerialNumber=813f0eef6e6e
      C:* #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA
      I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
      E:  Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      E:  Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
      E:  Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      E:  Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      E:  Ad=84(I) Atr=03(Int.) MxPS=  10 Ivl=32ms
      E:  Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      E:  Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
      E:  Ad=86(I) Atr=03(Int.) MxPS=  10 Ivl=32ms
      E:  Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      E:  Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
      E:  Ad=88(I) Atr=03(Int.) MxPS=   8 Ivl=32ms
      E:  Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      E:  Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      I:* If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=(none)
      E:  Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
      E:  Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=125us
      
      Tested on openwrt distribution.
      Signed-off-by: default avatarCezary Jackiewicz <cezary@eko.one.pl>
      Signed-off-by: default avatarPawel Dembicki <paweldembicki@gmail.com>
      Acked-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      12a5ba5a
    • Dan Carpenter's avatar
      NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() · 0dcdf9f6
      Dan Carpenter authored
      The nci_conn_max_data_pkt_payload_size() function sometimes returns
      -EPROTO so "max_size" needs to be signed for the error handling to
      work.  We can make "payload_size" an int as well.
      
      Fixes: a06347c0 ("NFC: Add Intel Fields Peak NFC solution driver")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0dcdf9f6
    • Qian Cai's avatar
      ipv4: fix a RCU-list lock in inet_dump_fib() · dddeb30b
      Qian Cai authored
      There is a place,
      
      inet_dump_fib()
        fib_table_dump
          fn_trie_dump_leaf()
            hlist_for_each_entry_rcu()
      
      without rcu_read_lock() will trigger a warning,
      
       WARNING: suspicious RCU usage
       -----------------------------
       net/ipv4/fib_trie.c:2216 RCU-list traversed in non-reader section!!
      
       other info that might help us debug this:
      
       rcu_scheduler_active = 2, debug_locks = 1
       1 lock held by ip/1923:
        #0: ffffffff8ce76e40 (rtnl_mutex){+.+.}, at: netlink_dump+0xd6/0x840
      
       Call Trace:
        dump_stack+0xa1/0xea
        lockdep_rcu_suspicious+0x103/0x10d
        fn_trie_dump_leaf+0x581/0x590
        fib_table_dump+0x15f/0x220
        inet_dump_fib+0x4ad/0x5d0
        netlink_dump+0x350/0x840
        __netlink_dump_start+0x315/0x3e0
        rtnetlink_rcv_msg+0x4d1/0x720
        netlink_rcv_skb+0xf0/0x220
        rtnetlink_rcv+0x15/0x20
        netlink_unicast+0x306/0x460
        netlink_sendmsg+0x44b/0x770
        __sys_sendto+0x259/0x270
        __x64_sys_sendto+0x80/0xa0
        do_syscall_64+0x69/0xf4
        entry_SYSCALL_64_after_hwframe+0x49/0xb3
      
      Fixes: 18a8021a ("net/ipv4: Plumb support for filtering route dumps")
      Signed-off-by: default avatarQian Cai <cai@lca.pw>
      Reviewed-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dddeb30b
    • David S. Miller's avatar
      Merge tag 'mlx5-fixes-2020-03-05' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux · 684ac83e
      David S. Miller authored
      Saeed Mahameed says:
      
      ====================
      Mellanox, mlx5 fixes 2020-03-05
      
      This series introduces some fixes to mlx5 driver.
      
      Please pull and let me know if there is any problem.
      
      For -stable v5.4
       ('net/mlx5: DR, Fix postsend actions write length')
      
      For -stable v5.5
       ('net/mlx5e: kTLS, Fix TCP seq off-by-1 issue in TX resync flow')
       ('net/mlx5e: Fix endianness handling in pedit mask')
      ====================
      Reviewed-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      684ac83e
  2. 23 Mar, 2020 1 commit
    • Eric Dumazet's avatar
      tcp: repair: fix TCP_QUEUE_SEQ implementation · 6cd6cbf5
      Eric Dumazet authored
      When application uses TCP_QUEUE_SEQ socket option to
      change tp->rcv_next, we must also update tp->copied_seq.
      
