- 02 Sep, 2017 23 commits
-
-
David S. Miller authored
Haiyang Zhang says: ==================== hv_netvsc: cleanups and fixes of channel settings This patch set cleans up some unused variables, unnecessary checks. Also fixed some limit checking of channel number. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Haiyang Zhang authored
The limit of setting receive indirection table value should be the current number of channels, not the VRSS_CHANNEL_MAX. Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Haiyang Zhang authored
Because of the following code, net->num_tx_queues equals to VRSS_CHANNEL_MAX, and max_chn is less than or equals to VRSS_CHANNEL_MAX. netvsc_drv.c: alloc_etherdev_mq(sizeof(struct net_device_context), VRSS_CHANNEL_MAX); rndis_filter.c: net_device->max_chn = min_t(u32, VRSS_CHANNEL_MAX, num_possible_rss_qs); So this patch removes the unnecessary limit check before comparing with "max_chn". Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Haiyang Zhang authored
The minus one and assignment to a local variable is not necessary. This patch simplifies it. Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Haiyang Zhang authored
This patch removes the parameter, num_queue in rndis_filter_set_rss_param(), which is no longer in use. Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
When a listener registers to the FIB notification chain it receives a dump of the FIB entries and rules from existing address families by invoking their dump operations. While we call into these modules we need to make sure they aren't removed. Do that by increasing their reference count before invoking their dump operations and decrease it afterwards. Fixes: 04b1d4e5 ("net: core: Make the FIB notification chain generic") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Stephen Hemminger says: ==================== netvsc: transparent VF related cleanups The first gets rid of unnecessary ref counting, and second allows removing hv_netvsc driver even if VF present. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
If VF is attached then can still allow netvsc driver module to be removed. Just have to make sure and do the cleanup. Also, avoid extra rtnl round trip when calling unregister. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
Use one routine for datapath up/down. Don't need to reopen the rndis layer. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
John Fastabend authored
Instead of tracking wmem_queued and sk_mem_charge by incrementing in the verdict SK_REDIRECT paths and decrementing in the tx work path use skb_set_owner_w and sock_writeable helpers. This solves a few issues with the current code. First, in SK_REDIRECT inc on sk_wmem_queued and sk_mem_charge were being done without the peers sock lock being held. Under stress this can result in accounting errors when tx work and/or multiple verdict decisions are working on the peer psock. Additionally, this cleans up the code because we can rely on the default destructor to decrement memory accounting on kfree_skb. Also this will trigger sk_write_space when space becomes available on kfree_skb() which wasn't happening before and prevent __sk_free from being called until all in-flight packets are completed. Fixes: 174a79ff ("bpf: sockmap with sk redirect support") Signed-off-by: John Fastabend <john.fastabend@gmail.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Eric Dumazet says: ==================== net: ubuf_info.refcnt conversion Yet another atomic_t -> refcount_t conversion, split in two patches. First patch prepares the automatic conversion done in the second patch. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. v2: added the change in drivers/vhost/net.c as spotted by Willem. Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Willem de Bruijn <willemb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
In order to convert this atomic_t refcnt to refcount_t, we need to init the refcount to one to not trigger a 0 -> 1 transition. This also removes one atomic operation in fast path. v2: removed dead code in sock_zerocopy_put_abort() as suggested by Willem. Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Willem de Bruijn <willemb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Fainelli authored
