1. 24 11月, 2017 14 次提交
    • H
      geneve: only configure or fill UDP_ZERO_CSUM6_RX/TX info when CONFIG_IPV6 · f9094b76
      Hangbin Liu 提交于
      Stefano pointed that configure or show UDP_ZERO_CSUM6_RX/TX info doesn't
      make sense if we haven't enabled CONFIG_IPV6. Fix it by adding
      if IS_ENABLED(CONFIG_IPV6) check.
      
      Fixes: abe492b4 ("geneve: UDP checksum configuration via netlink")
      Fixes: fd7eafd0 ("geneve: fix fill_info when link down")
      Signed-off-by: NHangbin Liu <liuhangbin@gmail.com>
      Reviewed-by: NStefano Brivio <sbrivio@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f9094b76
    • D
      Merge tag 'wireless-drivers-for-davem-2017-11-22' of... · d6efab62
      David S. Miller 提交于
      Merge tag 'wireless-drivers-for-davem-2017-11-22' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
      
      Kalle Valo says:
      
      ====================
      wireless-drivers fixes for 4.15
      
      First set of fixes for 4.15. Most important here is the iwlwifi fix
      for scan command firmware interface change.
      
      ath10k
      
      * fix CCMP-256, GCMP and GCMP-256 in raw mode, it was never working
      
      wcn36xx
      
      * fix device tree node search
      
      iwlwifi
      
      * fix a regression with firmware API change of scan cmd (introduced in
        firmware version 34)
      
      * add a bunch of PCI IDs and fix configuration structs for A000 devices
      
      * fix the exported firmware name strings for 9000 and A000 devices
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d6efab62
    • D
      Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue · 003cd770
      David S. Miller 提交于
      Jeff Kirsher says:
      
      ====================
      Intel Wired LAN Driver Fixes 2017-11-21
      
      This series contains fixes for igb/vf, ixgbe/vf, i40e/vf and fm10k.
      
      Jake fixes a regression issue with older firmware, where we were using
      the NVM lock to synchronize NVM reads for all devices and firmware
      versions, yet this caused issues with older firmware prior to version
      1.5.  Fixed this by only grabbing the lock for newer devices and firmware
      version 1.5 or newer.
      
      Zijie Pan fixes the calculation of the i40e VF MAC addresses, where it was
      possible to increment to the next MAC entry without calling
      i40e_add_mac_filter().
      
      Amritha removes the upper limit of 64 queues on a channel VSI since the
      upper bound is determined by the VSI's num_queue_pairs.
      
      Filip fixes an issue during FLR resets, where should have been checking
      for upcoming core reset and if so, just return with I40E_ERR_NOT_READY.
      
      Alan fixes the notifying clients of l2 parameters by copying the
      parameters to the client instance struct and re-organizes the priority
      in which the client tasks fire so that if the flag for notifying l2
      params is set, it will trigger before the client open task.  Also fixed
      the promiscuous settings after reset for all the VSI's.
      
      Brian King from IBM fixes an issue seen on Power systems which would
      result in skb list corruption and eventual kernel oops.  Brian
      provides the same fix for nearly all our drivers, to replace the
      read_barrier_depends with smp_rmb() to ensure loads are ordered with
      respect to the load of tx_buffer->next_to_watch.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      003cd770
    • F
      net: dsa: bcm_sf2: Clear IDDQ_GLOBAL_PWR bit for PHY · 4b52d010
      Florian Fainelli 提交于
      The PHY on BCM7278 has an additional bit that needs to be cleared:
      IDDQ_GLOBAL_PWR, without doing this, the PHY remains stuck in reset out
      of suspend/resume cycles.
      
      Fixes: 0fe99338 ("net: dsa: bcm_sf2: Add support for BCM7278 integrated switch")
      Signed-off-by: NFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4b52d010
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · e4be7bab
      David S. Miller 提交于
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2017-11-23
      
      The following pull-request contains BPF updates for your *net* tree.
      
      The main changes are:
      
      1) Several BPF offloading fixes, from Jakub. Among others:
      
          - Limit offload to cls_bpf and XDP program types only.
          - Move device validation into the driver and don't make
            any assumptions about the device in the classifier due
            to shared blocks semantics.
          - Don't pass offloaded XDP program into the driver when
            it should be run in native XDP instead. Offloaded ones
            are not JITed for the host in such cases.
          - Don't destroy device offload state when moved to
            another namespace.
          - Revert dumping offload info into user space for now,
            since ifindex alone is not sufficient. This will be
            redone properly for bpf-next tree.
      
      2) Fix test_verifier to avoid using bpf_probe_write_user()
         helper in test cases, since it's dumping a warning into
         kernel log which may confuse users when only running tests.
         Switch to use bpf_trace_printk() instead, from Yonghong.
      
      3) Several fixes for correcting ARG_CONST_SIZE_OR_ZERO semantics
         before it becomes uabi, from Gianluca. More specifically:
      
          - Add a type ARG_PTR_TO_MEM_OR_NULL that is used only
            by bpf_csum_diff(), where the argument is either a
            valid pointer or NULL. The subsequent ARG_CONST_SIZE_OR_ZERO
            then enforces a valid pointer in case of non-0 size
            or a valid pointer or NULL in case of size 0. Given
            that, the semantics for ARG_PTR_TO_MEM in combination
            with ARG_CONST_SIZE_OR_ZERO are now such that in case
            of size 0, the pointer must always be valid and cannot
            be NULL. This fix in semantics allows for bpf_probe_read()
            to drop the recently added size == 0 check in the helper
            that would become part of uabi otherwise once released.
            At the same time we can then fix bpf_probe_read_str() and
            bpf_perf_event_output() to use ARG_CONST_SIZE_OR_ZERO
            instead of ARG_CONST_SIZE in order to fix recently
            reported issues by Arnaldo et al, where LLVM optimizes
            two boundary checks into a single one for unknown
            variables where the verifier looses track of the variable
            bounds and thus rejects valid programs otherwise.
      
      4) A fix for the verifier for the case when it detects
         comparison of two constants where the branch is guaranteed
         to not be taken at runtime. Verifier will rightfully prune
         the exploration of such paths, but we still pass the program
         to JITs, where they would complain about using reserved
         fields, etc. Track such dead instructions and sanitize
         them with mov r0,r0. Rejection is not possible since LLVM
         may generate them for valid C code and doesn't do as much
         data flow analysis as verifier. For bpf-next we might
         implement removal of such dead code and adjust branches
         instead. Fix from Alexei.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e4be7bab
    • W
      net: accept UFO datagrams from tuntap and packet · 0c19f846
      Willem de Bruijn 提交于
      Tuntap and similar devices can inject GSO packets. Accept type
      VIRTIO_NET_HDR_GSO_UDP, even though not generating UFO natively.
      
      Processes are expected to use feature negotiation such as TUNSETOFFLOAD
      to detect supported offload types and refrain from injecting other
      packets. This process breaks down with live migration: guest kernels
      do not renegotiate flags, so destination hosts need to expose all
      features that the source host does.
      
      Partially revert the UFO removal from 182e0b6b~1..d9d30adf.
      This patch introduces nearly(*) no new code to simplify verification.
      It brings back verbatim tuntap UFO negotiation, VIRTIO_NET_HDR_GSO_UDP
      insertion and software UFO segmentation.
      
      It does not reinstate protocol stack support, hardware offload
      (NETIF_F_UFO), SKB_GSO_UDP tunneling in SKB_GSO_SOFTWARE or reception
      of VIRTIO_NET_HDR_GSO_UDP packets in tuntap.
      
      To support SKB_GSO_UDP reappearing in the stack, also reinstate
      logic in act_csum and openvswitch. Achieve equivalence with v4.13 HEAD
      by squashing in commit 93991221 ("net: skb_needs_check() removes
      CHECKSUM_UNNECESSARY check for tx.") and reverting commit 8d63bee6
      ("net: avoid skb_warn_bad_offload false positives on UFO").
      
      (*) To avoid having to bring back skb_shinfo(skb)->ip6_frag_id,
      ipv6_proxy_select_ident is changed to return a __be32 and this is
      assigned directly to the frag_hdr. Also, SKB_GSO_UDP is inserted
      at the end of the enum to minimize code churn.
      
      Tested
        Booted a v4.13 guest kernel with QEMU. On a host kernel before this
        patch `ethtool -k eth0` shows UFO disabled. After the patch, it is
        enabled, same as on a v4.13 host kernel.
      
