1. 24 Jan, 2018 13 commits
    • David S. Miller's avatar
      Merge branch 'qed-rdma-bug-fixes' · ee45bea4
      David S. Miller authored
      Michal Kalderon says:
      
      ====================
      qed: rdma bug fixes
      
      This patch contains two small bug fixes related to RDMA.
      Both related to resource reservations.
      ====================
      Signed-off-by: default avatarMichal Kalderon <Michal.Kalderon@cavium.com>
      Signed-off-by: default avatarAriel Elior <Ariel.Elior@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ee45bea4
    • Michal Kalderon's avatar
      qed: Free reserved MR tid · 1fe280a0
      Michal Kalderon authored
      A tid was allocated for reserved MR during initialization but
      not freed. This lead to an annoying output message during
      rdma unload flow.
      Signed-off-by: default avatarMichal Kalderon <Michal.Kalderon@cavium.com>
      Signed-off-by: default avatarAriel Elior <Ariel.Elior@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1fe280a0
    • Michal Kalderon's avatar
      qed: Remove reserveration of dpi for kernel · 4de49474
      Michal Kalderon authored
      Double reservation for kernel dedicated dpi was performed.
      Once in the core module and once in qedr.
      Remove the reservation from core.
      Signed-off-by: default avatarMichal Kalderon <Michal.Kalderon@cavium.com>
      Signed-off-by: default avatarAriel Elior <Ariel.Elior@cavium.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4de49474
    • David S. Miller's avatar
      Merge branch 'kcm-fix-two-syzcaller-issues' · 88d1d76d
      David S. Miller authored
      Tom Herbert says:
      
      ====================
      kcm: fix two syzcaller issues
      
      In this patch set:
      
      - Don't allow attaching non-TCP or listener sockets to a KCM mux.
      - In kcm_attach Check if sk_user_data is already set. This is
        under lock to avoid race conditions. More work is need to make
        all of the users of sk_user_data to use the same locking.
      
      - v2
        Remove unncessary check for not PF_KCM in kcm_attach (suggested by
        Guillaume Nault)
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      88d1d76d
    • Tom Herbert's avatar
      kcm: Check if sk_user_data already set in kcm_attach · e5571240
      Tom Herbert authored
      This is needed to prevent sk_user_data being overwritten.
      The check is done under the callback lock. This should prevent
      a socket from being attached twice to a KCM mux. It also prevents
      a socket from being attached for other use cases of sk_user_data
      as long as the other cases set sk_user_data under the lock.
      Followup work is needed to unify all the use cases of sk_user_data
      to use the same locking.
      
      Reported-by: syzbot+114b15f2be420a8886c3@syzkaller.appspotmail.com
      Fixes: ab7ac4eb ("kcm: Kernel Connection Multiplexor module")
      Signed-off-by: default avatarTom Herbert <tom@quantonium.net>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e5571240
    • Tom Herbert's avatar
      kcm: Only allow TCP sockets to be attached to a KCM mux · 581e7226
      Tom Herbert authored
      TCP sockets for IPv4 and IPv6 that are not listeners or in closed
      stated are allowed to be attached to a KCM mux.
      
      Fixes: ab7ac4eb ("kcm: Kernel Connection Multiplexor module")
      Reported-by: syzbot+8865eaff7f9acd593945@syzkaller.appspotmail.com
      Signed-off-by: default avatarTom Herbert <tom@quantonium.net>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      581e7226
    • Wolfgang Bumiller's avatar
      net: sched: fix TCF_LAYER_LINK case in tcf_get_base_ptr · d3303a65
      Wolfgang Bumiller authored
      TCF_LAYER_LINK and TCF_LAYER_NETWORK returned the same pointer as
      skb->data points to the network header.
      Use skb_mac_header instead.
      Signed-off-by: default avatarWolfgang Bumiller <w.bumiller@proxmox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d3303a65
    • Wolfgang Bumiller's avatar
      net: sched: em_nbyte: don't add the data offset twice · 560a6607
      Wolfgang Bumiller authored
      'ptr' is shifted by the offset and then validated,
      the memcmp should not add it a second time.
      Signed-off-by: default avatarWolfgang Bumiller <w.bumiller@proxmox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      560a6607
    • Yuval Mintz's avatar
      mlxsw: spectrum_router: Don't log an error on missing neighbor · 1ecdaea0
      Yuval Mintz authored
      Driver periodically samples all neighbors configured in device
      in order to update the kernel regarding their state. When finding
      an entry configured in HW that doesn't show in neigh_lookup()
      driver logs an error message.
      This introduces a race when removing multiple neighbors -
      it's possible that a given entry would still be configured in HW
      as its removal is still being processed but is already removed
      from the kernel's neighbor tables.
      
