1. 11 Mar, 2022 9 commits
    • Jakub Kicinski's avatar
      Merge branch 'net-control-the-length-of-the-altname-list' · 46224853
      Jakub Kicinski authored
      Jakub Kicinski says:
      
      ====================
      net: control the length of the altname list
      
      Count the memory used for altnames and don't let user
      overflow the property nlattr. This was reported by George:
      https://lore.kernel.org/all/3e564baf-a1dd-122e-2882-ff143f7eb578@gmail.com/
      ====================
      
      Link: https://lore.kernel.org/r/20220309182914.423834-1-kuba@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      46224853
    • Jakub Kicinski's avatar
      net: limit altnames to 64k total · 155fb43b
      Jakub Kicinski authored
      Property list (altname is a link "property") is wrapped
      in a nlattr. nlattrs length is 16bit so practically
      speaking the list of properties can't be longer than
      that, otherwise user space would have to interpret
      broken netlink messages.
      
      Prevent the problem from occurring by checking the length
      of the property list before adding new entries.
      Reported-by: default avatarGeorge Shuklin <george.shuklin@gmail.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      155fb43b
    • Jakub Kicinski's avatar
      net: account alternate interface name memory · 5d26cff5
      Jakub Kicinski authored
      George reports that altnames can eat up kernel memory.
      We should charge that memory appropriately.
      Reported-by: default avatarGeorge Shuklin <george.shuklin@gmail.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      5d26cff5
    • Ilya Maximets's avatar
      net: openvswitch: fix uAPI incompatibility with existing user space · 1926407a
      Ilya Maximets authored
      Few years ago OVS user space made a strange choice in the commit [1]
      to define types only valid for the user space inside the copy of a
      kernel uAPI header.  '#ifndef __KERNEL__' and another attribute was
      added later.
      
      This leads to the inevitable clash between user space and kernel types
      when the kernel uAPI is extended.  The issue was unveiled with the
      addition of a new type for IPv6 extension header in kernel uAPI.
      
      When kernel provides the OVS_KEY_ATTR_IPV6_EXTHDRS attribute to the
      older user space application, application tries to parse it as
      OVS_KEY_ATTR_PACKET_TYPE and discards the whole netlink message as
      malformed.  Since OVS_KEY_ATTR_IPV6_EXTHDRS is supplied along with
      every IPv6 packet that goes to the user space, IPv6 support is fully
      broken.
      
      Fixing that by bringing these user space attributes to the kernel
      uAPI to avoid the clash.  Strictly speaking this is not the problem
      of the kernel uAPI, but changing it is the only way to avoid breakage
      of the older user space applications at this point.
      
      These 2 types are explicitly rejected now since they should not be
      passed to the kernel.  Additionally, OVS_KEY_ATTR_TUNNEL_INFO moved
      out from the '#ifdef __KERNEL__' as there is no good reason to hide
      it from the userspace.  And it's also explicitly rejected now, because
      it's for in-kernel use only.
      
      Comments with warnings were added to avoid the problem coming back.
      
      (1 << type) converted to (1ULL << type) to avoid integer overflow on
      OVS_KEY_ATTR_IPV6_EXTHDRS, since it equals 32 now.
      
       [1] beb75a40fdc2 ("userspace: Switching of L3 packets in L2 pipeline")
      
      Fixes: 28a3f060 ("net: openvswitch: IPv6: Add IPv6 extension header support")
      Link: https://lore.kernel.org/netdev/3adf00c7-fe65-3ef4-b6d7-6d8a0cad8a5f@nvidia.com
      Link: https://github.com/openvswitch/ovs/commit/beb75a40fdc295bfd6521b0068b4cd12f6de507cReported-by: default avatarRoi Dayan <roid@nvidia.com>
      Signed-off-by: default avatarIlya Maximets <i.maximets@ovn.org>
      Acked-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      Acked-by: default avatarAaron Conole <aconole@redhat.com>
      Link: https://lore.kernel.org/r/20220309222033.3018976-1-i.maximets@ovn.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      1926407a
    • Aleksander Jan Bajkowski's avatar
      net: dsa: lantiq_gswip: enable jumbo frames on GSWIP · c40bb4fe
      Aleksander Jan Bajkowski authored
      This enables non-standard MTUs on a per-port basis, with the overall
      frame size set based on the CPU port.
      
