1. 31 Jul, 2019 7 commits
  2. 30 Jul, 2019 13 commits
    • xiaofeis's avatar
      net: dsa: qca8k: enable port flow control · abb48f80
      xiaofeis authored
      Set phy device advertising to enable MAC flow control.
      Signed-off-by: default avatarXiaofei Shen <xiaofeis@codeaurora.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      abb48f80
    • Arnd Bergmann's avatar
      compat_ioctl: pppoe: fix PPPOEIOCSFWD handling · 055d8824
      Arnd Bergmann authored
      Support for handling the PPPOEIOCSFWD ioctl in compat mode was added in
      linux-2.5.69 along with hundreds of other commands, but was always broken
      sincen only the structure is compatible, but the command number is not,
      due to the size being sizeof(size_t), or at first sizeof(sizeof((struct
      sockaddr_pppox)), which is different on 64-bit architectures.
      
      Guillaume Nault adds:
      
        And the implementation was broken until 2016 (see 29e73269 ("pppoe:
        fix reference counting in PPPoE proxy")), and nobody ever noticed. I
        should probably have removed this ioctl entirely instead of fixing it.
        Clearly, it has never been used.
      
      Fix it by adding a compat_ioctl handler for all pppoe variants that
      translates the command number and then calls the regular ioctl function.
      
      All other ioctl commands handled by pppoe are compatible between 32-bit
      and 64-bit, and require compat_ptr() conversion.
      
      This should apply to all stable kernels.
      Acked-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      055d8824
    • Jon Maloy's avatar
      tipc: fix unitilized skb list crash · 2948a1fc
      Jon Maloy authored
      Our test suite somtimes provokes the following crash:
      
      Description of problem:
      [ 1092.597234] BUG: unable to handle kernel NULL pointer dereference at 00000000000000e8
      [ 1092.605072] PGD 0 P4D 0
      [ 1092.607620] Oops: 0000 [#1] SMP PTI
      [ 1092.611118] CPU: 37 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 4.18.0-122.el8.x86_64 #1
      [ 1092.619724] Hardware name: Dell Inc. PowerEdge R740/08D89F, BIOS 1.3.7 02/08/2018
      [ 1092.627215] RIP: 0010:tipc_mcast_filter_msg+0x93/0x2d0 [tipc]
      [ 1092.632955] Code: 0f 84 aa 01 00 00 89 cf 4d 01 ca 4c 8b 26 c1 ef 19 83 e7 0f 83 ff 0c 4d 0f 45 d1 41 8b 6a 10 0f cd 4c 39 e6 0f 84 81 01 00 00 <4d> 8b 9c 24 e8 00 00 00 45 8b 13 41 0f ca 44 89 d7 c1 ef 13 83 e7
      [ 1092.651703] RSP: 0018:ffff929e5fa83a18 EFLAGS: 00010282
      [ 1092.656927] RAX: ffff929e3fb38100 RBX: 00000000069f29ee RCX: 00000000416c0045
      [ 1092.664058] RDX: ffff929e5fa83a88 RSI: ffff929e31a28420 RDI: 0000000000000000
      [ 1092.671209] RBP: 0000000029b11821 R08: 0000000000000000 R09: ffff929e39b4407a
      [ 1092.678343] R10: ffff929e39b4407a R11: 0000000000000007 R12: 0000000000000000
      [ 1092.685475] R13: 0000000000000001 R14: ffff929e3fb38100 R15: ffff929e39b4407a
      [ 1092.692614] FS:  0000000000000000(0000) GS:ffff929e5fa80000(0000) knlGS:0000000000000000
      [ 1092.700702] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 1092.706447] CR2: 00000000000000e8 CR3: 000000031300a004 CR4: 00000000007606e0
      [ 1092.713579] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [ 1092.720712] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [ 1092.727843] PKRU: 55555554
      [ 1092.730556] Call Trace:
      [ 1092.733010]  <IRQ>
      [ 1092.735034]  tipc_sk_filter_rcv+0x7ca/0xb80 [tipc]
      [ 1092.739828]  ? __kmalloc_node_track_caller+0x1cb/0x290
      [ 1092.744974]  ? dev_hard_start_xmit+0xa5/0x210
      [ 1092.749332]  tipc_sk_rcv+0x389/0x640 [tipc]
      [ 1092.753519]  tipc_sk_mcast_rcv+0x23c/0x3a0 [tipc]
      [ 1092.758224]  tipc_rcv+0x57a/0xf20 [tipc]
      [ 1092.762154]  ? ktime_get_real_ts64+0x40/0xe0
      [ 1092.766432]  ? tpacket_rcv+0x50/0x9f0
      [ 1092.770098]  tipc_l2_rcv_msg+0x4a/0x70 [tipc]
      [ 1092.774452]  __netif_receive_skb_core+0xb62/0xbd0
      [ 1092.779164]  ? enqueue_entity+0xf6/0x630
      [ 1092.783084]  ? kmem_cache_alloc+0x158/0x1c0
      [ 1092.787272]  ? __build_skb+0x25/0xd0
      [ 1092.790849]  netif_receive_skb_internal+0x42/0xf0
      [ 1092.795557]  napi_gro_receive+0xba/0xe0
      [ 1092.799417]  mlx5e_handle_rx_cqe+0x83/0xd0 [mlx5_core]
      [ 1092.804564]  mlx5e_poll_rx_cq+0xd5/0x920 [mlx5_core]
      [ 1092.809536]  mlx5e_napi_poll+0xb2/0xce0 [mlx5_core]
      [ 1092.814415]  ? __wake_up_common_lock+0x89/0xc0
      [ 1092.818861]  net_rx_action+0x149/0x3b0
      [ 1092.822616]  __do_softirq+0xe3/0x30a
      [ 1092.826193]  irq_exit+0x100/0x110
      [ 1092.829512]  do_IRQ+0x85/0xd0
      [ 1092.832483]  common_interrupt+0xf/0xf
      [ 1092.836147]  </IRQ>
      [ 1092.838255] RIP: 0010:cpuidle_enter_state+0xb7/0x2a0
      [ 1092.843221] Code: e8 3e 79 a5 ff 80 7c 24 03 00 74 17 9c 58 0f 1f 44 00 00 f6 c4 02 0f 85 d7 01 00 00 31 ff e8 a0 6b ab ff fb 66 0f 1f 44 00 00 <48> b8 ff ff ff ff f3 01 00 00 4c 29 f3 ba ff ff ff 7f 48 39 c3 7f
      [ 1092.861967] RSP: 0018:ffffaa5ec6533e98 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffdd
      [ 1092.869530] RAX: ffff929e5faa3100 RBX: 000000fe63dd2092 RCX: 000000000000001f
      [ 1092.876665] RDX: 000000fe63dd2092 RSI: 000000003a518aaa RDI: 0000000000000000
      [ 1092.883795] RBP: 0000000000000003 R08: 0000000000000004 R09: 0000000000022940
      [ 1092.890929] R10: 0000040cb0666b56 R11: ffff929e5faa20a8 R12: ffff929e5faade78
      [ 1092.898060] R13: ffffffffb59258f8 R14: 000000fe60f3228d R15: 0000000000000000
      [ 1092.905196]  ? cpuidle_enter_state+0x92/0x2a0
      [ 1092.909555]  do_idle+0x236/0x280
      [ 1092.912785]  cpu_startup_entry+0x6f/0x80
      [ 1092.916715]  start_secondary+0x1a7/0x200
      [ 1092.920642]  secondary_startup_64+0xb7/0xc0
      [...]
      