      Otherwise, stuff relying on tcp_inq() being precise can
      eventually be confused.
      
      For example, tcp_zerocopy_receive() might crash because
      it does not expect tcp_recv_skb() to return NULL.
      
      We could add tests in various places to fix the issue,
      or simply make sure tcp_inq() wont return a random value,
      and leave fast path as it is.
      
      Note that this fixes ioctl(fd, SIOCINQ, &val) at the same
      time.
      
      Fixes: ee995283 ("tcp: Initial repair mode")
      Fixes: 05255b82 ("tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6cd6cbf5
  3. 22 Mar, 2020 13 commits
    • Alan Maguire's avatar
      selftests/net: add definition for SOL_DCCP to fix compilation errors for old libc · 83a9b6f6
      Alan Maguire authored
      Many systems build/test up-to-date kernels with older libcs, and
      an older glibc (2.17) lacks the definition of SOL_DCCP in
      /usr/include/bits/socket.h (it was added in the 4.6 timeframe).
      
      Adding the definition to the test program avoids a compilation
      failure that gets in the way of building tools/testing/selftests/net.
      The test itself will work once the definition is added; either
      skipping due to DCCP not being configured in the kernel under test
      or passing, so there are no other more up-to-date glibc dependencies
      here it seems beyond that missing definition.
      
      Fixes: 11fb60d1 ("selftests: net: reuseport_addr_any: add DCCP")
      Signed-off-by: default avatarAlan Maguire <alan.maguire@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      83a9b6f6
    • Doug Berger's avatar
      net: bcmgenet: always enable status blocks · 9a9ba2a4
      Doug Berger authored
      The hardware offloading of the NETIF_F_HW_CSUM and NETIF_F_RXCSUM
      features requires the use of Transmit Status Blocks before transmit
      frame data and Receive Status Blocks before receive frame data to
      carry the checksum information.
      
      Unfortunately, these status blocks are currently only enabled when
      the NETIF_F_HW_CSUM feature is enabled. As a result NETIF_F_RXCSUM
      will not actually be offloaded to the hardware unless both it and
      NETIF_F_HW_CSUM are enabled. Fortunately, that is the default
      configuration.
      
      This commit addresses this issue by always enabling the use of
      status blocks on both transmit and receive frames. Further, it
      replaces the use of a dedicated flag within the driver private
      data structure with direct use of the netdev features flags.
      
      Fixes: 81015539 ("net: bcmgenet: use CHECKSUM_COMPLETE for NETIF_F_RXCSUM")
      Signed-off-by: default avatarDoug Berger <opendmb@gmail.com>
      Acked-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9a9ba2a4
    • Grygorii Strashko's avatar
      net: phy: dp83867: w/a for fld detect threshold bootstrapping issue · 749f6f68
      Grygorii Strashko authored
      When the DP83867 PHY is strapped to enable Fast Link Drop (FLD) feature
      STRAP_STS2.STRAP_ FLD (reg 0x006F bit 10), the Energy Lost Threshold for
      FLD Energy Lost Mode FLD_THR_CFG.ENERGY_LOST_FLD_THR (reg 0x002e bits 2:0)
      will be defaulted to 0x2. This may cause the phy link to be unstable. The
      new DP83867 DM recommends to always restore ENERGY_LOST_FLD_THR to 0x1.
      
      Hence, restore default value of FLD_THR_CFG.ENERGY_LOST_FLD_THR to 0x1 when
      FLD is enabled by bootstrapping as recommended by DM.
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      749f6f68
    • Emil Renner Berthing's avatar
      net: stmmac: dwmac-rk: fix error path in rk_gmac_probe · 9de9aa48
      Emil Renner Berthing authored
      Make sure we clean up devicetree related configuration
      also when clock init fails.
      