      When the MTU is not changed, this should have no effect.
      
      Long packets crash the switch with MTUs of greater than 2526, so the
      maximum is limited for now. Medium packets are sometimes dropped (e.g.
      TCP over 2477, UDP over 2516-2519, ICMP over 2526), Hence an MTU value
      of 2400 seems safe.
      Signed-off-by: default avatarThomas Nixon <tom@tomn.co.uk>
      Signed-off-by: default avatarAleksander Jan Bajkowski <olek2@wp.pl>
      Link: https://lore.kernel.org/r/20220308230457.1599237-1-olek2@wp.plSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      c40bb4fe
    • Jakub Kicinski's avatar
      Merge tag 'linux-can-next-for-5.18-20220310' of... · 8bed3d02
      Jakub Kicinski authored
      Merge tag 'linux-can-next-for-5.18-20220310' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can-next 2022-03-10
      
      The first 3 patches are by Oliver Hartkopp, target the CAN ISOTP
      protocol and update the CAN frame sending behavior, and increases the
      max PDU size to 64 kByte.
      
      The next 2 patches are also by Oliver Hartkopp and update the virtual
      VXCAN driver so that CAN frames send into the peer name space show up
      as RX'ed CAN frames.
      
      Vincent Mailhol contributes a patch for the etas_es58x driver to fix a
      false positive dereference uninitialized variable warning.
      
      2 patches by Ulrich Hecht add r8a779a0 SoC support to the rcar_canfd
      driver.
      
      The remaining 21 patches target the gs_usb driver and are by Peter
      Fink, Ben Evans, Eric Evenchick and me. This series cleans up the
      gs-usb driver, documents some bits of the USB ABI used by the widely
      used open source firmware candleLight, adds support for up to 3 CAN
      interfaces per USB device, adds CAN-FD support, adds quirks for some
      hardware and software workarounds and finally adds support for 2 new
      devices.
      
      * tag 'linux-can-next-for-5.18-20220310' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next: (29 commits)
        can: gs_usb: add VID/PID for ABE CAN Debugger devices
        can: gs_usb: add VID/PID for CES CANext FD devices
        can: gs_usb: add extended bt_const feature
        can: gs_usb: activate quirks for CANtact Pro unconditionally
        can: gs_usb: add quirk for CANtact Pro overlapping GS_USB_BREQ value
        can: gs_usb: add usb quirk for NXP LPC546xx controllers
        can: gs_usb: add CAN-FD support
        can: gs_usb: use union and FLEX_ARRAY for data in struct gs_host_frame
        can: gs_usb: support up to 3 channels per device
        can: gs_usb: gs_usb_probe(): introduce udev and make use of it
        can: gs_usb: document the PAD_PKTS_TO_MAX_PKT_SIZE feature
        can: gs_usb: document the USER_ID feature
        can: gs_usb: update GS_CAN_FEATURE_IDENTIFY documentation
        can: gs_usb: add HW timestamp mode bit
        can: gs_usb: gs_make_candev(): call SET_NETDEV_DEV() after handling all bt_const->feature
        can: gs_usb: rewrap usb_control_msg() and usb_fill_bulk_urb()
        can: gs_usb: rewrap error messages
        can: gs_usb: GS_CAN_FLAG_OVERFLOW: make use of BIT()
        can: gs_usb: sort include files alphabetically
        can: gs_usb: fix checkpatch warning
        ...
      ====================
      
      Link: https://lore.kernel.org/r/20220310142903.341658-1-mkl@pengutronix.deSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      8bed3d02
    • Jakub Kicinski's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 1e8a3f0d
      Jakub Kicinski authored
      net/dsa/dsa2.c
        commit afb3cc1a ("net: dsa: unlock the rtnl_mutex when dsa_master_setup() fails")
        commit e83d5653 ("net: dsa: replay master state events in dsa_tree_{setup,teardown}_master")
      https://lore.kernel.org/all/20220307101436.7ae87da0@canb.auug.org.au/
      
      drivers/net/ethernet/intel/ice/ice.h
        commit 97b01291 ("ice: Fix error with handling of bonding MTU")
        commit 43113ff7 ("ice: add TTY for GNSS module for E810T device")
      https://lore.kernel.org/all/20220310112843.3233bcf1@canb.auug.org.au/
      
      drivers/staging/gdm724x/gdm_lte.c
        commit fc7f750d ("staging: gdm724x: fix use after free in gdm_lte_rx()")
        commit 4bcc4249 ("staging: Use netif_rx().")
      https://lore.kernel.org/all/20220308111043.1018a59d@canb.auug.org.au/Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      1e8a3f0d
    • Linus Torvalds's avatar
      Merge tag 'net-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 186d32bb
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bluetooth, and ipsec.
      
