1. 26 1月, 2018 3 次提交
  2. 25 1月, 2018 21 次提交
  3. 24 1月, 2018 12 次提交
    • Y
      mlxsw: spectrum_router: Don't log an error on missing neighbor · 1ecdaea0
      Yuval Mintz 提交于
      Driver periodically samples all neighbors configured in device
      in order to update the kernel regarding their state. When finding
      an entry configured in HW that doesn't show in neigh_lookup()
      driver logs an error message.
      This introduces a race when removing multiple neighbors -
      it's possible that a given entry would still be configured in HW
      as its removal is still being processed but is already removed
      from the kernel's neighbor tables.
      
      Simply remove the error message and gracefully accept such events.
      
      Fixes: c723c735 ("mlxsw: spectrum_router: Periodically update the kernel's neigh table")
      Fixes: 60f040ca ("mlxsw: spectrum_router: Periodically dump active IPv6 neighbours")
      Signed-off-by: NYuval Mintz <yuvalm@mellanox.com>
      Reviewed-by: NIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: NJiri Pirko <jiri@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1ecdaea0
    • D
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec · 97edf7c5
      David S. Miller 提交于
      Steffen Klassert says:
      
      ====================
      pull request (net): ipsec 2018-01-24
      
      1) Only offloads SAs after they are fully initialized.
         Otherwise a NIC may receive packets on a SA we can
         not yet handle in the stack.
         From Yossi Kuperman.
      
      2) Fix negative refcount in case of a failing offload.
         From Aviad Yehezkel.
      
      3) Fix inner IP ptoro version when decapsulating
         from interaddress family tunnels.
         From Yossi Kuperman.
      
      4) Use true or false for boolean variables instead of an
         integer value in xfrm_get_type_offload.
         From Gustavo A. R. Silva.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      97edf7c5
    • R
      Merge tag 'kvm-s390-master-4.15-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux · bda646dd
      Radim Krčmář 提交于
      KVM: s390: another fix for cmma migration
      
      This fixes races and potential use after free in the
      cmma migration code.
      bda646dd
    • C
      KVM: s390: add proper locking for CMMA migration bitmap · 1de1ea7e
      Christian Borntraeger 提交于
      Some parts of the cmma migration bitmap is already protected
      with the kvm->lock (e.g. the migration start). On the other
      hand the read of the cmma bits is not protected against a
      concurrent free, neither is the emulation of the ESSA instruction.
      Let's extend the locking to all related ioctls by using
      the slots lock for
      - kvm_s390_vm_start_migration
      - kvm_s390_vm_stop_migration
      - kvm_s390_set_cmma_bits
      - kvm_s390_get_cmma_bits
      
      In addition to that, we use synchronize_srcu before freeing
      the migration structure as all users hold kvm->srcu for read.
      (e.g. the ESSA handler).
      Reported-by: NDavid Hildenbrand <david@redhat.com>
      Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com>
      Cc: stable@vger.kernel.org # 4.13+
      Fixes: 190df4a2 (KVM: s390: CMMA tracking, ESSA emulation, migration mode)
      Reviewed-by: NClaudio Imbrenda <imbrenda@linux.vnet.ibm.com>
      Reviewed-by: NDavid Hildenbrand <david@redhat.com>
      Reviewed-by: NCornelia Huck <cohuck@redhat.com>
      1de1ea7e
    • N
      vmxnet3: repair memory leak · 848b1598
      Neil Horman 提交于
      with the introduction of commit
      b0eb57cb, it appears that rq->buf_info
      is improperly handled.  While it is heap allocated when an rx queue is
      setup, and freed when torn down, an old line of code in
      vmxnet3_rq_destroy was not properly removed, leading to rq->buf_info[0]
      being set to NULL prior to its being freed, causing a memory leak, which
      eventually exhausts the system on repeated create/destroy operations
      (for example, when  the mtu of a vmxnet3 interface is changed
      frequently.
      
      Fix is pretty straight forward, just move the NULL set to after the
      free.
      
      Tested by myself with successful results
      
      Applies to net, and should likely be queued for stable, please
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      Reported-By: boyang@redhat.com
      CC: boyang@redhat.com
      CC: Shrikrishna Khare <skhare@vmware.com>
      CC: "VMware, Inc." <pv-drivers@vmware.com>
      CC: David S. Miller <davem@davemloft.net>
      Acked-by: NShrikrishna Khare <skhare@vmware.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      848b1598
    • B
      ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL · e9191ffb
      Ben Hutchings 提交于
      Commit 513674b5 ("net: reevalulate autoflowlabel setting after
      sysctl setting") removed the initialisation of
      ipv6_pinfo::autoflowlabel and added a second flag to indicate
      whether this field or the net namespace default should be used.
      
