1. 13 7月, 2015 5 次提交
  2. 12 7月, 2015 3 次提交
  3. 11 7月, 2015 6 次提交
    • M
      Doc: z8530book: Fix typo in API-z8530-sync-txdma-open.html · 145c3708
      Masanari Iida 提交于
      This patch fix a spelling typo found in API-z8530-sync-txdma-open.html.
      It is because this file was generated from comment in source,
      I have to fix comment in source.
      Signed-off-by: NMasanari Iida <standby24x7@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      145c3708
    • P
      net: inet_diag: always export IPV6_V6ONLY sockopt for listening sockets · 8220ea23
      Phil Sutter 提交于
      Reconsidering my commit 20462155 "net: inet_diag: export IPV6_V6ONLY
      sockopt", I am not happy with the limitations it causes for socket
      analysing code in userspace. Exporting the value only if it is set makes
      it hard for userspace to decide whether the option is not set or the
      kernel does not support exporting the option at all.
      
      >From an auditor's perspective, the interesting question for listening
      AF_INET6 sockets is: "Does it NOT have IPV6_V6ONLY set?" Because it is
      the unexpected case. This patch allows to answer this question reliably.
      Signed-off-by: NPhil Sutter <phil@nwl.cc>
      Cc: Eric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8220ea23
    • S
      bridge: mdb: allow the user to delete mdb entry if there's a querier · 51ed7f3e
      Satish Ashok 提交于
      Until now when a querier was present static entries couldn't be deleted.
      Fix this and allow the user to manipulate the mdb with or without a
      querier.
      Signed-off-by: NSatish Ashok <sashok@cumulusnetworks.com>
      Signed-off-by: NNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      51ed7f3e
    • D
      Merge branch 'netdev_unregister_races' · 7234e030
      David S. Miller 提交于
      Julian Anastasov says:
      
      ====================
      net: fixes for device unregistration
      
      Test script from Eric W. Biederman can catch a problem
      where packets from backlog are processed long after the last
      synchronize_net call. This can be reproduced after few tests
      if commit 381c759d ("ipv4: Avoid crashing in ip_error")
      is reverted for the test. Incoming packets do not hold
      reference to device but even if they do, subsystems do not
      expect packets to fly during and after the NETDEV_UNREGISTER
      event.
      
      The first fix has the cost of netif_running check in fast path.
      The second fix calls rcu_read_lock while local IRQ is disabled,
      I hope this is not against the rules.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7234e030
    • J
      net: call rcu_read_lock early in process_backlog · 2c17d27c
      Julian Anastasov 提交于
      Incoming packet should be either in backlog queue or
      in RCU read-side section. Otherwise, the final sequence of
      flush_backlog() and synchronize_net() may miss packets
      that can run without device reference:
      
      CPU 1                  CPU 2
                             skb->dev: no reference
                             process_backlog:__skb_dequeue
                             process_backlog:local_irq_enable
      
      on_each_cpu for
      flush_backlog =>       IPI(hardirq): flush_backlog
                             - packet not found in backlog
      
                             CPU delayed ...
      synchronize_net
      - no ongoing RCU
      read-side sections
      
      netdev_run_todo,
      rcu_barrier: no
      ongoing callbacks
                             __netif_receive_skb_core:rcu_read_lock
                             - too late
      free dev
                             process packet for freed dev
      
      Fixes: 6e583ce5 ("net: eliminate refcounting in backlog queue")
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Cc: Stephen Hemminger <stephen@networkplumber.org>
      Signed-off-by: NJulian Anastasov <ja@ssi.bg>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2c17d27c
    • J
      net: do not process device backlog during unregistration · e9e4dd32
      Julian Anastasov 提交于
      commit 381c759d ("ipv4: Avoid crashing in ip_error")
      fixes a problem where processed packet comes from device
      with destroyed inetdev (dev->ip_ptr). This is not expected
      because inetdev_destroy is called in NETDEV_UNREGISTER
      phase and packets should not be processed after
      dev_close_many() and synchronize_net(). Above fix is still
      required because inetdev_destroy can be called for other
      reasons. But it shows the real problem: backlog can keep
      packets for long time and they do not hold reference to
      device. Such packets are then delivered to upper levels
      at the same time when device is unregistered.
      Calling flush_backlog after NETDEV_UNREGISTER_FINAL still
      accounts all packets from backlog but before that some packets
      continue to be delivered to upper levels long after the
      synchronize_net call which is supposed to wait the last
      ones. Also, as Eric pointed out, processed packets, mostly
      from other devices, can continue to add new packets to backlog.
      
