1. 10 1月, 2018 3 次提交
    • N
      net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg() · 20b50d79
      Nicolai Stange 提交于
      Commit 8f659a03 ("net: ipv4: fix for a race condition in
      raw_sendmsg") fixed the issue of possibly inconsistent ->hdrincl handling
      due to concurrent updates by reading this bit-field member into a local
      variable and using the thus stabilized value in subsequent tests.
      
      However, aforementioned commit also adds the (correct) comment that
      
        /* hdrincl should be READ_ONCE(inet->hdrincl)
         * but READ_ONCE() doesn't work with bit fields
         */
      
      because as it stands, the compiler is free to shortcut or even eliminate
      the local variable at its will.
      
      Note that I have not seen anything like this happening in reality and thus,
      the concern is a theoretical one.
      
      However, in order to be on the safe side, emulate a READ_ONCE() on the
      bit-field by doing it on the local 'hdrincl' variable itself:
      
      	int hdrincl = inet->hdrincl;
      	hdrincl = READ_ONCE(hdrincl);
      
      This breaks the chain in the sense that the compiler is not allowed
      to replace subsequent reads from hdrincl with reloads from inet->hdrincl.
      
      Fixes: 8f659a03 ("net: ipv4: fix for a race condition in raw_sendmsg")
      Signed-off-by: NNicolai Stange <nstange@suse.de>
      Reviewed-by: NStefano Brivio <sbrivio@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      20b50d79
    • X
      net: caif: use strlcpy() instead of strncpy() · 3dc2fa47
      Xiongfeng Wang 提交于
      gcc-8 reports
      
      net/caif/caif_dev.c: In function 'caif_enroll_dev':
      ./include/linux/string.h:245:9: warning: '__builtin_strncpy' output may
      be truncated copying 15 bytes from a string of length 15
      [-Wstringop-truncation]
      
      net/caif/cfctrl.c: In function 'cfctrl_linkup_request':
      ./include/linux/string.h:245:9: warning: '__builtin_strncpy' output may
      be truncated copying 15 bytes from a string of length 15
      [-Wstringop-truncation]
      
      net/caif/cfcnfg.c: In function 'caif_connect_client':
      ./include/linux/string.h:245:9: warning: '__builtin_strncpy' output may
      be truncated copying 15 bytes from a string of length 15
      [-Wstringop-truncation]
      
      The compiler require that the input param 'len' of strncpy() should be
      greater than the length of the src string, so that '\0' is copied as
      well. We can just use strlcpy() to avoid this warning.
      Signed-off-by: NXiongfeng Wang <xiongfeng.wang@linaro.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3dc2fa47
    • A
      net: core: fix module type in sock_diag_bind · b8fd0823
      Andrii Vladyka 提交于
      Use AF_INET6 instead of AF_INET in IPv6-related code path
      Signed-off-by: NAndrii Vladyka <tulup@mail.ru>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b8fd0823
  2. 09 1月, 2018 15 次提交
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · ef7f8cec
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Frag and UDP handling fixes in i40e driver, from Amritha Nambiar and
          Alexander Duyck.
      
       2) Undo unintentional UAPI change in netfilter conntrack, from Florian
          Westphal.
      
       3) Revert a change to how error codes are returned from
          dev_get_valid_name(), it broke some apps.
      
       4) Cannot cache routes for ipv6 tunnels in the tunnel is ipv4/ipv6
          dual-stack. From Eli Cooper.
      
       5) Fix missed PMTU updates in geneve, from Xin Long.
      
       6) Cure double free in macvlan, from Gao Feng.
      
       7) Fix heap out-of-bounds write in rds_message_alloc_sgs(), from
          Mohamed Ghannam.
      
       8) FEC bug fixes from FUgang Duan (mis-accounting of dev_id, missed
          deferral of probe when the regulator is not ready yet).
      
       9) Missing DMA mapping error checks in 3c59x, from Neil Horman.
      
      10) Turn off Broadcom tags for some b53 switches, from Florian Fainelli.
      
      11) Fix OOPS when get_target_net() is passed an SKB whose NETLINK_CB()
          isn't initialized. From Andrei Vagin.
      
      12) Fix crashes in fib6_add(), from Wei Wang.
      
      13) PMTU bug fixes in SCTP from Marcelo Ricardo Leitner.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (56 commits)
        sh_eth: fix TXALCR1 offsets
        mdio-sun4i: Fix a memory leak
        phylink: mark expected switch fall-throughs in phylink_mii_ioctl
        sctp: fix the handling of ICMP Frag Needed for too small MTUs
        sctp: do not retransmit upon FragNeeded if PMTU discovery is disabled
        xen-netfront: enable device after manual module load
        bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine.
        bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc()
        sh_eth: fix SH7757 GEther initialization
        net: fec: free/restore resource in related probe error pathes
        uapi/if_ether.h: prevent redefinition of struct ethhdr
        ipv6: fix general protection fault in fib6_add()
        RDS: null pointer dereference in rds_atomic_free_op
        sh_eth: fix TSU resource handling
        net: stmmac: enable EEE in MII, GMII or RGMII only
        rtnetlink: give a user socket to get_target_net()
        MAINTAINERS: Update my email address.
        can: ems_usb: improve error reporting for error warning and error passive
        can: flex_can: Correct the checking for frame length in flexcan_start_xmit()
        can: gs_usb: fix return value of the "set_bittiming" callback
        ...
      ef7f8cec
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · 44596f86
      Linus Torvalds 提交于
      Pull rdma fixes from Doug Ledford:
      
       - One line fix to mlx4 error flow (same as mlx5 fix in last pull
         request, just in the mlx4 driver)
      
       - Fix a race condition in the IPoIB driver. This patch is larger than
         just a one line fix, but resolves a race condition in a fairly
         straight forward manner
      
       - Fix a locking issue in the RDMA netlink code. This patch is also
         larger than I would like for a late -rc. It has, however, had a week
         to bake in the rdma tree prior to this pull request
      
       - One line fix to fix granting remote machine access to memory that
         they don't need and shouldn't have
      
       - One line fix to correct the fact that our sgid/dgid pair is swapped
         from what you would expect when receiving an incoming connection
         request
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        IB/srpt: Fix ACL lookup during login
        IB/srpt: Disable RDMA access by the initiator
        RDMA/netlink: Fix locking around __ib_get_device_by_index
        IB/ipoib: Fix race condition in neigh creation
        IB/mlx4: Fix mlx4_ib_alloc_mr error flow
      44596f86
    • L
      Merge tag 'platform-drivers-x86-v4.15-4' of git://git.infradead.org/linux-platform-drivers-x86 · d32da584
      Linus Torvalds 提交于
      Pull x86 platform driver fix from Darren Hart:
       "Address a wmi initcall ordering race resulting in a difficult to
        reproduce boot failure"
      
      * tag 'platform-drivers-x86-v4.15-4' of git://git.infradead.org/linux-platform-drivers-x86:
        platform/x86: wmi: Call acpi_wmi_init() later
      d32da584
    • S
      sh_eth: fix TXALCR1 offsets · 50f3d740
      Sergei Shtylyov 提交于
      The  TXALCR1 offsets are incorrect in the register offset tables, most
      probably due to copy&paste error.  Luckily, the driver never uses this
      register. :-)
      
      Fixes: 4a55530f ("net: sh_eth: modify the definitions of register")
      Signed-off-by: NSergei Shtylyov <sergei.shtylyov@cogentembedded.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      50f3d740
    • C
      mdio-sun4i: Fix a memory leak · 56c02902
      Christophe JAILLET 提交于
      If the probing of the regulator is deferred, the memory allocated by
      'mdiobus_alloc_size()' will be leaking.
      It should be freed before the next call to 'sun4i_mdio_probe()' which will
      reallocate it.
      
      Fixes: 4bdcb1dd ("net: Add MDIO bus driver for the Allwinner EMAC")
      Signed-off-by: NChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      56c02902
    • G
      phylink: mark expected switch fall-throughs in phylink_mii_ioctl · 46cd7503
      Gustavo A. R. Silva 提交于
      In preparation to enabling -Wimplicit-fallthrough, mark switch cases
      where we are expecting to fall through.
      
      Addresses-Coverity-ID: 1463447 ("Missing break in switch")
      Signed-off-by: NGustavo A. R. Silva <garsilva@embeddedor.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      46cd7503
    • D
      Merge branch 'SCTP-PMTU-discovery-fixes' · 313c86da
      David S. Miller 提交于
      Marcelo Ricardo Leitner says:
      
      ====================
      SCTP PMTU discovery fixes
      
      This patchset fixes 2 issues with PMTU discovery that can lead to flood
      of retransmissions.
      The first patch fixes the issue for when PMTUD is disabled by the
      application, while the second fixes it for when its enabled.
      
      Please consider these to stable.
      ====================
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      313c86da
    • M
      sctp: fix the handling of ICMP Frag Needed for too small MTUs · b6c5734d
      Marcelo Ricardo Leitner 提交于
      syzbot reported a hang involving SCTP, on which it kept flooding dmesg
      with the message:
      [  246.742374] sctp: sctp_transport_update_pmtu: Reported pmtu 508 too
      low, using default minimum of 512
      
      That happened because whenever SCTP hits an ICMP Frag Needed, it tries
      to adjust to the new MTU and triggers an immediate retransmission. But
      it didn't consider the fact that MTUs smaller than the SCTP minimum MTU
      allowed (512) would not cause the PMTU to change, and issued the
      retransmission anyway (thus leading to another ICMP Frag Needed, and so
      on).
      
      As IPv4 (ip_rt_min_pmtu=556) and IPv6 (IPV6_MIN_MTU=1280) minimum MTU
      are higher than that, sctp_transport_update_pmtu() is changed to
      re-fetch the PMTU that got set after our request, and with that, detect
      if there was an actual change or not.
      
      The fix, thus, skips the immediate retransmission if the received ICMP
      resulted in no change, in the hope that SCTP will select another path.
      
      Note: The value being used for the minimum MTU (512,
      SCTP_DEFAULT_MINSEGMENT) is not right and instead it should be (576,
      SCTP_MIN_PMTU), but such change belongs to another patch.
      
      Changes from v1:
      - do not disable PMTU discovery, in the light of commit
      06ad3919 ("[SCTP] Don't disable PMTU discovery when mtu is small")
      and as suggested by Xin Long.
      - changed the way to break the rtx loop by detecting if the icmp
        resulted in a change or not
      Changes from v2:
      none
      
      See-also: https://lkml.org/lkml/2017/12/22/811Reported-by: Nsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b6c5734d
    • M
      sctp: do not retransmit upon FragNeeded if PMTU discovery is disabled · cc35c3d1
      Marcelo Ricardo Leitner 提交于
      Currently, if PMTU discovery is disabled on a given transport, but the
      configured value is higher than the actual PMTU, it is likely that we
      will get some icmp Frag Needed. The issue is, if PMTU discovery is
      disabled, we won't update the information and will issue a
      retransmission immediately, which may very well trigger another ICMP,
      and another retransmission, leading to a loop.
      
      The fix is to simply not trigger immediate retransmissions if PMTU
      discovery is disabled on the given transport.
      
      Changes from v2:
      - updated stale comment, noticed by Xin Long
      Signed-off-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cc35c3d1
    • E
      xen-netfront: enable device after manual module load · b707fda2
      Eduardo Otubo 提交于
      When loading the module after unloading it, the network interface would
      not be enabled and thus wouldn't have a backend counterpart and unable
      to be used by the guest.
      
      The guest would face errors like:
      
        [root@guest ~]# ethtool -i eth0
        Cannot get driver information: No such device
      
        [root@guest ~]# ifconfig eth0
        eth0: error fetching interface information: Device not found
      
      This patch initializes the state of the netfront device whenever it is
      loaded manually, this state would communicate the netback to create its
      device and establish the connection between them.
      Signed-off-by: NEduardo Otubo <otubo@redhat.com>
      Reviewed-by: NBoris Ostrovsky <boris.ostrovsky@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b707fda2
    • D
      Merge branch 'bnxt_en_fixes' · bde21915
      David S. Miller 提交于
      Michael Chan says:
      
      ====================
      bnxt_en: 2 small bug fixes.
      
      The first one fixes the TC Flower flow parameter passed to firmware.  The
      2nd one fixes the VF index range checking for iproute2 SRIOV related commands.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bde21915
    • V
      bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. · 78f30004
      Venkat Duvvuru 提交于
      In bnxt_vf_ndo_prep (which is called by bnxt_get_vf_config ndo), there is a
      check for "Invalid VF id". Currently, the check is done against max_vfs.
      However, the user doesn't always create max_vfs. So, the check should be
      against the created number of VFs. The number of bnxt_vf_info structures
      that are allocated in bnxt_alloc_vf_resources routine is the "number of
      requested VFs". So, if an "invalid VF id" falls between the requested
      number of VFs and the max_vfs, the driver will be dereferencing an invalid
      pointer.
      
      Fixes: c0c050c5 ("bnxt_en: New Broadcom ethernet driver.")
      Signed-off-by: NVenkat Devvuru <venkatkumar.duvvuru@broadcom.com>
      Signed-off-by: NMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      78f30004
    • S
      bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc() · 7deea450
      Sunil Challa 提交于
      flow_type in HWRM_FLOW_ALLOC is not being populated correctly due to
      incorrect passing of pointer and size of l3_mask argument of is_wildcard().
      Fixed this.
      
      Fixes: db1d36a2 ("bnxt_en: add TC flower offload flow_alloc/free FW cmds")
      Signed-off-by: NSunil Challa <sunilkumar.challa@broadcom.com>
      Reviewed-by: NSathya Perla <sathya.perla@broadcom.com>
      Reviewed-by: NVenkat Duvvuru <venkatkumar.duvvuru@broadcom.com>
      Signed-off-by: NMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7deea450
    • L
      Merge branch 'for-4.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup · 29f7e499
      Linus Torvalds 提交于
      Pull cgroup fixes from Tejun Heo:
       "This contains fixes for the following two non-trivial issues:
      
         - The task iterator got broken while adding thread mode support for
           v4.14. It was less visible because it only triggers when both
           cgroup1 and cgroup2 hierarchies are in use. The recent versions of
           systemd uses cgroup2 for process management even when cgroup1 is
           used for resource control exposing this issue.
      
         - cpuset CPU hotplug path could deadlock when racing against exits.
      
        There also are two patches to replace unlimited strcpy() usages with
        strlcpy()"
      
      * 'for-4.15-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
        cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC
        cgroup: Fix deadlock in cpu hotplug path
        cgroup: use strlcpy() instead of strscpy() to avoid spurious warning
        cgroup: avoid copying strings longer than the buffers
      29f7e499
    • R
      platform/x86: wmi: Call acpi_wmi_init() later · 98b8e4e5
      Rafael J. Wysocki 提交于
      Calling acpi_wmi_init() at the subsys_initcall() level causes ordering
      issues to appear on some systems and they are difficult to reproduce,
      because there is no guaranteed ordering between subsys_initcall()
      calls, so they may occur in different orders on different systems.
      
      In particular, commit 86d9f485 (mm/slab: fix kmemcg cache
      creation delayed issue) exposed one of these issues where genl_init()
      and acpi_wmi_init() are both called at the same initcall level, but
      the former must run before the latter so as to avoid a NULL pointer
      dereference.
      
      For this reason, move the acpi_wmi_init() invocation to the
      initcall_sync level which should still be early enough for things
      to work correctly in the WMI land.
      
      Link: https://marc.info/?t=151274596700002&r=1&w=2Reported-by: NJonathan McDowell <noodles@earth.li>
      Reported-by: NJoonsoo Kim <iamjoonsoo.kim@lge.com>
      Tested-by: NJonathan McDowell <noodles@earth.li>
      Signed-off-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Signed-off-by: NDarren Hart (VMware) <dvhart@infradead.org>
      98b8e4e5
  3. 08 1月, 2018 5 次提交
  4. 07 1月, 2018 6 次提交
  5. 06 1月, 2018 11 次提交