1. 25 Mar, 2020 7 commits
    • Pablo Neira Ayuso's avatar
      net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build · 2c64605b
      Pablo Neira Ayuso authored
      net/netfilter/nft_fwd_netdev.c: In function ‘nft_fwd_netdev_eval’:
          net/netfilter/nft_fwd_netdev.c:32:10: error: ‘struct sk_buff’ has no member named ‘tc_redirected’
            pkt->skb->tc_redirected = 1;
                    ^~
          net/netfilter/nft_fwd_netdev.c:33:10: error: ‘struct sk_buff’ has no member named ‘tc_from_ingress’
            pkt->skb->tc_from_ingress = 1;
                    ^~
      
      To avoid a direct dependency with tc actions from netfilter, wrap the
      redirect bits around CONFIG_NET_REDIRECT and move helpers to
      include/linux/skbuff.h. Turn on this toggle from the ifb driver, the
      only existing client of these bits in the tree.
      
      This patch adds skb_set_redirected() that sets on the redirected bit
      on the skbuff, it specifies if the packet was redirect from ingress
      and resets the timestamp (timestamp reset was originally missing in the
      netfilter bugfix).
      
      Fixes: bcfabee1 ("netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress")
      Reported-by: noreply@ellerman.id.au
      Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2c64605b
    • Guilherme G. Piccoli's avatar
      net: ena: Add PCI shutdown handler to allow safe kexec · 428c4913
      Guilherme G. Piccoli authored
      Currently ENA only provides the PCI remove() handler, used during rmmod
      for example. This is not called on shutdown/kexec path; we are potentially
      creating a failure scenario on kexec:
      
      (a) Kexec is triggered, no shutdown() / remove() handler is called for ENA;
      instead pci_device_shutdown() clears the master bit of the PCI device,
      stopping all DMA transactions;
      
      (b) Kexec reboot happens and the device gets enabled again, likely having
      its FW with that DMA transaction buffered; then it may trigger the (now
      invalid) memory operation in the new kernel, corrupting kernel memory area.
      
      This patch aims to prevent this, by implementing a shutdown() handler
      quite similar to the remove() one - the difference being the handling
      of the netdev, which is unregistered on remove(), but following the
      convention observed in other drivers, it's only detached on shutdown().
      
      This prevents an odd issue in AWS Nitro instances, in which after the 2nd
      kexec the next one will fail with an initrd corruption, caused by a wild
      DMA write to invalid kernel memory. The lspci output for the adapter
      present in my instance is:
      
      00:05.0 Ethernet controller [0200]: Amazon.com, Inc. Elastic Network
      Adapter (ENA) [1d0f:ec20]
      Suggested-by: default avatarGavin Shan <gshan@redhat.com>
      Signed-off-by: default avatarGuilherme G. Piccoli <gpiccoli@canonical.com>
      Acked-by: default avatarSameeh Jubran <sameehj@amazon.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      428c4913
    • Hangbin Liu's avatar
      selftests/net/forwarding: define libs as TEST_PROGS_EXTENDED · c085dbfb
      Hangbin Liu authored
      The lib files should not be defined as TEST_PROGS, or we will run them
      in run_kselftest.sh.
      
      Also remove ethtool_lib.sh exec permission.
      
      Fixes: 81573b18 ("selftests/net/forwarding: add Makefile to install tests")
      Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c085dbfb
    • Hangbin Liu's avatar
      selftests/net: add missing tests to Makefile · 919a23e9
      Hangbin Liu authored
      Find some tests are missed in Makefile by running:
      for file in $(ls *.sh); do grep -q $file Makefile || echo $file; done
      Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      919a23e9
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 6f000f98
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for net:
      
      1) A new selftest for nf_queue, from Florian Westphal. This test
         covers two recent fixes: 07f8e4d0 ("tcp: also NULL skb->dev
         when copy was needed") and b738a185 ("tcp: ensure skb->dev is
         NULL before leaving TCP stack").
      