      Fixes: fecd4d7e ("net: stmmac: dwmac-rk: Add integrated PHY support")
      Signed-off-by: default avatarEmil Renner Berthing <kernel@esmil.dk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9de9aa48
    • Oliver Hartkopp's avatar
      slcan: not call free_netdev before rtnl_unlock in slcan_open · 2091a3d4
      Oliver Hartkopp authored
      As the description before netdev_run_todo, we cannot call free_netdev
      before rtnl_unlock, fix it by reorder the code.
      
      This patch is a 1:1 copy of upstream slip.c commit f596c870
      ("slip: not call free_netdev before rtnl_unlock in slip_open").
      Reported-by: default avataryangerkun <yangerkun@huawei.com>
      Signed-off-by: default avatarOliver Hartkopp <socketcan@hartkopp.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2091a3d4
    • Lukas Bulwahn's avatar
      ionic: make spdxcheck.py happy · 06e9bfc1
      Lukas Bulwahn authored
      Headers ionic_if.h and ionic_regs.h are licensed under three alternative
      licenses and the used SPDX-License-Identifier expression makes
      ./scripts/spdxcheck.py complain:
      
      drivers/net/ethernet/pensando/ionic/ionic_if.h: 1:52 Syntax error: OR
      drivers/net/ethernet/pensando/ionic/ionic_regs.h: 1:52 Syntax error: OR
      
      As OR is associative, it is irrelevant if the parentheses are put around
      the first or the second OR-expression.
      
      Simply add parentheses to make spdxcheck.py happy.
      Signed-off-by: default avatarLukas Bulwahn <lukas.bulwahn@gmail.com>
      Acked-by: default avatarShannon Nelson <snelson@pensando.io>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      06e9bfc1
    • Taehee Yoo's avatar
      hsr: fix general protection fault in hsr_addr_is_self() · 3a303cfd
      Taehee Yoo authored
      The port->hsr is used in the hsr_handle_frame(), which is a
      callback of rx_handler.
      hsr master and slaves are initialized in hsr_add_port().
      This function initializes several pointers, which includes port->hsr after
      registering rx_handler.
      So, in the rx_handler routine, un-initialized pointer would be used.
      In order to fix this, pointers should be initialized before
      registering rx_handler.
      
      Test commands:
          ip netns del left
          ip netns del right
          modprobe -rv veth
          modprobe -rv hsr
          killall ping
          modprobe hsr
          ip netns add left
          ip netns add right
          ip link add veth0 type veth peer name veth1
          ip link add veth2 type veth peer name veth3
          ip link add veth4 type veth peer name veth5
          ip link set veth1 netns left
          ip link set veth3 netns right
          ip link set veth4 netns left
          ip link set veth5 netns right
          ip link set veth0 up
          ip link set veth2 up
          ip link set veth0 address fc:00:00:00:00:01
          ip link set veth2 address fc:00:00:00:00:02
          ip netns exec left ip link set veth1 up
          ip netns exec left ip link set veth4 up
          ip netns exec right ip link set veth3 up
          ip netns exec right ip link set veth5 up
          ip link add hsr0 type hsr slave1 veth0 slave2 veth2
          ip a a 192.168.100.1/24 dev hsr0
          ip link set hsr0 up
          ip netns exec left ip link add hsr1 type hsr slave1 veth1 slave2 veth4
          ip netns exec left ip a a 192.168.100.2/24 dev hsr1
          ip netns exec left ip link set hsr1 up
          ip netns exec left ip n a 192.168.100.1 dev hsr1 lladdr \
      	    fc:00:00:00:00:01 nud permanent
          ip netns exec left ip n r 192.168.100.1 dev hsr1 lladdr \
      	    fc:00:00:00:00:01 nud permanent
          for i in {1..100}
          do
              ip netns exec left ping 192.168.100.1 &
          done
          ip netns exec left hping3 192.168.100.1 -2 --flood &
          ip netns exec right ip link add hsr2 type hsr slave1 veth3 slave2 veth5
          ip netns exec right ip a a 192.168.100.3/24 dev hsr2
          ip netns exec right ip link set hsr2 up
          ip netns exec right ip n a 192.168.100.1 dev hsr2 lladdr \
      	    fc:00:00:00:00:02 nud permanent
          ip netns exec right ip n r 192.168.100.1 dev hsr2 lladdr \
      	    fc:00:00:00:00:02 nud permanent
          for i in {1..100}
          do
              ip netns exec right ping 192.168.100.1 &
          done
          ip netns exec right hping3 192.168.100.1 -2 --flood &
          while :
          do
              ip link add hsr0 type hsr slave1 veth0 slave2 veth2
      	ip a a 192.168.100.1/24 dev hsr0
      	ip link set hsr0 up
      	ip link del hsr0
          done
      
