1. 07 May, 2020 5 commits
    • Willem de Bruijn's avatar
      net: stricter validation of untrusted gso packets · 9274124f
      Willem de Bruijn authored
      Syzkaller again found a path to a kernel crash through bad gso input:
      a packet with transport header extending beyond skb_headlen(skb).
      
      Tighten validation at kernel entry:
      
      - Verify that the transport header lies within the linear section.
      
          To avoid pulling linux/tcp.h, verify just sizeof tcphdr.
          tcp_gso_segment will call pskb_may_pull (th->doff * 4) before use.
      
      - Match the gso_type against the ip_proto found by the flow dissector.
      
      Fixes: bfd5f4a3 ("packet: Add GSO/csum offload support.")
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9274124f
    • Ahmed Abdelsalam's avatar
      seg6: fix SRH processing to comply with RFC8754 · 0cb7498f
      Ahmed Abdelsalam authored
      The Segment Routing Header (SRH) which defines the SRv6 dataplane is defined
      in RFC8754.
      
      RFC8754 (section 4.1) defines the SR source node behavior which encapsulates
      packets into an outer IPv6 header and SRH. The SR source node encodes the
      full list of Segments that defines the packet path in the SRH. Then, the
      first segment from list of Segments is copied into the Destination address
      of the outer IPv6 header and the packet is sent to the first hop in its path
      towards the destination.
      
      If the Segment list has only one segment, the SR source node can omit the SRH
      as he only segment is added in the destination address.
      
      RFC8754 (section 4.1.1) defines the Reduced SRH, when a source does not
      require the entire SID list to be preserved in the SRH. A reduced SRH does
      not contain the first segment of the related SR Policy (the first segment is
      the one already in the DA of the IPv6 header), and the Last Entry field is
      set to n-2, where n is the number of elements in the SR Policy.
      
      RFC8754 (section 4.3.1.1) defines the SRH processing and the logic to
      validate the SRH (S09, S10, S11) which works for both reduced and
      non-reduced behaviors.
      
      This patch updates seg6_validate_srh() to validate the SRH as per RFC8754.
      Signed-off-by: default avatarAhmed Abdelsalam <ahabdels@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0cb7498f
    • David S. Miller's avatar
      Merge branch 'FDB-fixes-for-Felix-and-Ocelot-switches' · 6e0ddb65
      David S. Miller authored
      Vladimir Oltean says:
      
      ====================
      FDB fixes for Felix and Ocelot switches
      
      This series fixes the following problems:
      - Dynamically learnt addresses never expiring (neither for Ocelot nor
        for Felix)
      - Half of the FDB not visible in 'bridge fdb show' (for Felix only)
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6e0ddb65
    • Vladimir Oltean's avatar
      net: mscc: ocelot: ANA_AUTOAGE_AGE_PERIOD holds a value in seconds, not ms · c0d7eccb
      Vladimir Oltean authored
      One may notice that automatically-learnt entries 'never' expire, even
      though the bridge configures the address age period at 300 seconds.
      
      Actually the value written to hardware corresponds to a time interval
      1000 times higher than intended, i.e. 83 hours.
      
      Fixes: a556c76a ("net: mscc: Add initial Ocelot switch support")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Reviewed-by: default avatarFlorian Faineli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c0d7eccb
    • Vladimir Oltean's avatar
      net: dsa: ocelot: the MAC table on Felix is twice as large · 21ce7f3e
      Vladimir Oltean authored
      When running 'bridge fdb dump' on Felix, sometimes learnt and static MAC
      addresses would appear, sometimes they wouldn't.
      
      Turns out, the MAC table has 4096 entries on VSC7514 (Ocelot) and 8192
      entries on VSC9959 (Felix), so the existing code from the Ocelot common
      library only dumped half of Felix's MAC table. They are both organized
      as a 4-way set-associative TCAM, so we just need a single variable
      indicating the correct number of rows.
      
      Fixes: 56051948 ("net: dsa: ocelot: add driver for Felix switch family")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      21ce7f3e
  2. 06 May, 2020 7 commits
  3. 05 May, 2020 2 commits
  4. 04 May, 2020 13 commits
    • Qiushi Wu's avatar
      nfp: abm: fix a memory leak bug · bd4af432
      Qiushi Wu authored
      In function nfp_abm_vnic_set_mac, pointer nsp is allocated by nfp_nsp_open.
      But when nfp_nsp_has_hwinfo_lookup fail, the pointer is not released,
      which can lead to a memory leak bug. Fix this issue by adding
      nfp_nsp_close(nsp) in the error path.
      
