26 Jan, 2020
1 commit
-
[ Upstream commit 4c76bf696a608ea5cc555fe97ec59a9033236604 ]
Unlocking of a not locked mutex is not allowed.
Other kernel thread may be in critical section while
we unlock it because of setting user_feature fail.Fixes: 95a7233c4 ("net: openvswitch: Set OvS recirc_id from tc chain index")
Cc: Paul Blakey
Signed-off-by: Tonghao Zhang
Tested-by: Greg Rose
Acked-by: William Tu
Acked-by: Pravin B Shelar
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
18 Dec, 2019
3 commits
-
[ Upstream commit d04ac224b1688f005a84f764cfe29844f8e9da08 ]
The skb_mpls_push was not updating ethertype of an ethernet packet if
the packet was originally received from a non ARPHRD_ETHER device.In the below OVS data path flow, since the device corresponding to
port 7 is an l3 device (ARPHRD_NONE) the skb_mpls_push function does
not update the ethertype of the packet even though the previous
push_eth action had added an ethernet header to the packet.recirc_id(0),in_port(7),eth_type(0x0800),ipv4(tos=0/0xfc,ttl=64,frag=no),
actions:push_eth(src=00:00:00:00:00:00,dst=00:00:00:00:00:00),
push_mpls(label=13,tc=0,ttl=64,bos=1,eth_type=0x8847),4Fixes: 8822e270d697 ("net: core: move push MPLS functionality from OvS to core helper")
Signed-off-by: Martin Varghese
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 040b5cfbcefa263ccf2c118c4938308606bb7ed8 ]
The skb_mpls_pop was not updating ethertype of an ethernet packet if the
packet was originally received from a non ARPHRD_ETHER device.In the below OVS data path flow, since the device corresponding to port 7
is an l3 device (ARPHRD_NONE) the skb_mpls_pop function does not update
the ethertype of the packet even though the previous push_eth action had
added an ethernet header to the packet.recirc_id(0),in_port(7),eth_type(0x8847),
mpls(label=12/0xfffff,tc=0/0,ttl=0/0x0,bos=1/1),
actions:push_eth(src=00:00:00:00:00:00,dst=00:00:00:00:00:00),
pop_mpls(eth_type=0x800),4Fixes: ed246cee09b9 ("net: core: move pop MPLS functionality from OvS to core helper")
Signed-off-by: Martin Varghese
Acked-by: Pravin B Shelar
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 5d50aa83e2c8e91ced2cca77c198b468ca9210f4 ]
The openvswitch module shares a common conntrack and NAT infrastructure
exposed via netfilter. It's possible that a packet needs both SNAT and
DNAT manipulation, due to e.g. tuple collision. Netfilter can support
this because it runs through the NAT table twice - once on ingress and
again after egress. The openvswitch module doesn't have such capability.Like netfilter hook infrastructure, we should run through NAT twice to
keep the symmetry.Fixes: 05752523e565 ("openvswitch: Interface with NAT.")
Signed-off-by: Aaron Conole
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman
05 Dec, 2019
3 commits
-
[ Upstream commit 8a574f86652a4540a2433946ba826ccb87f398cc ]
If we can't build the flow del notification, we can simply delete
the flow, no need to crash the kernel. Still keep a WARN_ON to
preserve debuggability.Note: the BUG_ON() predates the Fixes tag, but this change
can be applied only after the mentioned commit.v1 -> v2:
- do not leak an skb on errorFixes: aed067783e50 ("openvswitch: Minimize ovs_flow_cmd_del critical section.")
Signed-off-by: Paolo Abeni
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 8ffeb03fbba3b599690b361467bfd2373e8c450f ]
All the callers of ovs_flow_cmd_build_info() already deal with
error return code correctly, so we can handle the error condition
in a more gracefull way. Still dump a warning to preserve
debuggability.v1 -> v2:
- clarify the commit message
- clean the skb and report the error (DaveM)Fixes: ccb1352e76cf ("net: Add Open vSwitch kernel components.")
Signed-off-by: Paolo Abeni
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 4e81c0b3fa93d07653e2415fa71656b080a112fd ]
When user-space sets the OVS_UFID_F_OMIT_* flags, and the relevant
flow has no UFID, we can exceed the computed size, as
ovs_nla_put_identifier() will always dump an OVS_FLOW_ATTR_KEY
attribute.
