1. 27 Sep, 2019 19 commits
  2. 26 Sep, 2019 12 commits
    • David S. Miller's avatar
      Merge tag 'wireless-drivers-for-davem-2019-09-26' of... · 5a2a828d
      David S. Miller authored
      Merge tag 'wireless-drivers-for-davem-2019-09-26' of https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
      
      Kalle Valo says:
      
      ====================
      wireless-drivers fixes for 5.4
      
      First set of fixes for 5.4 sent during the merge window. Most are
      regressions fixes but the mt7615 problem has been since it was merged.
      
      iwlwifi
      
      * fix a build regression related CONFIG_THERMAL
      
      * avoid using GEO_TX_POWER_LIMIT command on certain firmware versions
      
      rtw88
      
      * fixes for skb leaks
      
      zd1211rw
      
      * fix a compiler warning on 32 bit
      
      mt76
      
      * fix the firmware paths for mt7615 to match with linux-firmware
      
      wil6210
      
      * fix use of skb after free
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5a2a828d
    • Jason A. Donenfeld's avatar
      ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule · ca7a03c4
      Jason A. Donenfeld authored
      Commit 7d9e5f42 removed references from certain dsts, but accounting
      for this never translated down into the fib6 suppression code. This bug
      was triggered by WireGuard users who use wg-quick(8), which uses the
      "suppress-prefix" directive to ip-rule(8) for routing all of their
      internet traffic without routing loops. The test case added here
      causes the reference underflow by causing packets to evaluate a suppress
      rule.
      
      Fixes: 7d9e5f42 ("ipv6: convert major tx path to use RT6_LOOKUP_F_DST_NOREF")
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Acked-by: default avatarWei Wang <weiwan@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ca7a03c4
    • Li RongQing's avatar
      openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC · ea8564c8
      Li RongQing authored
      userspace openvswitch patch "(dpif-linux: Implement the API
      functions to allow multiple handler threads read upcall)"
      changes its type from U32 to UNSPEC, but leave the kernel
      unchanged
      
      and after kernel 6e237d09 "(netlink: Relax attr validation
      for fixed length types)", this bug is exposed by the below
      warning
      
      	[   57.215841] netlink: 'ovs-vswitchd': attribute type 5 has an invalid length.
      
      Fixes: 5cd667b0 ("openvswitch: Allow each vport to have an array of 'port_id's")
      Signed-off-by: default avatarLi RongQing <lirongqing@baidu.com>
      Acked-by: default avatarPravin B Shelar <pshelar@ovn.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ea8564c8
    • Biju Das's avatar
      dt-bindings: net: ravb: Add support for r8a774b1 SoC · c1d419d0
      Biju Das authored
      Document RZ/G2N (R8A774B1) SoC bindings.
      Signed-off-by: default avatarBiju Das <biju.das@bp.renesas.com>
      Reviewed-by: default avatarSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c1d419d0
    • Thierry Reding's avatar
      net: stmmac: Fix page pool size · 4f28bd95
      Thierry Reding authored
      The size of individual pages in the page pool in given by an order. The
      order is the binary logarithm of the number of pages that make up one of
      the pages in the pool. However, the driver currently passes the number
      of pages rather than the order, so it ends up wasting quite a bit of
      memory.
      
      Fix this by taking the binary logarithm and passing that in the order
      field.
      
      Fixes: 2af6106a ("net: stmmac: Introducing support for Page Pool")
      Signed-off-by: default avatarThierry Reding <treding@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4f28bd95
    • Xin Long's avatar
      macsec: drop skb sk before calling gro_cells_receive · ba56d8ce
      Xin Long authored
      Fei Liu reported a crash when doing netperf on a topo of macsec
      dev over veth:
      
