1. 30 Oct, 2016 7 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 27058af4
      David S. Miller authored
      Mostly simple overlapping changes.
      
      For example, David Ahern's adjacency list revamp in 'net-next'
      conflicted with an adjacency list traversal bug fix in 'net'.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      27058af4
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 2a26d99b
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "Lots of fixes, mostly drivers as is usually the case.
      
         1) Don't treat zero DMA address as invalid in vmxnet3, from Alexey
            Khoroshilov.
      
         2) Fix element timeouts in netfilter's nft_dynset, from Anders K.
            Pedersen.
      
         3) Don't put aead_req crypto struct on the stack in mac80211, from
            Ard Biesheuvel.
      
         4) Several uninitialized variable warning fixes from Arnd Bergmann.
      
         5) Fix memory leak in cxgb4, from Colin Ian King.
      
         6) Fix bpf handling of VLAN header push/pop, from Daniel Borkmann.
      
         7) Several VRF semantic fixes from David Ahern.
      
         8) Set skb->protocol properly in ip6_tnl_xmit(), from Eli Cooper.
      
         9) Socket needs to be locked in udp_disconnect(), from Eric Dumazet.
      
        10) Div-by-zero on 32-bit fix in mlx4 driver, from Eugenia Emantayev.
      
        11) Fix stale link state during failover in NCSCI driver, from Gavin
            Shan.
      
        12) Fix netdev lower adjacency list traversal, from Ido Schimmel.
      
        13) Propvide proper handle when emitting notifications of filter
            deletes, from Jamal Hadi Salim.
      
        14) Memory leaks and big-endian issues in rtl8xxxu, from Jes Sorensen.
      
        15) Fix DESYNC_FACTOR handling in ipv6, from Jiri Bohac.
      
        16) Several routing offload fixes in mlxsw driver, from Jiri Pirko.
      
        17) Fix broadcast sync problem in TIPC, from Jon Paul Maloy.
      
        18) Validate chunk len before using it in SCTP, from Marcelo Ricardo
            Leitner.
      
        19) Revert a netns locking change that causes regressions, from Paul
            Moore.
      
        20) Add recursion limit to GRO handling, from Sabrina Dubroca.
      
        21) GFP_KERNEL in irq context fix in ibmvnic, from Thomas Falcon.
      
        22) Avoid accessing stale vxlan/geneve socket in data path, from
            Pravin Shelar"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (189 commits)
        geneve: avoid using stale geneve socket.
        vxlan: avoid using stale vxlan socket.
        qede: Fix out-of-bound fastpath memory access
        net: phy: dp83848: add dp83822 PHY support
        enic: fix rq disable
        tipc: fix broadcast link synchronization problem
        ibmvnic: Fix missing brackets in init_sub_crq_irqs
        ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context
        Revert "ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context"
        arch/powerpc: Update parameters for csum_tcpudp_magic & csum_tcpudp_nofold
        net/mlx4_en: Save slave ethtool stats command
        net/mlx4_en: Fix potential deadlock in port statistics flow
        net/mlx4: Fix firmware command timeout during interrupt test
        net/mlx4_core: Do not access comm channel if it has not yet been initialized
        net/mlx4_en: Fix panic during reboot
        net/mlx4_en: Process all completions in RX rings after port goes up
        net/mlx4_en: Resolve dividing by zero in 32-bit system
        net/mlx4_core: Change the default value of enable_qos
        net/mlx4_core: Avoid setting ports to auto when only one port type is supported
        net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec
        ...
      2a26d99b
    • Stefan Richter's avatar
      firewire: net: really fix maximum possible MTU · 357f4aae
      Stefan Richter authored
      The maximum unicast datagram size /without/ link fragmentation is
      4096 - 4 = 4092 (max IEEE 1394 async payload size at >= S800 bus speed,
      minus unfragmented encapssulation header).  Max broadcast datagram size
      without fragmentation is 8 bytes less than that (due to GASP header).
      
      The maximum datagram size /with/ link fragmentation is 0xfff = 4095
      for unicast and broadcast.  This is because the RFC 2734 fragment
      encapsulation header field for datagram size is only 12 bits wide.
      
