15 Feb, 2018
9 commits
-
ebt_among still uses pr_err -- these errors indicate ebtables tool bug,
not a usage error.Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
also convert this to info for consistency.
These errors are informational message to user, given iptables doesn't
have netlink extack equivalent.Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
switch this to info, since these aren't really errors.
We only use printk because we cannot report meaningful errors
in the xtables framework.Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
checkpatch complains about line > 80 but this would require splitting
"literal" over two lines which is worse.Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
most messages are converted to info, since they occur in response to
wrong usage.Size mismatch however is a real error (xtables ABI bug) that should not
occur.Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
remove several pr_info messages that cannot be triggered with iptables,
the check is only to ensure input is sane.iptables(8) already prints error messages in these cases.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
In clusterip_config_find_get() we hold RCU read lock so it could
run concurrently with clusterip_config_entry_put(), as a result,
the refcnt could go back to 1 from 0, which leads to a double
list_del()... Just replace refcount_inc() with
refcount_inc_not_zero(), as for c->refcount.Fixes: d73f33b16883 ("netfilter: CLUSTERIP: RCU conversion")
Cc: Eric Dumazet
Cc: Pablo Neira Ayuso
Cc: Florian Westphal
Signed-off-by: Cong Wang
Reviewed-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
The rationale for removing the check is only correct for rulesets
generated by ip(6)tables.In iptables, a jump can only occur to a user-defined chain, i.e.
because we size the stack based on number of user-defined chains we
cannot exceed stack size.However, the underlying binary format has no such restriction,
and the validation step only ensures that the jump target is a
valid rule start point.IOW, its possible to build a rule blob that has no user-defined
chains but does contain a jump.If this happens, no jump stack gets allocated and crash occurs
because no jumpstack was allocated.Fixes: 7814b6ec6d0d6 ("netfilter: xtables: don't save/restore jumpstack offset")
Reported-by: syzbot+e783f671527912cd9403@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
The Syzbot reported a possible deadlock in the netfilter area caused by
rtnl lock, xt lock and socket lock being acquired with a different order
on different code paths, leading to the following backtrace:
Reviewed-by: Xin Long======================================================
WARNING: possible circular locking dependency detected
4.15.0+ #301 Not tainted
------------------------------------------------------
syzkaller233489/4179 is trying to acquire lock:
(rtnl_mutex){+.+.}, at: [] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:74but task is already holding lock:
(&xt[i].mutex){+.+.}, at: []
xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1041which lock already depends on the new lock.
===Since commit 3f34cfae1230 ("netfilter: on sockopt() acquire sock lock
only in the required scope"), we already acquire the socket lock in
the innermost scope, where needed. In such commit I forgot to remove
the outer-most socket lock from the getsockopt() path, this commit
addresses the issues dropping it now.v1 -> v2: fix bad subj, added relavant 'fixes' tag
Fixes: 22265a5c3c10 ("netfilter: xt_TEE: resolve oif using netdevice notifiers")
Fixes: 202f59afd441 ("netfilter: ipt_CLUSTERIP: do not hold dev")
Fixes: 3f34cfae1230 ("netfilter: on sockopt() acquire sock lock only in the required scope")
Reported-by: syzbot+ddde1c7b7ff7442d7f2d@syzkaller.appspotmail.com
Suggested-by: Florian Westphal
Signed-off-by: Paolo Abeni
Signed-off-by: Pablo Neira Ayuso
08 Feb, 2018
14 commits
-
There is a race condition between clusterip_config_entry_put()
and clusterip_config_init(), after we release the spinlock in
clusterip_config_entry_put(), a new proc file with a same IP could
be created immediately since it is already removed from the configs
list, therefore it triggers this warning:------------[ cut here ]------------
proc_dir_entry 'ipt_CLUSTERIP/172.20.0.170' already registered
WARNING: CPU: 1 PID: 4152 at fs/proc/generic.c:330 proc_register+0x2a4/0x370 fs/proc/generic.c:329
Kernel panic - not syncing: panic_on_warn set ...As a quick fix, just move the proc_remove() inside the spinlock.