Take the above in account when computing the flow command message
size.Fixes: 74ed7ab9264c ("openvswitch: Add support for unique flow IDs.")
Reported-by: Qi Jun Ding
Signed-off-by: Paolo Abeni
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman
26 Oct, 2019
1 commit
-
In rtnl_net_notifyid(), we certainly can't pass a null GFP flag to
rtnl_notify(). A GFP_KERNEL flag would be fine in most circumstances,
but there are a few paths calling rtnl_net_notifyid() from atomic
context or from RCU critical sections. The later also precludes the use
of gfp_any() as it wouldn't detect the RCU case. Also, the nlmsg_new()
call is wrong too, as it uses GFP_KERNEL unconditionally.Therefore, we need to pass the GFP flags as parameter and propagate it
through function calls until the proper flags can be determined.In most cases, GFP_KERNEL is fine. The exceptions are:
* openvswitch: ovs_vport_cmd_get() and ovs_vport_cmd_dump()
indirectly call rtnl_net_notifyid() from RCU critical section,* rtnetlink: rtmsg_ifinfo_build_skb() already receives GFP flags as
parameter.Also, in ovs_vport_cmd_build_info(), let's change the GFP flags used
by nlmsg_new(). The function is allowed to sleep, so better make the
flags consistent with the ones used in the following
ovs_vport_cmd_fill_info() call.Found by code inspection.
Fixes: 9a9634545c70 ("netns: notify netns id events")
Signed-off-by: Guillaume Nault
Acked-by: Nicolas Dichtel
Acked-by: Pravin B Shelar
Signed-off-by: David S. Miller
23 Oct, 2019
1 commit
-
syzbot found the following crash on:
HEAD commit: 1e78030e Merge tag 'mmc-v5.3-rc1' of git://git.kernel.org/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=148d3d1a600000
kernel config: https://syzkaller.appspot.com/x/.config?x=30cef20daf3e9977
dashboard link: https://syzkaller.appspot.com/bug?extid=13210896153522fe1ee5
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=136aa8c4600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=109ba792600000=====================================================================
BUG: memory leak
unreferenced object 0xffff8881207e4100 (size 128):
comm "syz-executor032", pid 7014, jiffies 4294944027 (age 13.830s)
hex dump (first 32 bytes):
00 70 16 18 81 88 ff ff 80 af 8c 22 81 88 ff ff .p........."....
00 b6 23 17 81 88 ff ff 00 00 00 00 00 00 00 00 ..#.............
backtrace:
[] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
[] slab_post_alloc_hook mm/slab.h:522 [inline]
[] slab_alloc mm/slab.c:3319 [inline]
[] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
[] kmalloc include/linux/slab.h:552 [inline]
[] kzalloc include/linux/slab.h:748 [inline]
[] ovs_vport_alloc+0x37/0xf0 net/openvswitch/vport.c:130
[] internal_dev_create+0x24/0x1d0 net/openvswitch/vport-internal_dev.c:164
[] ovs_vport_add+0x81/0x190 net/openvswitch/vport.c:199
[] new_vport+0x19/0x80 net/openvswitch/datapath.c:194
[] ovs_dp_cmd_new+0x22f/0x410 net/openvswitch/datapath.c:1614
[] genl_family_rcv_msg+0x2ab/0x5b0 net/netlink/genetlink.c:629
[] genl_rcv_msg+0x54/0x9c net/netlink/genetlink.c:654
[] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
[] genl_rcv+0x29/0x40 net/netlink/genetlink.c:665
[] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
[] netlink_unicast+0x1ec/0x2d0 net/netlink/af_netlink.c:1328
[] netlink_sendmsg+0x270/0x480 net/netlink/af_netlink.c:1917
[] sock_sendmsg_nosec net/socket.c:637 [inline]
[] sock_sendmsg+0x54/0x70 net/socket.c:657
[] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2311
[] __sys_sendmsg+0x80/0xf0 net/socket.c:2356
[] __do_sys_sendmsg net/socket.c:2365 [inline]
[] __se_sys_sendmsg net/socket.c:2363 [inline]
[] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2363BUG: memory leak
unreferenced object 0xffff88811723b600 (size 64):
comm "syz-executor032", pid 7014, jiffies 4294944027 (age 13.830s)
hex dump (first 32 bytes):
01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 02 00 00 00 05 35 82 c1 .............5..
