1. 21 Jun, 2021 12 commits
  2. 19 Jun, 2021 2 commits
    • Jakub Kicinski's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · adc2e56e
      Jakub Kicinski authored
      Trivial conflicts in net/can/isotp.c and
      tools/testing/selftests/net/mptcp/mptcp_connect.sh
      
      scaled_ppm_to_ppb() was moved from drivers/ptp/ptp_clock.c
      to include/linux/ptp_clock_kernel.h in -next so re-apply
      the fix there.
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      adc2e56e
    • Linus Torvalds's avatar
      Merge tag 'net-5.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 9ed13a17
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Networking fixes for 5.13-rc7, including fixes from wireless, bpf,
        bluetooth, netfilter and can.
      
        Current release - regressions:
      
         - mlxsw: spectrum_qdisc: Pass handle, not band number to find_class()
           to fix modifying offloaded qdiscs
      
         - lantiq: net: fix duplicated skb in rx descriptor ring
      
         - rtnetlink: fix regression in bridge VLAN configuration, empty info
           is not an error, bot-generated "fix" was not needed
      
         - libbpf: s/rx/tx/ typo on umem->rx_ring_setup_done to fix umem
           creation
      
        Current release - new code bugs:
      
         - ethtool: fix NULL pointer dereference during module EEPROM dump via
           the new netlink API
      
         - mlx5e: don't update netdev RQs with PTP-RQ, the special purpose
           queue should not be visible to the stack
      
         - mlx5e: select special PTP queue only for SKBTX_HW_TSTAMP skbs
      
         - mlx5e: verify dev is present in get devlink port ndo, avoid a panic
      
        Previous releases - regressions:
      
         - neighbour: allow NUD_NOARP entries to be force GCed
      
         - further fixes for fallout from reorg of WiFi locking (staging:
           rtl8723bs, mac80211, cfg80211)
      
         - skbuff: fix incorrect msg_zerocopy copy notifications
      
         - mac80211: fix NULL ptr deref for injected rate info
      
         - Revert "net/mlx5: Arm only EQs with EQEs" it may cause missed IRQs
      
        Previous releases - always broken:
      
         - bpf: more speculative execution fixes
      
         - netfilter: nft_fib_ipv6: skip ipv6 packets from any to link-local
      
         - udp: fix race between close() and udp_abort() resulting in a panic
      
         - fix out of bounds when parsing TCP options before packets are
           validated (in netfilter: synproxy, tc: sch_cake and mptcp)
      
         - mptcp: improve operation under memory pressure, add missing
           wake-ups
      
         - mptcp: fix double-lock/soft lookup in subflow_error_report()
      
         - bridge: fix races (null pointer deref and UAF) in vlan tunnel
           egress
      
         - ena: fix DMA mapping function issues in XDP
      
         - rds: fix memory leak in rds_recvmsg
      
        Misc:
      
         - vrf: allow larger MTUs
      
         - icmp: don't send out ICMP messages with a source address of 0.0.0.0
      
         - cdc_ncm: switch to eth%d interface naming"
      
      * tag 'net-5.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (139 commits)
        net: ethernet: fix potential use-after-free in ec_bhf_remove
        selftests/net: Add icmp.sh for testing ICMP dummy address responses
        icmp: don't send out ICMP messages with a source address of 0.0.0.0
        net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY
        net: ll_temac: Fix TX BD buffer overwrite
        net: ll_temac: Add memory-barriers for TX BD access
        net: ll_temac: Make sure to free skb when it is completely used
        MAINTAINERS: add Guvenc as SMC maintainer
        bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path
        bnxt_en: Fix TQM fastpath ring backing store computation
        bnxt_en: Rediscover PHY capabilities after firmware reset
        cxgb4: fix wrong shift.
        mac80211: handle various extensible elements correctly
        mac80211: reset profile_periodicity/ema_ap
        cfg80211: avoid double free of PMSR request
        cfg80211: make certificate generation more robust
        mac80211: minstrel_ht: fix sample time check
        net: qed: Fix memcpy() overflow of qed_dcbx_params()
        net: cdc_eem: fix tx fixup skb leak
        net: hamradio: fix memory leak in mkiss_close
        ...
      9ed13a17
  3. 18 Jun, 2021 26 commits
    • Linus Torvalds's avatar
      Merge tag 'for-5.13-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 6fab154a
      Linus Torvalds authored
      Pull btrfs fix from David Sterba:
       "One more fix, for a space accounting bug in zoned mode. It happens
        when a block group is switched back rw->ro and unusable bytes (due to
        zoned constraints) are subtracted twice.
      