      Fixes: f6e71efd ("nfp: abm: look up MAC addresses via management FW")
      Signed-off-by: default avatarQiushi Wu <wu000273@umn.edu>
      Acked-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bd4af432
    • Cong Wang's avatar
      atm: fix a memory leak of vcc->user_back · 8d9f73c0
      Cong Wang authored
      In lec_arp_clear_vccs() only entry->vcc is freed, but vcc
      could be installed on entry->recv_vcc too in lec_vcc_added().
      
      This fixes the following memory leak:
      
      unreferenced object 0xffff8880d9266b90 (size 16):
        comm "atm2", pid 425, jiffies 4294907980 (age 23.488s)
        hex dump (first 16 bytes):
          00 00 00 00 00 00 00 00 00 00 00 00 6b 6b 6b a5  ............kkk.
        backtrace:
          [<(____ptrval____)>] kmem_cache_alloc_trace+0x10e/0x151
          [<(____ptrval____)>] lane_ioctl+0x4b3/0x569
          [<(____ptrval____)>] do_vcc_ioctl+0x1ea/0x236
          [<(____ptrval____)>] svc_ioctl+0x17d/0x198
          [<(____ptrval____)>] sock_do_ioctl+0x47/0x12f
          [<(____ptrval____)>] sock_ioctl+0x2f9/0x322
          [<(____ptrval____)>] vfs_ioctl+0x1e/0x2b
          [<(____ptrval____)>] ksys_ioctl+0x61/0x80
          [<(____ptrval____)>] __x64_sys_ioctl+0x16/0x19
          [<(____ptrval____)>] do_syscall_64+0x57/0x65
          [<(____ptrval____)>] entry_SYSCALL_64_after_hwframe+0x49/0xb3
      
      Cc: Gengming Liu <l.dmxcsnsbh@gmail.com>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8d9f73c0
    • Cong Wang's avatar
      atm: fix a UAF in lec_arp_clear_vccs() · 93a2014a
      Cong Wang authored
      Gengming reported a UAF in lec_arp_clear_vccs(),
      where we add a vcc socket to an entry in a per-device
      list but free the socket without removing it from the
      list when vcc->dev is NULL.
      
      We need to call lec_vcc_close() to search and remove
      those entries contain the vcc being destroyed. This can
      be done by calling vcc->push(vcc, NULL) unconditionally
      in vcc_destroy_socket().
      
      Another issue discovered by Gengming's reproducer is
      the vcc->dev may point to the static device lecatm_dev,
      for which we don't need to register/unregister device,
      so we can just check for vcc->dev->ops->owner.
      Reported-by: default avatarGengming Liu <l.dmxcsnsbh@gmail.com>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      93a2014a
    • Colin Ian King's avatar
      net: stmmac: gmac5+: fix potential integer overflow on 32 bit multiply · 44d95cc6
      Colin Ian King authored
      The multiplication of cfg->ctr[1] by 1000000000 is performed using a
      32 bit multiplication (since cfg->ctr[1] is a u32) and this can lead
      to a potential overflow. Fix this by making the constant a ULL to
      ensure a 64 bit multiply occurs.
      
      Fixes: 504723af ("net: stmmac: Add basic EST support for GMAC5+")
      Addresses-Coverity: ("Unintentional integer overflow")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      44d95cc6
    • Cong Wang's avatar
      net_sched: fix tcm_parent in tc filter dump · a7df4870
      Cong Wang authored
      When we tell kernel to dump filters from root (ffff:ffff),
      those filters on ingress (ffff:0000) are matched, but their
      true parents must be dumped as they are. However, kernel
      dumps just whatever we tell it, that is either ffff:ffff
      or ffff:0000:
      
       $ nl-cls-list --dev=dummy0 --parent=root
       cls basic dev dummy0 id none parent root prio 49152 protocol ip match-all
       cls basic dev dummy0 id :1 parent root prio 49152 protocol ip match-all
       $ nl-cls-list --dev=dummy0 --parent=ffff:
       cls basic dev dummy0 id none parent ffff: prio 49152 protocol ip match-all
       cls basic dev dummy0 id :1 parent ffff: prio 49152 protocol ip match-all
      
      This is confusing and misleading, more importantly this is
      a regression since 4.15, so the old behavior must be restored.
      