backtrace:
[] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
[] slab_post_alloc_hook mm/slab.h:522 [inline]
[] slab_alloc mm/slab.c:3319 [inline]
[] __do_kmalloc mm/slab.c:3653 [inline]
[] __kmalloc+0x169/0x300 mm/slab.c:3664
[] kmalloc include/linux/slab.h:557 [inline]
[] ovs_vport_set_upcall_portids+0x54/0xd0 net/openvswitch/vport.c:343
[] ovs_vport_alloc+0x7f/0xf0 net/openvswitch/vport.c:139
[] internal_dev_create+0x24/0x1d0 net/openvswitch/vport-internal_dev.c:164
[] ovs_vport_add+0x81/0x190 net/openvswitch/vport.c:199
[] new_vport+0x19/0x80 net/openvswitch/datapath.c:194
[] ovs_dp_cmd_new+0x22f/0x410 net/openvswitch/datapath.c:1614
[] genl_family_rcv_msg+0x2ab/0x5b0 net/netlink/genetlink.c:629
[] genl_rcv_msg+0x54/0x9c net/netlink/genetlink.c:654
[] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
[] genl_rcv+0x29/0x40 net/netlink/genetlink.c:665
[] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
[] netlink_unicast+0x1ec/0x2d0 net/netlink/af_netlink.c:1328
[] netlink_sendmsg+0x270/0x480 net/netlink/af_netlink.c:1917
[] sock_sendmsg_nosec net/socket.c:637 [inline]
[] sock_sendmsg+0x54/0x70 net/socket.c:657
[] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2311
[] __sys_sendmsg+0x80/0xf0 net/socket.c:2356BUG: memory leak
unreferenced object 0xffff8881228ca500 (size 128):
comm "syz-executor032", pid 7015, jiffies 4294944622 (age 7.880s)
hex dump (first 32 bytes):
00 f0 27 18 81 88 ff ff 80 ac 8c 22 81 88 ff ff ..'........"....
40 b7 23 17 81 88 ff ff 00 00 00 00 00 00 00 00 @.#.............
backtrace:
[] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
[] slab_post_alloc_hook mm/slab.h:522 [inline]
[] slab_alloc mm/slab.c:3319 [inline]
[] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
[] kmalloc include/linux/slab.h:552 [inline]
[] kzalloc include/linux/slab.h:748 [inline]
[] ovs_vport_alloc+0x37/0xf0 net/openvswitch/vport.c:130
[] internal_dev_create+0x24/0x1d0 net/openvswitch/vport-internal_dev.c:164
[] ovs_vport_add+0x81/0x190 net/openvswitch/vport.c:199
[] new_vport+0x19/0x80 net/openvswitch/datapath.c:194
[] ovs_dp_cmd_new+0x22f/0x410 net/openvswitch/datapath.c:1614
[] genl_family_rcv_msg+0x2ab/0x5b0 net/netlink/genetlink.c:629
[] genl_rcv_msg+0x54/0x9c net/netlink/genetlink.c:654
[] netlink_rcv_skb+0x61/0x170 net/netlink/af_netlink.c:2477
[] genl_rcv+0x29/0x40 net/netlink/genetlink.c:665
[] netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
[] netlink_unicast+0x1ec/0x2d0 net/netlink/af_netlink.c:1328
[] netlink_sendmsg+0x270/0x480 net/netlink/af_netlink.c:1917
[] sock_sendmsg_nosec net/socket.c:637 [inline]
[] sock_sendmsg+0x54/0x70 net/socket.c:657
[] ___sys_sendmsg+0x393/0x3c0 net/socket.c:2311
[] __sys_sendmsg+0x80/0xf0 net/socket.c:2356
[] __do_sys_sendmsg net/socket.c:2365 [inline]
[] __se_sys_sendmsg net/socket.c:2363 [inline]
[] __x64_sys_sendmsg+0x23/0x30 net/socket.c:2363
=====================================================================The function in net core, register_netdevice(), may fail with vport's
destruction callback either invoked or not. After commit 309b66970ee2
("net: openvswitch: do not free vport if register_netdevice() is failed."),
the duty to destroy vport is offloaded from the driver OTOH, which ends
up in the memory leak reported.It is fixed by releasing vport unless device is registered successfully.