      The reason is that the skb list tipc_socket::mc_method.deferredq only
      is initialized for connectionless sockets, while nothing stops arriving
      multicast messages from being filtered by connection oriented sockets,
      with subsequent access to the said list.
      
      We fix this by initializing the list unconditionally at socket creation.
      This eliminates the crash, while the message still is dropped further
      down in tipc_sk_filter_rcv() as it should be.
      Reported-by: default avatarLi Shuang <shuali@redhat.com>
      Signed-off-by: default avatarJon Maloy <jon.maloy@ericsson.com>
      Reviewed-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2948a1fc
    • David S. Miller's avatar
      Merge tag 'rxrpc-fixes-20190730' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs · a17c42f9
      David S. Miller authored
      David Howells says:
      
      ====================
      Here are a couple of fixes for rxrpc:
      
       (1) Fix a potential deadlock in the peer keepalive dispatcher.
      
       (2) Fix a missing notification when a UDP sendmsg error occurs in rxrpc.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a17c42f9
    • YueHaibing's avatar
      enetc: Fix build error without PHYLIB · 5f4e4203
      YueHaibing authored
      If PHYLIB is not set, build enetc will fails:
      
      drivers/net/ethernet/freescale/enetc/enetc.o: In function `enetc_open':
      enetc.c: undefined reference to `phy_disconnect'
      enetc.c: undefined reference to `phy_start'
      drivers/net/ethernet/freescale/enetc/enetc.o: In function `enetc_close':
      enetc.c: undefined reference to `phy_stop'
      enetc.c: undefined reference to `phy_disconnect'
      drivers/net/ethernet/freescale/enetc/enetc_ethtool.o: undefined reference to `phy_ethtool_get_link_ksettings'
      drivers/net/ethernet/freescale/enetc/enetc_ethtool.o: undefined reference to `phy_ethtool_set_link_ksettings'
      drivers/net/ethernet/freescale/enetc/enetc_mdio.o: In function `enetc_mdio_probe':
      enetc_mdio.c: undefined reference to `mdiobus_alloc_size'
      enetc_mdio.c: undefined reference to `mdiobus_free'
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Fixes: d4fd0404 ("enetc: Introduce basic PF and VF ENETC ethernet drivers")
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Acked-by: default avatarClaudiu Manoil <claudiu.manoil@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5f4e4203
    • Jose Abreu's avatar
      net: stmmac: Sync RX Buffer upon allocation · 3caa61c2
      Jose Abreu authored
      With recent changes that introduced support for Page Pool in stmmac, Jon
      reported that NFS boot was no longer working on an ARM64 based platform
      that had the IP behind an IOMMU.
      