      And, when tc filters are installed on a tc class, the parent
      should be the classid, rather than the qdisc handle. Commit
      edf6711c ("net: sched: remove classid and q fields from tcf_proto")
      removed the classid we save for filters, we can just restore
      this classid in tcf_block.
      
      Steps to reproduce this:
       ip li set dev dummy0 up
       tc qd add dev dummy0 ingress
       tc filter add dev dummy0 parent ffff: protocol arp basic action pass
       tc filter show dev dummy0 root
      
      Before this patch:
       filter protocol arp pref 49152 basic
       filter protocol arp pref 49152 basic handle 0x1
      	action order 1: gact action pass
      	 random type none pass val 0
      	 index 1 ref 1 bind 1
      
      After this patch:
       filter parent ffff: protocol arp pref 49152 basic
       filter parent ffff: protocol arp pref 49152 basic handle 0x1
       	action order 1: gact action pass
       	 random type none pass val 0
      	 index 1 ref 1 bind 1
      
      Fixes: a10fa201 ("net: sched: propagate q and parent from caller down to tcf_fill_node")
      Fixes: edf6711c ("net: sched: remove classid and q fields from tcf_proto")
      Cc: Jamal Hadi Salim <jhs@mojatatu.com>
      Cc: Jiri Pirko <jiri@resnulli.us>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Acked-by: default avatarJamal Hadi Salim <jhs@mojatatu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a7df4870
    • Arnd Bergmann's avatar
      cxgb4/chcr: avoid -Wreturn-local-addr warning · 071a43e6
      Arnd Bergmann authored
      gcc-10 warns about functions that return a pointer to a stack
      variable. In chcr_write_cpl_set_tcb_ulp(), this does not actually
      happen, but it's too hard to see for the compiler:
      
      drivers/crypto/chelsio/chcr_ktls.c: In function 'chcr_write_cpl_set_tcb_ulp.constprop':
      drivers/crypto/chelsio/chcr_ktls.c:760:9: error: function may return address of local variable [-Werror=return-local-addr]
        760 |  return pos;
            |         ^~~
      drivers/crypto/chelsio/chcr_ktls.c:712:5: note: declared here
        712 |  u8 buf[48] = {0};
            |     ^~~
      
      Split the middle part of the function out into a helper to make
      it easier to understand by both humans and compilers, which avoids
      the warning.
      
      Fixes: 5a4b9fe7 ("cxgb4/chcr: complete record tx handling")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      071a43e6
    • Julian Wiedmann's avatar
      s390/qeth: fix cancelling of TX timer on dev_close() · c649c41d
      Julian Wiedmann authored
      With the introduction of TX coalescing, .ndo_start_xmit now potentially
      starts the TX completion timer. So only kill the timer _after_ TX has
      been disabled.
      
      Fixes: ee1e52d1 ("s390/qeth: add TX IRQ coalescing support for IQD devices")
      Signed-off-by: default avatarJulian Wiedmann <jwi@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c649c41d
    • Dejin Zheng's avatar
      net: enetc: fix an issue about leak system resources · d975cb7e
      Dejin Zheng authored
      the related system resources were not released when enetc_hw_alloc()
      return error in the enetc_pci_mdio_probe(), add iounmap() for error
      handling label "err_hw_alloc" to fix it.
      
      Fixes: 6517798d ("enetc: Make MDIO accessors more generic and export to include/linux/fsl")
      Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
      Signed-off-by: default avatarDejin Zheng <zhengdejin5@gmail.com>
      Reviewed-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d975cb7e
    • Tariq Toukan's avatar
      net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() · 40e47307
      Tariq Toukan authored
      When ENOSPC is set the idx is still valid and gets set to the global
      MLX4_SINK_COUNTER_INDEX.  However gcc's static analysis cannot tell that
      ENOSPC is impossible from mlx4_cmd_imm() and gives this warning:
      
      drivers/net/ethernet/mellanox/mlx4/main.c:2552:28: warning: 'idx' may be
      used uninitialized in this function [-Wmaybe-uninitialized]
       2552 |    priv->def_counter[port] = idx;
      
      Also, when ENOSPC is returned mlx4_allocate_default_counters should not
      fail.
      
