1. 27 Sep, 2018 14 commits
    • Nathan Chancellor's avatar
      qed: Avoid constant logical operation warning in qed_vf_pf_acquire · 1c492a9d
      Nathan Chancellor authored
      Clang warns when a constant is used in a boolean context as it thinks a
      bitwise operation may have been intended.
      
      drivers/net/ethernet/qlogic/qed/qed_vf.c:415:27: warning: use of logical
      '&&' with constant operand [-Wconstant-logical-operand]
              if (!p_iov->b_pre_fp_hsi &&
                                       ^
      drivers/net/ethernet/qlogic/qed/qed_vf.c:415:27: note: use '&' for a
      bitwise operation
              if (!p_iov->b_pre_fp_hsi &&
                                       ^~
                                       &
      drivers/net/ethernet/qlogic/qed/qed_vf.c:415:27: note: remove constant
      to silence this warning
              if (!p_iov->b_pre_fp_hsi &&
                                      ~^~
      1 warning generated.
      
      This has been here since commit 1fe614d1 ("qed: Relax VF firmware
      requirements") and I am not entirely sure why since 0 isn't a special
      case. Just remove the statement causing Clang to warn since it isn't
      required.
      
      Link: https://github.com/ClangBuiltLinux/linux/issues/126Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1c492a9d
    • Mahesh Bandewar's avatar
      bonding: avoid possible dead-lock · d4859d74
      Mahesh Bandewar authored
      Syzkaller reported this on a slightly older kernel but it's still
      applicable to the current kernel -
      
      ======================================================
      WARNING: possible circular locking dependency detected
      4.18.0-next-20180823+ #46 Not tainted
      ------------------------------------------------------
      syz-executor4/26841 is trying to acquire lock:
      00000000dd41ef48 ((wq_completion)bond_dev->name){+.+.}, at: flush_workqueue+0x2db/0x1e10 kernel/workqueue.c:2652
      
      but task is already holding lock:
      00000000768ab431 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline]
      00000000768ab431 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x412/0xc30 net/core/rtnetlink.c:4708
      
      which lock already depends on the new lock.
      
      the existing dependency chain (in reverse order) is:
      
      -> #2 (rtnl_mutex){+.+.}:
             __mutex_lock_common kernel/locking/mutex.c:925 [inline]
             __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073
             mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088
             rtnl_lock+0x17/0x20 net/core/rtnetlink.c:77
             bond_netdev_notify drivers/net/bonding/bond_main.c:1310 [inline]
             bond_netdev_notify_work+0x44/0xd0 drivers/net/bonding/bond_main.c:1320
             process_one_work+0xc73/0x1aa0 kernel/workqueue.c:2153
             worker_thread+0x189/0x13c0 kernel/workqueue.c:2296
             kthread+0x35a/0x420 kernel/kthread.c:246
             ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
      
      -> #1 ((work_completion)(&(&nnw->work)->work)){+.+.}:
             process_one_work+0xc0b/0x1aa0 kernel/workqueue.c:2129
             worker_thread+0x189/0x13c0 kernel/workqueue.c:2296
             kthread+0x35a/0x420 kernel/kthread.c:246
             ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:415
      
      -> #0 ((wq_completion)bond_dev->name){+.+.}:
             lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901
             flush_workqueue+0x30a/0x1e10 kernel/workqueue.c:2655
             drain_workqueue+0x2a9/0x640 kernel/workqueue.c:2820
             destroy_workqueue+0xc6/0x9d0 kernel/workqueue.c:4155
             __alloc_workqueue_key+0xef9/0x1190 kernel/workqueue.c:4138
             bond_init+0x269/0x940 drivers/net/bonding/bond_main.c:4734
             register_netdevice+0x337/0x1100 net/core/dev.c:8410
             bond_newlink+0x49/0xa0 drivers/net/bonding/bond_netlink.c:453
             rtnl_newlink+0xef4/0x1d50 net/core/rtnetlink.c:3099
             rtnetlink_rcv_msg+0x46e/0xc30 net/core/rtnetlink.c:4711
             netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454
             rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4729
             netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
             netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343
             netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908
             sock_sendmsg_nosec net/socket.c:622 [inline]
             sock_sendmsg+0xd5/0x120 net/socket.c:632
             ___sys_sendmsg+0x7fd/0x930 net/socket.c:2115
             __sys_sendmsg+0x11d/0x290 net/socket.c:2153
             __do_sys_sendmsg net/socket.c:2162 [inline]
             __se_sys_sendmsg net/socket.c:2160 [inline]
             __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2160
             do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
             entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      other info that might help us debug this:
      
