14 Mar, 2014
1 commit
-
Add it to NETWORKING [GENERAL] to make sure patches for selftests
go to the netdev list as well.Signed-off-by: Daniel Borkmann
Signed-off-by: David S. Miller
13 Mar, 2014
8 commits
-
When copying in a struct msghdr from the user, if the user has set the
msg_namelen parameter to a negative value it gets clamped to a valid
size due to a comparison between signed and unsigned values.Ensure the syscall errors when the user passes in a negative value.
Signed-off-by: Matthew Leach
Signed-off-by: David S. Miller -
Make sure patches for these tools go to the netdev list as well.
References: https://marc.info/?l=linux-kernel&m=139450284501328&w=2
Cc: David S. Miller
Cc: Daniel Borkmann
Signed-off-by: Tobias Klauser
Signed-off-by: David S. Miller -
Signed-off-by: Geert Uytterhoeven
Cc: David S. Miller
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller -
Or Gerlitz says:
====================
mlx4 fixesThese short series fixes two bugs related to the vxlan support and a
missing req module call for the IB driver which is needed to support
IB/RDMA over Ethernet.Pathes done over the net tree, commit dd38743 "vlan: Set correct
source MAC address with TX VLAN offload enabled"
====================Signed-off-by: David S. Miller
-
When checking what protocol drivers to load, the IB driver should be
requested also over Ethernet ports, if the device supports IBoE (RoCE).Fixes: b046ffe 'net/mlx4_core: Load higher level modules according to ports type'
Signed-off-by: Or Gerlitz
Signed-off-by: David S. Miller -
When the device mac address is changed, we must deregister the vxlan
steering rule associated with the previous mac, and register a new
steering rule using the new mac.Signed-off-by: Or Gerlitz
Signed-off-by: David S. Miller -
Fix the value used to dump the vxlan offloads device capability to align
with the MLX4_DEV_CAP_FLAG2_yyy definition. While on that, add dump to
the IPoIB flow-steering device capability and fix small typo.The vxlan cap value wasn't fully handled when a conflict was resolved
between MLX4_DEV_CAP_FLAG2_DMFS_IPOIB coming from the IB tree to
MLX4_DEV_CAP_FLAG2_VXLAN_OFFLOADS coming from net-next.Signed-off-by: Or Gerlitz
Signed-off-by: David S. Miller -
In 5bd076708 ("Xen-netback: Fix issue caused by using gso_type wrongly")
we use skb_is_gso to determine if we need an extra slot to accommodate
the SKB. There's similar error in interface.c. Change that to use
skb_is_gso as well.Signed-off-by: Wei Liu
Cc: Annie Li
Cc: Ian Campbell
Cc: Paul Durrant
Acked-by: Ian Campbell
Signed-off-by: David S. Miller
12 Mar, 2014
18 commits
-
The tx descriptor version of RTL8111B belong to RTL_TD_0.
Signed-off-by: Hayes Wang
Acked-by: Francois Romieu
Signed-off-by: David S. Miller -
Fixes the following build problem with binutils-2.24
gcc -Wall -O2 -c -o bpf_jit_disasm.o bpf_jit_disasm.c
In file included from bpf_jit_disasm.c:25:0:
/usr/include/bfd.h:35:2: error: #error config.h must be included
before this header
#error config.h must be included before this headerThis is similar to commit 3ce711a6abc27abce1554e1d671a8762b7187690
"perf tools: bfd.h/libbfd detection fails with recent binutils"See: https://sourceware.org/bugzilla/show_bug.cgi?id=14243
CC: David S. Miller
CC: Daniel Borkmann
CC: netdev@vger.kernel.org
Acked-by: Daniel Borkmann
Signed-off-by: Markos Chandras
Signed-off-by: David S. Miller -
Commit a998d4342337 claimed to introduce negative offset support to x86 jit,
but it couldn't be working, since at the time of the execution
of LD+ABS or LD+IND instructions via call into
bpf_internal_load_pointer_neg_helper() the %edx (3rd argument of this func)
had junk value instead of access size in bytes (1 or 2 or 4).Store size into %edx instead of %ecx (what original commit intended to do)
Fixes: a998d4342337 ("bpf jit: Let the x86 jit handle negative offsets")
Signed-off-by: Alexei Starovoitov
Cc: Jan Seiffert
Cc: Eric Dumazet
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller -
Without this check someone could easily create a denial of service
by injecting multicast-specific queries to enable the bridge
snooping part if no real querier issuing periodic general queries
is present on the link which would result in the bridge wrongly
shutting down ports for multicast traffic as the bridge did not learn
about these listeners.With this patch the snooping code is enabled upon receiving valid,
general queries only.Signed-off-by: Linus Lüssing
Signed-off-by: David S. Miller -
General IGMP and MLD queries are supposed to have the multicast
link-local all-nodes address as their destination according to RFC2236
section 9, RFC3376 section 4.1.12/9.1, RFC2710 section 8 and RFC3810
section 5.1.15.Without this check, such malformed IGMP/MLD queries can result in a
denial of service: The queries are ignored by most IGMP/MLD listeners
therefore they will not respond with an IGMP/MLD report. However,
without this patch these malformed MLD queries would enable the
snooping part in the bridge code, potentially shutting down the
according ports towards these hosts for multicast traffic as the
bridge did not learn about these listeners.Reported-by: Jan Stancek
Signed-off-by: Linus Lüssing
Signed-off-by: David S. Miller -
Lars Persson reported following deadlock :
-000 |M:0x0:0x802B6AF8(asm)
Tested-by: Lars Persson
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
Michael S. Tsirkin says:
====================
skbuff: fix skb_segment with zero copy skbsThis fixes a bug in skb_segment where it moves frags
between skbs without orphaning them.
This causes userspace to assume it's safe to
reuse the buffer, and receiver gets corrupted data.
This further might leak information from the
transmitter on the wire.To fix track which skb does a copied frag belong
to, and orphan frags when copying them.As we are tracking multiple skbs here, using
short names (skb,nskb,fskb,skb_frag,frag) becomes confusing.
So before adding another one, I refactor these names
slightly.Patch is split out to make it easier to
verify that all trasformations are trivially correct.The problem was observed in the field,
so I think that the patch is necessary on stable
as well.
====================Signed-off-by: David S. Miller
Acked-by: Herbert Xu -
skb_segment copies frags around, so we need
to copy them carefully to avoid accessing
user memory after reporting completion to userspace
through a callback.skb_segment doesn't normally happen on datapath:
TSO needs to be disabled - so disabling zero copy
in this case does not look like a big deal.Signed-off-by: Michael S. Tsirkin
Acked-by: Herbert Xu
Signed-off-by: David S. Miller -
fskb is unrelated to frag: it's coming from
frag_list. Rename it list_skb to avoid confusion.Signed-off-by: Michael S. Tsirkin
Signed-off-by: David S. Miller -
rename local variable to make it easier to tell at a glance that we are
dealing with a head skb.Signed-off-by: Michael S. Tsirkin
Signed-off-by: David S. Miller -
skb_frag can in fact point at either skb
or fskb so rename it generally "frag".Signed-off-by: Michael S. Tsirkin
Signed-off-by: David S. Miller -
frag points at nskb, so name it appropriately
Signed-off-by: Michael S. Tsirkin
Signed-off-by: David S. Miller -
Giuseppe Cavallaro says:
====================
stmmac fixes: EEE and chained modeThese patches are to fix some new problems in the STMMAC driver.
Mandatory changes are for EEE that needs to be disabled if not supported
and for the chain mode that is broken and the kernel panics if this mode
is enabled.v3: removed a patch from my previous set that touched the stmmac_tx path
that has not to be applied. Other patches for cleaning-up will be
sent on top of net-next git repo.v4: do not surround the defaul buffer selection using Koption and adopt
a default to 1536bytes.
====================Signed-off-by: David S. Miller
-
This is to fix the compatibility to the STiD127 SoC.
Signed-off-by: Giuseppe Cavallaro
Cc: Srinivas Kandagatla
Signed-off-by: David S. Miller -
This patch is to fix the chain mode that was broken
and generated a panic. This patch reviews the chain/ring
modes now shaing the same structure and taking care
about the pointers and callbacks.Signed-off-by: Giuseppe Cavallaro
Signed-off-by: David S. Miller -
This patch is to fix and tune the default buffer sizes.
It reduces the default bufsize used by the driver from
4KiB to 1536 bytes.Patch has been tested on both ARM and SH4 platform based.
Signed-off-by: Giuseppe Cavallaro
Signed-off-by: David S. Miller -
This patch is to disable the EEE (so HW and timers)
for example when the phy communicates that the EEE
can be supported anymore.Signed-off-by: Giuseppe Cavallaro
Signed-off-by: David S. Miller -
vmxnet3's netpoll driver is incorrectly coded. It directly calls
vmxnet3_do_poll, which is the driver internal napi poll routine. As the netpoll
controller method doesn't block real napi polls in any way, there is a potential
for race conditions in which the netpoll controller method and the napi poll
method run concurrently. The result is data corruption causing panics such as this
one recently observed:
PID: 1371 TASK: ffff88023762caa0 CPU: 1 COMMAND: "rs:main Q:Reg"
#0 [ffff88023abd5780] machine_kexec at ffffffff81038f3b
#1 [ffff88023abd57e0] crash_kexec at ffffffff810c5d92
#2 [ffff88023abd58b0] oops_end at ffffffff8152b570
#3 [ffff88023abd58e0] die at ffffffff81010e0b
#4 [ffff88023abd5910] do_trap at ffffffff8152add4
#5 [ffff88023abd5970] do_invalid_op at ffffffff8100cf95
#6 [ffff88023abd5a10] invalid_op at ffffffff8100bf9b
[exception RIP: vmxnet3_rq_rx_complete+1968]
RIP: ffffffffa00f1e80 RSP: ffff88023abd5ac8 RFLAGS: 00010086
RAX: 0000000000000000 RBX: ffff88023b5dcee0 RCX: 00000000000000c0
RDX: 0000000000000000 RSI: 00000000000005f2 RDI: ffff88023b5dcee0
RBP: ffff88023abd5b48 R8: 0000000000000000 R9: ffff88023a3b6048
R10: 0000000000000000 R11: 0000000000000002 R12: ffff8802398d4cd8
R13: ffff88023af35140 R14: ffff88023b60c890 R15: 0000000000000000
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#7 [ffff88023abd5b50] vmxnet3_do_poll at ffffffffa00f204a [vmxnet3]
#8 [ffff88023abd5b80] vmxnet3_netpoll at ffffffffa00f209c [vmxnet3]
#9 [ffff88023abd5ba0] netpoll_poll_dev at ffffffff81472bb7The fix is to do as other drivers do, and have the poll controller call the top
half interrupt handler, which schedules a napi poll properly to recieve framesTested by myself, successfully.
Signed-off-by: Neil Horman
CC: Shreyas Bhatewara
CC: "VMware, Inc."
CC: "David S. Miller"
CC: stable@vger.kernel.org
Reviewed-by: Shreyas N Bhatewara
Signed-off-by: David S. Miller
11 Mar, 2014
6 commits
-
With TX VLAN offload enabled the source MAC address for frames sent using the
VLAN interface is currently set to the address of the real interface. This is
wrong since the VLAN interface may be configured with a different address.The bug was introduced in commit 2205369a314e12fcec4781cc73ac9c08fc2b47de
("vlan: Fix header ops passthru when doing TX VLAN offload.").This patch sets the source address before calling the create function of the
real interface.Signed-off-by: Peter Boström
Signed-off-by: David S. Miller -
Current netback uses gso_type to check whether the skb contains
gso offload, and this is wrong. Gso_size is the right one to
check gso existence, and gso_type is only used to check gso type.Some skbs contains nonzero gso_type and zero gso_size, current
netback would treat these skbs as gso and create wrong response
for this. This also causes ssh failure to domu from other server.V2: use skb_is_gso function as Paul Durrant suggested
Signed-off-by: Annie Li
Acked-by: Wei Liu
Reviewed-by: Paul Durrant
Signed-off-by: David S. Miller -
Resizing fq hash table allocates memory while holding qdisc spinlock,
with BH disabled.This is definitely not good, as allocation might sleep.
We can drop the lock and get it when needed, we hold RTNL so no other
changes can happen at the same time.Signed-off-by: Eric Dumazet
Fixes: afe4fd062416 ("pkt_sched: fq: Fair Queue packet scheduler")
Signed-off-by: David S. Miller -
udelay() does not work on some architectures for values above
2000, in particular on ARM:ERROR: "__bad_udelay" [drivers/net/ethernet/brocade/bna/bna.ko] undefined!
Reported-by: Vagrant Cascadian
Signed-off-by: Ben Hutchings
Signed-off-by: David S. Miller -
The WARN_ON(root == &noop_qdisc)) added in qdisc_list_add()
can trigger in normal conditions when devices are not up.
It should be done only right before the list_add_tail() call.Fixes: e57a784d8cae4 ("pkt_sched: set root qdisc before change() in attach_default_qdiscs()")
Reported-by: Valdis Kletnieks
Tested-by: Mirco Tischler
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller -
John W. Linville says:
====================
Please pull this batch of fixes intende for the 3.14 stream...For the mac80211 bits, Johannes says:
"Here I have a fix from Eliad for the minimal channel width calculation
in the mac80211 code which lead to monitor mode not working at all for
drivers using that. One of my fixes is for an issue noticed by Michal,
we clear an already cleared value but do it without locking, so just
remove that. The other is for a data leak - we leak two bytes of kernel
memory out over the air in QoS NULL frames because those don't get a
sequence number assigned in the TX path."For the iwlwifi bits, Emmanuel says:
"One more fix and an update for device IDs.
There is a bugzilla reported for the fix which is mentioned in the commit message."Along with those...
Amitkumar Karwar provides two mwifiex fixes, both correcting some
data transcription problems.Ivaylo Dimitrov uses skb_trim in the wl1251 driver to avoid
HAVE_EFFICIENT_UNALIGNED_ACCESS problems.
====================Signed-off-by: David S. Miller
10 Mar, 2014
1 commit
-
The pci shutdown handler added in:
bnx2: Add pci shutdown handler
commit 25bfb1dd4ba3b2d9a49ce9d9b0cd7be1840e15edcreated a shutdown down sequence without chip reset if the device was
never brought up. This can cause the firmware to shutdown the PHY
prematurely and cause MMIO read cycles to be unresponsive. On some
systems, it may generate NMI in the bnx2's pci shutdown handler.The fix is to tell the firmware not to shutdown the PHY if there was
no prior chip reset.Signed-off-by: Michael Chan
Signed-off-by: David S. Miller
08 Mar, 2014
1 commit
-
…wireless into for-davem
07 Mar, 2014
5 commits
-
DST_NOCOUNT should only be used if an authorized user adds routes
locally. In case of routes which are added on behalf of router
advertisments this flag must not get used as it allows an unlimited
number of routes getting added remotely.Signed-off-by: Sabrina Dubroca
Acked-by: Hannes Frederic Sowa
Signed-off-by: David S. Miller -
Currently, the PF call to pci_enable_sriov from the PF probe function
stalls for 10 seconds times the number of VFs probed on the host. This
happens because the way for such VFs to determine of the PF
initialization finished, is by attempting to issue reset on the
comm-channel and get timeout (after 10s).The PF probe function is called from a kenernel workqueue, and therefore
during that time, rcu lock is being held and kernel's workqueue is
stalled. This blocks other processes that try to use the workqueue
or rcu lock. For example, interface renaming which is calling
rcu_synchronize is blocked, and timedout by systemd.Changed mlx4_init_slave() to allow VF probed on the host to immediatly
detect that the PF is not ready, and return EPROBE_DEFER instantly.Only when the PF finishes the initialization, allow such VFs to
access the comm channel.This issue and fix are relevant only for probed VFs on the hypervisor,
there is no way to pass this information to a VM until comm channel is
ready, so in a VM, if PF is not ready, the first command will be timedout
after 10 seconds and return EPROBE_DEFER.Signed-off-by: Amir Vadai
Signed-off-by: Or Gerlitz
Signed-off-by: David S. Miller -
Fix a regression introduced by [1]. outbox was accessed instead of
outbox->buf. Typo was copy-pasted to [2] and [3].[1] - cc1ade9 mlx4_core: Disable memory windows for virtual functions
[2] - 4de6580 mlx4_core: Add support for steerable IB UD QPs
[3] - 7ffdf72 net/mlx4_core: Add basic support for TCP/IP offloads under
tunnelingSigned-off-by: Or Gerlitz
Signed-off-by: Amir Vadai
Signed-off-by: David S. Miller -
We didn't correctly check cases where the value for lp_interval is not
within the legal range due to a missing table terminator.This would let userspace trigger a kernel panic by specifying a value out
of range:echo -1 > /sys/devices/virtual/net/bond0/bonding/lp_interval
Introduced by commit 4325b374f84 ("bonding: convert lp_interval to use
the new option API").Acked-by: Nikolay Aleksandrov
Signed-off-by: Sasha Levin
Signed-off-by: David S. Miller -
Without this fix, ipv6_exthdrs_offload_init doesn't register IPPROTO_DSTOPTS
offload, but returns 0 (as the IPPROTO_ROUTING registration actually succeeds).This then causes the ipv6_gso_segment to drop IPv6 packets with IPPROTO_DSTOPTS
header.The issue detected and the fix verified by running MS HCK Offload LSO test on
top of QEMU Windows guests, as this test sends IPv6 packets with
IPPROTO_DSTOPTS.Signed-off-by: Anton Nayshtut
Signed-off-by: David S. Miller
