1. 25 Mar, 2021 4 commits
  2. 24 Mar, 2021 5 commits
  3. 23 Mar, 2021 4 commits
    • Vladimir Oltean's avatar
      net: bridge: don't notify switchdev for local FDB addresses · 6ab4c311
      Vladimir Oltean authored
      As explained in this discussion:
      https://lore.kernel.org/netdev/20210117193009.io3nungdwuzmo5f7@skbuf/
      
      the switchdev notifiers for FDB entries managed to have a zero-day bug.
      The bridge would not say that this entry is local:
      
      ip link add br0 type bridge
      ip link set swp0 master br0
      bridge fdb add dev swp0 00:01:02:03:04:05 master local
      
      and the switchdev driver would be more than happy to offload it as a
      normal static FDB entry. This is despite the fact that 'local' and
      non-'local' entries have completely opposite directions: a local entry
      is locally terminated and not forwarded, whereas a static entry is
      forwarded and not locally terminated. So, for example, DSA would install
      this entry on swp0 instead of installing it on the CPU port as it should.
      
      There is an even sadder part, which is that the 'local' flag is implicit
      if 'static' is not specified, meaning that this command produces the
      same result of adding a 'local' entry:
      
      bridge fdb add dev swp0 00:01:02:03:04:05 master
      
      I've updated the man pages for 'bridge', and after reading it now, it
      should be pretty clear to any user that the commands above were broken
      and should have never resulted in the 00:01:02:03:04:05 address being
      forwarded (this behavior is coherent with non-switchdev interfaces):
      https://patchwork.kernel.org/project/netdevbpf/cover/20210211104502.2081443-1-olteanv@gmail.com/
      If you're a user reading this and this is what you want, just use:
      
      bridge fdb add dev swp0 00:01:02:03:04:05 master static
      
      Because switchdev should have given drivers the means from day one to
      classify FDB entries as local/non-local, but didn't, it means that all
      drivers are currently broken. So we can just as well omit the switchdev
      notifications for local FDB entries, which is exactly what this patch
      does to close the bug in stable trees. For further development work
      where drivers might want to trap the local FDB entries to the host, we
      can add a 'bool is_local' to br_switchdev_fdb_call_notifiers(), and
      selectively make drivers act upon that bit, while all the others ignore
      those entries if the 'is_local' bit is set.
      
      Fixes: 6b26b51b ("net: bridge: Add support for notifying devices about FDB add/del")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6ab4c311
    • Marcelo Ricardo Leitner's avatar
      net/sched: act_ct: clear post_ct if doing ct_clear · 8ca1b090
      Marcelo Ricardo Leitner authored
      Invalid detection works with two distinct moments: act_ct tries to find
      a conntrack entry and set post_ct true, indicating that that was
      attempted. Then, when flow dissector tries to dissect CT info and no
      entry is there, it knows that it was tried and no entry was found, and
      synthesizes/sets
                        key->ct_state = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
                                        TCA_FLOWER_KEY_CT_FLAGS_INVALID;
      mimicing what OVS does.
      
      OVS has this a bit more streamlined, as it recomputes the key after
      trying to find a conntrack entry for it.
      
      Issue here is, when we have 'tc action ct clear', it didn't clear
      post_ct, causing a subsequent match on 'ct_state -trk' to fail, due to
      the above. The fix, thus, is to clear it.
      
      Reproducer rules:
      tc filter add dev enp130s0f0np0_0 ingress prio 1 chain 0 \
      	protocol ip flower ip_proto tcp ct_state -trk \
      	action ct zone 1 pipe \
      	action goto chain 2
      tc filter add dev enp130s0f0np0_0 ingress prio 1 chain 2 \
      	protocol ip flower \
      	action ct clear pipe \
      	action goto chain 4
      tc filter add dev enp130s0f0np0_0 ingress prio 1 chain 4 \
      	protocol ip flower ct_state -trk \
      	action mirred egress redirect dev enp130s0f1np1_0
      
      With the fix, the 3rd rule matches, like it does with OVS kernel
      datapath.
      
