1. 15 Jun, 2018 12 commits
  2. 14 Jun, 2018 1 commit
  3. 13 Jun, 2018 1 commit
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 60d061e3
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter patches for your net tree:
      
      1) Fix NULL pointer dereference from nf_nat_decode_session() if NAT is
         not loaded, from Prashant Bhole.
      
      2) Fix socket extension module autoload.
      
      3) Don't bogusly reject sets with the NFT_SET_EVAL flag set on from
         the dynset extension.
      
      4) Fix races with nf_tables module removal and netns exit path,
         patches from Florian Westphal.
      
      5) Don't hit BUG_ON if jumpstack goes too deep, instead hit
         WARN_ON_ONCE, from Taehee Yoo.
      
      6) Another NULL pointer dereference from ctnetlink, again if NAT is
         not loaded, from Florian Westphal.
      
      7) Fix x_tables match list corruption in xt_connmark module removal
         path, also from Florian.
      
      8) nf_conncount doesn't properly deal with conntrack zones, hence
         garbage collector may get rid of entries in a different zone.
         From Yi-Hung Wei.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      60d061e3
  4. 12 Jun, 2018 26 commits
    • Juergen Gross's avatar
      xen/netfront: raise max number of slots in xennet_get_responses() · 57f230ab
      Juergen Gross authored
      The max number of slots used in xennet_get_responses() is set to
      MAX_SKB_FRAGS + (rx->status <= RX_COPY_THRESHOLD).
      
      In old kernel-xen MAX_SKB_FRAGS was 18, while nowadays it is 17. This
      difference is resulting in frequent messages "too many slots" and a
      reduced network throughput for some workloads (factor 10 below that of
      a kernel-xen based guest).
      
      Replacing MAX_SKB_FRAGS by XEN_NETIF_NR_SLOTS_MIN for calculation of
      the max number of slots to use solves that problem (tests showed no
      more messages "too many slots" and throughput was as high as with the
      kernel-xen based guest system).
      
      Replace MAX_SKB_FRAGS-2 by XEN_NETIF_NR_SLOTS_MIN-1 in
      netfront_tx_slot_available() for making it clearer what is really being
      tested without actually modifying the tested value.
      Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
      Reviewed-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      57f230ab
    • Cong Wang's avatar
      smc: convert to ->poll_mask · c0129a06
      Cong Wang authored
      smc->clcsock is an internal TCP socket, after TCP socket
      converts to ->poll_mask, ->poll doesn't exist any more.
      So just convert smc socket to ->poll_mask too.
      
      Fixes: 2c7d3dac ("net/tcp: convert to ->poll_mask")
      Reported-by: syzbot+f5066e369b2d5fff630f@syzkaller.appspotmail.com
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Ursula Braun <ubraun@linux.ibm.com>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0129a06
    • Christophe JAILLET's avatar
      net: stmmac: dwmac-meson8b: Fix an error handling path in 'meson8b_dwmac_probe()' · 760a6ed6
      Christophe JAILLET authored
      If 'of_device_get_match_data()' fails, we need to release some resources as
      done in the other error handling path of this function.
      
      Fixes: efacb568 ("net: stmmac: dwmac-meson: extend phy mode setting")
      Signed-off-by: default avatarChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      760a6ed6
    • Davide Caratti's avatar
      tc-testing: ife: fix wrong teardown command in test b7b8 · 31962c8c
      Davide Caratti authored
      fix failures in the 'teardown' stage of test b7b8, probably a leftover of
      commit 7c5995b3 ("tc-testing: fixed copy-pasting error in ife tests")
      
      Fixes: a56e6bcd ("tc-testing: updated ife test cases")
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      31962c8c
    • Vadim Lomovtsev's avatar
      net: thunderx: prevent concurrent data re-writing by nicvf_set_rx_mode · 469998c8
      Vadim Lomovtsev authored
      For each network interface linux network stack issue ndo_set_rx_mode call
      in order to configure MAC address filters (e.g. for multicast filtering).
      Currently ThunderX NICVF driver has only one ordered workqueue to process
      such requests for all VFs.
      