      Chain exists of:
        (wq_completion)bond_dev->name --> (work_completion)(&(&nnw->work)->work) --> rtnl_mutex
      
       Possible unsafe locking scenario:
      
             CPU0                    CPU1
             ----                    ----
        lock(rtnl_mutex);
                                     lock((work_completion)(&(&nnw->work)->work));
                                     lock(rtnl_mutex);
        lock((wq_completion)bond_dev->name);
      
       *** DEADLOCK ***
      
      1 lock held by syz-executor4/26841:
      
      stack backtrace:
      CPU: 1 PID: 26841 Comm: syz-executor4 Not tainted 4.18.0-next-20180823+ #46
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
       print_circular_bug.isra.34.cold.55+0x1bd/0x27d kernel/locking/lockdep.c:1222
       check_prev_add kernel/locking/lockdep.c:1862 [inline]
       check_prevs_add kernel/locking/lockdep.c:1975 [inline]
       validate_chain kernel/locking/lockdep.c:2416 [inline]
       __lock_acquire+0x3449/0x5020 kernel/locking/lockdep.c:3412
       lock_acquire+0x1e4/0x4f0 kernel/locking/lockdep.c:3901
       flush_workqueue+0x30a/0x1e10 kernel/workqueue.c:2655
       drain_workqueue+0x2a9/0x640 kernel/workqueue.c:2820
       destroy_workqueue+0xc6/0x9d0 kernel/workqueue.c:4155
       __alloc_workqueue_key+0xef9/0x1190 kernel/workqueue.c:4138
       bond_init+0x269/0x940 drivers/net/bonding/bond_main.c:4734
       register_netdevice+0x337/0x1100 net/core/dev.c:8410
       bond_newlink+0x49/0xa0 drivers/net/bonding/bond_netlink.c:453
       rtnl_newlink+0xef4/0x1d50 net/core/rtnetlink.c:3099
       rtnetlink_rcv_msg+0x46e/0xc30 net/core/rtnetlink.c:4711
       netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454
       rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4729
       netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
       netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343
       netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908
       sock_sendmsg_nosec net/socket.c:622 [inline]
       sock_sendmsg+0xd5/0x120 net/socket.c:632
       ___sys_sendmsg+0x7fd/0x930 net/socket.c:2115
       __sys_sendmsg+0x11d/0x290 net/socket.c:2153
       __do_sys_sendmsg net/socket.c:2162 [inline]
       __se_sys_sendmsg net/socket.c:2160 [inline]
       __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2160
       do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x457089
      Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
      RSP: 002b:00007f2df20a5c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
      RAX: ffffffffffffffda RBX: 00007f2df20a66d4 RCX: 0000000000457089
      RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
      RBP: 0000000000930140 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
      R13: 00000000004d40b8 R14: 00000000004c8ad8 R15: 0000000000000001
      Signed-off-by: default avatarMahesh Bandewar <maheshb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d4859d74
    • Mahesh Bandewar's avatar
      bonding: pass link-local packets to bonding master also. · 6a9e461f
      Mahesh Bandewar authored
      Commit b89f04c6 ("bonding: deliver link-local packets with
      skb->dev set to link that packets arrived on") changed the behavior
      of how link-local-multicast packets are processed. The change in
      the behavior broke some legacy use cases where these packets are
      expected to arrive on bonding master device also.
      
      This patch passes the packet to the stack with the link it arrived
      on as well as passes to the bonding-master device to preserve the
      legacy use case.
      
