1. 01 Feb, 2017 3 commits
    • Eric Dumazet's avatar
      net: reduce skb_warn_bad_offload() noise · b2504a5d
      Eric Dumazet authored
      Dmitry reported warnings occurring in __skb_gso_segment() [1]
      
      All SKB_GSO_DODGY producers can allow user space to feed
      packets that trigger the current check.
      
      We could prevent them from doing so, rejecting packets, but
      this might add regressions to existing programs.
      
      It turns out our SKB_GSO_DODGY handlers properly set up checksum
      information that is needed anyway when packets needs to be segmented.
      
      By checking again skb_needs_check() after skb_mac_gso_segment(),
      we should remove these pesky warnings, at a very minor cost.
      
      With help from Willem de Bruijn
      
      [1]
      WARNING: CPU: 1 PID: 6768 at net/core/dev.c:2439 skb_warn_bad_offload+0x2af/0x390 net/core/dev.c:2434
      lo: caps=(0x000000a2803b7c69, 0x0000000000000000) len=138 data_len=0 gso_size=15883 gso_type=4 ip_summed=0
      Kernel panic - not syncing: panic_on_warn set ...
      
      CPU: 1 PID: 6768 Comm: syz-executor1 Not tainted 4.9.0 #5
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
       ffff8801c063ecd8 ffffffff82346bdf ffffffff00000001 1ffff100380c7d2e
       ffffed00380c7d26 0000000041b58ab3 ffffffff84b37e38 ffffffff823468f1
       ffffffff84820740 ffffffff84f289c0 dffffc0000000000 ffff8801c063ee20
      Call Trace:
       [<ffffffff82346bdf>] __dump_stack lib/dump_stack.c:15 [inline]
       [<ffffffff82346bdf>] dump_stack+0x2ee/0x3ef lib/dump_stack.c:51
       [<ffffffff81827e34>] panic+0x1fb/0x412 kernel/panic.c:179
       [<ffffffff8141f704>] __warn+0x1c4/0x1e0 kernel/panic.c:542
       [<ffffffff8141f7e5>] warn_slowpath_fmt+0xc5/0x100 kernel/panic.c:565
       [<ffffffff8356cbaf>] skb_warn_bad_offload+0x2af/0x390 net/core/dev.c:2434
       [<ffffffff83585cd2>] __skb_gso_segment+0x482/0x780 net/core/dev.c:2706
       [<ffffffff83586f19>] skb_gso_segment include/linux/netdevice.h:3985 [inline]
       [<ffffffff83586f19>] validate_xmit_skb+0x5c9/0xc20 net/core/dev.c:2969
       [<ffffffff835892bb>] __dev_queue_xmit+0xe6b/0x1e70 net/core/dev.c:3383
       [<ffffffff8358a2d7>] dev_queue_xmit+0x17/0x20 net/core/dev.c:3424
       [<ffffffff83ad161d>] packet_snd net/packet/af_packet.c:2930 [inline]
       [<ffffffff83ad161d>] packet_sendmsg+0x32ed/0x4d30 net/packet/af_packet.c:2955
       [<ffffffff834f0aaa>] sock_sendmsg_nosec net/socket.c:621 [inline]
       [<ffffffff834f0aaa>] sock_sendmsg+0xca/0x110 net/socket.c:631
       [<ffffffff834f329a>] ___sys_sendmsg+0x8fa/0x9f0 net/socket.c:1954
       [<ffffffff834f5e58>] __sys_sendmsg+0x138/0x300 net/socket.c:1988
       [<ffffffff834f604d>] SYSC_sendmsg net/socket.c:1999 [inline]
       [<ffffffff834f604d>] SyS_sendmsg+0x2d/0x50 net/socket.c:1995
       [<ffffffff84371941>] entry_SYSCALL_64_fastpath+0x1f/0xc2
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarDmitry Vyukov  <dvyukov@google.com>
      Cc: Willem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b2504a5d
    • Theuns Verwoerd's avatar
      rtnetlink: Handle IFLA_MASTER parameter when processing rtnl_newlink · 160ca014
      Theuns Verwoerd authored
      Allow a master interface to be specified as one of the parameters when
      creating a new interface via rtnl_newlink.  Previously this would
      require invoking interface creation, waiting for it to complete, and
      then separately binding that new interface to a master.
      
      In particular, this is used when creating a macvlan child interface for
      VRRP in a VRF configuration, allowing the interface creator to specify
      directly what master interface should be inherited by the child,
      without having to deal with asynchronous complications and potential
      race conditions.
      Signed-off-by: default avatarTheuns Verwoerd <theuns.verwoerd@alliedtelesis.co.nz>
      Acked-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      160ca014
    • David S. Miller's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next · 04cdf13e
      David S. Miller authored
      Steffen Klassert says:
      
      ====================
      pull request (net-next): ipsec-next 2017-02-01
      
      1) Some typo fixes, from Alexander Alemayhu.
      
      2) Don't acquire state lock in get_mtu functions.
         The only rece against a dead state does not matter.
         From Florian Westphal.
      
      3) Remove xfrm4_state_fini, it is unused for more than
         10 years. From Florian Westphal.
      
      4) Various rcu usage improvements. From Florian Westphal.
      
      5) Properly handle crypto arrors in ah4/ah6.
         From Gilad Ben-Yossef.
      
      6) Try to avoid skb linearization in esp4 and esp6.
      
      7) The esp trailer is now set up in different places,
         add a helper for this.
      
      8) With the upcomming usage of gro_cells in IPsec,
         a gro merged skb can have a secpath. Drop it
         before freeing or reusing the skb.
      
      9) Add a xfrm dummy network device for napi. With
         this we can use gro_cells from within xfrm,
         it allows IPsec GRO without impact on the generic
         networking code.
      
      Please pull or let me know if there are problems.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      04cdf13e
  2. 31 Jan, 2017 13 commits
  3. 30 Jan, 2017 24 commits