      Splat looks like:
      [  120.954938][    C0] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1]I
      [  120.957761][    C0] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
      [  120.959064][    C0] CPU: 0 PID: 1511 Comm: hping3 Not tainted 5.6.0-rc5+ #460
      [  120.960054][    C0] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
      [  120.962261][    C0] RIP: 0010:hsr_addr_is_self+0x65/0x2a0 [hsr]
      [  120.963149][    C0] Code: 44 24 18 70 73 2f c0 48 c1 eb 03 48 8d 04 13 c7 00 f1 f1 f1 f1 c7 40 04 00 f2 f2 f2 4
      [  120.966277][    C0] RSP: 0018:ffff8880d9c09af0 EFLAGS: 00010206
      [  120.967293][    C0] RAX: 0000000000000006 RBX: 1ffff1101b38135f RCX: 0000000000000000
      [  120.968516][    C0] RDX: dffffc0000000000 RSI: ffff8880d17cb208 RDI: 0000000000000000
      [  120.969718][    C0] RBP: 0000000000000030 R08: ffffed101b3c0e3c R09: 0000000000000001
      [  120.972203][    C0] R10: 0000000000000001 R11: ffffed101b3c0e3b R12: 0000000000000000
      [  120.973379][    C0] R13: ffff8880aaf80100 R14: ffff8880aaf800f2 R15: ffff8880aaf80040
      [  120.974410][    C0] FS:  00007f58e693f740(0000) GS:ffff8880d9c00000(0000) knlGS:0000000000000000
      [  120.979794][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  120.980773][    C0] CR2: 00007ffcb8b38f29 CR3: 00000000afe8e001 CR4: 00000000000606f0
      [  120.981945][    C0] Call Trace:
      [  120.982411][    C0]  <IRQ>
      [  120.982848][    C0]  ? hsr_add_node+0x8c0/0x8c0 [hsr]
      [  120.983522][    C0]  ? rcu_read_lock_held+0x90/0xa0
      [  120.984159][    C0]  ? rcu_read_lock_sched_held+0xc0/0xc0
      [  120.984944][    C0]  hsr_handle_frame+0x1db/0x4e0 [hsr]
      [  120.985597][    C0]  ? hsr_nl_nodedown+0x2b0/0x2b0 [hsr]
      [  120.986289][    C0]  __netif_receive_skb_core+0x6bf/0x3170
      [  120.992513][    C0]  ? check_chain_key+0x236/0x5d0
      [  120.993223][    C0]  ? do_xdp_generic+0x1460/0x1460
      [  120.993875][    C0]  ? register_lock_class+0x14d0/0x14d0
      [  120.994609][    C0]  ? __netif_receive_skb_one_core+0x8d/0x160
      [  120.995377][    C0]  __netif_receive_skb_one_core+0x8d/0x160
      [  120.996204][    C0]  ? __netif_receive_skb_core+0x3170/0x3170
      [ ... ]
      
      Reported-by: syzbot+fcf5dd39282ceb27108d@syzkaller.appspotmail.com
      Fixes: c5a75911 ("net/hsr: Use list_head (and rcu) instead of array for slave devices.")
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3a303cfd
    • David S. Miller's avatar
      Merge branch 'hinic-BugFixes' · 4abe5a1b
      David S. Miller authored
      Luo bin says:
      
      ====================
      hinic: BugFixes
      
      Fix a number of bugs which have been present since the first commit.
      