        A UFO packet sent from the guest appears on the tap device:
          host:
            nc -l -p -u 8000 &
            tcpdump -n -i tap0
      
          guest:
            dd if=/dev/zero of=payload.txt bs=1 count=2000
            nc -u 192.16.1.1 8000 < payload.txt
      
        Direct tap to tap transmission of VIRTIO_NET_HDR_GSO_UDP succeeds,
        packets arriving fragmented:
      
          ./with_tap_pair.sh ./tap_send_ufo tap0 tap1
          (from https://github.com/wdebruij/kerneltools/tree/master/tests)
      
      Changes
        v1 -> v2
          - simplified set_offload change (review comment)
          - documented test procedure
      
      Link: http://lkml.kernel.org/r/<CAF=yD-LuUeDuL9YWPJD9ykOZ0QCjNeznPDr6whqZ9NGMNF12Mw@mail.gmail.com>
      Fixes: fb652fdf ("macvlan/macvtap: Remove NETIF_F_UFO advertisement.")
      Reported-by: NMichal Kubecek <mkubecek@suse.cz>
      Signed-off-by: NWillem de Bruijn <willemb@google.com>
      Acked-by: NJason Wang <jasowang@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0c19f846
    • T
      net: realtek: r8169: implement set_link_ksettings() · 9e77d7a5
      Tobias Jakobi 提交于
      Commit 6fa1ba61 partially
      implemented the new ethtool API, by replacing get_settings()
      with get_link_ksettings(). This breaks ethtool, since the
      userspace tool (according to the new API specs) never tries
      the legacy set() call, when the new get() call succeeds.
      
      All attempts to chance some setting from userspace result in:
      > Cannot set new settings: Operation not supported
      
      Implement the missing set() call.
      Signed-off-by: NTobias Jakobi <tjakobi@math.uni-bielefeld.de>
      Tested-by: NHolger Hoffstätte <holger@applied-asynchrony.com>
      Reviewed-by: NAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9e77d7a5
    • D
      net: ipv6: Fixup device for anycast routes during copy · 98d11291
      David Ahern 提交于
      Florian reported a breakage with anycast routes due to commit
      4832c30d ("net: ipv6: put host and anycast routes on device with
      address"). Prior to this commit anycast routes were added against the
      loopback device causing repetitive route entries with no insight into
      why they existed. e.g.:
        $ ip -6 ro ls  table local type anycast
        anycast 2001:db8:1:: dev lo proto kernel metric 0 pref medium
        anycast 2001:db8:2:: dev lo proto kernel metric 0 pref medium
        anycast fe80:: dev lo proto kernel metric 0 pref medium
        anycast fe80:: dev lo proto kernel metric 0 pref medium
      
      The point of commit 4832c30d is to add the routes using the device
      with the address which is causing the route to be added. e.g.,:
        $ ip -6 ro ls  table local type anycast
        anycast 2001:db8:1:: dev eth1 proto kernel metric 0 pref medium
        anycast 2001:db8:2:: dev eth2 proto kernel metric 0 pref medium
        anycast fe80:: dev eth2 proto kernel metric 0 pref medium
        anycast fe80:: dev eth1 proto kernel metric 0 pref medium
      
      For traffic to work as it did before, the dst device needs to be switched
      to the loopback when the copy is created similar to local routes.
      
      Fixes: 4832c30d ("net: ipv6: put host and anycast routes on device with address")
      Signed-off-by: NDavid Ahern <dsahern@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      98d11291
    • D
      Merge branch 'smc-fixes-for-smc-buffer-handling' · 9477fef4
      David S. Miller 提交于
      Ursula Braun says:
      
      ====================
      net/smc: fixes for smc buffer handling
      
      here are 2 cleanup patches for smc buffer handling.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9477fef4
    • G
      net/smc: Fix preinitialization of buf_desc in __smc_buf_create() · 68870370
      Geert Uytterhoeven 提交于
      With gcc-4.1.2:
      
          net/smc/smc_core.c: In function ‘__smc_buf_create’:
          net/smc/smc_core.c:567: warning: ‘bufsize’ may be used uninitialized in this function
      
      Indeed, if the for-loop is never executed, bufsize is used
      uninitialized.  In addition, buf_desc is stored for later use, while it
      is still a NULL pointer.
      
      Before, error handling was done by checking if buf_desc is non-NULL.
      The cleanup changed this to an error check, but forgot to update the
      preinitialization of buf_desc to an error pointer.
      
      Update the preinitializatin of buf_desc to fix this.
      
