1. 02 Oct, 2017 1 commit
    • Xin Long's avatar
      ip_gre: get key from session_id correctly in erspan_rcv · 935a9749
      Xin Long authored
      erspan only uses the first 10 bits of session_id as the key to look
      up the tunnel. But in erspan_rcv, it missed 'session_id & ID_MASK'
      when getting the key from session_id.
      
      If any other flag is also set in session_id in a packet, it would
      fail to find the tunnel due to incorrect key in erspan_rcv.
      
      This patch is to add 'session_id & ID_MASK' there and also remove
      the unnecessary variable session_id.
      
      Fixes: 84e54fe0 ("gre: introduce native tunnel support for ERSPAN")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      935a9749
  2. 01 Oct, 2017 8 commits
    • Parthasarathy Bhuvaragan's avatar
      tipc: use only positive error codes in messages · aad06212
      Parthasarathy Bhuvaragan authored
      In commit e3a77561 ("tipc: split up function tipc_msg_eval()"),
      we have updated the function tipc_msg_lookup_dest() to set the error
      codes to negative values at destination lookup failures. Thus when
      the function sets the error code to -TIPC_ERR_NO_NAME, its inserted
      into the 4 bit error field of the message header as 0xf instead of
      TIPC_ERR_NO_NAME (1). The value 0xf is an unknown error code.
      
      In this commit, we set only positive error code.
      
      Fixes: e3a77561 ("tipc: split up function tipc_msg_eval()")
      Signed-off-by: default avatarParthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      aad06212
    • Guillaume Nault's avatar
      ppp: fix __percpu annotation · 5a59a3a0
      Guillaume Nault authored
      Move sparse annotation right after pointer type.
      
      Fixes sparse warning:
          drivers/net/ppp/ppp_generic.c:1422:13: warning: incorrect type in initializer (different address spaces)
          drivers/net/ppp/ppp_generic.c:1422:13:    expected void const [noderef] <asn:3>*__vpp_verify
          drivers/net/ppp/ppp_generic.c:1422:13:    got int *<noident>
          ...
      
      Fixes: e5dadc65 ("ppp: Fix false xmit recursion detect with two ppp devices")
      Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5a59a3a0
    • David S. Miller's avatar
      Merge branch 'udp-fix-early-demux-for-mcast-packets' · 230583c1
      David S. Miller authored
      Paolo Abeni says:
      
      ====================
      udp: fix early demux for mcast packets
      
      Currently the early demux callbacks do not perform source address validation.
      This is not an issue for TCP or UDP unicast, where the early demux
      is only allowed for connected sockets and the source address is validated
      for the first packet and never change.
      
      The UDP protocol currently allows early demux also for unconnected multicast
      sockets, and we are not currently doing any validation for them, after that
      the first packet lands on the socket: beyond ignoring the rp_filter - if
      enabled - any kind of martian sources are also allowed.
      
      This series addresses the issue allowing the early demux callback to return an
      error code, and performing the proper checks for unconnected UDP multicast
      sockets before leveraging the rx dst cache.
      
      Alternatively we could disable the early demux for unconnected mcast sockets,
      but that would cause relevant performance regression - around 50% - while with
      this series, with full rp_filter in place, we keep the regression to a more
      moderate level.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      230583c1
    • Paolo Abeni's avatar
      udp: perform source validation for mcast early demux · bc044e8d
      Paolo Abeni authored
      The UDP early demux can leverate the rx dst cache even for
      multicast unconnected sockets.
      
      In such scenario the ipv4 source address is validated only on
      the first packet in the given flow. After that, when we fetch
      the dst entry  from the socket rx cache, we stop enforcing
      the rp_filter and we even start accepting any kind of martian
      addresses.
      
      Disabling the dst cache for unconnected multicast socket will
      cause large performace regression, nearly reducing by half the
      max ingress tput.
      
      Instead we factor out a route helper to completely validate an
      skb source address for multicast packets and we call it from
      the UDP early demux for mcast packets landing on unconnected
      sockets, after successful fetching the related cached dst entry.
      
      This still gives a measurable, but limited performance
      regression:
      
      		rp_filter = 0		rp_filter = 1
      edmux disabled:	1182 Kpps		1127 Kpps
      edmux before:	2238 Kpps		2238 Kpps
      edmux after:	2037 Kpps		2019 Kpps
      
      The above figures are on top of current net tree.
      Applying the net-next commit 6e617de8 ("net: avoid a full
      fib lookup when rp_filter is disabled.") the delta with
      rp_filter == 0 will decrease even more.
      