      Fixes: 7baf2429 ("net/sched: cls_flower add CT_FLAGS_INVALID flag support")
      Signed-off-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Reviewed-by: default avatarwenxu <wenxu@ucloud.cn>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8ca1b090
    • George McCollister's avatar
      net: dsa: don't assign an error value to tag_ops · e0c755a4
      George McCollister authored
      Use a temporary variable to hold the return value from
      dsa_tag_driver_get() instead of assigning it to dst->tag_ops. Leaving
      an error value in dst->tag_ops can result in deferencing an invalid
      pointer when a deferred switch configuration happens later.
      
      Fixes: 357f203b ("net: dsa: keep a copy of the tagging protocol in the DSA switch tree")
      Signed-off-by: default avatarGeorge McCollister <george.mccollister@gmail.com>
      Reviewed-by: default avatarVladimir Oltean <olteanv@gmail.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e0c755a4
    • David S. Miller's avatar
      Merge tag 'mlx5-fixes-2021-03-22' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux · 8fb16e80
      David S. Miller authored
      Saeed Mahameed says:
      
      ====================
      mlx5 fixes 2021-03-22
      
      This series introduces some fixes to mlx5 driver.
      Please pull and let me know if there is any problem.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8fb16e80
  4. 22 Mar, 2021 9 commits
  5. 21 Mar, 2021 5 commits
    • Bhaskar Chowdhury's avatar
      docs: networking: Fix a typo · 87d77e59
      Bhaskar Chowdhury authored
      s/subsytem/subsystem/
      Signed-off-by: default avatarBhaskar Chowdhury <unixbhaskar@gmail.com>
      Acked-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      87d77e59
    • Heiner Kallweit's avatar
      r8169: fix DMA being used after buffer free if WoL is enabled · f658b909
      Heiner Kallweit authored
      IOMMU errors have been reported if WoL is enabled and interface is
      brought down. It turned out that the network chip triggers DMA
      transfers after the DMA buffers have been freed. For WoL to work we
      need to leave rx enabled, therefore simply stop the chip from being
      a DMA busmaster.
      
      Fixes: 567ca57f ("r8169: add rtl8169_up")
      Tested-by: default avatarPaul Blazejowski <paulb@blazebox.homeip.net>
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f658b909
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-5.12-20210320' of... · 49371a8a
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-5.12-20210320' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2021-03-20
      
      this is a pull request of 2 patches for net/master.
      
      The first patch is by Oliver Hartkopp. He fixes the TX-path in the
      ISO-TP protocol by properly initializing the outgoing CAN frames.
      
      The second patch is by me and reverts a patch from my previous pull
      request which added MODULE_SUPPORTED_DEVICE to the peak_usb driver. In
      the mean time in Linus's tree the entirely MODULE_SUPPORTED_DEVICE was
      removed. So this reverts the adding of the new MODULE_SUPPORTED_DEVICE
      to avoid the merge conflict.
      
      If you prefer to resolve the merge conflict by hand, I'll send a new
      pull request without that patch.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      49371a8a
    • David S. Miller's avatar
      Merge branch 'pa-fox-validation' · a05b0c8c
      David S. Miller authored
      Alex Elder says:
      
      ====================
      ipa: fix validation
      
      There is sanity checking code in the IPA driver that's meant to be
      enabled only during development.  This allows the driver to make
      certain assumptions, but not have to verify those assumptions are
      true at (operational) runtime.  This code is built conditional on
      IPA_VALIDATION, set (if desired) inside the IPA makefile.
      
      Unfortunately, this validation code has some errors.  First, there
      are some mismatched arguments supplied to some dev_err() calls in
      ipa_cmd_table_valid() and ipa_cmd_header_valid(), and these are
      exposed if validation is enabled.  Second, the tag that enables
      this conditional code isn't used consistently (it's IPA_VALIDATE
      in some spots and IPA_VALIDATION in others).
      