      Fixes: 6de5f7f6 ("net/mlx4_core: Allocate default counter per port")
      Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      40e47307
    • Aya Levin's avatar
      devlink: Fix reporter's recovery condition · bea0c5c9
      Aya Levin authored
      Devlink health core conditions the reporter's recovery with the
      expiration of the grace period. This is not relevant for the first
      recovery. Explicitly demand that the grace period will only apply to
      recoveries other than the first.
      
      Fixes: c8e1da0b ("devlink: Add health report functionality")
      Signed-off-by: default avatarAya Levin <ayal@mellanox.com>
      Reviewed-by: default avatarMoshe Shemesh <moshe@mellanox.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bea0c5c9
    • Maxim Petrov's avatar
      stmmac: fix pointer check after utilization in stmmac_interrupt · f42234ff
      Maxim Petrov authored
      The paranoidal pointer check in IRQ handler looks very strange - it
      really protects us only against bogus drivers which request IRQ line
      with null pointer dev_id. However, the code fragment is incorrect
      because the dev pointer is used before the actual check which leads
      to undefined behavior. Remove the check to avoid confusing people
      with incorrect code.
      Signed-off-by: default avatarMaxim Petrov <mmrmaximuzz@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f42234ff
    • Tuong Lien's avatar
      tipc: fix partial topology connection closure · 980d6927
      Tuong Lien authored
      When an application connects to the TIPC topology server and subscribes
      to some services, a new connection is created along with some objects -
      'tipc_subscription' to store related data correspondingly...
      However, there is one omission in the connection handling that when the
      connection or application is orderly shutdown (e.g. via SIGQUIT, etc.),
      the connection is not closed in kernel, the 'tipc_subscription' objects
      are not freed too.
      This results in:
      - The maximum number of subscriptions (65535) will be reached soon, new
      subscriptions will be rejected;
      - TIPC module cannot be removed (unless the objects  are somehow forced
      to release first);
      
      The commit fixes the issue by closing the connection if the 'recvmsg()'
      returns '0' i.e. when the peer is shutdown gracefully. It also includes
      the other unexpected cases.
      Acked-by: default avatarJon Maloy <jmaloy@redhat.com>
      Acked-by: default avatarYing Xue <ying.xue@windriver.com>
      Signed-off-by: default avatarTuong Lien <tuong.t.lien@dektech.com.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      980d6927
    • Florian Fainelli's avatar
      net: dsa: Do not make user port errors fatal · 86f8b1c0
      Florian Fainelli authored
      Prior to 1d27732f ("net: dsa: setup and teardown ports"), we would
      not treat failures to set-up an user port as fatal, but after this
      commit we would, which is a regression for some systems where interfaces
      may be declared in the Device Tree, but the underlying hardware may not
      be present (pluggable daughter cards for instance).
      
      Fixes: 1d27732f ("net: dsa: setup and teardown ports")
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      86f8b1c0
  5. 03 May, 2020 3 commits
  6. 01 May, 2020 10 commits
    • Arnd Bergmann's avatar
      drop_monitor: work around gcc-10 stringop-overflow warning · dc30b405
      Arnd Bergmann authored
      The current gcc-10 snapshot produces a false-positive warning:
      
      net/core/drop_monitor.c: In function 'trace_drop_common.constprop':
      cc1: error: writing 8 bytes into a region of size 0 [-Werror=stringop-overflow=]
      In file included from net/core/drop_monitor.c:23:
      include/uapi/linux/net_dropmon.h:36:8: note: at offset 0 to object 'entries' with size 4 declared here
         36 |  __u32 entries;
            |        ^~~~~~~
      
      I reported this in the gcc bugzilla, but in case it does not get
      fixed in the release, work around it by using a temporary variable.
      
      Fixes: 9a8afc8d ("Network Drop Monitor: Adding drop monitor implementation & Netlink protocol")
      Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94881Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dc30b405
    • Yoshiyuki Kurauchi's avatar
      gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() · 846c68f7
      Yoshiyuki Kurauchi authored
      In drivers/net/gtp.c, gtp_genl_dump_pdp() should set NLM_F_MULTI
      flag since it returns multipart message.
      This patch adds a new arg "flags" in gtp_genl_fill_info() so that
      flags can be set by the callers.
      Signed-off-by: default avatarYoshiyuki Kurauchi <ahochauwaaaaa@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      846c68f7
    • Jules Irenge's avatar
      cxgb4: Add missing annotation for service_ofldq() · cae9566a
      Jules Irenge authored
      Sparse reports a warning at service_ofldq()
      
      warning: context imbalance in service_ofldq() - unexpected unlock
      
      The root cause is the missing annotation at service_ofldq()
      