        [  448.919128] refcount_t: underflow; use-after-free.
        [  449.090460] Call trace:
        [  449.092895]  refcount_sub_and_test+0xb4/0xc0
        [  449.097155]  tcp_wfree+0x2c/0x150
        [  449.100460]  ip_rcv+0x1d4/0x3a8
        [  449.103591]  __netif_receive_skb_core+0x554/0xae0
        [  449.108282]  __netif_receive_skb+0x28/0x78
        [  449.112366]  netif_receive_skb_internal+0x54/0x100
        [  449.117144]  napi_gro_complete+0x70/0xc0
        [  449.121054]  napi_gro_flush+0x6c/0x90
        [  449.124703]  napi_complete_done+0x50/0x130
        [  449.128788]  gro_cell_poll+0x8c/0xa8
        [  449.132351]  net_rx_action+0x16c/0x3f8
        [  449.136088]  __do_softirq+0x128/0x320
      
      The issue was caused by skb's true_size changed without its sk's
      sk_wmem_alloc increased in tcp/skb_gro_receive(). Later when the
      skb is being freed and the skb's truesize is subtracted from its
      sk's sk_wmem_alloc in tcp_wfree(), underflow occurs.
      
      macsec is calling gro_cells_receive() to receive a packet, which
      actually requires skb->sk to be NULL. However when macsec dev is
      over veth, it's possible the skb->sk is still set if the skb was
      not unshared or expanded from the peer veth.
      
      ip_rcv() is calling skb_orphan() to drop the skb's sk for tproxy,
      but it is too late for macsec's calling gro_cells_receive(). So
      fix it by dropping the skb's sk earlier on rx path of macsec.
      
      Fixes: 5491e7c6 ("macsec: enable GRO and RPS on macsec devices")
      Reported-by: default avatarXiumei Mu <xmu@redhat.com>
      Reported-by: default avatarFei Liu <feliu@redhat.com>
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ba56d8ce
    • David S. Miller's avatar
      Merge tag 'mlx5-fixes-2019-09-24' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux · 2dbf45d1
      David S. Miller authored
      Saeed Mahameed says:
      
      ====================
      Mellanox, mlx5 fixes 2019-09-24
      
      This series introduces some fixes to mlx5 driver.
      For more information please see tag log below.
      
      Please pull and let me know if there is any problem.
      
      For -stable v4.20:
       ('net/mlx5e: Fix traffic duplication in ethtool steering')
      
      For -stable v4.19:
       ('net/mlx5: Add device ID of upcoming BlueField-2')
      
      For -stable v5.3:
       ('net/mlx5e: Fix matching on tunnel addresses type')
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2dbf45d1
    • Jason A. Donenfeld's avatar
      net: print proper warning on dst underflow · adecda5b
      Jason A. Donenfeld authored
      Proper warnings with stack traces make it much easier to figure out
      what's doing the double free and create more meaningful bug reports from
      users.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      adecda5b
    • Vinicius Costa Gomes's avatar
      net/sched: cbs: Fix not adding cbs instance to list · 3e8b9bfa
      Vinicius Costa Gomes authored
      When removing a cbs instance when offloading is enabled, the crash
      below can be observed.
      
      The problem happens because that when offloading is enabled, the cbs
      instance is not added to the list.
      
      Also, the current code doesn't handle correctly the case when offload
      is disabled without removing the qdisc: if the link speed changes the
      credit calculations will be wrong. When we create the cbs instance
      with offloading enabled, it's not added to the notification list, when
      later we disable offloading, it's not in the list, so link speed
      changes will not affect it.
      
      The solution for both issues is the same, add the cbs instance being
      created unconditionally to the global list, even if the link state
      notification isn't useful "right now".
      
