1. 30 5月, 2016 1 次提交
  2. 25 5月, 2016 2 次提交
    • E
      netfilter: nf_queue: Make the queue_handler pernet · dc3ee32e
      Eric W. Biederman 提交于
      Florian Weber reported:
      > Under full load (unshare() in loop -> OOM conditions) we can
      > get kernel panic:
      >
      > BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
      > IP: [<ffffffff81476c85>] nfqnl_nf_hook_drop+0x35/0x70
      > [..]
      > task: ffff88012dfa3840 ti: ffff88012dffc000 task.ti: ffff88012dffc000
      > RIP: 0010:[<ffffffff81476c85>]  [<ffffffff81476c85>] nfqnl_nf_hook_drop+0x35/0x70
      > RSP: 0000:ffff88012dfffd80  EFLAGS: 00010206
      > RAX: 0000000000000008 RBX: ffffffff81add0c0 RCX: ffff88013fd80000
      > [..]
      > Call Trace:
      >  [<ffffffff81474d98>] nf_queue_nf_hook_drop+0x18/0x20
      >  [<ffffffff814738eb>] nf_unregister_net_hook+0xdb/0x150
      >  [<ffffffff8147398f>] netfilter_net_exit+0x2f/0x60
      >  [<ffffffff8141b088>] ops_exit_list.isra.4+0x38/0x60
      >  [<ffffffff8141b652>] setup_net+0xc2/0x120
      >  [<ffffffff8141bd09>] copy_net_ns+0x79/0x120
      >  [<ffffffff8106965b>] create_new_namespaces+0x11b/0x1e0
      >  [<ffffffff810698a7>] unshare_nsproxy_namespaces+0x57/0xa0
      >  [<ffffffff8104baa2>] SyS_unshare+0x1b2/0x340
      >  [<ffffffff81608276>] entry_SYSCALL_64_fastpath+0x1e/0xa8
      > Code: 65 00 48 89 e5 41 56 41 55 41 54 53 83 e8 01 48 8b 97 70 12 00 00 48 98 49 89 f4 4c 8b 74 c2 18 4d 8d 6e 08 49 81 c6 88 00 00 00 <49> 8b 5d 00 48 85 db 74 1a 48 89 df 4c 89 e2 48 c7 c6 90 68 47
      >
      
      The simple fix for this requires a new pernet variable for struct
      nf_queue that indicates when it is safe to use the dynamically
      allocated nf_queue state.
      
      As we need a variable anyway make nf_register_queue_handler and
      nf_unregister_queue_handler pernet.  This allows the existing logic of
      when it is safe to use the state from the nfnetlink_queue module to be
      reused with no changes except for making it per net.
      
      The syncrhonize_rcu from nf_unregister_queue_handler is moved to a new
      function nfnl_queue_net_exit_batch so that the worst case of having a
      syncrhonize_rcu in the pernet exit path is not experienced in batch
      mode.
      Reported-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      Acked-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      dc3ee32e
    • F
      netfilter: conntrack: remove leftover binary sysctl define · 720b287d
      Florian Westphal 提交于
      Users got removed in f8572d8f ("sysctl net: Remove unused binary
      sysctl code").
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      720b287d
  3. 12 5月, 2016 12 次提交
    • F
      netfilter: nfnetlink_queue: fix timestamp attribute · a7f18845
      Florian Westphal 提交于
      Since 4.4 we erronously use timestamp of the netlink skb (which is zero).
      
      Bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=1066
      Fixes: b28b1e82 ("netfilter: nfnetlink_queue: use y2038 safe timestamp")
      Signed-off-by: NFlorian Westphal <fw@strlen.de>
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      a7f18845
    • D
      Merge branch 'bnxt_en-fixes' · 1b7cc307
      David S. Miller 提交于
      Michael Chan says:
      
      ====================
      bnxt_en: Add workaround to detect bad opaque in rx completion.
      
      2-part workaround for this hardware bug.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1b7cc307
    • M
      bnxt_en: Add workaround to detect bad opaque in rx completion (part 2) · fa7e2812
      Michael Chan 提交于
      Add detection and recovery code when the hardware returned opaque value
      does not match the expected consumer index.  Once the issue is detected,
      we skip the processing of all RX and LRO/GRO packets.  These completion
      entries are discarded without sending the SKB to the stack and without
      producing new buffers.  The function will be reset from a workqueue.
      Signed-off-by: NMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fa7e2812
    • M
      bnxt_en: Add workaround to detect bad opaque in rx completion (part 1) · 376a5b86
      Michael Chan 提交于
      There is a rare hardware bug that can cause a bad opaque value in the RX
      or TPA completion.  When this happens, the hardware may have used the
      same buffer twice for 2 rx packets.  In addition, the driver will also
      crash later using the bad opaque as the index into the ring.
      
