- 27 Apr, 2021 6 commits
-
-
Arnd Bergmann authored
The variable is only used in an #ifdef, causing a harmless warning: net/netfilter/nft_socket.c: In function 'nft_socket_init': net/netfilter/nft_socket.c:137:27: error: unused variable 'level' [-Werror=unused-variable] 137 | unsigned int len, level; | ^~~~~ Move it into the same #ifdef block. Fixes: e0bb96db ("netfilter: nft_socket: add support for cgroupsv2") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
This patch extends the set infrastructure to add a special catch-all set element. If the lookup fails to find an element (or range) in the set, then the catch-all element is selected. Users can specify a mapping, expression(s) and timeout to be attached to the catch-all element. This patch adds a catchall list to the set, this list might contain more than one single catch-all element (e.g. in case that the catch-all element is removed and a new one is added in the same transaction). However, most of the time, there will be either one element or no elements at all in this list. The catch-all element is identified via NFT_SET_ELEM_CATCHALL flag and such special element has no NFTA_SET_ELEM_KEY attribute. There is a new nft_set_elem_catchall object that stores a reference to the dummy catch-all element (catchall->elem) whose layout is the same of the set element type to reuse the existing set element codebase. The set size does not apply to the catch-all element, users can define a catch-all element even if the set is full. The check for valid set element flags hava been updates to report EOPNOTSUPP in case userspace requests flags that are not supported when using new userspace nftables and old kernel. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
When binding sets to rule, validate set element data according to set definition. This patch adds a helper function to be reused by the catch-all set element support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
This patch adds nft_set_flush() which prepares for the catch-all element support. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
This patch adds nft_check_loops() to reuse it in the new catch-all element codebase. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
Rename: - nft_set_elem_activate() to nft_set_elem_data_activate(). - nft_set_elem_deactivate() to nft_set_elem_data_deactivate(). To prepare for updates in the set element infrastructure to add support for the special catch-all element. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
- 26 Apr, 2021 34 commits
-
-
Lv Yunlong authored
In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_skb(skb) in error branch of emac_tx_fill_tpd(). But the freed skb is still used via skb->len by netdev_sent_queue(,skb->len). As i observed that emac_tx_fill_tpd() haven't modified the value of skb->len, thus my patch assigns skb->len to 'len' before the possible free and use 'len' instead of skb->len later. Fixes: b9b17deb ("net: emac: emac gigabit ethernet controller driver") Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Davide Caratti authored
while testing re-assembly/re-fragmentation using act_ct, it's possible to observe a crash like the following one: KASAN: maybe wild-memory-access in range [0x0001000000000448-0x000100000000044f] CPU: 50 PID: 0 Comm: swapper/50 Tainted: G S 5.12.0-rc7+ #424 Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017 RIP: 0010:inet_frag_rbtree_purge+0x50/0xc0 Code: 00 fc ff df 48 89 c3 31 ed 48 89 df e8 a9 7a 38 ff 4c 89 fe 48 89 df 49 89 c6 e8 5b 3a 38 ff 48 8d 7b 40 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 75 59 48 8d bb d0 00 00 00 4c 8b 6b 40 48 89 f8 48 RSP: 0018:ffff888c31449db8 EFLAGS: 00010203 RAX: 0000200000000089 RBX: 000100000000040e RCX: ffffffff989eb960 RDX: 0000000000000140 RSI: ffffffff97cfb977 RDI: 000100000000044e RBP: 0000000000000900 R08: 0000000000000000 R09: ffffed1186289350 R10: 0000000000000003 R11: ffffed1186289350 R12: dffffc0000000000 R13: 000100000000040e R14: 0000000000000000 R15: ffff888155e02160 FS: 0000000000000000(0000) GS:ffff888c31440000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005600cb70a5b8 CR3: 0000000a2c014005 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> inet_frag_destroy+0xa9/0x150 call_timer_fn+0x2d/0x180 run_timer_softirq+0x4fe/0xe70 __do_softirq+0x197/0x5a0 irq_exit_rcu+0x1de/0x200 sysvec_apic_timer_interrupt+0x6b/0x80 </IRQ> when act_ct temporarily stores an IP fragment, restoring the skb qdisc cb results in putting random data in FRAG_CB(), and this causes those "wild" memory accesses later, when the rbtree is purged. Never overwrite the skb cb in case tcf_ct_handle_fragments() returns -EINPROGRESS. Fixes: ae372cb1 ("net/sched: act_ct: fix restore the qdisc_skb_cb after defrag") Fixes: 7baf2429 ("net/sched: cls_flower add CT_FLAGS_INVALID flag support") Reported-by: Shuang Li <shuali@redhat.com> Signed-off-by: Davide Caratti <dcaratti@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Arnaldo Carvalho de Melo authored
