1. 14 Apr, 2020 4 commits
    • David Howells's avatar
      rxrpc: Fix DATA Tx to disable nofrag for UDP on AF_INET6 socket · 0e631eee
      David Howells authored
      Fix the DATA packet transmission to disable nofrag for UDPv4 on an AF_INET6
      socket as well as UDPv6 when trying to transmit fragmentably.
      
      Without this, packets filled to the normal size used by the kernel AFS
      client of 1412 bytes be rejected by udp_sendmsg() with EMSGSIZE
      immediately.  The ->sk_error_report() notification hook is called, but
      rxrpc doesn't generate a trace for it.
      
      This is a temporary fix; a more permanent solution needs to involve
      changing the size of the packets being filled in accordance with the MTU,
      which isn't currently done in AF_RXRPC.  The reason for not doing so was
      that, barring the last packet in an rx jumbo packet, jumbos can only be
      assembled out of 1412-byte packets - and the plan was to construct jumbos
      on the fly at transmission time.
      
      Also, there's no point turning on IPV6_MTU_DISCOVER, since IPv6 has to
      engage in this anyway since fragmentation is only done by the sender.  We
      can then condense the switch-statement in rxrpc_send_data_packet().
      
      Fixes: 75b54cb5 ("rxrpc: Add IPv6 support")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0e631eee
    • Atsushi Nemoto's avatar
      net: phy: micrel: use genphy_read_status for KSZ9131 · 68dac3eb
      Atsushi Nemoto authored
      KSZ9131 will not work with some switches due to workaround for KSZ9031
      introduced in commit d2fd719b
      ("net/phy: micrel: Add workaround for bad autoneg").
      Use genphy_read_status instead of dedicated ksz9031_read_status.
      
      Fixes: bff5b4b3 ("net: phy: micrel: add Microchip KSZ9131 initial driver")
      Signed-off-by: default avatarAtsushi Nemoto <atsushi.nemoto@sord.co.jp>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      68dac3eb
    • David S. Miller's avatar
      Merge tag 'wireless-drivers-2020-04-14' of... · 82f35276
      David S. Miller authored
      Merge tag 'wireless-drivers-2020-04-14' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
      
      Kalle Valo says:
      
      ====================
      wireless-drivers fixes for v5.7
      
      First set of fixes for v5.6. Fixes for a crash and for two compiler
      warnings.
      
      brcmfmac
      
      * fix a crash related to monitor interface
      
      ath11k
      
      * fix compiler warnings without CONFIG_THERMAL
      
      rtw88
      
      * fix compiler warnings related to suspend and resume functions
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      82f35276
    • Arnd Bergmann's avatar
      rtw88: avoid unused function warnings · 7dc7c416
      Arnd Bergmann authored
      The rtw88 driver defines emtpy functions with multiple indirections
      but gets one of these wrong:
      
      drivers/net/wireless/realtek/rtw88/pci.c:1347:12: error: 'rtw_pci_resume' defined but not used [-Werror=unused-function]
       1347 | static int rtw_pci_resume(struct device *dev)
            |            ^~~~~~~~~~~~~~
      drivers/net/wireless/realtek/rtw88/pci.c:1342:12: error: 'rtw_pci_suspend' defined but not used [-Werror=unused-function]
       1342 | static int rtw_pci_suspend(struct device *dev)
      
      Better simplify it to rely on the conditional reference in
      SIMPLE_DEV_PM_OPS(), and mark the functions as __maybe_unused to avoid
      warning about it.
      
      I'm not sure if these are needed at all given that the functions
      don't do anything, but they were only recently added.
      
      Fixes: 44bc17f7 ("rtw88: support wowlan feature for 8822c")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      Link: https://lore.kernel.org/r/20200408185413.218643-1-arnd@arndb.de
      7dc7c416
  2. 13 Apr, 2020 3 commits
  3. 12 Apr, 2020 3 commits
  4. 11 Apr, 2020 3 commits
  5. 10 Apr, 2020 1 commit
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 40fc7ad2
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2020-04-10
      
      The following pull-request contains BPF updates for your *net* tree.
      
      We've added 13 non-merge commits during the last 7 day(s) which contain
      a total of 13 files changed, 137 insertions(+), 43 deletions(-).
      
      The main changes are:
      
      1) JIT code emission fixes for riscv and arm32, from Luke Nelson and Xi Wang.
      
      2) Disable vmlinux BTF info if GCC_PLUGIN_RANDSTRUCT is used, from Slava Bacherikov.
      
