1. 25 Nov, 2015 5 commits
  2. 20 Nov, 2015 1 commit
  3. 18 Nov, 2015 2 commits
  4. 17 Nov, 2015 20 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 7f151f1d
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix list tests in netfilter ingress support, from Florian Westphal.
      
       2) Fix reversal of input and output interfaces in ingress hook
          invocation, from Pablo Neira Ayuso.
      
       3) We have a use after free in r8169, caught by Dave Jones, fixed by
          Francois Romieu.
      
       4) Splice use-after-free fix in AF_UNIX frmo Hannes Frederic Sowa.
      
       5) Three ipv6 route handling bug fixes from Martin KaFai Lau:
          a) Don't create clone routes not managed by the fib6 tree
          b) Don't forget to check expiration of DST_NOCACHE routes.
          c) Handle rt->dst.from == NULL properly.
      
       6) Several AF_PACKET fixes wrt transport header setting and SKB
          protocol setting, from Daniel Borkmann.
      
       7) Fix thunder driver crash on shutdown, from Pavel Fedin.
      
       8) Several Mellanox driver fixes (max MTU calculations, use of correct
          DMA unmap in TX path, etc.) from Saeed Mahameed, Tariq Toukan, Doron
          Tsur, Achiad Shochat, Eran Ben Elisha, and Noa Osherovich.
      
       9) Several mv88e6060 DSA driver fixes (wrong bit definitions for
          certain registers, etc.) from Neil Armstrong.
      
      10) Make sure to disable preemption while updating per-cpu stats of ip
          tunnels, from Jason A.  Donenfeld.
      
      11) Various ARM64 bpf JIT fixes, from Yang Shi.
      
      12) Flush icache properly in ARM JITs, from Daniel Borkmann.
      
      13) Fix masking of RX and TX interrupts in ravb driver, from Masaru
          Nagai.
      
      14) Fix netdev feature propagation for devices not implementing
          ->ndo_set_features().  From Nikolay Aleksandrov.
      
      15) Big endian fix in vmxnet3 driver, from Shrikrishna Khare.
      
      16) RAW socket code increments incorrect SNMP counters, fix from Ben
          Cartwright-Cox.
      
      17) IPv6 multicast SNMP counters are bumped twice, fix from Neil Horman.
      
      18) Fix handling of VLAN headers on stacked devices when REORDER is
          disabled.  From Vlad Yasevich.
      
      19) Fix SKB leaks and use-after-free in ipvlan and macvlan drivers, from
          Sabrina Dubroca.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (83 commits)
        MAINTAINERS: Update Mellanox's Eth NIC driver entries
        net/core: revert "net: fix __netdev_update_features return.." and add comment
        af_unix: take receive queue lock while appending new skb
        rtnetlink: fix frame size warning in rtnl_fill_ifinfo
        net: use skb_clone to avoid alloc_pages failure.
        packet: Use PAGE_ALIGNED macro
        packet: Don't check frames_per_block against negative values
        net: phy: Use interrupts when available in NOLINK state
        phy: marvell: Add support for 88E1540 PHY
        arm64: bpf: make BPF prologue and epilogue align with ARM64 AAPCS
        macvlan: fix leak in macvlan_handle_frame
        ipvlan: fix use after free of skb
        ipvlan: fix leak in ipvlan_rcv_frame
        vlan: Do not put vlan headers back on bridge and macvlan ports
        vlan: Fix untag operations of stacked vlans with REORDER_HEADER off
        via-velocity: unconditionally drop frames with bad l2 length
        ipg: Remove ipg driver
        dl2k: Add support for IP1000A-based cards
        snmp: Remove duplicate OUTMCAST stat increment
        net: thunder: Check for driver data in nicvf_remove()
        ...
      7f151f1d
    • Or Gerlitz's avatar
      MAINTAINERS: Update Mellanox's Eth NIC driver entries · e7523a49
      Or Gerlitz authored
      Eugenia (Jenny) Emantayev is replacing Amir Vadai as the
      mlx4 Ethernet driver maintainer.
      