      Crash log:
      
      [518758.189866] BUG: kernel NULL pointer dereference, address: 0000000000000000
      [518758.189870] #PF: supervisor read access in kernel mode
      [518758.189871] #PF: error_code(0x0000) - not-present page
      [518758.189872] PGD 0 P4D 0
      [518758.189874] Oops: 0000 [#1] SMP PTI
      [518758.189876] CPU: 3 PID: 4825 Comm: tc Not tainted 5.2.9 #1
      [518758.189877] Hardware name: Gigabyte Technology Co., Ltd. Z390 AORUS ULTRA/Z390 AORUS ULTRA-CF, BIOS F7 03/14/2019
      [518758.189881] RIP: 0010:__list_del_entry_valid+0x29/0xa0
      [518758.189883] Code: 90 48 b8 00 01 00 00 00 00 ad de 55 48 8b 17 4c 8b 47 08 48 89 e5 48 39 c2 74 27 48 b8 00 02 00 00 00 00 ad de 49 39 c0 74 2d <49> 8b 30 48 39 fe 75 3d 48 8b 52 08 48 39 f2 75 4c b8 01 00 00 00
      [518758.189885] RSP: 0018:ffffa27e43903990 EFLAGS: 00010207
      [518758.189887] RAX: dead000000000200 RBX: ffff8bce69f0f000 RCX: 0000000000000000
      [518758.189888] RDX: 0000000000000000 RSI: ffff8bce69f0f064 RDI: ffff8bce69f0f1e0
      [518758.189890] RBP: ffffa27e43903990 R08: 0000000000000000 R09: ffff8bce69e788c0
      [518758.189891] R10: ffff8bce62acd400 R11: 00000000000003cb R12: ffff8bce69e78000
      [518758.189892] R13: ffff8bce69f0f140 R14: 0000000000000000 R15: 0000000000000000
      [518758.189894] FS:  00007fa1572c8f80(0000) GS:ffff8bce6e0c0000(0000) knlGS:0000000000000000
      [518758.189895] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [518758.189896] CR2: 0000000000000000 CR3: 000000040a398006 CR4: 00000000003606e0
      [518758.189898] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [518758.189899] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [518758.189900] Call Trace:
      [518758.189904]  cbs_destroy+0x32/0xa0 [sch_cbs]
      [518758.189906]  qdisc_destroy+0x45/0x120
      [518758.189907]  qdisc_put+0x25/0x30
      [518758.189908]  qdisc_graft+0x2c1/0x450
      [518758.189910]  tc_get_qdisc+0x1c8/0x310
      [518758.189912]  ? get_page_from_freelist+0x91a/0xcb0
      [518758.189914]  rtnetlink_rcv_msg+0x293/0x360
      [518758.189916]  ? kmem_cache_alloc_node_trace+0x178/0x260
      [518758.189918]  ? __kmalloc_node_track_caller+0x38/0x50
      [518758.189920]  ? rtnl_calcit.isra.0+0xf0/0xf0
      [518758.189922]  netlink_rcv_skb+0x48/0x110
      [518758.189923]  rtnetlink_rcv+0x10/0x20
      [518758.189925]  netlink_unicast+0x15b/0x1d0
      [518758.189926]  netlink_sendmsg+0x1ea/0x380
      [518758.189929]  sock_sendmsg+0x2f/0x40
      [518758.189930]  ___sys_sendmsg+0x295/0x2f0
      [518758.189932]  ? ___sys_recvmsg+0x151/0x1e0
      [518758.189933]  ? do_wp_page+0x7e/0x450
      [518758.189935]  __sys_sendmsg+0x48/0x80
      [518758.189937]  __x64_sys_sendmsg+0x1a/0x20
      [518758.189939]  do_syscall_64+0x53/0x1f0
      [518758.189941]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
      [518758.189942] RIP: 0033:0x7fa15755169a
      [518758.189944] Code: 48 c7 c0 ff ff ff ff eb be 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 18 b8 2e 00 00 00 c5 fc 77 0f 05 <48> 3d 00 f0 ff ff 77 5e c3 0f 1f 44 00 00 48 83 ec 28 89 54 24 1c
      [518758.189946] RSP: 002b:00007ffda58b60b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
      [518758.189948] RAX: ffffffffffffffda RBX: 000055e4b836d9a0 RCX: 00007fa15755169a
      [518758.189949] RDX: 0000000000000000 RSI: 00007ffda58b6128 RDI: 0000000000000003
