- 20 Mar, 2018 2 commits
-
-
Stefan Wahren authored
The commit "regulatory: add NUL to request alpha2" increases the length of alpha2 to 3. This causes a regression on brcmfmac, because brcmf_cfg80211_reg_notifier() expect valid ISO3166 codes in the complete array. So fix this accordingly. Fixes: 657308f7 ("regulatory: add NUL to request alpha2") Signed-off-by:
Stefan Wahren <stefan.wahren@i2se.com> Acked-by:
Franky Lin <franky.lin@broadcom.com> Signed-off-by:
Kalle Valo <kvalo@codeaurora.org>
-
Kalle Valo authored
Merge tag 'iwlwifi-for-kalle-2018-03-19' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes Fourth batch of iwlwifi fixes intended for 4.16: * a couple of fixes for channel-switch; * a few fixes for the aggregation handling code;
-
- 19 Mar, 2018 5 commits
-
-
Andrei Otcheretianski authored
When immediate quiet bit is set in CSA, the entire channel is blocked by the firmware. It is expected that all the MACs will evacuate the channel and the phy will be eventually either moved or removed. Currently, the phy context is just unreferenced and thus, the quiet bit is kept set and it will be impossible to TX on this phy, if we will need to reuse it in the future. This can be seen when doing a channel switch with mode=1 (quiet) twice from channel X to Y and then back to channel X. Fix that, by moving the phy context to a default channel when not referenced anymore. Signed-off-by:
Andrei Otcheretianski <andrei.otcheretianski@intel.com> Signed-off-by:
Luca Coelho <luciano.coelho@intel.com>
-
Avraham Stern authored
When starting aggregation, the code checks the status of the queue allocated to the aggregation tid, which might not yet be allocated and thus the queue index may be invalid. Fix this by reserving a new queue in case the queue id is invalid. While at it, clean up some unreachable code (a condition that is already handled earlier) and remove all the non-DQA comments since non-DQA mode is no longer supported. Fixes: cf961e16 ("iwlwifi: mvm: support dqa-mode agg on non-shared queue") Signed-off-by:
Avraham Stern <avraham.stern@intel.com> Signed-off-by:
-
Avraham Stern authored
If the driver failed to resume from D3, it is possible that it has no valid aux station. In such case, fw restart will end up in sending station related commands with an invalid station id, which will result in an assert. Fix this by allocating a new station id for the aux station if it does not have a valid id even in the case of fw restart. Signed-off-by:
-
Avraham Stern authored
When a queue is reserved for aggregation, the queue id is assigned to the tid_data. This is fine since iwl_mvm_sta_tx_agg_oper() takes care of allocating the queue before actual tx starts. When the reservation is cancelled (e.g. when the AP declined the aggregation request) the tid_data is not cleared. As a result, following tx for this tid was trying to use an unallocated queue. Fix this by setting the txq_id for the tid to invalid when unreserving the queue. Signed-off-by:
-
Andrei Otcheretianski authored
After switching to a new channel, driver schedules session protection time event in order to hear the beacon on the new channel. The duration of the protection is two beacon intervals. However, since we start to switch slightly before beacon with count 1, in case we don't hear (or AP doesn't transmit) the very first beacon on the new channel the protection ends without hearing any beacon at all. At this stage the switch is not complete, the queues are closed and the interface doesn't have quota yet or TBTT events. As the result, we are stuck forever waiting for iwl_mvm_post_channel_switch() to be called. Fix this by increasing the protection time to be 3 beacon intervals and in addition drop the connection if the time event ends before we got any beacon. Signed-off-by:
-
- 16 Mar, 2018 6 commits
-
-
Rafał Miłecki authored