      Simply remove the error message and gracefully accept such events.
      
      Fixes: c723c735 ("mlxsw: spectrum_router: Periodically update the kernel's neigh table")
      Fixes: 60f040ca ("mlxsw: spectrum_router: Periodically dump active IPv6 neighbours")
      Signed-off-by: default avatarYuval Mintz <yuvalm@mellanox.com>
      Reviewed-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1ecdaea0
    • David S. Miller's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec · 97edf7c5
      David S. Miller authored
      Steffen Klassert says:
      
      ====================
      pull request (net): ipsec 2018-01-24
      
      1) Only offloads SAs after they are fully initialized.
         Otherwise a NIC may receive packets on a SA we can
         not yet handle in the stack.
         From Yossi Kuperman.
      
      2) Fix negative refcount in case of a failing offload.
         From Aviad Yehezkel.
      
      3) Fix inner IP ptoro version when decapsulating
         from interaddress family tunnels.
         From Yossi Kuperman.
      
      4) Use true or false for boolean variables instead of an
         integer value in xfrm_get_type_offload.
         From Gustavo A. R. Silva.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      97edf7c5
    • Neil Horman's avatar
      vmxnet3: repair memory leak · 848b1598
      Neil Horman authored
      with the introduction of commit
      b0eb57cb, it appears that rq->buf_info
      is improperly handled.  While it is heap allocated when an rx queue is
      setup, and freed when torn down, an old line of code in
      vmxnet3_rq_destroy was not properly removed, leading to rq->buf_info[0]
      being set to NULL prior to its being freed, causing a memory leak, which
      eventually exhausts the system on repeated create/destroy operations
      (for example, when  the mtu of a vmxnet3 interface is changed
      frequently.
      
      Fix is pretty straight forward, just move the NULL set to after the
      free.
      
      Tested by myself with successful results
      
      Applies to net, and should likely be queued for stable, please
      Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Reported-By: boyang@redhat.com
      CC: boyang@redhat.com
      CC: Shrikrishna Khare <skhare@vmware.com>
      CC: "VMware, Inc." <pv-drivers@vmware.com>
      CC: David S. Miller <davem@davemloft.net>
      Acked-by: default avatarShrikrishna Khare <skhare@vmware.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      848b1598
    • Ben Hutchings's avatar
      ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL · e9191ffb
      Ben Hutchings authored
      Commit 513674b5 ("net: reevalulate autoflowlabel setting after
      sysctl setting") removed the initialisation of
      ipv6_pinfo::autoflowlabel and added a second flag to indicate
      whether this field or the net namespace default should be used.
      
      The getsockopt() handling for this case was not updated, so it
      currently returns 0 for all sockets for which IPV6_AUTOFLOWLABEL is
      not explicitly enabled.  Fix it to return the effective value, whether
      that has been set at the socket or net namespace level.
      
      Fixes: 513674b5 ("net: reevalulate autoflowlabel setting after sysctl ...")
      Signed-off-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e9191ffb
    • Guillaume Nault's avatar
      pppoe: take ->needed_headroom of lower device into account on xmit · 02612bb0
      Guillaume Nault authored
      In pppoe_sendmsg(), reserving dev->hard_header_len bytes of headroom
      was probably fine before the introduction of ->needed_headroom in
      commit f5184d26 ("net: Allow netdevices to specify needed head/tailroom").
      