        It has user visible effects so I consider it important enough for late
        -rc inclusion and backport to stable"
      
      * tag 'for-5.13-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: zoned: fix negative space_info->bytes_readonly
      6fab154a
    • Linus Torvalds's avatar
      Merge tag 'pci-v5.13-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 728a748b
      Linus Torvalds authored
      Pull PCI fixes from Bjorn Helgaas:
      
       - Clear 64-bit flag for host bridge windows below 4GB to fix a resource
         allocation regression added in -rc1 (Punit Agrawal)
      
       - Fix tegra194 MCFG quirk build regressions added in -rc1 (Jon Hunter)
      
       - Avoid secondary bus resets on TI KeyStone C667X devices (Antti
         Järvinen)
      
       - Avoid secondary bus resets on some NVIDIA GPUs (Shanker Donthineni)
      
       - Work around FLR erratum on Huawei Intelligent NIC VF (Chiqijun)
      
       - Avoid broken ATS on AMD Navi14 GPU (Evan Quan)
      
       - Trust Broadcom BCM57414 NIC to isolate functions even though it
         doesn't advertise ACS support (Sriharsha Basavapatna)
      
       - Work around AMD RS690 BIOSes that don't configure DMA above 4GB
         (Mikel Rychliski)
      
       - Fix panic during PIO transfer on Aardvark controller (Pali Rohár)
      
      * tag 'pci-v5.13-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: aardvark: Fix kernel panic during PIO transfer
        PCI: Add AMD RS690 quirk to enable 64-bit DMA
        PCI: Add ACS quirk for Broadcom BCM57414 NIC
        PCI: Mark AMD Navi14 GPU ATS as broken
        PCI: Work around Huawei Intelligent NIC VF FLR erratum
        PCI: Mark some NVIDIA GPUs to avoid bus reset
        PCI: Mark TI C667X to avoid bus reset
        PCI: tegra194: Fix MCFG quirk build regressions
        PCI: of: Clear 64-bit flag for non-prefetchable memory below 4GB
      728a748b
    • Matthew Wilcox (Oracle)'s avatar
      afs: Re-enable freezing once a page fault is interrupted · 9620ad86
      Matthew Wilcox (Oracle) authored
      If a task is killed during a page fault, it does not currently call
      sb_end_pagefault(), which means that the filesystem cannot be frozen
      at any time thereafter.  This may be reported by lockdep like this:
      
      ====================================
      WARNING: fsstress/10757 still has locks held!
      5.13.0-rc4-build4+ #91 Not tainted
      ------------------------------------
      1 lock held by fsstress/10757:
       #0: ffff888104eac530
       (
      sb_pagefaults
      
      as filesystem freezing is modelled as a lock.
      
      Fix this by removing all the direct returns from within the function,
      and using 'ret' to indicate whether we were interrupted or successful.
      
      Fixes: 1cf7a151 ("afs: Implement shared-writeable mmap")
      Signed-off-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: linux-afs@lists.infradead.org
      Link: https://lore.kernel.org/r/20210616154900.1958373-1-willy@infradead.org/Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9620ad86
    • David S. Miller's avatar
      Merge branch 'RPMSG-WWAN-CTRL-driver' · 4bea7207
      David S. Miller authored
      Stephan Gerhold says:
      
      ====================
      net: wwan: Add RPMSG WWAN CTRL driver
      
      This patch series adds a WWAN "control" driver for the remote processor
      messaging (rpmsg) subsystem. This subsystem allows communicating with
      an integrated modem DSP on many Qualcomm SoCs, e.g. MSM8916 or MSM8974.
      
