1. 31 Oct, 2016 3 commits
    • Xin Long's avatar
      ipv6: add mtu lock check in __ip6_rt_update_pmtu · 19bda36c
      Xin Long authored
      Prior to this patch, ipv6 didn't do mtu lock check in ip6_update_pmtu.
      It leaded to that mtu lock doesn't really work when receiving the pkt
      of ICMPV6_PKT_TOOBIG.
      
      This patch is to add mtu lock check in __ip6_rt_update_pmtu just as ipv4
      did in __ip_rt_update_pmtu.
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      19bda36c
    • Jakub Sitnicki's avatar
      ipv6: Don't use ufo handling on later transformed packets · f89c56ce
      Jakub Sitnicki authored
      Similar to commit c146066a ("ipv4: Don't use ufo handling on later
      transformed packets"), don't perform UFO on packets that will be IPsec
      transformed. To detect it we rely on the fact that headerlen in
      dst_entry is non-zero only for transformation bundles (xfrm_dst
      objects).
      
      Unwanted segmentation can be observed with a NETIF_F_UFO capable device,
      such as a dummy device:
      
        DEV=dum0 LEN=1493
      
        ip li add $DEV type dummy
        ip addr add fc00::1/64 dev $DEV nodad
        ip link set $DEV up
        ip xfrm policy add dir out src fc00::1 dst fc00::2 \
           tmpl src fc00::1 dst fc00::2 proto esp spi 1
        ip xfrm state add src fc00::1 dst fc00::2 \
           proto esp spi 1 enc 'aes' 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
      
        tcpdump -n -nn -i $DEV -t &
        socat /dev/zero,readbytes=$LEN udp6:[fc00::2]:$LEN
      
      tcpdump output before:
      
        IP6 fc00::1 > fc00::2: frag (0|1448) ESP(spi=0x00000001,seq=0x1), length 1448
        IP6 fc00::1 > fc00::2: frag (1448|48)
        IP6 fc00::1 > fc00::2: ESP(spi=0x00000001,seq=0x2), length 88
      
      ... and after:
      
        IP6 fc00::1 > fc00::2: frag (0|1448) ESP(spi=0x00000001,seq=0x1), length 1448
        IP6 fc00::1 > fc00::2: frag (1448|80)
      
      Fixes: e89e9cf5 ("[IPv4/IPv6]: UFO Scatter-gather approach")
      Signed-off-by: default avatarJakub Sitnicki <jkbs@redhat.com>
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f89c56ce
    • Mark Lord's avatar
      r8152: Fix broken RX checksums. · b9a321b4
      Mark Lord authored
      The r8152 driver has been broken since (approx) 3.16.xx
      when support was added for hardware RX checksums
      on newer chip versions.  Symptoms include random
      segfaults and silent data corruption over NFS.
      
      The hardware checksum logig does not work on the VER_02
      dongles I have here when used with a slow embedded system CPU.
      Google reveals others reporting similar issues on Raspberry Pi.
      
      So, disable hardware RX checksum support for VER_02, and fix
      an obvious coding error for IPV6 checksums in the same function.
      
      Because this bug results in silent data corruption,
      it is a good candidate for back-porting to -stable >= 3.16.xx.
      Signed-off-by: default avatarMark Lord <mlord@pobox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b9a321b4
  2. 30 Oct, 2016 4 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 2a26d99b
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "Lots of fixes, mostly drivers as is usually the case.
      
         1) Don't treat zero DMA address as invalid in vmxnet3, from Alexey
            Khoroshilov.
      
         2) Fix element timeouts in netfilter's nft_dynset, from Anders K.
            Pedersen.
      
         3) Don't put aead_req crypto struct on the stack in mac80211, from
            Ard Biesheuvel.
      
         4) Several uninitialized variable warning fixes from Arnd Bergmann.
      
         5) Fix memory leak in cxgb4, from Colin Ian King.
      
         6) Fix bpf handling of VLAN header push/pop, from Daniel Borkmann.
      
         7) Several VRF semantic fixes from David Ahern.
      