      Fix the problem by moving flush_backlog early, after the
      device driver is stopped and before the synchronize_net() call.
      Then use netif_running check to make sure we do not add more
      packets to backlog. We have to do it in enqueue_to_backlog
      context when the local IRQ is disabled. As result, after the
      flush_backlog and synchronize_net sequence all packets
      should be accounted.
      
      Thanks to Eric W. Biederman for the test script and his
      valuable feedback!
      Reported-by: NVittorio Gambaletta <linuxbugs@vittgam.net>
      Fixes: 6e583ce5 ("net: eliminate refcounting in backlog queue")
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Cc: Stephen Hemminger <stephen@networkplumber.org>
      Signed-off-by: NJulian Anastasov <ja@ssi.bg>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e9e4dd32
  4. 10 7月, 2015 8 次提交
  5. 09 7月, 2015 18 次提交
    • J
      macvtap: Destroy minor_idr on module_exit · d5de1987
      Johannes Thumshirn 提交于
      Destroy minor_idr on module_exit, reclaiming the allocated memory.
      
      This was detected by the following semantic patch (written by Luis Rodriguez
      <mcgrof@suse.com>)
      <SmPL>
      @ defines_module_init @
      declarer name module_init, module_exit;
      declarer name DEFINE_IDR;
      identifier init;
      @@
      
      module_init(init);
      
      @ defines_module_exit @
      identifier exit;
      @@
      
      module_exit(exit);
      
      @ declares_idr depends on defines_module_init && defines_module_exit @
      identifier idr;
      @@
      
      DEFINE_IDR(idr);
      
      @ on_exit_calls_destroy depends on declares_idr && defines_module_exit @
      identifier declares_idr.idr, defines_module_exit.exit;
      @@
      
      exit(void)
      {
       ...
       idr_destroy(&idr);
       ...
      }
      
      @ missing_module_idr_destroy depends on declares_idr && defines_module_exit && !on_exit_calls_destroy @
      identifier declares_idr.idr, defines_module_exit.exit;
      @@
      
      exit(void)
      {
       ...
       +idr_destroy(&idr);
      }
      </SmPL>
      Signed-off-by: NJohannes Thumshirn <jthumshirn@suse.de>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d5de1987
    • D
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · ace15bbb
      David S. Miller 提交于
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree. This batch
      mostly comes with patches to address fallout from the previous merge window
      cycle, they are:
      
      1) Use entry->state.hook_list from nf_queue() instead of the global nf_hooks
         which is not valid when used from NFPROTO_NETDEV, this should cause no
         problems though since we have no userspace queueing for that family, but
         let's fix this now for the sake of correctness. Patch from Eric W. Biederman.
      
      2) Fix compilation breakage in bridge netfilter if CONFIG_NF_DEFRAG_IPV4 is not
         set, from Bernhard Thaler.
      
      3) Use percpu jumpstack in arptables too, now that there's a single copy of the
         rule blob we can't store the return address there anymore. Patch from
         Florian Westphal.
      
      4) Fix a skb leak in the xmit path of bridge netfilter, problem there since
         2.6.37 although it should be not possible to hit invalid traffic there, also
         from Florian.
      
      5) Eric Leblond reports that when loading a large ruleset with many missing
         modules after a fresh boot, nf_tables can take long time commit it. Fix this
         by processing the full batch until the end, even on missing modules, then
         abort only once and restart processing.
      
      6) Add bridge netfilter files to the MAINTAINER files.
      
      7) Fix a net_device refcount leak in the new IPV6 bridge netfilter code, from
         Julien Grall.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ace15bbb
    • P
      sfc: Report TX completions to BQL after all TX events in interrupt · c936835c
      Peter Dunning 提交于
      The limit for BQL is updated each time we call
      netdev_tx_completed_queue.
      Without this patch the BQL limit was updated for every TX event we
      see.
      The issue was that this only updated the limit to handle the data
      we complete in two events as the first event wouldn't show that
      enough traffic had been processed between them.
      
      This was OK when interrupt moderation was off but not when it was
      on as more data had to be completed in a single interrupt.
      