      The driver is a fairly simple glue layer between WWAN and RPMSG
      and is mostly based on the existing mhi_wwan_ctrl.c and rpmsg_char.c.
      
      For more information, see commit message in PATCH 2/3.
      
      I already posted a RFC for this a while ago:
      https://lore.kernel.org/linux-arm-msm/YLfL9Q+4860uqS8f@gerhold.net/
      and now I'm looking for some feedback for the actual changes. :)
      
      Changes in v3:
        - PATCH 2/3: Clarify commit message
        - PATCH 3/3: Fix build error for cdc-wdm.c, use extra tx_blocking() op instead
      v2: https://lore.kernel.org/netdev/20210618075243.42046-1-stephan@gerhold.net/
      
      Changes in v2: Only in PATCH 3/3
        - Fix EPOLLOUT being always set even if poll op is defined
        - Rename poll() op -> tx_poll() since it should be only used for TX
      v1: https://lore.kernel.org/netdev/20210615133229.213064-1-stephan@gerhold.net/
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4bea7207
    • Stephan Gerhold's avatar
      net: wwan: Allow WWAN drivers to provide blocking tx and poll function · 31c143f7
      Stephan Gerhold authored
      At the moment, the WWAN core provides wwan_port_txon/off() to implement
      blocking writes. The tx() port operation should not block, instead
      wwan_port_txon/off() should be called when the TX queue is full or has
      free space again.
      
      However, in some cases it is not straightforward to make use of that
      functionality. For example, the RPMSG API used by rpmsg_wwan_ctrl.c
      does not provide any way to be notified when the TX queue has space
      again. Instead, it only provides the following operations:
      
        - rpmsg_send(): blocking write (wait until there is space)
        - rpmsg_trysend(): non-blocking write (return error if no space)
        - rpmsg_poll(): set poll flags depending on TX queue state
      
      Generally that's totally sufficient for implementing a char device,
      but it does not fit well to the currently provided WWAN port ops.
      
      Most of the time, using the non-blocking rpmsg_trysend() in the
      WWAN tx() port operation works just fine. However, with high-frequent
      writes to the char device it is possible to trigger a situation
      where this causes issues. For example, consider the following
      (somewhat unrealistic) example:
      
       # dd if=/dev/zero bs=1000 of=/dev/wwan0qmi0
       dd: error writing '/dev/wwan0qmi0': Resource temporarily unavailable
       1+0 records out
      
      This fails immediately after writing the first record. It's likely
      only a matter of time until this triggers issues for some real application
      (e.g. ModemManager sending a lot of large QMI packets).
      
      The rpmsg_char device does not have this problem, because it uses
      rpmsg_trysend() and rpmsg_poll() to support non-blocking operations.
      Make it possible to use the same in the RPMSG WWAN driver by adding
      two new optional wwan_port_ops:
      
        - tx_blocking(): send data blocking if allowed
        - tx_poll(): set additional TX poll flags
      
      This integrates nicely with the RPMSG API and does not require
      any change in existing WWAN drivers.
      
      With these changes, the dd example above blocks instead of exiting
      with an error.
      
      Cc: Loic Poulain <loic.poulain@linaro.org>
      Signed-off-by: default avatarStephan Gerhold <stephan@gerhold.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      31c143f7
    • Stephan Gerhold's avatar
      net: wwan: Add RPMSG WWAN CTRL driver · 5e90abf4
      Stephan Gerhold authored
      The remote processor messaging (rpmsg) subsystem provides an interface
      to communicate with other remote processors. On many Qualcomm SoCs this
      is used to communicate with an integrated modem DSP that implements most
      of the modem functionality and provides high-level protocols like
      QMI or AT to allow controlling the modem.
      