Ingo sent typo fixes for tools/ and this resulted in a warning when building the perf/core branch that will be sent upstream in the next merge window: Warning: Kernel ABI header at 'tools/perf/trace/beauty/include/linux/socket.h' differs from latest version at 'include/linux/socket.h' diff -u tools/perf/trace/beauty/include/linux/socket.h include/linux/socket.h Fix the typo on the kernel file to address this. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ezequiel Garcia authored
Convert Rockchip dwmac controller dt-bindings to YAML. Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com> Reviewed-by: David Wu <david.wu@rock-chips.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ezequiel Garcia authored
Add Rockchip DWMAC controllers, which are based on snps,dwmac. Some of the SoCs require up to eight clocks, so maxItems for clocks and clock-names need to be increased. Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com> Reviewed-by: David Wu <david.wu@rock-chips.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ezequiel Garcia authored
Rockchip DWMAC glue driver uses the phy node (phy-handle) reset specifier, and not a "mac-phy" reset specifier. Remove it. Signed-off-by: Ezequiel Garcia <ezequiel@collabora.com> Reviewed-by: David Wu <david.wu@rock-chips.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Johan Hovold authored
Commit 8a12f883 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister(). Fixes: 8a12f883 ("net: hso: fix null-ptr-deref during tty device unregistration") Cc: stable@vger.kernel.org Cc: Anirudh Rayabharam <mail@anirudhrb.com> Reported-by: Leonardo Antoniazzi <leoanto@aruba.it> Signed-off-by: Johan Hovold <johan@kernel.org> Reviewed-by: Anirudh Rayabharam <mail@anirudhrb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Merge tag 'linux-can-next-for-5.13-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next Marc Kleine-Budde says: ==================== pull-request: can-next 2021-04-26 this is a pull request of 4 patches for net-next/master. the first two patches are from Colin Ian King and target the etas_es58x driver, they add a missing NULL pointer check and fix some typos. The next two patches are by Erik Flodin. The first one updates the CAN documentation regarding filtering, the other one fixes the header alignment in CAN related proc output on 64 bit systems. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jiapeng Chong authored
Variable ret is set to zero but this value is never read as it is overwritten with a new value later on, hence it is a redundant assignment and can be removed. Cleans up the following clang-analyzer warning: drivers/net/ethernet/davicom/dm9000.c:1527:5: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores]. Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jiapeng Chong authored
Variable prev_link and curr_link is being assigned a value from a calculation however the variable is never read, so this redundant variable can be removed. Cleans up the following clang-analyzer warning: drivers/net/ethernet/amd/pcnet32.c:2857:4: warning: Value stored to 'prev_link' is never read [clang-analyzer-deadcode.DeadStores]. drivers/net/ethernet/amd/pcnet32.c:2856:4: warning: Value stored to 'curr_link' is never read [clang-analyzer-deadcode.DeadStores]. Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller authored
Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following patchset contains Netfilter updates for net-next: 1) The various ip(6)table_foo incarnations are updated to expect that the table is passed as 'void *priv' argument that netfilter core passes to the hook functions. This reduces the struct net size by 2 cachelines on x86_64. From Florian Westphal. 2) Add cgroupsv2 support for nftables. 3) Fix bridge log family merge into nf_log_syslog: Missing unregistration from netns exit path, from Phil Sutter. 4) Add nft_pernet() helper to access nftables pernet area. 5) Add struct nfnl_info to reduce nfnetlink callback footprint and to facilite future updates. Consolidate nfnetlink callbacks. 6) Add CONFIG_NETFILTER_XTABLES_COMPAT Kconfig knob, also from Florian. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
-
Florian Westphal authored
The compat layer needs to parse untrusted input (the ruleset) to translate it to a 64bit compatible format. We had a number of bugs in this department in the past, so allow users to turn this feature off. Add CONFIG_NETFILTER_XTABLES_COMPAT kconfig knob and make it default to y to keep existing behaviour. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