      As Page Pool API does not guarantee DMA syncing because of the use of
      DMA_ATTR_SKIP_CPU_SYNC flag, we have to explicit sync the whole buffer upon
      re-allocation because we are always re-using same pages.
      
      In fact, ARM64 code invalidates the DMA area upon two situations [1]:
      	- sync_single_for_cpu(): Invalidates if direction != DMA_TO_DEVICE
      	- sync_single_for_device(): Invalidates if direction == DMA_FROM_DEVICE
      
      So, as we must invalidate both the current RX buffer and the newly allocated
      buffer we propose this fix.
      
      [1] arch/arm64/mm/cache.S
      Reported-by: default avatarJon Hunter <jonathanh@nvidia.com>
      Tested-by: default avatarJon Hunter <jonathanh@nvidia.com>
      Fixes: 2af6106a ("net: stmmac: Introducing support for Page Pool")
      Signed-off-by: default avatarJose Abreu <joabreu@synopsys.com>
      Tested-by: default avatarEzequiel Garcia <ezequiel@collabora.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3caa61c2
    • Colin Ian King's avatar
      mlxsw: spectrum_ptp: fix duplicated check on orig_egr_types · 2ad07086
      Colin Ian King authored
      Currently are duplicated checks on orig_egr_types which are
      redundant, I believe this is a typo and should actually be
      orig_ing_types || orig_egr_types instead of the expression
      orig_egr_types || orig_egr_types.  Fix these.
      
      Addresses-Coverity: ("Same on both sides")
      Fixes: c6b36bdd ("mlxsw: spectrum_ptp: Increase parsing depth when PTP is enabled")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2ad07086
    • Hubert Feurstein's avatar
      net: dsa: mv88e6xxx: use link-down-define instead of plain value · 43c8e0ae
      Hubert Feurstein authored
      Using the define here makes the code more expressive.
      Signed-off-by: default avatarHubert Feurstein <h.feurstein@gmail.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      43c8e0ae
    • Hubert Feurstein's avatar
      net: phy: fixed_phy: print gpio error only if gpio node is present · ab98c008
      Hubert Feurstein authored
      It is perfectly ok to not have an gpio attached to the fixed-link node. So
      the driver should not throw an error message when the gpio is missing.
      
      Fixes: 5468e82f ("net: phy: fixed-phy: Drop GPIO from fixed_phy_add()")
      Signed-off-by: default avatarHubert Feurstein <h.feurstein@gmail.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ab98c008
    • David Howells's avatar
      rxrpc: Fix the lack of notification when sendmsg() fails on a DATA packet · c69565ee
      David Howells authored
      Fix the fact that a notification isn't sent to the recvmsg side to indicate
      a call failed when sendmsg() fails to transmit a DATA packet with the error
      ENETUNREACH, EHOSTUNREACH or ECONNREFUSED.
      
      Without this notification, the afs client just sits there waiting for the
      call to complete in some manner (which it's not now going to do), which
      also pins the rxrpc call in place.
      
      This can be seen if the client has a scope-level IPv6 address, but not a
      global-level IPv6 address, and we try and transmit an operation to a
      server's IPv6 address.
      
      Looking in /proc/net/rxrpc/calls shows completed calls just sat there with
      an abort code of RX_USER_ABORT and an error code of -ENETUNREACH.
      
      Fixes: c54e43d7 ("rxrpc: Fix missing start of call timeout")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarMarc Dionne <marc.dionne@auristor.com>
      Reviewed-by: default avatarJeffrey Altman <jaltman@auristor.com>
      c69565ee
    • David Howells's avatar
      rxrpc: Fix potential deadlock · 60034d3d
      David Howells authored
      There is a potential deadlock in rxrpc_peer_keepalive_dispatch() whereby
      rxrpc_put_peer() is called with the peer_hash_lock held, but if it reduces
      the peer's refcount to 0, rxrpc_put_peer() calls __rxrpc_put_peer() - which
      the tries to take the already held lock.
      
      Fix this by providing a version of rxrpc_put_peer() that can be called in
      situations where the lock is already held.
      
      The bug may produce the following lockdep report:
      
      ============================================
      WARNING: possible recursive locking detected
      5.2.0-next-20190718 #41 Not tainted
      --------------------------------------------
      kworker/0:3/21678 is trying to acquire lock:
      00000000aa5eecdf (&(&rxnet->peer_hash_lock)->rlock){+.-.}, at: spin_lock_bh
      /./include/linux/spinlock.h:343 [inline]
      00000000aa5eecdf (&(&rxnet->peer_hash_lock)->rlock){+.-.}, at:
      __rxrpc_put_peer /net/rxrpc/peer_object.c:415 [inline]
      00000000aa5eecdf (&(&rxnet->peer_hash_lock)->rlock){+.-.}, at:
      rxrpc_put_peer+0x2d3/0x6a0 /net/rxrpc/peer_object.c:435
      
      but task is already holding lock:
      00000000aa5eecdf (&(&rxnet->peer_hash_lock)->rlock){+.-.}, at: spin_lock_bh
      /./include/linux/spinlock.h:343 [inline]
      00000000aa5eecdf (&(&rxnet->peer_hash_lock)->rlock){+.-.}, at:
      rxrpc_peer_keepalive_dispatch /net/rxrpc/peer_event.c:378 [inline]
      00000000aa5eecdf (&(&rxnet->peer_hash_lock)->rlock){+.-.}, at:
      rxrpc_peer_keepalive_worker+0x6b3/0xd02 /net/rxrpc/peer_event.c:430
      