To do that, the callback assignment is defered until device is registered.Reported-by: syzbot+13210896153522fe1ee5@syzkaller.appspotmail.com
Fixes: 309b66970ee2 ("net: openvswitch: do not free vport if register_netdevice() is failed.")
Cc: Taehee Yoo
Cc: Greg Rose
Cc: Eric Dumazet
Cc: Marcelo Ricardo Leitner
Cc: Ying Xue
Cc: Andrey Konovalov
Signed-off-by: Hillf Danton
Acked-by: Pravin B Shelar
[sbrivio: this was sent to dev@openvswitch.org and never made its way
to netdev -- resending original patch]
Signed-off-by: Stefano Brivio
Reviewed-by: Greg Rose
Signed-off-by: Jakub Kicinski
16 Oct, 2019
1 commit
-
the following script:
# tc qdisc add dev eth0 clsact
# tc filter add dev eth0 egress protocol ip matchall \
> action mpls push protocol mpls_uc label 0x355aa bos 1causes corruption of all IP packets transmitted by eth0. On TC egress, we
can't rely on the value of skb->mac_len, because it's 0 and a MPLS 'push'
operation will result in an overwrite of the first 4 octets in the packet
L2 header (e.g. the Destination Address if eth0 is an Ethernet); the same
error pattern is present also in the MPLS 'pop' operation. Fix this error
in act_mpls data plane, computing 'mac_len' as the difference between the
network header and the mac header (when not at TC ingress), and use it in
MPLS 'push'/'pop' core functions.v2: unbreak 'make htmldocs' because of missing documentation of 'mac_len'
in skb_mpls_pop(), reported by kbuild test robotCC: Lorenzo Bianconi
Fixes: 2a2ea50870ba ("net: sched: add mpls manipulation actions to TC")
Reviewed-by: Simon Horman
Acked-by: John Hurley
Signed-off-by: Davide Caratti
Signed-off-by: David S. Miller
02 Oct, 2019
1 commit
-
commit 174e23810cd31
("sk_buff: drop all skb extensions on free and skb scrubbing") made napi
recycle always drop skb extensions. The additional skb_ext_del() that is
performed via nf_reset on napi skb recycle is not needed anymore.Most nf_reset() calls in the stack are there so queued skb won't block
'rmmod nf_conntrack' indefinitely.This removes the skb_ext_del from nf_reset, and renames it to a more
fitting nf_reset_ct().In a few selected places, add a call to skb_ext_reset to make sure that
no active extensions remain.I am submitting this for "net", because we're still early in the release
cycle. The patch applies to net-next too, but I think the rename causes
needless divergence between those trees.Suggested-by: Eric Dumazet
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
26 Sep, 2019
1 commit
-
userspace openvswitch patch "(dpif-linux: Implement the API
functions to allow multiple handler threads read upcall)"
changes its type from U32 to UNSPEC, but leave the kernel
unchangedand after kernel 6e237d099fac "(netlink: Relax attr validation
for fixed length types)", this bug is exposed by the below
warning[ 57.215841] netlink: 'ovs-vswitchd': attribute type 5 has an invalid length.
Fixes: 5cd667b0a456 ("openvswitch: Allow each vport to have an array of 'port_id's")
Signed-off-by: Li RongQing
Acked-by: Pravin B Shelar
Signed-off-by: David S. Miller
06 Sep, 2019
1 commit
-
Offloaded OvS datapath rules are translated one to one to tc rules,
for example the following simplified OvS rule:recirc_id(0),in_port(dev1),eth_type(0x0800),ct_state(-trk) actions:ct(),recirc(2)
Will be translated to the following tc rule:
$ tc filter add dev dev1 ingress \
prio 1 chain 0 proto ip \
flower tcp ct_state -trk \
action ct pipe \
action goto chain 2Received packets will first travel though tc, and if they aren't stolen
by it, like in the above rule, they will continue to OvS datapath.
