1. 01 Feb, 2017 5 commits
    • Eric Dumazet's avatar
      tcp: fix 0 divide in __tcp_select_window() · 06425c30
      Eric Dumazet authored
      syszkaller fuzzer was able to trigger a divide by zero, when
      TCP window scaling is not enabled.
      
      SO_RCVBUF can be used not only to increase sk_rcvbuf, also
      to decrease it below current receive buffers utilization.
      
      If mss is negative or 0, just return a zero TCP window.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarDmitry Vyukov  <dvyukov@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      06425c30
    • Dan Carpenter's avatar
      ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim() · 63117f09
      Dan Carpenter authored
      Casting is a high precedence operation but "off" and "i" are in terms of
      bytes so we need to have some parenthesis here.
      
      Fixes: fbfa743a ("ipv6: fix ip6_tnl_parse_tlv_enc_lim()")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      63117f09
    • Dimitris Michailidis's avatar
      net: fix ndo_features_check/ndo_fix_features comment ordering · 1a2a1444
      Dimitris Michailidis authored
      Commit cdba756f ("net: move ndo_features_check() close to
      ndo_start_xmit()") inadvertently moved the doc comment for
      .ndo_fix_features instead of .ndo_features_check. Fix the comment
      ordering.
      
      Fixes: cdba756f ("net: move ndo_features_check() close to ndo_start_xmit()")
      Signed-off-by: default avatarDimitris Michailidis <dmichail@google.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1a2a1444
    • Yotam Gigi's avatar
      net/sched: matchall: Fix configuration race · fd62d9f5
      Yotam Gigi authored
      In the current version, the matchall internal state is split into two
      structs: cls_matchall_head and cls_matchall_filter. This makes little
      sense, as matchall instance supports only one filter, and there is no
      situation where one exists and the other does not. In addition, that led
      to some races when filter was deleted while packet was processed.
      
      Unify that two structs into one, thus simplifying the process of matchall
      creation and deletion. As a result, the new, delete and get callbacks have
      a dummy implementation where all the work is done in destroy and change
      callbacks, as was done in cls_cgroup.
      
      Fixes: bf3994d2 ("net/sched: introduce Match-all classifier")
      Reported-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarYotam Gigi <yotamg@mellanox.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fd62d9f5
    • Ivan Vecera's avatar
      be2net: fix initial MAC setting · 4993b39a
      Ivan Vecera authored
      Recent commit 34393529 ("be2net: fix MAC addr setting on privileged
      BE3 VFs") allows privileged BE3 VFs to set its MAC address during
      initialization. Although the initial MAC for such VFs is already
      programmed by parent PF the subsequent setting performed by VF is OK,
      but in certain cases (after fresh boot) this command in VF can fail.
      
      The MAC should be initialized only when:
      1) no MAC is programmed (always except BE3 VFs during first init)
      2) programmed MAC is different from requested (e.g. MAC is set when
         interface is down). In this case the initial MAC programmed by PF
         needs to be deleted.
      
      The adapter->dev_mac contains MAC address currently programmed in HW so
      it should be zeroed when the MAC is deleted from HW and should not be
      filled when MAC is set when interface is down in be_mac_addr_set() as
      no programming is performed in this case.
      
      Example of failure without the fix (immediately after fresh boot):
      
      # ip link set eth0 up  <- eth0 is BE3 PF
      be2net 0000:01:00.0 eth0: Link is Up
      
      # echo 1 > /sys/class/net/eth0/device/sriov_numvfs  <- Create 1 VF
      ...
      be2net 0000:01:04.0: Emulex OneConnect(be3): VF  port 0
      
      # ip link set eth8 up  <- eth8 is created privileged VF
      be2net 0000:01:04.0: opcode 59-1 failed:status 1-76
      RTNETLINK answers: Input/output error
      
      # echo 0 > /sys/class/net/eth0/device/sriov_numvfs  <- Delete VF
      iommu: Removing device 0000:01:04.0 from group 33
      ...
      
