- 18 Sep, 2018 3 commits
-
-
Stefan Nuernberger authored
commit 40413955 ("Cipso: cipso_v4_optptr enter infinite loop") fixed a possible infinite loop in the IP option parsing of CIPSO. The fix assumes that ip_options_compile filtered out all zero length options and that no other one-byte options beside IPOPT_END and IPOPT_NOOP exist. While this assumption currently holds true, add explicit checks for zero length and invalid length options to be safe for the future. Even though ip_options_compile should have validated the options, the introduction of new one-byte options can still confuse this code without the additional checks. Signed-off-by:
Stefan Nuernberger <snu@amazon.com> Cc: David Woodhouse <dwmw@amazon.co.uk> Cc: Simon Veith <sveith@amazon.de> Cc: stable@vger.kernel.org Acked-by:
Paul Moore <paul@paul-moore.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Jia-Ju Bai authored
The driver may sleep with holding a spinlock. The function call paths (from bottom to top) in Linux-4.17 are: [FUNC] usleep_range drivers/net/ethernet/socionext/sni_ave.c, 892: usleep_range in ave_rxfifo_reset drivers/net/ethernet/socionext/sni_ave.c, 932: ave_rxfifo_reset in ave_irq_handler [FUNC] usleep_range drivers/net/ethernet/socionext/sni_ave.c, 888: usleep_range in ave_rxfifo_reset drivers/net/ethernet/socionext/sni_ave.c, 932: ave_rxfifo_reset in ave_irq_handler To fix these bugs, usleep_range() is replaced with udelay(). These bugs are found by my static analysis tool DSAC. Signed-off-by:
Jia-Ju Bai <baijiaju1990@gmail.com> Signed-off-by:
-
Colin Ian King authored
It is impossible for frontpkt to be null at the point of the null check because it has been assigned from rearpkt and there is no way rearpkt can be null at the point of the assignment because of the sanity checking and exit paths taken previously. Remove the redundant null check. Detected by CoverityScan, CID#114434 ("Logically dead code") Signed-off-by:Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
- 17 Sep, 2018 35 commits
-
-
David S. Miller authored
Julian Wiedmann says: ==================== s390/qeth: updates 2018-09-17 please apply the following patchset to net-next. This brings more restructuring of qeth's transmit code (eliminating its last usage of skb_realloc_headroom()), and the usual mix of minor improvements & cleanups. ==================== Signed-off-by: -
Julian Wiedmann authored
qeth_get_ipacmd_buffer() obtains its buffers for building IPA cmds from __qeth_get_buffer(), where they are fully cleared. So get rid of all the additional zero-ing in various other places. Signed-off-by:
Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by:
-
Julian Wiedmann authored
For quite a lot of code paths it's obvious that they will never run in IRQ context. So replace their spin_lock_irqsave() calls with spin_lock_irq(). While at it, get rid of the redundant card pointer in struct qeth_reply that was used by qeth_send_control_data() to access the card's lock. Signed-off-by:
-
Julian Wiedmann authored
Assuming this was just a typo, as returning an actual negative value from a cmd callback would make no sense either. Signed-off-by:
-
Julian Wiedmann authored
Calling napi_schedule() from process context does not ensure that the NET_RX softirq is run in a timely fashion. So trigger it manually. This is no big issue with current code. A call to ndo_open() is usually followed by a ndo_set_rx_mode() call, and for qeth this contains a spin_unlock_bh(). Except for OSN, where qeth_l2_set_rx_mode() bails out early. Nevertheless it's best to not depend on this behaviour, and just fix the issue at its source like all other drivers do. For instance see commit 83a0c6e5 ("i40e: Invoke softirqs after napi_reschedule"). Fixes: a1c3ed4c ("qeth: NAPI support for l2 and l3 discipline") Signed-off-by:
-
Julian Wiedmann authored
When setting up, qeth installs its IRQ handler on the ccw devices. But the IRQ handler is not cleared on removal - so even after qeth yields control of the ccw devices, spurious interrupts would still be presented to us. Make (de-)installation of the IRQ handler part of the ccw channel setup/removal helpers, and while at it also add the appropriate locking. Shift around qeth_setup_channel() to avoid a forward declaration for qeth_irq(). Signed-off-by:
-
Julian Wiedmann authored
Restructure the OSN xmit path to handle misaligned HW headers properly, without shifting the packet data around. Signed-off-by:
-
Julian Wiedmann authored
Switch TSO over to the faster transmit path, and remove all the unused old TSO code. Signed-off-by:
-
Julian Wiedmann authored
Add all the necessary TSO plumbing to the copy-less transmit path. This includes calculating the right length of required protocol headers, and always building a separate buffer element for the TSO headers. A follow-up patch will then switch TSO traffic over to this path. Signed-off-by:
-
Julian Wiedmann authored
When qeth_add_hw_header() falls back to the header cache, ensure that the requested length doesn't exceed the object size. For current usage this is a no-brainer, but TSO transmission will introduce protocol headers of varying length. Signed-off-by:
-
Julian Wiedmann authored
When qeth_add_hw_header() falls back to the HW header cache, it also copies over the necessary protocol headers. Thus any manipulation to the protocol headers needs to happen before adding the HW header. For current usage this doesn't matter, but it becomes relevant when moving TSO transmission over to the faster code path. Signed-off-by:
-
Julian Wiedmann authored
Combined L3+L4 csum offload is only required for some L3 HW. So for L2 devices, don't offload the IP header csum calculation. Signed-off-by:
-
Julian Wiedmann authored
Convert the last remaining user of qeth_get_elements_no() to qeth_count_elements(), so this helper can be removed. Signed-off-by:
-
Julian Wiedmann authored
qeth_l3_xmit() is now only used for TSOv4 traffic, shrink it down. Signed-off-by:
-
Julian Wiedmann authored
L3 OSAs can only offload IPv4 traffic, use the common L2 transmit path for all other traffic. In particular there's no support for TX VLAN offload, so any such packet needs to be manually de-accelerated via ndo_features_check(). Signed-off-by:
-
Julian Wiedmann authored
We need the exact same transmit path for non-offload-eligible traffic on L3 OSAs. So make it accessible from both sub-drivers. Signed-off-by:
-
Weilin Chang authored
1. Add functions for get_fecparam and set_fecparam. 2. Modify lio_get_link_ksettings to display FEC setting. Signed-off-by:
Weilin Chang <weilin.chang@cavium.com> Acked-by:
Derek Chickles <derek.chickles@cavium.com> Signed-off-by:
Felix Manlunas <felix.manlunas@cavium.com> Signed-off-by:
-
zhong jiang authored
of_node_put has taken the null pointer check into account. So it is safe to remove the duplicated check before of_node_put. Signed-off-by:
zhong jiang <zhongjiang@huawei.com> Reviewed-by:
Vladimir Zapolskiy <vz@mleia.com> Acked-by:
Fugang Duan <fugang.duan@nxp.com> Signed-off-by:
-
zhong jiang authored
put_device has taken the null pinter check into account. So it is safe to remove the duplicated check before put_device. Signed-off-by:
-
zhong jiang authored
of_node_put has taken the null pointer check into account. So it is safe to remove the duplicated check before of_node_put. Signed-off-by:
-
zhong jiang authored
of_node_put has taken the null pointer check into account. So it is safe to remove the duplicated check before of_node_put. Signed-off-by:
-
Zhu Yanjun authored
The function rds_inc_init is in recv process. To use memset can optimize the function rds_inc_init. The test result: Before: 1) + 24.950 us | rds_inc_init [rds](); After: 1) + 10.990 us | rds_inc_init [rds](); Acked-by:Santosh Shilimkar <santosh.shilimkar@oracle.com> Signed-off-by:
Zhu Yanjun <yanjun.zhu@oracle.com> Signed-off-by:
-
Vakul Garg authored
A number of tls selftests rely upon recv() to return an exact number of data bytes. When tls record crypto is done using an async accelerator, it is possible that recv() returns lesser than expected number bytes. This leads to failure of many test cases. To fix it, MSG_WAITALL has been used in flags passed to recv() syscall. Signed-off-by:
Vakul Garg <vakul.garg@nxp.com> Signed-off-by:
-
Friedemann Gerold authored
This patch fixes skb_shared area, which will be corrupted upon reception of 4K jumbo packets. Originally build_skb usage purpose was to reuse page for skb to eliminate needs of extra fragments. But that logic does not take into account that skb_shared_info should be reserved at the end of skb data area. In case packet data consumes all the page (4K), skb_shinfo location overflows the page. As a consequence, __build_skb zeroed shinfo data above the allocated page, corrupting next page. The issue is rarely seen in real life because jumbo are normally larger than 4K and that causes another code path to trigger. But it 100% reproducible with simple scapy packet, like: sendp(IP(dst="192.168.100.3") / TCP(dport=443) \ / Raw(RandString(size=(4096-40))), iface="enp1s0") Fixes: 018423e9 ("net: ethernet: aquantia: Add ring support code") Reported-by:Friedemann Gerold <f.gerold@b-c-s.de> Reported-by:
Michael Rauch <michael@rauch.be> Signed-off-by:
Nikita Danilov <nikita.danilov@aquantia.com> Signed-off-by:
Igor Russkikh <igor.russkikh@aquantia.com> Signed-off-by:
-
David S. Miller authored
Hauke Mehrtens says: ==================== net: lantiq: Minor fixes for vrx200 and gswip These are mostly minor fixes to problems addresses in the latests round of the review of the original series adding these driver, which were not applied before the patches got merged into net-next. In addition it fixes a data bus error on poweroff. ==================== Signed-off-by: -
Hauke Mehrtens authored
The gswip tag was missing in the dsa_tag_protocol_to_str() function, add it. Fixes: 79691192 ("net: dsa: Add Lantiq / Intel GSWIP tag support") Signed-off-by:
Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by:
-
Hauke Mehrtens authored
Use one code block when returning because the interface type is unsupported and also check if some unsupported port gets configured. In addition fix a double the and use dsa_is_cpu_port() instated of manually getting the CPU port. Signed-off-by:
-
Hauke Mehrtens authored
The switch and the MAC are in one IP core and they use the same clock signal from the clock generation unit. Currently the clock architecture in the lantiq SoC code does not allow to easily share the same clocks, this has to be fixed by switching to the common clock framework. As a workaround the clock of the switch and MAC should be activated when the MAC gets probed and only disabled when the MAC gets removed. This way it is ensured that the clock is always enabled when the switch or MAC is used. The switch can not be used without the MAC. This fixes a data bus error when rebooting the system and deactivating the switch and mac and later accessing some registers in the cleanup while the clocks are disabled. Fixes: fe1a5642 ("net: lantiq: Add Lantiq / Intel VRX200 Ethernet driver") Signed-off-by:
-
Hauke Mehrtens authored
* Use one compatible line per line in the documentation * Remove SoC revision depended compatible lines, we can detect that in the driver * Use lower case letters in hex addresses * Fix the size of the address ranges in the example, this now matches the sizes used by the SoC. The old ones will also work, this just adds some empty address space. * Change the reg size of the gphy-fw node Fixes: 86ce2bc7 ("dt-bindings: net: dsa: Add lantiq, xrx200-gswip DT bindings") Signed-off-by:
-
Hauke Mehrtens authored
Use lower case letters in the addresses of the device tree binding. In addition replace eth with ethernet and fix the size of the reg element in the example. The additional range does not contain any registers but is used for the IP block on the this SoC. Fixes: 839790e8 ("dt-bindings: net: Add lantiq, xrx200-net DT bindings") Signed-off-by:
-
Wei Yongjun authored
Fixes the following sparse warning: drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c:322:5: warning: symbol 'hns_gmac_wait_fifo_clean' was not declared. Should it be static? Signed-off-by:
Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by:
-
Wei Yongjun authored
In case of error, the function devm_ioremap_resource() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Fixes: fe1a5642 ("net: lantiq: Add Lantiq / Intel VRX200 Ethernet driver") Signed-off-by:
-
Wei Yongjun authored
The return value from of_reset_control_array_get_exclusive() is not checked correctly. The test is done against a wrong variable. This patch fix it. Fixes: 14fceff4 ("net: dsa: Add Lantiq / Intel DSA driver for vrx200") Signed-off-by:
-
Wei Yongjun authored
In case of error, the function devm_ioremap_resource() returns ERR_PTR() and never returns NULL. The NULL test in the return value check should be replaced with IS_ERR(). Fixes: 14fceff4 ("net: dsa: Add Lantiq / Intel DSA driver for vrx200") Signed-off-by:
-
John Fastabend authored
When async support was added it needed to access the sk from the async callback to report errors up the stack. The patch tried to use space after the aead request struct by directly setting the reqsize field in aead_request. This is an internal field that should not be used outside the crypto APIs. It is used by the crypto code to define extra space for private structures used in the crypto context. Users of the API then use crypto_aead_reqsize() and add the returned amount of bytes to the end of the request memory allocation before posting the request to encrypt/decrypt APIs. So this breaks (with general protection fault and KASAN error, if enabled) because the request sent to decrypt is shorter than required causing the crypto API out-of-bounds errors. Also it seems unlikely the sk is even valid by the time it gets to the callback because of memset in crypto layer. Anyways, fix this by holding the sk in the skb->sk field when the callback is set up and because the skb is already passed through to the callback handler via void* we can access it in the handler. Then in the handler we need to be careful to NULL the pointer again before kfree_skb. I added comments on both the setup (in tls_do_decryption) and when we clear it from the crypto callback handler tls_decrypt_done(). After this selftests pass again and fixes KASAN errors/warnings. Fixes: 94524d8f ("net/tls: Add support for async decryption of tls records") Signed-off-by:
John Fastabend <john.fastabend@gmail.com> Reviewed-by:
-
- 16 Sep, 2018 2 commits
-
-
Haishuang Yan authored
Same as ip_gre, use gre_parse_header to parse gre header in gre error handler code. Signed-off-by:
Haishuang Yan <yanhaishuang@cmss.chinamobile.com> Signed-off-by:
-
Haishuang Yan authored
gre_parse_header stops parsing when csum_err is encountered, which means tpi->key is undefined and ip_tunnel_lookup will return NULL improperly. This patch introduce a NULL pointer as csum_err parameter. Even when csum_err is encountered, it won't return error and continue parsing gre header as expected. Fixes: 9f57c67c ("gre: Remove support for sharing GRE protocol hook.") Reported-by:
Jiri Benc <jbenc@redhat.com> Signed-off-by:
-
