- 21 Mar, 2019 1 commit
-
-
Hoang Le authored
skb free-ed in: 1/ condition 1: tipc_sk_filter_rcv -> tipc_sk_proto_rcv 2/ condition 2: tipc_sk_filter_rcv -> tipc_group_filter_msg This leads to a "use-after-free" access in the next condition. We fix this by intializing the variable at declaration, then it is safe to check this variable to continue processing if condition matches. syzbot report: ================================================================== BUG: KASAN: use-after-free in tipc_sk_filter_rcv+0x2166/0x34f0 net/tipc/socket.c:2167 Read of size 4 at addr ffff88808ea58534 by task kworker/u4:0/7 CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.0.0+ #61 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: tipc_send tipc_conn_send_work Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 __asan_report_load4_noabort+0x14/0x20 mm/kasan/generic_report.c:131 tipc_sk_filter_rcv+0x2166/0x34f0 net/tipc/socket.c:2167 tipc_sk_enqueue net/tipc/socket.c:2254 [inline] tipc_sk_rcv+0xc45/0x25a0 net/tipc/socket.c:2305 tipc_topsrv_kern_evt+0x3b7/0x580 net/tipc/topsrv.c:610 tipc_conn_send_to_sock+0x43e/0x5f0 net/tipc/topsrv.c:283 tipc_conn_send_work+0x65/0x80 net/tipc/topsrv.c:303 process_one_work+0x98e/0x1790 kernel/workqueue.c:2269 worker_thread+0x98/0xe40 kernel/workqueue.c:2415 kthread+0x357/0x430 kernel/kthread.c:253 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Reported-by: syzbot+e863893591cc7a622e40@syzkaller.appspotmail.com Fixes: c55c8eda ("tipc: smooth change between replicast and broadcast") Acked-by:
Jon Maloy <jon.maloy@ericsson.com> Signed-off-by:
Hoang Le <hoang.h.le@dektech.com.au> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
- 20 Mar, 2019 23 commits
-
-
Stephen Suryaputra authored
In addition to icmp_echo_ignore_multicast, there is a need to also prevent responding to pings to anycast addresses for security. Signed-off-by:
Stephen Suryaputra <ssuryaextr@gmail.com> Signed-off-by:
-
YueHaibing authored
Fix sparse warnings: drivers/isdn/i4l/isdn_ppp.c:1891:16: warning: symbol 'isdn_ppp_mp_discard' was not declared. Should it be static? drivers/isdn/i4l/isdn_ppp.c:1903:6: warning: symbol 'isdn_ppp_mp_reassembly' was not declared. Should it be static? Signed-off-by:
YueHaibing <yuehaibing@huawei.com> Signed-off-by:
-
YueHaibing authored
Fix sparse warning: drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c:414:6: warning: symbol 'hclge_destroy_cmd_queue' was not declared. Should it be static? Signed-off-by:
-
David S. Miller authored
Paolo Abeni says: ==================== net: refactor ndo_select_queue() Currently, on most devices implementing ndo_select_queue(), we get 2 indirect calls per xmit packet, at least in some scenarios. We can avoid one of such indirect calls refactoring the ndo_select_queue() usage so that we don't need anymore the 'fallback' argument. The first patch renames a helper used later as a public API, the second one changes the af packet implementation so that it uses the common infrastructure to select the xmit queue, and the second patch drops the now unneeded argument from ndo_select_queue(). Alternatively we could use the INDIRECT_CALL_WRAPPER infrastructure to avoid the fallback indirect call in the common case, but this solution allows also for some code cleanup. v1 -> v2: - renamed select queue helpers, as per Eric's and David's suggestions ==================== Signed-off-by: -
Paolo Abeni authored
After the previous patch, all the callers of ndo_select_queue() provide as a 'fallback' argument netdev_pick_tx. The only exceptions are nested calls to ndo_select_queue(), which pass down the 'fallback' available in the current scope - still netdev_pick_tx. We can drop such argument and replace fallback() invocation with netdev_pick_tx(). This avoids an indirect call per xmit packet in some scenarios (TCP syn, UDP unconnected, XDP generic, pktgen) with device drivers implementing such ndo. It also clean the code a bit. Tested with ixgbe and CONFIG_FCOE=m With pktgen using queue xmit: threads vanilla patched (kpps) (kpps) 1 2334 2428 2 4166 4278 4 7895 8100 v1 -> v2: - rebased after helper's name change Signed-off-by:
Paolo Abeni <pabeni@redhat.com> Signed-off-by:
-
Paolo Abeni authored