Since we already did some actions (action ct in this case) which might
modify the packets, and updated action stats, we would like to continue
the proccessing with the correct recirc_id in OvS (here recirc_id(2))
where we left off.To support this, introduce a new skb extension for tc, which
will be used for translating tc chain to ovs recirc_id to
handle these miss cases. Last tc chain index will be set
by tc goto chain action and read by OvS datapath.Signed-off-by: Paul Blakey
Signed-off-by: Vlad Buslov
Acked-by: Jiri Pirko
Acked-by: Pravin B Shelar
Signed-off-by: David S. Miller
03 Sep, 2019
1 commit
-
r8152 conflicts are the NAPI fixes in 'net' overlapping with
some tasklet stuff in net-nextSigned-off-by: David S. Miller
29 Aug, 2019
2 commits
-
Only the first fragment in a datagram contains the L4 headers. When the
Open vSwitch module parses a packet, it always sets the IP protocol
field in the key, but can only set the L4 fields on the first fragment.
The original behavior would not clear the L4 portion of the key, so
garbage values would be sent in the key for "later" fragments. This
patch clears the L4 fields in that circumstance to prevent sending those
garbage values as part of the upcall.Signed-off-by: Justin Pettit
Acked-by: Pravin B Shelar
Signed-off-by: David S. Miller -
When IP fragments are reassembled before being sent to conntrack, the
key from the last fragment is used. Unless there are reordering
issues, the last fragment received will not contain the L4 ports, so the
key for the reassembled datagram won't contain them. This patch updates
the key once we have a reassembled datagram.The handle_fragments() function works on L3 headers so we pull the L3/L4
flow key update code from key_extract into a new function
'key_extract_l3l4'. Then we add a another new function
ovs_flow_key_update_l3l4() and export it so that it is accessible by
handle_fragments() for conntrack packet reassembly.Co-authored-by: Justin Pettit
Signed-off-by: Greg Rose
Acked-by: Pravin B Shelar
Signed-off-by: David S. Miller
28 Aug, 2019
1 commit
-
Minor conflict in r8169, bug fix had two versions in net
and net-next, take the net-next hunks.Signed-off-by: David S. Miller
26 Aug, 2019
1 commit
-
This patch addresses a conntrack cache issue with timeout policy.
Currently, we do not check if the timeout extension is set properly in the
cached conntrack entry. Thus, after packet recirculate from conntrack
action, the timeout policy is not applied properly. This patch fixes the
aforementioned issue.Fixes: 06bd2bdf19d2 ("openvswitch: Add timeout support to ct action")
Reported-by: kbuild test robot
Signed-off-by: Yi-Hung Wei
Acked-by: Pravin B Shelar
Signed-off-by: David S. Miller
25 Aug, 2019
1 commit
-
Fixes: 06bd2bdf19d2 ("openvswitch: Add timeout support to ct action")
Signed-off-by: Yi-Hung Wei
Signed-off-by: David S. Miller
07 Aug, 2019
2 commits
-
Just minor overlapping changes in the conflicts here.
Signed-off-by: David S. Miller
-
Currently in function ovs_dp_process_packet(), return values of
ovs_execute_actions() are silently discarded. This patch prints out
an debug message when error happens so as to provide helpful hints
for debugging.
Acked-by: Pravin B ShelarSigned-off-by: David S. Miller
25 Jul, 2019
1 commit
-
Some functions in the datapath code are factored out so that each
one has a stack frame smaller than 1024 bytes with gcc. However,
when compiling with clang, the functions are inlined more aggressively
and combined again so we getnet/openvswitch/datapath.c:1124:12: error: stack frame size of 1528 bytes in function 'ovs_flow_cmd_set' [-Werror,-Wframe-larger-than=]
Marking both get_flow_actions() and ovs_nla_init_match_and_action()
as 'noinline_for_stack' gives us the same behavior that we see with
gcc, and no warning. Note that this does not mean we actually use
less stack, as the functions call each other, and we still get
three copies of the large 'struct sw_flow_key' type on the stack.The comment tells us that this was previously considered safe,
presumably since the netlink parsing functions are called with
a known backchain that does not also use a lot of stack space.Fixes: 9cc9a5cb176c ("datapath: Avoid using stack larger than 1024.")