      The getsockopt() handling for this case was not updated, so it
      currently returns 0 for all sockets for which IPV6_AUTOFLOWLABEL is
      not explicitly enabled.  Fix it to return the effective value, whether
      that has been set at the socket or net namespace level.
      
      Fixes: 513674b5 ("net: reevalulate autoflowlabel setting after sysctl ...")
      Signed-off-by: NBen Hutchings <ben.hutchings@codethink.co.uk>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e9191ffb
    • G
      pppoe: take ->needed_headroom of lower device into account on xmit · 02612bb0
      Guillaume Nault 提交于
      In pppoe_sendmsg(), reserving dev->hard_header_len bytes of headroom
      was probably fine before the introduction of ->needed_headroom in
      commit f5184d26 ("net: Allow netdevices to specify needed head/tailroom").
      
      But now, virtual devices typically advertise the size of their overhead
      in dev->needed_headroom, so we must also take it into account in
      skb_reserve().
      Allocation size of skb is also updated to take dev->needed_tailroom
      into account and replace the arbitrary 32 bytes with the real size of
      a PPPoE header.
      
      This issue was discovered by syzbot, who connected a pppoe socket to a
      gre device which had dev->header_ops->create == ipgre_header and
      dev->hard_header_len == 0. Therefore, PPPoE didn't reserve any
      headroom, and dev_hard_header() crashed when ipgre_header() tried to
      prepend its header to skb->data.
      
      skbuff: skb_under_panic: text:000000001d390b3a len:31 put:24
      head:00000000d8ed776f data:000000008150e823 tail:0x7 end:0xc0 dev:gre0
      ------------[ cut here ]------------
      kernel BUG at net/core/skbuff.c:104!
      invalid opcode: 0000 [#1] SMP KASAN
      Dumping ftrace buffer:
          (ftrace buffer empty)
      Modules linked in:
      CPU: 1 PID: 3670 Comm: syzkaller801466 Not tainted
      4.15.0-rc7-next-20180115+ #97
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
      Google 01/01/2011
      RIP: 0010:skb_panic+0x162/0x1f0 net/core/skbuff.c:100
      RSP: 0018:ffff8801d9bd7840 EFLAGS: 00010282
      RAX: 0000000000000083 RBX: ffff8801d4f083c0 RCX: 0000000000000000
      RDX: 0000000000000083 RSI: 1ffff1003b37ae92 RDI: ffffed003b37aefc
      RBP: ffff8801d9bd78a8 R08: 1ffff1003b37ae8a R09: 0000000000000000
      R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff86200de0
      R13: ffffffff84a981ad R14: 0000000000000018 R15: ffff8801d2d34180
      FS:  00000000019c4880(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00000000208bc000 CR3: 00000001d9111001 CR4: 00000000001606e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
        skb_under_panic net/core/skbuff.c:114 [inline]
        skb_push+0xce/0xf0 net/core/skbuff.c:1714
        ipgre_header+0x6d/0x4e0 net/ipv4/ip_gre.c:879
        dev_hard_header include/linux/netdevice.h:2723 [inline]
        pppoe_sendmsg+0x58e/0x8b0 drivers/net/ppp/pppoe.c:890
        sock_sendmsg_nosec net/socket.c:630 [inline]
        sock_sendmsg+0xca/0x110 net/socket.c:640
        sock_write_iter+0x31a/0x5d0 net/socket.c:909
        call_write_iter include/linux/fs.h:1775 [inline]
        do_iter_readv_writev+0x525/0x7f0 fs/read_write.c:653
        do_iter_write+0x154/0x540 fs/read_write.c:932
        vfs_writev+0x18a/0x340 fs/read_write.c:977
        do_writev+0xfc/0x2a0 fs/read_write.c:1012
        SYSC_writev fs/read_write.c:1085 [inline]
        SyS_writev+0x27/0x30 fs/read_write.c:1082
        entry_SYSCALL_64_fastpath+0x29/0xa0
      
      Admittedly PPPoE shouldn't be allowed to run on non Ethernet-like
      interfaces, but reserving space for ->needed_headroom is a more
      fundamental issue that needs to be addressed first.
      
      Same problem exists for __pppoe_xmit(), which also needs to take
      dev->needed_headroom into account in skb_cow_head().
      