Reported-by:
Fixes: 6c5d5cfbe3c5 ("netfilter: ipt_CLUSTERIP: check duplicate config when initializing")
Tested-by: Paolo Abeni
Cc: Xin Long
Cc: Pablo Neira Ayuso
Signed-off-by: Cong Wang
Reviewed-by: Xin Long
Signed-off-by: Pablo Neira Ayuso -
Back in 2002 vmalloc used to BUG on too large sizes. We are much better
behaved these days and vmalloc simply returns NULL for those. Remove the
check as it simply not needed and the comment is even misleading.Link: http://lkml.kernel.org/r/20180131081916.GO21609@dhcp22.suse.cz
Suggested-by: Andrew Morton
Signed-off-by: Michal Hocko
Reviewed-by: Andrew Morton
Cc: Florian Westphal
Cc: David S. Miller
Signed-off-by: Andrew Morton
Signed-off-by: Pablo Neira Ayuso -
tracepoint tcp_send_reset requires a full socket to work. However, it
may be called when in TCP_TIME_WAIT:case TCP_TW_RST:
tcp_v6_send_reset(sk, skb);
inet_twsk_deschedule_put(inet_twsk(sk));
goto discard_it;To avoid this problem, this patch checks the socket with sk_fullsock()
before calling trace_tcp_send_reset().Fixes: c24b14c46bb8 ("tcp: add tracepoint trace_tcp_send_reset")
Signed-off-by: Song Liu
Reviewed-by: Lawrence Brakmo
Signed-off-by: David S. Miller -
In Kernel 4.15.0+, Netem does not work properly.
Netem setup:
tc qdisc add dev h1-eth0 root handle 1: netem delay 10ms 2ms
Result:
PING 172.16.101.2 (172.16.101.2) 56(84) bytes of data.
64 bytes from 172.16.101.2: icmp_seq=1 ttl=64 time=22.8 ms
64 bytes from 172.16.101.2: icmp_seq=2 ttl=64 time=10.9 ms
64 bytes from 172.16.101.2: icmp_seq=3 ttl=64 time=10.9 ms
64 bytes from 172.16.101.2: icmp_seq=5 ttl=64 time=11.4 ms
64 bytes from 172.16.101.2: icmp_seq=6 ttl=64 time=11.8 ms
64 bytes from 172.16.101.2: icmp_seq=4 ttl=64 time=4303 ms
64 bytes from 172.16.101.2: icmp_seq=10 ttl=64 time=11.2 ms
64 bytes from 172.16.101.2: icmp_seq=11 ttl=64 time=10.3 ms
64 bytes from 172.16.101.2: icmp_seq=7 ttl=64 time=4304 ms
64 bytes from 172.16.101.2: icmp_seq=8 ttl=64 time=4303 msPatch:
(rnd % (2 * sigma)) - sigma was overflowing s32. After applying the
patch, I found following output which is desirable.PING 172.16.101.2 (172.16.101.2) 56(84) bytes of data.