Signed-off-by: Arnd Bergmann
Signed-off-by: David S. Miller
20 Jul, 2019
1 commit
-
There is a flow_stats structure defined in include/net/flow_offload.h
and a follow up patch adds #include to
net/sch_generic.h.This breaks compilation since OVS codebase includes net/sock.h which
pulls in linux/filter.h which includes net/sch_generic.h.In file included from ./include/net/sch_generic.h:18:0,
from ./include/linux/filter.h:25,
from ./include/net/sock.h:59,
from ./include/linux/tcp.h:19,
from net/openvswitch/datapath.c:24This definition takes precedence on OVS since it is placed in the
networking core, so rename flow_stats in OVS to sw_flow_stats since
this structure is contained in sw_flow.Signed-off-by: Pablo Neira Ayuso
Acked-by: Jiri Pirko
Signed-off-by: David S. Miller
13 Jul, 2019
1 commit
-
When a vport is deleted, the maximum headroom size would be changed.
If the vport which has the largest headroom is deleted,
the new max_headroom would be set.
But, if the new headroom size is equal to the old headroom size,
updating routine is unnecessary.Signed-off-by: Taehee Yoo
Tested-by: Greg Rose
Reviewed-by: Greg Rose
Signed-off-by: David S. Miller
09 Jul, 2019
5 commits
-
Open vSwitch allows the updating of an existing MPLS header on a packet.
In preparation for supporting similar functionality in TC, move this to a
common skb helper function.Signed-off-by: John Hurley
Reviewed-by: Jakub Kicinski
Reviewed-by: Simon Horman
Reviewed-by: Willem de Bruijn
Acked-by: Cong Wang
Signed-off-by: David S. Miller -
Open vSwitch provides code to pop an MPLS header to a packet. In
preparation for supporting this in TC, move the pop code to an skb helper
that can be reused.Remove the, now unused, update_ethertype static function from OvS.
Signed-off-by: John Hurley
Reviewed-by: Jakub Kicinski
Reviewed-by: Simon Horman
Reviewed-by: Willem de Bruijn
Acked-by: Cong Wang
Signed-off-by: David S. Miller -
Open vSwitch provides code to push an MPLS header to a packet. In
preparation for supporting this in TC, move the push code to an skb helper
that can be reused.Signed-off-by: John Hurley
Reviewed-by: Jakub Kicinski
Reviewed-by: Simon Horman
Reviewed-by: Willem de Bruijn
Acked-by: Cong Wang
Signed-off-by: David S. Miller -
Two cases of overlapping changes, nothing fancy.
Signed-off-by: David S. Miller
-
Use netif_ovs_is_port() function instead of open code.
This patch doesn't change logic.Signed-off-by: Taehee Yoo
Signed-off-by: David S. Miller
01 Jul, 2019
1 commit
-
Skbs may have their checksum value populated by HW. If this is a checksum
calculated over the entire packet then the CHECKSUM_COMPLETE field is
marked. Changes to the data pointer on the skb throughout the network
stack still try to maintain this complete csum value if it is required
through functions such as skb_postpush_rcsum.The MPLS actions in Open vSwitch modify a CHECKSUM_COMPLETE value when
changes are made to packet data without a push or a pull. This occurs when
the ethertype of the MAC header is changed or when MPLS lse fields are
modified.The modification is carried out using the csum_partial function to get the
csum of a buffer and add it into the larger checksum. The buffer is an
inversion of the data to be removed followed by the new data. Because the
csum is calculated over 16 bits and these values align with 16 bits, the
effect is the removal of the old value from the CHECKSUM_COMPLETE and
addition of the new value.However, the csum fed into the function and the outcome of the
calculation are also inverted. This would only make sense if it was the
new value rather than the old that was inverted in the input buffer.Fix the issue by removing the bit inverts in the csum_partial calculation.