      And because of that it is possible that subsequent call to
      ndo_set_rx_mode would corrupt data which is currently in use
      by nicvf_set_rx_mode_task. Which in turn could cause following issue:
      [...]
      [   48.978341] Unable to handle kernel paging request at virtual address 1fffff0000000000
      [   48.986275] Mem abort info:
      [   48.989058]   Exception class = DABT (current EL), IL = 32 bits
      [   48.994965]   SET = 0, FnV = 0
      [   48.998020]   EA = 0, S1PTW = 0
      [   49.001152] Data abort info:
      [   49.004022]   ISV = 0, ISS = 0x00000004
      [   49.007869]   CM = 0, WnR = 0
      [   49.010826] [1fffff0000000000] address between user and kernel address ranges
      [   49.017963] Internal error: Oops: 96000004 [#1] SMP
      [...]
      [   49.072138] task: ffff800fdd675400 task.stack: ffff000026440000
      [   49.078051] PC is at prefetch_freepointer.isra.37+0x28/0x3c
      [   49.083613] LR is at kmem_cache_alloc_trace+0xc8/0x1fc
      [...]
      [   49.272684] [<ffff0000082738f0>] prefetch_freepointer.isra.37+0x28/0x3c
      [   49.279286] [<ffff000008276bc8>] kmem_cache_alloc_trace+0xc8/0x1fc
      [   49.285455] [<ffff0000082c0c0c>] alloc_fdtable+0x78/0x134
      [   49.290841] [<ffff0000082c15c0>] dup_fd+0x254/0x2f4
      [   49.295709] [<ffff0000080d1954>] copy_process.isra.38.part.39+0x64c/0x1168
      [   49.302572] [<ffff0000080d264c>] _do_fork+0xfc/0x3b0
      [   49.307524] [<ffff0000080d29e8>] SyS_clone+0x44/0x50
      [...]
      
      This patch is to prevent such concurrent data write with spinlock.
      Reported-by: default avatarDean Nelson <dnelson@redhat.com>
      Signed-off-by: default avatarVadim Lomovtsev <Vadim.Lomovtsev@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      469998c8
    • Linus Walleij's avatar
      net: phy: mdio-gpio: Cut surplus includes · 909f1edc
      Linus Walleij authored
      The GPIO MDIO driver now needs only <linux/gpio/consumer.h>
      so cut the legacy <linux/gpio.h> and <linux/of_gpio.h>
      includes that are no longer used.
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      909f1edc
    • David S. Miller's avatar
      Merge branch 'hv_netvsc-notification-and-namespace-fixes' · bfc17d00
      David S. Miller authored
      Stephen Hemminger says:
      
      ====================
      hv_netvsc: notification and namespace fixes
      
      This set of patches addresses two set of fixes. First it backs out
      the common callback model which was merged in net-next without
      completing all the review feedback or getting maintainer approval.
      
      Then it fixes the transparent VF management code to handle network
      namespaces.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bfc17d00
    • Stephen Hemminger's avatar
      hv_netvsc: move VF to same namespace as netvsc device · c0a41b88
      Stephen Hemminger authored
      When VF is added, the paravirtual device is already present
      and may have been moved to another network namespace. For example,
      sometimes the management interface is put in another net namespace
      in some environments.
      
      The VF should get moved to where the netvsc device is when the
      VF is discovered. The user can move it later (if desired).
      Signed-off-by: default avatarStephen Hemminger <sthemmin@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0a41b88
    • Stephen Hemminger's avatar
      hv_netvsc: fix network namespace issues with VF support · 7bf7bb37
      Stephen Hemminger authored
      When finding the parent netvsc device, the search needs to be across
      all netvsc device instances (independent of network namespace).
      
      Find parent device of VF using upper_dev_get routine which
      searches only adjacent list.
      
      Fixes: e8ff40d4 ("hv_netvsc: improve VF device matching")
      Signed-off-by: default avatarStephen Hemminger <sthemmin@microsoft.com>
      
      netns aware byref
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7bf7bb37
    • Stephen Hemminger's avatar
      hv_netvsc: drop common code until callback model fixed · 8cde8f0c
      Stephen Hemminger authored
      The callback model of handling network failover is not suitable
      in the current form.
        1. It was merged without addressing all the review feedback.
        2. It was merged without approval of any of the netvsc maintainers.
        3. Design discussion on how to handle PV/VF fallback is still
           not complete.
        4. IMHO the code model using callbacks is trying to make
           something common which isn't.
      
      Revert the netvsc specific changes for now. Does not impact ongoing
      development of failover model for virtio.
      Revisit this after a simpler library based failover kernel
      routines are extracted.
      
      This reverts
      commit 9c6ffbac ("hv_netvsc: fix error return code in netvsc_probe()")
      and
      commit 1ff78076 ("netvsc: refactor notifier/event handling code to use the failover framework")
      Signed-off-by: default avatarStephen Hemminger <sthemmin@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8cde8f0c
    • David S. Miller's avatar
      Merge branch 'nfp-fixes' · 01a1a170
      David S. Miller authored
      Jakub Kicinski says:
      
      ====================
      nfp: fix a warning, stats, naming and route leak
      
      Various fixes for the NFP.  Patch 1 fixes a harmless GCC 8 warning.
      Patch 2 ensures statistics are correct after users decrease the number
      of channels/rings.  Patch 3 restores phy_port_name behaviour for flower,
      ndo_get_phy_port_name used to return -EOPNOTSUPP on one of the netdevs,
      and we need to keep it that way otherwise interface names may change.
      Patch 4 fixes refcnt leak in flower tunnel offload code.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      01a1a170
    • Pieter Jansen van Vuuren's avatar
      nfp: flower: free dst_entry in route table · e62e51af
      Pieter Jansen van Vuuren authored
      We need to release the refcnt on dst_entry in the route table, otherwise
      we will leak the route.
      
      Fixes: 8e6a9046 ("nfp: flower vxlan neighbour offload")
      Signed-off-by: default avatarPieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
      Signed-off-by: default avatarLouis Peens <louis.peens@netronome.com>
      Reviewed-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e62e51af
    • Jakub Kicinski's avatar
      nfp: remove phys_port_name on flower's vNIC · fe06a64e
      Jakub Kicinski authored
      .ndo_get_phys_port_name was recently extended to support multi-vNIC
      FWs.  These are firmwares which can have more than one vNIC per PF
      without associated port (e.g. Adaptive Buffer Management FW), therefore
      we need a way of distinguishing the vNICs.  Unfortunately, it's too
      late to make flower use the same naming.  Flower users may depend on
      .ndo_get_phys_port_name returning -EOPNOTSUPP, for example the name
      udev gave the PF vNIC was just the bare PCI device-based name before
      the change, and will have 'nn0' appended after.
      
      To ensure flower's vNIC doesn't have phys_port_name attribute, add
      a flag to vNIC struct and set it in flower code.  New projects will
      not set the flag adhere to the naming scheme from the start.
      
      Fixes: 51c1df83 ("nfp: assign vNIC id as phys_port_name of vNICs which are not ports")
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Reviewed-by: default avatarDirk van der Merwe <dirk.vandermerwe@netronome.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fe06a64e
    • Jakub Kicinski's avatar
      nfp: include all ring counters in interface stats · 29f534c4
      Jakub Kicinski authored
      We are gathering software statistics on per-ring basis.
      .ndo_get_stats64 handler adds the rings up.  Unfortunately
      we are currently only adding up active rings, which means
      that if user decreases the number of active rings the
      statistics from deactivated rings will no longer be counted
      and total interface statistics may go backwards.
      
      Always sum all possible rings, the stats are allocated
      statically for max number of rings, so we don't have to
      worry about them being removed.  We could add the stats
      up when user changes the ring count, but it seems unnecessary..
      Adding up inactive rings will be very quick since no datapath
      will be touching them.
      
      Fixes: 164d1e9e ("nfp: add support for ethtool .set_channels")
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Reviewed-by: default avatarDirk van der Merwe <dirk.vandermerwe@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      29f534c4
    • Jakub Kicinski's avatar
      nfp: don't pad strings in nfp_cpp_resource_find() to avoid gcc 8 warning · f8d0efb1
      Jakub Kicinski authored
      Once upon a time nfp_cpp_resource_find() took a name parameter,
      which could be any user-chosen string.  Resources are identified
      by a CRC32 hash of a 8 byte string, so we had to pad user input
      with zeros to make sure CRC32 gave the correct result.
      
      Since then nfp_cpp_resource_find() was made to operate on allocated
      resources only (struct nfp_resource).  We kzalloc those so there is
      no need to pad the strings and use memcmp.
      
      This avoids a GCC 8 stringop-truncation warning:
      
      In function ‘nfp_cpp_resource_find’,
          inlined from ‘nfp_resource_try_acquire’ at .../nfpcore/nfp_resource.c:153:8,
          inlined from ‘nfp_resource_acquire’ at .../nfpcore/nfp_resource.c:206:9:
          .../nfpcore/nfp_resource.c:108:2: warning:  strncpy’ output may be truncated copying 8 bytes from a string of length 8 [-Wstringop-truncation]
            strncpy(name_pad, res->name, sizeof(name_pad));
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Reviewed-by: default avatarDirk van der Merwe <dirk.vandermerwe@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f8d0efb1
    • Bart Van Assche's avatar
      Revert "net: do not allow changing SO_REUSEADDR/SO_REUSEPORT on bound sockets" · cdb8744d
      Bart Van Assche authored
      Revert the patch mentioned in the subject because it breaks at least
      the Avahi mDNS daemon. That patch namely causes the Ubuntu 18.04 Avahi
      daemon to fail to start:
      
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: Successfully called chroot().
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: Successfully dropped remaining capabilities.
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: No service file found in /etc/avahi/services.
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: SO_REUSEADDR failed: Structure needs cleaning
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: SO_REUSEADDR failed: Structure needs cleaning
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: Failed to create server: No suitable network protocol available
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: avahi-daemon 0.7 exiting.
      Jun 12 09:49:24 ubuntu-vm systemd[1]: avahi-daemon.service: Main process exited, code=exited, status=255/n/a
      Jun 12 09:49:24 ubuntu-vm systemd[1]: avahi-daemon.service: Failed with result 'exit-code'.
      Jun 12 09:49:24 ubuntu-vm systemd[1]: Failed to start Avahi mDNS/DNS-SD Stack.
      
      Fixes: f396922d ("net: do not allow changing SO_REUSEADDR/SO_REUSEPORT on bound sockets")
      Cc: Maciej Żenczykowski <maze@google.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarBart Van Assche <bart.vanassche@wdc.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cdb8744d
    • Yi-Hung Wei's avatar
      netfilter: nf_conncount: Fix garbage collection with zones · 21ba8847
      Yi-Hung Wei authored
      Currently, we use check_hlist() for garbage colleciton. However, we
      use the ‘zone’ from the counted entry to query the existence of
      existing entries in the hlist. This could be wrong when they are in
      different zones, and this patch fixes this issue.
      
      Fixes: e59ea3df ("netfilter: xt_connlimit: honor conntrack zone if available")
      Signed-off-by: default avatarYi-Hung Wei <yihung.wei@gmail.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      21ba8847
    • Florian Westphal's avatar
      netfilter: xt_connmark: fix list corruption on rmmod · fc6ddbec
      Florian Westphal authored
      This needs to use xt_unregister_targets, else new revision is left
      on the list which then causes list to point to a target struct that has been free'd.
      
      Fixes: 472a73e0 ("netfilter: xt_conntrack: Support bit-shifting for CONNMARK & MARK targets.")
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      fc6ddbec
    • Florian Westphal's avatar
      netfilter: ctnetlink: avoid null pointer dereference · c05a45c0
      Florian Westphal authored
      Dan Carpenter points out that deref occurs after NULL check, we should
      re-fetch the pointer and check that instead.
      
      Fixes: 2c205dd3 ("netfilter: add struct nf_nat_hook and use it")
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      c05a45c0
    • Taehee Yoo's avatar
      netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() · adc972c5
      Taehee Yoo authored
      When depth of chain is bigger than NFT_JUMP_STACK_SIZE, the nft_do_chain
      crashes. But there is no need to crash hard here.
      Suggested-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Acked-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      adc972c5
    • Florian Westphal's avatar
      netfilter: nf_tables: close race between netns exit and rmmod · 0a2cf5ee
      Florian Westphal authored
      If net namespace is exiting while nf_tables module is being removed
      we can oops:
      
       BUG: unable to handle kernel NULL pointer dereference at 0000000000000040
       IP: nf_tables_flowtable_event+0x43/0xf0 [nf_tables]
       PGD 0 P4D 0
       Oops: 0000 [#1] SMP PTI
       Modules linked in: nf_tables(-) nfnetlink [..]
        unregister_netdevice_notifier+0xdd/0x130
        nf_tables_module_exit+0x24/0x3a [nf_tables]
        SyS_delete_module+0x1c5/0x240
        do_syscall_64+0x74/0x190
      
      Avoid this by attempting to take reference on the net namespace from
      the notifiers.  If it fails the namespace is exiting already, and nft
      core is taking care of cleanup work.
      
      We also need to make sure the netdev hook type gets removed
      before netns ops removal, else notifier might be invoked with device
      event for a netns where net->nft was never initialised (because
      pernet ops was removed beforehand).
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      0a2cf5ee
    • Florian Westphal's avatar
      netfilter: nf_tables: fix module unload race · 71ad00c5
      Florian Westphal authored
      We must first remove the nfnetlink protocol handler when nf_tables module
      is unloaded -- we don't want userspace to submit new change requests once
      we've started to tear down nft state.
      
      Furthermore, nfnetlink must not call any subsystem function after
      call_batch returned -EAGAIN.
      
      EAGAIN means the subsys mutex was dropped, so its unlikely but possible that
      nf_tables subsystem was removed due to 'rmmod nf_tables' on another cpu.
      
      Therefore, we must abort batch completely and not move on to next part of
      the batch.
      
      Last, we can't invoke ->abort unless we've checked that the subsystem is
      still registered.
      