      Fixes: 330bdcfa ("rxrpc: Fix the keepalive generator [ver #2]")
      Reported-by: syzbot+72af434e4b3417318f84@syzkaller.appspotmail.com
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarMarc Dionne <marc.dionne@auristor.com>
      Reviewed-by: default avatarJeffrey Altman <jaltman@auristor.com>
      60034d3d
    • Pablo Neira Ayuso's avatar
      Merge branch 'master' of git://blackhole.kfki.hu/nf · 7cdc4412
      Pablo Neira Ayuso authored
      Jozsef Kadlecsik says:
      
      ====================
      ipset patches for the nf tree
      
      - When the support of destination MAC addresses for hash:mac sets was
        introduced, it was forgotten to add the same functionality to hash:ip,mac
        types of sets. The patch from Stefano Brivio adds the missing part.
      - When the support of destination MAC addresses for hash:mac sets was
        introduced, a copy&paste error was made in the code of the hash:ip,mac
        and bitmap:ip,mac types: the MAC address in these set types is in
        the second position and not in the first one. Stefano Brivio's patch
        fixes the issue.
      - There was still a not properly handled concurrency handling issue
        between renaming and listing sets at the same time, reported by
        Shijie Luo.
      ====================
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      7cdc4412
    • Florian Westphal's avatar
      netfilter: ebtables: also count base chain policies · 3b48300d
      Florian Westphal authored
      ebtables doesn't include the base chain policies in the rule count,
      so we need to add them manually when we call into the x_tables core
      to allocate space for the comapt offset table.
      
      This lead syzbot to trigger:
      WARNING: CPU: 1 PID: 9012 at net/netfilter/x_tables.c:649
      xt_compat_add_offset.cold+0x11/0x36 net/netfilter/x_tables.c:649
      
      Reported-by: syzbot+276ddebab3382bbf72db@syzkaller.appspotmail.com
      Fixes: 2035f3ff ("netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present")
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      3b48300d
  3. 29 Jul, 2019 20 commits
    • Gustavo A. R. Silva's avatar
      net: smc911x: Mark expected switch fall-through · a20961cc
      Gustavo A. R. Silva authored
      Mark switch cases where we are expecting to fall through.
      
      This patch fixes the following warning (Building: arm):
      
      drivers/net/ethernet/smsc/smc911x.c: In function ‘smc911x_phy_detect’:
      drivers/net/ethernet/smsc/smc911x.c:677:7: warning: this statement may fall through [-Wimplicit-fallthrough=]
          if (cfg & HW_CFG_EXT_PHY_DET_) {
             ^
      drivers/net/ethernet/smsc/smc911x.c:715:3: note: here
         default:
         ^~~~~~~
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a20961cc
    • Gustavo A. R. Silva's avatar
      net: hamradio: baycom_epp: Mark expected switch fall-through · 7bd6ba4e
      Gustavo A. R. Silva authored
      Mark switch cases where we are expecting to fall through.
      
      This patch fixes the following warning (Building: i386):
      
      drivers/net/hamradio/baycom_epp.c: In function ‘transmit’:
      drivers/net/hamradio/baycom_epp.c:491:7: warning: this statement may fall through [-Wimplicit-fallthrough=]
          if (i) {
             ^
      drivers/net/hamradio/baycom_epp.c:504:3: note: here
         default:  /* fall through */
         ^~~~~~~
      
      Notice that, in this particular case, the code comment is
      modified in accordance with what GCC is expecting to find.
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7bd6ba4e
    • Gustavo A. R. Silva's avatar
      net: wan: sdla: Mark expected switch fall-through · 0bc10ad3
      Gustavo A. R. Silva authored
      Mark switch cases where we are expecting to fall through.
      
      This patch fixes the following warning (Building: i386):
      
      drivers/net/wan/sdla.c: In function ‘sdla_errors’:
      drivers/net/wan/sdla.c:414:7: warning: this statement may fall through [-Wimplicit-fallthrough=]
          if (cmd == SDLA_INFORMATION_WRITE)
             ^
      drivers/net/wan/sdla.c:417:3: note: here
         default:
         ^~~~~~~
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0bc10ad3
    • Enrico Weigelt's avatar
      net: sctp: drop unneeded likely() call around IS_ERR() · d4e575ba
      Enrico Weigelt authored
      IS_ERR() already calls unlikely(), so this extra unlikely() call
      around IS_ERR() is not needed.
      Signed-off-by: default avatarEnrico Weigelt <info@metux.net>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d4e575ba
    • Petr Machata's avatar
      mlxsw: spectrum_ptp: Increase parsing depth when PTP is enabled · c6b36bdd
      Petr Machata authored
      Spectrum systems have a configurable limit on how far into the packet they
      parse. By default, the limit is 96 bytes.
      
