- 25 May, 2019 4 commits
-
-
Biao Huang authored
The specific clk_csr value can be zero, and stmmac_clk is necessary for MDC clock which can be set dynamically. So, change the condition from plat->clk_csr to plat->stmmac_clk to fix clk_csr can't be zero issue. Fixes: cd7201f4 ("stmmac: MDC clock dynamically based on the csr clock input") Signed-off-by:
Biao Huang <biao.huang@mediatek.com> Acked-by:
Alexandre TORGUE <alexandre.torgue@st.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Biao Huang authored
Currently we will not update the receive descriptor tail pointer in stmmac_rx_refill. Rx dma will think no available descriptors and stop once received packets exceed DMA_RX_SIZE, so that the rx only test will fail. Update the receive tail pointer in stmmac_rx_refill to add more descriptors to the rx channel, so packets can be received continually Fixes: 54139cf3 ("net: stmmac: adding multiple buffers for rx") Signed-off-by:
-
Gen Zhang authored
In function ip_ra_control(), the pointer new_ra is allocated a memory space via kmalloc(). And it is used in the following codes. However, when there is a memory allocation error, kmalloc() fails. Thus null pointer dereference may happen. And it will cause the kernel to crash. Therefore, we should check the return value and handle the error. Signed-off-by:
Gen Zhang <blackgod016574@gmail.com> Signed-off-by:
-
Gen Zhang authored
In function ip6_ra_control(), the pointer new_ra is allocated a memory space via kmalloc(). And it is used in the following codes. However, when there is a memory allocation error, kmalloc() fails. Thus null pointer dereference may happen. And it will cause the kernel to crash. Therefore, we should check the return value and handle the error. Signed-off-by:
-
- 24 May, 2019 3 commits
-
-
Vlad Buslov authored
Function tcf_action_dump() relies on tc_action->order field when starting nested nla to send action data to userspace. This approach breaks in several cases: - When multiple filters point to same shared action, tc_action->order field is overwritten each time it is attached to filter. This causes filter dump to output action with incorrect attribute for all filters that have the action in different position (different order) from the last set tc_action->order value. - When action data is displayed using tc action API (RTM_GETACTION), action order is overwritten by tca_action_gd() according to its position in resulting array of nl attributes, which will break filter dump for all filters attached to that shared action that expect it to have different order value. Don't rely on tc_action->order when dumping actions. Set nla according to action position in resulting array of actions instead. Signed-off-by:
Vlad Buslov <vladbu@mellanox.com> Acked-by:
Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by:
-
Vishal Kulkarni authored
This reverts commit 2391b003 which has introduced regression. Now SGE's BAR2 Doorbell/GTS Page Size is interpreted correctly in the firmware itself by using actual host page size. Hence previous commit needs to be reverted. Signed-off-by:
Vishal Kulkarni <vishal@chelsio.com> Signed-off-by:
-
Andy Duan authored
Fix the clk mismatch in the error path "failed_reset" because below error path will disable clk_ahb and clk_ipg directly, it should use pm_runtime_put_noidle() instead of pm_runtime_put() to avoid to call runtime resume callback. Reported-by:
Baruch Siach <baruch@tkos.co.il> Signed-off-by:
Fugang Duan <fugang.duan@nxp.com> Tested-by:
-
- 23 May, 2019 15 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nfDavid S. Miller authored
Pablo Neira Ayuso says: ==================== Netfilter/IPVS fixes for net The following patchset contains Netfilter/IPVS fixes for your net tree: 1) Fix crash when dumping rules after conversion to RCU, from Florian Westphal. 2) Fix incorrect hook reinjection from nf_queue in case NF_REPEAT, from Jagdish Motwani. 3) Fix check for route existence in fib extension, from Phil Sutter. 4) Fix use after free in ip_vs_in() hook, from YueHaibing. 5) Check for veth existence from netfilter selftests, from Jeffrin Jose T. 6) Checksum corruption in UDP NAT helpers due to typo, from Florian Westphal. 7) Pass up packets to classic forwarding path regardless of IPv4 DF bit, patch for the flowtable infrastructure from Florian. 8) Set liberal TCP tracking for flows that are placed in the flowtable, in case they need to go back to classic forwarding path, also from Florian. 9) Don't add flow with sequence adjustment to flowtable, from Florian. 10) Skip IPv4 options from IPv6 datapath in flowtable, from Florian. 11) Add selftest for the flowtable infrastructure, from Florian. ==================== Signed-off-by: -
Raju Rangoju authored