      Fixes: b33982c3 ("net/smc: cleanup function __smc_buf_create()")
      Signed-off-by: NGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: NUrsula Braun <ubraun@linux.vnet.ibm.com>
      Acked-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      68870370
    • U
      net/smc: use sk_rcvbuf as start for rmb creation · 4e1061f4
      Ursula Braun 提交于
      Commit 3e034725 ("net/smc: common functions for RMBs and send buffers")
      merged handling of SMC receive and send buffers. It introduced sk_buf_size
      as merged start value for size determination. But since sk_buf_size is not
      used at all, sk_sndbuf is erroneously used as start for rmb creation.
      This patch makes sure, sk_buf_size is really used as intended, and
      sk_rcvbuf is used as start value for rmb creation.
      
      Fixes: 3e034725 ("net/smc: common functions for RMBs and send buffers")
      Signed-off-by: NUrsula Braun <ubraun@linux.vnet.ibm.com>
      Reviewed-by: NHans Wippel <hwippel@linux.vnet.ibm.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4e1061f4
    • I
      ipv6: Do not consider linkdown nexthops during multipath · bbfcd776
      Ido Schimmel 提交于
      When the 'ignore_routes_with_linkdown' sysctl is set, we should not
      consider linkdown nexthops during route lookup.
      
      While the code correctly verifies that the initially selected route
      ('match') has a carrier, it does not perform the same check in the
      subsequent multipath selection, resulting in a potential packet loss.
      
      In case the chosen route does not have a carrier and the sysctl is set,
      choose the initially selected route.
      
      Fixes: 35103d11 ("net: ipv6 sysctl option to ignore routes when nexthop link is down")
      Signed-off-by: NIdo Schimmel <idosch@mellanox.com>
      Acked-by: NDavid Ahern <dsahern@gmail.com>
      Acked-by: NAndy Gospodarek <andy@greyhouse.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bbfcd776
    • R
      net: sched: fix crash when deleting secondary chains · d7aa04a5
      Roman Kapl 提交于
      If you flush (delete) a filter chain other than chain 0 (such as when
      deleting the device), the kernel may run into a use-after-free. The
      chain refcount must not be decremented unless we are sure we are done
      with the chain.
      
      To reproduce the bug, run:
          ip link add dtest type dummy
          tc qdisc add dev dtest ingress
          tc filter add dev dtest chain 1  parent ffff: flower
          ip link del dtest
      
      Introduced in: commit f93e1cdc ("net/sched: fix filter flushing"),
      but unless you have KAsan or luck, you won't notice it until
      commit 0dadc117 ("cls_flower: use tcf_exts_get_net() before call_rcu()")
      
      Fixes: f93e1cdc ("net/sched: fix filter flushing")
      Acked-by: NJiri Pirko <jiri@mellanox.com>
      Signed-off-by: NRoman Kapl <code@rkapl.cz>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d7aa04a5
    • J
      net: phy: cortina: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE · 0cc03504
      Jesse Chan 提交于
      This change resolves a new compile-time warning
      when built as a loadable module:
      
      WARNING: modpost: missing MODULE_LICENSE() in drivers/net/phy/cortina.o
      see include/linux/module.h for more information
      
      This adds the license as "GPL", which matches the header of the file.
      
      MODULE_DESCRIPTION and MODULE_AUTHOR are also added.
      Signed-off-by: NJesse Chan <jc@linux.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0cc03504
  2. 23 11月, 2017 6 次提交
    • A
      bpf: fix branch pruning logic · c131187d
      Alexei Starovoitov 提交于
      when the verifier detects that register contains a runtime constant
      and it's compared with another constant it will prune exploration
      of the branch that is guaranteed not to be taken at runtime.
      This is all correct, but malicious program may be constructed
      in such a way that it always has a constant comparison and
      the other branch is never taken under any conditions.
      In this case such path through the program will not be explored
      by the verifier. It won't be taken at run-time either, but since
      all instructions are JITed the malicious program may cause JITs
      to complain about using reserved fields, etc.
      To fix the issue we have to track the instructions explored by
      the verifier and sanitize instructions that are dead at run time
      with NOPs. We cannot reject such dead code, since llvm generates
      it for valid C code, since it doesn't do as much data flow
      analysis as the verifier does.
      