      [518758.189951] RBP: 00007ffda58b6190 R08: 0000000000000001 R09: 000055e4b9d848a0
      [518758.189952] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005d654b49
      [518758.189953] R13: 0000000000000000 R14: 00007ffda58b6230 R15: 00007ffda58b6210
      [518758.189955] Modules linked in: sch_cbs sch_etf sch_mqprio netlink_diag unix_diag e1000e igb intel_pch_thermal thermal video backlight pcc_cpufreq
      [518758.189960] CR2: 0000000000000000
      [518758.189961] ---[ end trace 6a13f7aaf5376019 ]---
      [518758.189963] RIP: 0010:__list_del_entry_valid+0x29/0xa0
      [518758.189964] Code: 90 48 b8 00 01 00 00 00 00 ad de 55 48 8b 17 4c 8b 47 08 48 89 e5 48 39 c2 74 27 48 b8 00 02 00 00 00 00 ad de 49 39 c0 74 2d <49> 8b 30 48 39 fe 75 3d 48 8b 52 08 48 39 f2 75 4c b8 01 00 00 00
      [518758.189967] RSP: 0018:ffffa27e43903990 EFLAGS: 00010207
      [518758.189968] RAX: dead000000000200 RBX: ffff8bce69f0f000 RCX: 0000000000000000
      [518758.189969] RDX: 0000000000000000 RSI: ffff8bce69f0f064 RDI: ffff8bce69f0f1e0
      [518758.189971] RBP: ffffa27e43903990 R08: 0000000000000000 R09: ffff8bce69e788c0
      [518758.189972] R10: ffff8bce62acd400 R11: 00000000000003cb R12: ffff8bce69e78000
      [518758.189973] R13: ffff8bce69f0f140 R14: 0000000000000000 R15: 0000000000000000
      [518758.189975] FS:  00007fa1572c8f80(0000) GS:ffff8bce6e0c0000(0000) knlGS:0000000000000000
      [518758.189976] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [518758.189977] CR2: 0000000000000000 CR3: 000000040a398006 CR4: 00000000003606e0
      [518758.189979] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [518758.189980] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      
      Fixes: e0a7683d ("net/sched: cbs: fix port_rate miscalculation")
      Signed-off-by: default avatarVinicius Costa Gomes <vinicius.gomes@intel.com>
      Acked-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3e8b9bfa
    • Krzysztof Kozlowski's avatar
      drivers: net: Fix Kconfig indentation · 02bc5eb9
      Krzysztof Kozlowski authored
      Adjust indentation from spaces to tab (+optional two spaces) as in
      coding style with command like:
          $ sed -e 's/^        /\t/' -i */Kconfig
      Signed-off-by: default avatarKrzysztof Kozlowski <krzk@kernel.org>
      Acked-by: default avatarKalle Valo <kvalo@codeaurora.org>
      Reviewed-by: default avatarLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      02bc5eb9
    • Krzysztof Kozlowski's avatar
      net: Fix Kconfig indentation · bf69abad
      Krzysztof Kozlowski authored
      Adjust indentation from spaces to tab (+optional two spaces) as in
      coding style with command like:
          $ sed -e 's/^        /\t/' -i */Kconfig
      Signed-off-by: default avatarKrzysztof Kozlowski <krzk@kernel.org>
      Acked-by: default avatarSven Eckelmann <sven@narfation.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bf69abad
    • Rain River's avatar
      MAINTAINERS: add Yanjun to FORCEDETH maintainers list · 34b7bb29
      Rain River authored
      Yanjun has been spending quite a lot of time fixing bugs
      in FORCEDETH source code. I'd like to add Yanjun to maintainers
      list.
      Signed-off-by: default avatarRain River <rain.1986.08.12@gmail.com>
      Acked-by: default avatarZhu Yanjun <yanjun.zhu@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      34b7bb29
  3. 25 Sep, 2019 9 commits