      This series fixes those two problems with the conditional validation
      code.
      
      Version 2 removes the two patches that introduced ipa_assert().  It
      also modifies the description in the first patch so that it mentions
      the changes made to ipa_cmd_table_valid().
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a05b0c8c
    • Alex Elder's avatar
      net: ipa: fix init header command validation · b4afd4b9
      Alex Elder authored
      We use ipa_cmd_header_valid() to ensure certain values we will
      program into hardware are within range, well in advance of when we
      actually program them.  This way we avoid having to check for errors
      when we actually program the hardware.
      
      Unfortunately the dev_err() call for a bad offset value does not
      supply the arguments to match the format specifiers properly.
      Fix this.
      
      There was also supposed to be a check to ensure the size to be
      programmed fits in the field that holds it.  Add this missing check.
      
      Rearrange the way we ensure the header table fits in overall IPA
      memory range.
      
      Finally, update ipa_cmd_table_valid() so the format of messages
      printed for errors matches what's done in ipa_cmd_header_valid().
      Signed-off-by: default avatarAlex Elder <elder@linaro.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b4afd4b9
  6. 20 Mar, 2021 4 commits
  7. 19 Mar, 2021 9 commits
    • Zqiang's avatar
      bpf: Fix umd memory leak in copy_process() · f60a85ca
      Zqiang authored
      The syzbot reported a memleak as follows:
      
      BUG: memory leak
      unreferenced object 0xffff888101b41d00 (size 120):
        comm "kworker/u4:0", pid 8, jiffies 4294944270 (age 12.780s)
        backtrace:
          [<ffffffff8125dc56>] alloc_pid+0x66/0x560
          [<ffffffff81226405>] copy_process+0x1465/0x25e0
          [<ffffffff81227943>] kernel_clone+0xf3/0x670
          [<ffffffff812281a1>] kernel_thread+0x61/0x80
          [<ffffffff81253464>] call_usermodehelper_exec_work
          [<ffffffff81253464>] call_usermodehelper_exec_work+0xc4/0x120
          [<ffffffff812591c9>] process_one_work+0x2c9/0x600
          [<ffffffff81259ab9>] worker_thread+0x59/0x5d0
          [<ffffffff812611c8>] kthread+0x178/0x1b0
          [<ffffffff8100227f>] ret_from_fork+0x1f/0x30
      
      unreferenced object 0xffff888110ef5c00 (size 232):
        comm "kworker/u4:0", pid 8414, jiffies 4294944270 (age 12.780s)
        backtrace:
          [<ffffffff8154a0cf>] kmem_cache_zalloc
          [<ffffffff8154a0cf>] __alloc_file+0x1f/0xf0
          [<ffffffff8154a809>] alloc_empty_file+0x69/0x120
          [<ffffffff8154a8f3>] alloc_file+0x33/0x1b0
          [<ffffffff8154ab22>] alloc_file_pseudo+0xb2/0x140
          [<ffffffff81559218>] create_pipe_files+0x138/0x2e0
          [<ffffffff8126c793>] umd_setup+0x33/0x220
          [<ffffffff81253574>] call_usermodehelper_exec_async+0xb4/0x1b0
          [<ffffffff8100227f>] ret_from_fork+0x1f/0x30
      
      After the UMD process exits, the pipe_to_umh/pipe_from_umh and
      tgid need to be released.
      
      Fixes: d71fa5c9 ("bpf: Add kernel module with user mode driver that populates bpffs.")
      Reported-by: syzbot+44908bb56d2bfe56b28e@syzkaller.appspotmail.com
      Signed-off-by: default avatarZqiang <qiang.zhang@windriver.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Link: https://lore.kernel.org/bpf/20210317030915.2865-1-qiang.zhang@windriver.com
      f60a85ca
    • Andrii Nakryiko's avatar
      Merge branch 'libbpf: Fix BTF dump of pointer-to-array-of-struct' · e75b513e
      Andrii Nakryiko authored
      Jean-Philippe Brucker says:
      
      ====================
      
      Fix an issue with the libbpf BTF dump, see patch 1 for details.
      