      For QMI, most older Qualcomm SoCs (e.g. MSM8916/MSM8974) have
      a standalone "DATA5_CNTL" channel that allows exchanging QMI messages.
      Note that newer SoCs (e.g. SDM845) only allow exchanging QMI messages
      via a shared QRTR channel that is available via a socket API on Linux.
      
      For AT, the "DATA4" channel accepts at least a limited set of AT
      commands, on many older and newer Qualcomm SoCs, although QMI is
      typically the preferred control protocol.
      
      Often there are additional QMI/AT channels (usually named DATA*_CNTL
      for QMI and DATA* for AT), but it is not clear if those are really
      functional on all devices. Also, at the moment there is no use case
      for having multiple QMI/AT ports. If needed more channels could be
      added later after more testing.
      
      Note that the data path (network interface) is entirely separate
      from the control path and varies between Qualcomm SoCs, e.g. "IPA"
      on newer Qualcomm SoCs or "BAM-DMUX" on some older ones.
      
      The RPMSG WWAN CTRL driver exposes the QMI/AT control ports via the
      WWAN subsystem, and therefore allows userspace like ModemManager to
      set up the modem. Until now, ModemManager had to use the RPMSG-specific
      rpmsg-char where the channels must be explicitly exposed as a char
      device first and don't show up directly in sysfs.
      
      The driver is a fairly simple glue layer between WWAN and RPMSG
      and is mostly based on the existing mhi_wwan_ctrl.c and rpmsg_char.c.
      
      Cc: Loic Poulain <loic.poulain@linaro.org>
      Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: default avatarStephan Gerhold <stephan@gerhold.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5e90abf4
    • Stephan Gerhold's avatar
      rpmsg: core: Add driver_data for rpmsg_device_id · 60302ce4
      Stephan Gerhold authored
      Most device_id structs provide a driver_data field that can be used
      by drivers to associate data more easily for a particular device ID.
      Add the same for the rpmsg_device_id.
      
      Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: default avatarStephan Gerhold <stephan@gerhold.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      60302ce4
    • David S. Miller's avatar
      Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue · 01bf086b
      David S. Miller authored
      Jesse Brandeburg says:
      
      ====================
      100GbE Intel Wired LAN Driver Updates 2021-06-18
      
      Update three of the Intel Ethernet drivers with similar (but not the
      same) improvements to simplify the packet type table init, while removing
      an unused structure entry. For the ice driver, the table is extended
      to 10 bits, which is the hardware limit, and for now is initialized
      to zero.
      
      The end result is slightly reduced memory usage, removal of a bunch
      of code, and more specific initialization.
      ====================
      Signed-off-by: default avatarStefano Garzarella <sgarzare@redhat.com>
      01bf086b
    • David S. Miller's avatar
      Revert "net: add pf_family_names[] for protocol family" · 103ebe65
      David S. Miller authored
      This reverts commit 1f3c98ea.
      
      Does not build...
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      103ebe65
    • Yejune Deng's avatar
      net: add pf_family_names[] for protocol family · 1f3c98ea
      Yejune Deng authored
      Modify the pr_info content from int to char *, this looks more readable.
      Signed-off-by: default avatarYejune Deng <yejune.deng@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1f3c98ea
    • Pavel Skripkin's avatar
      net: ethernet: fix potential use-after-free in ec_bhf_remove · 9cca0c2d
      Pavel Skripkin authored
      static void ec_bhf_remove(struct pci_dev *dev)
      {
      ...
      	struct ec_bhf_priv *priv = netdev_priv(net_dev);
      
      	unregister_netdev(net_dev);
      	free_netdev(net_dev);
      
      	pci_iounmap(dev, priv->dma_io);
      	pci_iounmap(dev, priv->io);
      ...
      }
      
      priv is netdev private data, but it is used
      after free_netdev(). It can cause use-after-free when accessing priv
      pointer. So, fix it by moving free_netdev() after pci_iounmap()
      calls.
      