Testing brcmfmac with more recent firmwares resulted in AP interfaces not working in some specific setups. Debugging resulted in discovering support for IAPP in Broadcom's firmwares. Older firmwares were only generating 802.11f frames. Newer ones like: 1) 10.10 (TOB) (r663589) 2) 10.10.122.20 (r683106) for 4366b1 and 4366c0 respectively seem to also /respect/ 802.11f frames in the Tx path by performing a STA disassociation. This obsoleted standard and its implementation is something that: 1) Most people don't need / want to use 2) Can allow local DoS attacks 3) Breaks AP interfaces in some specific bridge setups To solve issues it can cause this commit modifies brcmfmac to drop IAPP packets. If affects: 1) Rx path: driver won't be sending these unwanted packets up. 2) Tx path: driver will reject packets that would trigger STA disassociation perfromed by a firmware (possible local DoS attack). It appears there are some Broadcom's clients/users who care about this feature despite the drawbacks. They can switch it on using a new module param. This change results in only two more comparisons (check for module param and check for Ethernet packet length) for 99.9% of packets. Its overhead should be very minimal. Signed-off-by:
Rafał Miłecki <rafal@milecki.pl> Acked-by:
Arend van Spriel <arend.vanspriel@broadcom.com> Signed-off-by:
-
Kalle Valo authored
Merge tag 'iwlwifi-for-kalle-2018-03-16' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes Third batch of iwlwifi fixes intended for 4.16: * Fix an issue with the multicast queue; * Fix IGTK handling; * Fix some missing return value checks; * Add support for a HW workaround for issues on some platforms;
-
Luca Coelho authored
Some devices use a shared clock which is very sensitive to variations and cause trouble in some situations. We need to set a bit in the phy configuration to indicate that to the FW. To make this generic, add a extra_phy_config_flags element to the device configuration and OR it into the phy_cfg before sending it to the firmware. And also create a set of configurations for devices that use shared clocks and need this extra bit to be set. Fixes: c62446d2 ("iwlwifi: add new 9460 series PCI IDs") Signed-off-by:
-
Johannes Berg authored
The earlier patch called the station add functions but didn't assign their return value to the ret variable, so that the checks for it were meaningless. Fix that. Found by smatch: .../mac80211.c:2560 iwl_mvm_start_ap_ibss() warn: we tested 'ret' before and it was 'false' .../mac80211.c:2563 iwl_mvm_start_ap_ibss() warn: we tested 'ret' before and it was 'false' Fixes: 3a89411cd31c ("iwlwifi: mvm: fix assert 0x2B00 on older FWs") Signed-off-by:Johannes Berg <johannes.berg@intel.com> Signed-off-by:
-
Beni Lev authored
Currently when an IGTK is set for an AP, it is set as a regular key. Since the cipher is set to CMAC, the STA_KEY_FLG_EXT flag is added to the host command, which causes assert 0x253D on NICs that do not support this. Fixes: 85aeb58c ("iwlwifi: mvm: Enable security on new TX API") Signed-off-by:
Beni Lev <beni.lev@intel.com> Signed-off-by:
-
Emmanuel Grumbach authored
The tid being used for the queue (cab_queue) for the MCAST station has been changed recently to be 0 (for BE). The flush path still flushed only the special tid (15) which means that the firmware wasn't flushing the right queue and we could get a firmware crash upon remove station if we had an MCAST packet on the ring. The current code that flushes queues for a station only differentiates between internal stations (stations that aren't instantiated in mac80211, like the MCAST station) and the non-internal ones. Internal stations can be either: BCAST (beacons), MCAST (for cab_queue), GENERAL_PURPOSE (p2p dev, and sniffer injection). The internal stations can use different tids. To make the code simpler, just flush all the tids always and add the special internal tid (15) for internal stations. The firmware will know how to handle this even if we hadn't any queue mapped that that tid. Fixes: e340c1a6ef4b ("iwlwifi: mvm: Correctly set the tid for mcast queue") Signed-off-by:Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by:
-
- 09 Mar, 2018 15 commits
-
-
David S. Miller authored
William Tu says: ==================== a couple of erspan fixes The series fixes a couple of erspan issues. The first patch adds the erspan v2 proto type to the ip6 tunnel lookup. The second patch improves the error handling when users screws the version number in metadata. The final patch makes sure the skb has enough headroom for pushing erspan header when xmit. ==================== Signed-off-by:David S. Miller <davem@davemloft.net>