      Fixes: b89f04c6 ("bonding: deliver link-local packets with skb->dev set to link that packets arrived on")
      Reported-by: default avatarMichal Soltys <soltys@ziu.info>
      Signed-off-by: default avatarMahesh Bandewar <maheshb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6a9e461f
    • Nathan Chancellor's avatar
      qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor · d3a31579
      Nathan Chancellor authored
      Clang warns when one enumerated type is implicitly converted to another.
      
      drivers/net/ethernet/qlogic/qed/qed_roce.c:153:12: warning: implicit
      conversion from enumeration type 'enum roce_mode' to different
      enumeration type 'enum roce_flavor' [-Wenum-conversion]
                      flavor = ROCE_V2_IPV6;
                             ~ ^~~~~~~~~~~~
      drivers/net/ethernet/qlogic/qed/qed_roce.c:156:12: warning: implicit
      conversion from enumeration type 'enum roce_mode' to different
      enumeration type 'enum roce_flavor' [-Wenum-conversion]
                      flavor = MAX_ROCE_MODE;
                             ~ ^~~~~~~~~~~~~
      2 warnings generated.
      
      Use the appropriate values from the expected type, roce_flavor:
      
      ROCE_V2_IPV6 = RROCE_IPV6 = 2
      MAX_ROCE_MODE = MAX_ROCE_FLAVOR = 3
      
      While we're add it, ditch the local variable flavor, we can just return
      the value directly from the switch statement.
      
      Link: https://github.com/ClangBuiltLinux/linux/issues/125Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d3a31579
    • Nathan Chancellor's avatar
      qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv · db803f36
      Nathan Chancellor authored
      Clang complains when one enumerated type is implicitly converted to
      another.
      
      drivers/net/ethernet/qlogic/qed/qed_vf.c:686:6: warning: implicit
      conversion from enumeration type 'enum qed_tunn_mode' to different
      enumeration type 'enum qed_tunn_clss' [-Wenum-conversion]
                                       QED_MODE_L2GENEVE_TUNN,
                                       ^~~~~~~~~~~~~~~~~~~~~~
      
      Update mask's parameter to expect qed_tunn_mode, which is what was
      intended.
      
      Link: https://github.com/ClangBuiltLinux/linux/issues/125Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      db803f36
    • Nathan Chancellor's avatar
      qed: Avoid implicit enum conversion in qed_set_tunn_cls_info · a898fba3
      Nathan Chancellor authored
      Clang warns when one enumerated type is implicitly converted to another.
      
      drivers/net/ethernet/qlogic/qed/qed_sp_commands.c:163:25: warning:
      implicit conversion from enumeration type 'enum tunnel_clss' to
      different enumeration type 'enum qed_tunn_clss' [-Wenum-conversion]
              p_tun->vxlan.tun_cls = type;
                                   ~ ^~~~
      drivers/net/ethernet/qlogic/qed/qed_sp_commands.c:165:26: warning:
      implicit conversion from enumeration type 'enum tunnel_clss' to
      different enumeration type 'enum qed_tunn_clss' [-Wenum-conversion]
              p_tun->l2_gre.tun_cls = type;
                                    ~ ^~~~
      drivers/net/ethernet/qlogic/qed/qed_sp_commands.c:167:26: warning:
      implicit conversion from enumeration type 'enum tunnel_clss' to
      different enumeration type 'enum qed_tunn_clss' [-Wenum-conversion]
              p_tun->ip_gre.tun_cls = type;
                                    ~ ^~~~
      drivers/net/ethernet/qlogic/qed/qed_sp_commands.c:169:29: warning:
      implicit conversion from enumeration type 'enum tunnel_clss' to
      different enumeration type 'enum qed_tunn_clss' [-Wenum-conversion]
              p_tun->l2_geneve.tun_cls = type;
                                       ~ ^~~~
      drivers/net/ethernet/qlogic/qed/qed_sp_commands.c:171:29: warning:
      implicit conversion from enumeration type 'enum tunnel_clss' to
      different enumeration type 'enum qed_tunn_clss' [-Wenum-conversion]
              p_tun->ip_geneve.tun_cls = type;
                                       ~ ^~~~
      5 warnings generated.
      
      Avoid this by changing type to an int.
      