      The rx opaque value is predictable and is always monotonically increasing.
      The workaround is to keep track of the expected next opaque value and
      compare it with the one returned by hardware during RX and TPA start
      completions.  If they miscompare, we will not process any more RX and
      TPA completions and exit NAPI.  We will then schedule a workqueue to
      reset the function.
      
      This patch adds the logic to keep track of the next rx consumer index.
      Signed-off-by: NMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      376a5b86
    • D
      qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template() · 5f46feab
      Dan Carpenter 提交于
      If qlcnic_fw_cmd_get_minidump_temp() fails then "fw_dump->tmpl_hdr" is
      NULL or possibly freed.  It can lead to an oops later.
      
      Fixes: d01a6d3c ('qlcnic: Add support to enable capability to extend minidump for iSCSI')
      Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5f46feab
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 685764b1
      Linus Torvalds 提交于
      Pull SCSI fixes from James Bottomley:
       "This is a couple of small fixes: one is a potential uninitialised
        error variable in the alua code, potentially causing spurious failures
        and the other is a problem caused by the conversion of SCSI to
        hostwide tags which resulted in the qla1280 driver always failing in
        host initialisation"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        qla1280: Don't allocate 512kb of host tags
        scsi_dh_alua: uninitialized variable in alua_rtpg()
      685764b1
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 4d8bbbff
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
       "Hopefully the last round of fixes this release, fingers crossed :)
      
         1) Initialize static nf_conntrack_locks_all_lock properly, from
            Florian Westphal.
      
         2) Need to cancel pending work when destroying IDLETIMER entries,
            from Liping Zhang.
      
         3) Fix TX param usage when sending TSO over iwlwifi devices, from
            Emmanuel Grumbach.
      
         4) NFACCT quota params not validated properly, from Phil Turnbull.
      
         5) Resolve more glibc vs.  kernel header conflicts, from Mikko
            Tapeli.
      
         6) Missing IRQ free in ravb_close(), from Geert Uytterhoeven.
      
         7) Fix infoleak in x25, from Kangjie Lu.
      
         8) Similarly in thunderx driver, from Heinrich Schuchardt.
      
         9) tc_ife.h uapi header not exported properly, from Jamal Hadi Salim.
      
        10) Don't reenable PHY interreupts if device is in polling mode, from
            Shaohui Xie.
      
        11) Packet scheduler actions late binding was not being handled
            properly at all, from Jamal Hadi Salim.
      
        12) Fix binding of conntrack entries to helpers in openvswitch, from
            Joe Stringer"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (21 commits)
        gre: do not keep the GRE header around in collect medata mode
        openvswitch: Fix cached ct with helper.
        net sched: ife action fix late binding
        net sched: skbedit action fix late binding
        net sched: simple action fix late binding
        net sched: mirred action fix late binding
        net sched: ipt action fix late binding
        net sched: vlan action fix late binding
        net: phylib: fix interrupts re-enablement in phy_start
        tcp: refresh skb timestamp at retransmit time
        net: nps_enet: bug fix - handle lost tx interrupts
        net: nps_enet: Tx handler synchronization
        export tc ife uapi header
        net: thunderx: avoid exposing kernel stack
        net: fix a kernel infoleak in x25 module
        ravb: Add missing free_irq() call to ravb_close()
        uapi glibc compat: fix compile errors when glibc net/if.h included before linux/if.h
        netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter
        iwlwifi: mvm: don't override the rate with the AMSDU len
        netfilter: IDLETIMER: fix race condition when destroy the target
        ...
      4d8bbbff
    • J
      gre: do not keep the GRE header around in collect medata mode · e271c7b4
      Jiri Benc 提交于
      For ipgre interface in collect metadata mode, it doesn't make sense for the
      interface to be of ARPHRD_IPGRE type. The outer header of received packets
      is not needed, as all the information from it is present in metadata_dst. We
      already don't set ipgre_header_ops for collect metadata interfaces, which is
      the only consumer of mac_header pointing to the outer IP header.
      