      Fixes: 6af55ff5 ("Driver for Beckhoff CX5020 EtherCAT master module.")
      Signed-off-by: default avatarPavel Skripkin <paskripkin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9cca0c2d
    • David S. Miller's avatar
      Merge branch 'csock-seqpoacket-small-fixes' · 0d1ad06a
      David S. Miller authored
      Stefano Garzarella says:
      
      ====================
      vsock: small fixes for seqpacket support
      
      This series contains few patches to clean up a bit the code
      of seqpacket recently merged in the net-next tree.
      
      No functionality changes.
      ====================
      Signed-off-by: default avatarStefano Garzarella <sgarzare@redhat.com>
      0d1ad06a
    • Stefano Garzarella's avatar
      vsock/virtio: remove redundant `copy_failed` variable · 91aa49a8
      Stefano Garzarella authored
      When memcpy_to_msg() fails in virtio_transport_seqpacket_do_dequeue(),
      we already set `dequeued_len` with the negative error value returned
      by memcpy_to_msg().
      
      So we can directly check `dequeued_len` value instead of using a
      dedicated flag variable to skip the copy path for the rest of
      fragments.
      Signed-off-by: default avatarStefano Garzarella <sgarzare@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      91aa49a8
    • Stefano Garzarella's avatar
      vsock: rename vsock_wait_data() · 0de5b2e6
      Stefano Garzarella authored
      vsock_wait_data() is used only by STREAM and SEQPACKET sockets,
      so let's rename it to vsock_connectible_wait_data(), using the same
      nomenclature (connectible) used in other functions after the
      introduction of SEQPACKET.
      Signed-off-by: default avatarStefano Garzarella <sgarzare@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0de5b2e6
    • Stefano Garzarella's avatar
      vsock: rename vsock_has_data() · cc97141a
      Stefano Garzarella authored
      vsock_has_data() is used only by STREAM and SEQPACKET sockets,
      so let's rename it to vsock_connectible_has_data(), using the same
      nomenclature (connectible) used in other functions after the
      introduction of SEQPACKET.
      Signed-off-by: default avatarStefano Garzarella <sgarzare@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cc97141a
    • wengjianfeng's avatar
      NFC: nxp-nci: remove unnecessary label · 7437a223
      wengjianfeng authored
      Remove unnecessary label chunk_exit and return directly.
      Signed-off-by: default avatarwengjianfeng <wengjianfeng@yulong.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7437a223
    • Vladimir Oltean's avatar
      net: dsa: sja1105: completely error out in sja1105_static_config_reload if something fails · 61c77533
      Vladimir Oltean authored
      If reloading the static config fails for whatever reason, for example if
      sja1105_static_config_check_valid() fails, then we "goto out_unlock_ptp"
      but we print anyway that "Reset switch and programmed static config.",
      which is confusing because we didn't. We also do a bunch of other stuff
      like reprogram the XPCS and reload the credit-based shapers, as if a
      switch reset took place, which didn't.
      
      So just unlock the PTP lock and goto out, skipping all of that.
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      61c77533
    • Vladimir Oltean's avatar
      net: dsa: sja1105: allow the TTEthernet configuration in the static config for SJA1110 · 1303e7f9
      Vladimir Oltean authored
      Currently sja1105_static_config_check_valid() is coded up to detect
      whether TTEthernet is supported based on device ID, and this check was
      not updated to cover SJA1110.
      
      However, it is desirable to have as few checks for the device ID as
      possible, so the driver core is more generic. So what we can do is look
      at the static config table operations implemented by that specific
      switch family (populated by sja1105_static_config_init) whether the
      schedule table has a non-zero maximum entry count (meaning that it is
      supported) or not.
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1303e7f9
    • Yunsheng Lin's avatar
      net: hns3: fix reuse conflict of the rx page · 96104500
      Yunsheng Lin authored
      In the current rx page reuse handling process, the rx page buffer may
      have conflict between driver and stack in high-pressure scenario.
      
