1. 10 Jan, 2019 6 commits
    • Eric Dumazet's avatar
      ipv6: fix kernel-infoleak in ipv6_local_error() · 7d033c9f
      Eric Dumazet authored
      This patch makes sure the flow label in the IPv6 header
      forged in ipv6_local_error() is initialized.
      
      BUG: KMSAN: kernel-infoleak in _copy_to_user+0x16b/0x1f0 lib/usercopy.c:32
      CPU: 1 PID: 24675 Comm: syz-executor1 Not tainted 4.20.0-rc7+ #4
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x173/0x1d0 lib/dump_stack.c:113
       kmsan_report+0x12e/0x2a0 mm/kmsan/kmsan.c:613
       kmsan_internal_check_memory+0x455/0xb00 mm/kmsan/kmsan.c:675
       kmsan_copy_to_user+0xab/0xc0 mm/kmsan/kmsan_hooks.c:601
       _copy_to_user+0x16b/0x1f0 lib/usercopy.c:32
       copy_to_user include/linux/uaccess.h:177 [inline]
       move_addr_to_user+0x2e9/0x4f0 net/socket.c:227
       ___sys_recvmsg+0x5d7/0x1140 net/socket.c:2284
       __sys_recvmsg net/socket.c:2327 [inline]
       __do_sys_recvmsg net/socket.c:2337 [inline]
       __se_sys_recvmsg+0x2fa/0x450 net/socket.c:2334
       __x64_sys_recvmsg+0x4a/0x70 net/socket.c:2334
       do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
       entry_SYSCALL_64_after_hwframe+0x63/0xe7
      RIP: 0033:0x457ec9
      Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
      RSP: 002b:00007f8750c06c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
      RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9
      RDX: 0000000000002000 RSI: 0000000020000400 RDI: 0000000000000005
      RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8750c076d4
      R13: 00000000004c4a60 R14: 00000000004d8140 R15: 00000000ffffffff
      
      Uninit was stored to memory at:
       kmsan_save_stack_with_flags mm/kmsan/kmsan.c:204 [inline]
       kmsan_save_stack mm/kmsan/kmsan.c:219 [inline]
       kmsan_internal_chain_origin+0x134/0x230 mm/kmsan/kmsan.c:439
       __msan_chain_origin+0x70/0xe0 mm/kmsan/kmsan_instr.c:200
       ipv6_recv_error+0x1e3f/0x1eb0 net/ipv6/datagram.c:475
       udpv6_recvmsg+0x398/0x2ab0 net/ipv6/udp.c:335
       inet_recvmsg+0x4fb/0x600 net/ipv4/af_inet.c:830
       sock_recvmsg_nosec net/socket.c:794 [inline]
       sock_recvmsg+0x1d1/0x230 net/socket.c:801
       ___sys_recvmsg+0x4d5/0x1140 net/socket.c:2278
       __sys_recvmsg net/socket.c:2327 [inline]
       __do_sys_recvmsg net/socket.c:2337 [inline]
       __se_sys_recvmsg+0x2fa/0x450 net/socket.c:2334
       __x64_sys_recvmsg+0x4a/0x70 net/socket.c:2334
       do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
       entry_SYSCALL_64_after_hwframe+0x63/0xe7
      