VLAN flows never get offloaded unless ivlan_vld is set in filter spec. It's not compulsory for vlan_ethtype to be set. So, always enable ivlan_vld bit for offloading VLAN flows regardless of vlan_ethtype is set or not. Fixes: ad9af3e0 (cxgb4: add tc flower match support for vlan) Signed-off-by:
Raju Rangoju <rajur@chelsio.com> Signed-off-by:
-
Andreas Oetken authored
Don't prune the master node in the hsr_prune_nodes function. Neither time_in[HSR_PT_SLAVE_A] nor time_in[HSR_PT_SLAVE_B] will ever be updated by hsr_register_frame_in for the master port. Thus, the master node will be repeatedly pruned leading to repeated packet loss. This bug never appeared because the hsr_prune_nodes function was only called once. Since commit 5150b45f ("net: hsr: Fix node prune function for forget time expiry") this issue is fixed unveiling the issue described above. Fixes: 5150b45f ("net: hsr: Fix node prune function for forget time expiry") Signed-off-by:
Andreas Oetken <andreas.oetken@siemens.com> Tested-by:
Murali Karicheri <m-karicheri2@ti.com> Signed-off-by:
-
Maxime Chevallier authored
The flow_rule is only used when configuring the classification tables, and should be free'd once we're done using it. The current code only frees it in the error path. Fixes: 90b509b3 ("net: mvpp2: cls: Add Classification offload support") Signed-off-by:
Maxime Chevallier <maxime.chevallier@bootlin.com> Signed-off-by:
-
Eric Dumazet authored
ip_sf_list_clear_all() needs to be defined even if !CONFIG_IP_MULTICAST Fixes: 3580d04a ("ipv4/igmp: fix another memory leak in igmpv3_del_delrec()") Signed-off-by:
Eric Dumazet <edumazet@google.com> Reported-by:
kbuild test robot <lkp@intel.com> Signed-off-by:
-
Eric Dumazet authored
syzbot reported memory leaks [1] that I have back tracked to a missing cleanup from igmpv3_del_delrec() when (im->sfmode != MCAST_INCLUDE) Add ip_sf_list_clear_all() and kfree_pmc() helpers to explicitely handle the cleanups before freeing. [1] BUG: memory leak unreferenced object 0xffff888123e32b00 (size 64): comm "softirq", pid 0, jiffies 4294942968 (age 8.010s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 e0 00 00 01 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006105011b>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline] [<000000006105011b>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006105011b>] slab_alloc mm/slab.c:3326 [inline] [<000000006105011b>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553 [<000000004bba8073>] kmalloc include/linux/slab.h:547 [inline] [<000000004bba8073>] kzalloc include/linux/slab.h:742 [inline] [<000000004bba8073>] ip_mc_add1_src net/ipv4/igmp.c:1961 [inline] [<000000004bba8073>] ip_mc_add_src+0x36b/0x400 net/ipv4/igmp.c:2085 [<00000000a46a65a0>] ip_mc_msfilter+0x22d/0x310 net/ipv4/igmp.c:2475 [<000000005956ca89>] do_ip_setsockopt.isra.0+0x1795/0x1930 net/ipv4/ip_sockglue.c:957 [<00000000848e2d2f>] ip_setsockopt+0x3b/0xb0 net/ipv4/ip_sockglue.c:1246 [<00000000b9db185c>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2616 [<000000003028e438>] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3130 [<0000000015b65589>] __sys_setsockopt+0x98/0x120 net/socket.c:2078 [<00000000ac198ef0>] __do_sys_setsockopt net/socket.c:2089 [inline] [<00000000ac198ef0>] __se_sys_setsockopt net/socket.c:2086 [inline] [<00000000ac198ef0>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2086 [<000000000a770437>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<00000000d3adb93b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: 9c8bb163 ("igmp, mld: Fix memory leak in igmpv3/mld_del_delrec()") Signed-off-by:syzbot <syzkaller@googlegroups.com> Signed-off-by:
-
David S. Miller authored
Michael Chan says: =================== bnxt_en: Bug fixes. There are 4 driver fixes in this series: 1. Fix RX buffer leak during OOM condition. 2. Call pci_disable_msix() under correct conditions to prevent hitting BUG. 3. Reduce unneeded mmeory allocation in kdump kernel to prevent OOM. 4. Don't read device serial number on VFs because it is not supported. Please queue #1, #2, #3 for -stable as well. Thanks. =================== Signed-off-by: -
Vasundhara Volam authored
Don't read DSN on VFs that do not have the PCI capability. Fixes: 03213a99 ("bnxt: move bp->switch_id initialization to PF probe") Signed-off-by:
Vasundhara Volam <vasundhara-v.volam@broadcom.com> Signed-off-by:
Michael Chan <michael.chan@broadcom.com> Signed-off-by:
-
Michael Chan authored
Skip RDMA context memory allocations, reduce to 1 ring, and disable TPA when running in the kdump kernel. Without this patch, the driver fails to initialize with memory allocation errors when running in a typical kdump kernel. Fixes: cf6daed0 ("bnxt_en: Increase context memory allocations on 57500 chips for RDMA.") Signed-off-by:
-
Michael Chan authored
