1. 23 Jan, 2019 3 commits
    • Linus Lüssing's avatar
      bridge: join all-snoopers multicast address · 4effd28c
      Linus Lüssing authored
      Next to snooping IGMP/MLD queries RFC4541, section 2.1.1.a) recommends
      to snoop multicast router advertisements to detect multicast routers.
      
      Multicast router advertisements are sent to an "all-snoopers"
      multicast address. To be able to receive them reliably, we need to
      join this group.
      
      Otherwise other snooping switches might refrain from forwarding these
      advertisements to us.
      Signed-off-by: default avatarLinus Lüssing <linus.luessing@c0d3.blue>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4effd28c
    • Linus Lüssing's avatar
      bridge: simplify ip_mc_check_igmp() and ipv6_mc_check_mld() internals · a2e2ca3b
      Linus Lüssing authored
      With this patch the internal use of the skb_trimmed is reduced to
      the ICMPv6/IGMP checksum verification. And for the length checks
      the newly introduced helper functions are used instead of calculating
      and checking with skb->len directly.
      
      These changes should hopefully make it easier to verify that length
      checks are performed properly.
      Signed-off-by: default avatarLinus Lüssing <linus.luessing@c0d3.blue>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a2e2ca3b
    • Linus Lüssing's avatar
      bridge: simplify ip_mc_check_igmp() and ipv6_mc_check_mld() calls · ba5ea614
      Linus Lüssing authored
      This patch refactors ip_mc_check_igmp(), ipv6_mc_check_mld() and
      their callers (more precisely, the Linux bridge) to not rely on
      the skb_trimmed parameter anymore.
      
      An skb with its tail trimmed to the IP packet length was initially
      introduced for the following three reasons:
      
      1) To be able to verify the ICMPv6 checksum.
      2) To be able to distinguish the version of an IGMP or MLD query.
         They are distinguishable only by their size.
      3) To avoid parsing data for an IGMPv3 or MLDv2 report that is
         beyond the IP packet but still within the skb.
      
      The first case still uses a cloned and potentially trimmed skb to
      verfiy. However, there is no need to propagate it to the caller.
      For the second and third case explicit IP packet length checks were
      added.
      
      This hopefully makes ip_mc_check_igmp() and ipv6_mc_check_mld() easier
      to read and verfiy, as well as easier to use.
      Signed-off-by: default avatarLinus Lüssing <linus.luessing@c0d3.blue>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ba5ea614
  2. 22 Jan, 2019 25 commits
  3. 21 Jan, 2019 4 commits
  4. 20 Jan, 2019 8 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 7d0ae236
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix endless loop in nf_tables, from Phil Sutter.
      
       2) Fix cross namespace ip6_gre tunnel hash list corruption, from
          Olivier Matz.
      
       3) Don't be too strict in phy_start_aneg() otherwise we might not allow
          restarting auto negotiation. From Heiner Kallweit.
      
       4) Fix various KMSAN uninitialized value cases in tipc, from Ying Xue.
      
       5) Memory leak in act_tunnel_key, from Davide Caratti.
      
       6) Handle chip errata of mv88e6390 PHY, from Andrew Lunn.
      
       7) Remove linear SKB assumption in fou/fou6, from Eric Dumazet.
      
       8) Missing udplite rehash callbacks, from Alexey Kodanev.
      
       9) Log dirty pages properly in vhost, from Jason Wang.
      
      10) Use consume_skb() in neigh_probe() as this is a normal free not a
          drop, from Yang Wei. Likewise in macvlan_process_broadcast().
      
      11) Missing device_del() in mdiobus_register() error paths, from Thomas
          Petazzoni.
      
      12) Fix checksum handling of short packets in mlx5, from Cong Wang.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (96 commits)
        bpf: in __bpf_redirect_no_mac pull mac only if present
        virtio_net: bulk free tx skbs
        net: phy: phy driver features are mandatory
        isdn: avm: Fix string plus integer warning from Clang
        net/mlx5e: Fix cb_ident duplicate in indirect block register
        net/mlx5e: Fix wrong (zero) TX drop counter indication for representor
        net/mlx5e: Fix wrong error code return on FEC query failure
        net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames
        tools: bpftool: Cleanup license mess
        bpf: fix inner map masking to prevent oob under speculation
        bpf: pull in pkt_sched.h header for tooling to fix bpftool build
        selftests: forwarding: Add a test case for externally learned FDB entries
        selftests: mlxsw: Test FDB offload indication
        mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky
        net: bridge: Mark FDB entries that were added by user as such
        mlxsw: spectrum_fid: Update dummy FID index
        mlxsw: pci: Return error on PCI reset timeout
        mlxsw: pci: Increase PCI SW reset timeout
        mlxsw: pci: Ring CQ's doorbell before RDQ's
        MAINTAINERS: update email addresses of liquidio driver maintainers
        ...
      7d0ae236
    • Kees Cook's avatar
      pstore/ram: Avoid allocation and leak of platform data · 5631e857
      Kees Cook authored
      Yue Hu noticed that when parsing device tree the allocated platform data
      was never freed. Since it's not used beyond the function scope, this
      switches to using a stack variable instead.
      Reported-by: default avatarYue Hu <huyue2@yulong.com>
      Fixes: 35da6094 ("pstore/ram: add Device Tree bindings")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      5631e857
    • Ard Biesheuvel's avatar
      gcc-plugins: arm_ssp_per_task_plugin: fix for GCC 9+ · 2c88c742
      Ard Biesheuvel authored
      GCC 9 reworks the way the references to the stack canary are
      emitted, to prevent the value from being spilled to the stack
      before the final comparison in the epilogue, defeating the
      purpose, given that the spill slot is under control of the
      attacker that we are protecting ourselves from.
      