The bug was verified and the fix tested by comparing the folded value of
the updated CHECKSUM_COMPLETE value with the folded value of a full
software checksum calculation (reset skb->csum to 0 and run
skb_checksum_complete(skb)). Prior to the fix the outcomes differed but
after they produce the same result.Fixes: 25cd9ba0abc0 ("openvswitch: Add basic MPLS support to kernel")
Fixes: bc7cc5999fd3 ("openvswitch: update checksum in {push,pop}_mpls")
Signed-off-by: John Hurley
Reviewed-by: Jakub Kicinski
Reviewed-by: Simon Horman
Acked-by: Pravin B Shelar
Signed-off-by: David S. Miller
18 Jun, 2019
2 commits
-
Honestly all the conflicts were simple overlapping changes,
nothing really interesting to report.Signed-off-by: David S. Miller
-
Pull networking fixes from David Miller:
"Lots of bug fixes here:1) Out of bounds access in __bpf_skc_lookup, from Lorenz Bauer.
2) Fix rate reporting in cfg80211_calculate_bitrate_he(), from John
Crispin.3) Use after free in psock backlog workqueue, from John Fastabend.
4) Fix source port matching in fdb peer flow rule of mlx5, from Raed
Salem.5) Use atomic_inc_not_zero() in fl6_sock_lookup(), from Eric Dumazet.
6) Network header needs to be set for packet redirect in nfp, from
John Hurley.7) Fix udp zerocopy refcnt, from Willem de Bruijn.
8) Don't assume linear buffers in vxlan and geneve error handlers,
from Stefano Brivio.9) Fix TOS matching in mlxsw, from Jiri Pirko.
10) More SCTP cookie memory leak fixes, from Neil Horman.
11) Fix VLAN filtering in rtl8366, from Linus Walluij.
12) Various TCP SACK payload size and fragmentation memory limit fixes
from Eric Dumazet.13) Use after free in pneigh_get_next(), also from Eric Dumazet.
14) LAPB control block leak fix from Jeremy Sowden"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (145 commits)
lapb: fixed leak of control-blocks.
tipc: purge deferredq list for each grp member in tipc_group_delete
ax25: fix inconsistent lock state in ax25_destroy_timer
neigh: fix use-after-free read in pneigh_get_next
tcp: fix compile error if !CONFIG_SYSCTL
hv_sock: Suppress bogus "may be used uninitialized" warnings
be2net: Fix number of Rx queues used for flow hashing
net: handle 802.1P vlan 0 packets properly
tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
tcp: add tcp_min_snd_mss sysctl
tcp: tcp_fragment() should apply sane memory limits
tcp: limit payload size of sacked skbs
Revert "net: phylink: set the autoneg state in phylink_phy_change"
bpf: fix nested bpf tracepoints with per-cpu data
bpf: Fix out of bounds memory access in bpf_sk_storage
vsock/virtio: set SOCK_DONE on peer shutdown
net: dsa: rtl8366: Fix up VLAN filtering
net: phylink: set the autoneg state in phylink_phy_change
net: add high_order_alloc_disable sysctl/static key
tcp: add tcp_tx_skb_cache sysctl
...
12 Jun, 2019
2 commits
-
ASSERT_OVSL() in ovs_vport_del() is unnecessary because
ovs_vport_del() is only called by ovs_dp_detach_port() and
ovs_dp_detach_port() calls ASSERT_OVSL() too.Signed-off-by: Taehee Yoo
Reviewed-by: Greg Rose
Signed-off-by: David S. Miller -
In order to create an internal vport, internal_dev_create() is used and
that calls register_netdevice() internally.
