1. 02 6月, 2020 12 次提交
    • P
      net: flow_offload: consolidate indirect flow_block infrastructure · 1fac52da
      Pablo Neira Ayuso 提交于
      Tunnel devices provide no dev->netdev_ops->ndo_setup_tc(...) interface.
      The tunnel device and route control plane does not provide an obvious
      way to relate tunnel and physical devices.
      
      This patch allows drivers to register a tunnel device offload handler
      for the tc and netfilter frontends through flow_indr_dev_register() and
      flow_indr_dev_unregister().
      
      The frontend calls flow_indr_dev_setup_offload() that iterates over the
      list of drivers that are offering tunnel device hardware offload
      support and it sets up the flow block for this tunnel device.
      
      If the driver module is removed, the indirect flow_block ends up with a
      stale callback reference. The module removal path triggers the
      dev_shutdown() path to remove the qdisc and the flow_blocks for the
      physical devices. However, this is not useful for tunnel devices, where
      relation between the physical and the tunnel device is not explicit.
      
      This patch introduces a cleanup callback that is invoked when the driver
      module is removed to clean up the tunnel device flow_block. This patch
      defines struct flow_block_indr and it uses it from flow_block_cb to
      store the information that front-end requires to perform the
      flow_block_cb cleanup on module removal.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1fac52da
    • P
      netfilter: nf_flowtable: expose nf_flow_table_gc_cleanup() · a8284c68
      Pablo Neira Ayuso 提交于
      This function schedules the flow teardown state and it forces a gc run.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a8284c68
    • D
      net/sched: fix a couple of splats in the error path of tfc_gate_init() · a01c2454
      Davide Caratti 提交于
      trying to configure TC 'act_gate' rules with invalid control actions, the
      following splat can be observed:
      
       general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI
       KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
       CPU: 1 PID: 2143 Comm: tc Not tainted 5.7.0-rc6+ #168
       Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014
       RIP: 0010:hrtimer_active+0x56/0x290
       [...]
        Call Trace:
        hrtimer_try_to_cancel+0x6d/0x330
        hrtimer_cancel+0x11/0x20
        tcf_gate_cleanup+0x15/0x30 [act_gate]
        tcf_action_cleanup+0x58/0x170
        __tcf_action_put+0xb0/0xe0
        __tcf_idr_release+0x68/0x90
        tcf_gate_init+0x7c7/0x19a0 [act_gate]
        tcf_action_init_1+0x60f/0x960
        tcf_action_init+0x157/0x2a0
        tcf_action_add+0xd9/0x2f0
        tc_ctl_action+0x2a3/0x39d
        rtnetlink_rcv_msg+0x5f3/0x920
        netlink_rcv_skb+0x121/0x350
        netlink_unicast+0x439/0x630
        netlink_sendmsg+0x714/0xbf0
        sock_sendmsg+0xe2/0x110
        ____sys_sendmsg+0x5b4/0x890
        ___sys_sendmsg+0xe9/0x160
        __sys_sendmsg+0xd3/0x170
        do_syscall_64+0x9a/0x370
        entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      this is caused by hrtimer_cancel(), running before hrtimer_init(). Fix it
      ensuring to call hrtimer_cancel() only if clockid is valid, and the timer
      has been initialized. After fixing this splat, the same error path causes
      another problem:
      
       general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI
       KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
       CPU: 1 PID: 980 Comm: tc Not tainted 5.7.0-rc6+ #168
       Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014
       RIP: 0010:release_entry_list+0x4a/0x240 [act_gate]
       [...]
       Call Trace:
        tcf_action_cleanup+0x58/0x170
        __tcf_action_put+0xb0/0xe0
        __tcf_idr_release+0x68/0x90
        tcf_gate_init+0x7ab/0x19a0 [act_gate]
        tcf_action_init_1+0x60f/0x960
        tcf_action_init+0x157/0x2a0
        tcf_action_add+0xd9/0x2f0
        tc_ctl_action+0x2a3/0x39d
        rtnetlink_rcv_msg+0x5f3/0x920
        netlink_rcv_skb+0x121/0x350
        netlink_unicast+0x439/0x630
        netlink_sendmsg+0x714/0xbf0
        sock_sendmsg+0xe2/0x110
        ____sys_sendmsg+0x5b4/0x890
        ___sys_sendmsg+0xe9/0x160
        __sys_sendmsg+0xd3/0x170
        do_syscall_64+0x9a/0x370
        entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      the problem is similar: tcf_action_cleanup() was trying to release a list
      without initializing it first. Ensure that INIT_LIST_HEAD() is called for
      every newly created 'act_gate' action, same as what was done to 'act_ife'
      with commit 44c23d71 ("net/sched: act_ife: initalize ife->metalist
      earlier").
      
      Fixes: a51c328d ("net: qos: introduce a gate control flow action")
      CC: Ivan Vecera <ivecera@redhat.com>
      Signed-off-by: NDavide Caratti <dcaratti@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a01c2454
    • D
      Merge branch 'regmap-simple-bit-helpers' · e8509361
      David S. Miller 提交于
      Bartosz Golaszewski says:
      
      ====================
      regmap: provide simple bitops and use them in a driver
      
      I noticed that oftentimes I use regmap_update_bits() for simple bit
      setting or clearing. In this case the fourth argument is superfluous as
      it's always 0 or equal to the mask argument.
      
      This series proposes to add simple bit operations for setting, clearing
      and testing specific bits with regmap.
      
      The second patch uses all three in a driver that got recently picked into
      the net-next tree.
      
      The patches obviously target different trees so - if you're ok with
      the change itself - I propose you pick the first one into your regmap
      tree for v5.8 and then I'll resend the second patch to add the first
      user for these macros for v5.9.
      
      v1 -> v2:
      - convert the new macros to static inline functions
      
      v2 -> v3:
      - drop unneeded ternary operator
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e8509361
    • B
      net: ethernet: mtk-star-emac: use regmap bitops · 240f1ae4
      Bartosz Golaszewski 提交于
      Shrink the code visually by replacing regmap_update_bits() with
      appropriate regmap bit operations where applicable.
      Signed-off-by: NBartosz Golaszewski <bgolaszewski@baylibre.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      240f1ae4
    • B
      regmap: provide helpers for simple bit operations · bfad9781
      Bartosz Golaszewski 提交于
      In many instances regmap_update_bits() is used for simple bit setting
      and clearing. In these cases the last argument is redundant and we can
      hide it with a static inline function.
      
      This adds three new helpers for simple bit operations: set_bits,
      clear_bits and test_bits (the last one defined as a regular function).
      Signed-off-by: NBartosz Golaszewski <bgolaszewski@baylibre.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bfad9781
    • D
      cxgb4: cleanup error code in setup_sge_queues_uld() · bda6752f
      Dan Carpenter 提交于
      The caller doesn't care about the error codes, they only check for zero
      vs non-zero.  Still, it's better to preserve the negative error codes
      from alloc_uld_rxqs() instead of changing it to 1.  We can also return
      directly if there is a failure.
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bda6752f
    • D
      Merge branch 'Fix-infinite-loop-in-bridge-and-vxlan-modules' · d36ceaef
      David S. Miller 提交于
      Ido Schimmel says:
      
      ====================
      Fix infinite loop in bridge and vxlan modules
      
      When suppressing invalid IPv6 Neighbour Solicitation messages, it is
      possible for the bridge and vxlan modules to get stuck in an infinite
      loop. See the individual changelogs for detailed explanation of the
      problem and solution.
      
      The bug was originally reported against the bridge module, but after
      auditing the code base I found that the buggy code was copied from the
      vxlan module. This patch set fixes both modules. Could not find more
      instances of the problem.
      
      Please consider both patches for stable releases.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d36ceaef
    • I
      vxlan: Avoid infinite loop when suppressing NS messages with invalid options · 8066e6b4
      Ido Schimmel 提交于
      When proxy mode is enabled the vxlan device might reply to Neighbor
      Solicitation (NS) messages on behalf of remote hosts.
      
      In case the NS message includes the "Source link-layer address" option
      [1], the vxlan device will use the specified address as the link-layer
      destination address in its reply.
      
      To avoid an infinite loop, break out of the options parsing loop when
      encountering an option with length zero and disregard the NS message.
      
      This is consistent with the IPv6 ndisc code and RFC 4886 which states
      that "Nodes MUST silently discard an ND packet that contains an option
      with length zero" [2].
      
      [1] https://tools.ietf.org/html/rfc4861#section-4.3
      [2] https://tools.ietf.org/html/rfc4861#section-4.6
      
      Fixes: 4b29dba9 ("vxlan: fix nonfunctional neigh_reduce()")
      Signed-off-by: NIdo Schimmel <idosch@mellanox.com>
      Acked-by: NNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8066e6b4
    • I
      bridge: Avoid infinite loop when suppressing NS messages with invalid options · 53fc6852
      Ido Schimmel 提交于
      When neighbor suppression is enabled the bridge device might reply to
      Neighbor Solicitation (NS) messages on behalf of remote hosts.
      
      In case the NS message includes the "Source link-layer address" option
      [1], the bridge device will use the specified address as the link-layer
      destination address in its reply.
      
      To avoid an infinite loop, break out of the options parsing loop when
      encountering an option with length zero and disregard the NS message.
      
      This is consistent with the IPv6 ndisc code and RFC 4886 which states
      that "Nodes MUST silently discard an ND packet that contains an option
      with length zero" [2].
      
      [1] https://tools.ietf.org/html/rfc4861#section-4.3
      [2] https://tools.ietf.org/html/rfc4861#section-4.6
      
      Fixes: ed842fae ("bridge: suppress nd pkts on BR_NEIGH_SUPPRESS ports")
      Signed-off-by: NIdo Schimmel <idosch@mellanox.com>
      Reported-by: NAlla Segal <allas@mellanox.com>
      Tested-by: NAlla Segal <allas@mellanox.com>
      Acked-by: NNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      53fc6852
    • P
      ipv4: nexthop: Fix deadcode issue by performing a proper NULL check · dafe2078
      Patrick Eigensatz 提交于
      After allocating the spare nexthop group it should be tested for kzalloc()
      returning NULL, instead the already used nexthop group (which cannot be
      NULL at this point) had been tested so far.
      
      Additionally, if kzalloc() fails, return ERR_PTR(-ENOMEM) instead of NULL.
      
      Coverity-id: 1463885
      Reported-by: NCoverity <scan-admin@coverity.com>
      Signed-off-by: NPatrick Eigensatz <patrickeigensatz@gmail.com>
      Acked-by: NNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      dafe2078
    • D
      Merge branch 'for-upstream' of... · 07f6ecec
      David S. Miller 提交于
      Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
      
      Johan Hedberg says:
      
      ====================
      pull request: bluetooth-next 2020-06-01
      
      Here's one last bluetooth-next pull request for 5.8, which I hope can
      still be accepted.
      
       - Enabled Wide-Band Speech (WBS) support for Qualcomm wcn3991
       - Multiple fixes/imprvovements to Qualcomm-based devices
       - Fix GAP/SEC/SEM/BI-10-C qualfication test case
       - Added support for Broadcom BCM4350C5 device
       - Several other smaller fixes & improvements
      
      Please let me know if there are any issues pulling. Thanks.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      07f6ecec
  2. 01 6月, 2020 9 次提交
    • Z
      Bluetooth: hci_qca: Fix QCA6390 memdump failure · e5aeebdd
      Zijun Hu 提交于
      QCA6390 memdump VSE sometimes come to bluetooth driver
      with wrong sequence number as illustrated as follows:
      frame # in dec: frame data in hex
      1396: ff fd 01 08 74 05 00 37 8f 14
      1397: ff fd 01 08 75 05 00 ff bf 38
      1414: ff fd 01 08 86 05 00 fb 5e 4b
      1399: ff fd 01 08 77 05 00 f3 44 0a
      1400: ff fd 01 08 78 05 00 ca f7 41
      it is mistook for controller missing packets, so results
      in page fault after overwriting memdump buffer allocated.
      
      Fixed by ignoring QCA6390 sequence number check and
      checking buffer space before writing.
      Signed-off-by: NZijun Hu <zijuhu@codeaurora.org>
      Tested-by: NZijun Hu <zijuhu@codeaurora.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      e5aeebdd
    • Z
      Bluetooth: btmtkuart: Use serdev_device_write_buf() instead of serdev_device_write() · d3a0fe6b
      Zijun Hu 提交于
      serdev_device_write() is not appropriate at here because
      serdev_device_write_wakeup() is not used to release completion hold
      by the former at @write_wakeup member of struct serdev_device_ops.
      
      Fix by using serdev_device_write_buf() instead of serdev_device_write().
      Signed-off-by: NZijun Hu <zijuhu@codeaurora.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      d3a0fe6b
    • Z
      Bluetooth: hci_qca: Improve controller ID info log level · 4942857b
      Zijun Hu 提交于
      Controller ID info got by VSC EDL_PATCH_GETVER is very
      important, so improve its log level from DEBUG to INFO.
      Signed-off-by: NZijun Hu <zijuhu@codeaurora.org>
      Reviewed-by: NMatthias Kaehlcke <mka@chromium.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      4942857b
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 1806c13d
      David S. Miller 提交于
      xdp_umem.c had overlapping changes between the 64-bit math fix
      for the calculation of npgs and the removal of the zerocopy
      memory type which got rid of the chunk_size_nohdr member.
      
      The mlx5 Kconfig conflict is a case where we just take the
      net-next copy of the Kconfig entry dependency as it takes on
      the ESWITCH dependency by one level of indirection which is
      what the 'net' conflicting change is trying to ensure.
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1806c13d
    • D
      Merge tag 'mac80211-next-for-davem-2020-05-31' of... · 1079a34c
      David S. Miller 提交于
      Merge tag 'mac80211-next-for-davem-2020-05-31' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next
      
      Johannes Berg says:
      
      ====================
      Another set of changes, including
       * many 6 GHz changes, though it's not _quite_ complete
         (I left out scanning for now, we're still discussing)
       * allow userspace SA-query processing for operating channel
         validation
       * TX status for control port TX, for AP-side operation
       * more per-STA/TID control options
       * move to kHz for channels, for future S1G operation
       * various other small changes
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1079a34c
    • J
      checkpatch/coding-style: deprecate 80-column warning · bdc48fa1
      Joe Perches 提交于
      Yes, staying withing 80 columns is certainly still _preferred_.  But
      it's not the hard limit that the checkpatch warnings imply, and other
      concerns can most certainly dominate.
      
      Increase the default limit to 100 characters.  Not because 100
      characters is some hard limit either, but that's certainly a "what are
      you doing" kind of value and less likely to be about the occasional
      slightly longer lines.
      
      Miscellanea:
      
       - to avoid unnecessary whitespace changes in files, checkpatch will no
         longer emit a warning about line length when scanning files unless
         --strict is also used
      
       - Add a bit to coding-style about alignment to open parenthesis
      Signed-off-by: NJoe Perches <joe@perches.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      bdc48fa1
    • L
      Merge tag 'x86-urgent-2020-05-31' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 8fc984ae
      Linus Torvalds 提交于
      Pull x86 fixes from Thomas Gleixner:
       "A pile of x86 fixes:
      
         - Prevent a memory leak in ioperm which was caused by the stupid
           assumption that the exit cleanup is always called for current,
           which is not the case when fork fails after taking a reference on
           the ioperm bitmap.
      
         - Fix an arithmething overflow in the DMA code on 32bit systems
      
         - Fill gaps in the xstate copy with defaults instead of leaving them
           uninitialized
      
         - Revert: "Make __X32_SYSCALL_BIT be unsigned long" as it turned out
           that existing user space fails to build"
      
      * tag 'x86-urgent-2020-05-31' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/ioperm: Prevent a memory leak when fork fails
        x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
        copy_xstate_to_kernel(): don't leave parts of destination uninitialized
        x86/syscalls: Revert "x86/syscalls: Make __X32_SYSCALL_BIT be unsigned long"
      8fc984ae
    • L
      Merge tag 'sched-urgent-2020-05-31' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 3d042823
      Linus Torvalds 提交于
      Pull scheduler fix from Thomas Gleixner:
       "A single scheduler fix preventing a crash in NUMA balancing.
      
        The current->mm check is not reliable as the mm might be temporary due
        to use_mm() in a kthread. Check for PF_KTHREAD explictly"
      
      * tag 'sched-urgent-2020-05-31' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/fair: Don't NUMA balance for kthreads
      3d042823
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 19835b1b
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
       "Another week, another set of bug fixes:
      
         1) Fix pskb_pull length in __xfrm_transport_prep(), from Xin Long.
      
         2) Fix double xfrm_state put in esp{4,6}_gro_receive(), also from Xin
            Long.
      
         3) Re-arm discovery timer properly in mac80211 mesh code, from Linus
            Lüssing.
      
         4) Prevent buffer overflows in nf_conntrack_pptp debug code, from
            Pablo Neira Ayuso.
      
         5) Fix race in ktls code between tls_sw_recvmsg() and
            tls_decrypt_done(), from Vinay Kumar Yadav.
      
         6) Fix crashes on TCP fallback in MPTCP code, from Paolo Abeni.
      
         7) More validation is necessary of untrusted GSO packets coming from
            virtualization devices, from Willem de Bruijn.
      
         8) Fix endianness of bnxt_en firmware message length accesses, from
            Edwin Peer.
      
         9) Fix infinite loop in sch_fq_pie, from Davide Caratti.
      
        10) Fix lockdep splat in DSA by setting lockless TX in netdev features
            for slave ports, from Vladimir Oltean.
      
        11) Fix suspend/resume crashes in mlx5, from Mark Bloch.
      
        12) Fix use after free in bpf fmod_ret, from Alexei Starovoitov.
      
        13) ARP retransmit timer guard uses wrong offset, from Hongbin Liu.
      
        14) Fix leak in inetdev_init(), from Yang Yingliang.
      
        15) Don't try to use inet hash and unhash in l2tp code, results in
            crashes. From Eric Dumazet"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (77 commits)
        l2tp: add sk_family checks to l2tp_validate_socket
        l2tp: do not use inet_hash()/inet_unhash()
        net: qrtr: Allocate workqueue before kernel_bind
        mptcp: remove msk from the token container at destruction time.
        mptcp: fix race between MP_JOIN and close
        mptcp: fix unblocking connect()
        net/sched: act_ct: add nat mangle action only for NAT-conntrack
        devinet: fix memleak in inetdev_init()
        virtio_vsock: Fix race condition in virtio_transport_recv_pkt
        drivers/net/ibmvnic: Update VNIC protocol version reporting
        NFC: st21nfca: add missed kfree_skb() in an error path
        neigh: fix ARP retransmit timer guard
        bpf, selftests: Add a verifier test for assigning 32bit reg states to 64bit ones
        bpf, selftests: Verifier bounds tests need to be updated
        bpf: Fix a verifier issue when assigning 32bit reg states to 64bit ones
        bpf: Fix use-after-free in fmod_ret check
        net/mlx5e: replace EINVAL in mlx5e_flower_parse_meta()
        net/mlx5e: Fix MLX5_TC_CT dependencies
        net/mlx5e: Properly set default values when disabling adaptive moderation
        net/mlx5e: Fix arch depending casting issue in FEC
        ...
      19835b1b
  3. 31 5月, 2020 19 次提交