1. 17 3月, 2017 6 次提交
  2. 16 3月, 2017 12 次提交
    • J
      nl80211: fix dumpit error path RTNL deadlocks · ea90e0dc
      Johannes Berg 提交于
      Sowmini pointed out Dmitry's RTNL deadlock report to me, and it turns out
      to be perfectly accurate - there are various error paths that miss unlock
      of the RTNL.
      
      To fix those, change the locking a bit to not be conditional in all those
      nl80211_prepare_*_dump() functions, but make those require the RTNL to
      start with, and fix the buggy error paths. This also let me use sparse
      (by appropriately overriding the rtnl_lock/rtnl_unlock functions) to
      validate the changes.
      
      Cc: stable@vger.kernel.org
      Reported-by: NSowmini Varadhan <sowmini.varadhan@oracle.com>
      Reported-by: NDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      ea90e0dc
    • E
      net: properly release sk_frag.page · 22a0e18e
      Eric Dumazet 提交于
      I mistakenly added the code to release sk->sk_frag in
      sk_common_release() instead of sk_destruct()
      
      TCP sockets using sk->sk_allocation == GFP_ATOMIC do no call
      sk_common_release() at close time, thus leaking one (order-3) page.
      
      iSCSI is using such sockets.
      
      Fixes: 5640f768 ("net: use a per task frag allocator")
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      22a0e18e
    • L
      amd-xgbe: Fix jumbo MTU processing on newer hardware · 622c36f1
      Lendacky, Thomas 提交于
      Newer hardware does not provide a cumulative payload length when multiple
      descriptors are needed to handle the data. Once the MTU increases beyond
      the size that can be handled by a single descriptor, the SKB does not get
      built properly by the driver.
      
      The driver will now calculate the size of the data buffers used by the
      hardware.  The first buffer of the first descriptor is for packet headers
      or packet headers and data when the headers can't be split. Subsequent
      descriptors in a multi-descriptor chain will not use the first buffer. The
      second buffer is used by all the descriptors in the chain for payload data.
      Based on whether the driver is processing the first, intermediate, or last
      descriptor it can calculate the buffer usage and build the SKB properly.
      
      Tested and verified on both old and new hardware.
      Signed-off-by: NTom Lendacky <thomas.lendacky@amd.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      622c36f1
    • F
      net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled · 5371bbf4
      Florian Fainelli 提交于
      Suspending the PHY would be putting it in a low power state where it
      may no longer allow us to do Wake-on-LAN.
      
      Fixes: cc013fb4 ("net: bcmgenet: correctly suspend and resume PHY device")
      Signed-off-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5371bbf4
    • P
      MAINTAINERS: remove MACVLAN and VLAN entries · 88d339e2
      Pablo Neira 提交于
      macvlan.c file seems to be both in VLAN and MACVLAN DRIVER, so remove
      the MACVLAN DRIVER since this is redundant.
      
      I propose with this patch to remove the VLAN (802.1Q) entry so this just
      falls into the NETWORKING [GENERAL].
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      88d339e2
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · e11607aa
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree, a
      rather large batch of fixes targeted to nf_tables, conntrack and bridge
      netfilter. More specifically, they are:
      
      1) Don't track fragmented packets if the socket option IP_NODEFRAG is set.
         From Florian Westphal.
      
      2) SCTP protocol tracker assumes that ICMP error messages contain the
         checksum field, what results in packet drops. From Ying Xue.
      
      3) Fix inconsistent handling of AH traffic from nf_tables.
      
      4) Fix new bitmap set representation with big endian. Fix mismatches in
         nf_tables due to incorrect big endian handling too. Both patches
         from Liping Zhang.
      
      5) Bridge netfilter doesn't honor maximum fragment size field, cap to
         largest fragment seen. From Florian Westphal.
      
      6) Fake conntrack entry needs to be aligned to 8 bytes since the 3 LSB
         bits are now used to store the ctinfo. From Steven Rostedt.
      
      7) Fix element comments with the bitmap set type. Revert the flush
         field in the nft_set_iter structure, not required anymore after
         fixing up element comments.
      
      8) Missing error on invalid conntrack direction from nft_ct, also from
         Liping Zhang.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e11607aa
    • O
      net/openvswitch: Set the ipv6 source tunnel key address attribute correctly · 3d20f1f7
      Or Gerlitz 提交于
      When dealing with ipv6 source tunnel key address attribute
      (OVS_TUNNEL_KEY_ATTR_IPV6_SRC) we are wrongly setting the tunnel
      dst ip, fix that.
      
      Fixes: 6b26ba3a ('openvswitch: netlink attributes for IPv6 tunneling')
      Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
      Reported-by: NPaul Blakey <paulb@mellanox.com>
      Acked-by: NJiri Benc <jbenc@redhat.com>
      Acked-by: NJoe Stringer <joe@ovn.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3d20f1f7
    • T
      fjes: Fix wrong netdevice feature flags · fe8daf5f
      Taku Izumi 提交于
      This patch fixes netdev->features for Extended Socket network device.
      
      Currently Extended Socket network device's netdev->feature claims
      NETIF_F_HW_CSUM, however this is completely wrong. There's no feature
      of checksum offloading.
      That causes invalid TCP/UDP checksum and packet rejection when IP
      forwarding from Extended Socket network device to other network device.
      
      NETIF_F_HW_CSUM should be omitted.
      Signed-off-by: NTaku Izumi <izumi.taku@jp.fujitsu.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fe8daf5f
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 95422dec
      Linus Torvalds 提交于
      Pull SCSI fixes from James Bottomley:
       "This is a rather large set of fixes. The bulk are for lpfc correcting
        a lot of issues in the new NVME driver code which just went in in the
        merge window.
      
        The others are:
      
         - fix a hang in the vmware paravirt driver caused by incorrect
           handling of the new MSI vector allocation
      
         - long standing bug in storvsc, which recent block changes turned
           from being a harmless annoyance into a hang
      
         - yet more fallout (in mpt3sas) from the changes to device blocking
      
        The remainder are small fixes and updates"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (34 commits)
        scsi: lpfc: Add shutdown method for kexec
        scsi: storvsc: Workaround for virtual DVD SCSI version
        scsi: lpfc: revise version number to 11.2.0.10
        scsi: lpfc: code cleanups in NVME initiator discovery
        scsi: lpfc: code cleanups in NVME initiator base
        scsi: lpfc: correct rdp diag portnames
        scsi: lpfc: remove dead sli3 nvme code
        scsi: lpfc: correct double print
        scsi: lpfc: Rename LPFC_MAX_EQ_DELAY to LPFC_MAX_EQ_DELAY_EQID_CNT
        scsi: lpfc: Rework lpfc Kconfig for NVME options
        scsi: lpfc: add transport eh_timed_out reference
        scsi: lpfc: Fix eh_deadline setting for sli3 adapters.
        scsi: lpfc: add NVME exchange aborts
        scsi: lpfc: Fix nvme allocation bug on failed nvme_fc_register_localport
        scsi: lpfc: Fix IO submission if WQ is full
        scsi: lpfc: Fix NVME CMD IU byte swapped word 1 problem
        scsi: lpfc: Fix RCTL value on NVME LS request and response
        scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters
        scsi: lpfc: fix missing spin_unlock on sql_list_lock
        scsi: lpfc: don't dereference dma_buf->iocbq before null check
        ...
      95422dec
    • L
      Merge tag 'gfs2-4.11-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 · aabcf5fc
      Linus Torvalds 提交于
      Pull gfs2 fix from Bob Peterson:
       "This is an emergency patch for 4.11-rc3
      
        The GFS2 developers uncovered a really nasty problem that can lead to
        random corruption and kernel panic, much like the last one. Andreas
        Gruenbacher wrote a simple one-line patch to fix the problem."
      