      # echo 1 > /sys/class/net/eth0/device/sriov_numvfs  <- Create it again
      iommu: Removing device 0000:01:04.0 from group 33
      ...
      
      # ip link set eth8 up
      be2net 0000:01:04.0 eth8: Link is Up
      
      Initialization is now OK.
      
      v2 - Corrected the comment and condition check suggested by Suresh & Harsha
      
      Fixes: 34393529 ("be2net: fix MAC addr setting on privileged BE3 VFs")
      Cc: Sathya Perla <sathya.perla@broadcom.com>
      Cc: Ajit Khaparde <ajit.khaparde@broadcom.com>
      Cc: Sriharsha Basavapatna <sriharsha.basavapatna@broadcom.com>
      Cc: Somnath Kotur <somnath.kotur@broadcom.com>
      Signed-off-by: default avatarIvan Vecera <cera@cera.cz>
      Acked-by: default avatarSriharsha Basavapatna <sriharsha.basavapatna@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4993b39a
  2. 31 Jan, 2017 2 commits
    • Dimitris Michailidis's avatar
      ipv6: fix flow labels when the traffic class is non-0 · 90427ef5
      Dimitris Michailidis authored
      ip6_make_flowlabel() determines the flow label for IPv6 packets. It's
      supposed to be passed a flow label, which it returns as is if non-0 and
      in some other cases, otherwise it calculates a new value.
      
      The problem is callers often pass a flowi6.flowlabel, which may also
      contain traffic class bits. If the traffic class is non-0
      ip6_make_flowlabel() mistakes the non-0 it gets as a flow label and
      returns the whole thing. Thus it can return a 'flow label' longer than
      20b and the low 20b of that is typically 0 resulting in packets with 0
      label. Moreover, different packets of a flow may be labeled differently.
      For a TCP flow with ECN non-payload and payload packets get different
      labels as exemplified by this pair of consecutive packets:
      
      (pure ACK)
      Internet Protocol Version 6, Src: 2002:af5:11a3::, Dst: 2002:af5:11a2::
          0110 .... = Version: 6
          .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
              .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
              .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
          .... .... .... 0001 1100 1110 0100 1001 = Flow Label: 0x1ce49
          Payload Length: 32
          Next Header: TCP (6)
      
      (payload)
      Internet Protocol Version 6, Src: 2002:af5:11a3::, Dst: 2002:af5:11a2::
          0110 .... = Version: 6
          .... 0000 0010 .... .... .... .... .... = Traffic Class: 0x02 (DSCP: CS0, ECN: ECT(0))
              .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
              .... .... ..10 .... .... .... .... .... = Explicit Congestion Notification: ECN-Capable Transport codepoint '10' (2)
          .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
          Payload Length: 688
          Next Header: TCP (6)
      
      This patch allows ip6_make_flowlabel() to be passed more than just a
      flow label and has it extract the part it really wants. This was simpler
      than modifying the callers. With this patch packets like the above become
      
      Internet Protocol Version 6, Src: 2002:af5:11a3::, Dst: 2002:af5:11a2::
          0110 .... = Version: 6
          .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
              .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
              .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
          .... .... .... 1010 1111 1010 0101 1110 = Flow Label: 0xafa5e
          Payload Length: 32
          Next Header: TCP (6)
      
      Internet Protocol Version 6, Src: 2002:af5:11a3::, Dst: 2002:af5:11a2::
          0110 .... = Version: 6
          .... 0000 0010 .... .... .... .... .... = Traffic Class: 0x02 (DSCP: CS0, ECN: ECT(0))
              .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
              .... .... ..10 .... .... .... .... .... = Explicit Congestion Notification: ECN-Capable Transport codepoint '10' (2)
          .... .... .... 1010 1111 1010 0101 1110 = Flow Label: 0xafa5e
          Payload Length: 688
          Next Header: TCP (6)
      Signed-off-by: default avatarDimitris Michailidis <dmichail@google.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      90427ef5
    • Vincent's avatar
      net: thunderx: avoid dereferencing xcv when NULL · c73e4426
      Vincent authored
      This fixes the following smatch and coccinelle warnings:
      
        drivers/net/ethernet/cavium/thunder/thunder_xcv.c:119 xcv_setup_link() error: we previously assumed 'xcv' could be null (see line 118) [smatch]
        drivers/net/ethernet/cavium/thunder/thunder_xcv.c:119:16-20: ERROR: xcv is NULL but dereferenced. [coccinelle]
      