Similarly to how we configure the RSB (Receive Status Block) we also need to set the TSB (Transmit Status Block) based on the host endian. This was missing from the commit indicated below. Fixes: 389a06bc ("net: systemport: Set correct RSB endian bits based on host") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Ivan Delalande says: ==================== inet_diag: report TCP MD5 signing keys and addresses Allow userspace to retrieve MD5 signature keys and addresses configured on TCP sockets through inet_diag. Thanks to Eric Dumazet and Stephen Hemminger for their useful explanations and feedback. v5: - memset the whole netlink payload after it has been nla_reserve-d in tcp_diag_put_md5sig (a third memset had to be added for tcpm_key so we might as well have just one for entire region). - move the nla_total_size call from inet_sk_attr_size to the idiag_get_aux_size defined by protocols as they could add multiple netlink attributes, - add check for net_admin in tcp_diag_get_aux_size. v4: - add new struct tcp_diag_md5sig to report the data instead of tcp_md5sig to avoid wasting 112 bytes on every tcpm_addr, - memset tcpm_addr on IPv4 addresses to avoid leaks, - style fix in inet_diag_dump_one_icsk. v3: - rename inet_diag_*md5sig in tcp_diag.c to tcp_diag_* for consistency, - don't lock the socket in tcp_diag_put_md5sig, - add checks on md5sig_count in tcp_diag_put_md5sig to not create the netlink attribute if the list is empty, and to avoid overflows or memory leaks if the list has changed in the meantime. v2: - move changes to tcp_diag.c and extend inet_diag_handler to allow protocols to provide additional data on INET_DIAG_INFO, - lock socket before calling tcp_diag_put_md5sig. I also have a patch for iproute2/ss to test this change, making it print this new attribute. I'm planning to polish and send it if this series gets applied. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ivan Delalande authored
Report TCP MD5 (RFC2385) signing keys, addresses and address prefixes to processes with CAP_NET_ADMIN requesting INET_DIAG_INFO. Currently it is not possible to retrieve these from the kernel once they have been configured on sockets. Signed-off-by: Ivan Delalande <colona@arista.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ivan Delalande authored
Extend inet_diag_handler to allow individual protocols to report additional data on INET_DIAG_INFO through idiag_get_aux. The size can be dynamic and is computed by idiag_get_aux_size. Signed-off-by: Ivan Delalande <colona@arista.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Thomas Meyer authored
Grepping for "sizeof\(.+\) / sizeof\(" found this as one of the first candidates. Maybe a coccinelle can catch all of those. Signed-off-by: Thomas Meyer <thomas@m3y3r.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Colin Ian King authored
priv is being assigned but is never used, so remove it. Cleans up clang build warning: "warning: Value stored to 'priv' is never read" Fixes: ceed73a2 ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation") Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Colin Ian King authored
Don't populate the array bcm7xxx_suspend_cfg A on the stack, instead make it static. Makes the object code smaller by over 300 bytes: Before: text data bss dec hex filename 6351 8146 0 14497 38a1 drivers/net/phy/bcm7xxx.o After: text data bss dec hex filename 5986 8210 0 14196 3774 drivers/net/phy/bcm7xxx.o Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Colin Ian King authored
Don't populate the arrays port_ids on the stack, instead make them static. Makes the object code smaller by over 700 bytes: Before: text data bss dec hex filename 28785 5832 192 34809 87f9 fman.o After: text data bss dec hex filename 27921 5992 192 34105 8539 fman.o Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller authored
Three cases of simple overlapping changes. Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
Excess of seafood or something happened while I cooked the commit adding RB tree to inetpeer. Of course, RCU rules need to be respected or bad things can happen. In this particular loop, we need to read *pp once per iteration, not twice. Fixes: b145425f ("inetpeer: remove AVL implementation in favor of RB tree") Reported-by: John Sperbeck <jsperbeck@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 01 Sep, 2017 17 commits
-
-
Oleg Nesterov authored