Add enum nfnl_callback_type to identify the callback type to provide one single callback. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
Update batch callbacks to use the nfnl_info structure. Rename one clashing info variable to expr_info. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
Update rcu callbacks to use the nfnl_info structure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
Add a new structure to reduce callback footprint and to facilite extensions of the nfnetlink callback interface in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
Pablo Neira Ayuso authored
Consolidate call to net_generic(net, nf_tables_net_id) in this wrapper function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-
David S. Miller authored
Michael Chan says: ==================== bnxt_en: Updates for net-next. This series includes these main enhancements: 1. Link related changes - add NRZ/PAM4 link signal mode to the link up message if known - rely on firmware to bring down the link during ifdown 2. SRIOV related changes - allow VF promiscuous mode if the VF is trusted - allow ndo operations to configure VF when the PF is ifdown - fix the scenario of the VF taking back control of it's MAC address - add Hyper-V VF device IDs 3. Support the option to transmit without FCS/CRC. 4. Implement .ndo_features_check() to disable offload when the UDP encap. packets are not supported. v2: Patch10: Reverse the check for supported UDP ports to be more straight forward. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
For UDP encapsultions, we only support the offloaded Vxlan port and Geneve port. All other ports included FOU and GUE are not supported so we need to turn off TSO and checksum features. v2: Reverse the check for supported UDP ports to be more straight forward. Reviewed-by: Sriharsha Basavapatna <sriharsha.basavapatna@broadcom.com> Reviewed-by: Edwin Peer <edwin.peer@broadcom.com> Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
If firmware is capable, set the IFF_SUPP_NOFCS flag to support the sockets option to transmit packets without FCS. This is mainly used for testing. Reviewed-by: Edwin Peer <edwin.peer@broadcom.com Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
Support VF device IDs used by the Hyper-V hypervisor. Reviewed-by: Vasundhara Volam <vasundhara-v.volam@broadcom.com> Reviewed-by: Andy Gospodarek <gospo@broadcom.com> Signed-off-by: Edwin Peer <edwin.peer@broadcom.com> Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
When the PF is no longer enforcing an assigned MAC address on a VF, the VF needs to call bnxt_approve_mac() to tell the PF what MAC address it is now using. Otherwise it gets out of sync and the PF won't know what MAC address the VF wants to use. Ultimately the VF will fail when it tries to setup the L2 MAC filter for the vnic. Reviewed-by: Edwin Peer <edwin.peer@broadcom.com> Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
Move it before bnxt_update_vf_mac(). In the next patch, we need to call bnxt_approve_mac() from bnxt_update_mac() under some conditions. This will avoid forward declaration. Reviewed-by: Edwin Peer <edwin.peer@broadcom.com> Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Edwin Peer authored
It is perfectly legal for the stack to query and configure VFs via PF NDOs while the NIC is administratively down. Remove the unnecessary check for the PF to be in open state. Signed-off-by: Edwin Peer <edwin.peer@broadcom.com> Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Edwin Peer authored
Firmware previously only allowed promiscuous mode for VFs associated with a default VLAN. It is now possible to enable promiscuous mode for a VF having no VLAN configured provided that it is trusted. In such cases the VF will see all packets received by the PF, irrespective of destination MAC or VLAN. Note, it is necessary to query firmware at the time of bnxt_promisc_ok() instead of in bnxt_hwrm_func_qcfg() because the trusted status might be altered by the PF after the VF has been configured. This check must now also be deferred because the firmware call sleeps. Signed-off-by: Edwin Peer <edwin.peer@broadcom.com> Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
In the current code, the driver will not shutdown the link during IFDOWN if there are still VFs sharing the port. Newer firmware will manage the link down decision when the port is shared by VFs, so we can just call firmware to shutdown the port unconditionally and let firmware make the final decision. Reviewed-by: Edwin Peer <edwin.peer@broadcom.com> Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Michael Chan authored
Copy the phy related feature flags from the firmware call HWRM_PORT_PHY_QCAPS to this new field. We can also remove the flags field in the bnxt_test_info structure. It's cleaner to have all PHY related flags in one location, directly copied from the firmware. To keep the BNXT_PHY_CFG_ABLE() macro logic the same, we need to make a slight adjustment to check that it is a PF. Reviewed-by: Edwin Peer <edwin.peer@broadcom.com> Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Edwin Peer authored
