1. 13 Mar, 2017 7 commits
    • David Ahern's avatar
      mpls: Do not decrement alive counter for unregister events · 79099aab
      David Ahern authored
      Multipath routes can be rendered usesless when a device in one of the
      paths is deleted. For example:
      
      $ ip -f mpls ro ls
      100
      	nexthop as to 200 via inet 172.16.2.2  dev virt12
      	nexthop as to 300 via inet 172.16.3.2  dev br0
      101
      	nexthop as to 201 via inet6 2000:2::2  dev virt12
      	nexthop as to 301 via inet6 2000:3::2  dev br0
      
      $ ip li del br0
      
      When br0 is deleted the other hop is not considered in
      mpls_select_multipath because of the alive check -- rt_nhn_alive
      is 0.
      
      rt_nhn_alive is decremented once in mpls_ifdown when the device is taken
      down (NETDEV_DOWN) and again when it is deleted (NETDEV_UNREGISTER). For
      a 2 hop route, deleting one device drops the alive count to 0. Since
      devices are taken down before unregistering, the decrement on
      NETDEV_UNREGISTER is redundant.
      
      Fixes: c89359a4 ("mpls: support for dead routes")
      Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      79099aab
    • Igor Druzhinin's avatar
      xen-netback: fix race condition on XenBus disconnect · b17075d5
      Igor Druzhinin authored
      In some cases during XenBus disconnect event handling and subsequent
      queue resource release there may be some TX handlers active on
      other processors. Use RCU in order to synchronize with them.
      Signed-off-by: default avatarIgor Druzhinin <igor.druzhinin@citrix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b17075d5
    • David Ahern's avatar
      mpls: Send route delete notifications when router module is unloaded · e37791ec
      David Ahern authored
      When the mpls_router module is unloaded, mpls routes are deleted but
      notifications are not sent to userspace leaving userspace caches
      out of sync. Add the call to mpls_notify_route in mpls_net_exit as
      routes are freed.
      
      Fixes: 0189197f ("mpls: Basic routing support")
      Signed-off-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e37791ec
    • Etienne Noss's avatar
      act_connmark: avoid crashing on malformed nlattrs with null parms · 52491c76
      Etienne Noss authored
      tcf_connmark_init does not check in its configuration if TCA_CONNMARK_PARMS
      is set, resulting in a null pointer dereference when trying to access it.
      
      [501099.043007] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
      [501099.043039] IP: [<ffffffffc10c60fb>] tcf_connmark_init+0x8b/0x180 [act_connmark]
      ...
      [501099.044334] Call Trace:
      [501099.044345]  [<ffffffffa47270e8>] ? tcf_action_init_1+0x198/0x1b0
      [501099.044363]  [<ffffffffa47271b0>] ? tcf_action_init+0xb0/0x120
      [501099.044380]  [<ffffffffa47250a4>] ? tcf_exts_validate+0xc4/0x110
      [501099.044398]  [<ffffffffc0f5fa97>] ? u32_set_parms+0xa7/0x270 [cls_u32]
      [501099.044417]  [<ffffffffc0f60bf0>] ? u32_change+0x680/0x87b [cls_u32]
      [501099.044436]  [<ffffffffa4725d1d>] ? tc_ctl_tfilter+0x4dd/0x8a0
      [501099.044454]  [<ffffffffa44a23a1>] ? security_capable+0x41/0x60
      [501099.044471]  [<ffffffffa470ca01>] ? rtnetlink_rcv_msg+0xe1/0x220
      [501099.044490]  [<ffffffffa470c920>] ? rtnl_newlink+0x870/0x870
      [501099.044507]  [<ffffffffa472cc61>] ? netlink_rcv_skb+0xa1/0xc0
      [501099.044524]  [<ffffffffa47073f4>] ? rtnetlink_rcv+0x24/0x30
      [501099.044541]  [<ffffffffa472c634>] ? netlink_unicast+0x184/0x230
      [501099.044558]  [<ffffffffa472c9d8>] ? netlink_sendmsg+0x2f8/0x3b0
      [501099.044576]  [<ffffffffa46d8880>] ? sock_sendmsg+0x30/0x40
      [501099.044592]  [<ffffffffa46d8e03>] ? SYSC_sendto+0xd3/0x150
      [501099.044608]  [<ffffffffa425fda1>] ? __do_page_fault+0x2d1/0x510
      [501099.044626]  [<ffffffffa47fbd7b>] ? system_call_fast_compare_end+0xc/0x9b
      
      Fixes: 22a5dc0e ("net: sched: Introduce connmark action")
      Signed-off-by: default avatarÉtienne Noss <etienne.noss@wifirst.fr>
      Signed-off-by: default avatarVictorien Molle <victorien.molle@wifirst.fr>
      Acked-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      52491c76
    • Neil Jerram's avatar
      Make IP 'forwarding' doc more precise · 88a7cddc
      Neil Jerram authored
      It wasn't clear if the 'forwarding' setting needs to be enabled on the
      interface that packets are received from, or on the interface that
      packets are forwarded to, or both.
      
      In fact (according to my code reading) the setting is relevant on the
      interface that packets are received from, so this change updates the doc
      to say that.
      Signed-off-by: default avatarNeil Jerram <neil@tigera.io>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      88a7cddc
    • stephen hemminger's avatar
      netvsc: handle select_queue when device is being removed · 7ce10124
      stephen hemminger authored
      Move the send indirection table from the inner device (netvsc)
      to the network device context.
      
      It is possible that netvsc_device is not present (remove in progress).
      This solves potential use after free issues when packet is being
      created during MTU change, shutdown, or queue count changes.
      
      Fixes: d8e18ee0 ("netvsc: enhance transmit select_queue")
      Signed-off-by: default avatarStephen Hemminger <sthemmin@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7ce10124
    • David Arcari's avatar
      net: ethernet: aquantia: call set_irq_affinity_hint before free_irq · ecd05225
      David Arcari authored
      When a network interface controlled by the aquantia ethernet driver is brought
      down a warning is output in dmesg (see below).
      
      The problem is that aq_pci_func_free_irqs() is calling free_irq() before it is
      calling irq_set_affinity_hint().
      
      WARNING: CPU: 4 PID: 10068 at kernel/irq/manage.c:1503 __free_irq+0x24d/0x2b0
      <snip>
      Call Trace:
       dump_stack+0x63/0x87
       __warn+0xd1/0xf0
       warn_slowpath_null+0x1d/0x20
       __free_irq+0x24d/0x2b0
       free_irq+0x39/0x90
       aq_pci_func_free_irqs+0x52/0xa0 [atlantic]
       aq_nic_stop+0xca/0xd0 [atlantic]
       aq_ndev_close+0x1d/0x40 [atlantic]
       __dev_close_many+0x99/0x100
       __dev_close+0x67/0xb0
      <snip>
      
      Fixes: 36a4a50f ("net: ethernet: aquantia: switch to pci_alloc_irq_vectors")
      
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Pavel Belous <pavel.belous@aquantia.com>
      Signed-off-by: default avatarDavid Arcari <darcari@redhat.com>
      Tested-by: default avatarPavel Belous <pavel.belous@aquantia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ecd05225
  2. 10 Mar, 2017 28 commits
  3. 09 Mar, 2017 5 commits