      Fixes: 6465859a ("net: thunderx: Add RGMII interface type support")
      Signed-off-by: default avatarVincent Stehlé <vincent.stehle@laposte.net>
      Cc: Sunil Goutham <sgoutham@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c73e4426
  3. 30 Jan, 2017 10 commits
  4. 29 Jan, 2017 12 commits
  5. 28 Jan, 2017 1 commit
  6. 27 Jan, 2017 10 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 1b1bc42c
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) GTP fixes from Andreas Schultz (missing genl module alias, clear IP
          DF on transmit).
      
       2) Netfilter needs to reflect the fwmark when sending resets, from Pau
          Espin Pedrol.
      
       3) nftable dump OOPS fix from Liping Zhang.
      
       4) Fix erroneous setting of VIRTIO_NET_HDR_F_DATA_VALID on transmit,
          from Rolf Neugebauer.
      
       5) Fix build error of ipt_CLUSTERIP when procfs is disabled, from Arnd
          Bergmann.
      
       6) Fix regression in handling of NETIF_F_SG in harmonize_features(),
          from Eric Dumazet.
      
       7) Fix RTNL deadlock wrt. lwtunnel module loading, from David Ahern.
      
       8) tcp_fastopen_create_child() needs to setup tp->max_window, from
          Alexey Kodanev.
      
       9) Missing kmemdup() failure check in ipv6 segment routing code, from
          Eric Dumazet.
      
      10) Don't execute unix_bind() under the bindlock, otherwise we deadlock
          with splice. From WANG Cong.
      
      11) ip6_tnl_parse_tlv_enc_lim() potentially reallocates the skb buffer,
          therefore callers must reload cached header pointers into that skb.
          Fix from Eric Dumazet.
      
      12) Fix various bugs in legacy IRQ fallback handling in alx driver, from
          Tobias Regnery.
      
      13) Do not allow lwtunnel drivers to be unloaded while they are
          referenced by active instances, from Robert Shearman.
      
      14) Fix truncated PHY LED trigger names, from Geert Uytterhoeven.
      
      15) Fix a few regressions from virtio_net XDP support, from John
          Fastabend and Jakub Kicinski.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (102 commits)
        ISDN: eicon: silence misleading array-bounds warning
        net: phy: micrel: add support for KSZ8795
        gtp: fix cross netns recv on gtp socket
        gtp: clear DF bit on GTP packet tx
        gtp: add genl family modules alias
        tcp: don't annotate mark on control socket from tcp_v6_send_response()
        ravb: unmap descriptors when freeing rings
        virtio_net: reject XDP programs using header adjustment
        virtio_net: use dev_kfree_skb for small buffer XDP receive
        r8152: check rx after napi is enabled
        r8152: re-schedule napi for tx
        r8152: avoid start_xmit to schedule napi when napi is disabled
        r8152: avoid start_xmit to call napi_schedule during autosuspend
        net: dsa: Bring back device detaching in dsa_slave_suspend()
        net: phy: leds: Fix truncated LED trigger names
        net: phy: leds: Break dependency of phy.h on phy_led_triggers.h
        net: phy: leds: Clear phy_num_led_triggers on failure to avoid crash
        net-next: ethernet: mediatek: change the compatible string
        Documentation: devicetree: change the mediatek ethernet compatible string
        bnxt_en: Fix RTNL lock usage on bnxt_get_port_module_status().
        ...
      1b1bc42c
    • Linus Torvalds's avatar
      Merge tag 'xfs-for-linus-4.10-rc6-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 3365135d
      Linus Torvalds authored
      Pull xfs uodates from Darrick Wong:
       "I have some more fixes this week: better input validation, corruption
        avoidance, build fixes, memory leak fixes, and a couple from Christoph
        to avoid an ENOSPC failure.
      