-
William Tu authored
The patch adds skb_cow_header() to ensure enough headroom at ip6erspan_tunnel_xmit before pushing the erspan header to the skb. Signed-off-by:
William Tu <u9012063@gmail.com> Signed-off-by:
-
William Tu authored
When users fill in incorrect erspan version number through the struct erspan_metadata uapi, current code skips pushing the erspan header but continue pushing the gre header, which is incorrect. The patch fixes it by returning error. Signed-off-by:
-
William Tu authored
The patch adds the erspan v2 proto in ip6gre_tunnel_lookup so the erspan v2 tunnel can be found correctly. Signed-off-by:
-
David S. Miller authored
Ido Schimmel says: ==================== mlxsw: ACL and mirroring fixes The first patch fixes offload of rules using the 'pass' action. Instead of continuing to evaluate lower priority rules, the binding is terminated and the packet proceeds to the bridge and router blocks on ingress, or goes out of the port on egress. Second patch prevents the user from mirroring more than once from a given {Port, Direction} as this is not supported by the device. ==================== Signed-off-by: -
Petr Machata authored
The Spectrum ASIC doesn't support mirroring more than once from a single binding point (which is a port-direction pair). Therefore detect that a second binding of a given binding point is attempted. To that end, extend struct mlxsw_sp_span_inspected_port to track whether a given binding point is bound or not. Extend mlxsw_sp_span_entry_port_find() to look for ports based on the full unique key: port number, direction, and boundness. Besides fixing the overt bug where configured mirrors are not offloaded, this also fixes a more subtle bug: mlxsw_sp_span_inspected_port_del() just defers to mlxsw_sp_span_entry_bound_port_find(), and that used to find the first port with the right number (disregarding the type). Thus by adding and removing egress and ingress mirrors in the right order, one could trick the system into believing it has no egress mirrors when in fact it did have some. That then caused that mlxsw_sp_span_port_mtu_update() didn't update mirroring buffer when MTU was changed. Fixes: 763b4b70 ("mlxsw: spectrum: Add support in matchall mirror TC offloading") Signed-off-by:
Petr Machata <petrm@mellanox.com> Signed-off-by:
Ido Schimmel <idosch@mellanox.com> Signed-off-by:
-
Jiri Pirko authored
For ok GACT action, TERMINATE binding_cmd should be used in action set passed down to HW. Fixes: b2925957 ("mlxsw: spectrum_flower: Offload "ok" termination action") Signed-off-by:
Jiri Pirko <jiri@mellanox.com> Reported-by:
Alexander Petrovskiy <alexpe@mellanox.com> Signed-off-by:
-
David S. Miller authored
Jason Wang says: ==================== Several fixes for vhost_net ptr_ring usage This small series try to fix several bugs of ptr_ring usage in vhost_net. Please review. ==================== Signed-off-by: -
Jason Wang authored
After commit fc72d1d5 ("tuntap: XDP transmission"), we can actually queueing XDP pointers in the pointer ring, so we should examine the pointer type before freeing the pointer. Fixes: fc72d1d5 ("tuntap: XDP transmission") Reported-by:
Michael S. Tsirkin <mst@redhat.com> Acked-by:
Jason Wang <jasowang@redhat.com> Signed-off-by:
-
Jason Wang authored
We get pointer ring from the exported sock, this means we should keep rx_ring and vq->private synced during both vq stop and backend set, otherwise we may see stale rx_ring. Fixes: c67df11f ("vhost_net: try batch dequing from skb array") Signed-off-by:
-
Alexander Potapenko authored