      * tag 'gfs2-4.11-rc3.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
        gfs2: Avoid alignment hole in struct lm_lockname
      aabcf5fc
    • L
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · defc7d75
      Linus Torvalds 提交于
      Pull crypto fixes from Herbert Xu:
      
       - self-test failure of crc32c on powerpc
      
       - regressions of ecb(aes) when used with xts/lrw in s5p-sss
      
       - a number of bugs in the omap RNG driver
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: s5p-sss - Fix spinlock recursion on LRW(AES)
        hwrng: omap - Do not access INTMASK_REG on EIP76
        hwrng: omap - use devm_clk_get() instead of of_clk_get()
        hwrng: omap - write registers after enabling the clock
        crypto: s5p-sss - Fix completing crypto request in IRQ handler
        crypto: powerpc - Fix initialisation of crc32c context
      defc7d75
    • L
      netfilter: nft_ct: do cleanup work when NFTA_CT_DIRECTION is invalid · 4494dbc6
      Liping Zhang 提交于
      We should jump to invoke __nft_ct_set_destroy() instead of just
      return error.
      
      Fixes: edee4f1e ("netfilter: nft_ct: add zone id set support")
      Signed-off-by: NLiping Zhang <zlpnobody@gmail.com>
      Acked-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      4494dbc6
  3. 15 3月, 2017 18 次提交
  4. 14 3月, 2017 4 次提交
    • H
      dccp: fix memory leak during tear-down of unsuccessful connection request · 72ef9c41
      Hannes Frederic Sowa 提交于
      This patch fixes a memory leak, which happens if the connection request
      is not fulfilled between parsing the DCCP options and handling the SYN
      (because e.g. the backlog is full), because we forgot to free the
      list of ack vectors.
      Reported-by: NJianwen Ji <jiji@redhat.com>
      Signed-off-by: NHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      72ef9c41
    • H
      tun: fix premature POLLOUT notification on tun devices · b20e2d54
      Hannes Frederic Sowa 提交于
      aszlig observed failing ssh tunnels (-w) during initialization since
      commit cc9da6cc ("ipv6: addrconf: use stable address generator for
      ARPHRD_NONE"). We already had reports that the mentioned commit breaks
      Juniper VPN connections. I can't clearly say that the Juniper VPN client
      has the same problem, but it is worth a try to hint to this patch.
      
      Because of the early generation of link local addresses, the kernel now
      can start asking for routers on the local subnet much earlier than usual.
      Those router solicitation packets arrive inside the ssh channels and
      should be transmitted to the tun fd before the configuration scripts
      might have upped the interface and made it ready for transmission.
      
      ssh polls on the interface and receives back a POLL_OUT. It tries to send
      the earily router solicitation packet to the tun interface.  Unfortunately
      it hasn't been up'ed yet by config scripts, thus failing with -EIO. ssh
      doesn't retry again and considers the tun interface broken forever.
      
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=121131
      Fixes: cc9da6cc ("ipv6: addrconf: use stable address generator for ARPHRD_NONE")
      Cc: Bjørn Mork <bjorn@mork.no>
      Reported-by: NValdis Kletnieks <Valdis.Kletnieks@vt.edu>
      Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
      Reported-by: NJonas Lippuner <jonas@lippuner.ca>
      Cc: Jonas Lippuner <jonas@lippuner.ca>
      Reported-by: Naszlig <aszlig@redmoonstudios.org>
      Cc: aszlig <aszlig@redmoonstudios.org>
      Signed-off-by: NHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b20e2d54
    • J
      dccp/tcp: fix routing redirect race · 45caeaa5
      Jon Maxwell 提交于
      As Eric Dumazet pointed out this also needs to be fixed in IPv6.
      v2: Contains the IPv6 tcp/Ipv6 dccp patches as well.
      