        Summary:
         - Fix race conditions in the CoW code
         - Fix some incorrect input validation checks
         - Avoid crashing fs by running out of space when freeing inodes
         - Fix toctou race wrt whether or not an inode has an attr
         - Fix build error on arm
         - Fix page refcount corruption when readahead fails
         - Don't corrupt userspace in the bmap ioctl"
      
      * tag 'xfs-for-linus-4.10-rc6-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: prevent quotacheck from overloading inode lru
        xfs: fix bmv_count confusion w/ shared extents
        xfs: clear _XBF_PAGES from buffers when readahead page
        xfs: extsize hints are not unlikely in xfs_bmap_btalloc
        xfs: remove racy hasattr check from attr ops
        xfs: use per-AG reservations for the finobt
        xfs: only update mount/resv fields on success in __xfs_ag_resv_init
        xfs: verify dirblocklog correctly
        xfs: fix COW writeback race
      3365135d
    • Linus Torvalds's avatar
      Merge branch 'for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 59063744
      Linus Torvalds authored
      Pull btrfs updates from Chris Mason:
       "Some fixes that we've collected from the list.
      
        We still have one more pending to nail down a regression in lzo
        compression, but I wanted to get this batch out the door"
      
      * 'for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        Btrfs: remove ->{get, set}_acl() from btrfs_dir_ro_inode_operations
        Btrfs: disable xattr operations on subvolume directories
        Btrfs: remove old tree_root case in btrfs_read_locked_inode()
        Btrfs: fix truncate down when no_holes feature is enabled
        Btrfs: Fix deadlock between direct IO and fast fsync
        btrfs: fix false enospc error when truncating heavily reflinked file
      59063744
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 2fb78e89
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A set of fixes for this series. This contains:
      
         - Set of fixes for the nvme target code
      
         - A revert of patch from this merge window, causing a regression with
           WRITE_SAME on iSCSI targets at least.
      
         - A fix for a use-after-free in the new O_DIRECT bdev code.
      
         - Two fixes for the xen-blkfront driver"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        Revert "sd: remove __data_len hack for WRITE SAME"
        nvme-fc: use blk_rq_nr_phys_segments
        nvmet-rdma: Fix missing dma sync to nvme data structures
        nvmet: Call fatal_error from keep-alive timout expiration
        nvmet: cancel fatal error and flush async work before free controller
        nvmet: delete controllers deletion upon subsystem release
        nvmet_fc: correct logic in disconnect queue LS handling
        block: fix use after free in __blkdev_direct_IO
        xen-blkfront: correct maximum segment accounting
        xen-blkfront: feature flags handling adjustments
      2fb78e89
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma · dd3b9f25
      Linus Torvalds authored
      Pull rdma fixes from Doug Ledford:
       "Second round of -rc fixes for 4.10.
      
        This -rc cycle has been slow for the rdma subsystem. I had already
        sent you the first batch before the Holiday break. After that, we kept
        only getting a few here or there. Up until this week, when I got a
        drop of 13 to one driver (qedr). So, here's the -rc patches I have. I
        currently have none held in reserve, so unless something new comes in,
        this is it until the next merge window opens.
      
        Summary:
      
         - series of iw_cxgb4 fixes to make it work with the drain cq API
      
         - one or two patches each to: srp, iser, cxgb3, vmw_pvrdma, umem,
           rxe, and ipoib
      