      Link: https://github.com/ClangBuiltLinux/linux/issues/125Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a898fba3
    • Colin Ian King's avatar
      wimax/i2400m: fix spelling mistake "not unitialized" -> "uninitialized" · 079db3fd
      Colin Ian King authored
      Trivial fix to spelling mistake in ms_to_errno array of error messages
      and remove confusing "not" from the error text since the error code
      refers to an uninitialized error code.
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      079db3fd
    • Colin Ian King's avatar
      qed: fix spelling mistake "toogle" -> "toggle" · 5a94df70
      Colin Ian King authored
      Trivial fix to spelling mistake in DP_VERBOSE message
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5a94df70
    • David S. Miller's avatar
      Merge branch 'net-phy-fix-WoL-handling-when-suspending-the-PHY' · 30ed4871
      David S. Miller authored
      Heiner Kallweit says:
      
      ====================
      net: phy: fix WoL handling when suspending the PHY
      
      phy_suspend doesn't always recognize that WoL is enabled and therefore
      suspends the PHY when it should not. First idea to address the issue
      was to reuse checks used in mdio_bus_phy_may_suspend which check
      whether relevant devices are wakeup-enabled.
      Florian raised some concerns because drivers may enable wakeup even if
      WoL isn't enabled (e.g. certain USB network drivers).
      
      The new approach focuses on reducing the risk to break existing stuff.
      We add a flag wol_enabled to struct net_device which is set in
      ethtool_set_wol(). Then this flag is checked in phy_suspend().
      This doesn't cover 100% of the cases yet (e.g. if WoL is enabled w/o
      explicit configuration), but it covers the most relevant cases with
      very little risk of regressions.
      
      v2:
      - Fix a typo
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      30ed4871
    • Heiner Kallweit's avatar
      net: phy: fix WoL handling when suspending the PHY · 93f41e67
      Heiner Kallweit authored
      Core of the problem is that phy_suspend() suspends the PHY when it
      should not because of WoL. phy_suspend() checks for WoL already, but
      this works only if the PHY driver handles WoL (what is rarely the case).
      Typically WoL is handled by the MAC driver.
      
      This patch uses new member wol_enabled of struct net_device as
      additional criteria in the check when not to suspend the PHY because
      of WoL.
      
      Last but not least change phy_detach() to call phy_suspend() before
      attached_dev is set to NULL. phy_suspend() accesses attached_dev
      when checking whether the MAC driver activated WoL.
      
      Fixes: f1e911d5 ("r8169: add basic phylib support")
      Fixes: e8cfd9d6 ("net: phy: call state machine synchronously in phy_stop")
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      93f41e67
    • Heiner Kallweit's avatar
      net: core: add member wol_enabled to struct net_device · 61941143
      Heiner Kallweit authored
      Add flag wol_enabled to struct net_device indicating whether
      Wake-on-LAN is enabled. As first user phy_suspend() will use it to
      decide whether PHY can be suspended or not.
      
      Fixes: f1e911d5 ("r8169: add basic phylib support")
      Fixes: e8cfd9d6 ("net: phy: call state machine synchronously in phy_stop")
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      61941143
    • David S. Miller's avatar
      Revert "net: phy: fix WoL handling when suspending the PHY" · d31d1d03
      David S. Miller authored
      This reverts commit e0511f6c.
      
      I commited the wrong version of these changes.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d31d1d03
    • Heiner Kallweit's avatar
      net: phy: fix WoL handling when suspending the PHY · e0511f6c
      Heiner Kallweit authored
      Actually there's nothing wrong with the two changes marked as "Fixes",
      they just revealed a problem which has been existing before.
      After having switched r8169 to phylib it was reported that WoL from
      shutdown doesn't work any longer (WoL from suspend isn't affected).
      Reason is that during shutdown phy_disconnect()->phy_detach()->
      phy_suspend() is called.
      A similar issue occurs when the phylib state machine calls
      phy_suspend() when handling state PHY_HALTED.
      
      Core of the problem is that phy_suspend() suspends the PHY when it
      should not due to WoL. phy_suspend() checks for WoL already, but this
      works only if the PHY driver handles WoL (what is rarely the case).
      Typically WoL is handled by the MAC driver.
      
      phylib knows about this and handles it in mdio_bus_phy_may_suspend(),
      but that's used only when suspending the system, not in other cases
      like shutdown.
      