      Add the missing __must_hold(&q->sendq.lock) annotation
      Signed-off-by: default avatarJules Irenge <jbi.octave@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cae9566a
    • Jacob Keller's avatar
      ice: cleanup language in ice.rst for fw.app · 709e7158
      Jacob Keller authored
      The documentation for the ice driver around "fw.app" has a spelling
      mistake in variation. Additionally, the language of "shall have a unique
      name" sounds like a requirement. Reword this to read more like
      a description or property.
      Reported-by: default avatarBenjamin Fisher <benjamin.l.fisher@intel.com>
      Signed-off-by: default avatarJacob Keller <jacob.e.keller@intel.com>
      Acked-by: default avatarJakub Kicinski <kubakici@wp.pl>
      Acked-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      709e7158
    • Clay McClure's avatar
      net: Make PTP-specific drivers depend on PTP_1588_CLOCK · b6d49cab
      Clay McClure authored
      Commit d1cbfd77 ("ptp_clock: Allow for it to be optional") changed
      all PTP-capable Ethernet drivers from `select PTP_1588_CLOCK` to `imply
      PTP_1588_CLOCK`, "in order to break the hard dependency between the PTP
      clock subsystem and ethernet drivers capable of being clock providers."
      As a result it is possible to build PTP-capable Ethernet drivers without
      the PTP subsystem by deselecting PTP_1588_CLOCK. Drivers are required to
      handle the missing dependency gracefully.
      
      Some PTP-capable Ethernet drivers (e.g., TI_CPSW) factor their PTP code
      out into separate drivers (e.g., TI_CPTS_MOD). The above commit also
      changed these PTP-specific drivers to `imply PTP_1588_CLOCK`, making it
      possible to build them without the PTP subsystem. But as Grygorii
      Strashko noted in [1]:
      
      On Wed, Apr 22, 2020 at 02:16:11PM +0300, Grygorii Strashko wrote:
      
      > Another question is that CPTS completely nonfunctional in this case and
      > it was never expected that somebody will even try to use/run such
      > configuration (except for random build purposes).
      
      In my view, enabling a PTP-specific driver without the PTP subsystem is
      a configuration error made possible by the above commit. Kconfig should
      not allow users to create a configuration with missing dependencies that
      results in "completely nonfunctional" drivers.
      
      I audited all network drivers that call ptp_clock_register() but merely
      `imply PTP_1588_CLOCK` and found five PTP-specific drivers that are
      likely nonfunctional without PTP_1588_CLOCK:
      
          NET_DSA_MV88E6XXX_PTP
          NET_DSA_SJA1105_PTP
          MACB_USE_HWSTAMP
          CAVIUM_PTP
          TI_CPTS_MOD
      
      Note how these symbols all reference PTP or timestamping in their name;
      this is a clue that they depend on PTP_1588_CLOCK.
      
      Change them from `imply PTP_1588_CLOCK` [2] to `depends on PTP_1588_CLOCK`.
      I'm not using `select PTP_1588_CLOCK` here because PTP_1588_CLOCK has
      its own dependencies, which `select` would not transitively apply.
      
      Additionally, remove the `select NET_PTP_CLASSIFY` from CPTS_TI_MOD;
      PTP_1588_CLOCK already selects that.
      
      [1]: https://lore.kernel.org/lkml/c04458ed-29ee-1797-3a11-7f3f560553e6@ti.com/
      
      [2]: NET_DSA_SJA1105_PTP had never declared any type of dependency on
      PTP_1588_CLOCK (`imply` or otherwise); adding a `depends on PTP_1588_CLOCK`
      here seems appropriate.
      