      But now, virtual devices typically advertise the size of their overhead
      in dev->needed_headroom, so we must also take it into account in
      skb_reserve().
      Allocation size of skb is also updated to take dev->needed_tailroom
      into account and replace the arbitrary 32 bytes with the real size of
      a PPPoE header.
      
      This issue was discovered by syzbot, who connected a pppoe socket to a
      gre device which had dev->header_ops->create == ipgre_header and
      dev->hard_header_len == 0. Therefore, PPPoE didn't reserve any
      headroom, and dev_hard_header() crashed when ipgre_header() tried to
      prepend its header to skb->data.
      
      skbuff: skb_under_panic: text:000000001d390b3a len:31 put:24
      head:00000000d8ed776f data:000000008150e823 tail:0x7 end:0xc0 dev:gre0
      ------------[ cut here ]------------
      kernel BUG at net/core/skbuff.c:104!
      invalid opcode: 0000 [#1] SMP KASAN
      Dumping ftrace buffer:
          (ftrace buffer empty)
      Modules linked in:
      CPU: 1 PID: 3670 Comm: syzkaller801466 Not tainted
      4.15.0-rc7-next-20180115+ #97
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
      Google 01/01/2011
      RIP: 0010:skb_panic+0x162/0x1f0 net/core/skbuff.c:100
      RSP: 0018:ffff8801d9bd7840 EFLAGS: 00010282
      RAX: 0000000000000083 RBX: ffff8801d4f083c0 RCX: 0000000000000000
      RDX: 0000000000000083 RSI: 1ffff1003b37ae92 RDI: ffffed003b37aefc
      RBP: ffff8801d9bd78a8 R08: 1ffff1003b37ae8a R09: 0000000000000000
      R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff86200de0
      R13: ffffffff84a981ad R14: 0000000000000018 R15: ffff8801d2d34180
      FS:  00000000019c4880(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00000000208bc000 CR3: 00000001d9111001 CR4: 00000000001606e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
        skb_under_panic net/core/skbuff.c:114 [inline]
        skb_push+0xce/0xf0 net/core/skbuff.c:1714
        ipgre_header+0x6d/0x4e0 net/ipv4/ip_gre.c:879
        dev_hard_header include/linux/netdevice.h:2723 [inline]
        pppoe_sendmsg+0x58e/0x8b0 drivers/net/ppp/pppoe.c:890
        sock_sendmsg_nosec net/socket.c:630 [inline]
        sock_sendmsg+0xca/0x110 net/socket.c:640
        sock_write_iter+0x31a/0x5d0 net/socket.c:909
        call_write_iter include/linux/fs.h:1775 [inline]
        do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653
        do_iter_write+0x154/0x540 fs/read_write.c:932
        vfs_writev+0x18a/0x340 fs/read_write.c:977
        do_writev+0xfc/0x2a0 fs/read_write.c:1012
        SYSC_writev fs/read_write.c:1085 [inline]
        SyS_writev+0x27/0x30 fs/read_write.c:1082
        entry_SYSCALL_64_fastpath+0x29/0xa0
      
      Admittedly PPPoE shouldn't be allowed to run on non Ethernet-like
      interfaces, but reserving space for ->needed_headroom is a more
      fundamental issue that needs to be addressed first.
      
      Same problem exists for __pppoe_xmit(), which also needs to take
      dev->needed_headroom into account in skb_cow_head().
      
      Fixes: f5184d26 ("net: Allow netdevices to specify needed head/tailroom")
      Reported-by: syzbot+ed0838d0fa4c4f2b528e20286e6dc63effc7c14d@syzkaller.appspotmail.com
      Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Reviewed-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      02612bb0
  2. 23 Jan, 2018 4 commits
  3. 22 Jan, 2018 18 commits
  4. 21 Jan, 2018 5 commits