      Change netns exit path of nf_tables to make sure any incompleted
      transaction gets removed on exit.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      71ad00c5
    • Pablo Neira Ayuso's avatar
      netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL · 215a31f1
      Pablo Neira Ayuso authored
      NFT_SET_EVAL is signalling the kernel that this sets can be updated from
      the evaluation path, even if there are no expressions attached to the
      element. Otherwise, set updates with no expressions fail. Update
      description to describe the right semantics.
      
      Fixes: 22fe54d5 ("netfilter: nf_tables: add support for dynamic set updates")
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      215a31f1
    • Pablo Neira Ayuso's avatar
      netfilter: nft_socket: fix module autoload · 3fb61eca
      Pablo Neira Ayuso authored
      Add alias definition for module autoload when adding socket rules.
      
      Fixes: 554ced0a ("netfilter: nf_tables: add support for native socket matching")
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      3fb61eca
    • Prashant Bhole's avatar
      netfilter: fix null-ptr-deref in nf_nat_decode_session · 155fb5c5
      Prashant Bhole authored
      Add null check for nat_hook in nf_nat_decode_session()
      
      [  195.648098] UBSAN: Undefined behaviour in ./include/linux/netfilter.h:348:14
      [  195.651366] BUG: KASAN: null-ptr-deref in __xfrm_policy_check+0x208/0x1d70
      [  195.653888] member access within null pointer of type 'struct nf_nat_hook'
      [  195.653896] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.17.0-rc6+ #5
      [  195.656320] Read of size 8 at addr 0000000000000008 by task ping/2469
      [  195.658715] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
      [  195.658721] Call Trace:
      [  195.661087]
      [  195.669341]  <IRQ>
      [  195.670574]  dump_stack+0xc6/0x150
      [  195.672156]  ? dump_stack_print_info.cold.0+0x1b/0x1b
      [  195.674121]  ? ubsan_prologue+0x31/0x92
      [  195.676546]  ubsan_epilogue+0x9/0x49
      [  195.678159]  handle_null_ptr_deref+0x11a/0x130
      [  195.679800]  ? sprint_OID+0x1a0/0x1a0
      [  195.681322]  __ubsan_handle_type_mismatch_v1+0xd5/0x11d
      [  195.683146]  ? ubsan_prologue+0x92/0x92
      [  195.684642]  __xfrm_policy_check+0x18ef/0x1d70
      [  195.686294]  ? rt_cache_valid+0x118/0x180
      [  195.687804]  ? __xfrm_route_forward+0x410/0x410
      [  195.689463]  ? fib_multipath_hash+0x700/0x700
      [  195.691109]  ? kvm_sched_clock_read+0x23/0x40
      [  195.692805]  ? pvclock_clocksource_read+0xf6/0x280
      [  195.694409]  ? graph_lock+0xa0/0xa0
      [  195.695824]  ? pvclock_clocksource_read+0xf6/0x280
      [  195.697508]  ? pvclock_read_flags+0x80/0x80
      [  195.698981]  ? kvm_sched_clock_read+0x23/0x40
      [  195.700347]  ? sched_clock+0x5/0x10
      [  195.701525]  ? sched_clock_cpu+0x18/0x1a0
      [  195.702846]  tcp_v4_rcv+0x1d32/0x1de0
      [  195.704115]  ? lock_repin_lock+0x70/0x270
      [  195.707072]  ? pvclock_read_flags+0x80/0x80
      [  195.709302]  ? tcp_v4_early_demux+0x4b0/0x4b0
      [  195.711833]  ? lock_acquire+0x195/0x380
      [  195.714222]  ? ip_local_deliver_finish+0xfc/0x770
      [  195.716967]  ? raw_rcv+0x2b0/0x2b0
      [  195.718856]  ? lock_release+0xa00/0xa00
      [  195.720938]  ip_local_deliver_finish+0x1b9/0x770
      [...]
      
      Fixes: 2c205dd3 ("netfilter: add struct nf_nat_hook and use it")
      Signed-off-by: default avatarPrashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
      Acked-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      155fb5c5
    • David Miller's avatar
      tcp: Do not reload skb pointer after skb_gro_receive(). · 6892286e
      David Miller authored
      This is not necessary.  skb_gro_receive() will never change what
      'head' points to.
      
      In it's original implementation (see commit 71d93b39 ("net: Add
      skb_gro_receive")), it did:
      
      ====================
      +	*head = nskb;
      +	nskb->next = p->next;
      +	p->next = NULL;
      ====================
      
      This sequence was removed in commit 58025e46 ("net: gro: remove
      obsolete code from skb_gro_receive()")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      6892286e