KMSAN reported a use of uninit memory in vhost_net_buf_unproduce() while trying to access n->vqs[VHOST_NET_VQ_TX].rx_ring: ================================================================== BUG: KMSAN: use of uninitialized memory in vhost_net_buf_unproduce+0x7bb/0x9a0 drivers/vho et.c:170 CPU: 0 PID: 3021 Comm: syz-fuzzer Not tainted 4.16.0-rc4+ #3853 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x1f0 mm/kmsan/kmsan.c:1093 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676 vhost_net_buf_unproduce+0x7bb/0x9a0 drivers/vhost/net.c:170 vhost_net_stop_vq drivers/vhost/net.c:974 [inline] vhost_net_stop+0x146/0x380 drivers/vhost/net.c:982 vhost_net_release+0xb1/0x4f0 drivers/vhost/net.c:1015 __fput+0x49f/0xa00 fs/file_table.c:209 ____fput+0x37/0x40 fs/file_table.c:243 task_work_run+0x243/0x2c0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:191 [inline] exit_to_usermode_loop arch/x86/entry/common.c:166 [inline] prepare_exit_to_usermode+0x349/0x3b0 arch/x86/entry/common.c:196 syscall_return_slowpath+0xf3/0x6d0 arch/x86/entry/common.c:265 do_syscall_64+0x34d/0x450 arch/x86/entry/common.c:292 ... origin: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:303 [inline] kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:213 kmsan_kmalloc_large+0x6f/0xd0 mm/kmsan/kmsan.c:392 kmalloc_large_node_hook mm/slub.c:1366 [inline] kmalloc_large_node mm/slub.c:3808 [inline] __kmalloc_node+0x100e/0x1290 mm/slub.c:3818 kmalloc_node include/linux/slab.h:554 [inline] kvmalloc_node+0x1a5/0x2e0 mm/util.c:419 kvmalloc include/linux/mm.h:541 [inline] vhost_net_open+0x64/0x5f0 drivers/vhost/net.c:921 misc_open+0x7b5/0x8b0 drivers/char/misc.c:154 chrdev_open+0xc28/0xd90 fs/char_dev.c:417 do_dentry_open+0xccb/0x1430 fs/open.c:752 vfs_open+0x272/0x2e0 fs/open.c:866 do_last fs/namei.c:3378 [inline] path_openat+0x49ad/0x6580 fs/namei.c:3519 do_filp_open+0x267/0x640 fs/namei.c:3553 do_sys_open+0x6ad/0x9c0 fs/open.c:1059 SYSC_openat+0xc7/0xe0 fs/open.c:1086 SyS_openat+0x63/0x90 fs/open.c:1080 do_syscall_64+0x2f1/0x450 arch/x86/entry/common.c:287 ================================================================== Fixes: c67df11f ("vhost_net: try batch dequing from skb array") Signed-off-by:
Alexander Potapenko <glider@google.com> Signed-off-by:
-
Kunihiko Hayashi authored
This enables AVE_GI_RXDROP interrupt factor. This factor indicates depletion of Rx descriptors and the handler counts the number of dropped packets. Signed-off-by:
Kunihiko Hayashi <hayashi.kunihiko@socionext.com> Signed-off-by:
-
Daniel Axtens authored
As well as the basic conversion, I noticed that a lot of the SCTP code checks gso_type without first checking skb_is_gso() so I have added that where appropriate. Also, document the helper. Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by:
Daniel Axtens <dja@axtens.net> Signed-off-by:
-
Eric Dumazet authored
A tun device type can trivially be set to arbitrary value using TUNSETLINK ioctl(). Therefore, lowpan_device_event() must really check that ieee802154_ptr is not NULL. Fixes: 2c88b528 ("ieee802154: 6lowpan: remove check on null") Signed-off-by:
Eric Dumazet <edumazet@google.com> Cc: Alexander Aring <alex.aring@gmail.com> Cc: Stefan Schmidt <stefan@osg.samsung.com> Reported-by:
syzbot <syzkaller@googlegroups.com> Acked-by:
Stefan Schmidt <stefan@osg.samsung.com> Signed-off-by:
-
Lorenzo Bianconi authored
Fix the following slab-out-of-bounds kasan report in ndisc_fill_redirect_hdr_option when the incoming ipv6 packet is not linear and the accessed data are not in the linear data region of orig_skb. [ 1503.122508] ================================================================== [ 1503.122832] BUG: KASAN: slab-out-of-bounds in ndisc_send_redirect+0x94e/0x990 [ 1503.123036] Read of size 1184 at addr ffff8800298ab6b0 by task netperf/1932 [ 1503.123220] CPU: 0 PID: 1932 Comm: netperf Not tainted 4.16.0-rc2+ #124 [ 1503.123347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-2.fc27 04/01/2014 [ 1503.123527] Call Trace: [ 1503.123579] <IRQ> [ 1503.123638] print_address_description+0x6e/0x280 [ 1503.123849] kasan_report+0x233/0x350 [ 1503.123946] memcpy+0x1f/0x50 [ 1503.124037] ndisc_send_redirect+0x94e/0x990 [ 1503.125150] ip6_forward+0x1242/0x13b0 [...] [ 1503.153890] Allocated by task 1932: [ 1503.153982] kasan_kmalloc+0x9f/0xd0 [ 1503.154074] __kmalloc_track_caller+0xb5/0x160 [ 1503.154198] __kmalloc_reserve.isra.41+0x24/0x70 [ 1503.154324] __alloc_skb+0x130/0x3e0 [ 1503.154415] sctp_packet_transmit+0x21a/0x1810 [ 1503.154533] sctp_outq_flush+0xc14/0x1db0 [ 1503.154624] sctp_do_sm+0x34e/0x2740 [ 1503.154715] sctp_primitive_SEND+0x57/0x70 [ 1503.154807] sctp_sendmsg+0xaa6/0x1b10 [ 1503.154897] sock_sendmsg+0x68/0x80 [ 1503.154987] ___sys_sendmsg+0x431/0x4b0 [ 1503.155078] __sys_sendmsg+0xa4/0x130 [ 1503.155168] do_syscall_64+0x171/0x3f0 [ 