64 bytes from 172.16.101.2: icmp_seq=1 ttl=64 time=21.1 ms
64 bytes from 172.16.101.2: icmp_seq=2 ttl=64 time=8.46 ms
64 bytes from 172.16.101.2: icmp_seq=3 ttl=64 time=9.00 ms
64 bytes from 172.16.101.2: icmp_seq=4 ttl=64 time=11.8 ms
64 bytes from 172.16.101.2: icmp_seq=5 ttl=64 time=8.36 ms
64 bytes from 172.16.101.2: icmp_seq=6 ttl=64 time=11.8 ms
64 bytes from 172.16.101.2: icmp_seq=7 ttl=64 time=8.11 ms
64 bytes from 172.16.101.2: icmp_seq=8 ttl=64 time=10.0 ms
64 bytes from 172.16.101.2: icmp_seq=9 ttl=64 time=11.3 ms
64 bytes from 172.16.101.2: icmp_seq=10 ttl=64 time=11.5 ms
64 bytes from 172.16.101.2: icmp_seq=11 ttl=64 time=10.2 msReviewed-by: Stephen Hemminger
Signed-off-by: David S. Miller -
It was discovered that simple program which indefinitely sends 200b UDP
packets and runs on TI AM574x SoC (SMP) under RT Kernel triggers network
watchdog timeout in TI CPSW driver (
Reviewed-by: Ivan Khoronzhuk
Signed-off-by: David S. Miller -
This change will guard against a double free in the case that the
buffers were previously freed at some other time, such as during
a device reset. It resolves a kernel oops that occurred when changing
the VNIC device's MTU.Signed-off-by: Thomas Falcon
Signed-off-by: David S. Miller -
At some point, a check was added to exit the polling routine during resets.
This makes sense for most reset conditions, but for a non-fatal error, we
expect the polling routine to continue running to properly clean up the rx
queues. This patch checks if we are performing a non-fatal reset and if we
are, continues normal polling operation.Signed-off-by: John Allen
Signed-off-by: David S. Miller -
Fix the number of queues per enabled TC and report available queues
to the kernel without having to limit them to the max RSS limit so
they are available to be mapped for XPS. This allows a queue per
processing thread available for handling traffic for the given
traffic class.Signed-off-by: Amritha Nambiar
Tested-by: Andrew Bowers
Signed-off-by: Jeff Kirsher
Signed-off-by: David S. Miller -
Because of differences in how ipv4 and ipv6 handle fib lookups,
verification of nexthops with onlink flag need to default to the main
table rather than the local table used by IPv4. As it stands an
address within a connected route on device 1 can be used with
onlink on device 2. Updating the table properly rejects the route
due to the egress device mismatch.Update the extack message as well to show it could be a device
mismatch for the nexthop spec.Fixes: fc1e64e1092f ("net/ipv6: Add support for onlink flag")
Signed-off-by: David Ahern
Signed-off-by: David S. Miller -
Verification of nexthops with onlink flag need to handle unreachable
routes. The lookup is only intended to validate the gateway address
is not a local address and if the gateway resolves the egress device
must match the given device. Hence, hitting any default reject route
is ok.Fixes: fc1e64e1092f ("net/ipv6: Add support for onlink flag")
Signed-off-by: David Ahern
Signed-off-by: David S. Miller -
Add the appropriate SPDX license tags to the Sun network drivers
as outlined in Documentation/process/license-rules.rst.Signed-off-by: Shannon Nelson
Reviewed-by: Zhu Yanjun
Signed-off-by: David S. Miller -
AF_RXRPC is incorrectly sending back to the server any abort it receives
for a client connection. This is due to the final-ACK offload to the
connection event processor patch. The abort code is copied into the
last-call information on the connection channel and then the event
processor is set.Instead, the following should be done:
(1) In the case of a final-ACK for a successful call, the ACK should be
scheduled as before.(2) In the case of a locally generated ABORT, the ABORT details should be
cached for sending in response to further packets related to that
call and no further action scheduled at call disconnect time.(3) In the case of an ACK received from the peer, the call should be
considered dead, no ABORT should be transmitted at this time. In
response to further non-ABORT packets from the peer relating to this
call, an RX_USER_ABORT ABORT should be transmitted.(4) In the case of a call killed due to network error, an RX_USER_ABORT
ABORT should be cached for transmission in response to further
packets, but no ABORT should be sent at this time.Fixes: 3136ef49a14c ("rxrpc: Delay terminal ACK transmission on a client call")
Signed-off-by: David Howells
Signed-off-by: David S. Miller -
Commit baf5086840ab1 ("cxgb4: restructure VF mgmt code") has reordered
some code but an error handling label has not been updated accordingly.