      The patch changes this so that we do report the completion to BQL
      only when all the TX events in the interrupt have been processed.
      Signed-off-by: NShradha Shah <sshah@solarflare.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c936835c
    • Z
      drivers/net/usb: add device id for NVIDIA Tegra USB 3.0 Ethernet · d065c3c1
      Zheng Liu 提交于
      This device is sold as 'NVIDIA Tegra USB 3.0 Ethernet'.
      Chipset is RTL8153 and works with r8152.
      Signed-off-by: NZheng Liu <zhliu@nvidia.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d065c3c1
    • D
      3c59x: Fix shared IRQ handling · 4eed4d8f
      Denys Vlasenko 提交于
      As its first order of business, boomerang_interrupt() checks whether
      the device really has any pending interrupts. If it does not,
      it does nothing and returns, but it still returns IRQ_HANDLED.
      
      This is wrong: interrupt was not handled, IRQ handlers of other
      devices sharing this IRQ line need to be called.
      
      vortex_interrupt() has it right: it returns IRQ_NONE in this case
      via IRQ_RETVAL(0).
      
      Do the same in boomerang_interrupt().
      Signed-off-by: NDenys Vlasenko <dvlasenk@redhat.com>
      CC: David S. Miller <davem@davemloft.net>
      CC: linux-kernel@vger.kernel.org
      CC: netdev@vger.kernel.org
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4eed4d8f
    • N
      vmxnet3: prevent receive getting out of sequence on napi poll · 0769636c
      Neil Horman 提交于
      vmxnet3's current napi path is built to count every rx descriptor we recieve,
      and use that as a count of the napi budget.  That means its possible to return
      from a napi poll halfway through recieving a fragmented packet accross multiple
      dma descriptors.  If that happens, the next napi poll will start with the
      descriptor ring in an improper state (e.g. the first descriptor we look at may
      have the end-of-packet bit set), which will cause a BUG halt in the driver.
      
      Fix the issue by only counting whole received packets in the napi poll and
      returning that value, rather than the descriptor count.
      
      Tested by the reporter and myself, successfully
      Signed-off-by: NNeil Horman <nhorman@tuxdriver.com>
      CC: Shreyas Bhatewara <sbhatewara@vmware.com>
      CC: "David S. Miller" <davem@davemloft.net>
      Acked-by: NAndy Gospodarek <gospo@cumulusnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0769636c
    • A
      ipv4: add support for linkdown sysctl to netconf · 974d7af5
      Andy Gospodarek 提交于
      This kernel patch exports the value of the new
      ignore_routes_with_linkdown via netconf.
      
      v2: changes to notify userspace via netlink when sysctl values change
      and proposed for 'net' since this could be considered a bugfix
      Signed-off-by: NAndy Gospodarek <gospo@cumulusnetworks.com>
      Suggested-by: NNicolas Dichtel <nicolas.dichtel@6wind.com>
      Acked-by: NNicolas Dichtel <nicolas.dichtel@6wind.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      974d7af5
    • S
      sfc: Ensure down_write(&filter_sem) and up_write() are matched before calling efx_net_open() · 671b53ee
      Shradha Shah 提交于
      This patch avoids the double up_write to filter_sem if
      efx_net_open() fails.
      
      Resolves: 2d432f20Signed-off-by: NShradha Shah <sshah@solarflare.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      671b53ee
    • N
      bridge: mdb: zero out the local br_ip variable before use · f1158b74
      Nikolay Aleksandrov 提交于
      Since commit b0e9a30d ("bridge: Add vlan id to multicast groups")
      there's a check in br_ip_equal() for a matching vlan id, but the mdb
      functions were not modified to use (or at least zero it) so when an
      entry was added it would have a garbage vlan id (from the local br_ip
      variable in __br_mdb_add/del) and this would prevent it from being
      matched and also deleted. So zero out the whole local ip var to protect
      ourselves from future changes and also to fix the current bug, since
      there's no vlan id support in the mdb uapi - use always vlan id 0.
      Example before patch:
      root@debian:~# bridge mdb add dev br0 port eth1 grp 239.0.0.1 permanent
      root@debian:~# bridge mdb
      dev br0 port eth1 grp 239.0.0.1 permanent
      root@debian:~# bridge mdb del dev br0 port eth1 grp 239.0.0.1 permanent
      RTNETLINK answers: Invalid argument
      