      To fix this problem, we need to check whether the page is only owned
      by driver at the begin and at the end of a page to make sure there is
      no reuse conflict between driver and stack when desc_cb->page_offset
      is rollbacked to zero or increased.
      
      Fixes: fa7711b8 ("net: hns3: optimize the rx page reuse handling process")
      Signed-off-by: default avatarYunsheng Lin <linyunsheng@huawei.com>
      Signed-off-by: default avatarGuangbin Huang <huangguangbin2@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      96104500
    • Vladimir Oltean's avatar
      net: dsa: sja1105: properly power down the microcontroller clock for SJA1110 · cb5a82d2
      Vladimir Oltean authored
      It turns out that powering down the BASE_TIMER_CLK does not turn off the
      microcontroller, just its timers, including the one for the watchdog.
      So the embedded microcontroller is still running, and potentially still
      doing things.
      
      To prevent unwanted interference, we should power down the BASE_MCSS_CLK
      as well (MCSS = microcontroller subsystem).
      
      The trouble is that currently we turn off the BASE_TIMER_CLK for SJA1110
      from the .clocking_setup() method, mostly because this is a Clock
      Generation Unit (CGU) setting which was traditionally configured in that
      method for SJA1105. But in SJA1105, the CGU was used for bringing up the
      port clocks at the proper speeds, and in SJA1110 it's not (but rather
      for initial configuration), so it's best that we rebrand the
      sja1110_clocking_setup() method into what it really is - an implementation
      of the .disable_microcontroller() method.
      
      Since disabling the microcontroller only needs to be done once, at probe
      time, we can choose the best place to do that as being in sja1105_setup(),
      before we upload the static config to the device. This guarantees that
      the static config being used by the switch afterwards is really ours.
      
      Note that the procedure to upload a static config necessarily resets the
      switch. This already did not reset the microcontroller, only the switch
      core, so since the .disable_microcontroller() method is guaranteed to be
      called by that point, if it's disabled, it remains disabled. Add a
      comment to make that clear.
      
      With the code movement for SJA1110 from .clocking_setup() to
      .disable_microcontroller(), both methods are optional and are guarded by
      "if" conditions.
      
      Tested by enabling in the device tree the rev-mii switch port 0 that
      goes towards the microcontroller, and flashing a firmware that would
      have networking. Without this patch, the microcontroller can be pinged,
      with this patch it cannot.
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cb5a82d2
    • David S. Miller's avatar
      Merge tag 'mac80211-for-net-2021-06-18' of... · 0d1dc9e1
      David S. Miller authored
      Merge tag 'mac80211-for-net-2021-06-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      
      Johannes Berg says:
      
      ====================
      A couple of straggler fixes:
       * a minstrel HT sample check fix
       * peer measurement could double-free on races
       * certificate file generation at build time could
         sometimes hang
       * some parameters weren't reset between connections
         in mac80211
       * some extensible elements were treated as non-
         extensible, possibly causuing bad connections
         (or failures) if the AP adds data
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0d1dc9e1
    • Toke Høiland-Jørgensen's avatar
      selftests/net: Add icmp.sh for testing ICMP dummy address responses · 7e9838b7
      Toke Høiland-Jørgensen authored
      This adds a new icmp.sh selftest for testing that the kernel will respond
      correctly with an ICMP unreachable message with the dummy (192.0.0.8)
      source address when there are no IPv4 addresses configured to use as source
      addresses.
      Signed-off-by: default avatarToke Høiland-Jørgensen <toke@redhat.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7e9838b7
    • Toke Høiland-Jørgensen's avatar
      icmp: don't send out ICMP messages with a source address of 0.0.0.0 · 32182747
      Toke Høiland-Jørgensen authored
      When constructing ICMP response messages, the kernel will try to pick a
      suitable source address for the outgoing packet. However, if no IPv4
      addresses are configured on the system at all, this will fail and we end up
      producing an ICMP message with a source address of 0.0.0.0. This can happen
      on a box routing IPv4 traffic via v6 nexthops, for instance.
      