So fix it and free 'adapter' if 't4_wait_dev_ready()' fails.Fixes: baf5086840ab1 ("cxgb4: restructure VF mgmt code")
Signed-off-by: Christophe JAILLET
Signed-off-by: David S. Miller -
Pablo Neira Ayuso says:
====================
Netfilter fixes for netThe following patchset contains Netfilter fixes for you net tree, they
are:1) Restore __GFP_NORETRY in xt_table allocations to mitigate effects of
large memory allocation requests, from Michal Hocko.2) Release IPv6 fragment queue in case of error in fragmentation header,
this is a follow up to amend patch 83f1999caeb1, from Subash Abhinov
Kasiviswanathan.3) Flowtable infrastructure depends on NETFILTER_INGRESS as it registers
a hook for each flowtable, reported by John Crispin.4) Missing initialization of info->priv in xt_cgroup version 1, from
Cong Wang.5) Give a chance to garbage collector to run after scheduling flowtable
cleanup.6) Releasing flowtable content on nft_flow_offload module removal is
not required at all, there is not dependencies between this module
and flowtables, remove it.7) Fix missing xt_rateest_mutex grabbing for hash insertions, also from
Cong Wang.8) Move nf_flow_table_cleanup() routine to flowtable core, this patch is
a dependency for the next patch in this list.9) Flowtable resources are not properly released on removal from the
control plane. Fix this resource leak by scheduling removal of all
entries and explicit call to the garbage collector.10) nf_ct_nat_offset() declaration is dead code, this function prototype
is not used anywhere, remove it. From Taehee Yoo.11) Fix another flowtable resource leak on entry insertion failures,
this patch also fixes a possible use-after-free. Patch from Felix
Fietkau.
====================Signed-off-by: David S. Miller
07 Feb, 2018
17 commits
-
flow_offload_del frees the flow, so all associated resource must be
freed before.Since the ct entry in struct flow_offload_entry was allocated by
flow_offload_alloc, it should be freed by flow_offload_free to take care
of the error handling path when flow_offload_add fails.While at it, make flow_offload_del static, since it should never be
called directly, only from the gc stepSigned-off-by: Felix Fietkau
Signed-off-by: Pablo Neira Ayuso -
prototype nf_ct_nat_offset is not used anymore.
Signed-off-by: Taehee Yoo
-
Merge misc updates from Andrew Morton:
- kasan updates
- procfs
- lib/bitmap updates
- other lib/ updates
- checkpatch tweaks
- rapidio
- ubsan
- pipe fixes and cleanups
- lots of other misc bits
* emailed patches from Andrew Morton : (114 commits)
Documentation/sysctl/user.txt: fix typo
MAINTAINERS: update ARM/QUALCOMM SUPPORT patterns
MAINTAINERS: update various PALM patterns
MAINTAINERS: update "ARM/OXNAS platform support" patterns
MAINTAINERS: update Cortina/Gemini patterns
MAINTAINERS: remove ARM/CLKDEV SUPPORT file pattern
MAINTAINERS: remove ANDROID ION pattern
mm: docs: add blank lines to silence sphinx "Unexpected indentation" errors
mm: docs: fix parameter names mismatch
mm: docs: fixup punctuation
pipe: read buffer limits atomically
pipe: simplify round_pipe_size()
pipe: reject F_SETPIPE_SZ with size over UINT_MAX
pipe: fix off-by-one error when checking buffer limits
pipe: actually allow root to exceed the pipe buffer limits
pipe, sysctl: remove pipe_proc_fn()
pipe, sysctl: drop 'min' parameter from pipe-max-size converter
kasan: rework Kconfig settings
crash_dump: is_kdump_kernel can be boolean
kernel/mutex: mutex_is_locked can be boolean
... -
Pull scheduler updates from Ingo Molnar:
- membarrier updates (Mathieu Desnoyers)
- SMP balancing optimizations (Mel Gorman)
- stats update optimizations (Peter Zijlstra)
- RT scheduler race fixes (Steven Rostedt)
- misc fixes and updates
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/fair: Use a recently used CPU as an idle candidate and the basis for SIS
sched/fair: Do not migrate if the prev_cpu is idle
sched/fair: Restructure wake_affine*() to return a CPU id
sched/fair: Remove unnecessary parameters from wake_affine_idle()
sched/rt: Make update_curr_rt() more accurate
sched/rt: Up the root domain ref count when passing it around via IPIs
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
sched/core: Optimize update_stats_*()
sched/core: Optimize ttwu_stat()
membarrier/selftest: Test private expedited sync core command
membarrier/arm64: Provide core serializing command
membarrier/x86: Provide core serializing command
membarrier: Provide core serializing command, *_SYNC_CORE
lockin/x86: Implement sync_core_before_usermode()
locking: Introduce sync_core_before_usermode()
membarrier/selftest: Test global expedited command
membarrier: Provide GLOBAL_EXPEDITED command
membarrier: Document scheduler barrier requirements
powerpc, membarrier: Skip memory barrier in switch_mm()
membarrier/selftest: Test private expedited command -
Pull perf fixes from Ingo Molnar:
"Tooling fixes, plus add missing interval sampling to certain x86 PEBS
events"* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf tools: Add trace/beauty/generated/ into .gitignore
perf trace: Fix call-graph output
x86/events/intel/ds: Add PERF_SAMPLE_PERIOD into PEBS_FREERUNNING_FLAGS
perf record: Fix period option handling
perf evsel: Fix period/freq terms setup
tools headers: Synchoronize x86 features UAPI headers
tools headers: Synchronize uapi/linux/sched.h
tools headers: Sync {tools/,}arch/powerpc/include/uapi/asm/kvm.h
tooling headers: Synchronize updated s390 kvm UAPI headers
tools headers: Synchronize sound/asound.h -
Pull locking fixlets from Ingo Molnar:
"An endianness fix and a jump labels branch hint update"* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
locking/qrwlock: include asm/byteorder.h as needed
jump_label: Add branch hints to static_branch_{un,}likely() -
Pull networking fixes from David Miller:
1) Fix error path in netdevsim, from Jakub Kicinski.
2) Default values listed in tcp_wmem and tcp_rmem documentation were
inaccurate, from Tonghao Zhang.3) Fix route leaks in SCTP, both for ipv4 and ipv6. From Alexey Kodanev
and Tommi Rantala.4) Fix "MASK < Y" meant to be "MASK << Y" in xgbe driver, from Wolfram
Sang.5) Use after free in u32_destroy_key(), from Paolo Abeni.
6) Fix two TX issues in be2net driver, from Suredh Reddy.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (25 commits)
be2net: Handle transmit completion errors in Lancer
be2net: Fix HW stall issue in Lancer
RDS: IB: Fix null pointer issue
nfp: fix kdoc warnings on nested structures
sample/bpf: fix erspan metadata
net: erspan: fix erspan config overwrite
net: erspan: fix metadata extraction
cls_u32: fix use after free in u32_destroy_key()
net: amd-xgbe: fix comparison to bitshift when dealing with a mask
net: phy: Handle not having GPIO enabled in the kernel
ibmvnic: fix empty firmware version and errors cleanup
sctp: fix dst refcnt leak in sctp_v4_get_dst
sctp: fix dst refcnt leak in sctp_v6_get_dst()
dwc-xlgmac: remove Jie Deng as co-maintainer
doc: Change the min default value of tcp_wmem/tcp_rmem.