Currently packet_pick_tx_queue() is the only caller of ndo_select_queue() using a fallback argument other than netdev_pick_tx. Leveraging rx queue, we can obtain a similar queue selection behavior using core helpers. After this change, ndo_select_queue() is always invoked with netdev_pick_tx() as fallback. We can change ndo_select_queue() signature in a followup patch, dropping an indirect call per transmitted packet in some scenarios (e.g. TCP syn and XDP generic xmit) This changes slightly how af packet queue selection happens when PACKET_QDISC_BYPASS is set. It's now more similar to plan dev_queue_xmit() tacking in account both XPS and TC mapping. v1 -> v2: - rebased after helper name change RFC -> v1: - initialize sender_cpu to the expected value Signed-off-by:
-
Paolo Abeni authored
With the following patches, we are going to use __netdev_pick_tx() in many modules. Rename it to netdev_pick_tx(), to make it clear is a public API. Also rename the existing netdev_pick_tx() to netdev_core_pick_tx(), to avoid name clashes. Suggested-by:
Eric Dumazet <edumazet@google.com> Suggested-by:
-
David S. Miller authored
Sudarsana Reddy Kalluru says: ==================== qed* enhancements. The patch series adds couple of enhancements for qed/qede drivers. Please consider applying it to 'net-next' tree. ==================== Signed-off-by: -
Sudarsana Reddy Kalluru authored
The patch introduces a new Multi-Function bit for cases where firmware shouldn't perform the insertion of vlan-0 tag. The new bit is defined to abstract the implementation from the actual MF mode. Signed-off-by:
Sudarsana Reddy Kalluru <skalluru@marvell.com> Signed-off-by:
Ariel Elior <aelior@marvell.com> Signed-off-by:
Michal Kalderon <mkalderon@marvell.com> Signed-off-by:
-
Sudarsana Reddy Kalluru authored
The patch adds support to display MBI image version in 'ethtool -i' output. Signed-off-by:
-
Hangbin Liu authored
Similiar to commit a6111d3c ("vlan: Pass SIOC[SG]HWTSTAMP ioctls to real device") and commit 37dd9255 ("vlan: Pass ethtool get_ts_info queries to real device."), add MACVlan HW ptp support. Signed-off-by:
Hangbin Liu <liuhangbin@gmail.com> Signed-off-by:
-
Mao Wenan authored
This patch is to use eth_broadcast_addr() to assign broadcast address insetad of memset(). Signed-off-by:
Mao Wenan <maowenan@huawei.com> Signed-off-by:
-
Vakul Garg authored
Added support for AES128-CCM based record encryption. AES128-CCM is similar to AES128-GCM. Both of them have same salt/iv/mac size. The notable difference between the two is that while invoking AES128-CCM operation, the salt||nonce (which is passed as IV) has to be prefixed with a hardcoded value '2'. Further, CCM implementation in kernel requires IV passed in crypto_aead_request() to be full '16' bytes. Therefore, the record structure 'struct tls_rec' has been modified to reserve '16' bytes for IV. This works for both GCM and CCM based cipher. Signed-off-by:
Vakul Garg <vakul.garg@nxp.com> Signed-off-by:
-
David S. Miller authored
Heiner Kallweit says: ==================== net: phy: aquantia: add interface mode handling These two patches add interface mode handling for the AQR107/AQCS109. ==================== Signed-off-by: -
Nikita Yushchenko authored
Depending on the auto-negotiated speed the PHY may change the interface mode. Check for new mode and set phydev->interface accordingly. Signed-off-by:
Nikita Yushchenko <nikita.yoush@cogentembedded.com> Signed-off-by:
Andrew Lunn <andrew@lunn.ch> [hkallweit1@gmail.com: picked from bigger patch and reworked] Signed-off-by:
Heiner Kallweit <hkallweit1@gmail.com> Signed-off-by:
-
Andrew Lunn authored
Let config_init check for unsupported interface modes on AQR107/AQCS109. Signed-off-by:
-
Heiner Kallweit authored
Currently the Phy driver's link_change_notify callback is called whenever the state machine is run (every second if polling), no matter whether the state changed or not. This isn't needed and may confuse users considering the name of the callback. Actually it contradicts its kernel-doc description. Therefore let's change the behavior and call this callback only in case of an actual state change. This requires changes to the at803x and rockchip drivers. at803x can be simplified so that it reacts on a state change to PHY_NOLINK only. The rockchip driver can also be much simplified. We simply re-init the AFE/DSP registers whenever we change to PHY_RUNNING and speed is 100Mbps. This causes very small overhead because we do this even if the speed was 100Mbps already. But this is negligible and I think justified by the much simpler code. Changes are compile-tested only. A little bit problematic seems to be to find somebody with the hardware to test the changes to the two PHY drivers. See also [0]. David may be able to test the Rockchip driver. [0] https://marc.info/?t=153782508800006&r=1&w=2Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queueDavid S. Miller authored
Jeff Kirsher says: ==================== 100GbE Intel Wired LAN Driver Updates 2019-03-19 This series contains updates to ice driver only. Michal adds support for the pruning enable flag to avoid seeing broadcast packets on different VLANs. Akeem fixes an issue with VF queues being disabled and the VF netdev network carrier being lost after reset. Fixed an issue issue when doing PFR and CORER resets, where all VF VSIs need to be reset and rebuilt with the main VSIs before replaying all VSIs. Resolved an issue to properly initialize VFs in the guest OS via PCI passthrough. Bruce adds a local variable to avoid unnecessary de-references throughout ice_probe(). Brett cleans up the code a bit by removing the need for a local variable and re-designs the loop to simply return when get a successful result. Cleans up the code to replace loop calls with a predefined macro to make the code more consistent. Updated the driver to ensure ITR granularity is always 2 usecs. Refactors the calculation of VSIs per PF into a general function that can calculate per PF allocations for not just VSIs but across multiple resource types. Improve the driver performance of the driver when using the default settings by determining the ring size and the number of descriptors for transmit and receive based on a calculation with the PAGE_SIZE, ICE_MAX_NUM_DESC, and ICE_REQ_DESC_MULTIPLE. Chinh fixes an issue, where a reserved bit was possibly being set when it should never be set. ==================== Signed-off-by: -
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queueDavid S. Miller authored
Jeff Kirsher says: ==================== 1GbE Intel Wired LAN Driver Updates 2019-03-19 This series contains updates to e100, e1000, e1000e, igb, igc and ixgbe. Serhey Popovych fixes the return value for several of our older drivers for netdev_update_features() to notify of changes applied. Kai-Heng Feng fixes the WoL setting for system suspend, which should not set to runtime suspend settings for igb. Then fixes a power management issue with e1000e for CNP+ devices. Colin Ian King fixes whitespace issue (indentation), which helps with readability. Sasha provides the remaining changes for igc, including the enabling of multi-queues to receive. Added support for displaying and configuring network flow classification (NFC) via ethtool. Added additional statistics and basic counters for igc. Fixed a typo, so it aligns with our other drivers. ==================== Signed-off-by: -
Brett Creeley authored
Currently we set the default number of Tx and Rx descriptors to 128 by default. For Rx this amounts to a full page (assuming 4K pages) because each Rx descriptor is 32 Bytes, but for Tx it only amounts to a half page because each Tx descriptor is 16 Bytes (assuming 4K pages). Instead of assuming 4K pages, determine the ring size and the number of descriptors for Tx and Rx based on a calculation using the PAGE_SIZE, ICE_MAX_NUM_DESC, and ICE_REQ_DESC_MULTIPLE. This change is being made to improve the performance of the driver when using the default settings. Signed-off-by:
Brett Creeley <brett.creeley@intel.com> Signed-off-by:
Anirudh Venkataramanan <anirudh.venkataramanan@intel.com> Tested-by:
Andrew Bowers <andrewx.bowers@intel.com> Signed-off-by:
Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-
Akeem G Abodunrin authored
During SR-IOV initialization, we allocate and setup VFs with reset, and since we were going to inform Firmware about our intention to do VFLR by disabling LAN TX Queue, then we really have to complete VF reset flow with VFLR using appropriate registers - Otherwise, reset status bit for VF in the Guest OS might returns DEADBEEF. This resolves issue to properly initialize VFs in the Guest OS via PCI passthrough. Signed-off-by:
Akeem G Abodunrin <akeem.g.abodunrin@intel.com> Signed-off-by:
-
Brett Creeley authored