      Fixes: 5d48f00d('firewire: net: fix maximum possible MTU')
      Signed-off-by: default avatarStefan Richter <stefanr@s5r6.in-berlin.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      357f4aae
    • pravin shelar's avatar
      genetlink: Fix generic netlink family unregister · 0e82c763
      pravin shelar authored
      This patch fixes a typo in unregister operation.
      
      Following crash is fixed by this patch. It can be easily reproduced
      by repeating modprobe and rmmod module that uses genetlink.
      
      [  261.446686] BUG: unable to handle kernel paging request at ffffffffa0264088
      [  261.448921] IP: [<ffffffff813cb70e>] strcmp+0xe/0x30
      [  261.450494] PGD 1c09067
      [  261.451266] PUD 1c0a063
      [  261.452091] PMD 8068d5067
      [  261.452525] PTE 0
      [  261.453164]
      [  261.453618] Oops: 0000 [#1] SMP
      [  261.454577] Modules linked in: openvswitch(+) ...
      [  261.480753] RIP: 0010:[<ffffffff813cb70e>]  [<ffffffff813cb70e>] strcmp+0xe/0x30
      [  261.483069] RSP: 0018:ffffc90003c0bc28  EFLAGS: 00010282
      [  261.510145] Call Trace:
      [  261.510896]  [<ffffffff816f10ca>] genl_family_find_byname+0x5a/0x70
      [  261.512819]  [<ffffffff816f2319>] genl_register_family+0xb9/0x630
      [  261.514805]  [<ffffffffa02840bc>] dp_init+0xbc/0x120 [openvswitch]
      [  261.518268]  [<ffffffff8100217d>] do_one_initcall+0x3d/0x160
      [  261.525041]  [<ffffffff811808a9>] do_init_module+0x60/0x1f1
      [  261.526754]  [<ffffffff8110687f>] load_module+0x22af/0x2860
      [  261.530144]  [<ffffffff81107026>] SYSC_finit_module+0x96/0xd0
      [  261.531901]  [<ffffffff8110707e>] SyS_finit_module+0xe/0x10
      [  261.533605]  [<ffffffff8100391e>] do_syscall_64+0x6e/0x180
      [  261.535284]  [<ffffffff817c2faf>] entry_SYSCALL64_slow_path+0x25/0x25
      [  261.546512] RIP  [<ffffffff813cb70e>] strcmp+0xe/0x30
      [  261.550198] ---[ end trace 76505a814dd68770 ]---
      
      Fixes: 2ae0f17d ("genetlink: use idr to track families").
      Reported-by: default avatarJarno Rajahalme <jarno@ovn.org>
      CC: Johannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarPravin B Shelar <pshelar@ovn.org>
      Reviewed-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0e82c763
    • pravin shelar's avatar
      geneve: avoid using stale geneve socket. · fceb9c3e
      pravin shelar authored
      This patch is similar to earlier vxlan patch.
      Geneve device close operation frees geneve socket. This
      operation can race with geneve-xmit function which
      dereferences geneve socket. Following patch uses RCU
      mechanism to avoid this situation.
      Signed-off-by: default avatarPravin B Shelar <pshelar@ovn.org>
      Acked-by: default avatarJohn W. Linville <linville@tuxdriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fceb9c3e
    • pravin shelar's avatar
      vxlan: avoid using stale vxlan socket. · c6fcc4fc
      pravin shelar authored
      When vxlan device is closed vxlan socket is freed. This
      operation can race with vxlan-xmit function which
      dereferences vxlan socket. Following patch uses RCU
      mechanism to avoid this situation.
      Signed-off-by: default avatarPravin B Shelar <pshelar@ovn.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c6fcc4fc
    • Mintz, Yuval's avatar
      qede: Fix out-of-bound fastpath memory access · 087892d2
      Mintz, Yuval authored
      Driver allocates a shadow array for transmitted SKBs with X entries;
      That means valid indices are {0,...,X - 1}. [X == 8191]
      Problem is the driver also uses X as a mask for a
      producer/consumer in order to choose the right entry in the
      array which allows access to entry X which is out of bounds.
      
      To fix this, simply allocate X + 1 entries in the shadow array.
      Signed-off-by: default avatarYuval Mintz <Yuval.Mintz@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      087892d2
  2. 29 Oct, 2016 33 commits