      After patch:
      root@debian:~# bridge mdb add dev br0 port eth1 grp 239.0.0.1 permanent
      root@debian:~# bridge mdb
      dev br0 port eth1 grp 239.0.0.1 permanent
      root@debian:~# bridge mdb del dev br0 port eth1 grp 239.0.0.1 permanent
      root@debian:~# bridge mdb
      Signed-off-by: NNikolay Aleksandrov <razor@blackwall.org>
      Fixes: b0e9a30d ("bridge: Add vlan id to multicast groups")
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f1158b74
    • M
      drivers: net: cpsw: fix crash while accessing second slave ethernet interface · 1973db0d
      Mugunthan V N 提交于
      When cpsw's number of slave is set to 1 in device tree and while
      accessing second slave ndev and priv in cpsw_tx_interrupt(),
      there is a kernel crash. This is due to cpsw_get_slave_priv()
      not verifying number of slaves while retriving netdev priv and
      returns a invalid memory region. Fixing the issue by introducing
      number of slave check in cpsw_get_slave_priv() and
      cpsw_get_slave_ndev().
      
      [   15.879589] Unable to handle kernel paging request at virtual address 0f0e142c
      [   15.888540] pgd = ed374000
      [   15.891359] [0f0e142c] *pgd=00000000
      [   15.895105] Internal error: Oops: 5 [#1] SMP ARM
      [   15.899936] Modules linked in:
      [   15.903139] CPU: 0 PID: 593 Comm: udhcpc Tainted: G        W       4.1.0-12205-gfda8b18c-dirty #10
      [   15.912386] Hardware name: Generic AM43 (Flattened Device Tree)
      [   15.918557] task: ed2a2e00 ti: ed3fe000 task.ti: ed3fe000
      [   15.924187] PC is at cpsw_tx_interrupt+0x30/0x44
      [   15.929008] LR is at _raw_spin_unlock_irqrestore+0x40/0x44
      [   15.934726] pc : [<c048b9cc>]    lr : [<c05ef4f4>]    psr: 20000193
      [   15.934726] sp : ed3ffc08  ip : ed2a2e40  fp : 00000000
      [   15.946685] r10: c0969ce8  r9 : c0969cfc  r8 : 00000000
      [   15.952129] r7 : 000000c6  r6 : ee54ab00  r5 : ee169c64  r4 : ee534e00
      [   15.958932] r3 : 0f0e0d0c  r2 : 00000000  r1 : ed3ffbc0  r0 : 00000001
      [   15.965735] Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
      [   15.973261] Control: 10c5387d  Table: ad374059  DAC: 00000015
      [   15.979246] Process udhcpc (pid: 593, stack limit = 0xed3fe218)
      [   15.985414] Stack: (0xed3ffc08 to 0xed400000)
      [   15.989954] fc00:                   ee54ab00 c009928c c0a9e648 60000193 000032e4 ee169c00
      [   15.998478] fc20: ee169c64 ee169c00 ee169c64 ee54ab00 00000001 00000001 ee67e268 ee008800
      [   16.006995] fc40: ee534800 c009946c ee169c00 ee169c64 c08bd660 c009c370 c009c2a4 000000c6
      [   16.015513] fc60: c08b75c4 c08b0854 00000000 c0098b3c 000000c6 c0098c50 ed3ffcb0 0000003a
      [   16.024033] fc80: ed3ffcb0 fa24010c c08b7800 fa240100 ee7e9880 c00094c4 c05ef4e8 60000013
      [   16.032556] fca0: ffffffff ed3ffce4 ee7e9880 c05ef964 00000001 ed2a33d8 00000000 ed2a2e00
      [   16.041080] fcc0: 60000013 ee536bf8 60000013 ee51b800 ee7e9880 ee67e268 ee7e9880 ee534800
      [   16.049603] fce0: c0ad0768 ed3ffcf8 c008e910 c05ef4e8 60000013 ffffffff 00000001 00000001
      [   16.058121] fd00: ee536bf8 c0487a04 00000000 00000000 ee534800 00000000 00000156 c048c990
      [   16.066645] fd20: 00000000 00000000 c0969f40 00000000 00000000 c05000e8 00000001 00000000
      [   16.075167] fd40: 00000000 c051eefc 00000000 ee67e268 00000000 00000000 ee51b800 ed3ffd9c
      [   16.083690] fd60: 00000000 ee67e200 ee51b800 ee7e9880 ee67e268 00000000 00000000 ee67e200
      [   16.092211] fd80: ee51b800 ee7e9880 ee67e268 ee534800 ee67e200 c051eedc ee67e268 00000010
      [   16.100727] fda0: 00000000 00000000 ee7e9880 ee534800 00000000 ee67e268 ee51b800 c05006fc
      [   16.109247] fdc0: ee67e268 00000001 c0500488 00000156 ee7e9880 00000000 ed3fe000 fffffff4
      [   16.117771] fde0: ed3fff1c ee7e9880 ee534800 00000148 00000000 ed1f8340 00000000 00000000
      [   16.126289] fe00: 00000000 c05a9054 00000000 00000000 00000156 c0ab62a8 00000010 ed3e7000
      [   16.134812] fe20: 00000000 00000008 edcfb700 ed3fff1c c0fb5f94 ed2a2e00 c0fb5f64 000005d8
      [   16.143336] fe40: c0a9b3b8 00000000 ed3e7070 00000000 00000000 00000000 00009f40 00000000
      [   16.151858] fe60: 00000000 00020022 00110008 00000000 00000000 43004400 00000000 ffffffff