      Fixes: 421b3885 ("udp: ipv4: Add udp early demux")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bc044e8d
    • Paolo Abeni's avatar
      IPv4: early demux can return an error code · 7487449c
      Paolo Abeni authored
      Currently no error is emitted, but this infrastructure will
      used by the next patch to allow source address validation
      for mcast sockets.
      Since early demux can do a route lookup and an ipv4 route
      lookup can return an error code this is consistent with the
      current ipv4 route infrastructure.
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7487449c
    • Xin Long's avatar
      ip6_tunnel: update mtu properly for ARPHRD_ETHER tunnel device in tx path · d41bb33b
      Xin Long authored
      Now when updating mtu in tx path, it doesn't consider ARPHRD_ETHER tunnel
      device, like ip6gre_tap tunnel, for which it should also subtract ether
      header to get the correct mtu.
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d41bb33b
    • Xin Long's avatar
      ip6_gre: ip6gre_tap device should keep dst · 2d40557c
      Xin Long authored
      The patch 'ip_gre: ipgre_tap device should keep dst' fixed
      a issue that ipgre_tap mtu couldn't be updated in tx path.
      
      The same fix is needed for ip6gre_tap as well.
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2d40557c
    • Xin Long's avatar
      ip_gre: ipgre_tap device should keep dst · d51711c0
      Xin Long authored
      Without keeping dst, the tunnel will not update any mtu/pmtu info,
      since it does not have a dst on the skb.
      
      Reproducer:
        client(ipgre_tap1 - eth1) <-----> (eth1 - ipgre_tap1)server
      
      After reducing eth1's mtu on client, then perforamnce became 0.
      
      This patch is to netif_keep_dst in gre_tap_init, as ipgre does.
      Reported-by: default avatarJianlin Shi <jishi@redhat.com>
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d51711c0
  3. 30 Sep, 2017 1 commit
    • Jason A. Donenfeld's avatar
      netlink: do not proceed if dump's start() errs · fef0035c
      Jason A. Donenfeld authored
      Drivers that use the start method for netlink dumping rely on dumpit not
      being called if start fails. For example, ila_xlat.c allocates memory
      and assigns it to cb->args[0] in its start() function. It might fail to
      do that and return -ENOMEM instead. However, even when returning an
      error, dumpit will be called, which, in the example above, quickly
      dereferences the memory in cb->args[0], which will OOPS the kernel. This
      is but one example of how this goes wrong.
      
      Since start() has always been a function with an int return type, it
      therefore makes sense to use it properly, rather than ignoring it. This
      patch thus returns early and does not call dumpit() when start() fails.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Cc: Johannes Berg <johannes@sipsolutions.net>
      Reviewed-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fef0035c
  4. 29 Sep, 2017 1 commit
  5. 28 Sep, 2017 25 commits
  6. 27 Sep, 2017 2 commits
    • Dan Carpenter's avatar
      sctp: Fix a big endian bug in sctp_diag_dump() · c2cc187e
      Dan Carpenter authored
      The sctp_for_each_transport() function takes an pointer to int.  The
      cb->args[] array holds longs so it's only using the high 32 bits.  It
      works on little endian system but will break on big endian 64 bit
      machines.
      
      Fixes: d25adbeb ("sctp: fix an use-after-free issue in sctp_sock_dump")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Reviewed-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c2cc187e
    • David S. Miller's avatar
      Merge tag 'wireless-drivers-for-davem-2017-09-25' of... · 20c62c79
      David S. Miller authored
      Merge tag 'wireless-drivers-for-davem-2017-09-25' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
      
      Kalle Valo says:
      
      ====================
      wireless-drivers fixes for 4.14
      
      Quite a lot of fixes this time. Most notable is the brcmfmac fix for a
      CVE issue.
      
      iwlwifi
      
      * a couple of bugzilla bugs related to multicast handling
      
      * two fixes for WoWLAN bugs that were causing queue hangs and
        re-initialization problems
      
      * two fixes for potential uninitialized variable use reported by Dan
        Carpenter in relation to a recently introduced patch
      
      * a fix for buffer reordering in the newly supported 9000 device
        family
      
      * fix a race when starting aggregation
      
      * small fix for a recent patch to wake mac80211 queues
      
      * send non-bufferable management frames in the generic queue so they
        are not sent on queues that are under power-save
      
      ath10k
      
      * fix a PCI PM related gcc warning
      
      brcmfmac
      
      * CVE-2017-0786: add length check scan results from firmware
      
      * respect passive scan requests from user space
      
      qtnfmac
      
      * fix race in tx path when using multiple interfaces
      
      * cancel ongoing scan when removing the wireless interface
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      20c62c79
  7. 26 Sep, 2017 2 commits