ice_get_guar_num_vsi currently calculates the number of VSIs per PF. Rework this into a general function ice_get_num_per_func, that can calculate per PF allocations for not just VSIs but across multiple resource types. Signed-off-by:
Bruce Allan <bruce.w.allan@intel.com> Signed-off-by:
-
Akeem G Abodunrin authored
All VF VSIs need to be reset and rebuild with the main VSIs before replaying all VSIs, so that all existing switch filters, scheduler tree and other configuration could be replayed at once. This fixes issues when doing PFR and CORER reset. Signed-off-by:
-
- 19 Mar, 2019 16 commits
-
-
Brett Creeley authored
Instead of hoping that our ITR granularity will be 2 usec program the GLINT_CTL register to make sure the ITR granularity is always 2 usecs. Now that we know what the ITR granularity will be get rid of the check in ice_probe() to verify our previous assumption. Signed-off-by:
-
Brett Creeley authored
Replace all instances of: for (i = 0; i < pf->num_alloc_vsi; i++) with the following macro: ice_for_each_vsi(pf, i) This will allow the code to be consistent since there are currently cases of using both. Signed-off-by:
-
Chinh T Cao authored
In the ice_aq_set_phy_cfg AQ command, the 16.4 bit is reserved. This patch will make sure that this bit will never be set to 1. Signed-off-by:
Chinh T Cao <chinh.t.cao@intel.com> Reviewed-by:
-
Brett Creeley authored
In ice_pf_rxq_wait we are using an unnecessary local variable and also we are checking if the timeout time was reached after the loop. Get rid of the local variable and return 0 right when we get a successful result. This makes it so we can return -ETIMEDOUT if we ever exit the loop because we know the timeout time has been hit. Signed-off-by:
-
Bruce Allan authored
Add a local variable struct device *dev to avoid unnecessary de-references throughout ice_probe(). Signed-off-by:
-
Akeem G Abodunrin authored
This patch fixes issues with VF queues being disabled, and VF netdev network carrier being lost after reset. Basically, we need to check if VF is enabled, and queue configured in reset_all_vfs flow, and disable/enable those queues appropriately whenever the function is called after Global/CORER/PFR reset/rebuild/replay. Signed-off-by:
-
Michal Swiatkowski authored
Set egress (Rx) pruning enable flag for VF VSI in VSI ctxt to enable prune action. To avoid seeing broadcast packet in different VLAN, pruning enable flag in VSI ctxt should be set. Write new functions (fill VSI ctx) to not repeat send ctxt code. Signed-off-by:
Michal Swiatkowski <michal.swiatkowski@intel.com> Signed-off-by:
-
Sasha Neftin authored
Remove unneeded hw_dbg prints from igc_ethtool.c file. Clean up code. Signed-off-by:
Sasha Neftin <sasha.neftin@intel.com> Tested-by:
Aaron Brown <aaron.f.brown@intel.com> Signed-off-by:
-
Sasha Neftin authored
Add the underline for the _IGC_BASE_H_. Signed-off-by:
-
Sasha Neftin authored
Copy the ntuple feature into list of user selectable features. Enable the ntuple feature. Signed-off-by:
-
Sasha Neftin authored
Add support for statistics and show basic counters. Signed-off-by:
-
David S. Miller authored
Andy Shevchenko says: ==================== enc28j60: messaging clean up and ACPI improvements Most of the patches in the series dedicated to update messaging to use modern APIs, such as netdev, with a benefit to distinguish devices, if more than one installed on the system. Besides that, patch 1 targeting ACPI enabled systems when MAC address provided there via properties. And few clean ups are included, such as: - switching to module_spi_driver() - converting to use ether_addr_copy() API - converting to use SPDX Since v2: - cover letter is added ==================== Signed-off-by: -
Andy Shevchenko authored
Reduce size of duplicated comments by switching to use SPDX identifier. No functional change. Signed-off-by:
Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by:
-
Andy Shevchenko authored
Fix few indentation splats. No functional change intended. Signed-off-by:
-
Andy Shevchenko authored
Amend comments in the code: - adding periods to the multi-line comments - fixing typos - capitalize first word in the sentences - etc Signed-off-by:
-
Andy Shevchenko authored
There is no need to include linux/init.h when at the same time we include linux/module.h. Remove redundant inclusion. Signed-off-by:
-