      Fixes: 17a52670 ("bpf: verifier (add verifier core)")
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      c131187d
    • D
      Merge branch 'bpf-fix-null-arg-semantics' · 107af8ec
      Daniel Borkmann 提交于
      Gianluca Borello says:
      
      ====================
      This set includes some fixes in semantics and usability issues that emerged
      recently, and would be good to have them in net before the next release.
      
      In particular, ARG_CONST_SIZE_OR_ZERO semantics was recently changed in
      commit 9fd29c08 ("bpf: improve verifier ARG_CONST_SIZE_OR_ZERO
      semantics") with the goal of letting the compiler generate simpler code
      that the verifier can more easily accept.
      
      To handle this change in semantics, a few checks in some helpers were
      added, like in commit 9c019e2b ("bpf: change helper bpf_probe_read arg2
      type to ARG_CONST_SIZE_OR_ZERO"), and those checks are less than ideal
      because once they make it into a released kernel bpf programs can start
      relying on them, preventing the possibility of being removed later on.
      
      This patch tries to fix the issue by introducing a new argument type
      ARG_PTR_TO_MEM_OR_NULL that can be used for helpers that can receive a
      <NULL, 0> tuple. By doing so, we can fix the semantics of the other helpers
      that don't need <NULL, 0> and can just handle <!NULL, 0>, allowing the code
      to get rid of those checks.
      ====================
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      107af8ec
    • G
      bpf: change bpf_perf_event_output arg5 type to ARG_CONST_SIZE_OR_ZERO · a60dd35d
      Gianluca Borello 提交于
      Commit 9fd29c08 ("bpf: improve verifier ARG_CONST_SIZE_OR_ZERO
      semantics") relaxed the treatment of ARG_CONST_SIZE_OR_ZERO due to the way
      the compiler generates optimized BPF code when checking boundaries of an
      argument from C code. A typical example of this optimized code can be
      generated using the bpf_perf_event_output helper when operating on variable
      memory:
      
      /* len is a generic scalar */
      if (len > 0 && len <= 0x7fff)
              bpf_perf_event_output(ctx, &perf_map, 0, buf, len);
      
      110: (79) r5 = *(u64 *)(r10 -40)
      111: (bf) r1 = r5
      112: (07) r1 += -1
      113: (25) if r1 > 0x7ffe goto pc+6
      114: (bf) r1 = r6
      115: (18) r2 = 0xffff94e5f166c200
      117: (b7) r3 = 0
      118: (bf) r4 = r7
      119: (85) call bpf_perf_event_output#25
      R5 min value is negative, either use unsigned or 'var &= const'
      
      With this code, the verifier loses track of the variable.
      
      Replacing arg5 with ARG_CONST_SIZE_OR_ZERO is thus desirable since it
      avoids this quite common case which leads to usability issues, and the
      compiler generates code that the verifier can more easily test:
      
      if (len <= 0x7fff)
              bpf_perf_event_output(ctx, &perf_map, 0, buf, len);
      
      or
      
      bpf_perf_event_output(ctx, &perf_map, 0, buf, len & 0x7fff);
      
      No changes to the bpf_perf_event_output helper are necessary since it can
      handle a case where size is 0, and an empty frame is pushed.
      Reported-by: NArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: NGianluca Borello <g.borello@gmail.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      a60dd35d
    • G
      bpf: change bpf_probe_read_str arg2 type to ARG_CONST_SIZE_OR_ZERO · 5c4e1201
      Gianluca Borello 提交于
      Commit 9fd29c08 ("bpf: improve verifier ARG_CONST_SIZE_OR_ZERO
      semantics") relaxed the treatment of ARG_CONST_SIZE_OR_ZERO due to the way
      the compiler generates optimized BPF code when checking boundaries of an
      argument from C code. A typical example of this optimized code can be
      generated using the bpf_probe_read_str helper when operating on variable
      memory:
      
      /* len is a generic scalar */
      if (len > 0 && len <= 0x7fff)
              bpf_probe_read_str(p, len, s);
      
      251: (79) r1 = *(u64 *)(r10 -88)
      252: (07) r1 += -1
      253: (25) if r1 > 0x7ffe goto pc-42
      254: (bf) r1 = r7
      255: (79) r2 = *(u64 *)(r10 -88)
      256: (bf) r8 = r4
      257: (85) call bpf_probe_read_str#45
      R2 min value is negative, either use unsigned or 'var &= const'
      
      With this code, the verifier loses track of the variable.
      
      Replacing arg2 with ARG_CONST_SIZE_OR_ZERO is thus desirable since it
      avoids this quite common case which leads to usability issues, and the
      compiler generates code that the verifier can more easily test:
      
      if (len <= 0x7fff)
              bpf_probe_read_str(p, len, s);
      
      or
      
      bpf_probe_read_str(p, len & 0x7fff, s);
      
      No changes to the bpf_probe_read_str helper are necessary since
      strncpy_from_unsafe itself immediately returns if the size passed is 0.
      Signed-off-by: NGianluca Borello <g.borello@gmail.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      5c4e1201
    • G
      bpf: remove explicit handling of 0 for arg2 in bpf_probe_read · eb33f2cc
      Gianluca Borello 提交于
      Commit 9c019e2b ("bpf: change helper bpf_probe_read arg2 type to
      ARG_CONST_SIZE_OR_ZERO") changed arg2 type to ARG_CONST_SIZE_OR_ZERO to
      simplify writing bpf programs by taking advantage of the new semantics
      introduced for ARG_CONST_SIZE_OR_ZERO which allows <!NULL, 0> arguments.
      
      In order to prevent the helper from actually passing a NULL pointer to
      probe_kernel_read, which can happen when <NULL, 0> is passed to the helper,
      the commit also introduced an explicit check against size == 0.
      
      After the recent introduction of the ARG_PTR_TO_MEM_OR_NULL type,
      bpf_probe_read can not receive a pair of <NULL, 0> arguments anymore, thus
      the check is not needed anymore and can be removed, since probe_kernel_read
      can correctly handle a <!NULL, 0> call. This also fixes the semantics of
      the helper before it gets officially released and bpf programs start
      relying on this check.
      
      Fixes: 9c019e2b ("bpf: change helper bpf_probe_read arg2 type to ARG_CONST_SIZE_OR_ZERO")
      Signed-off-by: NGianluca Borello <g.borello@gmail.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: NYonghong Song <yhs@fb.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      eb33f2cc
    • G
      bpf: introduce ARG_PTR_TO_MEM_OR_NULL · db1ac496
      Gianluca Borello 提交于
      With the current ARG_PTR_TO_MEM/ARG_PTR_TO_UNINIT_MEM semantics, an helper
      argument can be NULL when the next argument type is ARG_CONST_SIZE_OR_ZERO
      and the verifier can prove the value of this next argument is 0. However,
      most helpers are just interested in handling <!NULL, 0>, so forcing them to
      deal with <NULL, 0> makes the implementation of those helpers more
      complicated for no apparent benefits, requiring them to explicitly handle
      those corner cases with checks that bpf programs could start relying upon,
      preventing the possibility of removing them later.
      
      Solve this by making ARG_PTR_TO_MEM/ARG_PTR_TO_UNINIT_MEM never accept NULL
      even when ARG_CONST_SIZE_OR_ZERO is set, and introduce a new argument type
      ARG_PTR_TO_MEM_OR_NULL to explicitly deal with the NULL case.
      
      Currently, the only helper that needs this is bpf_csum_diff_proto(), so
      change arg1 and arg3 to this new type as well.
      
      Also add a new battery of tests that explicitly test the
      !ARG_PTR_TO_MEM_OR_NULL combination: all the current ones testing the
      various <NULL, 0> variations are focused on bpf_csum_diff, so cover also
      other helpers.
      Signed-off-by: NGianluca Borello <g.borello@gmail.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      db1ac496
  3. 22 11月, 2017 14 次提交
  4. 21 11月, 2017 6 次提交
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 0c86a6bd
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Fix a reference to a module parameter which was lost during the
          GREv6 receive path rewrite, from Alexey Kodanev.
      
       2) Fix deref before NULL check in ipheth, from Gustavo A. R. Silva.
      
       3) RCU read lock imbalance in tun_build_skb(), from Xin Long.
      
       4) Some stragglers from the mac80211 folks:
      
            a) Timer conversions from Kees Cook
      
            b) Fix some sequencing issue when cfg80211 is built statically,
               from Johannes Berg
      
            c) Memory leak in mac80211_hwsim, from Ben Hutchings.
      
       5) Add new qmi_wwan device ID, from Sebastian Sjoholm.
      
       6) Fix use after free in tipc, from Jon Maloy.
      