      3) Fix oob write in AF_XDP when meta data is used, from Li RongQing.
      
      4) Fix bpf_get_link_xdp_id() handling on single prog when flags are specified,
         from Andrey Ignatov.
      
      5) Fix sk_assign() BPF helper for request sockets that can have sk_reuseport
         field uninitialized, from Joe Stringer.
      
      6) Fix mprotect() test case for the BPF LSM, from KP Singh.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      40fc7ad2
  6. 09 Apr, 2020 8 commits
    • Taras Chornyi's avatar
      net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin · 690cc863
      Taras Chornyi authored
      When CONFIG_IP_MULTICAST is not set and multicast ip is added to the device
      with autojoin flag or when multicast ip is deleted kernel will crash.
      
      steps to reproduce:
      
      ip addr add 224.0.0.0/32 dev eth0
      ip addr del 224.0.0.0/32 dev eth0
      
      or
      
      ip addr add 224.0.0.0/32 dev eth0 autojoin
      
      Unable to handle kernel NULL pointer dereference at virtual address 0000000000000088
       pc : _raw_write_lock_irqsave+0x1e0/0x2ac
       lr : lock_sock_nested+0x1c/0x60
       Call trace:
        _raw_write_lock_irqsave+0x1e0/0x2ac
        lock_sock_nested+0x1c/0x60
        ip_mc_config.isra.28+0x50/0xe0
        inet_rtm_deladdr+0x1a8/0x1f0
        rtnetlink_rcv_msg+0x120/0x350
        netlink_rcv_skb+0x58/0x120
        rtnetlink_rcv+0x14/0x20
        netlink_unicast+0x1b8/0x270
        netlink_sendmsg+0x1a0/0x3b0
        ____sys_sendmsg+0x248/0x290
        ___sys_sendmsg+0x80/0xc0
        __sys_sendmsg+0x68/0xc0
        __arm64_sys_sendmsg+0x20/0x30
        el0_svc_common.constprop.2+0x88/0x150
        do_el0_svc+0x20/0x80
       el0_sync_handler+0x118/0x190
        el0_sync+0x140/0x180
      
      Fixes: 93a714d6 ("multicast: Extend ip address command to enable multicast group join/leave on")
      Signed-off-by: default avatarTaras Chornyi <taras.chornyi@plvision.eu>
      Signed-off-by: default avatarVadym Kochan <vadym.kochan@plvision.eu>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      690cc863
    • Ka-Cheong Poon's avatar
      net/rds: Fix MR reference counting problem · 2fabef4f
      Ka-Cheong Poon authored
      In rds_free_mr(), it calls rds_destroy_mr(mr) directly.  But this
      defeats the purpose of reference counting and makes MR free handling
      impossible.  It means that holding a reference does not guarantee that
      it is safe to access some fields.  For example, In
      rds_cmsg_rdma_dest(), it increases the ref count, unlocks and then
      calls mr->r_trans->sync_mr().  But if rds_free_mr() (and
      rds_destroy_mr()) is called in between (there is no lock preventing
      this to happen), r_trans_private is set to NULL, causing a panic.
      Similar issue is in rds_rdma_unuse().
      Reported-by: default avatarzerons <sironhide0null@gmail.com>
      Signed-off-by: default avatarKa-Cheong Poon <ka-cheong.poon@oracle.com>
      Acked-by: default avatarSantosh Shilimkar <santosh.shilimkar@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2fabef4f
    • Ka-Cheong Poon's avatar
    • Taehee Yoo's avatar
      net: macsec: fix using wrong structure in macsec_changelink() · 022e9d60
      Taehee Yoo authored
      In the macsec_changelink(), "struct macsec_tx_sa tx_sc" is used to
      store "macsec_secy.tx_sc".
      But, the struct type of tx_sc is macsec_tx_sc, not macsec_tx_sa.
      So, the macsec_tx_sc should be used instead.
      