      [   16.160374] fe80: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
      [   16.168898] fea0: edcfb700 bee5f380 00000014 00000000 ed3fe000 00000000 00004400 c04e2b64
      [   16.177415] fec0: 00000002 c04e3b00 ed3ffeec 00000001 0000011a 00000000 00000000 bee5f394
      [   16.185937] fee0: 00000148 ed3fff10 00000014 00000001 00000000 00000000 ed3ffee4 00000000
      [   16.194459] ff00: 00000000 00000000 00000000 c04e3664 00080011 00000002 06000000 ffffffff
      [   16.202980] ff20: 0000ffff ffffffff 0000ffff c008dd54 ee5a6f08 ee636e80 c096972d c0089c14
      [   16.211499] ff40: 00000000 60000013 ee5a6f40 60000013 00000000 ee5a6f40 00000002 00000006
      [   16.220023] ff60: 00000000 edcfb700 00000001 ed2a2e00 c000f60c 00000001 0000011a c008ea34
      [   16.228540] ff80: 00000006 00000000 bee5f380 00000014 bee5f380 00000014 bee5f380 00000122
      [   16.237059] ffa0: c000f7c4 c000f5e0 bee5f380 00000014 00000006 bee5f394 00000148 00000000
      [   16.245581] ffc0: bee5f380 00000014 bee5f380 00000122 fffffd6e 00004300 00004800 00004400
      [   16.254104] ffe0: bee5f378 bee5f36c 000307ec b6f39044 40000010 00000006 ed36fa40 00000000
      [   16.262642] [<c048b9cc>] (cpsw_tx_interrupt) from [<c009928c>] (handle_irq_event_percpu+0x64/0x204)
      [   16.272076] [<c009928c>] (handle_irq_event_percpu) from [<c009946c>] (handle_irq_event+0x40/0x64)
      [   16.281330] [<c009946c>] (handle_irq_event) from [<c009c370>] (handle_fasteoi_irq+0xcc/0x1a8)
      [   16.290220] [<c009c370>] (handle_fasteoi_irq) from [<c0098b3c>] (generic_handle_irq+0x20/0x30)
      [   16.299197] [<c0098b3c>] (generic_handle_irq) from [<c0098c50>] (__handle_domain_irq+0x64/0xdc)
      [   16.308273] [<c0098c50>] (__handle_domain_irq) from [<c00094c4>] (gic_handle_irq+0x20/0x60)
      [   16.316987] [<c00094c4>] (gic_handle_irq) from [<c05ef964>] (__irq_svc+0x44/0x5c)
      [   16.324779] Exception stack(0xed3ffcb0 to 0xed3ffcf8)
      [   16.330044] fca0:                                     00000001 ed2a33d8 00000000 ed2a2e00
      [   16.338567] fcc0: 60000013 ee536bf8 60000013 ee51b800 ee7e9880 ee67e268 ee7e9880 ee534800
      [   16.347090] fce0: c0ad0768 ed3ffcf8 c008e910 c05ef4e8 60000013 ffffffff
      [   16.353987] [<c05ef964>] (__irq_svc) from [<c05ef4e8>] (_raw_spin_unlock_irqrestore+0x34/0x44)
      [   16.362973] [<c05ef4e8>] (_raw_spin_unlock_irqrestore) from [<c0487a04>] (cpdma_check_free_tx_desc+0x60/0x6c)
      [   16.373311] [<c0487a04>] (cpdma_check_free_tx_desc) from [<c048c990>] (cpsw_ndo_start_xmit+0xb4/0x1ac)
      [   16.383017] [<c048c990>] (cpsw_ndo_start_xmit) from [<c05000e8>] (dev_hard_start_xmit+0x2a4/0x4c0)
      [   16.392364] [<c05000e8>] (dev_hard_start_xmit) from [<c051eedc>] (sch_direct_xmit+0xf4/0x210)
      [   16.401246] [<c051eedc>] (sch_direct_xmit) from [<c05006fc>] (__dev_queue_xmit+0x2ac/0x7bc)
      [   16.409960] [<c05006fc>] (__dev_queue_xmit) from [<c05a9054>] (packet_sendmsg+0xc68/0xeb4)
      [   16.418585] [<c05a9054>] (packet_sendmsg) from [<c04e2b64>] (sock_sendmsg+0x14/0x24)
      [   16.426663] [<c04e2b64>] (sock_sendmsg) from [<c04e3b00>] (SyS_sendto+0xb4/0xe0)
      [   16.434377] [<c04e3b00>] (SyS_sendto) from [<c000f5e0>] (ret_fast_syscall+0x0/0x54)
      [   16.442360] Code: e5943118 e593303c e3530000 0a000002 (e5930720)
      [   16.448716] ---[ end trace a68159f094d85ba6 ]---
      [   16.453526] Kernel panic - not syncing: Fatal exception in interrupt
      [   16.460149] ---[ end Kernel panic - not syncing: Fatal exception in interrupt
      Signed-off-by: NMugunthan V N <mugunthanvnm@ti.com>
      Cc: <stable@vger.kernel.org> # v3.8+
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1973db0d
    • S
      net/tipc: initialize security state for new connection socket · fdd75ea8
      Stephen Smalley 提交于
      Calling connect() with an AF_TIPC socket would trigger a series
      of error messages from SELinux along the lines of:
      SELinux: Invalid class 0
      type=AVC msg=audit(1434126658.487:34500): avc:  denied  { <unprintable> }
        for pid=292 comm="kworker/u16:5" scontext=system_u:system_r:kernel_t:s0
        tcontext=system_u:object_r:unlabeled_t:s0 tclass=<unprintable>
        permissive=0
      