      The bugs fixed in these patchs are hardly exposed unless given
      very specific conditions.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4abe5a1b
    • Luo bin's avatar
      hinic: fix wrong value of MIN_SKB_LEN · 7296695f
      Luo bin authored
      the minimum value of skb len that hw supports is 32 rather than 17
      Signed-off-by: default avatarLuo bin <luobin9@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7296695f
    • Luo bin's avatar
      hinic: fix wrong para of wait_for_completion_timeout · 0da7c322
      Luo bin authored
      the second input parameter of wait_for_completion_timeout should
      be jiffies instead of millisecond
      Signed-off-by: default avatarLuo bin <luobin9@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0da7c322
    • Luo bin's avatar
      hinic: fix out-of-order excution in arm cpu · 33f15da2
      Luo bin authored
      add read barrier in driver code to keep from reading other fileds
      in dma memory which is writable for hw until we have verified the
      memory is valid for driver
      Signed-off-by: default avatarLuo bin <luobin9@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      33f15da2
    • Luo bin's avatar
      hinic: fix the bug of clearing event queue · 614eaa94
      Luo bin authored
      should disable eq irq before freeing it, must clear event queue
      depth in hw before freeing relevant memory to avoid illegal
      memory access and update consumer idx to avoid invalid interrupt
      Signed-off-by: default avatarLuo bin <luobin9@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      614eaa94
    • Luo bin's avatar
      hinic: fix a bug of waitting for IO stopped · 96758117
      Luo bin authored
      it's unreliable for fw to check whether IO is stopped, so driver
      wait for enough time to ensure IO process is done in hw before
      freeing resources
      Signed-off-by: default avatarLuo bin <luobin9@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      96758117
  4. 21 Mar, 2020 2 commits
  5. 20 Mar, 2020 6 commits
    • Eric Dumazet's avatar
      tcp: ensure skb->dev is NULL before leaving TCP stack · b738a185
      Eric Dumazet authored
      skb->rbnode is sharing three skb fields : next, prev, dev
      
      When a packet is sent, TCP keeps the original skb (master)
      in a rtx queue, which was converted to rbtree a while back.
      
      __tcp_transmit_skb() is responsible to clone the master skb,
      and add the TCP header to the clone before sending it
      to network layer.
      
      skb_clone() already clears skb->next and skb->prev, but copies
      the master oskb->dev into the clone.
      
      We need to clear skb->dev, otherwise lower layers could interpret
      the value as a pointer to a netdev.
      
      This old bug surfaced recently when commit 28f8bfd1
      ("netfilter: Support iif matches in POSTROUTING") was merged.
      
      Before this netfilter commit, skb->dev value was ignored and
      changed before reaching dev_queue_xmit()
      
      Fixes: 75c119af ("tcp: implement rb-tree based retransmit queue")
      Fixes: 28f8bfd1 ("netfilter: Support iif matches in POSTROUTING")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarMartin Zaharinov <micron10@gmail.com>
      Cc: Florian Westphal <fw@strlen.de>
      Cc: Pablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b738a185
    • Rahul Lakkireddy's avatar
      cxgb4: fix Txq restart check during backpressure · f1f20a86
      Rahul Lakkireddy authored
      Driver reclaims descriptors in much smaller batches, even if hardware
      indicates more to reclaim, during backpressure. So, fix the check to
      restart the Txq during backpressure, by looking at how many
      descriptors hardware had indicated to reclaim, and not on how many
      descriptors that driver had actually reclaimed. Once the Txq is
      restarted, driver will reclaim even more descriptors when Tx path
      is entered again.
      
      Fixes: d429005f ("cxgb4/cxgb4vf: Add support for SGE doorbell queue timer")
      Signed-off-by: default avatarRahul Lakkireddy <rahul.lakkireddy@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f1f20a86
    • Rahul Lakkireddy's avatar
      cxgb4: fix throughput drop during Tx backpressure · 7affd808
      Rahul Lakkireddy authored
      commit 7c3bebc3 ("cxgb4: request the TX CIDX updates to status page")
      reverted back to getting Tx CIDX updates via DMA, instead of interrupts,
      introduced by commit d429005f ("cxgb4/cxgb4vf: Add support for SGE
      doorbell queue timer")
      
      However, it missed reverting back several code changes where Tx CIDX
      updates are not explicitly requested during backpressure when using
      interrupt mode. These missed changes cause slow recovery during
      backpressure because the corresponding interrupt no longer comes and
      hence results in Tx throughput drop.
      