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Richard Cochran <richardcochran@gmail.com>
      Cc: Nicolas Pitre <nico@fluxnic.net>
      Cc: Grygorii Strashko <grygorii.strashko@ti.com>
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Fixes: d1cbfd77 ("ptp_clock: Allow for it to be optional")
      Signed-off-by: default avatarClay McClure <clay@daemons.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b6d49cab
    • Jakub Kicinski's avatar
      devlink: fix return value after hitting end in region read · 610a9346
      Jakub Kicinski authored
      Commit d5b90e99 ("devlink: report 0 after hitting end in region read")
      fixed region dump, but region read still returns a spurious error:
      
      $ devlink region read netdevsim/netdevsim1/dummy snapshot 0 addr 0 len 128
      0000000000000000 a6 f4 c4 1c 21 35 95 a6 9d 34 c3 5b 87 5b 35 79
      0000000000000010 f3 a0 d7 ee 4f 2f 82 7f c6 dd c4 f6 a5 c3 1b ae
      0000000000000020 a4 fd c8 62 07 59 48 03 70 3b c7 09 86 88 7f 68
      0000000000000030 6f 45 5d 6d 7d 0e 16 38 a9 d0 7a 4b 1e 1e 2e a6
      0000000000000040 e6 1d ae 06 d6 18 00 85 ca 62 e8 7e 11 7e f6 0f
      0000000000000050 79 7e f7 0f f3 94 68 bd e6 40 22 85 b6 be 6f b1
      0000000000000060 af db ef 5e 34 f0 98 4b 62 9a e3 1b 8b 93 fc 17
      devlink answers: Invalid argument
      0000000000000070 61 e8 11 11 66 10 a5 f7 b1 ea 8d 40 60 53 ed 12
      
      This is a minimal fix, I'll follow up with a restructuring
      so we don't have two checks for the same condition.
      
      Fixes: fdd41ec2 ("devlink: Return right error code in case of errors for region read")
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      Reviewed-by: default avatarJacob Keller <jacob.e.keller@intel.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      610a9346
    • Nathan Chancellor's avatar
      hv_netvsc: Fix netvsc_start_xmit's return type · 7fdc66de
      Nathan Chancellor authored
      netvsc_start_xmit is used as a callback function for the ndo_start_xmit
      function pointer. ndo_start_xmit's return type is netdev_tx_t but
      netvsc_start_xmit's return type is int.
      
      This causes a failure with Control Flow Integrity (CFI), which requires
      function pointer prototypes and callback function definitions to match
      exactly. When CFI is in enforcing, the kernel panics. When booting a
      CFI kernel with WSL 2, the VM is immediately terminated because of this.
      
      The splat when CONFIG_CFI_PERMISSIVE is used:
      