      Since our canary value address is obtained without accessing
      memory (as opposed to pre-v7 code that will obtain it from a
      literal pool), it is unlikely (although not guaranteed) that
      the compiler will spill the canary value in the same way, so
      let's just disable this improvement when building with GCC9+.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      2c88c742
    • Ard Biesheuvel's avatar
      gcc-plugins: arm_ssp_per_task_plugin: sign extend the SP mask · 560706d5
      Ard Biesheuvel authored
      The ARM per-task stack protector GCC plugin hits an assert in
      the compiler in some case, due to the fact the the SP mask
      expression is not sign-extended as it should be. So fix that.
      Suggested-by: default avatarKugan Vivekanandarajah <kugan.vivekanandarajah@linaro.org>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      560706d5
    • David S. Miller's avatar
      Merge branch 'mlxsw-spectrum_router-Add-GRE-tunnel-support-for-Spectrum-2' · 28f9d1a3
      David S. Miller authored
      Ido Schimmel says:
      
      ====================
      mlxsw: spectrum_router: Add GRE tunnel support for Spectrum-2
      
      Nir says:
      
      In Spectrum-2, HW implementation of layer 3 tunnels differs from
      Spectrum-1 when it comes to the underlay routing table selection.
      Spectrum-2 uses a dedicated RIF that points to the virtual router used
      for forwarding the encapsulated packets, while Spectrum-1 explicitly
      specifies the virtual router itself.
      
      Patches #1 and #2 add additional fields in RITR - Router interface table
      register and RTDP - Routing tunnel decap properties respectively, the
      fields are required for the new underlay RIF needed for Spectrum-2.
      
      Patches #3-4 allow different set of RIF operations per ASIC type. The
      first patch splits the operations and the following patch sets RIF ops
      according to ASIC type.
      
      Patches #5-9 introduce small changes to existing code to allow existence
      of a dedicated underlay RIF along with the underlay virtual router, and
      to support that new type of RIF that has no device.
      
      Patch #10 takes care of updating the tunnel decap properties egress
      underlay RIF required for Spectrum-2.
      
      Patch #11 adds the implementation of Spectrum-2 specific RIF operations
      and essentially enables layer 3 GRE tunnels on Spectrum-2.
      
      Finally patches #12-18 add tests for GRE IP-in-IP tunnels, both in flat
      and hierarchical topologies.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      28f9d1a3
    • Nir Dotan's avatar
      selftests: forwarding: Add IP-in-IP GRE hierarchical topology with keys test · eb13feab
      Nir Dotan authored
      Add a test that checks IP-in-IP GRE tunneling and MTU change of tunnel,
      where an ikey/okey pair is set. This test is based on hierarchical topology
      described in file ipip_lib.sh.
      Signed-off-by: default avatarNir Dotan <nird@mellanox.com>
      Reviewed-by: default avatarPetr Machata <petrm@mellanox.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      eb13feab
    • Nir Dotan's avatar
      selftests: forwarding: Add IP-in-IP GRE hierarchical topology with key test · a63b2321
      Nir Dotan authored
      Add a test that checks IP-in-IP GRE tunneling and MTU change of tunnel,
      where a key is set. This test is based on hierarchical topology described
      in file ipip_lib.sh.
      Signed-off-by: default avatarNir Dotan <nird@mellanox.com>
      Reviewed-by: default avatarPetr Machata <petrm@mellanox.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a63b2321
    • Nir Dotan's avatar
      selftests: forwarding: Add IP-in-IP GRE hierarchical topology test · 00365c0f
      Nir Dotan authored
      Add a test that checks IP-in-IP GRE tunneling and MTU change of tunnel,
      based on hierarchical topology described in file ipip_lib.sh.
      Signed-off-by: default avatarNir Dotan <nird@mellanox.com>
      Reviewed-by: default avatarPetr Machata <petrm@mellanox.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      00365c0f