1503.155259] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1503.155436] Freed by task 1932: [ 1503.155527] __kasan_slab_free+0x134/0x180 [ 1503.155618] kfree+0xbc/0x180 [ 1503.155709] skb_release_data+0x27f/0x2c0 [ 1503.155800] consume_skb+0x94/0xe0 [ 1503.155889] sctp_chunk_put+0x1aa/0x1f0 [ 1503.155979] sctp_inq_pop+0x2f8/0x6e0 [ 1503.156070] sctp_assoc_bh_rcv+0x6a/0x230 [ 1503.156164] sctp_inq_push+0x117/0x150 [ 1503.156255] sctp_backlog_rcv+0xdf/0x4a0 [ 1503.156346] __release_sock+0x142/0x250 [ 1503.156436] release_sock+0x80/0x180 [ 1503.156526] sctp_sendmsg+0xbb0/0x1b10 [ 1503.156617] sock_sendmsg+0x68/0x80 [ 1503.156708] ___sys_sendmsg+0x431/0x4b0 [ 1503.156799] __sys_sendmsg+0xa4/0x130 [ 1503.156889] do_syscall_64+0x171/0x3f0 [ 1503.156980] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1503.157158] The buggy address belongs to the object at ffff8800298ab600 which belongs to the cache kmalloc-1024 of size 1024 [ 1503.157444] The buggy address is located 176 bytes inside of 1024-byte region [ffff8800298ab600, ffff8800298aba00) [ 1503.157702] The buggy address belongs to the page: [ 1503.157820] page:ffffea0000a62a00 count:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0 [ 1503.158053] flags: 0x4000000000008100(slab|head) [ 1503.158171] raw: 4000000000008100 0000000000000000 0000000000000000 00000001800e000e [ 1503.158350] raw: dead000000000100 dead000000000200 ffff880036002600 0000000000000000 [ 1503.158523] page dumped because: kasan: bad access detected [ 1503.158698] Memory state around the buggy address: [ 1503.158816] ffff8800298ab900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1503.158988] ffff8800298ab980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1503.159165] >ffff8800298aba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1503.159338] ^ [ 1503.159436] ffff8800298aba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1503.159610] ffff8800298abb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1503.159785] ================================================================== [ 1503.159964] Disabling lock debugging due to kernel taint The test scenario to trigger the issue consists of 4 devices: - H0: data sender, connected to LAN0 - H1: data receiver, connected to LAN1 - GW0 and GW1: routers between LAN0 and LAN1. Both of them have an ethernet connection on LAN0 and LAN1 On H{0,1} set GW0 as default gateway while on GW0 set GW1 as next hop for data from LAN0 to LAN1. Moreover create an ip6ip6 tunnel between H0 and H1 and send 3 concurrent data streams (TCP/UDP/SCTP) from H0 to H1 through ip6ip6 tunnel (send buffer size is set to 16K). While data streams are active flush the route cache on HA multiple times. I have not been able to identify a given commit that introduced the issue since, using the reproducer described above, the kasan report has been triggered from 4.14 and I have not gone back further. Reported-by:Jianlin Shi <jishi@redhat.com> Reviewed-by:
Stefano Brivio <sbrivio@redhat.com> Reviewed-by:
Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Signed-off-by:
-
- 08 Mar, 2018 9 commits
-
-
David S. Miller authored
Stephen Hemminger says: ==================== hv_netvsc: fix multicast flags and sync This set of patches deals with the handling of multicast flags and addresses in transparent VF mode. The recent set of patches (in linux-net) had a couple of bugs. ==================== Signed-off-by: -
Stephen Hemminger authored
The dev_uc/mc_sync calls need to have the device address list locked. This was spotted by running with lockdep enabled. Fixes: bee9d41b ("hv_netvsc: propagate rx filters to VF") Signed-off-by:
Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by:
-
Stephen Hemminger authored
The rx_mode operation handler is different than other callbacks in that is not always called with rtnl held. Therefore use RCU to ensure that references are valid. Fixes: bee9d41b ("hv_netvsc: propagate rx filters to VF") Signed-off-by:
-
Stephen Hemminger authored
The netvsc driver can get repeated calls to netvsc_rx_mode during network setup; each of these calls ends up scheduling the lower layers to update tha packet filter. This update requires an request/response to the host. So avoid doing this if we already know that the correct packet filter value is set. Signed-off-by:
-
Stephen Hemminger authored
The recent change to not always enable all multicast and broadcast was broken; meant to set filter, not change flags. Fixes: 009f766c ("hv_netvsc: filter multicast/broadcast") Signed-off-by:
-
David S. Miller authored
Merge tag 'wireless-drivers-for-davem-2018-03-08' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo: ==================== wireless-drivers fixes for 4.16 Quote a few fixes as I have not been able to send a pull request earlier. Most of the fixes for iwlwifi but also few others, nothing really standing out though. iwlwifi * fix a bogus warning when freeing a TFD * fix severe throughput problem with 9000 series * fix for a bug that caused queue hangs in certain situations * fix for an issue with IBSS * fix an issue with rate-scaling in AP-mode * fix Channel Switch Announcement (CSA) issues with count 0 and 1 * some firmware debugging fixes * remov a wrong error message when removing keys * fix a firmware sysassert most usually triggered in IBSS * a couple of fixes on multicast queues * a fix with CCMP 256 rtlwifi * fix loss of signal for rtl8723be brcmfmac * add possibility to obtain firmware error * fix P2P_DEVICE ethernet address generation ==================== Signed-off-by:
-
Daniel Axtens authored
Pretty minor: just SKB_GSO_TCP -> SKB_GSO_TCPV4 and SKB_GSO_TCP6 -> SKB_GSO_TCPV6. Signed-off-by: -
Arkadi Sharshevsky authored
The __send_and_alloc_skb() receives a skb ptr as a parameter but in case it fails the skb is not valid: - Send failed and released the skb internally. - Allocation failed. The current code tries to release the skb in case of failure which causes redundant freeing. Fixes: 9b00cf2d ("team: implement multipart netlink messages for options transfers") Signed-off-by:
Arkadi Sharshevsky <arkadis@mellanox.com> Acked-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpfDavid S. Miller authored
Daniel Borkmann says: ==================== pull-request: bpf 2018-03-08 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Fix various BPF helpers which adjust the skb and its GSO information with regards to SCTP GSO. The latter is a special case where gso_size is of value GSO_BY_FRAGS, so mangling that will end up corrupting the skb, thus bail out when seeing SCTP GSO packets, from Daniel(s). 2) Fix a compilation error in bpftool where BPF_FS_MAGIC is not defined due to too old kernel headers in the system, from Jiri. 3) Increase the number of x64 JIT passes in order to allow larger images to converge instead of punting them to interpreter or having them rejected when the interpreter is not built into the kernel, from Daniel. ==================== Signed-off-by:
-
- 07 Mar, 2018 3 commits
-
-
Daniel Borkmann authored
In Cilium some of the main programs we run today are hitting 9 passes on x64's JIT compiler, and we've had cases already where we surpassed the limit where the JIT then punts the program to the interpreter instead, leading to insertion failures due to CONFIG_BPF_JIT_ALWAYS_ON or insertion failures due to the prog array owner being JITed but the program to insert not (both must have the same JITed/non-JITed property). One concrete case the program image shrunk from 12,767 bytes down to 10,288 bytes where the image converged after 16 steps. I've measured that this took 340us in the JIT until it converges on my i7-6600U. Thus, increase the original limit we had from day one where the JIT covered cBPF only back then before we run into the case (as similar with the complexity limit) where we trip over this and hit program rejections. Also add a cond_resched() into the compilation loop, the JIT process runs without any locks and may sleep anyway. Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Acked-by:
Alexei Starovoitov <ast@kernel.org> Reviewed-by:
-
Ganesh Goudar authored
Do not set 'needs_free_netdev' as we do call free_netdev for mgmt net devices, doing both hits BUG_ON. Signed-off-by:
Ganesh Goudar <ganeshgr@chelsio.com> Signed-off-by:
-
Ganesh Goudar authored
instantiation of VF's on different adapters fails, copy adapter index and chip type to PF0-3 adapter instances to fix the issue. Signed-off-by:
-