      An IPv6 PTP packet is layered as Ethernet/IPv6/UDP (14+40+8 bytes), and
      sequence ID of a PTP event is only available 32 bytes into payload, for a
      total of 94 bytes. When an additional 802.1q header is present as
      well (such as when ptp4l is running on a VLAN port), the parsing limit is
      exceeded. Such packets are not recognized as PTP, and are not timestamped.
      
      Therefore generalize the current VXLAN-specific parsing depth setting to
      allow reference-counted requests from other modules as well. Keep it in the
      VXLAN module, because the MPRS register also configures UDP destination
      port number used for VXLAN, and is thus closely tied to the VXLAN code
      anyway.
      
      Then invoke the new interfaces from both VXLAN (in obvious places), as well
      as from PTP code, when the (global) timestamping configuration changes from
      disabled to enabled or vice versa.
      
      Fixes: 87486427 ("mlxsw: spectrum: PTP: Support SIOCGHWTSTAMP, SIOCSHWTSTAMP ioctls")
      Signed-off-by: default avatarPetr Machata <petrm@mellanox.com>
      Reviewed-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c6b36bdd
    • Jozsef Kadlecsik's avatar
      netfilter: ipset: Fix rename concurrency with listing · 6c1f7e2c
      Jozsef Kadlecsik authored
      Shijie Luo reported that when stress-testing ipset with multiple concurrent
      create, rename, flush, list, destroy commands, it can result
      
      ipset <version>: Broken LIST kernel message: missing DATA part!
      
      error messages and broken list results. The problem was the rename operation
      was not properly handled with respect of listing. The patch fixes the issue.
      Reported-by: default avatarShijie Luo <luoshijie1@huawei.com>
      Signed-off-by: default avatarJozsef Kadlecsik <kadlec@netfilter.org>
      6c1f7e2c
    • Stefano Brivio's avatar
      netfilter: ipset: Copy the right MAC address in bitmap:ip,mac and hash:ip,mac sets · 1b4a7510
      Stefano Brivio authored
      In commit 8cc4ccf5 ("ipset: Allow matching on destination MAC address
      for mac and ipmac sets"), ipset.git commit 1543514c46a7, I added to the
      KADT functions for sets matching on MAC addreses the copy of source or
      destination MAC address depending on the configured match.
      
      This was done correctly for hash:mac, but for hash:ip,mac and
      bitmap:ip,mac, copying and pasting the same code block presents an
      obvious problem: in these two set types, the MAC address is the second
      dimension, not the first one, and we are actually selecting the MAC
      address depending on whether the first dimension (IP address) specifies
      source or destination.
      
      Fix this by checking for the IPSET_DIM_TWO_SRC flag in option flags.
      
      This way, mixing source and destination matches for the two dimensions
      of ip,mac set types works as expected. With this setup:
      
        ip netns add A
        ip link add veth1 type veth peer name veth2 netns A
        ip addr add 192.0.2.1/24 dev veth1
        ip -net A addr add 192.0.2.2/24 dev veth2
        ip link set veth1 up
        ip -net A link set veth2 up
      
        dst=$(ip netns exec A cat /sys/class/net/veth2/address)
      
        ip netns exec A ipset create test_bitmap bitmap:ip,mac range 192.0.0.0/16
        ip netns exec A ipset add test_bitmap 192.0.2.1,${dst}
        ip netns exec A iptables -A INPUT -m set ! --match-set test_bitmap src,dst -j DROP
      
        ip netns exec A ipset create test_hash hash:ip,mac
        ip netns exec A ipset add test_hash 192.0.2.1,${dst}
        ip netns exec A iptables -A INPUT -m set ! --match-set test_hash src,dst -j DROP
      
      ipset correctly matches a test packet:
      
        # ping -c1 192.0.2.2 >/dev/null
        # echo $?
        0
      Reported-by: default avatarChen Yi <yiche@redhat.com>
      Fixes: 8cc4ccf5 ("ipset: Allow matching on destination MAC address for mac and ipmac sets")
      Signed-off-by: default avatarStefano Brivio <sbrivio@redhat.com>
      Signed-off-by: default avatarJozsef Kadlecsik <kadlec@netfilter.org>
      1b4a7510
    • Stefano Brivio's avatar
      netfilter: ipset: Actually allow destination MAC address for hash:ip,mac sets too · b89d1548
      Stefano Brivio authored
      In commit 8cc4ccf5 ("ipset: Allow matching on destination MAC address
      for mac and ipmac sets"), ipset.git commit 1543514c46a7, I removed the
      KADT check that prevents matching on destination MAC addresses for
      hash:mac sets, but forgot to remove the same check for hash:ip,mac set.
      