      Uninit was created at:
       kmsan_save_stack_with_flags mm/kmsan/kmsan.c:204 [inline]
       kmsan_internal_poison_shadow+0x92/0x150 mm/kmsan/kmsan.c:158
       kmsan_kmalloc+0xa6/0x130 mm/kmsan/kmsan_hooks.c:176
       kmsan_slab_alloc+0xe/0x10 mm/kmsan/kmsan_hooks.c:185
       slab_post_alloc_hook mm/slab.h:446 [inline]
       slab_alloc_node mm/slub.c:2759 [inline]
       __kmalloc_node_track_caller+0xe18/0x1030 mm/slub.c:4383
       __kmalloc_reserve net/core/skbuff.c:137 [inline]
       __alloc_skb+0x309/0xa20 net/core/skbuff.c:205
       alloc_skb include/linux/skbuff.h:998 [inline]
       ipv6_local_error+0x1a7/0x9e0 net/ipv6/datagram.c:334
       __ip6_append_data+0x129f/0x4fd0 net/ipv6/ip6_output.c:1311
       ip6_make_skb+0x6cc/0xcf0 net/ipv6/ip6_output.c:1775
       udpv6_sendmsg+0x3f8e/0x45d0 net/ipv6/udp.c:1384
       inet_sendmsg+0x54a/0x720 net/ipv4/af_inet.c:798
       sock_sendmsg_nosec net/socket.c:621 [inline]
       sock_sendmsg net/socket.c:631 [inline]
       __sys_sendto+0x8c4/0xac0 net/socket.c:1788
       __do_sys_sendto net/socket.c:1800 [inline]
       __se_sys_sendto+0x107/0x130 net/socket.c:1796
       __x64_sys_sendto+0x6e/0x90 net/socket.c:1796
       do_syscall_64+0xbc/0xf0 arch/x86/entry/common.c:291
       entry_SYSCALL_64_after_hwframe+0x63/0xe7
      
      Bytes 4-7 of 28 are uninitialized
      Memory access of size 28 starts at ffff8881937bfce0
      Data copied to user address 0000000020000000
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7d033c9f
    • Konstantin Khlebnikov's avatar
      net/core/neighbour: tell kmemleak about hash tables · 85704cb8
      Konstantin Khlebnikov authored
      This fixes false-positive kmemleak reports about leaked neighbour entries:
      
      unreferenced object 0xffff8885c6e4d0a8 (size 1024):
        comm "softirq", pid 0, jiffies 4294922664 (age 167640.804s)
        hex dump (first 32 bytes):
          00 00 00 00 00 00 00 00 20 2c f3 83 ff ff ff ff  ........ ,......
          08 c0 ef 5f 84 88 ff ff 01 8c 7d 02 01 00 00 00  ..._......}.....
        backtrace:
          [<00000000748509fe>] ip6_finish_output2+0x887/0x1e40
          [<0000000036d7a0d8>] ip6_output+0x1ba/0x600
          [<0000000027ea7dba>] ip6_send_skb+0x92/0x2f0
          [<00000000d6e2111d>] udp_v6_send_skb.isra.24+0x680/0x15e0
          [<000000000668a8be>] udpv6_sendmsg+0x18c9/0x27a0
          [<000000004bd5fa90>] sock_sendmsg+0xb3/0xf0
          [<000000008227b29f>] ___sys_sendmsg+0x745/0x8f0
          [<000000008698009d>] __sys_sendmsg+0xde/0x170
          [<00000000889dacf1>] do_syscall_64+0x9b/0x400
          [<0000000081cdb353>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
          [<000000005767ed39>] 0xffffffffffffffff
      Signed-off-by: default avatarKonstantin Khlebnikov <khlebnikov@yandex-team.ru>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      85704cb8
    • Colin Ian King's avatar
      net: cxgb4: fix various indentation issues · fd21c89b
      Colin Ian King authored
      There are some lines that have indentation issues, fix these.
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fd21c89b
    • Colin Ian King's avatar
      net: cxgb3: fix various indentation issues · 2acc0abc
      Colin Ian King authored
      There are handful of lines that have indentation issues, fix these.
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2acc0abc
    • Willem de Bruijn's avatar
      ip: on queued skb use skb_header_pointer instead of pskb_may_pull · 4a06fa67
      Willem de Bruijn authored
      Commit 2efd4fca ("ip: in cmsg IP(V6)_ORIGDSTADDR call
      pskb_may_pull") avoided a read beyond the end of the skb linear
      segment by calling pskb_may_pull.
      
      That function can trigger a BUG_ON in pskb_expand_head if the skb is
      shared, which it is when when peeking. It can also return ENOMEM.
      
      Avoid both by switching to safer skb_header_pointer.
      