      Fixes: f5184d26 ("net: Allow netdevices to specify needed head/tailroom")
      Reported-by: syzbot+ed0838d0fa4c4f2b528e20286e6dc63effc7c14d@syzkaller.appspotmail.com
      Signed-off-by: NGuillaume Nault <g.nault@alphalink.fr>
      Reviewed-by: NXin Long <lucien.xin@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      02612bb0
    • S
      tracing: Update stack trace skipping for ORC unwinder · 2ee5b92a
      Steven Rostedt (VMware) 提交于
      With the addition of ORC unwinder and FRAME POINTER unwinder, the stack
      trace skipping requirements have changed.
      
      I went through the tracing stack trace dumps with ORC and with frame
      pointers and recalculated the proper values.
      Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>
      2ee5b92a
    • S
      ftrace, orc, x86: Handle ftrace dynamically allocated trampolines · 6be7fa3c
      Steven Rostedt (VMware) 提交于
      The function tracer can create a dynamically allocated trampoline that is
      called by the function mcount or fentry hook that is used to call the
      function callback that is registered. The problem is that the orc undwinder
      will bail if it encounters one of these trampolines. This breaks the stack
      trace of function callbacks, which include the stack tracer and setting the
      stack trace for individual functions.
      
      Since these dynamic trampolines are basically copies of the static ftrace
      trampolines defined in ftrace_*.S, we do not need to create new orc entries
      for the dynamic trampolines. Finding the return address on the stack will be
      identical as the functions that were copied to create the dynamic
      trampolines. When encountering a ftrace dynamic trampoline, we can just use
      the orc entry of the ftrace static function that was copied for that
      trampoline.
      Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>
      6be7fa3c
    • L
      Merge tag 'pci-v4.15-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 1f07476e
      Linus Torvalds 提交于
      Pull PCI fix from Bjorn Helgaas:
       "Fix AMD regression due to not re-enabling the big window on resume
        (Christian König)"
      
      * tag 'pci-v4.15-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        x86/PCI: Enable AMD 64-bit window on resume
      1f07476e
    • J
      x86/ftrace: Fix ORC unwinding from ftrace handlers · e2ac83d7
      Josh Poimboeuf 提交于
      Steven Rostedt discovered that the ftrace stack tracer is broken when
      it's used with the ORC unwinder.  The problem is that objtool is
      instructed by the Makefile to ignore the ftrace_64.S code, so it doesn't
      generate any ORC data for it.
      
      Fix it by making the asm code objtool-friendly:
      
      - Objtool doesn't like the fact that save_mcount_regs pushes RBP at the
        beginning, but it's never restored (directly, at least).  So just skip
        the original RBP push, which is only needed for frame pointers anyway.
      
      - Annotate some functions as normal callable functions with
        ENTRY/ENDPROC.
      
      - Add an empty unwind hint to return_to_handler().  The return address
        isn't on the stack, so there's nothing ORC can do there.  It will just
        punt in the unlikely case it tries to unwind from that code.
      
      With all that fixed, remove the OBJECT_FILES_NON_STANDARD Makefile
      annotation so objtool can read the file.
      
      Link: http://lkml.kernel.org/r/20180123040746.ih4ep3tk4pbjvg7c@trebleReported-by: NSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: NJosh Poimboeuf <jpoimboe@redhat.com>
      Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>
      e2ac83d7
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · a84a8ab9
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Fix divide by zero in mlx5, from Talut Batheesh.
      
       2) Guard against invalid GSO packets coming from untrusted guests and
          arriving in qdisc_pkt_len_init(), from Eric Dumazet.
      
       3) Similarly add such protection to the various protocol GSO handlers.
          From Willem de Bruijn.
      
       4) Fix regression added to IGMP source address checking for IGMPv3
          reports, from Felix Feitkau.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        tls: Correct length of scatterlist in tls_sw_sendpage
        be2net: restore properly promisc mode after queues reconfiguration
        net: igmp: fix source address check for IGMPv3 reports
        gso: validate gso_type in GSO handlers
        net: qdisc_pkt_len_init() should be more robust
        ibmvnic: Allocate and request vpd in init_resources
        ibmvnic: Revert to previous mtu when unsupported value requested
        ibmvnic: Modify buffer size and number of queues on failover
        rds: tcp: compute m_ack_seq as offset from ->write_seq
        usbnet: silence an unnecessary warning
        cxgb4: fix endianness for vlan value in cxgb4_tc_flower
        cxgb4: set filter type to 1 for ETH_P_IPV6
        net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare
      a84a8ab9
  4. 23 1月, 2018 4 次提交