If register_netdevice() fails, it calls dev->priv_destructor() to free
private data of netdev. actually, a private data of this is a vport.Hence internal_dev_create() should not free and use a vport after failure
of register_netdevice().Test command
ovs-dpctl add-dp bonding_mastersSplat looks like:
[ 1035.667767] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 1035.675958] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI
[ 1035.676916] CPU: 1 PID: 1028 Comm: ovs-vswitchd Tainted: G B 5.2.0-rc3+ #240
[ 1035.676916] RIP: 0010:internal_dev_create+0x2e5/0x4e0 [openvswitch]
[ 1035.676916] Code: 48 c1 ea 03 80 3c 02 00 0f 85 9f 01 00 00 4c 8b 23 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 60 05 00 00 48 89 fa 48 c1 ea 03 3c 02 00 0f 85 86 01 00 00 49 8b bc 24 60 05 00 00 e8 e4 68 f4
[ 1035.713720] RSP: 0018:ffff88810dcb7578 EFLAGS: 00010206
[ 1035.713720] RAX: dffffc0000000000 RBX: ffff88810d13fe08 RCX: ffffffff84297704
[ 1035.713720] RDX: 00000000000000ac RSI: 0000000000000000 RDI: 0000000000000560
[ 1035.713720] RBP: 00000000ffffffef R08: fffffbfff0d3b881 R09: fffffbfff0d3b881
[ 1035.713720] R10: 0000000000000001 R11: fffffbfff0d3b880 R12: 0000000000000000
[ 1035.768776] R13: 0000607ee460b900 R14: ffff88810dcb7690 R15: ffff88810dcb7698
[ 1035.777709] FS: 00007f02095fc980(0000) GS:ffff88811b400000(0000) knlGS:0000000000000000
[ 1035.777709] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1035.777709] CR2: 00007ffdf01d2f28 CR3: 0000000108258000 CR4: 00000000001006e0
[ 1035.777709] Call Trace:
[ 1035.777709] ovs_vport_add+0x267/0x4f0 [openvswitch]
[ 1035.777709] new_vport+0x15/0x1e0 [openvswitch]
[ 1035.777709] ovs_vport_cmd_new+0x567/0xd10 [openvswitch]
[ 1035.777709] ? ovs_dp_cmd_dump+0x490/0x490 [openvswitch]
[ 1035.777709] ? __kmalloc+0x131/0x2e0
[ 1035.777709] ? genl_family_rcv_msg+0xa54/0x1030
[ 1035.777709] genl_family_rcv_msg+0x63a/0x1030
[ 1035.777709] ? genl_unregister_family+0x630/0x630
[ 1035.841681] ? debug_show_all_locks+0x2d0/0x2d0
[ ... ]Fixes: cf124db566e6 ("net: Fix inconsistent teardown and release of private netdev state.")
Signed-off-by: Taehee Yoo
Reviewed-by: Greg Rose
Signed-off-by: David S. Miller
08 Jun, 2019
1 commit
-
Some ISDN files that got removed in net-next had some changes
done in mainline, take the removals.Signed-off-by: David S. Miller
06 Jun, 2019
1 commit
-
IS_ERR() already calls unlikely(), so this extra likely() call
around the !IS_ERR() is not needed.Signed-off-by: Enrico Weigelt
Signed-off-by: David S. Miller
05 Jun, 2019
2 commits
-
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of version 2 of the gnu general public license as
published by the free software foundation this program is
distributed in the hope that it will be useful but without any
warranty without even the implied warranty of merchantability or
fitness for a particular purpose see the gnu general public license
for more detailsextracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 64 file(s).
Signed-off-by: Thomas Gleixner
Reviewed-by: Alexios Zavras
Reviewed-by: Allison Randal
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190529141901.894819585@linutronix.de
Signed-off-by: Greg Kroah-Hartman -
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of version 2 of the gnu general public license as
published by the free software foundation this program is
distributed in the hope that it will be useful but without any
warranty without even the implied warranty of merchantability or
fitness for a particular purpose see the gnu general public license
for more details you should have received a copy of the gnu general
public license along with this program if not write to the free
software foundation inc 51 franklin street fifth floor boston ma
02110 1301 usaextracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 21 file(s).
Signed-off-by: Thomas Gleixner
Reviewed-by: Alexios Zavras
Reviewed-by: Allison Randal
Reviewed-by: Richard Fontana
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190529141334.228102212@linutronix.de
Signed-off-by: Greg Kroah-Hartman
31 May, 2019
2 commits
-
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of version 2 of the gnu general public license as
published by the free software foundationextracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 107 file(s).
Signed-off-by: Thomas Gleixner
Reviewed-by: Allison Randal
Reviewed-by: Richard Fontana
Reviewed-by: Steve Winslow
Reviewed-by: Alexios Zavras
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190528171438.615055994@linutronix.de
Signed-off-by: Greg Kroah-Hartman -
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation either version 2 of the license or at
your option any later versionextracted by the scancode license scanner the SPDX license identifier
GPL-2.0-or-later
has been chosen to replace the boilerplate/reference in 3029 file(s).
Signed-off-by: Thomas Gleixner
Reviewed-by: Allison Randal
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de
Signed-off-by: Greg Kroah-Hartman