1. 15 Jun, 2018 22 commits
  2. 14 Jun, 2018 1 commit
  3. 13 Jun, 2018 1 commit
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 60d061e3
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter patches for your net tree:
      
      1) Fix NULL pointer dereference from nf_nat_decode_session() if NAT is
         not loaded, from Prashant Bhole.
      
      2) Fix socket extension module autoload.
      
      3) Don't bogusly reject sets with the NFT_SET_EVAL flag set on from
         the dynset extension.
      
      4) Fix races with nf_tables module removal and netns exit path,
         patches from Florian Westphal.
      
      5) Don't hit BUG_ON if jumpstack goes too deep, instead hit
         WARN_ON_ONCE, from Taehee Yoo.
      
      6) Another NULL pointer dereference from ctnetlink, again if NAT is
         not loaded, from Florian Westphal.
      
      7) Fix x_tables match list corruption in xt_connmark module removal
         path, also from Florian.
      
      8) nf_conncount doesn't properly deal with conntrack zones, hence
         garbage collector may get rid of entries in a different zone.
         From Yi-Hung Wei.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      60d061e3
  4. 12 Jun, 2018 16 commits
    • Juergen Gross's avatar
      xen/netfront: raise max number of slots in xennet_get_responses() · 57f230ab
      Juergen Gross authored
      The max number of slots used in xennet_get_responses() is set to
      MAX_SKB_FRAGS + (rx->status <= RX_COPY_THRESHOLD).
      
      In old kernel-xen MAX_SKB_FRAGS was 18, while nowadays it is 17. This
      difference is resulting in frequent messages "too many slots" and a
      reduced network throughput for some workloads (factor 10 below that of
      a kernel-xen based guest).
      
      Replacing MAX_SKB_FRAGS by XEN_NETIF_NR_SLOTS_MIN for calculation of
      the max number of slots to use solves that problem (tests showed no
      more messages "too many slots" and throughput was as high as with the
      kernel-xen based guest system).
      
      Replace MAX_SKB_FRAGS-2 by XEN_NETIF_NR_SLOTS_MIN-1 in
      netfront_tx_slot_available() for making it clearer what is really being
      tested without actually modifying the tested value.
      Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
      Reviewed-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      57f230ab
    • Cong Wang's avatar
      smc: convert to ->poll_mask · c0129a06
      Cong Wang authored
      smc->clcsock is an internal TCP socket, after TCP socket
      converts to ->poll_mask, ->poll doesn't exist any more.
      So just convert smc socket to ->poll_mask too.
      
      Fixes: 2c7d3dac ("net/tcp: convert to ->poll_mask")
      Reported-by: syzbot+f5066e369b2d5fff630f@syzkaller.appspotmail.com
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Ursula Braun <ubraun@linux.ibm.com>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0129a06
    • Christophe JAILLET's avatar
      net: stmmac: dwmac-meson8b: Fix an error handling path in 'meson8b_dwmac_probe()' · 760a6ed6
      Christophe JAILLET authored
      If 'of_device_get_match_data()' fails, we need to release some resources as
      done in the other error handling path of this function.
      
      Fixes: efacb568 ("net: stmmac: dwmac-meson: extend phy mode setting")
      Signed-off-by: default avatarChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      760a6ed6
    • Davide Caratti's avatar
      tc-testing: ife: fix wrong teardown command in test b7b8 · 31962c8c
      Davide Caratti authored
      fix failures in the 'teardown' stage of test b7b8, probably a leftover of
      commit 7c5995b3 ("tc-testing: fixed copy-pasting error in ife tests")
      
      Fixes: a56e6bcd ("tc-testing: updated ife test cases")
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      31962c8c
    • Vadim Lomovtsev's avatar
      net: thunderx: prevent concurrent data re-writing by nicvf_set_rx_mode · 469998c8
      Vadim Lomovtsev authored
      For each network interface linux network stack issue ndo_set_rx_mode call
      in order to configure MAC address filters (e.g. for multicast filtering).
      Currently ThunderX NICVF driver has only one ordered workqueue to process
      such requests for all VFs.
      
      And because of that it is possible that subsequent call to
      ndo_set_rx_mode would corrupt data which is currently in use
      by nicvf_set_rx_mode_task. Which in turn could cause following issue:
      [...]
      [   48.978341] Unable to handle kernel paging request at virtual address 1fffff0000000000
      [   48.986275] Mem abort info:
      [   48.989058]   Exception class = DABT (current EL), IL = 32 bits
      [   48.994965]   SET = 0, FnV = 0
      [   48.998020]   EA = 0, S1PTW = 0
      [   49.001152] Data abort info:
      [   49.004022]   ISV = 0, ISS = 0x00000004
      [   49.007869]   CM = 0, WnR = 0
      [   49.010826] [1fffff0000000000] address between user and kernel address ranges
      [   49.017963] Internal error: Oops: 96000004 [#1] SMP
      [...]
      [   49.072138] task: ffff800fdd675400 task.stack: ffff000026440000
      [   49.078051] PC is at prefetch_freepointer.isra.37+0x28/0x3c
      [   49.083613] LR is at kmem_cache_alloc_trace+0xc8/0x1fc
      [...]
      [   49.272684] [<ffff0000082738f0>] prefetch_freepointer.isra.37+0x28/0x3c
      [   49.279286] [<ffff000008276bc8>] kmem_cache_alloc_trace+0xc8/0x1fc
      [   49.285455] [<ffff0000082c0c0c>] alloc_fdtable+0x78/0x134
      [   49.290841] [<ffff0000082c15c0>] dup_fd+0x254/0x2f4
      [   49.295709] [<ffff0000080d1954>] copy_process.isra.38.part.39+0x64c/0x1168
      [   49.302572] [<ffff0000080d264c>] _do_fork+0xfc/0x3b0
      [   49.307524] [<ffff0000080d29e8>] SyS_clone+0x44/0x50
      [...]
      
      This patch is to prevent such concurrent data write with spinlock.
      Reported-by: default avatarDean Nelson <dnelson@redhat.com>
      Signed-off-by: default avatarVadim Lomovtsev <Vadim.Lomovtsev@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      469998c8
    • Linus Walleij's avatar
      net: phy: mdio-gpio: Cut surplus includes · 909f1edc
      Linus Walleij authored
      The GPIO MDIO driver now needs only <linux/gpio/consumer.h>
      so cut the legacy <linux/gpio.h> and <linux/of_gpio.h>
      includes that are no longer used.
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      909f1edc
    • David S. Miller's avatar
      Merge branch 'hv_netvsc-notification-and-namespace-fixes' · bfc17d00
      David S. Miller authored
      Stephen Hemminger says:
      
      ====================
      hv_netvsc: notification and namespace fixes
      
      This set of patches addresses two set of fixes. First it backs out
      the common callback model which was merged in net-next without
      completing all the review feedback or getting maintainer approval.
      
      Then it fixes the transparent VF management code to handle network
      namespaces.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bfc17d00
    • Stephen Hemminger's avatar
      hv_netvsc: move VF to same namespace as netvsc device · c0a41b88
      Stephen Hemminger authored
      When VF is added, the paravirtual device is already present
      and may have been moved to another network namespace. For example,
      sometimes the management interface is put in another net namespace
      in some environments.
      
      The VF should get moved to where the netvsc device is when the
      VF is discovered. The user can move it later (if desired).
      Signed-off-by: default avatarStephen Hemminger <sthemmin@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0a41b88
    • Stephen Hemminger's avatar
      hv_netvsc: fix network namespace issues with VF support · 7bf7bb37
      Stephen Hemminger authored
      When finding the parent netvsc device, the search needs to be across
      all netvsc device instances (independent of network namespace).
      
      Find parent device of VF using upper_dev_get routine which
      searches only adjacent list.
      
      Fixes: e8ff40d4 ("hv_netvsc: improve VF device matching")
      Signed-off-by: default avatarStephen Hemminger <sthemmin@microsoft.com>
      
      netns aware byref
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7bf7bb37
    • Stephen Hemminger's avatar
      hv_netvsc: drop common code until callback model fixed · 8cde8f0c
      Stephen Hemminger authored
      The callback model of handling network failover is not suitable
      in the current form.
        1. It was merged without addressing all the review feedback.
        2. It was merged without approval of any of the netvsc maintainers.
        3. Design discussion on how to handle PV/VF fallback is still
           not complete.
        4. IMHO the code model using callbacks is trying to make
           something common which isn't.
      
      Revert the netvsc specific changes for now. Does not impact ongoing
      development of failover model for virtio.
      Revisit this after a simpler library based failover kernel
      routines are extracted.
      
      This reverts
      commit 9c6ffbac ("hv_netvsc: fix error return code in netvsc_probe()")
      and
      commit 1ff78076 ("netvsc: refactor notifier/event handling code to use the failover framework")
      Signed-off-by: default avatarStephen Hemminger <sthemmin@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8cde8f0c
    • David S. Miller's avatar
      Merge branch 'nfp-fixes' · 01a1a170
      David S. Miller authored
      Jakub Kicinski says:
      
      ====================
      nfp: fix a warning, stats, naming and route leak
      
      Various fixes for the NFP.  Patch 1 fixes a harmless GCC 8 warning.
      Patch 2 ensures statistics are correct after users decrease the number
      of channels/rings.  Patch 3 restores phy_port_name behaviour for flower,
      ndo_get_phy_port_name used to return -EOPNOTSUPP on one of the netdevs,
      and we need to keep it that way otherwise interface names may change.
      Patch 4 fixes refcnt leak in flower tunnel offload code.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      01a1a170
    • Pieter Jansen van Vuuren's avatar
      nfp: flower: free dst_entry in route table · e62e51af
      Pieter Jansen van Vuuren authored
      We need to release the refcnt on dst_entry in the route table, otherwise
      we will leak the route.
      
      Fixes: 8e6a9046 ("nfp: flower vxlan neighbour offload")
      Signed-off-by: default avatarPieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
      Signed-off-by: default avatarLouis Peens <louis.peens@netronome.com>
      Reviewed-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e62e51af
    • Jakub Kicinski's avatar
      nfp: remove phys_port_name on flower's vNIC · fe06a64e
      Jakub Kicinski authored
      .ndo_get_phys_port_name was recently extended to support multi-vNIC
      FWs.  These are firmwares which can have more than one vNIC per PF
      without associated port (e.g. Adaptive Buffer Management FW), therefore
      we need a way of distinguishing the vNICs.  Unfortunately, it's too
      late to make flower use the same naming.  Flower users may depend on
      .ndo_get_phys_port_name returning -EOPNOTSUPP, for example the name
      udev gave the PF vNIC was just the bare PCI device-based name before
      the change, and will have 'nn0' appended after.
      
      To ensure flower's vNIC doesn't have phys_port_name attribute, add
      a flag to vNIC struct and set it in flower code.  New projects will
      not set the flag adhere to the naming scheme from the start.
      
      Fixes: 51c1df83 ("nfp: assign vNIC id as phys_port_name of vNICs which are not ports")
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Reviewed-by: default avatarDirk van der Merwe <dirk.vandermerwe@netronome.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fe06a64e
    • Jakub Kicinski's avatar
      nfp: include all ring counters in interface stats · 29f534c4
      Jakub Kicinski authored
      We are gathering software statistics on per-ring basis.
      .ndo_get_stats64 handler adds the rings up.  Unfortunately
      we are currently only adding up active rings, which means
      that if user decreases the number of active rings the
      statistics from deactivated rings will no longer be counted
      and total interface statistics may go backwards.
      
      Always sum all possible rings, the stats are allocated
      statically for max number of rings, so we don't have to
      worry about them being removed.  We could add the stats
      up when user changes the ring count, but it seems unnecessary..
      Adding up inactive rings will be very quick since no datapath
      will be touching them.
      
      Fixes: 164d1e9e ("nfp: add support for ethtool .set_channels")
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Reviewed-by: default avatarDirk van der Merwe <dirk.vandermerwe@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      29f534c4
    • Jakub Kicinski's avatar
      nfp: don't pad strings in nfp_cpp_resource_find() to avoid gcc 8 warning · f8d0efb1
      Jakub Kicinski authored
      Once upon a time nfp_cpp_resource_find() took a name parameter,
      which could be any user-chosen string.  Resources are identified
      by a CRC32 hash of a 8 byte string, so we had to pad user input
      with zeros to make sure CRC32 gave the correct result.
      
      Since then nfp_cpp_resource_find() was made to operate on allocated
      resources only (struct nfp_resource).  We kzalloc those so there is
      no need to pad the strings and use memcmp.
      
      This avoids a GCC 8 stringop-truncation warning:
      
      In function ‘nfp_cpp_resource_find’,
          inlined from ‘nfp_resource_try_acquire’ at .../nfpcore/nfp_resource.c:153:8,
          inlined from ‘nfp_resource_acquire’ at .../nfpcore/nfp_resource.c:206:9:
          .../nfpcore/nfp_resource.c:108:2: warning:  strncpy’ output may be truncated copying 8 bytes from a string of length 8 [-Wstringop-truncation]
            strncpy(name_pad, res->name, sizeof(name_pad));
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Reviewed-by: default avatarDirk van der Merwe <dirk.vandermerwe@netronome.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f8d0efb1
    • Bart Van Assche's avatar
      Revert "net: do not allow changing SO_REUSEADDR/SO_REUSEPORT on bound sockets" · cdb8744d
      Bart Van Assche authored
      Revert the patch mentioned in the subject because it breaks at least
      the Avahi mDNS daemon. That patch namely causes the Ubuntu 18.04 Avahi
      daemon to fail to start:
      
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: Successfully called chroot().
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: Successfully dropped remaining capabilities.
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: No service file found in /etc/avahi/services.
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: SO_REUSEADDR failed: Structure needs cleaning
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: SO_REUSEADDR failed: Structure needs cleaning
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: Failed to create server: No suitable network protocol available
      Jun 12 09:49:24 ubuntu-vm avahi-daemon[529]: avahi-daemon 0.7 exiting.
      Jun 12 09:49:24 ubuntu-vm systemd[1]: avahi-daemon.service: Main process exited, code=exited, status=255/n/a
      Jun 12 09:49:24 ubuntu-vm systemd[1]: avahi-daemon.service: Failed with result 'exit-code'.
      Jun 12 09:49:24 ubuntu-vm systemd[1]: Failed to start Avahi mDNS/DNS-SD Stack.
      
      Fixes: f396922d ("net: do not allow changing SO_REUSEADDR/SO_REUSEPORT on bound sockets")
      Cc: Maciej Żenczykowski <maze@google.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarBart Van Assche <bart.vanassche@wdc.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cdb8744d