      This was due to a failure to initialize the security state of the new
      connection sock by the tipc code, leaving it with junk in the security
      class field and an unlabeled secid.  Add a call to security_sk_clone()
      to inherit the security state from the parent socket.
      Reported-by: NTim Shearer <tim.shearer@overturenetworks.com>
      Signed-off-by: NStephen Smalley <sds@tycho.nsa.gov>
      Acked-by: NPaul Moore <paul@paul-moore.com>
      Acked-by: NYing Xue <ying.xue@windriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fdd75ea8
    • D
      Merge branch 'sfc-set-mac' · 4df48e8c
      David S. Miller 提交于
      Shradha Shah says:
      
      ====================
      sfc: compat for lack of VADAPTOR_SET_MAC in adaptor_firmware <= 4.1.1.1023
      
      This patch series resolves an incompatibility with legacy
      firmware due to the lack of MC_CMD_VADAPTOR_SET_MAC in
      adaptor_firmware <= 4.1.1.1023
      
      Unless this patch series is applied there will be a compatibility
      issue between the driver and Solarflare adapters running older
      firmware.
      
      Tested with and without CONFIG_SFC_SRIOV
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4df48e8c
    • D
    • D
      sfc: add legacy method for changing a PF's MAC address · 7a186f47
      Daniel Pieczko 提交于
      Some versions of MCFW do not support the MC_CMD_VADAPTOR_SET_MAC
      command, and ENOSYS will be returned.
      
      If the PF created its own vport, the function's datapath must be
      stopped and the vport can be reconfigured to reflect the new MAC
      address.
      