      Since [v1] I added the selftest in patch 2, though I couldn't figure out
      a way to make it independent from the order in which debug info is
      issued by the compiler.
      
      [v1]: https://lore.kernel.org/bpf/20210318122700.396574-1-jean-philippe@linaro.org/
      ====================
      Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
      e75b513e
    • Jean-Philippe Brucker's avatar
      selftests/bpf: Add selftest for pointer-to-array-of-struct BTF dump · f118aac6
      Jean-Philippe Brucker authored
      Bpftool used to issue forward declarations for a struct used as part of
      a pointer to array, which is invalid. Add a test to check that the
      struct is fully defined in this case:
      
      	@@ -134,9 +134,9 @@
      	 	};
      	 };
      
      	-struct struct_in_array {};
      	+struct struct_in_array;
      
      	-struct struct_in_array_typed {};
      	+struct struct_in_array_typed;
      
      	 typedef struct struct_in_array_typed struct_in_array_t[2];
      
      	@@ -189,3 +189,7 @@
      	 	struct struct_with_embedded_stuff _14;
      	 };
      
      	+struct struct_in_array {};
      	+
      	+struct struct_in_array_typed {};
      	+
      	...
      	#13/1 btf_dump: syntax:FAIL
      Suggested-by: default avatarAndrii Nakryiko <andrii.nakryiko@gmail.com>
      Signed-off-by: default avatarJean-Philippe Brucker <jean-philippe@linaro.org>
      Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
      Link: https://lore.kernel.org/bpf/20210319112554.794552-3-jean-philippe@linaro.org
      f118aac6
    • Jean-Philippe Brucker's avatar
      libbpf: Fix BTF dump of pointer-to-array-of-struct · 901ee1d7
      Jean-Philippe Brucker authored
      The vmlinux.h generated from BTF is invalid when building
      drivers/phy/ti/phy-gmii-sel.c with clang:
      
      vmlinux.h:61702:27: error: array type has incomplete element type ‘struct reg_field’
      61702 |  const struct reg_field (*regfields)[3];
            |                           ^~~~~~~~~
      
      bpftool generates a forward declaration for this struct regfield, which
      compilers aren't happy about. Here's a simplified reproducer:
      
      	struct inner {
      		int val;
      	};
      	struct outer {
      		struct inner (*ptr_to_array)[2];
      	} A;
      
      After build with clang -> bpftool btf dump c -> clang/gcc:
      ./def-clang.h:11:23: error: array has incomplete element type 'struct inner'
              struct inner (*ptr_to_array)[2];
      
      Member ptr_to_array of struct outer is a pointer to an array of struct
      inner. In the DWARF generated by clang, struct outer appears before
      struct inner, so when converting BTF of struct outer into C, bpftool
      issues a forward declaration to struct inner. With GCC the DWARF info is
      reversed so struct inner gets fully defined.
      
      That forward declaration is not sufficient when compilers handle an
      array of the struct, even when it's only used through a pointer. Note
      that we can trigger the same issue with an intermediate typedef:
      
      	struct inner {
      	        int val;
      	};
      	typedef struct inner inner2_t[2];
      	struct outer {
      	        inner2_t *ptr_to_array;
      	} A;
      
      Becomes:
      
      	struct inner;
      	typedef struct inner inner2_t[2];
      
      And causes:
      
      ./def-clang.h:10:30: error: array has incomplete element type 'struct inner'
      	typedef struct inner inner2_t[2];
      
      To fix this, clear through_ptr whenever we encounter an intermediate
      array, to make the inner struct part of a strong link and force full
      declaration.
      