When making configuration changes, the driver calls bnxt_close_nic() and then bnxt_open_nic() for the changes to take effect. A parameter irq_re_init is passed to the call sequence to indicate if IRQ should be re-initialized. This irq_re_init parameter needs to be included in the bnxt_reserve_rings() call. bnxt_reserve_rings() can only call pci_disable_msix() if the irq_re_init parameter is true, otherwise it may hit BUG() because some IRQs may not have been freed yet. Fixes: 41e8d798 ("bnxt_en: Modify the ring reservation functions for 57500 series chips.") Signed-off-by:
-
Michael Chan authored
For every RX packet, the driver replenishes all buffers used for that packet and puts them back into the RX ring and RX aggregation ring. In one code path where the RX packet has one RX buffer and one or more aggregation buffers, we missed recycling the aggregation buffer(s) if we are unable to allocate a new SKB buffer. This leads to the aggregation ring slowly running out of buffers over time. Fix it by properly recycling the aggregation buffers. Fixes: c0c050c5 ("bnxt_en: New Broadcom ethernet driver.") Reported-by:
Rakesh Hemnani <rhemnani@fb.com> Signed-off-by:
-
David Ahern authored
IPv6 redirect is broken for VRF. __ip6_route_redirect walks the FIB entries looking for an exact match on ifindex. With VRF the flowi6_oif is updated by l3mdev_update_flow to the l3mdev index and the FLOWI_FLAG_SKIP_NH_OIF set in the flags to tell the lookup to skip the device match. For redirects the device match is requires so use that flag to know when the oif needs to be reset to the skb device index. Fixes: ca254490 ("net: Add VRF support to IPv6 stack") Signed-off-by:
David Ahern <dsahern@gmail.com> Signed-off-by:
-
Jisheng Zhang authored
Commit 984203ce ("net: stmmac: mdio: remove reset gpio free") removed the reset gpio free, when the driver is unbinded or rmmod, we miss the gpio free. This patch uses managed API to request the reset gpio, so that the gpio could be freed properly. Fixes: 984203ce ("net: stmmac: mdio: remove reset gpio free") Signed-off-by:
Jisheng Zhang <Jisheng.Zhang@synaptics.com> Signed-off-by:
-
Dan Carpenter authored
The user can change the device_name with the IMSETDEVNAME ioctl, but we need to ensure that the user's name is NUL terminated. Otherwise it could result in a buffer overflow when we copy the name back to the user with IMGETDEVINFO ioctl. I also changed two strcpy() calls which handle the name to strscpy(). Hopefully, there aren't any other ways to create a too long name, but it's nice to do this as a kernel hardening measure. Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
Claudiu Beznea authored
SAMA5D2 SoC has a suspend mode where SoC's power is cut off. Due to this the registers content is lost after a suspend/resume cycle. The current suspend/resume implementation covers some of these registers. However there are few which were not treated (e.g. SCRT2 and USRIO). Apart from this, netdev features are not restored. Treat these issues. Signed-off-by:
Claudiu Beznea <claudiu.beznea@microchip.com> Signed-off-by:
-
- 22 May, 2019 18 commits
-
-
David S. Miller authored
Jakub Kicinski says: ==================== net/tls: fix device surprise removal with offload This series fixes two issues with device surprise removal. First we need to take a read lock around resync, otherwise netdev notifier handler may clear the structures from under our feet. Secondly we need to be careful about the interpretation of device features. Offload has to be properly cleaned up even if the TLS device features got cleared after connection state was installed. ==================== Signed-off-by: -
Jakub Kicinski authored
On device surprise removal path (the notifier) we can't bail just because the features are disabled. They may have been enabled during the lifetime of the device. This bug leads to leaking netdev references and use-after-frees if there are active connections while device features are cleared. Fixes: e8f69799 ("net/tls: Add generic NIC offload infrastructure") Signed-off-by:
Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by:
Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by:
-
Jakub Kicinski authored