      So, revert back these missed code changes, as well, which will allow
      explicitly requesting Tx CIDX updates when backpressure happens.
      This enables the corresponding interrupt with Tx CIDX update message
      to get generated and hence speed up recovery and restore back
      throughput.
      
      Fixes: 7c3bebc3 ("cxgb4: request the TX CIDX updates to status page")
      Fixes: d429005f ("cxgb4/cxgb4vf: Add support for SGE doorbell queue timer")
      Signed-off-by: default avatarRahul Lakkireddy <rahul.lakkireddy@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7affd808
    • René van Dorst's avatar
      net: dsa: mt7530: Change the LINK bit to reflect the link status · 22259471
      René van Dorst authored
      Andrew reported:
      
      After a number of network port link up/down changes, sometimes the switch
      port gets stuck in a state where it thinks it is still transmitting packets
      but the cpu port is not actually transmitting anymore. In this state you
      will see a message on the console
      "mtk_soc_eth 1e100000.ethernet eth0: transmit timed out" and the Tx counter
      in ifconfig will be incrementing on virtual port, but not incrementing on
      cpu port.
      
      The issue is that MAC TX/RX status has no impact on the link status or
      queue manager of the switch. So the queue manager just queues up packets
      of a disabled port and sends out pause frames when the queue is full.
      
      Change the LINK bit to reflect the link status.
      
      Fixes: b8f126a8 ("net-next: dsa: add dsa support for Mediatek MT7530 switch")
      Reported-by: default avatarAndrew Smith <andrew.smith@digi.com>
      Signed-off-by: default avatarRené van Dorst <opensource@vdorst.com>
      Reviewed-by: default avatarVivien Didelot <vivien.didelot@gmail.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      22259471
    • David S. Miller's avatar
      Merge tag 'rxrpc-fixes-20200319' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs · 3ac9eb42
      David S. Miller authored
      David Howells says:
      
      ====================
      rxrpc, afs: Interruptibility fixes
      
      Here are a number of fixes for AF_RXRPC and AFS that make AFS system calls
      less interruptible and so less likely to leave the filesystem in an
      uncertain state.  There's also a miscellaneous patch to make tracing
      consistent.
      
       (1) Firstly, abstract out the Tx space calculation in sendmsg.  Much the
           same code is replicated in a number of places that subsequent patches
           are going to alter, including adding another copy.
      
       (2) Fix Tx interruptibility by allowing a kernel service, such as AFS, to
           request that a call be interruptible only when waiting for a call slot
           to become available (ie. the call has not taken place yet) or that a
           call be not interruptible at all (e.g. when we want to do writeback
           and don't want a signal interrupting a VM-induced writeback).
      
       (3) Increase the minimum delay on MSG_WAITALL for userspace sendmsg() when
           waiting for Tx buffer space as a 2*RTT delay is really small over 10G
           ethernet and a 1 jiffy timeout might be essentially 0 if at the end of
           the jiffy period.
      
       (4) Fix some tracing output in AFS to make it consistent with rxrpc.
      
       (5) Make sure aborted asynchronous AFS operations are tidied up properly
           so we don't end up with stuck rxrpc calls.
      
       (6) Make AFS client calls uninterruptible in the Rx phase.  If we don't
           wait for the reply to be fully gathered, we can't update the local VFS
           state and we end up in an indeterminate state with respect to the
           server.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3ac9eb42
    • Ido Schimmel's avatar
      mlxsw: pci: Only issue reset when system is ready · 6002059d
      Ido Schimmel authored
      During initialization the driver issues a software reset command and
      then waits for the system status to change back to "ready" state.
      