      Fixes: 2efd4fca ("ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull")
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Suggested-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4a06fa67
    • Stanislav Fomichev's avatar
      tun: publish tfile after it's fully initialized · 0b7959b6
      Stanislav Fomichev authored
      BUG: unable to handle kernel NULL pointer dereference at 00000000000000d1
      Call Trace:
       ? napi_gro_frags+0xa7/0x2c0
       tun_get_user+0xb50/0xf20
       tun_chr_write_iter+0x53/0x70
       new_sync_write+0xff/0x160
       vfs_write+0x191/0x1e0
       __x64_sys_write+0x5e/0xd0
       do_syscall_64+0x47/0xf0
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      I think there is a subtle race between sending a packet via tap and
      attaching it:
      
      CPU0:                    CPU1:
      tun_chr_ioctl(TUNSETIFF)
        tun_set_iff
          tun_attach
            rcu_assign_pointer(tfile->tun, tun);
                               tun_fops->write_iter()
                                 tun_chr_write_iter
                                   tun_napi_alloc_frags
                                     napi_get_frags
                                       napi->skb = napi_alloc_skb
            tun_napi_init
              netif_napi_add
                napi->skb = NULL
                                    napi->skb is NULL here
                                    napi_gro_frags
                                      napi_frags_skb
      				  skb = napi->skb
      				  skb_reset_mac_header(skb)
      				  panic()
      
      Move rcu_assign_pointer(tfile->tun) and rcu_assign_pointer(tun->tfiles) to
      be the last thing we do in tun_attach(); this should guarantee that when we
      call tun_get() we always get an initialized object.
      
      v2 changes:
      * remove extra napi_mutex locks/unlocks for napi operations
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Fixes: 90e33d45 ("tun: enable napi_gro_frags() for TUN/TAP driver")
      Signed-off-by: default avatarStanislav Fomichev <sdf@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0b7959b6
  2. 09 Jan, 2019 1 commit
  3. 08 Jan, 2019 17 commits
    • David S. Miller's avatar
      Merge branch 'mlxsw-fixes' · 4314b1f6
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2019-01-08
      
      The following pull-request contains BPF updates for your *net* tree.
      
      The main changes are:
      
      1) Fix BSD'ism in sendmsg(2) to rewrite unspecified IPv6 dst for
         unconnected UDP sockets with [::1] _after_ cgroup BPF invocation,
         from Andrey.
      
      2) Follow-up fix to the speculation fix where we need to reject a
         corner case for sanitation when ptr and scalars are mixed in the
         same alu op. Also, some unrelated minor doc fixes, from Daniel.
      
      3) Fix BPF kselftest's incorrect uses of create_and_get_cgroup()
         by not assuming fd of zero value to be the result of an error
         case, from Stanislav.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4314b1f6
    • Ido Schimmel's avatar
      selftests: forwarding: Add a test for VLAN deletion · 4fabf3bf
      Ido Schimmel authored
      Add a VLAN on a bridge port, delete it and make sure the PVID VLAN is
      not affected.
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4fabf3bf
    • Ido Schimmel's avatar
      mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion · 674bed5d
      Ido Schimmel authored
      When a VLAN is deleted from a bridge port we should not change the PVID
      unless the deleted VLAN is the PVID.
      
      Fixes: fe9ccc78 ("mlxsw: spectrum_switchdev: Don't batch VLAN operations")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      674bed5d
    • Ido Schimmel's avatar
      selftests: forwarding: Fix test for different devices · 289fb44d
      Ido Schimmel authored
      When running the test on the Spectrum ASIC the generated packets are
      counted on the ingress filter and injected back to the pipeline because
      of the 'pass' action. The router block then drops the packets due to
      checksum error, as the test generates packets with zero checksum.
      
      When running the test on an emulator that is not as strict about
      checksum errors the test fails since packets are counted twice. Once by
      the emulated ASIC on its ingress filter and again by the kernel as the
      emulator does not perform checksum validation and allows the packets to
      be trapped by a matching host route.
      
      Fix this by changing the action to 'drop', which will prevent the packet
      from continuing further in the pipeline to the router block.
      
      For veth pairs this change is essentially a NOP given packets are only
      processed once (by the kernel).
      
      Fixes: a0b61f3d ("selftests: forwarding: vxlan_bridge_1d: Add an ECN decap test")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarPetr Machata <petrm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      289fb44d
    • Ido Schimmel's avatar
      net: bridge: Fix VLANs memory leak · 27973793
      Ido Schimmel authored
      When adding / deleting VLANs to / from a bridge port, the bridge driver
      first tries to propagate the information via switchdev and falls back to
      the 8021q driver in case the underlying driver does not support
      switchdev. This can result in a memory leak [1] when VXLAN and mlxsw
      ports are enslaved to the bridge:
      
      $ ip link set dev vxlan0 master br0
      # No mlxsw ports are enslaved to 'br0', so mlxsw ignores the switchdev
      # notification and the bridge driver adds the VLAN on 'vxlan0' via the
      # 8021q driver
      $ bridge vlan add vid 10 dev vxlan0 pvid untagged
      # mlxsw port is enslaved to the bridge
      $ ip link set dev swp1 master br0
      # mlxsw processes the switchdev notification and the 8021q driver is
      # skipped
      $ bridge vlan del vid 10 dev vxlan0
      
      This results in 'struct vlan_info' and 'struct vlan_vid_info' being
      leaked, as they were allocated by the 8021q driver during VLAN addition,
      but never freed as the 8021q driver was skipped during deletion.
      
      Fix this by introducing a new VLAN private flag that indicates whether
      the VLAN was added on the port by switchdev or the 8021q driver. If the
      VLAN was added by the 8021q driver, then we make sure to delete it via
      the 8021q driver as well.
      
      [1]
      unreferenced object 0xffff88822d20b1e8 (size 256):
        comm "bridge", pid 2532, jiffies 4295216998 (age 1188.830s)
        hex dump (first 32 bytes):
          e0 42 97 ce 81 88 ff ff 00 00 00 00 00 00 00 00  .B..............
          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        backtrace:
          [<00000000f82d851d>] kmem_cache_alloc_trace+0x1be/0x330
          [<00000000e0178b02>] vlan_vid_add+0x661/0x920
          [<00000000218ebd5f>] __vlan_add+0x1be9/0x3a00
          [<000000006eafa1ca>] nbp_vlan_add+0x8b3/0xd90
          [<000000003535392c>] br_vlan_info+0x132/0x410
          [<00000000aedaa9dc>] br_afspec+0x75c/0x870
          [<00000000f5716133>] br_setlink+0x3dc/0x6d0
          [<00000000aceca5e2>] rtnl_bridge_setlink+0x615/0xb30
          [<00000000a2f2d23e>] rtnetlink_rcv_msg+0x3a3/0xa80
          [<0000000064097e69>] netlink_rcv_skb+0x152/0x3c0
          [<000000008be8d614>] rtnetlink_rcv+0x21/0x30
          [<000000009ab2ca25>] netlink_unicast+0x52f/0x740
          [<00000000e7d9ac96>] netlink_sendmsg+0x9c7/0xf50
          [<000000005d1e2050>] sock_sendmsg+0xbe/0x120
          [<00000000d51426bc>] ___sys_sendmsg+0x778/0x8f0
          [<00000000b9d7b2cc>] __sys_sendmsg+0x112/0x270
      unreferenced object 0xffff888227454308 (size 32):
        comm "bridge", pid 2532, jiffies 4295216998 (age 1188.882s)
        hex dump (first 32 bytes):
          88 b2 20 2d 82 88 ff ff 88 b2 20 2d 82 88 ff ff  .. -...... -....
          81 00 0a 00 01 00 00 00 00 00 00 00 00 00 00 00  ................
        backtrace:
          [<00000000f82d851d>] kmem_cache_alloc_trace+0x1be/0x330
          [<0000000018050631>] vlan_vid_add+0x3e6/0x920
          [<00000000218ebd5f>] __vlan_add+0x1be9/0x3a00
          [<000000006eafa1ca>] nbp_vlan_add+0x8b3/0xd90
          [<000000003535392c>] br_vlan_info+0x132/0x410
          [<00000000aedaa9dc>] br_afspec+0x75c/0x870
          [<00000000f5716133>] br_setlink+0x3dc/0x6d0
          [<00000000aceca5e2>] rtnl_bridge_setlink+0x615/0xb30
          [<00000000a2f2d23e>] rtnetlink_rcv_msg+0x3a3/0xa80
          [<0000000064097e69>] netlink_rcv_skb+0x152/0x3c0
          [<000000008be8d614>] rtnetlink_rcv+0x21/0x30
          [<000000009ab2ca25>] netlink_unicast+0x52f/0x740
          [<00000000e7d9ac96>] netlink_sendmsg+0x9c7/0xf50
          [<000000005d1e2050>] sock_sendmsg+0xbe/0x120
          [<00000000d51426bc>] ___sys_sendmsg+0x778/0x8f0
          [<00000000b9d7b2cc>] __sys_sendmsg+0x112/0x270
      
      Fixes: d70e42b2 ("mlxsw: spectrum: Enable VxLAN enslavement to VLAN-aware bridges")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarPetr Machata <petrm@mellanox.com>
      Cc: Roopa Prabhu <roopa@cumulusnetworks.com>
      Cc: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Cc: bridge@lists.linux-foundation.org
      Acked-by: default avatarNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      27973793
    • Ido Schimmel's avatar
      selftests: mlxsw: Add a test case for VLAN addition error flow · 16dc42e4
      Ido Schimmel authored
      Add a test case for the issue fixed by previous commit. In case the
      offloading of an unsupported VxLAN tunnel was triggered by adding the
      mapped VLAN to a local port, then error should be returned to the user.
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarPetr Machata <petrm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      16dc42e4
    • Ido Schimmel's avatar
      mlxsw: spectrum_nve: Replace error code with EINVAL · 412283ee
      Ido Schimmel authored
      Adding a VLAN on a port can trigger the offload of a VXLAN tunnel which
      is already a member in the VLAN. In case the configuration of the VXLAN
      is not supported, the driver would return -EOPNOTSUPP.
      
      This is problematic since bridge code does not interpret this as error,
      but rather that it should try to setup the VLAN using the 8021q driver
      instead of switchdev.
      
      Fixes: d70e42b2 ("mlxsw: spectrum: Enable VxLAN enslavement to VLAN-aware bridges")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarPetr Machata <petrm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      412283ee
    • Ido Schimmel's avatar
      mlxsw: spectrum_switchdev: Avoid returning errors in commit phase · 457e20d6
      Ido Schimmel authored
      Drivers are not supposed to return errors in switchdev commit phase if
      they returned OK in prepare phase. Otherwise, a WARNING is emitted.
      However, when the offloading of a VXLAN tunnel is triggered by the
      addition of a VLAN on a local port, it is not possible to guarantee that
      the commit phase will succeed without doing a lot of work.
      
      In these cases, the artificial division between prepare and commit phase
      does not make sense, so simply do the work in the prepare phase.
      
      Fixes: d70e42b2 ("mlxsw: spectrum: Enable VxLAN enslavement to VLAN-aware bridges")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarPetr Machata <petrm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      457e20d6
    • Ido Schimmel's avatar
      mlxsw: spectrum: Add VXLAN dependency for spectrum · 143a8e03
      Ido Schimmel authored
      When VXLAN is a loadable module, MLXSW_SPECTRUM must not be built-in:
      
      drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c:2547: undefined
      reference to `vxlan_fdb_find_uc'
      
      Add Kconfig dependency to enforce usable configurations.
      
      Fixes: 1231e04f ("mlxsw: spectrum_switchdev: Add support for VxLAN encapsulation")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reported-by: default avatarkbuild test robot <lkp@intel.com>
      Reviewed-by: default avatarPetr Machata <petrm@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      143a8e03
    • Jiri Pirko's avatar
      mlxsw: spectrum: Disable lag port TX before removing it · 8adbe212
      Jiri Pirko authored
      Make sure that lag port TX is disabled before mlxsw_sp_port_lag_leave()
      is called and prevent from possible EMAD error.
      
      Fixes: 0d65fc13 ("mlxsw: spectrum: Implement LAG port join/leave")
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8adbe212
    • Nir Dotan's avatar
      mlxsw: spectrum_acl: Remove ASSERT_RTNL()s in module removal flow · 04d075b7
      Nir Dotan authored
      Removal of the mlxsw driver on Spectrum-2 platforms hits an ASSERT_RTNL()
      in Spectrum-2 ACL Bloom filter and in ERP removal paths. This happens
      because the multicast router implementation in Spectrum-2 relies on ACLs.
      Taking the RTNL lock upon driver removal is useless since the driver first
      removes its ports and unregisters from notifiers so concurrent writes
      cannot happen at that time. The assertions were originally put as a
      reminder for future work involving ERP background optimization, but having
      these assertions only during addition serves this purpose as well.
      
      Therefore remove the ASSERT_RTNL() in both places related to ERP and Bloom
      filter removal.
      
      Fixes: cf7221a4 ("mlxsw: spectrum_router: Add Multicast routing support for Spectrum-2")
      Signed-off-by: default avatarNir Dotan <nird@mellanox.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      04d075b7
    • Nir Dotan's avatar
      mlxsw: spectrum_acl: Add cleanup after C-TCAM update error condition · ff0db43c
      Nir Dotan authored
      When writing to C-TCAM, mlxsw driver uses cregion->ops->entry_insert().
      In case of C-TCAM HW insertion error, the opposite action should take
      place.
      Add error handling case in which the C-TCAM region entry is removed, by
      calling cregion->ops->entry_remove().
      
      Fixes: a0a777b9 ("mlxsw: spectrum_acl: Start using A-TCAM")
      Signed-off-by: default avatarNir Dotan <nird@mellanox.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ff0db43c
    • Heiner Kallweit's avatar
      r8169: load Realtek PHY driver module before r8169 · 11287b69
      Heiner Kallweit authored
      This soft dependency works around an issue where sometimes the genphy
      driver is used instead of the dedicated PHY driver. The root cause of
      the issue isn't clear yet. People reported the unloading/re-loading
      module r8169 helps, and also configuring this soft dependency in
      the modprobe config files. Important just seems to be that the
      realtek module is loaded before r8169.
      
      Once this has been applied preliminary fix 38af4b90 ("net: phy:
      add workaround for issue where PHY driver doesn't bind to the device")
      will be removed.
      
      Fixes: f1e911d5 ("r8169: add basic phylib support")
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      11287b69
    • Bryan Whitehead's avatar
      lan743x: Remove phy_read from link status change function · a0071840
      Bryan Whitehead authored
      It has been noticed that some phys do not have the registers
      required by the previous implementation.
      
      To fix this, instead of using phy_read, the required information
      is extracted from the phy_device structure.
      
      fixes: 23f0703c ("lan743x: Add main source files for new lan743x driver")
      Signed-off-by: default avatarBryan Whitehead <Bryan.Whitehead@microchip.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a0071840
    • Eugene Syromiatnikov's avatar
      ptp: uapi: change _IOW to IOWR in PTP_SYS_OFFSET_EXTENDED definition · b7ea4894
      Eugene Syromiatnikov authored
      The ioctl command is read/write (or just read, if the fact that user space
      writes n_samples field is ignored).
      Signed-off-by: default avatarEugene Syromiatnikov <esyr@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b7ea4894
    • Eugene Syromiatnikov's avatar
      ptp: check that rsv field is zero in struct ptp_sys_offset_extended · 895ac137
      Eugene Syromiatnikov authored
      Otherwise it is impossible to use it for something else, as it will break
      userspace that puts garbage there.
      
      The same check should be done in other structures, but the fact that
      data in reserved fields is ignored is already part of the kernel ABI.
      Signed-off-by: default avatarEugene Syromiatnikov <esyr@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      895ac137
    • David S. Miller's avatar
      Merge ra.kernel.org:/pub/scm/linux/kernel/git/bpf/bpf · 977e4899
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2019-01-08
      
      The following pull-request contains BPF updates for your *net* tree.
      
      The main changes are:
      
      1) Fix BSD'ism in sendmsg(2) to rewrite unspecified IPv6 dst for
         unconnected UDP sockets with [::1] _after_ cgroup BPF invocation,
         from Andrey.
      
      2) Follow-up fix to the speculation fix where we need to reject a
         corner case for sanitation when ptr and scalars are mixed in the
         same alu op. Also, some unrelated minor doc fixes, from Daniel.
      
      3) Fix BPF kselftest's incorrect uses of create_and_get_cgroup()
         by not assuming fd of zero value to be the result of an error
         case, from Stanislav.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      977e4899
  4. 07 Jan, 2019 14 commits
  5. 06 Jan, 2019 2 commits