      Saeed Mahameed is assigned to maintain mlx5 Eth functionality.
      Signed-off-by: default avatarOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e7523a49
    • Nikolay Aleksandrov's avatar
      net/core: revert "net: fix __netdev_update_features return.." and add comment · 17b85d29
      Nikolay Aleksandrov authored
      This reverts commit 00ee5927 ("net: fix __netdev_update_features return
      on ndo_set_features failure")
      and adds a comment explaining why it's okay to return a value other than
      0 upon error. Some drivers might actually change flags and return an
      error so it's better to fire a spurious notification rather than miss
      these.
      
      CC: Michał Mirosław <mirq-linux@rere.qmqm.pl>
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      17b85d29
    • Hannes Frederic Sowa's avatar
      af_unix: take receive queue lock while appending new skb · a3a116e0
      Hannes Frederic Sowa authored
      While possibly in future we don't necessarily need to use
      sk_buff_head.lock this is a rather larger change, as it affects the
      af_unix fd garbage collector, diag and socket cleanups. This is too much
      for a stable patch.
      
      For the time being grab sk_buff_head.lock without disabling bh and irqs,
      so don't use locked skb_queue_tail.
      
      Fixes: 869e7c62 ("net: af_unix: implement stream sendpage support")
      Cc: Eric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Reported-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a3a116e0
    • Hannes Frederic Sowa's avatar
      rtnetlink: fix frame size warning in rtnl_fill_ifinfo · b22b941b
      Hannes Frederic Sowa authored
      Fix the following warning:
      
        CC      net/core/rtnetlink.o
      net/core/rtnetlink.c: In function ‘rtnl_fill_ifinfo’:
      net/core/rtnetlink.c:1308:1: warning: the frame size of 2864 bytes is larger than 2048 bytes [-Wframe-larger-than=]
       }
       ^
      by splitting up the huge rtnl_fill_ifinfo into some smaller ones, so we
      don't have the huge frame allocations at the same time.
      
      Cc: Eric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b22b941b
    • Martin Zhang's avatar
      net: use skb_clone to avoid alloc_pages failure. · 19125c1a
      Martin Zhang authored
      1. new skb only need dst and ip address(v4 or v6).
      2. skb_copy may need high order pages, which is very rare on long running server.
      Signed-off-by: default avatarJunwei Zhang <linggao.zjw@alibaba-inc.com>
      Signed-off-by: default avatarMartin Zhang <martinbj2008@gmail.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      19125c1a
    • Tobias Klauser's avatar
      packet: Use PAGE_ALIGNED macro · 90836b67
      Tobias Klauser authored
      Use PAGE_ALIGNED(...) instead of open-coding it.
      Signed-off-by: default avatarTobias Klauser <tklauser@distanz.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      90836b67
    • Tobias Klauser's avatar
      packet: Don't check frames_per_block against negative values · 4194b491
      Tobias Klauser authored
      rb->frames_per_block is an unsigned int, thus can never be negative.
      
      Also fix spacing in the calculation of frames_per_block.
      Signed-off-by: default avatarTobias Klauser <tklauser@distanz.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4194b491
    • Andrew Lunn's avatar
      net: phy: Use interrupts when available in NOLINK state · 321beec5
      Andrew Lunn authored
      The NOLINK state will poll the phy once a second to see if the link
      has come up. If the phy has an interrupt line, this polling can be
      skipped, since the phy should interrupt when the link returns.
      Signed-off-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      321beec5
    • Andrew Lunn's avatar
      phy: marvell: Add support for 88E1540 PHY · 819ec8e1
      Andrew Lunn authored
      The 88E1540 can be found embedded in the Marvell 88E6352 switch.  It
      is compatible with the 88E1510, so add support for it, using the
      88E1510 specific functions.
      Signed-off-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      819ec8e1
    • Yang Shi's avatar
      arm64: bpf: make BPF prologue and epilogue align with ARM64 AAPCS · ec0738db
      Yang Shi authored
      Save and restore FP/LR in BPF prog prologue and epilogue, save SP to FP
      in prologue in order to get the correct stack backtrace.
      
      However, ARM64 JIT used FP (x29) as eBPF fp register, FP is subjected to
      change during function call so it may cause the BPF prog stack base address
      change too.
      
      Use x25 to replace FP as BPF stack base register (fp). Since x25 is callee
      saved register, so it will keep intact during function call.
      It is initialized in BPF prog prologue when BPF prog is started to run
      everytime. Save and restore x25/x26 in BPF prologue and epilogue to keep
      them intact for the outside of BPF. Actually, x26 is unnecessary, but SP
      requires 16 bytes alignment.
      
      So, the BPF stack layout looks like:
      
                                       high
               original A64_SP =>   0:+-----+ BPF prologue
                                      |FP/LR|
               current A64_FP =>  -16:+-----+
                                      | ... | callee saved registers
                                      +-----+
                                      |     | x25/x26
               BPF fp register => -80:+-----+
                                      |     |
                                      | ... | BPF prog stack
                                      |     |
                                      |     |
               current A64_SP =>      +-----+
                                      |     |
                                      | ... | Function call stack
                                      |     |
                                      +-----+
                                        low
      
      CC: Zi Shen Lim <zlim.lnx@gmail.com>
      CC: Xi Wang <xi.wang@gmail.com>
      Signed-off-by: default avatarYang Shi <yang.shi@linaro.org>
      Acked-by: default avatarZi Shen Lim <zlim.lnx@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ec0738db
    • Sabrina Dubroca's avatar
      macvlan: fix leak in macvlan_handle_frame · e639b8d8
      Sabrina Dubroca authored
      Reset pskb in macvlan_handle_frame in case skb_share_check returned a
      clone.
      
      Fixes: 8a4eb573 ("net: introduce rx_handler results and logic around that")
      Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e639b8d8
    • Sabrina Dubroca's avatar
      ipvlan: fix use after free of skb · a534dc52
      Sabrina Dubroca authored
      ipvlan_handle_frame is a rx_handler, and when it returns a value other
      than RX_HANDLER_CONSUMED (here, NET_RX_DROP aka RX_HANDLER_ANOTHER),
      __netif_receive_skb_core expects that the skb still exists and will
      process it further, but we just freed it.
      
      Fixes: 2ad7bf36 ("ipvlan: Initial check-in of the IPVLAN driver.")
      Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a534dc52
    • Sabrina Dubroca's avatar
      ipvlan: fix leak in ipvlan_rcv_frame · cf554ada
      Sabrina Dubroca authored
      Pass a **skb to ipvlan_rcv_frame so that if skb_share_check returns a
      new skb, we actually use it during further processing.
      
      It's safe to ignore the new skb in the ipvlan_xmit_* functions, because
      they call ipvlan_rcv_frame with local == true, so that dev_forward_skb
      is called and always takes ownership of the skb.
      
      Fixes: 2ad7bf36 ("ipvlan: Initial check-in of the IPVLAN driver.")
      Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cf554ada
    • David S. Miller's avatar
      Merge branch 'vlan-reorder' · eb3f8b42
      David S. Miller authored
      Vladislav Yasevich says:
      
      ====================
      Fix issues with vlans without REORDER_HEADER
      
      A while ago Phil Sutter brought up an issue with vlans without
      REORDER_HEADER and bridges.  The problem was that if a vlan
      without REORDER_HEADER was a port in the bridge, the bridge ended
      up forwarding corrupted packets that still contained the vlan header.
      The same issue exists for bridge mode macvlan/macvtap devices.
      
      An additional issue with vlans without REORDER_HEADER is that stacking
      them also doesn't work.  The reason here is that skb_reorder_vlan_header()
      function assumes that it on ETH_HLEN bytes deep into the packet.  That
      is not the case, when you a vlan without REORRDER_HEADER flag set.
      
      This series attempts to correct these 2 issues.
      
      1) To solve the stacked vlans problem, the patch simply use
      skb->mac_len as an offset to start copying mac addresses that
      is part of header reordering.
      
      2) To fix the issue with bridge/macvlan/macvtap, the second patch
      simply doesn't write the vlan header back to the packet if the
      vlan device is either a bridge or a macvlan port.  This ends up
      being the simplest and least performance intrussive solution.
      
      I've considered extending patch 2 to all stacked devices (essentially
      checked for the presense of rx_handler), but that feels like a broader
      restriction and _may_ break existing uses.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      eb3f8b42
    • Vlad Yasevich's avatar
      vlan: Do not put vlan headers back on bridge and macvlan ports · 28f9ee22
      Vlad Yasevich authored
      When a vlan is configured with REORDER_HEADER set to 0, the vlan
      header is put back into the packet and makes it appear that
      the vlan header is still there even after it's been processed.
      This posses a problem for bridge and macvlan ports.  The packets
      passed to those device may be forwarded and at the time of the
      forward, vlan headers end up being unexpectedly present.
      
      With the patch, we make sure that we do not put the vlan header
      back (when REORDER_HEADER is 0) if a bridge or macvlan has
      been configured on top of the vlan device.
      Signed-off-by: default avatarVladislav Yasevich <vyasevic@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      28f9ee22
    • Vlad Yasevich's avatar
      vlan: Fix untag operations of stacked vlans with REORDER_HEADER off · a6e18ff1
      Vlad Yasevich authored
      When we have multiple stacked vlan devices all of which have
      turned off REORDER_HEADER flag, the untag operation does not
      locate the ethernet addresses correctly for nested vlans.
      The reason is that in case of REORDER_HEADER flag being off,
      the outer vlan headers are put back and the mac_len is adjusted
      to account for the presense of the header.  Then, the subsequent
      untag operation, for the next level vlan, always use VLAN_ETH_HLEN
      to locate the begining of the ethernet header and that ends up
      being a multiple of 4 bytes short of the actuall beginning
      of the mac header (the multiple depending on the how many vlan
      encapsulations ethere are).
      
      As a reslult, if there are multiple levles of vlan devices
      with REODER_HEADER being off, the recevied packets end up
      being dropped.
      
      To solve this, we use skb->mac_len as the offset.  The value
      is always set on receive path and starts out as a ETH_HLEN.
      The value is also updated when the vlan header manupations occur
      so we know it will be correct.
      Signed-off-by: default avatarVladislav Yasevich <vyasevic@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a6e18ff1
    • Timo Teräs's avatar
      via-velocity: unconditionally drop frames with bad l2 length · 6c606fa3
      Timo Teräs authored
      By default the driver allowed incorrect frames to be received. What is
      worse the code does not handle very short frames correctly. The FCS
      length is unconditionally subtracted, and the underflow can cause
      skb_put to be called with large number after implicit cast to unsigned.
      And indeed, an skb_over_panic() was observed with via-velocity.
      
      This removes the module parameter as it does not work in it's
      current state, and should be implemented via NETIF_F_RXALL if needed.
      Suggested-by: default avatarFrancois Romieu <romieu@fr.zoreil.com>
      Signed-off-by: default avatarTimo Teräs <timo.teras@iki.fi>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6c606fa3
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · a18ab2f6
      Linus Torvalds authored
      Pull vfs fixes from Al Viro:
       "A fs-cache regression fix, and adding a warning about obnoxiou^W
        moderation of list given in MAINTAINERS"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        MAINTAINERS: linux-cachefs@redhat.com is moderated for non-subscribers
        FS-Cache: Add missing initialization of ret in cachefiles_write_page()
      a18ab2f6
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 864f83a1
      Linus Torvalds authored
      Pull crypto fix from Herbert Xu:
       "This fixes a bug in the qat driver where a user-space pointer is
        dereferenced"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: qat - don't use userspace pointer
      864f83a1
  5. 16 Nov, 2015 12 commits