TLS offload drivers shouldn't (and currently don't) block the TLS offload feature changes based on whether there are active offloaded connections or not. This seems to be a good idea, because we want the admin to be able to disable the TLS offload at any time, and there is no clean way of disabling it for active connections (TX side is quite problematic). So if features are cleared existing connections will stay offloaded until they close, and new connections will not attempt offload to a given device. However, the offload state removal handling is currently broken if feature flags get cleared while there are active TLS offloads. RX side will completely bail from cleanup, even on normal remove path, leaving device state dangling, potentially causing issues when the 5-tuple is reused. It will also fail to release the netdev reference. Remove the RX-side warning message, in next release cycle it should be printed when features are disabled, rather than when connection dies, but for that we need a more efficient method of finding connection of a given netdev (a'la BPF offload code). Fixes: 4799ac81 ("tls: Add rx inline crypto offload") Signed-off-by:
-
Jakub Kicinski authored
When netdev with active kTLS sockets in unregistered notifier callback walks the offloaded sockets and cleans up offload state. RX data may still be processed, however, and if resync was requested prior to device removal we would hit a NULL pointer dereference on ctx->netdev use. Make sure resync is under the device offload lock and NULL-check the netdev pointer. This should be safe, because the pointer is set to NULL either in the netdev notifier (under said lock) or when socket is completely dead and no resync can happen. The other access to ctx->netdev in tls_validate_xmit_skb() does not dereference the pointer, it just checks it against other device pointer, so it should be pretty safe (perhaps we can add a READ_ONCE/WRITE_ONCE there, if paranoid). Fixes: 4799ac81 ("tls: Add rx inline crypto offload") Signed-off-by:
-
David S. Miller authored
Jakub Kicinski says: ==================== Documentation: tls: add offload documentation This set adds documentation for TLS offload. It starts by making the networking documentation a little easier to navigate by hiding driver docs a little deeper. It then RSTifys the existing Kernel TLS documentation. Last but not least TLS offload documentation is added. This should help vendors navigate the TLS offload, and help ensure different implementations stay aligned from user perspective. v2: - address Alexei's and Boris'es commands on patch 3. ==================== Signed-off-by: -
Jakub Kicinski authored
Describe existing kernel TLS offload (added back in Linux 4.19) - the mechanism, the expected behavior and the notable corner cases. This documentation is mostly targeting hardware vendors who want to implement offload, to ensure consistency between implementations. v2: - add emphasis around TLS_SW/TLS_HW/TLS_HW_RECORD; - remove mentions of ongoing work (Boris); - split the flow of data in SW vs. HW cases in TX overview (Boris); - call out which fields are updated by the device and which are filled by the stack (Boris); - move error handling into it's own section (Boris); - add more words about fallback (Boris); - note that checksum validation is required (Alexei); - note that drivers shouldn't pay attention to the TLS device features. Signed-off-by:
Dave Watson <davejwatson@fb.com> Acked-by:
Alexei Starovoitov <ast@kernel.org> Acked-by:
Boris Pismenny <borisp@mellanox.com> Signed-off-by:
-
Jakub Kicinski authored
Convert the TLS doc to RST. Use C code blocks for the code samples, and mark hyperlinks. Signed-off-by:
-
Jakub Kicinski authored
Some of the device drivers have really long document titles making the networking table of contents hard to look through. Place vendor drivers under a submenu. Signed-off-by:
-
Dan Carpenter authored
We used a script to indent this code back in 2012, but I guess it got confused by the ifdefs and added some extra tabs. This patch removes them. Signed-off-by:
-
Claudiu Manoil authored
Doing kmalloc in atomic context is always an issue, more so for a list that can grow significantly. Turns out that the driver only uses the duplicated list of multicast mac addresses to keep track of what addresses to delete from h/w before committing the new list from kernel to h/w back again via set_rx_mode, every time this list gets updated by the kernel. Given that the h/w knows how to add and delete mac addresses based on the mac address value alone, __dev_mc_sync should be the much better choice of kernel API for these operations avoiding the considerable overhead of maintaining a duplicated list in the driver. Signed-off-by:
Claudiu Manoil <claudiu.manoil@nxp.com> Tested-by:
Alexandre Belloni <alexandre.belloni@bootlin.com> Acked-by:
-
Maxim Mikityanskiy authored
inet6_set_link_af requires that at least one of IFLA_INET6_TOKEN or IFLA_INET6_ADDR_GET_MODE is passed. If none of them is passed, it returns -EINVAL, which may cause do_setlink() to fail in the middle of processing other commands and give the following warning message: A link change request failed with some changes committed already. Interface eth0 may have been left with an inconsistent configuration, please check. Check the presence of at least one of them in inet6_validate_link_af to detect invalid parameters at an early stage, before do_setlink does anything. Also validate the address generation mode at an early stage. Signed-off-by:
Maxim Mikityanskiy <maximmi@mellanox.com> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linuxLinus Torvalds authored
Pull arm64 fixes from Will Deacon: - Fix SPE probe failure when backing auxbuf with high-order pages - Fix handling of DMA allocations from outside of the vmalloc area - Fix generation of build-id ELF section for vDSO object - Disable huge I/O mappings if kernel page table dumping is enabled - A few other minor fixes (comments, kconfig etc) * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: vdso: Explicitly add build-id option arm64/mm: Inhibit huge-vmap with ptdump arm64: Print physical address of page table base in show_pte() arm64: don't trash config with compat symbol if COMPAT is disabled arm64: assembler: Update comment above cond_yield_neon() macro drivers/perf: arm_spe: Don't error on high-order pages for aux buf arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable
-
git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2Linus Torvalds authored
Pull gfs2 fix from Andreas Gruenbacher: "Fix a gfs2 sign extension bug introduced in v4.3" * tag 'gfs2-5.1.fixes2' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: gfs2: Fix sign extension bug in gfs2_update_stats
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Clear up some recent tipc regressions because of registration ordering. Fix from Junwei Hu. 2) tipc's TLV_SET() can read past the end of the supplied buffer during the copy. From Chris Packham. 3) ptp example program doesn't match the kernel, from Richard Cochran. 4) Outgoing message type fix in qrtr, from Bjorn Andersson. 5) Flow control regression in stmmac, from Tan Tee Min. 6) Fix inband autonegotiation in phylink, from Russell King. 7) Fix sk_bound_dev_if handling in rawv6_bind(), from Mike Manning. 8) Fix usbnet crash after disconnect, from Kloetzke Jan. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (21 commits) usbnet: fix kernel crash after disconnect selftests: fib_rule_tests: use pre-defined DEV_ADDR net-next: net: Fix typos in ip-sysctl.txt ipv6: Consider sk_bound_dev_if when binding a raw socket to an address net: phylink: ensure inband AN works correctly usbnet: ipheth: fix racing condition net: stmmac: dma channel control register need to be init first net: stmmac: fix ethtool flow control not able to get/set net: qrtr: Fix message type of outgoing packets networking: : fix typos in code comments ptp: Fix example program to match kernel. fddi: fix typos in code comments selftests: fib_rule_tests: enable forwarding before ipv4 from/iif test selftests: fib_rule_tests: fix local IPv4 address typo tipc: Avoid copying bytes beyond the supplied data 2/2] net: xilinx_emaclite: use readx_poll_timeout() in mdio wait function 1/2] net: axienet: use readx_poll_timeout() in mdio wait function vlan: Mark expected switch fall-through macvlan: Mark expected switch fall-through net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query ... -
Linus Torvalds authored
Merge tag 'for-5.2/dm-fix-1' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fix from Mike Snitzer: "Fix a particularly glaring oversight in a DM core commit from 5.1 that doesn't properly trim special IOs (e.g. discards) relative to corresponding target's max_io_len_target_boundary()" * tag 'for-5.2/dm-fix-1' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm: make sure to obey max_io_len_target_boundary
-
Andreas Gruenbacher authored
Commit 4d207133 changed the types of the statistic values in struct gfs2_lkstats from s64 to u64. Because of that, what should be a signed value in gfs2_update_stats turned into an unsigned value. When shifted right, we end up with a large positive value instead of a small negative value, which results in an incorrect variance estimate. Fixes: 4d207133 ("gfs2: Make statistics unsigned, suitable for use with do_div()") Signed-off-by:
Andreas Gruenbacher <agruenba@redhat.com> Cc: stable@vger.kernel.org # v4.4+
-
Florian Westphal authored
Exercises 3 cases: 1. no pmtu discovery (need to frag) 2. no PMTUd + NAT (don't flag packets as invalid from conntrack) 3. PMTU + NAT (need to send icmp error) The first two cases make sure we handle fragments correctly, i.e. pass them to classic forwarding path. Third case checks we offload everything (in the test case, PMTUd will kick in so all packets should be within link mtu). Nftables rules will filter packets that are supposed to be handled by the fast-path. Signed-off-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
-
Florian Westphal authored
Guard this with a check vs. ipv4, IPCB isn't valid in ipv6 case. Signed-off-by:
-