      However, before issuing the reset command the driver does not check that
      the system is actually in "ready" state. On Spectrum-{1,2} systems this
      was always the case as the hardware initialization time is very short.
      On Spectrum-3 systems this is no longer the case. This results in the
      software reset command timing-out and the driver failing to load:
      
      [ 6.347591] mlxsw_spectrum3 0000:06:00.0: Cmd exec timed-out (opcode=40(ACCESS_REG),opcode_mod=0,in_mod=0)
      [ 6.358382] mlxsw_spectrum3 0000:06:00.0: Reg cmd access failed (reg_id=9023(mrsr),type=write)
      [ 6.368028] mlxsw_spectrum3 0000:06:00.0: cannot register bus device
      [ 6.375274] mlxsw_spectrum3: probe of 0000:06:00.0 failed with error -110
      
      Fix this by waiting for the system to become ready both before issuing
      the reset command and afterwards. In case of failure, print the last
      system status to aid in debugging.
      
      Fixes: da382875 ("mlxsw: spectrum: Extend to support Spectrum-3 ASIC")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6002059d
  6. 19 Mar, 2020 9 commits
    • Edward Cree's avatar
      netfilter: flowtable: populate addr_type mask · 15ff1972
      Edward Cree authored
      nf_flow_rule_match() sets control.addr_type in key, so needs to also set
       the corresponding mask.  An exact match is wanted, so mask is all ones.
      
      Fixes: c29f74e0 ("netfilter: nf_flow_table: hardware offload support")
      Signed-off-by: default avatarEdward Cree <ecree@solarflare.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      15ff1972
    • Paul Blakey's avatar
      netfilter: flowtable: Fix flushing of offloaded flows on free · c921ffe8
      Paul Blakey authored
      Freeing a flowtable with offloaded flows, the flow are deleted from
      hardware but are not deleted from the flow table, leaking them,
      and leaving their offload bit on.
      
      Add a second pass of the disabled gc to delete the these flows from
      the flow table before freeing it.
      
      Fixes: c29f74e0 ("netfilter: nf_flow_table: hardware offload support")
      Signed-off-by: default avatarPaul Blakey <paulb@mellanox.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      c921ffe8
    • Haishuang Yan's avatar
      netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6} · 41e9ec5a
      Haishuang Yan authored
      Since pskb_may_pull may change skb->data, so we need to reload ip{v6}h at
      the right place.
      
      Fixes: a908fdec ("netfilter: nf_flow_table: move ipv6 offload hook code to nf_flow_table")
      Fixes: 7d208687 ("netfilter: nf_flow_table: move ipv4 offload hook code to nf_flow_table")
      Signed-off-by: default avatarHaishuang Yan <yanhaishuang@cmss.chinamobile.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      41e9ec5a
    • Haishuang Yan's avatar
      netfilter: flowtable: reload ip{v6}h in nf_flow_nat_ip{v6} · 61abaf02
      Haishuang Yan authored
      Since nf_flow_snat_port and nf_flow_snat_ip{v6} call pskb_may_pull()
      which may change skb->data, so we need to reload ip{v6}h at the right
      place.
      
      Fixes: a908fdec ("netfilter: nf_flow_table: move ipv6 offload hook code to nf_flow_table")
      Fixes: 7d208687 ("netfilter: nf_flow_table: move ipv4 offload hook code to nf_flow_table")
      Signed-off-by: default avatarHaishuang Yan <yanhaishuang@cmss.chinamobile.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      61abaf02
    • David S. Miller's avatar
      Merge branch 'wireguard-fixes' · 3c025b63
      David S. Miller authored
      Jason A. Donenfeld says:
      
      ====================
      wireguard fixes for 5.6-rc7
      
      I originally intended to spend this cycle working on fun optimizations
      and architecture for WireGuard for 5.7, but I've been a bit neurotic
      about having 5.6 ship without any show stopper bugs. WireGuard has been
      stable for a long time now, but that doesn't make me any less nervous
      about the real deal in 5.6. To that end, I've been doing code reviews
      and having discussions, and we also had a security firm audit the code.
      That audit didn't turn up any vulnerabilities, but they did make a good
      defense-in-depth suggestion. This series contains:
      