      Therefore factor out the relevant check from
      mdio_bus_phy_may_suspend() to a new function phy_may_suspend() and
      use it in phy_suspend().
      
      Last but not least change phy_detach() to call phy_suspend() before
      attached_dev is set to NULL. phy_suspend() accesses attached_dev
      when checking whether the MAC driver activated WoL.
      
      Fixes: f1e911d5 ("r8169: add basic phylib support")
      Fixes: e8cfd9d6 ("net: phy: call state machine synchronously in phy_stop")
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e0511f6c
    • David Ahern's avatar
      net/ipv6: Remove extra call to ip6_convert_metrics for multipath case · 36f19d5b
      David Ahern authored
      The change to move metrics from the dst to rt6_info moved the call
      to ip6_convert_metrics from ip6_route_add to ip6_route_info_create. In
      doing so it makes the call in ip6_route_info_append redundant and
      actually leaks the metrics installed as part of the ip6_route_info_create.
      Remove the now unnecessary call.
      
      Fixes: d4ead6b3 ("net/ipv6: move metrics from dst to rt6_info")
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      36f19d5b
  2. 26 Sep, 2018 2 commits
  3. 25 Sep, 2018 13 commits
  4. 24 Sep, 2018 11 commits
    • Antoine Tenart's avatar
      net: mvneta: fix the remaining Rx descriptor unmapping issues · f4a51879
      Antoine Tenart authored
      With CONFIG_DMA_API_DEBUG enabled we get DMA unmapping warning in
      various places of the mvneta driver, for example when putting down an
      interface while traffic is passing through.
      
      The issue is when using s/w buffer management, the Rx buffers are mapped
      using dma_map_page but unmapped with dma_unmap_single. This patch fixes
      this by using the right unmapping function.
      
      Fixes: 562e2f46 ("net: mvneta: Improve the buffer allocation method for SWBM")
      Signed-off-by: default avatarAntoine Tenart <antoine.tenart@bootlin.com>
      Reviewed-by: default avatarGregory CLEMENT <gregory.clement@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f4a51879
    • Paolo Abeni's avatar
      ip_tunnel: be careful when accessing the inner header · ccfec9e5
      Paolo Abeni authored
      Cong noted that we need the same checks introduced by commit 76c0ddd8
      ("ip6_tunnel: be careful when accessing the inner header")
      even for ipv4 tunnels.
      
      Fixes: c5441932 ("GRE: Refactor GRE tunneling code.")
      Suggested-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ccfec9e5
    • Saif Hasan's avatar
      mpls: allow routes on ip6gre devices · d8e2262a
      Saif Hasan authored
      Summary:
      
      This appears to be necessary and sufficient change to enable `MPLS` on
      `ip6gre` tunnels (RFC4023).
      
      This diff allows IP6GRE devices to be recognized by MPLS kernel module
      and hence user can configure interface to accept packets with mpls
      headers as well setup mpls routes on them.
      
      Test Plan:
      
      Test plan consists of multiple containers connected via GRE-V6 tunnel.
      Then carrying out testing steps as below.
      
      - Carry out necessary sysctl settings on all containers
      
      ```
      sysctl -w net.mpls.platform_labels=65536
      sysctl -w net.mpls.ip_ttl_propagate=1
      sysctl -w net.mpls.conf.lo.input=1
      ```
      
      - Establish IP6GRE tunnels
      
      ```
      ip -6 tunnel add name if_1_2_1 mode ip6gre \
        local 2401:db00:21:6048:feed:0::1 \
        remote 2401:db00:21:6048:feed:0::2 key 1
      ip link set dev if_1_2_1 up
      sysctl -w net.mpls.conf.if_1_2_1.input=1
      ip -4 addr add 169.254.0.2/31 dev if_1_2_1 scope link
      
      ip -6 tunnel add name if_1_3_1 mode ip6gre \
        local 2401:db00:21:6048:feed:0::1 \
        remote 2401:db00:21:6048:feed:0::3 key 1
      ip link set dev if_1_3_1 up
      sysctl -w net.mpls.conf.if_1_3_1.input=1
      ip -4 addr add 169.254.0.4/31 dev if_1_3_1 scope link
      ```
      