      Drop this check: functionality is now commented in man pages and there's
      no reason to restrict to source MAC address matching anymore.
      Reported-by: default avatarChen Yi <yiche@redhat.com>
      Fixes: 8cc4ccf5 ("ipset: Allow matching on destination MAC address for mac and ipmac sets")
      Signed-off-by: default avatarStefano Brivio <sbrivio@redhat.com>
      Signed-off-by: default avatarJozsef Kadlecsik <kadlec@netfilter.org>
      b89d1548
    • Gustavo A. R. Silva's avatar
      net: spider_net: Mark expected switch fall-through · 52023a53
      Gustavo A. R. Silva authored
      Mark switch cases where we are expecting to fall through.
      
      This patch fixes the following warning:
      
      drivers/net/ethernet/toshiba/spider_net.c: In function 'spider_net_release_tx_chain':
      drivers/net/ethernet/toshiba/spider_net.c:783:7: warning: this statement may fall through [-Wimplicit-fallthrough=]
          if (!brutal) {
             ^
      drivers/net/ethernet/toshiba/spider_net.c:792:3: note: here
         case SPIDER_NET_DESCR_RESPONSE_ERROR:
         ^~~~
      
      Notice that, in this particular case, the code comment is
      modified in accordance with what GCC is expecting to find.
      Reported-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      52023a53
    • Gustavo A. R. Silva's avatar
      net: ehea: Mark expected switch fall-through · 6f315c42
      Gustavo A. R. Silva authored
      Mark switch cases where we are expecting to fall through.
      
      This patch fixes the following warning:
      
      drivers/net/ethernet/ibm/ehea/ehea_main.c: In function 'ehea_mem_notifier':
      include/linux/printk.h:311:2: warning: this statement may fall through [-Wimplicit-fallthrough=]
        printk(KERN_INFO pr_fmt(fmt), ##__VA_ARGS__)
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      drivers/net/ethernet/ibm/ehea/ehea_main.c:3253:3: note: in expansion of macro 'pr_info'
         pr_info("memory offlining canceled");
         ^~~~~~~
      drivers/net/ethernet/ibm/ehea/ehea_main.c:3256:2: note: here
        case MEM_ONLINE:
        ^~~~
      
      Notice that, in this particular case, the code comment is
      modified in accordance with what GCC is expecting to find.
      Reported-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6f315c42
    • Matteo Croce's avatar
      mvpp2: refactor the HW checksum setup · d66503c4
      Matteo Croce authored
      The hardware can only offload checksum calculation on first port due to
      the Tx FIFO size limitation, and has a maximum L3 offset of 128 bytes.
      Document this in a comment and move duplicated code in a function.
      
      Fixes: 576193f2 ("net: mvpp2: jumbo frames support")
      Signed-off-by: default avatarMatteo Croce <mcroce@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d66503c4
    • Jiri Pirko's avatar
      net: fix ifindex collision during namespace removal · 55b40dbf
      Jiri Pirko authored
      Commit aca51397 ("netns: Fix arbitrary net_device-s corruptions
      on net_ns stop.") introduced a possibility to hit a BUG in case device
      is returning back to init_net and two following conditions are met:
      1) dev->ifindex value is used in a name of another "dev%d"
         device in init_net.
      2) dev->name is used by another device in init_net.
      
      Under real life circumstances this is hard to get. Therefore this has
      been present happily for over 10 years. To reproduce:
      
      $ ip a
      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
          link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
          inet 127.0.0.1/8 scope host lo
             valid_lft forever preferred_lft forever
          inet6 ::1/128 scope host
             valid_lft forever preferred_lft forever
      2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
          link/ether 86:89:3f:86:61:29 brd ff:ff:ff:ff:ff:ff
      3: enp0s2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
          link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
      $ ip netns add ns1
      $ ip -n ns1 link add dummy1ns1 type dummy
      $ ip -n ns1 link add dummy2ns1 type dummy
      $ ip link set enp0s2 netns ns1
      $ ip -n ns1 link set enp0s2 name dummy0
      [  100.858894] virtio_net virtio0 dummy0: renamed from enp0s2
      $ ip link add dev4 type dummy
      $ ip -n ns1 a
      1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
          link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
      2: dummy1ns1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
          link/ether 16:63:4c:38:3e:ff brd ff:ff:ff:ff:ff:ff
      3: dummy2ns1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
          link/ether aa:9e:86:dd:6b:5d brd ff:ff:ff:ff:ff:ff
      4: dummy0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
          link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
      $ ip a
      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
          link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
          inet 127.0.0.1/8 scope host lo
             valid_lft forever preferred_lft forever
          inet6 ::1/128 scope host
             valid_lft forever preferred_lft forever
      2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
          link/ether 86:89:3f:86:61:29 brd ff:ff:ff:ff:ff:ff
      4: dev4: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
          link/ether 5a:e1:4a:b6:ec:f8 brd ff:ff:ff:ff:ff:ff
      $ ip netns del ns1
      [  158.717795] default_device_exit: failed to move dummy0 to init_net: -17
      [  158.719316] ------------[ cut here ]------------
      [  158.720591] kernel BUG at net/core/dev.c:9824!
      [  158.722260] invalid opcode: 0000 [#1] SMP KASAN PTI
      [  158.723728] CPU: 0 PID: 56 Comm: kworker/u2:1 Not tainted 5.3.0-rc1+ #18
      [  158.725422] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
      [  158.727508] Workqueue: netns cleanup_net
      [  158.728915] RIP: 0010:default_device_exit.cold+0x1d/0x1f
      [  158.730683] Code: 84 e8 18 c9 3e fe 0f 0b e9 70 90 ff ff e8 36 e4 52 fe 89 d9 4c 89 e2 48 c7 c6 80 d6 25 84 48 c7 c7 20 c0 25 84 e8 f4 c8 3e
      [  158.736854] RSP: 0018:ffff8880347e7b90 EFLAGS: 00010282
      [  158.738752] RAX: 000000000000003b RBX: 00000000ffffffef RCX: 0000000000000000
      [  158.741369] RDX: 0000000000000000 RSI: ffffffff8128013d RDI: ffffed10068fcf64
      [  158.743418] RBP: ffff888033550170 R08: 000000000000003b R09: fffffbfff0b94b9c
      [  158.745626] R10: fffffbfff0b94b9b R11: ffffffff85ca5cdf R12: ffff888032f28000
      [  158.748405] R13: dffffc0000000000 R14: ffff8880335501b8 R15: 1ffff110068fcf72
      [  158.750638] FS:  0000000000000000(0000) GS:ffff888036000000(0000) knlGS:0000000000000000
      [  158.752944] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  158.755245] CR2: 00007fe8b45d21d0 CR3: 00000000340b4005 CR4: 0000000000360ef0
      [  158.757654] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [  158.760012] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [  158.762758] Call Trace:
      [  158.763882]  ? dev_change_net_namespace+0xbb0/0xbb0
      [  158.766148]  ? devlink_nl_cmd_set_doit+0x520/0x520
      [  158.768034]  ? dev_change_net_namespace+0xbb0/0xbb0
      [  158.769870]  ops_exit_list.isra.0+0xa8/0x150
      [  158.771544]  cleanup_net+0x446/0x8f0
      [  158.772945]  ? unregister_pernet_operations+0x4a0/0x4a0
      [  158.775294]  process_one_work+0xa1a/0x1740
      [  158.776896]  ? pwq_dec_nr_in_flight+0x310/0x310
      [  158.779143]  ? do_raw_spin_lock+0x11b/0x280
      [  158.780848]  worker_thread+0x9e/0x1060
      [  158.782500]  ? process_one_work+0x1740/0x1740
      [  158.784454]  kthread+0x31b/0x420
      [  158.786082]  ? __kthread_create_on_node+0x3f0/0x3f0
      [  158.788286]  ret_from_fork+0x3a/0x50
      [  158.789871] ---[ end trace defd6c657c71f936 ]---
      [  158.792273] RIP: 0010:default_device_exit.cold+0x1d/0x1f
      [  158.795478] Code: 84 e8 18 c9 3e fe 0f 0b e9 70 90 ff ff e8 36 e4 52 fe 89 d9 4c 89 e2 48 c7 c6 80 d6 25 84 48 c7 c7 20 c0 25 84 e8 f4 c8 3e
      [  158.804854] RSP: 0018:ffff8880347e7b90 EFLAGS: 00010282
      [  158.807865] RAX: 000000000000003b RBX: 00000000ffffffef RCX: 0000000000000000
      [  158.811794] RDX: 0000000000000000 RSI: ffffffff8128013d RDI: ffffed10068fcf64
      [  158.816652] RBP: ffff888033550170 R08: 000000000000003b R09: fffffbfff0b94b9c
      [  158.820930] R10: fffffbfff0b94b9b R11: ffffffff85ca5cdf R12: ffff888032f28000
      [  158.825113] R13: dffffc0000000000 R14: ffff8880335501b8 R15: 1ffff110068fcf72
      [  158.829899] FS:  0000000000000000(0000) GS:ffff888036000000(0000) knlGS:0000000000000000
      [  158.834923] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  158.838164] CR2: 00007fe8b45d21d0 CR3: 00000000340b4005 CR4: 0000000000360ef0
      [  158.841917] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [  158.845149] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      
      Fix this by checking if a device with the same name exists in init_net
      and fallback to original code - dev%d to allocate name - in case it does.
      
      This was found using syzkaller.
      
      Fixes: aca51397 ("netns: Fix arbitrary net_device-s corruptions on net_ns stop.")
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      55b40dbf
    • Matteo Croce's avatar
      mvpp2: refactor MTU change code · 230bd958
      Matteo Croce authored
      The MTU change code can call napi_disable() with the device already down,
      leading to a deadlock. Also, lot of code is duplicated unnecessarily.
      
      Rework mvpp2_change_mtu() to avoid the deadlock and remove duplicated code.
      
      Fixes: 3f518509 ("ethernet: Add new driver for Marvell Armada 375 network unit")
      Signed-off-by: default avatarMatteo Croce <mcroce@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      230bd958
    • Colin Ian King's avatar
      rocker: fix memory leaks of fib_work on two error return paths · 011f1754
      Colin Ian King authored
      Currently there are two error return paths that leak memory allocated
      to fib_work. Fix this by kfree'ing fib_work before returning.
      
      Addresses-Coverity: ("Resource leak")
      Fixes: 19a9d136 ("ipv4: Flag fib_info with a fib_nh using IPv6 gateway")
      Fixes: dbcc4fa7 ("rocker: Fail attempts to use routes with nexthop objects")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@gmail.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      011f1754
    • Martin Blumenstingl's avatar
      net: stmmac: manage errors returned by of_get_mac_address() · 195b2919
      Martin Blumenstingl authored
      Commit d01f449c ("of_net: add NVMEM support to of_get_mac_address")
      added support for reading the MAC address from an nvmem-cell. This
      required changing the logic to return an error pointer upon failure.
      
      If stmmac is loaded before the nvmem provider driver then
      of_get_mac_address() return an error pointer with -EPROBE_DEFER.
      
      Propagate this error so the stmmac driver will be probed again after the
      nvmem provider driver is loaded.
      Default to a random generated MAC address in case of any other error,
      instead of using the error pointer as MAC address.
      
      Fixes: d01f449c ("of_net: add NVMEM support to of_get_mac_address")
      Signed-off-by: default avatarMartin Blumenstingl <martin.blumenstingl@googlemail.com>
      Reviewed-by: default avatarNeil Armstrong <narmstrong@baylibre.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      195b2919
    • Gustavo A. R. Silva's avatar
      net/af_iucv: mark expected switch fall-throughs · 05bba1ed
      Gustavo A. R. Silva authored
      Mark switch cases where we are expecting to fall through.
      
      This patch fixes the following warnings:
      
      net/iucv/af_iucv.c: warning: this statement may fall
      through [-Wimplicit-fallthrough=]:  => 537:3, 519:6, 2246:6, 510:6
      
      Notice that, in this particular case, the code comment is
      modified in accordance with what GCC is expecting to find.
      Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      05bba1ed
    • Gustavo A. R. Silva's avatar
      arcnet: com20020-isa: Mark expected switch fall-throughs · e1ab2431
      Gustavo A. R. Silva authored
      Mark switch cases where we are expecting to fall through.
      
      This patch fixes the following warnings:
      
      drivers/net/arcnet/com20020-isa.c: warning: this statement may fall
      through [-Wimplicit-fallthrough=]:  => 205:13, 203:10, 209:7, 201:11,
      207:8
      Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e1ab2431
    • Nikolay Aleksandrov's avatar
      net: bridge: delete local fdb on device init failure · d7bae09f
      Nikolay Aleksandrov authored
      On initialization failure we have to delete the local fdb which was
      inserted due to the default pvid creation. This problem has been present
      since the inception of default_pvid. Note that currently there are 2 cases:
      1) in br_dev_init() when br_multicast_init() fails
      2) if register_netdevice() fails after calling ndo_init()
      
      This patch takes care of both since br_vlan_flush() is called on both
      occasions. Also the new fdb delete would be a no-op on normal bridge
      device destruction since the local fdb would've been already flushed by
      br_dev_delete(). This is not an issue for ports since nbp_vlan_init() is
      called last when adding a port thus nothing can fail after it.
      
      Reported-by: syzbot+88533dc8b582309bf3ee@syzkaller.appspotmail.com
      Fixes: 5be5a2df ("bridge: Add filtering support for default_pvid")
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d7bae09f
    • Jia-Ju Bai's avatar
      net: sched: Fix a possible null-pointer dereference in dequeue_func() · 051c7b39
      Jia-Ju Bai authored
      In dequeue_func(), there is an if statement on line 74 to check whether
      skb is NULL:
          if (skb)
      
      When skb is NULL, it is used on line 77:
          prefetch(&skb->end);
      
      Thus, a possible null-pointer dereference may occur.
      
      To fix this bug, skb->end is used when skb is not NULL.
      
      This bug is found by a static analysis tool STCheck written by us.
      
      Fixes: 76e3cc12 ("codel: Controlled Delay AQM")
      Signed-off-by: default avatarJia-Ju Bai <baijiaju1990@gmail.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      051c7b39
    • Jesper Dangaard Brouer's avatar
      MAINTAINERS: Remove mailing-list entry for XDP (eXpress Data Path) · a7f9cbf0
      Jesper Dangaard Brouer authored
      This removes the mailing list xdp-newbies@vger.kernel.org from the XDP
      kernel maintainers entry.
      
      Being in the kernel MAINTAINERS file successfully caused the list to
      receive kbuild bot warnings, syzbot reports and sometimes developer
      patches. The level of details in these messages, doesn't match the
      target audience of the XDP-newbies list. This is based on a survey on
      the mailing list, where 73% voted for removal from MAINTAINERS file.
      Signed-off-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
      Acked-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a7f9cbf0