1. 01 Oct, 2017 6 commits
    • David S. Miller's avatar
      Merge branch 'udp-fix-early-demux-for-mcast-packets' · 230583c1
      David S. Miller authored
      Paolo Abeni says:
      
      ====================
      udp: fix early demux for mcast packets
      
      Currently the early demux callbacks do not perform source address validation.
      This is not an issue for TCP or UDP unicast, where the early demux
      is only allowed for connected sockets and the source address is validated
      for the first packet and never change.
      
      The UDP protocol currently allows early demux also for unconnected multicast
      sockets, and we are not currently doing any validation for them, after that
      the first packet lands on the socket: beyond ignoring the rp_filter - if
      enabled - any kind of martian sources are also allowed.
      
      This series addresses the issue allowing the early demux callback to return an
      error code, and performing the proper checks for unconnected UDP multicast
      sockets before leveraging the rx dst cache.
      
      Alternatively we could disable the early demux for unconnected mcast sockets,
      but that would cause relevant performance regression - around 50% - while with
      this series, with full rp_filter in place, we keep the regression to a more
      moderate level.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      230583c1
    • Paolo Abeni's avatar
      udp: perform source validation for mcast early demux · bc044e8d
      Paolo Abeni authored
      The UDP early demux can leverate the rx dst cache even for
      multicast unconnected sockets.
      
      In such scenario the ipv4 source address is validated only on
      the first packet in the given flow. After that, when we fetch
      the dst entry  from the socket rx cache, we stop enforcing
      the rp_filter and we even start accepting any kind of martian
      addresses.
      
      Disabling the dst cache for unconnected multicast socket will
      cause large performace regression, nearly reducing by half the
      max ingress tput.
      
      Instead we factor out a route helper to completely validate an
      skb source address for multicast packets and we call it from
      the UDP early demux for mcast packets landing on unconnected
      sockets, after successful fetching the related cached dst entry.
      
      This still gives a measurable, but limited performance
      regression:
      
      		rp_filter = 0		rp_filter = 1
      edmux disabled:	1182 Kpps		1127 Kpps
      edmux before:	2238 Kpps		2238 Kpps
      edmux after:	2037 Kpps		2019 Kpps
      
      The above figures are on top of current net tree.
      Applying the net-next commit 6e617de8 ("net: avoid a full
      fib lookup when rp_filter is disabled.") the delta with
      rp_filter == 0 will decrease even more.
      
      Fixes: 421b3885 ("udp: ipv4: Add udp early demux")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bc044e8d
    • Paolo Abeni's avatar
      IPv4: early demux can return an error code · 7487449c
      Paolo Abeni authored
      Currently no error is emitted, but this infrastructure will
      used by the next patch to allow source address validation
      for mcast sockets.
      Since early demux can do a route lookup and an ipv4 route
      lookup can return an error code this is consistent with the
      current ipv4 route infrastructure.
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7487449c
    • Xin Long's avatar
      ip6_tunnel: update mtu properly for ARPHRD_ETHER tunnel device in tx path · d41bb33b
      Xin Long authored
      Now when updating mtu in tx path, it doesn't consider ARPHRD_ETHER tunnel
      device, like ip6gre_tap tunnel, for which it should also subtract ether
      header to get the correct mtu.
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d41bb33b
    • Xin Long's avatar
      ip6_gre: ip6gre_tap device should keep dst · 2d40557c
      Xin Long authored
      The patch 'ip_gre: ipgre_tap device should keep dst' fixed
      a issue that ipgre_tap mtu couldn't be updated in tx path.
      
      The same fix is needed for ip6gre_tap as well.
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2d40557c
    • Xin Long's avatar
      ip_gre: ipgre_tap device should keep dst · d51711c0
      Xin Long authored
      Without keeping dst, the tunnel will not update any mtu/pmtu info,
      since it does not have a dst on the skb.
      
      Reproducer:
        client(ipgre_tap1 - eth1) <-----> (eth1 - ipgre_tap1)server
      
      After reducing eth1's mtu on client, then perforamnce became 0.
      
      This patch is to netif_keep_dst in gre_tap_init, as ipgre does.
      Reported-by: default avatarJianlin Shi <jishi@redhat.com>
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d51711c0
  2. 30 Sep, 2017 1 commit
    • Jason A. Donenfeld's avatar
      netlink: do not proceed if dump's start() errs · fef0035c
      Jason A. Donenfeld authored
      Drivers that use the start method for netlink dumping rely on dumpit not
      being called if start fails. For example, ila_xlat.c allocates memory
      and assigns it to cb->args[0] in its start() function. It might fail to
      do that and return -ENOMEM instead. However, even when returning an
      error, dumpit will be called, which, in the example above, quickly
      dereferences the memory in cb->args[0], which will OOPS the kernel. This
      is but one example of how this goes wrong.
      
      Since start() has always been a function with an int return type, it
      therefore makes sense to use it properly, rather than ignoring it. This
      patch thus returns early and does not call dumpit() when start() fails.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Reviewed-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fef0035c
  3. 29 Sep, 2017 1 commit
  4. 28 Sep, 2017 25 commits
  5. 27 Sep, 2017 2 commits
    • Dan Carpenter's avatar
      sctp: Fix a big endian bug in sctp_diag_dump() · c2cc187e
      Dan Carpenter authored
      The sctp_for_each_transport() function takes an pointer to int.  The
      cb->args[] array holds longs so it's only using the high 32 bits.  It
      works on little endian system but will break on big endian 64 bit
      machines.
      
      Fixes: d25adbeb ("sctp: fix an use-after-free issue in sctp_sock_dump")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Reviewed-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c2cc187e
    • David S. Miller's avatar
      Merge tag 'wireless-drivers-for-davem-2017-09-25' of... · 20c62c79
      David S. Miller authored
      Merge tag 'wireless-drivers-for-davem-2017-09-25' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
      
      Kalle Valo says:
      
      ====================
      wireless-drivers fixes for 4.14
      
      Quite a lot of fixes this time. Most notable is the brcmfmac fix for a
      CVE issue.
      
      iwlwifi
      
      * a couple of bugzilla bugs related to multicast handling
      
      * two fixes for WoWLAN bugs that were causing queue hangs and
        re-initialization problems
      
      * two fixes for potential uninitialized variable use reported by Dan
        Carpenter in relation to a recently introduced patch
      
      * a fix for buffer reordering in the newly supported 9000 device
        family
      
      * fix a race when starting aggregation
      
      * small fix for a recent patch to wake mac80211 queues
      
      * send non-bufferable management frames in the generic queue so they
        are not sent on queues that are under power-save
      
      ath10k
      
      * fix a PCI PM related gcc warning
      
      brcmfmac
      
      * CVE-2017-0786: add length check scan results from firmware
      
      * respect passive scan requests from user space
      
      qtnfmac
      
      * fix race in tx path when using multiple interfaces
      
      * cancel ongoing scan when removing the wireless interface
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      20c62c79
  6. 26 Sep, 2017 5 commits