      - Install MPLS encap rules on node-1 towards node-2
      
      ```
      ip route add 192.168.0.11/32 nexthop encap mpls 32/64 \
        via inet 169.254.0.3 dev if_1_2_1
      ```
      
      - Install MPLS forwarding rules on node-2 and node-3
      ```
      // node2
      ip -f mpls route add 32 via inet 169.254.0.7 dev if_2_4_1
      
      // node3
      ip -f mpls route add 64 via inet 169.254.0.12 dev if_4_3_1
      ```
      
      - Ping 192.168.0.11 (node4) from 192.168.0.1 (node1) (where routing
        towards 192.168.0.1 is via IP route directly towards node1 from node4)
      ```
      ping 192.168.0.11
      ```
      
      - tcpdump on interface to capture ping packets wrapped within MPLS
        header which inturn wrapped within IP6GRE header
      
      ```
      16:43:41.121073 IP6
        2401:db00:21:6048:feed::1 > 2401:db00:21:6048:feed::2:
        DSTOPT GREv0, key=0x1, length 100:
        MPLS (label 32, exp 0, ttl 255) (label 64, exp 0, [S], ttl 255)
        IP 192.168.0.1 > 192.168.0.11:
        ICMP echo request, id 1208, seq 45, length 64
      
      0x0000:  6000 2cdb 006c 3c3f 2401 db00 0021 6048  `.,..l<?$....!`H
      0x0010:  feed 0000 0000 0001 2401 db00 0021 6048  ........$....!`H
      0x0020:  feed 0000 0000 0002 2f00 0401 0401 0100  ......../.......
      0x0030:  2000 8847 0000 0001 0002 00ff 0004 01ff  ...G............
      0x0040:  4500 0054 3280 4000 ff01 c7cb c0a8 0001  E..T2.@.........
      0x0050:  c0a8 000b 0800 a8d7 04b8 002d 2d3c a05b  ...........--<.[
      0x0060:  0000 0000 bcd8 0100 0000 0000 1011 1213  ................
      0x0070:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
      0x0080:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
      0x0090:  3435 3637                                4567
      ```
      Signed-off-by: default avatarSaif Hasan <has@fb.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d8e2262a
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · d2f85c9e
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2018-09-24
      
      The following pull-request contains BPF updates for your *net* tree.
      
      The main changes are:
      
      1) Several fixes for BPF sockmap to only allow sockets being attached in
         ESTABLISHED state, from John.
      
      2) Fix up the license to LGPL/BSD for the libc compat header which contains
         fallback helpers that libbpf and bpftool is using, from Jakub.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d2f85c9e
    • Greg Kroah-Hartman's avatar
      Merge tag 'media/v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media · 02214bfc
      Greg Kroah-Hartman authored
      Mauro briefly writes:
        "media fixes for v4.19-rc5
      
         some drivers and Kbuild fixes"
      
      * tag 'media/v4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
        media: platform: fix cros-ec-cec build error
        media: staging/media/mt9t031/Kconfig: remove bogus entry
        media: i2c: mt9v111: Fix v4l2-ctrl error handling
        media: camss: add missing includes
        media: camss: Use managed memory allocations
        media: camss: mark PM functions as __maybe_unused
        media: af9035: prevent buffer overflow on write
        media: video_function_calls.rst: drop obsolete video-set-attributes reference
      02214bfc
    • Friedemann Gerold's avatar
      net: aquantia: memory corruption on jumbo frames · d26ed6b0
      Friedemann Gerold authored
      This patch fixes skb_shared area, which will be corrupted
      upon reception of 4K jumbo packets.
      
      Originally build_skb usage purpose was to reuse page for skb to eliminate
      needs of extra fragments. But that logic does not take into account that
      skb_shared_info should be reserved at the end of skb data area.
      
      In case packet data consumes all the page (4K), skb_shinfo location
      overflows the page. As a consequence, __build_skb zeroed shinfo data above
      the allocated page, corrupting next page.
      
