- 07 Mar, 2018 5 commits
-
-
Denis Kirjanov authored
__dev_mc_add grabs an adress spinlock so use atomic context in kmalloc. / # ifconfig eth0 inet 192.168.0.111 [ 89.331622] BUG: sleeping function called from invalid context at mm/slab.h:420 [ 89.339002] in_atomic(): 1, irqs_disabled(): 0, pid: 1035, name: ifconfig [ 89.345799] 2 locks held by ifconfig/1035: [ 89.349908] #0: (rtnl_mutex){+.+.}, at: [<(ptrval)>] devinet_ioctl+0xc0/0x8a0 [ 89.357258] #1: (_xmit_ETHER){+...}, at: [<(ptrval)>] __dev_mc_add+0x28/0x80 [ 89.364520] CPU: 1 PID: 1035 Comm: ifconfig Not tainted 4.16.0-rc3-dirty #8 [ 89.371464] Call Trace: [ 89.373908] [e959db60] [c066f948] dump_stack+0xa4/0xfc (unreliable) [ 89.380177] [e959db80] [c00671d8] ___might_sleep+0x248/0x280 [ 89.385833] [e959dba0] [c01aec34] kmem_cache_alloc_trace+0x174/0x320 [ 89.392179] [e959dbd0] [c04ab920] dtsec_add_hash_mac_address+0x130/0x240 [ 89.398874] [e959dc00] [c04a9d74] set_multi+0x174/0x1b0 [ 89.404093] [e959dc30] [c04afb68] dpaa_set_rx_mode+0x68/0xe0 [ 89.409745] [e959dc40] [c057baf8] __dev_mc_add+0x58/0x80 [ 89.415052] [e959dc60] [c060fd64] igmp_group_added+0x164/0x190 [ 89.420878] [e959dca0] [c060ffa8] ip_mc_inc_group+0x218/0x460 [ 89.426617] [e959dce0] [c06120fc] ip_mc_up+0x3c/0x190 [ 89.431662] [e959dd10] [c0607270] inetdev_event+0x250/0x620 [ 89.437227] [e959dd50] [c005f190] notifier_call_chain+0x80/0xf0 [ 89.443138] [e959dd80] [c0573a74] __dev_notify_flags+0x54/0xf0 [ 89.448964] [e959dda0] [c05743f8] dev_change_flags+0x48/0x60 [ 89.454615] [e959ddc0] [c0606744] devinet_ioctl+0x544/0x8a0 [ 89.460180] [e959de10] [c060987c] inet_ioctl+0x9c/0x1f0 [ 89.465400] [e959de80] [c05479a8] sock_ioctl+0x168/0x460 [ 89.470708] [e959ded0] [c01cf3ec] do_vfs_ioctl+0xac/0x8c0 [ 89.476099] [e959df20] [c01cfc40] SyS_ioctl+0x40/0xc0 [ 89.481147] [e959df40] [c0011318] ret_from_syscall+0x0/0x3c [ 89.486715] --- interrupt: c01 at 0x1006943c [ 89.486715] LR = 0x100c45ec Signed-off-by:Denis Kirjanov <kda@linux-powerpc.org> Acked-by:
Madalin Bucur <madalin.bucur@nxp.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Paul Blakey says: ==================== rhashtable: Fix rhltable duplicates insertion On our mlx5 driver fs_core.c, we use the rhltable interface to store flow groups. We noticed that sometimes we get a warning that flow group isn't found at removal. This rare case was caused when a specific scenario happened, insertion of a flow group with a similar match criteria (a duplicate), but only where the flow group rhash_head was second (or not first) on the relevant rhashtable bucket list. The first patch fixes it, and the second one adds a test that show it is now working. Paul. v3 --> v2 changes: * added missing fix in rhashtable_lookup_one code path as well. v1 --> v2 changes: * Changed commit messages to better reflect the change ==================== Signed-off-by: -
Paul Blakey authored
Tries to insert duplicates in the middle of bucket's chain: bucket 1: [[val 21 (tid=1)]] -> [[ val 1 (tid=2), val 1 (tid=0) ]] Reuses tid to distinguish the elements insertion order. Signed-off-by:
Paul Blakey <paulb@mellanox.com> Acked-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Paul Blakey authored
When inserting duplicate objects (those with the same key), current rhlist implementation messes up the chain pointers by updating the bucket pointer instead of prev next pointer to the newly inserted node. This causes missing elements on removal and travesal. Fix that by properly updating pprev pointer to point to the correct rhash_head next pointer. Issue: 1241076 Change-Id: I86b2c140bcb4aeb10b70a72a267ff590bb2b17e7 Fixes: ca26893f ('rhashtable: Add rhlist interface') Signed-off-by:
-
Geert Uytterhoeven authored
The Stream Buffer for EtherAVB-IF (STBE) is an optional component, and is not present on all SoCs. Document this in the DT bindings, including a list of SoCs that do have it. Fixes: 785ec874 ("ravb: document R8A77970 bindings") Fixes: f231c417 ("dt-bindings: net: renesas-ravb: Add support for R8A77995 RAVB") Signed-off-by:
Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by:
Simon Horman <horms+renesas@verge.net.au> Acked-by:
Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Reviewed-by:
Rob Herring <robh@kernel.org> Signed-off-by:
-
- 06 Mar, 2018 8 commits
-
-
David Ahern authored
Only allow ifindex from IP_PKTINFO to override SO_BINDTODEVICE settings if the index is actually set in the message. Signed-off-by:
David Ahern <dsahern@gmail.com> Signed-off-by:
-
Randy Dunlap authored
Correct spelling of National Semi-conductor (no hyphen) in drivers/net/ethernet/. Signed-off-by:
Randy Dunlap <rdunlap@infradead.org> Signed-off-by:
-
David S. Miller authored
Florian Fainelli says: ==================== net: Use strlcpy() for ethtool::get_strings After turning on KASAN on one of my systems, I started getting lots of out of bounds errors while fetching a given port's statistics, and indeed using memcpy() is unsafe for copying strings which have not been declared as an array of ETH_GSTRING_LEN bytes, so let's use strlcpy() instead. This allows the best of both worlds: we still keep the efficient memory usage of variably sized strings, but we don't copy more than we need to. Changes in v2: - dropped the 3 other patches that were not necessary - use strlcpy() instead of strncpy() ==================== Signed-off-by: -
Florian Fainelli authored
Our statistics strings are allocated at initialization without being bound to a specific size, yet, we would copy ETH_GSTRING_LEN bytes using memcpy() which would create out of bounds accesses, this was flagged by KASAN. Replace this with strlcpy() to make sure we are bound the source buffer size and we also always NUL-terminate strings. Fixes: 820ee17b ("net: phy: broadcom: Add support code for reading PHY counters") Signed-off-by:
Florian Fainelli <f.fainelli@gmail.com> Signed-off-by:
-
Florian Fainelli authored
Our statistics strings are allocated at initialization without being bound to a specific size, yet, we would copy ETH_GSTRING_LEN bytes using memcpy() which would create out of bounds accesses, this was flagged by KASAN. Replace this with strlcpy() to make sure we are bound the source buffer size and we also always NUL-terminate strings. Fixes: 2b2427d0 ("phy: micrel: Add ethtool statistics counters") Signed-off-by:
-
Florian Fainelli authored
Our statistics strings are allocated at initialization without being bound to a specific size, yet, we would copy ETH_GSTRING_LEN bytes using memcpy() which would create out of bounds accesses, this was flagged by KASAN. Replace this with strlcpy() to make sure we are bound the source buffer size and we also always NUL-terminate strings. Fixes: d2fa47d9 ("phy: marvell: Add ethtool statistics counters") Signed-off-by:
-
Florian Fainelli authored
Our statistics strings are allocated at initialization without being bound to a specific size, yet, we would copy ETH_GSTRING_LEN bytes using memcpy() which would create out of bounds accesses, this was flagged by KASAN. Replace this with strlcpy() to make sure we are bound the source buffer size and we also always NUL-terminate strings. Fixes: 967dd82f ("net: dsa: b53: Add support for Broadcom RoboSwitch") Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linuxLinus Torvalds authored
Pull ia64 cleanups from Tony Luck: - More atomic cleanup from willy - Fix a python script to work with version 3 - Some other small cleanups * tag 'please-pull-ia64_misc' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux: ia64/err-inject: fix spelling mistake: "capapbilities" -> "capabilities" ia64/err-inject: Use get_user_pages_fast() ia64: doc: tweak whitespace for 'console=' parameter ia64: Convert remaining atomic operations ia64: convert unwcheck.py to python3
-
- 05 Mar, 2018 18 commits
-
-
Colin Ian King authored
Trivial fix to spelling mistake in debug message text. Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
Tony Luck <tony.luck@intel.com>
-
Davidlohr Bueso authored
At the point of sysfs callback, the call to gup is done without mmap_sem (or any lock for that matter). This is racy. As such, use the get_user_pages_fast() alternative and safely avoid taking the lock, if possible. Signed-off-by:
Davidlohr Bueso <dbueso@suse.de> Signed-off-by:
-
Sergei Trofimovich authored
CC: Tony Luck <tony.luck@intel.com> CC: Fenghua Yu <fenghua.yu@intel.com> CC: linux-ia64@vger.kernel.org CC: linux-kernel@vger.kernel.org Signed-off-by:
Sergei Trofimovich <slyfox@gentoo.org> Signed-off-by:
-
Matthew Wilcox authored
While we've only seen inlining problems with atomic_sub_return(), the other atomic operations could have the same problem. Convert all remaining operations to use the same solution as atomic_sub_return(). Signed-off-by:
Matthew Wilcox <mawilcox@microsoft.com> Signed-off-by:
-
Corentin Labbe authored
Since my system use python3 as default, arch/ia64/scripts/unwcheck.py no longer run. This patch convert it to the python3 syntax. I have ran it with python2/python3 while printing values of start/end/rlen_sum which could be impacted by this change and I see no difference. Fixes: 94a47083 ("scripts: change scripts to use system python instead of env") Signed-off-by:
Corentin Labbe <clabbe@baylibre.com> Signed-off-by:
-
Linus Torvalds authored
Merge tag 'linux-kselftest-4.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull kselftest fixes from Shuah Khan: "A fix for regression in memory-hotplug install script that prevents the test from running on the target" * tag 'linux-kselftest-4.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: selftests: memory-hotplug: fix emit_tests regression
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Use an appropriate TSQ pacing shift in mac80211, from Toke Høiland-Jørgensen. 2) Just like ipv4's ip_route_me_harder(), we have to use skb_to_full_sk in ip6_route_me_harder, from Eric Dumazet. 3) Fix several shutdown races and similar other problems in l2tp, from James Chapman. 4) Handle missing XDP flush properly in tuntap, for real this time. From Jason Wang. 5) Out-of-bounds access in powerpc ebpf tailcalls, from Daniel Borkmann. 6) Fix phy_resume() locking, from Andrew Lunn. 7) IFLA_MTU values are ignored on newlink for some tunnel types, fix from Xin Long. 8) Revert F-RTO middle box workarounds, they only handle one dimension of the problem. From Yuchung Cheng. 9) Fix socket refcounting in RDS, from Ka-Cheong Poon. 10) Don't allow ppp unit registration to an unregistered channel, from Guillaume Nault. 11) Various hv_netvsc fixes from Stephen Hemminger. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (98 commits) hv_netvsc: propagate rx filters to VF hv_netvsc: filter multicast/broadcast hv_netvsc: defer queue selection to VF hv_netvsc: use napi_schedule_irqoff hv_netvsc: fix race in napi poll when rescheduling hv_netvsc: cancel subchannel setup before halting device hv_netvsc: fix error unwind handling if vmbus_open fails hv_netvsc: only wake transmit queue if link is up hv_netvsc: avoid retry on send during shutdown virtio-net: re enable XDP_REDIRECT for mergeable buffer ppp: prevent unregistered channels from connecting to PPP units tc-testing: skbmod: fix match value of ethertype mlxsw: spectrum_switchdev: Check success of FDB add operation net: make skb_gso_*_seglen functions private net: xfrm: use skb_gso_validate_network_len() to check gso sizes net: sched: tbf: handle GSO_BY_FRAGS case in enqueue net: rename skb_gso_validate_mtu -> skb_gso_validate_network_len rds: Incorrect reference counting in TCP socket creation net: ethtool: don't ignore return from driver get_fecparam method vrf: check forwarding on the original netdevice when generating ICMP dest unreachable ... -
David S. Miller authored
Stephen Hemminger says: ==================== hv_netvsc: minor fixes These are improvements to netvsc driver. They aren't functionality changes so not targeting net-next; and they are not show stopper bugs that need to go to stable either. v2 - drop the irq flags patch, defer it to net-next - split the multicast filter flag patch out - change propogate rx mode patch to handle startup of vf ==================== Signed-off-by: -
Stephen Hemminger authored
The netvsc device should propagate filters to the SR-IOV VF device (if present). The flags also need to be propagated to the VF device as well. This only really matters on local Hyper-V since Azure does not support multiple addresses. Signed-off-by:
Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by:
-
Stephen Hemminger authored
The netvsc driver was always enabling all multicast and broadcast even if netdevice flag had not enabled it. Signed-off-by:
-
Stephen Hemminger authored
When VF is used for accelerated networking it will likely have more queues (and different policy) than the synthetic NIC. This patch defers the queue policy to the VF so that all the queues can be used. This impacts workloads like local generate UDP. Signed-off-by:
-
Stephen Hemminger authored
Since the netvsc_channel_cb is already called in interrupt context from vmbus, there is no need to do irqsave/restore. Signed-off-by:
-
Stephen Hemminger authored
There is a race between napi_reschedule and re-enabling interrupts which could lead to missed host interrrupts. This occurs when interrupts are re-enabled (hv_end_read) and vmbus irq callback (netvsc_channel_cb) has already scheduled NAPI. Signed-off-by:
-
Stephen Hemminger authored
Block setup of multiple channels earlier in the teardown process. This avoids possible races between halt and subchannel initialization. Suggested-by:
Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by:
-
Stephen Hemminger authored
Need to delete NAPI association if vmbus_open fails. Signed-off-by:
-
Stephen Hemminger authored
Don't wake transmit queues if link is not up yet. Signed-off-by:
-
Stephen Hemminger authored
Change the initialization order so that the device is ready to transmit (ie connect vsp is completed) before setting the internal reference to the device with RCU. This avoids any races on initialization and prevents retry issues on shutdown. Signed-off-by:
-
Jason Wang authored
XDP_REDIRECT support for mergeable buffer was removed since commit 7324f539 ("virtio_net: disable XDP_REDIRECT in receive_mergeable() case"). This is because we don't reserve enough tailroom for struct skb_shared_info which breaks XDP assumption. So this patch fixes this by reserving enough tailroom and using fixed size of rx buffer. Signed-off-by:
Jason Wang <jasowang@redhat.com> Acked-by:
Jesper Dangaard Brouer <brouer@redhat.com> Acked-by:
Michael S. Tsirkin <mst@redhat.com> Signed-off-by:
-
- 04 Mar, 2018 9 commits
-
-
Guillaume Nault authored
PPP units don't hold any reference on the channels connected to it. It is the channel's responsibility to ensure that it disconnects from its unit before being destroyed. In practice, this is ensured by ppp_unregister_channel() disconnecting the channel from the unit before dropping a reference on the channel. However, it is possible for an unregistered channel to connect to a PPP unit: register a channel with ppp_register_net_channel(), attach a /dev/ppp file to it with ioctl(PPPIOCATTCHAN), unregister the channel with ppp_unregister_channel() and finally connect the /dev/ppp file to a PPP unit with ioctl(PPPIOCCONNECT). Once in this situation, the channel is only held by the /dev/ppp file, which can be released at anytime and free the channel without letting the parent PPP unit know. Then the ppp structure ends up with dangling pointers in its ->channels list. Prevent this scenario by forbidding unregistered channels from connecting to PPP units. This maintains the code logic by keeping ppp_unregister_channel() responsible from disconnecting the channel if necessary and avoids modification on the reference counting mechanism. This issue seems to predate git history (successfully reproduced on Linux 2.6.26 and earlier PPP commits are unrelated). Signed-off-by:
Guillaume Nault <g.nault@alphalink.fr> Signed-off-by:
-
Davide Caratti authored
iproute2 print_skbmod() prints the configured ethertype using format 0x%X: therefore, test 9aa8 systematically fails, because it configures action #4 using ethertype 0x0031, and expects 0x0031 when it reads it back. Changing the expected value to 0x31 lets the test result 'not ok' become 'ok'. tested with: # ./tdc.py -e 9aa8 Test 9aa8: Get a single skbmod action from a list All test results: 1..1 ok 1 9aa8 Get a single skbmod action from a list Fixes: cf797ac4 ("tc-testing: Add test cases for police and skbmod") Signed-off-by:
Davide Caratti <dcaratti@redhat.com> Signed-off-by:
-
Shalom Toledo authored
Until now, we assumed that in case of error when adding FDB entries, the write operation will fail, but this is not the case. Instead, we need to check that the number of entries reported in the response is equal to the number of entries specified in the request. Fixes: 56ade8fe ("mlxsw: spectrum: Add initial support for Spectrum ASIC") Reported-by:
Ido Schimmel <idosch@mellanox.com> Signed-off-by:
Shalom Toledo <shalomt@mellanox.com> Reviewed-by:
Jiri Pirko <jiri@mellanox.com> Signed-off-by:
-
Linus Torvalds authored
-
David S. Miller authored
Daniel Axtens says: ==================== GSO_BY_FRAGS correctness improvements As requested [1], I went through and had a look at users of gso_size to see if there were things that need to be fixed to consider GSO_BY_FRAGS, and I have tried to improve our helper functions to deal with this case. I found a few. This fixes bugs relating to the use of skb_gso_*_seglen() where GSO_BY_FRAGS is not considered. Patch 1 renames skb_gso_validate_mtu to skb_gso_validate_network_len. This is follow-up to my earlier patch 2b16f048 ("net: create skb_gso_validate_mac_len()"), and just makes everything a bit clearer. Patches 2 and 3 replace the final users of skb_gso_network_seglen() - which doesn't consider GSO_BY_FRAGS - with skb_gso_validate_network_len(), which does. This allows me to make the skb_gso_*_seglen functions private in patch 4 - now future users won't accidentally do the wrong comparison. Two things remain. One is qdisc_pkt_len_init, which is discussed at [2] - it's caught up in the GSO_DODGY mess. I don't have any expertise in GSO_DODGY, and it looks like a good clean fix will involve unpicking the whole validation mess, so I have left it for now. Secondly, there are 3 eBPF opcodes that change the gso_size of an SKB and don't consider GSO_BY_FRAGS. This is going through the bpf tree. Regards, Daniel [1] https://patchwork.ozlabs.org/comment/1852414/ [2] https://www.spinics.net/lists/netdev/msg482397.html PS: This is all in the core networking stack. For a driver to be affected by this it would need to support NETIF_F_GSO_SCTP / NETIF_F_GSO_SOFTWARE and then either use gso_size or not be a purely virtual device. (Many drivers look at gso_size, but do not support SCTP segmentation, so the core network will segment an SCTP gso before it hits them.) Based on that, the only driver that may be affected is sunvnet, but I have no way of testing it, so I haven't looked at it. v2: split out bpf stuff fix review comments from Dave Miller ==================== Signed-off-by:
-
Daniel Axtens authored
They're very hard to use properly as they do not consider the GSO_BY_FRAGS case. Code should use skb_gso_validate_network_len and skb_gso_validate_mac_len as they do consider this case. Make the seglen functions static, which stops people using them outside of skbuff.c Signed-off-by:
Daniel Axtens <dja@axtens.net> Reviewed-by:
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by:
-
Daniel Axtens authored
Replace skb_gso_network_seglen() with skb_gso_validate_network_len(), as it considers the GSO_BY_FRAGS case. Signed-off-by:
-
Daniel Axtens authored
tbf_enqueue() checks the size of a packet before enqueuing it. However, the GSO size check does not consider the GSO_BY_FRAGS case, and so will drop GSO SCTP packets, causing a massive drop in throughput. Use skb_gso_validate_mac_len() instead, as it does consider that case. Signed-off-by:
-
Daniel Axtens authored
If you take a GSO skb, and split it into packets, will the network length (L3 headers + L4 headers + payload) of those packets be small enough to fit within a given MTU? skb_gso_validate_mtu gives you the answer to that question. However, we recently added to add a way to validate the MAC length of a split GSO skb (L2+L3+L4+payload), and the names get confusing, so rename skb_gso_validate_mtu to skb_gso_validate_network_len Signed-off-by:
-