       7) Missing kdoc in nfp driver, from Jakub Kicinski.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        nfp: flower: add missing kdoc
        tipc: fix access of released memory
        net: qmi_wwan: add Quectel BG96 2c7c:0296
        mlxsw: spectrum: Do not try to create non-existing ports during unsplit
        mac80211: properly free requested-but-not-started TX agg sessions
        mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
        cfg80211: initialize regulatory keys/database later
        mac80211: aggregation: Convert timers to use timer_setup()
        nl80211: don't expose wdev->ssid for most interfaces
        mac80211: Convert timers to use timer_setup()
        net: vxge: Fix some indentation issues
        net: ena: fix race condition between device reset and link up setup
        r8169: use same RTL8111EVL green settings as in vendor driver
        r8169: fix RTL8111EVL EEE and green settings
        tun: fix rcu_read_lock imbalance in tun_build_skb
        tcp: when scheduling TLP, time of RTO should account for current ACK
        usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
        gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
      0c86a6bd
    • L
      Merge tag 'for-linus-4.15-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux · b620fd2d
      Linus Torvalds 提交于
      Pull orangefs updates from Mike Marshall:
       "Fix:
      
         - stop setting atime on inode dirty (Martin Brandenburg)
      
        Cleanups:
      
         - remove initialization of i_version (Jeff Layton)
      
         - use ARRAY_SIZE (Jérémy Lefaure)
      
         - call op_release sooner when creating inodes (Mike MarshallMartin
           Brandenburg)"
      
      * tag 'for-linus-4.15-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
        orangefs: call op_release sooner when creating inodes
        orangefs: stop setting atime on inode dirty
        orangefs: use ARRAY_SIZE
        orangefs: remove initialization of i_version
      b620fd2d
    • L
      Merge tag 'ceph-for-4.15-rc1' of git://github.com/ceph/ceph-client · adb072d3
      Linus Torvalds 提交于
      Pull ceph updates from Ilya Dryomov:
       "We have a set of file locking improvements from Zheng, rbd rw/ro state
        handling code cleanup from myself and some assorted CephFS fixes from
        Jeff.
      
        rbd now defaults to single-major=Y, lifting the limit of ~240 rbd
        images per host for everyone"
      
      * tag 'ceph-for-4.15-rc1' of git://github.com/ceph/ceph-client:
        rbd: default to single-major device number scheme
        libceph: don't WARN() if user tries to add invalid key
        rbd: set discard_alignment to zero
        ceph: silence sparse endianness warning in encode_caps_cb
        ceph: remove the bump of i_version
        ceph: present consistent fsid, regardless of arch endianness
        ceph: clean up spinlocking and list handling around cleanup_cap_releases()
        rbd: get rid of rbd_mapping::read_only
        rbd: fix and simplify rbd_ioctl_set_ro()
        ceph: remove unused and redundant variable dropping
        ceph: mark expected switch fall-throughs
        ceph: -EINVAL on decoding failure in ceph_mdsc_handle_fsmap()
        ceph: disable cached readdir after dropping positive dentry
        ceph: fix bool initialization/comparison
        ceph: handle 'session get evicted while there are file locks'
        ceph: optimize flock encoding during reconnect
        ceph: make lock_to_ceph_filelock() static
        ceph: keep auth cap when inode has flocks or posix locks
      adb072d3
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk · 11ca75d2
      Linus Torvalds 提交于
      Pull printk updates from Petr Mladek:
      
       - print the warning about dropped messages on consoles on a separate
         line.   It makes it more legible.
      
       - one typo fix and small code clean up.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
        added new line symbol after warning about dropped messages
        printk: fix typo in printk_safe.c
        printk: simplify no_printk()
      11ca75d2
    • D
      Merge tag 'mac80211-for-davem-2017-11-20' of... · a13e8d41
      David S. Miller 提交于
      Merge tag 'mac80211-for-davem-2017-11-20' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      
      Johannes Berg says:
      
      ====================
      A few things:
       * straggler timer conversions from Kees
       * memory leak fix in hwsim
       * fix some fallout from regdb changes if wireless is built-in
       * also free aggregation sessions in startup state when station
         goes away, to avoid crashing the timer
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a13e8d41
    • J
      nfp: flower: add missing kdoc · b48b1f7a
      Jakub Kicinski 提交于
      Commit 0115552e ("nfp: remove false positive offloads
      in flower vxlan") missed adding kdoc for a new parameter
      of nfp_flower_add_offload().
      Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      Reviewed-by: NSimon Horman <simon.horman@netronome.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b48b1f7a