      We have seen a few incidents lately where a dst_enty has been freed
      with a dangling TCP socket reference (sk->sk_dst_cache) pointing to that
      dst_entry. If the conditions/timings are right a crash then ensues when the
      freed dst_entry is referenced later on. A Common crashing back trace is:
      
       #8 [] page_fault at ffffffff8163e648
          [exception RIP: __tcp_ack_snd_check+74]
      .
      .
       #9 [] tcp_rcv_established at ffffffff81580b64
      #10 [] tcp_v4_do_rcv at ffffffff8158b54a
      #11 [] tcp_v4_rcv at ffffffff8158cd02
      #12 [] ip_local_deliver_finish at ffffffff815668f4
      #13 [] ip_local_deliver at ffffffff81566bd9
      #14 [] ip_rcv_finish at ffffffff8156656d
      #15 [] ip_rcv at ffffffff81566f06
      #16 [] __netif_receive_skb_core at ffffffff8152b3a2
      #17 [] __netif_receive_skb at ffffffff8152b608
      #18 [] netif_receive_skb at ffffffff8152b690
      #19 [] vmxnet3_rq_rx_complete at ffffffffa015eeaf [vmxnet3]
      #20 [] vmxnet3_poll_rx_only at ffffffffa015f32a [vmxnet3]
      #21 [] net_rx_action at ffffffff8152bac2
      #22 [] __do_softirq at ffffffff81084b4f
      #23 [] call_softirq at ffffffff8164845c
      #24 [] do_softirq at ffffffff81016fc5
      #25 [] irq_exit at ffffffff81084ee5
      #26 [] do_IRQ at ffffffff81648ff8
      
      Of course it may happen with other NIC drivers as well.
      
      It's found the freed dst_entry here:
      
       224 static bool tcp_in_quickack_mode(struct sock *sk)
       225 {
       226 ▹       const struct inet_connection_sock *icsk = inet_csk(sk);
       227 ▹       const struct dst_entry *dst = __sk_dst_get(sk);
       228 
       229 ▹       return (dst && dst_metric(dst, RTAX_QUICKACK)) ||
       230 ▹       ▹       (icsk->icsk_ack.quick && !icsk->icsk_ack.pingpong);
       231 }
      
      But there are other backtraces attributed to the same freed dst_entry in
      netfilter code as well.
      
      All the vmcores showed 2 significant clues:
      
      - Remote hosts behind the default gateway had always been redirected to a
      different gateway. A rtable/dst_entry will be added for that host. Making
      more dst_entrys with lower reference counts. Making this more probable.
      
      - All vmcores showed a postitive LockDroppedIcmps value, e.g:
      
      LockDroppedIcmps                  267
      
      A closer look at the tcp_v4_err() handler revealed that do_redirect() will run
      regardless of whether user space has the socket locked. This can result in a
      race condition where the same dst_entry cached in sk->sk_dst_entry can be
      decremented twice for the same socket via:
      
      do_redirect()->__sk_dst_check()-> dst_release().
      
      Which leads to the dst_entry being prematurely freed with another socket
      pointing to it via sk->sk_dst_cache and a subsequent crash.
      
      To fix this skip do_redirect() if usespace has the socket locked. Instead let
      the redirect take place later when user space does not have the socket
      locked.
      
      The dccp/IPv6 code is very similar in this respect, so fixing it there too.
      
      As Eric Garver pointed out the following commit now invalidates routes. Which
      can set the dst->obsolete flag so that ipv4_dst_check() returns null and
      triggers the dst_release().
      
      Fixes: ceb33206 ("ipv4: Kill routes during PMTU/redirect updates.")
      Cc: Eric Garver <egarver@redhat.com>
      Cc: Hannes Sowa <hsowa@redhat.com>
      Signed-off-by: NJon Maxwell <jmaxwell37@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      45caeaa5
    • Z
      ucc/hdlc: fix two little issue · 02bb56dd
      Zhao Qiang 提交于
      1. modify bd_status from u32 to u16 in function hdlc_rx_done,
      because bd_status register is 16bits
      2. write bd_length register before writing bd_status register
      Signed-off-by: NZhao Qiang <qiang.zhao@nxp.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      02bb56dd