      [    5.916765] CFI failure (target: netvsc_start_xmit+0x0/0x10):
      [    5.916771] WARNING: CPU: 8 PID: 0 at kernel/cfi.c:29 __cfi_check_fail+0x2e/0x40
      [    5.916772] Modules linked in:
      [    5.916774] CPU: 8 PID: 0 Comm: swapper/8 Not tainted 5.7.0-rc3-next-20200424-microsoft-cbl-00001-ged4eb37d2c69-dirty #1
      [    5.916776] RIP: 0010:__cfi_check_fail+0x2e/0x40
      [    5.916777] Code: 48 c7 c7 70 98 63 a9 48 c7 c6 11 db 47 a9 e8 69 55 59 00 85 c0 75 02 5b c3 48 c7 c7 73 c6 43 a9 48 89 de 31 c0 e8 12 2d f0 ff <0f> 0b 5b c3 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 85 f6 74 25
      [    5.916778] RSP: 0018:ffffa803c0260b78 EFLAGS: 00010246
      [    5.916779] RAX: 712a1af25779e900 RBX: ffffffffa8cf7950 RCX: ffffffffa962cf08
      [    5.916779] RDX: ffffffffa9c36b60 RSI: 0000000000000082 RDI: ffffffffa9c36b5c
      [    5.916780] RBP: ffff8ffc4779c2c0 R08: 0000000000000001 R09: ffffffffa9c3c300
      [    5.916781] R10: 0000000000000151 R11: ffffffffa9c36b60 R12: ffff8ffe39084000
      [    5.916782] R13: ffffffffa8cf7950 R14: ffffffffa8d12cb0 R15: ffff8ffe39320140
      [    5.916784] FS:  0000000000000000(0000) GS:ffff8ffe3bc00000(0000) knlGS:0000000000000000
      [    5.916785] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [    5.916786] CR2: 00007ffef5749408 CR3: 00000002f4f5e000 CR4: 0000000000340ea0
      [    5.916787] Call Trace:
      [    5.916788]  <IRQ>
      [    5.916790]  __cfi_check+0x3ab58/0x450e0
      [    5.916793]  ? dev_hard_start_xmit+0x11f/0x160
      [    5.916795]  ? sch_direct_xmit+0xf2/0x230
      [    5.916796]  ? __dev_queue_xmit.llvm.11471227737707190958+0x69d/0x8e0
      [    5.916797]  ? neigh_resolve_output+0xdf/0x220
      [    5.916799]  ? neigh_connected_output.cfi_jt+0x8/0x8
      [    5.916801]  ? ip6_finish_output2+0x398/0x4c0
      [    5.916803]  ? nf_nat_ipv6_out+0x10/0xa0
      [    5.916804]  ? nf_hook_slow+0x84/0x100
      [    5.916807]  ? ip6_input_finish+0x8/0x8
      [    5.916807]  ? ip6_output+0x6f/0x110
      [    5.916808]  ? __ip6_local_out.cfi_jt+0x8/0x8
      [    5.916810]  ? mld_sendpack+0x28e/0x330
      [    5.916811]  ? ip_rt_bug+0x8/0x8
      [    5.916813]  ? mld_ifc_timer_expire+0x2db/0x400
      [    5.916814]  ? neigh_proxy_process+0x8/0x8
      [    5.916816]  ? call_timer_fn+0x3d/0xd0
      [    5.916817]  ? __run_timers+0x2a9/0x300
      [    5.916819]  ? rcu_core_si+0x8/0x8
      [    5.916820]  ? run_timer_softirq+0x14/0x30
      [    5.916821]  ? __do_softirq+0x154/0x262
      [    5.916822]  ? native_x2apic_icr_write+0x8/0x8
      [    5.916824]  ? irq_exit+0xba/0xc0
      [    5.916825]  ? hv_stimer0_vector_handler+0x99/0xe0
      [    5.916826]  ? hv_stimer0_callback_vector+0xf/0x20
      [    5.916826]  </IRQ>
      [    5.916828]  ? hv_stimer_global_cleanup.cfi_jt+0x8/0x8
      [    5.916829]  ? raw_setsockopt+0x8/0x8
      [    5.916830]  ? default_idle+0xe/0x10
      [    5.916832]  ? do_idle.llvm.10446269078108580492+0xb7/0x130
      [    5.916833]  ? raw_setsockopt+0x8/0x8
      [    5.916833]  ? cpu_startup_entry+0x15/0x20
      [    5.916835]  ? cpu_hotplug_enable.cfi_jt+0x8/0x8
      [    5.916836]  ? start_secondary+0x188/0x190
      [    5.916837]  ? secondary_startup_64+0xa5/0xb0
      [    5.916838] ---[ end trace f2683fa869597ba5 ]---
      
      Avoid this by using the right return type for netvsc_start_xmit.
      
      Fixes: fceaf24a ("Staging: hv: add the Hyper-V virtual network driver")
      Link: https://github.com/ClangBuiltLinux/linux/issues/1009Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Reviewed-by: default avatarHaiyang Zhang <haiyangz@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7fdc66de
    • David S. Miller's avatar
      Merge branch 'WoL-fixes-for-DP83822-and-DP83tc811' · 384649e7
      David S. Miller authored
      Dan Murphy says:
      
      ====================
      WoL fixes for DP83822 and DP83tc811
      
      The WoL feature for each device was enabled during boot or when the PHY was
      brought up which may be undesired.  These patches disable the WoL in the
      config_init.  The disabling and enabling of the WoL is now done though the
      set_wol call.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      384649e7
    • Dan Murphy's avatar
      net: phy: DP83TC811: Fix WoL in config init to be disabled · 6c599044
      Dan Murphy authored
      The WoL feature should be disabled when config_init is called and the
      feature should turned on or off  when set_wol is called.
      
      In addition updated the calls to modify the registers to use the set_bit
      and clear_bit function calls.
      
      Fixes: 6d749428788b ("net: phy: DP83TC811: Introduce support for the
      DP83TC811 phy")
      Signed-off-by: default avatarDan Murphy <dmurphy@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6c599044
    • Dan Murphy's avatar
      net: phy: DP83822: Fix WoL in config init to be disabled · 600ac36b
      Dan Murphy authored
      The WoL feature should be disabled when config_init is called and the
      feature should turned on or off  when set_wol is called.
      
      In addition updated the calls to modify the registers to use the set_bit
      and clear_bit function calls.
      
      Fixes: 3b427751a9d0 ("net: phy: DP83822 initial driver submission")
      Signed-off-by: default avatarDan Murphy <dmurphy@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      600ac36b