      Test commands:
          ip link add dummy0 type dummy
          ip link add macsec0 link dummy0 type macsec
          ip link set macsec0 type macsec encrypt off
      
      Splat looks like:
      [61119.963483][ T9335] ==================================================================
      [61119.964709][ T9335] BUG: KASAN: slab-out-of-bounds in macsec_changelink.part.34+0xb6/0x200 [macsec]
      [61119.965787][ T9335] Read of size 160 at addr ffff888020d69c68 by task ip/9335
      [61119.966699][ T9335]
      [61119.966979][ T9335] CPU: 0 PID: 9335 Comm: ip Not tainted 5.6.0+ #503
      [61119.967791][ T9335] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
      [61119.968914][ T9335] Call Trace:
      [61119.969324][ T9335]  dump_stack+0x96/0xdb
      [61119.969809][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
      [61119.970554][ T9335]  print_address_description.constprop.5+0x1be/0x360
      [61119.971294][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
      [61119.971973][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
      [61119.972703][ T9335]  __kasan_report+0x12a/0x170
      [61119.973323][ T9335]  ? macsec_changelink.part.34+0xb6/0x200 [macsec]
      [61119.973942][ T9335]  kasan_report+0xe/0x20
      [61119.974397][ T9335]  check_memory_region+0x149/0x1a0
      [61119.974866][ T9335]  memcpy+0x1f/0x50
      [61119.975209][ T9335]  macsec_changelink.part.34+0xb6/0x200 [macsec]
      [61119.975825][ T9335]  ? macsec_get_stats64+0x3e0/0x3e0 [macsec]
      [61119.976451][ T9335]  ? kernel_text_address+0x111/0x120
      [61119.976990][ T9335]  ? pskb_expand_head+0x25f/0xe10
      [61119.977503][ T9335]  ? stack_trace_save+0x82/0xb0
      [61119.977986][ T9335]  ? memset+0x1f/0x40
      [61119.978397][ T9335]  ? __nla_validate_parse+0x98/0x1ab0
      [61119.978936][ T9335]  ? macsec_alloc_tfm+0x90/0x90 [macsec]
      [61119.979511][ T9335]  ? __kasan_slab_free+0x111/0x150
      [61119.980021][ T9335]  ? kfree+0xce/0x2f0
      [61119.980700][ T9335]  ? netlink_trim+0x196/0x1f0
      [61119.981420][ T9335]  ? nla_memcpy+0x90/0x90
      [61119.982036][ T9335]  ? register_lock_class+0x19e0/0x19e0
      [61119.982776][ T9335]  ? memcpy+0x34/0x50
      [61119.983327][ T9335]  __rtnl_newlink+0x922/0x1270
      [ ... ]
      
      Fixes: 3cf3227a ("net: macsec: hardware offloading infrastructure")
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      022e9d60
    • Colin Ian King's avatar
      net-sysfs: remove redundant assignment to variable ret · 5f0224a6
      Colin Ian King authored
      The variable ret is being initialized with a value that is never read
      and it is being updated later with a new value.  The initialization is
      redundant and can be removed.
      
      Addresses-Coverity: ("Unused value")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5f0224a6
    • Wang Wenhu's avatar
      net: qrtr: send msgs from local of same id as broadcast · 6dbf02ac
      Wang Wenhu authored
      If the local node id(qrtr_local_nid) is not modified after its
      initialization, it equals to the broadcast node id(QRTR_NODE_BCAST).
      So the messages from local node should not be taken as broadcast
      and keep the process going to send them out anyway.
      
      The definitions are as follow:
      static unsigned int qrtr_local_nid = NUMA_NO_NODE;
      
      Fixes: fdf5fd39 ("net: qrtr: Broadcast messages only from control port")
      Signed-off-by: default avatarWang Wenhu <wenhu.wang@vivo.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6dbf02ac
    • David S. Miller's avatar
      Merge tag 'mlx5-fixes-2020-04-08' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux · 3d61a39d
      David S. Miller authored
      Saeed Mahameed says:
      
      ====================
      Mellanox, mlx5 fixes 2020-04-08
      
      This series introduces some fixes to mlx5 driver.
      
      Please pull and let me know if there is any problem.
      
      For -stable v5.3
       ('net/mlx5: Fix frequent ioread PCI access during recovery')
       ('net/mlx5e: Add missing release firmware call')
      
      For -stable v5.4
       ('net/mlx5e: Fix nest_level for vlan pop action')
       ('net/mlx5e: Fix pfnum in devlink port attribute')
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3d61a39d
    • Lothar Rubusch's avatar
      Documentation: devlink: fix broken link warning · e750b84d
      Lothar Rubusch authored
      At 'make htmldocs' the following warning is thrown:
      
      Documentation/networking/devlink/devlink-trap.rst:302:
      WARNING: undefined label: generic-packet-trap-groups
      
      Fixes the warning by setting the label to the specified header,
      within the same document.
      Signed-off-by: default avatarLothar Rubusch <l.rubusch@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e750b84d
  7. 08 Apr, 2020 18 commits