1. 05 Mar, 2018 9 commits
  2. 04 Mar, 2018 9 commits
  3. 03 Mar, 2018 1 commit
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 4a0c7191
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter/IPVS fixes for net
      
      The following patchset contains Netfilter fixes for your net tree,
      they are:
      
      1) Put back reference on CLUSTERIP configuration structure from the
         error path, patch from Florian Westphal.
      
      2) Put reference on CLUSTERIP configuration instead of freeing it,
         another cpu may still be walking over it, also from Florian.
      
      3) Refetch pointer to IPv6 header from nf_nat_ipv6_manip_pkt() given
         packet manipulation may reallocation the skbuff header, from Florian.
      
      4) Missing match size sanity checks in ebt_among, from Florian.
      
      5) Convert BUG_ON to WARN_ON in ebtables, from Florian.
      
      6) Sanity check userspace offsets from ebtables kernel, from Florian.
      
      7) Missing checksum replace call in flowtable IPv4 DNAT, from Felix
         Fietkau.
      
      8) Bump the right stats on checksum error from bridge netfilter,
         from Taehee Yoo.
      
      9) Unset interface flag in IPv6 fib lookups otherwise we get
         misleading routing lookup results, from Florian.
      
      10) Missing sk_to_full_sk() in ip6_route_me_harder() from Eric Dumazet.
      
      11) Don't allow devices to be part of multiple flowtables at the same
          time, this may break setups.
      
      12) Missing netlink attribute validation in flowtable deletion.
      
      13) Wrong array index in nf_unregister_net_hook() call from error path
          in flowtable addition path.
      
      14) Fix FTP IPVS helper when NAT mangling is in place, patch from
          Julian Anastasov.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4a0c7191
  4. 02 Mar, 2018 6 commits
    • David S. Miller's avatar
      Merge tag 'mac80211-for-davem-2018-03-02' of... · d69242bf
      David S. Miller authored
      Merge tag 'mac80211-for-davem-2018-03-02' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      
      Johannes Berg says:
      
      ====================
      Three more patches:
       * fix for a regression in 4-addr mode with fast-RX
       * fix for a Kconfig problem with the new regdb
       * fix for the long-standing TCP performance issue in
         wifi using the new sk_pacing_shift_update()
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d69242bf
    • Ka-Cheong Poon's avatar
      rds: Incorrect reference counting in TCP socket creation · 84eef2b2
      Ka-Cheong Poon authored
      Commit 0933a578 ("rds: tcp: use sock_create_lite() to create the
      accept socket") has a reference counting issue in TCP socket creation
      when accepting a new connection.  The code uses sock_create_lite() to
      create a kernel socket.  But it does not do __module_get() on the
      socket owner.  When the connection is shutdown and sock_release() is
      called to free the socket, the owner's reference count is decremented
      and becomes incorrect.  Note that this bug only shows up when the socket
      owner is configured as a kernel module.
      
      v2: Update comments
      
      Fixes: 0933a578 ("rds: tcp: use sock_create_lite() to create the accept socket")
      Signed-off-by: default avatarKa-Cheong Poon <ka-cheong.poon@oracle.com>
      Acked-by: default avatarSantosh Shilimkar <santosh.shilimkar@oracle.com>
      Acked-by: default avatarSowmini Varadhan <sowmini.varadhan@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      84eef2b2
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · a5f7b0ee
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2018-02-28
      
      The following pull-request contains BPF updates for your *net* tree.
      
      The main changes are:
      
      1) Add schedule points and reduce the number of loop iterations
         the test_bpf kernel module is performing in order to not hog
         the CPU for too long, from Eric.
      
      2) Fix an out of bounds access in tail calls in the ppc64 BPF
         JIT compiler, from Daniel.
      
      3) Fix a crash on arm64 on unaligned BPF xadd operations that
         could be triggered via interpreter and JIT, from Daniel.
      
      Please not that once you merge net into net-next at some point, there
      is a minor merge conflict in test_verifier.c since test cases had
      been added at the end in both trees. Resolution is trivial: keep all
      the test cases from both trees.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a5f7b0ee
    • Edward Cree's avatar
      net: ethtool: don't ignore return from driver get_fecparam method · a6d50512
      Edward Cree authored
      If ethtool_ops->get_fecparam returns an error, pass that error on to the
       user, rather than ignoring it.
      
      Fixes: 1a5f3da2 ("net: ethtool: add support for forward error correction modes")
      Signed-off-by: default avatarEdward Cree <ecree@solarflare.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a6d50512
    • Stephen Suryaputra's avatar
      vrf: check forwarding on the original netdevice when generating ICMP dest unreachable · e2c0dc1f
      Stephen Suryaputra authored
      When ip_error() is called the device is the l3mdev master instead of the
      original device. So the forwarding check should be on the original one.
      
      Changes from v2:
      - Handle the original device disappearing (per David Ahern)
      - Minimize the change in code order
      
      Changes from v1:
      - Only need to reset the device on which __in_dev_get_rcu() is done (per
        David Ahern).
      Signed-off-by: default avatarStephen Suryaputra <ssuryaextr@gmail.com>
      Acked-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e2c0dc1f
    • Mike Manning's avatar
      net: allow interface to be set into VRF if VLAN interface in same VRF · 50d629e7
      Mike Manning authored
      Setting an interface into a VRF fails with 'RTNETLINK answers: File
      exists' if one of its VLAN interfaces is already in the same VRF.
      As the VRF is an upper device of the VLAN interface, it is also showing
      up as an upper device of the interface itself. The solution is to
      restrict this check to devices other than master. As only one master
      device can be linked to a device, the check in this case is that the
      upper device (VRF) being linked to is not the same as the master device
      instead of it not being any one of the upper devices.
      
      The following example shows an interface ens12 (with a VLAN interface
      ens12.10) being set into VRF green, which behaves as expected:
      
        # ip link add link ens12 ens12.10 type vlan id 10
        # ip link set dev ens12 master vrfgreen
        # ip link show dev ens12
          3: ens12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel
             master vrfgreen state UP mode DEFAULT group default qlen 1000
             link/ether 52:54:00:4c:a0:45 brd ff:ff:ff:ff:ff:ff
      
      But if the VLAN interface has previously been set into the same VRF,
      then setting the interface into the VRF fails:
      
        # ip link set dev ens12 nomaster
        # ip link set dev ens12.10 master vrfgreen
        # ip link show dev ens12.10
          39: ens12.10@ens12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
          qdisc noqueue master vrfgreen state UP mode DEFAULT group default
          qlen 1000 link/ether 52:54:00:4c:a0:45 brd ff:ff:ff:ff:ff:ff
        # ip link set dev ens12 master vrfgreen
          RTNETLINK answers: File exists
      
      The workaround is to move the VLAN interface back into the default VRF
      beforehand, but it has to be shut first so as to avoid the risk of
      traffic leaking from the VRF. This fix avoids needing this workaround.
      Signed-off-by: default avatarMike Manning <mmanning@att.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      50d629e7
  5. 01 Mar, 2018 1 commit
  6. 28 Feb, 2018 14 commits