The race was introduced by me in commit 971316f0 ("epoll: ep_unregister_pollwait() can use the freed pwq->whead"). I did not realize that nothing can protect eventpoll after ep_poll_callback() sets ->whead = NULL, only whead->lock can save us from the race with ep_free() or ep_remove(). Move ->whead = NULL to the end of ep_poll_callback() and add the necessary barriers. TODO: cleanup the ewake/EPOLLEXCLUSIVE logic, it was confusing even before this patch. Hopefully this explains use-after-free reported by syzcaller: BUG: KASAN: use-after-free in debug_spin_lock_before ... _raw_spin_lock_irqsave+0x4a/0x60 kernel/locking/spinlock.c:159 ep_poll_callback+0x29f/0xff0 fs/eventpoll.c:1148 this is spin_lock(eventpoll->lock), ... Freed by task 17774: ... kfree+0xe8/0x2c0 mm/slub.c:3883 ep_free+0x22c/0x2a0 fs/eventpoll.c:865 Fixes: 971316f0 ("epoll: ep_unregister_pollwait() can use the freed pwq->whead") Reported-by: 范龙飞 <long7573@126.com> Cc: stable@vger.kernel.org Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Fix handling of pinned BPF map nodes in hash of maps, from Daniel Borkmann. 2) IPSEC ESP error paths leak memory, from Steffen Klassert. 3) We need an RCU grace period before freeing fib6_node objects, from Wei Wang. 4) Must check skb_put_padto() return value in HSR driver, from FLorian Fainelli. 5) Fix oops on PHY probe failure in ftgmac100 driver, from Andrew Jeffery. 6) Fix infinite loop in UDP queue when using SO_PEEK_OFF, from Eric Dumazet. 7) Use after free when tcf_chain_destroy() called multiple times, from Jiri Pirko. 8) Fix KSZ DSA tag layer multiple free of SKBS, from Florian Fainelli. 9) Fix leak of uninitialized memory in sctp_get_sctp_info(), inet_diag_msg_sctpladdrs_fill() and inet_diag_msg_sctpaddrs_fill(). From Stefano Brivio. 10) L2TP tunnel refcount fixes from Guillaume Nault. 11) Don't leak UDP secpath in udp_set_dev_scratch(), from Yossi Kauperman. 12) Revert a PHY layer change wrt. handling of PHY_HALTED state in phy_stop_machine(), it causes regressions for multiple people. From Florian Fainelli. 13) When packets are sent out of br0 we have to clear the offload_fwdq_mark value. 14) Several NULL pointer deref fixes in packet schedulers when their ->init() routine fails. From Nikolay Aleksandrov. 15) Aquantium devices cannot checksum offload correctly when the packet is <= 60 bytes. From Pavel Belous. 16) Fix vnet header access past end of buffer in AF_PACKET, from Benjamin Poirier. 17) Double free in probe error paths of nfp driver, from Dan Carpenter. 18) QOS capability not checked properly in DCB init paths of mlx5 driver, from Huy Nguyen. 19) Fix conflicts between firmware load failure and health_care timer in mlx5, also from Huy Nguyen. 20) Fix dangling page pointer when DMA mapping errors occur in mlx5, from Eran Ben ELisha. 21) ->ndo_setup_tc() in bnxt_en driver doesn't count rings properly, from Michael Chan. 22) Missing MSIX vector free in bnxt_en, also from Michael Chan. 23) Refcount leak in xfrm layer when using sk_policy, from Lorenzo Colitti. 24) Fix copy of uninitialized data in qlge driver, from Arnd Bergmann. 25) bpf_setsockopts() erroneously always returns -EINVAL even on success. Fix from Yuchung Cheng. 26) tipc_rcv() needs to linearize the SKB before parsing the inner headers, from Parthasarathy Bhuvaragan. 27) Fix deadlock between link status updates and link removal in netvsc driver, from Stephen Hemminger. 28) Missed locking of page fragment handling in ESP output, from Steffen Klassert. 29) Fix refcnt leak in ebpf congestion control code, from Sabrina Dubroca. 30) sxgbe_probe_config_dt() doesn't check devm_kzalloc()'s return value, from Christophe Jaillet. 31) Fix missing ipv6 rx_dst_cookie update when rx_dst is updated during early demux, from Paolo Abeni. 32) Several info leaks in xfrm_user layer, from Mathias Krause. 33) Fix out of bounds read in cxgb4 driver, from Stefano Brivio. 34) Properly propagate obsolete state of route upwards in ipv6 so that upper holders like xfrm can see it. From Xin Long. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (118 commits) udp: fix secpath leak bridge: switchdev: Clear forward mark when transmitting packet mlxsw: spectrum: Forbid linking to devices that have uppers wl1251: add a missing spin_lock_init() Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()" net: dsa: bcm_sf2: Fix number of CFP entries for BCM7278 kcm: do not attach PF_KCM sockets to avoid deadlock sch_tbf: fix two null pointer dereferences on init failure sch_sfq: fix null pointer dereference on init failure sch_netem: avoid null pointer deref on init failure sch_fq_codel: avoid double free on init failure sch_cbq: fix null pointer dereferences on init failure sch_hfsc: fix null pointer deref and double free on init failure sch_hhf: fix null pointer dereference on init failure sch_multiq: fix double free on init failure sch_htb: fix crash on init failure net/mlx5e: Fix CQ moderation mode not set properly net/mlx5e: Fix inline header size for small packets net/mlx5: E-Switch, Unload the representors in the correct order net/mlx5e: Properly resolve TC offloaded ipv6 vxlan tunnel source address ...