samples/bpf: use bpf_set_link_xdp_fd
libbpf: add missing SPDX-License-Identifier
libbpf: add error reporting in XDP
libbpf: add function to setup XDP
tools: add netlink.h and if_link.h in tools uapi
... -
Fix 'documetation' to 'documentation'
Link: http://lkml.kernel.org/r/CAKW4uUxRPZz59aWAX8ytaCB5=Qh6d_CvAnO7rYq-6NRAnQJbDA@mail.gmail.com
Signed-off-by: Kangmin Park
Reviewed-by: Andrew Morton
Cc: Jiri Kosina
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Commit 321737416c72d ("tty: serial: msm: Move header file into driver")
removed the .h file, update the patterns.Link: http://lkml.kernel.org/r/2b7478bc4c35ab3ac6b06b4edd3b645a8c34a4a2.1517147485.git.joe@perches.com
Signed-off-by: Joe Perches
Reviewed-by: Andrew Morton
Cc: Stephen Boyd
Cc: Andy Gross
Cc: David Brown
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Commit 4c25c5d2985c ("ARM: pxa: make more mach/*.h files local") moved
the files around, update the patterns.Link: http://lkml.kernel.org/r/a291f6f61e378a1f35e266fe4c5f646b9feeaa6a.1517147485.git.joe@perches.com
Signed-off-by: Joe Perches
Reviewed-by: Andrew Morton
Cc: Arnd Bergmann
Cc: Marek Vasut
Cc: Tomas Cech
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Commit 9e6c62b05c1b ("ARM: dts: rename oxnas dts files") renamed the
files, update the patterns.[akpm@linux-foundation.org: crunch into a single globbed term, per Arnd]
Link: http://lkml.kernel.org/r/b39d779e143b3c0a4e7dff827346e509447e3e8e.1517147485.git.joe@perches.com
Signed-off-by: Joe Perches
Reviewed-by: Andrew Morton
Cc: Daniel Golle
Cc: Arnd Bergmann
Cc: Neil Armstrong
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Commit 4d5ae32f5e1e ("net: ethernet: Add a driver for Gemini gigabit
ethernet") added invalid patterns. Fix it.Link: http://lkml.kernel.org/r/65b104609e0071d0fbe0dcce3a8e6138a4cf8c25.1517147485.git.joe@perches.com
Signed-off-by: Joe Perches
Reviewed-by: Linus Walleij
Reviewed-by: Andrew Morton
Cc: Hans Ulli Kroll
Cc: David S. Miller
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Commit 34d2f4d3a4d6 ("ARM: Use generic clkdev.h header") removed the
file, remove the pattern.Link: http://lkml.kernel.org/r/41bfff9449a5894b94f583983b6c6cb46f4cd821.1517147485.git.joe@perches.com
Signed-off-by: Joe Perches
Reviewed-by: Andrew Morton
Cc: Russell King
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The file drivers/staging/android/uapi/ion_test.h was removed by commit
9828282e33a0 ("staging: android: ion: Remove old platform support")Remove the pattern.
Link: http://lkml.kernel.org/r/182debec22002c9a1de44e79a7441288942b205c.1517147485.git.joe@perches.com
Signed-off-by: Joe Perches
Acked-by: Laura Abbott
Reviewed-by: Andrew Morton
Cc: Sumit Semwal
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Link: http://lkml.kernel.org/r/1516700871-22279-4-git-send-email-rppt@linux.vnet.ibm.com
Signed-off-by: Mike Rapoport
Cc: Jonathan Corbet
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
There are several places where parameter descriptions do no match the
actual code. Fix it.Link: http://lkml.kernel.org/r/1516700871-22279-3-git-send-email-rppt@linux.vnet.ibm.com
Signed-off-by: Mike Rapoport
Cc: Jonathan Corbet
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
so that kernel-doc will properly recognize the parameter and function
descriptions.Link: http://lkml.kernel.org/r/1516700871-22279-2-git-send-email-rppt@linux.vnet.ibm.com
Signed-off-by: Mike Rapoport
Cc: Jonathan Corbet
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds