1. 05 12月, 2018 1 次提交
  2. 09 11月, 2018 7 次提交
  3. 04 11月, 2018 3 次提交
  4. 03 11月, 2018 3 次提交
    • D
      rxrpc: Fix lockup due to no error backoff after ack transmit error · c7e86acf
      David Howells 提交于
      If the network becomes (partially) unavailable, say by disabling IPv6, the
      background ACK transmission routine can get itself into a tizzy by
      proposing immediate ACK retransmission.  Since we're in the call event
      processor, that happens immediately without returning to the workqueue
      manager.
      
      The condition should clear after a while when either the network comes back
      or the call times out.
      
      Fix this by:
      
       (1) When re-proposing an ACK on failed Tx, don't schedule it immediately.
           This will allow a certain amount of time to elapse before we try
           again.
      
       (2) Enforce a return to the workqueue manager after a certain number of
           iterations of the call processing loop.
      
       (3) Add a backoff delay that increases the delay on deferred ACKs by a
           jiffy per failed transmission to a limit of HZ.  The backoff delay is
           cleared on a successful return from kernel_sendmsg().
      
       (4) Cancel calls immediately if the opening sendmsg fails.  The layer
           above can arrange retransmission or rotate to another server.
      
      Fixes: 248f219c ("rxrpc: Rewrite the data and ack handling code")
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c7e86acf
    • J
      net/ipv6: Add anycast addresses to a global hashtable · 2384d025
      Jeff Barnhill 提交于
      icmp6_send() function is expensive on systems with a large number of
      interfaces. Every time it’s called, it has to verify that the source
      address does not correspond to an existing anycast address by looping
      through every device and every anycast address on the device.  This can
      result in significant delays for a CPU when there are a large number of
      neighbors and ND timers are frequently timing out and calling
      neigh_invalidate().
      
      Add anycast addresses to a global hashtable to allow quick searching for
      matching anycast addresses.  This is based on inet6_addr_lst in addrconf.c.
      Signed-off-by: NJeff Barnhill <0xeffeff@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2384d025
    • M
      net: document skb parameter in function 'skb_gso_size_check' · 49682bfa
      Mathieu Malaterre 提交于
      Remove kernel-doc warning:
      
        net/core/skbuff.c:4953: warning: Function parameter or member 'skb' not described in 'skb_gso_size_check'
      Signed-off-by: NMathieu Malaterre <malat@debian.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      49682bfa
  5. 02 11月, 2018 1 次提交
    • C
      net: drop skb on failure in ip_check_defrag() · 7de414a9
      Cong Wang 提交于
      Most callers of pskb_trim_rcsum() simply drop the skb when
      it fails, however, ip_check_defrag() still continues to pass
      the skb up to stack. This is suspicious.
      
      In ip_check_defrag(), after we learn the skb is an IP fragment,
      passing the skb to callers makes no sense, because callers expect
      fragments are defrag'ed on success. So, dropping the skb when we
      can't defrag it is reasonable.
      
      Note, prior to commit 88078d98, this is not a big problem as
      checksum will be fixed up anyway. After it, the checksum is not
      correct on failure.
      
      Found this during code review.
      
      Fixes: 88078d98 ("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends")
      Cc: Eric Dumazet <edumazet@google.com>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Reviewed-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7de414a9
  6. 01 11月, 2018 2 次提交
  7. 31 10月, 2018 2 次提交
  8. 30 10月, 2018 14 次提交
  9. 29 10月, 2018 4 次提交
    • L
      net: diag: document swapped src/dst in udp_dump_one. · 747569b0
      Lorenzo Colitti 提交于
      Since its inception, udp_dump_one has had a bug where userspace
      needs to swap src and dst addresses and ports in order to find
      the socket it wants. This is because it passes the socket source
      address to __udp[46]_lib_lookup's saddr argument, but those
      functions are intended to find local sockets matching received
      packets, so saddr is the remote address, not the local address.
      
      This can no longer be fixed for backwards compatibility reasons,
      so add a brief comment explaining that this is the case. This
      will avoid confusion and help ensure SOCK_DIAG implementations
      of new protocols don't have the same problem.
      
      Fixes: a925aa00 ("udp_diag: Implement the get_exact dumping functionality")
      Signed-off-by: NLorenzo Colitti <lorenzo@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      747569b0
    • J
      net: sched: gred: pass the right attribute to gred_change_table_def() · 38b4f18d
      Jakub Kicinski 提交于
      gred_change_table_def() takes a pointer to TCA_GRED_DPS attribute,
      and expects it will be able to interpret its contents as
      struct tc_gred_sopt.  Pass the correct gred attribute, instead of
      TCA_OPTIONS.
      
      This bug meant the table definition could never be changed after
      Qdisc was initialized (unless whatever TCA_OPTIONS contained both
      passed netlink validation and was a valid struct tc_gred_sopt...).
      
      Old behaviour:
      $ ip link add type dummy
      $ tc qdisc replace dev dummy0 parent root handle 7: \
           gred setup vqs 4 default 0
      $ tc qdisc replace dev dummy0 parent root handle 7: \
           gred setup vqs 4 default 0
      RTNETLINK answers: Invalid argument
      
      Now:
      $ ip link add type dummy
      $ tc qdisc replace dev dummy0 parent root handle 7: \
           gred setup vqs 4 default 0
      $ tc qdisc replace dev dummy0 parent root handle 7: \
           gred setup vqs 4 default 0
      $ tc qdisc replace dev dummy0 parent root handle 7: \
           gred setup vqs 4 default 0
      
      Fixes: f62d6b93 ("[PKT_SCHED]: GRED: Use central VQ change procedure")
      Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      38b4f18d
    • N
      net: bridge: remove ipv6 zero address check in mcast queries · 0fe5119e
      Nikolay Aleksandrov 提交于
      Recently a check was added which prevents marking of routers with zero
      source address, but for IPv6 that cannot happen as the relevant RFCs
      actually forbid such packets:
      RFC 2710 (MLDv1):
      "To be valid, the Query message MUST
       come from a link-local IPv6 Source Address, be at least 24 octets
       long, and have a correct MLD checksum."
      
      Same goes for RFC 3810.
      
      And also it can be seen as a requirement in ipv6_mc_check_mld_query()
      which is used by the bridge to validate the message before processing
      it. Thus any queries with :: source address won't be processed anyway.
      So just remove the check for zero IPv6 source address from the query
      processing function.
      
      Fixes: 5a2de63f ("bridge: do not add port to router list when receives query with source 0.0.0.0")
      Signed-off-by: NNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0fe5119e
    • D
      net: Properly unlink GRO packets on overflow. · ece23711
      David S. Miller 提交于
      Just like with normal GRO processing, we have to initialize
      skb->next to NULL when we unlink overflow packets from the
      GRO hash lists.
      
      Fixes: d4546c25 ("net: Convert GRO SKB handling to list_head.")
      Reported-by: NOleksandr Natalenko <oleksandr@natalenko.name>
      Tested-by: NOleksandr Natalenko <oleksandr@natalenko.name>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ece23711
  10. 27 10月, 2018 3 次提交
    • E
      net/neigh: fix NULL deref in pneigh_dump_table() · aab456df
      Eric Dumazet 提交于
      pneigh can have NULL device pointer, so we need to make
      neigh_master_filtered() and neigh_ifindex_filtered() more robust.
      
      syzbot report :
      
      kasan: CONFIG_KASAN_INLINE enabled
      kasan: GPF could be caused by NULL-ptr deref or user memory access
      general protection fault: 0000 [#1] PREEMPT SMP KASAN
      CPU: 0 PID: 15867 Comm: syz-executor2 Not tainted 4.19.0+ #276
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:__read_once_size include/linux/compiler.h:179 [inline]
      RIP: 0010:list_empty include/linux/list.h:203 [inline]
      RIP: 0010:netdev_master_upper_dev_get+0xa1/0x250 net/core/dev.c:6467
      RSP: 0018:ffff8801bfaf7220 EFLAGS: 00010202
      RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffc90005e92000
      RDX: 0000000000000016 RSI: ffffffff860b44d9 RDI: 0000000000000005
      RBP: ffff8801bfaf72b0 R08: ffff8801c4c84080 R09: fffffbfff139a580
      R10: fffffbfff139a580 R11: ffffffff89cd2c07 R12: 1ffff10037f5ee45
      R13: 0000000000000000 R14: ffff8801bfaf7288 R15: 00000000000000b0
      FS:  00007f65cc68d700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000001b33a21000 CR3: 00000001c6116000 CR4: 00000000001406f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       neigh_master_filtered net/core/neighbour.c:2367 [inline]
       pneigh_dump_table net/core/neighbour.c:2456 [inline]
       neigh_dump_info+0x7a9/0x1ce0 net/core/neighbour.c:2577
       netlink_dump+0x606/0x1080 net/netlink/af_netlink.c:2244
       __netlink_dump_start+0x59a/0x7c0 net/netlink/af_netlink.c:2352
       netlink_dump_start include/linux/netlink.h:216 [inline]
       rtnetlink_rcv_msg+0x809/0xc20 net/core/rtnetlink.c:4898
       netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2477
       rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4953
       netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline]
       netlink_unicast+0x5a5/0x760 net/netlink/af_netlink.c:1336
       netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1917
       sock_sendmsg_nosec net/socket.c:621 [inline]
       sock_sendmsg+0xd5/0x120 net/socket.c:631
       sock_write_iter+0x35e/0x5c0 net/socket.c:900
       call_write_iter include/linux/fs.h:1808 [inline]
       new_sync_write fs/read_write.c:474 [inline]
       __vfs_write+0x6b8/0x9f0 fs/read_write.c:487
       vfs_write+0x1fc/0x560 fs/read_write.c:549
       ksys_write+0x101/0x260 fs/read_write.c:598
       __do_sys_write fs/read_write.c:610 [inline]
       __se_sys_write fs/read_write.c:607 [inline]
       __x64_sys_write+0x73/0xb0 fs/read_write.c:607
       do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x457569
      
      Fixes: 6f52f80e ("net/neigh: Extend dump filter to proxy neighbor dumps")
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Cc: David Ahern <dsahern@gmail.com>
      Reported-by: Nsyzbot <syzkaller@googlegroups.com>
      Reviewed-by: NDavid Ahern <dsahern@gmail.com>
      Tested-by: NDavid Ahern <dsahern@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      aab456df
    • D
      bpf: fix wrong helper enablement in cgroup local storage · d8fd9e10
      Daniel Borkmann 提交于
      Commit cd339431 ("bpf: introduce the bpf_get_local_storage()
      helper function") enabled the bpf_get_local_storage() helper also
      for BPF program types where it does not make sense to use them.
      
      They have been added both in sk_skb_func_proto() and sk_msg_func_proto()
      even though both program types are not invoked in combination with
      cgroups, and neither through BPF_PROG_RUN_ARRAY(). In the latter the
      bpf_cgroup_storage_set() is set shortly before BPF program invocation.
      
      Later, the helper bpf_get_local_storage() retrieves this prior set
      up per-cpu pointer and hands the buffer to the BPF program. The map
      argument in there solely retrieves the enum bpf_cgroup_storage_type
      from a local storage map associated with the program and based on the
      type returns either the global or per-cpu storage. However, there
      is no specific association between the program's map and the actual
      content in bpf_cgroup_storage[].
      
      Meaning, any BPF program that would have been properly run from the
      cgroup side through BPF_PROG_RUN_ARRAY() where bpf_cgroup_storage_set()
      was performed, and that is later unloaded such that prog / maps are
      teared down will cause a use after free if that pointer is retrieved
      from programs that are not run through BPF_PROG_RUN_ARRAY() but have
      the cgroup local storage helper enabled in their func proto.
      
      Lets just remove it from the two sock_map program types to fix it.
      Auditing through the types where this helper is enabled, it appears
      that these are the only ones where it was mistakenly allowed.
      
      Fixes: cd339431 ("bpf: introduce the bpf_get_local_storage() helper function")
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Cc: Roman Gushchin <guro@fb.com>
      Acked-by: NJohn Fastabend <john.fastabend@gmail.com>
      Acked-by: NRoman Gushchin <guro@fb.com>
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      d8fd9e10
    • M
      net: allow traceroute with a specified interface in a vrf · f64bf6b8
      Mike Manning 提交于
      Traceroute executed in a vrf succeeds if no device is given or if the
      vrf is given as the device, but fails if the interface is given as the
      device. This is for default UDP probes, it succeeds for TCP SYN or ICMP
      ECHO probes. As the skb bound dev is the interface and the sk dev is
      the vrf, sk lookup fails for ICMP_DEST_UNREACH and ICMP_TIME_EXCEEDED
      messages. The solution is for the secondary dev to be passed so that
      the interface is available for the device match to succeed, in the same
      way as is already done for non-error cases.
      Signed-off-by: NMike Manning <mmanning@vyatta.att-mail.com>
      Reviewed-by: NDavid Ahern <dsahern@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f64bf6b8
新手
引导
客服 返回
顶部