      Just set the interface type to ARPHRD_NONE in collect metadata mode for
      ipgre (not gretap, that still correctly stays ARPHRD_ETHER) and reset
      mac_header.
      
      Fixes: a64b04d8 ("gre: do not assign header_ops in collect metadata mode")
      Fixes: 2e15ea39 ("ip_gre: Add support to collect tunnel metadata.")
      Signed-off-by: NJiri Benc <jbenc@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e271c7b4
    • J
      openvswitch: Fix cached ct with helper. · 16ec3d4f
      Joe Stringer 提交于
      When using conntrack helpers from OVS, a common configuration is to
      perform a lookup without specifying a helper, then go through a
      firewalling policy, only to decide to attach a helper afterwards.
      
      In this case, the initial lookup will cause a ct entry to be attached to
      the skb, then the later commit with helper should attach the helper and
      confirm the connection. However, the helper attachment has been missing.
      If the user has enabled automatic helper attachment, then this issue
      will be masked as it will be applied in init_conntrack(). It is also
      masked if the action is executed from ovs_packet_cmd_execute() as that
      will construct a fresh skb.
      
      This patch fixes the issue by making an explicit call to try to assign
      the helper if there is a discrepancy between the action's helper and the
      current skb->nfct.
      
      Fixes: cae3a262 ("openvswitch: Allow attaching helpers to ct action")
      Signed-off-by: NJoe Stringer <joe@ovn.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      16ec3d4f
    • M
      x86/extable: ensure entries are swapped completely when sorting · 50c73890
      Mathias Krause 提交于
      The x86 exception table sorting was changed in commit 29934b0f
      ("x86/extable: use generic search and sort routines") to use the arch
      independent code in lib/extable.c.  However, the patch was mangled
      somehow on its way into the kernel from the last version posted at [1].
      The committed version kind of attempted to incorporate the changes of
      commit 548acf19 ("x86/mm: Expand the exception table logic to allow
      new handling options") as in _completely_ _ignoring_ the x86 specific
      'handler' member of struct exception_table_entry.  This effectively
      broke the sorting as entries will only partly be swapped now.
      
      Fortunately, the x86 Kconfig selects BUILDTIME_EXTABLE_SORT, so the
      exception table doesn't need to be sorted at runtime. However, in case
      that ever changes, we better not break the exception table sorting just
      because of that.
      
      [ Ard Biesheuvel points out that BUILDTIME_EXTABLE_SORT applies to the
        core image only, but we still rely on the sorting routines for modules
        in that case - Linus ]
      
      Fix this by providing a swap_ex_entry_fixup() macro that takes care of
      the 'handler' member.
      
      [1] https://lkml.org/lkml/2016/1/27/232Signed-off-by: NMathias Krause <minipli@googlemail.com>
      Fixes: 29934b0f ("x86/extable: use generic search and sort routines")
      Reviewed-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: H. Peter Anvin <hpa@linux.intel.com>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tony Luck <tony.luck@intel.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      50c73890
    • L
      Merge tag 'spi-fix-v4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · e0d09e32
      Linus Torvalds 提交于
      Pull spi fixes from Mark Brown:
       "A bunch of small driver specific fixes that have come up, none of them
        remarkable in themselves.  One fixes a regression introduced in the
        merge window and another two are targetted at stable"
      
      * tag 'spi-fix-v4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: pxa2xx: Do not detect number of enabled chip selects on Intel SPT
        spi: spi-ti-qspi: Handle truncated frames properly
        spi: spi-ti-qspi: Fix FLEN and WLEN settings if bits_per_word is overridden
        spi: omap2-mcspi: Undo broken fix for dma transfer of vmalloced buffer
        spi: spi-fsl-dspi: Fix cs_change handling in message transfer
      e0d09e32
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · d32917ee
      Linus Torvalds 提交于
      Pull KVM fixes from Paolo Bonzini:
       "Two small x86 patches, improving "make kvmconfig" and fixing an
        objtool warning for CONFIG_PROFILE_ALL_BRANCHES"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvmconfig: add more virtio drivers
        x86/kvm: Add stack frame dependency to fastop() inline asm
      d32917ee
  4. 11 5月, 2016 17 次提交
  5. 10 5月, 2016 8 次提交