      Since 0.0.0.0 is not generally routable on the internet, there's a good
      chance that such ICMP messages will never make it back to the sender of the
      original packet that the ICMP message was sent in response to. This, in
      turn, can create connectivity and PMTUd problems for senders. Fortunately,
      RFC7600 reserves a dummy address to be used as a source for ICMP
      messages (192.0.0.8/32), so let's teach the kernel to substitute that
      address as a last resort if the regular source address selection procedure
      fails.
      
      Below is a quick example reproducing this issue with network namespaces:
      
      ip netns add ns0
      ip l add type veth peer netns ns0
      ip l set dev veth0 up
      ip a add 10.0.0.1/24 dev veth0
      ip a add fc00:dead:cafe:42::1/64 dev veth0
      ip r add 10.1.0.0/24 via inet6 fc00:dead:cafe:42::2
      ip -n ns0 l set dev veth0 up
      ip -n ns0 a add fc00:dead:cafe:42::2/64 dev veth0
      ip -n ns0 r add 10.0.0.0/24 via inet6 fc00:dead:cafe:42::1
      ip netns exec ns0 sysctl -w net.ipv4.icmp_ratelimit=0
      ip netns exec ns0 sysctl -w net.ipv4.ip_forward=1
      tcpdump -tpni veth0 -c 2 icmp &
      ping -w 1 10.1.0.1 > /dev/null
      tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
      listening on veth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
      IP 10.0.0.1 > 10.1.0.1: ICMP echo request, id 29, seq 1, length 64
      IP 0.0.0.0 > 10.0.0.1: ICMP net 10.1.0.1 unreachable, length 92
      2 packets captured
      2 packets received by filter
      0 packets dropped by kernel
      
      With this patch the above capture changes to:
      IP 10.0.0.1 > 10.1.0.1: ICMP echo request, id 31127, seq 1, length 64
      IP 192.0.0.8 > 10.0.0.1: ICMP net 10.1.0.1 unreachable, length 92
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Reported-by: default avatarJuliusz Chroboczek <jch@irif.fr>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Signed-off-by: default avatarToke Høiland-Jørgensen <toke@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      32182747
    • Esben Haabendal's avatar
      net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY · f6396341
      Esben Haabendal authored
      As documented in Documentation/networking/driver.rst, the ndo_start_xmit
      method must not return NETDEV_TX_BUSY under any normal circumstances, and
      as recommended, we simply stop the tx queue in advance, when there is a
      risk that the next xmit would cause a NETDEV_TX_BUSY return.
      Signed-off-by: default avatarEsben Haabendal <esben@geanix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f6396341
    • Esben Haabendal's avatar
      net: ll_temac: Fix TX BD buffer overwrite · c364df24
      Esben Haabendal authored
      Just as the initial check, we need to ensure num_frag+1 buffers available,
      as that is the number of buffers we are going to use.
      
      This fixes a buffer overflow, which might be seen during heavy network
      load. Complete lockup of TEMAC was reproducible within about 10 minutes of
      a particular load.
      
      Fixes: 84823ff8 ("net: ll_temac: Fix race condition causing TX hang")
      Cc: stable@vger.kernel.org # v5.4+
      Signed-off-by: default avatarEsben Haabendal <esben@geanix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c364df24
    • Esben Haabendal's avatar
      net: ll_temac: Add memory-barriers for TX BD access · 28d9fab4
      Esben Haabendal authored
      Add a couple of memory-barriers to ensure correct ordering of read/write
      access to TX BDs.
      
      In xmit_done, we should ensure that reading the additional BD fields are
      only done after STS_CTRL_APP0_CMPLT bit is set.
      
      When xmit_done marks the BD as free by setting APP0=0, we need to ensure
      that the other BD fields are reset first, so we avoid racing with the xmit
      path, which writes to the same fields.
      
      Finally, making sure to read APP0 of next BD after the current BD, ensures
      that we see all available buffers.
      Signed-off-by: default avatarEsben Haabendal <esben@geanix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      28d9fab4