      If the MCFW created the vport for the PF (which is the case when
      the nic_data->vport_mac is blank), nothing further needs to be
      done as the vport is not under the control of the PF.
      
      This only applies to PFs because the MCFW in question does not
      support VFs.
      Signed-off-by: NShradha Shah <sshah@solarflare.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7a186f47
    • D
      sfc: refactor code in efx_ef10_set_mac_address() · 9e9f665a
      Daniel Pieczko 提交于
      Re-organize the structure of error handling to avoid having
      to duplicate the netif_err() around the ifdefs.
      
      The only change to the behaviour of the error-handling is that
      the PF's data structure to record VF details should only be
      updated if the original command succeeded.
      Signed-off-by: NShradha Shah <sshah@solarflare.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9e9f665a
    • M
      bonding: "primary_reselect" with "failure" is not working properly · b5a983f3
      Mazhar Rana 提交于
      When "primary_reselect" is set to "failure", primary interface should
      not become active until current active slave is down. But if we set first
      member of bond device as a "primary" interface and "primary_reselect"
      is set to "failure" then whenever primary interface's link get back(up)
      it become active slave even if current active slave is still up.
      
      With this patch, "bond_find_best_slave" will not traverse members if
      primary interface is not candidate for failover/reselection and current
      active slave is still up.
      Signed-off-by: NMazhar Rana <mazhar.rana@cyberoam.com>
      Signed-off-by: NJay Vosburgh <j.vosburgh@gmail.com>
      Signed-off-by: NJay Vosburgh <jay.vosburgh@canonical.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      b5a983f3
    • T
      ip_tunnel: fix ipv4 pmtu check to honor inner ip header df · fc24f2b2
      Timo Teräs 提交于
      Frag needed should be sent only if the inner header asked
      to not fragment. Currently fragmentation is broken if the
      tunnel has df set, but df was not asked in the original
      packet. The tunnel's df needs to be still checked to update
      internally the pmtu cache.
      
      Commit 23a3647b broke it, and this commit fixes
      the ipv4 df check back to the way it was.
      
      Fixes: 23a3647b ("ip_tunnels: Use skb-len to PMTU check.")
      Cc: Pravin B Shelar <pshelar@nicira.com>
      Signed-off-by: NTimo Teräs <timo.teras@iki.fi>
      Acked-by: NPravin B Shelar <pshelar@nicira.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fc24f2b2
    • D
      rtnetlink: verify IFLA_VF_INFO attributes before passing them to driver · 4f7d2cdf
      Daniel Borkmann 提交于
      Jason Gunthorpe reported that since commit c02db8c6 ("rtnetlink: make
      SR-IOV VF interface symmetric"), we don't verify IFLA_VF_INFO attributes
      anymore with respect to their policy, that is, ifla_vfinfo_policy[].
      
      Before, they were part of ifla_policy[], but they have been nested since
      placed under IFLA_VFINFO_LIST, that contains the attribute IFLA_VF_INFO,
      which is another nested attribute for the actual VF attributes such as
      IFLA_VF_MAC, IFLA_VF_VLAN, etc.
      
      Despite the policy being split out from ifla_policy[] in this commit,
      it's never applied anywhere. nla_for_each_nested() only does basic nla_ok()
      testing for struct nlattr, but it doesn't know about the data context and
      their requirements.
      
      Fix, on top of Jason's initial work, does 1) parsing of the attributes
      with the right policy, and 2) using the resulting parsed attribute table
      from 1) instead of the nla_for_each_nested() loop (just like we used to
      do when still part of ifla_policy[]).
      
      Reference: http://thread.gmane.org/gmane.linux.network/368913
      Fixes: c02db8c6 ("rtnetlink: make SR-IOV VF interface symmetric")
      Reported-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com>
      Cc: Chris Wright <chrisw@sous-sol.org>
      Cc: Sucheta Chakraborty <sucheta.chakraborty@qlogic.com>
      Cc: Greg Rose <gregory.v.rose@intel.com>
      Cc: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
      Cc: Rony Efraim <ronye@mellanox.com>
      Cc: Vlad Zolotarov <vladz@cloudius-systems.com>
      Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
      Cc: Thomas Graf <tgraf@suug.ch>
      Signed-off-by: NJason Gunthorpe <jgunthorpe@obsidianresearch.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: NVlad Zolotarov <vladz@cloudius-systems.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      4f7d2cdf