      1) Removal of a duplicated header, from YueHaibing.
      2) Testing with 64-bit time in our test suite.
      3) Account for skb->protocol==0 due to AF_PACKET sockets, suggested
         by Florian Fainelli.
      4) Clean up some code in an unreachable switch/case branch, suggested
         by Florian Fainelli.
      5) Better handling of low-order points, discussed with Mathias
         Hall-Andersen.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3c025b63
    • Jason A. Donenfeld's avatar
      wireguard: noise: error out precomputed DH during handshake rather than config · 11a7686a
      Jason A. Donenfeld authored
      We precompute the static-static ECDH during configuration time, in order
      to save an expensive computation later when receiving network packets.
      However, not all ECDH computations yield a contributory result. Prior,
      we were just not letting those peers be added to the interface. However,
      this creates a strange inconsistency, since it was still possible to add
      other weird points, like a valid public key plus a low-order point, and,
      like points that result in zeros, a handshake would not complete. In
      order to make the behavior more uniform and less surprising, simply
      allow all peers to be added. Then, we'll error out later when doing the
      crypto if there's an issue. This also adds more separation between the
      crypto layer and the configuration layer.
      
      Discussed-with: Mathias Hall-Andersen <mathias@hall-andersen.dk>
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      11a7686a
    • Jason A. Donenfeld's avatar
      wireguard: receive: remove dead code from default packet type case · 2b8765c5
      Jason A. Donenfeld authored
      The situation in which we wind up hitting the default case here
      indicates a major bug in earlier parsing code. It is not a usual thing
      that should ever happen, which means a "friendly" message for it doesn't
      make sense. Rather, replace this with a WARN_ON, just like we do earlier
      in the file for a similar situation, so that somebody sends us a bug
      report and we can fix it.
      Reported-by: default avatarFabian Freyer <fabianfreyer@radicallyopensecurity.com>
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2b8765c5
    • Jason A. Donenfeld's avatar
      wireguard: queueing: account for skb->protocol==0 · a5588604
      Jason A. Donenfeld authored
      We carry out checks to the effect of:
      
        if (skb->protocol != wg_examine_packet_protocol(skb))
          goto err;
      
      By having wg_skb_examine_untrusted_ip_hdr return 0 on failure, this
      means that the check above still passes in the case where skb->protocol
      is zero, which is possible to hit with AF_PACKET:
      
        struct sockaddr_pkt saddr = { .spkt_device = "wg0" };
        unsigned char buffer[5] = { 0 };
        sendto(socket(AF_PACKET, SOCK_PACKET, /* skb->protocol = */ 0),
               buffer, sizeof(buffer), 0, (const struct sockaddr *)&saddr, sizeof(saddr));
      
      Additional checks mean that this isn't actually a problem in the code
      base, but I could imagine it becoming a problem later if the function is
      used more liberally.
      
      I would prefer to fix this by having wg_examine_packet_protocol return a
      32-bit ~0 value on failure, which will never match any value of
      skb->protocol, which would simply change the generated code from a mov
      to a movzx. However, sparse complains, and adding __force casts doesn't
      seem like a good idea, so instead we just add a simple helper function
      to check for the zero return value. Since wg_examine_packet_protocol
      itself gets inlined, this winds up not adding an additional branch to
      the generated code, since the 0 return value already happens in a
      mergable branch.
      Reported-by: default avatarFabian Freyer <fabianfreyer@radicallyopensecurity.com>
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a5588604
    • Jason A. Donenfeld's avatar
      wireguard: selftests: test using new 64-bit time_t · 551599ed
      Jason A. Donenfeld authored
      In case this helps expose bugs with the newer 64-bit time_t types, we do
      our testing with the newer musl that supports this as well as
      CONFIG_COMPAT_32BIT_TIME=n. This matters to us, since wireguard does in
      fact deal with timestamps.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      551599ed