         - one big series (13 patches) for the new qedr driver"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (27 commits)
        RDMA/cma: Fix unknown symbol when CONFIG_IPV6 is not enabled
        IB/rxe: Prevent from completer to operate on non valid QP
        IB/rxe: Fix rxe dev insertion to rxe_dev_list
        IB/umem: Release pid in error and ODP flow
        RDMA/qedr: Dispatch port active event from qedr_add
        RDMA/qedr: Fix and simplify memory leak in PD alloc
        RDMA/qedr: Fix RDMA CM loopback
        RDMA/qedr: Fix formatting
        RDMA/qedr: Mark three functions as static
        RDMA/qedr: Don't reset QP when queues aren't flushed
        RDMA/qedr: Don't spam dmesg if QP is in error state
        RDMA/qedr: Remove CQ spinlock from CM completion handlers
        RDMA/qedr: Return max inline data in QP query result
        RDMA/qedr: Return success when not changing QP state
        RDMA/qedr: Add uapi header qedr-abi.h
        RDMA/qedr: Fix MTU returned from QP query
        RDMA/core: Add the function ib_mtu_int_to_enum
        IB/vmw_pvrdma: Fix incorrect cleanup on pvrdma_pci_probe error path
        IB/vmw_pvrdma: Don't leak info from alloc_ucontext
        IB/cxgb3: fix misspelling in header guard
        ...
      dd3b9f25
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 69978aa0
      Linus Torvalds authored
      Pull s390 fixes from Martin Schwidefsky:
       "Another two bug fixes:
      
         - ptrace partial write information leak
      
         - a guest page hinting regression introduced with v4.6"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/mm: Fix cmma unused transfer from pgste into pte
        s390/ptrace: Preserve previous registers for short regset write
      69978aa0
    • Linus Torvalds's avatar
      Merge branch 'stable/for-linus-4.10' of... · 2b432150
      Linus Torvalds authored
      Merge branch 'stable/for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb
      
      Pull swiotlb fix from Konrad Rzeszutek Wilk:
       "An ARM fix in the Xen SWIOTLB - mainly the translation of physical to
        bus addresses was done just a tad too late"
      
      * 'stable/for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb:
        swiotlb-xen: update dev_addr after swapping pages
      2b432150
    • Linus Torvalds's avatar
      Merge tag 'vfio-v4.10-rc6' of git://github.com/awilliam/linux-vfio · 3aebae06
      Linus Torvalds authored
      Pull VFIO fix from Alex Williamson:
       "mdev IOMMU groups are not yet compatible with the powerpc SPAPR IOMMU
        backend, detect and fail group attach (Greg Kurz)"
      
      * tag 'vfio-v4.10-rc6' of git://github.com/awilliam/linux-vfio:
        vfio/spapr: fail tce_iommu_attach_group() when iommu_data is null
      3aebae06
    • Jack Morgenstein's avatar
      RDMA/cma: Fix unknown symbol when CONFIG_IPV6 is not enabled · b4cfe397
      Jack Morgenstein authored
      If IPV6 has not been enabled in the underlying kernel, we must avoid
      calling IPV6 procedures in rdma_cm.ko.
      
      This requires using "IS_ENABLED(CONFIG_IPV6)" in "if" statements
      surrounding any code which calls external IPV6 procedures.
      
      In the instance fixed here, procedure cma_bind_addr() called
      ipv6_addr_type() -- which resulted in calling external procedure
      __ipv6_addr_type().
      
      Fixes: 6c26a771 ("RDMA/cma: fix IPv6 address resolution")
      Cc: <stable@vger.kernel.org> # v4.2+
      Cc: Spencer Baugh <sbaugh@catern.com>
      Signed-off-by: default avatarJack Morgenstein <jackm@dev.mellanox.co.il>
      Reviewed-by: default avatarMoni Shoua <monis@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      b4cfe397
    • Jens Axboe's avatar
      Merge branch 'stable/for-jens-4.10' of... · c14024db
      Jens Axboe authored
      Merge branch 'stable/for-jens-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen into for-linus
      
      Konrad writes:
      
      Please pull in your 'for-linus' branch two little fixes for Xen
      block front:
      
      One fix is for handling the XEN_PAGE_SIZE != PAGE_SIZE (4KB vs 64KB
      on ARM for example) mishandling while the other is fixing
      the accounting for the configuration changes.
      c14024db