      The issue is rarely seen in real life because jumbo are normally larger
      than 4K and that causes another code path to trigger.
      But it 100% reproducible with simple scapy packet, like:
      
          sendp(IP(dst="192.168.100.3") / TCP(dport=443) \
                / Raw(RandString(size=(4096-40))), iface="enp1s0")
      
      Fixes: 018423e9 ("net: ethernet: aquantia: Add ring support code")
      Reported-by: default avatarFriedemann Gerold <f.gerold@b-c-s.de>
      Reported-by: default avatarMichael Rauch <michael@rauch.be>
      Signed-off-by: default avatarFriedemann Gerold <f.gerold@b-c-s.de>
      Tested-by: default avatarNikita Danilov <nikita.danilov@aquantia.com>
      Signed-off-by: default avatarIgor Russkikh <igor.russkikh@aquantia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d26ed6b0
    • David S. Miller's avatar
      Merge branch 'netpoll-avoid-capture-effects-for-NAPI-drivers' · 841dfa43
      David S. Miller authored
      Eric Dumazet says:
      
      ====================
      netpoll: avoid capture effects for NAPI drivers
      
      As diagnosed by Song Liu, ndo_poll_controller() can
      be very dangerous on loaded hosts, since the cpu
      calling ndo_poll_controller() might steal all NAPI
      contexts (for all RX/TX queues of the NIC).
      
      This capture, showing one ksoftirqd eating all cycles
      can last for unlimited amount of time, since one
      cpu is generally not able to drain all the queues under load.
      
      It seems that all networking drivers that do use NAPI
      for their TX completions, should not provide a ndo_poll_controller() :
      
      Most NAPI drivers have netpoll support already handled
      in core networking stack, since netpoll_poll_dev()
      uses poll_napi(dev) to iterate through registered
      NAPI contexts for a device.
      
      This patch series take care of the first round, we will
      handle other drivers in future rounds.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      841dfa43
    • Eric Dumazet's avatar
      tun: remove ndo_poll_controller · 765cdc20
      Eric Dumazet authored
      As diagnosed by Song Liu, ndo_poll_controller() can
      be very dangerous on loaded hosts, since the cpu
      calling ndo_poll_controller() might steal all NAPI
      contexts (for all RX/TX queues of the NIC). This capture
      can last for unlimited amount of time, since one
      cpu is generally not able to drain all the queues under load.
      
      tun uses NAPI for TX completions, so we better let core
      networking stack call the napi->poll() to avoid the capture.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      765cdc20
    • Eric Dumazet's avatar
      nfp: remove ndo_poll_controller · 0825ce70
      Eric Dumazet authored
      As diagnosed by Song Liu, ndo_poll_controller() can
      be very dangerous on loaded hosts, since the cpu
      calling ndo_poll_controller() might steal all NAPI
      contexts (for all RX/TX queues of the NIC). This capture
      can last for unlimited amount of time, since one
      cpu is generally not able to drain all the queues under load.
      
      nfp uses NAPI for TX completions, so we better let core
      networking stack call the napi->poll() to avoid the capture.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
      Acked-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Tested-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0825ce70
    • Eric Dumazet's avatar
      bnxt: remove ndo_poll_controller · 58e0e22b
      Eric Dumazet authored
      As diagnosed by Song Liu, ndo_poll_controller() can
      be very dangerous on loaded hosts, since the cpu
      calling ndo_poll_controller() might steal all NAPI
      contexts (for all RX/TX queues of the NIC). This capture
      can last for unlimited amount of time, since one
      cpu is generally not able to drain all the queues under load.
      
      bnxt uses NAPI for TX completions, so we better let core
      networking stack call the napi->poll() to avoid the capture.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Michael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      58e0e22b
    • Eric Dumazet's avatar
      bnx2x: remove ndo_poll_controller · d8ea6a91
      Eric Dumazet authored
      As diagnosed by Song Liu, ndo_poll_controller() can
      be very dangerous on loaded hosts, since the cpu
      calling ndo_poll_controller() might steal all NAPI
      contexts (for all RX/TX queues of the NIC). This capture
      can last for unlimited amount of time, since one
      cpu is generally not able to drain all the queues under load.
      
      bnx2x uses NAPI for TX completions, so we better let core
      networking stack call the napi->poll() to avoid the capture.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Ariel Elior <ariel.elior@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d8ea6a91