         8) Set skb->protocol properly in ip6_tnl_xmit(), from Eli Cooper.
      
         9) Socket needs to be locked in udp_disconnect(), from Eric Dumazet.
      
        10) Div-by-zero on 32-bit fix in mlx4 driver, from Eugenia Emantayev.
      
        11) Fix stale link state during failover in NCSCI driver, from Gavin
            Shan.
      
        12) Fix netdev lower adjacency list traversal, from Ido Schimmel.
      
        13) Propvide proper handle when emitting notifications of filter
            deletes, from Jamal Hadi Salim.
      
        14) Memory leaks and big-endian issues in rtl8xxxu, from Jes Sorensen.
      
        15) Fix DESYNC_FACTOR handling in ipv6, from Jiri Bohac.
      
        16) Several routing offload fixes in mlxsw driver, from Jiri Pirko.
      
        17) Fix broadcast sync problem in TIPC, from Jon Paul Maloy.
      
        18) Validate chunk len before using it in SCTP, from Marcelo Ricardo
            Leitner.
      
        19) Revert a netns locking change that causes regressions, from Paul
            Moore.
      
        20) Add recursion limit to GRO handling, from Sabrina Dubroca.
      
        21) GFP_KERNEL in irq context fix in ibmvnic, from Thomas Falcon.
      
        22) Avoid accessing stale vxlan/geneve socket in data path, from
            Pravin Shelar"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (189 commits)
        geneve: avoid using stale geneve socket.
        vxlan: avoid using stale vxlan socket.
        qede: Fix out-of-bound fastpath memory access
        net: phy: dp83848: add dp83822 PHY support
        enic: fix rq disable
        tipc: fix broadcast link synchronization problem
        ibmvnic: Fix missing brackets in init_sub_crq_irqs
        ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context
        Revert "ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context"
        arch/powerpc: Update parameters for csum_tcpudp_magic & csum_tcpudp_nofold
        net/mlx4_en: Save slave ethtool stats command
        net/mlx4_en: Fix potential deadlock in port statistics flow
        net/mlx4: Fix firmware command timeout during interrupt test
        net/mlx4_core: Do not access comm channel if it has not yet been initialized
        net/mlx4_en: Fix panic during reboot
        net/mlx4_en: Process all completions in RX rings after port goes up
        net/mlx4_en: Resolve dividing by zero in 32-bit system
        net/mlx4_core: Change the default value of enable_qos
        net/mlx4_core: Avoid setting ports to auto when only one port type is supported
        net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec
        ...
      2a26d99b
    • pravin shelar's avatar
      geneve: avoid using stale geneve socket. · fceb9c3e
      pravin shelar authored
      This patch is similar to earlier vxlan patch.
      Geneve device close operation frees geneve socket. This
      operation can race with geneve-xmit function which
      dereferences geneve socket. Following patch uses RCU
      mechanism to avoid this situation.
      Signed-off-by: default avatarPravin B Shelar <pshelar@ovn.org>
      Acked-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fceb9c3e
    • pravin shelar's avatar
      vxlan: avoid using stale vxlan socket. · c6fcc4fc
      pravin shelar authored
      When vxlan device is closed vxlan socket is freed. This
      operation can race with vxlan-xmit function which
      dereferences vxlan socket. Following patch uses RCU
      mechanism to avoid this situation.
      Signed-off-by: default avatarPravin B Shelar <pshelar@ovn.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c6fcc4fc
    • Mintz, Yuval's avatar
      qede: Fix out-of-bound fastpath memory access · 087892d2
      Mintz, Yuval authored
      Driver allocates a shadow array for transmitted SKBs with X entries;
      That means valid indices are {0,...,X - 1}. [X == 8191]
      Problem is the driver also uses X as a mask for a
      producer/consumer in order to choose the right entry in the
      array which allows access to entry X which is out of bounds.
      
      To fix this, simply allocate X + 1 entries in the shadow array.
      Signed-off-by: default avatarYuval Mintz <Yuval.Mintz@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      087892d2
  3. 29 Oct, 2016 33 commits