-
git://github.com/ceph/ceph-clientLinus Torvalds authored
Pull ceph fix from Ilya Dryomov: "ceph fscache page locking fix from Zheng, marked for stable" * tag 'ceph-for-4.13-rc8' of git://github.com/ceph/ceph-client: ceph: fix readpage from fscache
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds authored
Pull input fixes from Dmitry Torokhov: "Just a couple drivers fixes (Synaptics PS/2, Xpad)" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: xpad - fix PowerA init quirk for some gamepad models Input: synaptics - fix device info appearing different on reconnect
-
Willem de Bruijn authored
The msg_zerocopy test defines SO_ZEROCOPY if necessary, but its value is inconsistent with the one in asm-generic.h. Correct that. Also convert one error to a warning. When the test is complete, report throughput and close cleanly even if the process did not wait for all completions. Reported-by: Dan Melnic <dmm@fb.com> Signed-off-by: Willem de Bruijn <willemb@google.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmcLinus Torvalds authored
Pull two more MMC fixes from Ulf Hansson: "MMC core: - Fix block status codes MMC host: - sdhci-xenon: Fix SD bus voltage select" * tag 'mmc-v4.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sdhci-xenon: add set_power callback mmc: block: Fix block status codes
-
Willem de Bruijn authored
Documentation for this feature was missing from the patchset. Copied a lot from the netdev 2.1 paper, addressing some small interface changes since then. Changes v1 -> v2 - change email discussion URL format - clarify that u32 counter is per-syscall, unsigned and wraps after UINT_MAX calls - describe errno on send failure specific to MSG_ZEROCOPY - a few very minor rewordings Signed-off-by: Willem de Bruijn <willemb@google.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/soundLinus Torvalds authored
Pull sound fixes from Takashi Iwai: "Three regression fixes that should be addressed before the final release: a missing mutex call in OSS PCM emulation ioctl, ASoC rt5670 headset detection breakage, and a regression in simple-card parser code" * tag 'sound-4.13-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ASoC: simple_card_utils: fix fallback when "label" property isn't present ALSA: pcm: Fix power lock unbalance via OSS emulation ASoC: rt5670: Fix GPIO headset detection regression
-
David Ahern authored
Make sock_filter_is_valid_access consistent with other is_valid_access helpers. Requested-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David Ahern <dsahern@gmail.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Andrew Pilloud authored
The mvneta driver and hardware supports IPv6 offload, however it isn't enabled. Set the NETIF_F_IPV6_CSUM feature to inform the network layer that this driver can offload IPV6 TCP and UDP checksums. This change has been tested on an Armada 370 and the feature support confirmed with several device datasheets including the Armada XP and Armada 3700. Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linuxLinus Torvalds authored
Pull s390 fixes from Martin Schwidefsky: "Three more bug fixes for v4.13. The two memory management related fixes are quite new, they fix kernel crashes that can be triggered by user space. The third commit fixes a bug in the vfio ccw translation code" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/mm: fix BUG_ON in crst_table_upgrade s390/mm: fork vs. 5 level page tabel vfio: ccw: fix bad ptr math for TIC cda translation
-
David S. Miller authored
Merge tag 'wireless-drivers-next-for-davem-2017-09-01' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next Kalle Valo says: ==================== wireless-drivers-next patches for 4.14 Few last patches for 4.14, nothing really major here. Major changes: wil6210 * support FW RSSI reporting (by mistake this was accidentally mentioned already in the previous pull request, but now it's really included) * make debugfs optional, adds new Kconfig option CONFIG_WIL6210_DEBUGFS qtnfmac * implement 64-bit DMA support ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Colin Ian King authored
At the end of the do while loop the integer counter retries will always be zero and so the subsequent check to see if it is zero is always true and therefore redundant. Remove the redundant check and always return -EIO on this return path. Also unbreak the literal string in dev_err message to clean up a checkpatch warning. Detected by CoverityScan, CID#744279 ("Logically dead code") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds authored
Pull crypto fixes from Herbert Xu: "This fixes the following issues: - Regression in chacha20 handling of chunked input - Crash in algif_skcipher when used with async io - Potential bogus pointer dereference in lib/mpi" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: algif_skcipher - only call put_page on referenced and used pages crypto: testmgr - add chunked test cases for chacha20 crypto: chacha20 - fix handling of chunked input lib/mpi: kunmap after finishing accessing buffer
-
Yossi Kuperman authored
After commit dce4551c ("udp: preserve head state for IP_CMSG_PASSSEC") we preserve the secpath for the whole skb lifecycle, but we also end up leaking a reference to it. We must clear the head state on skb reception, if secpath is present. Fixes: dce4551c ("udp: preserve head state for IP_CMSG_PASSSEC") Signed-off-by: Yossi Kuperman <yossiku@mellanox.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Corentin Labbe says: ==================== net: mdio-mux: Misc fix This patch series fix minor problems found when working on the dwmac-sun8i syscon mdio-mux. Changes since v1: - Removed obsolete comment about of_mdio_find_bus/put_device - removed more DRV_VERSION ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Corentin Labbe authored
mdio_mux_uninit() call put_device (unconditionally) because of of_mdio_find_bus() in mdio_mux_init. But of_mdio_find_bus is only called if mux_bus is empty. If mux_bus is set, mdio_mux_uninit will print a "refcount_t: underflow" trace. This patch add a get_device in the other branch of "if (mux_bus)". Signed-off-by: Corentin Labbe <clabbe.montjoie@gmail.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-