Firmware reports link signalling mode for certain speeds. In these cases, print the signalling modes in kernel log link up messages. Reviewed-by: Andy Gospodarek <gospo@broadcom.com> Signed-off-by: Edwin Peer <edwin.peer@broadcom.com> Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jethro Beekman authored
The default behavior for source MACVLAN is to duplicate packets to appropriate type source devices, and then do the normal destination MACVLAN flow. This patch adds an option to skip destination MACVLAN processing if any matching source MACVLAN device has the option set. This allows setting up a "catch all" device for source MACVLAN: create one or more devices with type source nodst, and one device with e.g. type vepa, and incoming traffic will be received on exactly one device. v2: netdev wants non-standard line length Signed-off-by: Jethro Beekman <kernel@jbeekman.nl> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linuxDavid S. Miller authored
Saeed Mahameed says: ==================== mlx5-updates-2021-04-21 devlink external port attribute for SF (Sub-Function) port flavour This adds the support to instantiate Sub-Functions on external hosts E.g when Eswitch manager is enabled on the ARM SmarNic SoC CPU, users are now able to spawn new Sub-Functions on the Host server CPU. Parav Pandit Says: ================== This series introduces and uses external attribute for the SF port to indicate that a SF port belongs to an external controller. This is needed to generate unique phys_port_name when PF and SF numbers are overlapping between local and external controllers. For example two controllers 0 and 1, both of these controller have a SF. having PF number 0, SF number 77. Here, phys_port_name has duplicate entry which doesn't have controller number in it. Hence, add controller number optionally when a SF port is for an external controller. This extension is similar to existing PF and VF eswitch ports of the external controller. When a SF is for external controller an example view of external SF port and config sequence: On eswitch system: $ devlink dev eswitch set pci/0033:01:00.0 mode switchdev $ devlink port show pci/0033:01:00.0/196607: type eth netdev enP51p1s0f0np0 flavour physical port 0 splittable false pci/0033:01:00.0/131072: type eth netdev eth0 flavour pcipf controller 1 pfnum 0 external true splittable false function: hw_addr 00:00:00:00:00:00 $ devlink port add pci/0033:01:00.0 flavour pcisf pfnum 0 sfnum 77 controller 1 pci/0033:01:00.0/163840: type eth netdev eth1 flavour pcisf controller 1 pfnum 0 sfnum 77 splittable false function: hw_addr 00:00:00:00:00:00 state inactive opstate detached phys_port_name construction: $ cat /sys/class/net/eth1/phys_port_name c1pf0sf77 Patch summary: First 3 patches prepares the eswitch to handle vports in more generic way using xarray to lookup vport from its unique vport number. Patch-1 returns maximum eswitch ports only when eswitch is enabled Patch-2 prepares eswitch to return eswitch max ports from a struct Patch-3 uses xarray for vport and representor lookup Patch-4 considers SF for an additioanl range of SF vports Patch-5 relies on SF hw table to check SF support Patch-6 extends SF devlink port attribute for external flag Patch-7 stores the per controller SF allocation attributes Patch-8 uses SF function id for filtering events Patch-9 uses helper for allocation and free Patch-10 splits hw table into per controller table and generic one Patch-11 extends sf table for additional range ================== ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Linus Walleij authored
This adds device tree probing to the IXP4xx ethernet driver. Add a platform data bool to tell us whether to register an MDIO bus for the device or not, as well as the corresponding NPE. We need to drop the memory region request as part of this since the OF core will request the memory for the device. Cc: Zoltan HERPAI <wigyori@uid0.hu> Cc: Raylynn Knight <rayknight@me.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Linus Walleij authored
This driver was using a really dated way of obtaining the phy by printing a string and using it with phy_connect(). Switch to using more reasonable modern interfaces. Suggested-by: Andrew Lunn <andrew@lunn.ch> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Linus Walleij authored
This adds device tree bindings for the IXP4xx ethernet controller with optional MDIO bridge. Cc: Zoltan HERPAI <wigyori@uid0.hu> Cc: Raylynn Knight <rayknight@me.com> Cc: devicetree@vger.kernel.org Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-