      2) The fwd action breaks with ifb. For safety in next extensions,
         make sure the fwd action only runs from ingress until it is extended
         to be used from a different hook.
      
      3) The pipapo set type now reports EEXIST in case of subrange overlaps.
         Update the rbtree set to validate range overlaps, so far this
         validation is only done only from userspace. From Stefano Brivio.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6f000f98
    • David S. Miller's avatar
      Merge tag 'mlx5-fixes-2020-03-24' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux · 7e566df6
      David S. Miller authored
      Saeed Mahameed says:
      
      ====================
      Mellanox, mlx5 fixes 2020-03-24
      
      This series introduces some fixes to mlx5 driver.
      
      From Aya, Fixes to the RX error recovery flows
      From Leon, Fix IB capability mask
      
      Please pull and let me know if there is any problem.
      
      For -stable v5.5
       ('net/mlx5_core: Set IB capability mask1 to fix ib_srpt connection failure')
      
      For -stable v5.4
       ('net/mlx5e: Fix ICOSQ recovery flow with Striding RQ')
       ('net/mlx5e: Do not recover from a non-fatal syndrome')
       ('net/mlx5e: Fix missing reset of SW metadata in Striding RQ reset')
       ('net/mlx5e: Enhance ICOSQ WQE info fields')
      
      The above patch ('net/mlx5e: Enhance ICOSQ WQE info fields')
      will fail to apply cleanly on v5.4 due to a trivial contextual conflict,
      but it is an important fix, do I need to do something about it or just
      assume Greg will know how to handle this ?
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7e566df6
    • Heiner Kallweit's avatar
      r8169: re-enable MSI on RTL8168c · f13bc681
      Heiner Kallweit authored
      The original change fixed an issue on RTL8168b by mimicking the vendor
      driver behavior to disable MSI on chip versions before RTL8168d.
      This however now caused an issue on a system with RTL8168c, see [0].
      Therefore leave MSI disabled on RTL8168b, but re-enable it on RTL8168c.
      
      [0] https://bugzilla.redhat.com/show_bug.cgi?id=1792839
      
      Fixes: 003bd5b4 ("r8169: don't use MSI before RTL8168d")
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f13bc681
  2. 24 Mar, 2020 31 commits
  3. 23 Mar, 2020 1 commit
    • Eric Dumazet's avatar
      tcp: repair: fix TCP_QUEUE_SEQ implementation · 6cd6cbf5
      Eric Dumazet authored
      When application uses TCP_QUEUE_SEQ socket option to
      change tp->rcv_next, we must also update tp->copied_seq.
      
      Otherwise, stuff relying on tcp_inq() being precise can
      eventually be confused.
      
      For example, tcp_zerocopy_receive() might crash because
      it does not expect tcp_recv_skb() to return NULL.
      
      We could add tests in various places to fix the issue,
      or simply make sure tcp_inq() wont return a random value,
      and leave fast path as it is.
      
      Note that this fixes ioctl(fd, SIOCINQ, &val) at the same
      time.
      
      Fixes: ee995283 ("tcp: Initial repair mode")
      Fixes: 05255b82 ("tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6cd6cbf5
  4. 22 Mar, 2020 1 commit
    • Alan Maguire's avatar
      selftests/net: add definition for SOL_DCCP to fix compilation errors for old libc · 83a9b6f6
      Alan Maguire authored
      Many systems build/test up-to-date kernels with older libcs, and
      an older glibc (2.17) lacks the definition of SOL_DCCP in
      /usr/include/bits/socket.h (it was added in the 4.6 timeframe).
      
      Adding the definition to the test program avoids a compilation
      failure that gets in the way of building tools/testing/selftests/net.
      The test itself will work once the definition is added; either
      skipping due to DCCP not being configured in the kernel under test
      or passing, so there are no other more up-to-date glibc dependencies
      here it seems beyond that missing definition.
      
      Fixes: 11fb60d1 ("selftests: net: reuseport_addr_any: add DCCP")
      Signed-off-by: default avatarAlan Maguire <alan.maguire@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      83a9b6f6