        Current release - regressions:
      
         - Bluetooth: fix unbalanced unlock in set_device_flags()
      
         - Bluetooth: fix not processing all entries on cmd_sync_work, make
           connect with qualcomm and intel adapters reliable
      
         - Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
      
         - xdp: xdp_mem_allocator can be NULL in trace_mem_connect()
      
         - eth: ice: fix race condition and deadlock during interface enslave
      
        Current release - new code bugs:
      
         - tipc: fix incorrect order of state message data sanity check
      
        Previous releases - regressions:
      
         - esp: fix possible buffer overflow in ESP transformation
      
         - dsa: unlock the rtnl_mutex when dsa_master_setup() fails
      
         - phy: meson-gxl: fix interrupt handling in forced mode
      
         - smsc95xx: ignore -ENODEV errors when device is unplugged
      
        Previous releases - always broken:
      
         - xfrm: fix tunnel mode fragmentation behavior
      
         - esp: fix inter address family tunneling on GSO
      
         - tipc: fix null-deref due to race when enabling bearer
      
         - sctp: fix kernel-infoleak for SCTP sockets
      
         - eth: macb: fix lost RX packet wakeup race in NAPI receive
      
         - eth: intel stop disabling VFs due to PF error responses
      
         - eth: bcmgenet: don't claim WOL when its not available"
      
      * tag 'net-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (50 commits)
        xdp: xdp_mem_allocator can be NULL in trace_mem_connect().
        ice: Fix race condition during interface enslave
        net: phy: meson-gxl: improve link-up behavior
        net: bcmgenet: Don't claim WOL when its not available
        net: arc_emac: Fix use after free in arc_mdio_probe()
        sctp: fix kernel-infoleak for SCTP sockets
        net: phy: correct spelling error of media in documentation
        net: phy: DP83822: clear MISR2 register to disable interrupts
        gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
        selftests: pmtu.sh: Kill nettest processes launched in subshell.
        selftests: pmtu.sh: Kill tcpdump processes launched by subshell.
        NFC: port100: fix use-after-free in port100_send_complete
        net/mlx5e: SHAMPO, reduce TIR indication
        net/mlx5e: Lag, Only handle events from highest priority multipath entry
        net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE
        net/mlx5: Fix a race on command flush flow
        net/mlx5: Fix size field in bufferx_reg struct
        ax25: Fix NULL pointer dereference in ax25_kill_by_device
        net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr
        net: ethernet: lpc_eth: Handle error for clk_enable
        ...
      186d32bb
    • Sebastian Andrzej Siewior's avatar
      xdp: xdp_mem_allocator can be NULL in trace_mem_connect(). · e0ae7130
      Sebastian Andrzej Siewior authored
      Since the commit mentioned below __xdp_reg_mem_model() can return a NULL
      pointer. This pointer is dereferenced in trace_mem_connect() which leads
      to segfault.
      
      The trace points (mem_connect + mem_disconnect) were put in place to
      pair connect/disconnect using the IDs. The ID is only assigned if
      __xdp_reg_mem_model() does not return NULL. That connect trace point is
      of no use if there is no ID.
      
      Skip that connect trace point if xdp_alloc is NULL.
      
      [ Toke Høiland-Jørgensen delivered the reasoning for skipping the trace
        point ]
      
      Fixes: 4a48ef70 ("xdp: Allow registering memory model without rxq reference")
      Signed-off-by: default avatarSebastian Andrzej Siewior <bigeasy@linutronix.de>
      Acked-by: default avatarToke Høiland-Jørgensen <toke@redhat.com>
      Link: https://lore.kernel.org/r/YikmmXsffE+QajTB@linutronix.deSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      e0ae7130
  2. 10 Mar, 2022 31 commits