      Fixes: 351131b5 ("libbpf: add btf_dump API for BTF-to-C conversion")
      Signed-off-by: default avatarJean-Philippe Brucker <jean-philippe@linaro.org>
      Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
      Link: https://lore.kernel.org/bpf/20210319112554.794552-2-jean-philippe@linaro.org
      901ee1d7
    • Hangbin Liu's avatar
      selftests: forwarding: vxlan_bridge_1d: Fix vxlan ecn decapsulate value · 5aa3c334
      Hangbin Liu authored
      The ECN bit defines ECT(1) = 1, ECT(0) = 2. So inner 0x02 + outer 0x01
      should be inner ECT(0) + outer ECT(1). Based on the description of
      __INET_ECN_decapsulate, the final decapsulate value should be
      ECT(1). So fix the test expect value to 0x01.
      
      Before the fix:
      TEST: VXLAN: ECN decap: 01/02->0x02                                 [FAIL]
              Expected to capture 10 packets, got 0.
      
      After the fix:
      TEST: VXLAN: ECN decap: 01/02->0x01                                 [ OK ]
      
      Fixes: a0b61f3d ("selftests: forwarding: vxlan_bridge_1d: Add an ECN decap test")
      Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5aa3c334
    • Mat Martineau's avatar
      mptcp: Change mailing list address · ef2ef02c
      Mat Martineau authored
      The mailing list for MPTCP maintenance has moved to the
      kernel.org-supported mptcp@lists.linux.dev address.
      
      Complete, combined archives for both lists are now hosted at
      https://lore.kernel.org/mptcp
      
      Cc: Matthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      Acked-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ef2ef02c
    • David S. Miller's avatar
      Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue · 3c16e398
      David S. Miller authored
      Tony Nguyen says:
      
      ====================
      Intel Wired LAN Driver Updates 2021-03-19
      
      This series contains updates to e1000e and igb drivers.
      
      Tom Seewald fixes duplicate guard issues by including the driver name in
      the guard for e1000e and igb.
      
      Jesse adds checks that timestamping is on and valid to avoid possible
      issues with a misinterpreted time stamp for igb.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3c16e398
    • David Brazdil's avatar
      selinux: vsock: Set SID for socket returned by accept() · 1f935e8e
      David Brazdil authored
      For AF_VSOCK, accept() currently returns sockets that are unlabelled.
      Other socket families derive the child's SID from the SID of the parent
      and the SID of the incoming packet. This is typically done as the
      connected socket is placed in the queue that accept() removes from.
      
      Reuse the existing 'security_sk_clone' hook to copy the SID from the
      parent (server) socket to the child. There is no packet SID in this
      case.
      
      Fixes: d021c344 ("VSOCK: Introduce VM Sockets")
      Signed-off-by: default avatarDavid Brazdil <dbrazdil@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1f935e8e
    • Corentin Labbe's avatar
      net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes · 014dfa26
      Corentin Labbe authored
      MTU cannot be changed on dwmac-sun8i. (ip link set eth0 mtu xxx returning EINVAL)
      This is due to tx_fifo_size being 0, since this value is used to compute valid
      MTU range.
      Like dwmac-sunxi (with commit 806fd188 ("net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes"))
      dwmac-sun8i need to have tx and rx fifo sizes set.
      I have used values from datasheets.
      After this patch, setting a non-default MTU (like 1000) value works and network is still useable.
      
      Tested-on: sun8i-h3-orangepi-pc
      Tested-on: sun8i-r40-bananapi-m2-ultra
      Tested-on: sun50i-a64-bananapi-m64
      Tested-on: sun50i-h5-nanopi-neo-plus2
      Tested-on: sun50i-h6-pine-h64
      Fixes: 9f93ac8d ("net-next: stmmac: Add dwmac-sun8i")
      Reported-by: default avatarBelisko Marek <marek.belisko@gmail.com>
      Signed-off-by: default avatarCorentin Labbe <clabbe@baylibre.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      014dfa26