1. 26 Aug, 2023 3 commits
  2. 25 Aug, 2023 9 commits
  3. 24 Aug, 2023 7 commits
    • Linus Torvalds's avatar
      Merge tag 'net-6.5-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · b5cc3833
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Including fixes from wifi, can and netfilter.
      
        Fixes to fixes:
      
         - nf_tables:
             - GC transaction race with abort path
             - defer gc run if previous batch is still pending
      
        Previous releases - regressions:
      
         - ipv4: fix data-races around inet->inet_id
      
         - phy: fix deadlocking in phy_error() invocation
      
         - mdio: fix C45 read/write protocol
      
         - ipvlan: fix a reference count leak warning in ipvlan_ns_exit()
      
         - ice: fix NULL pointer deref during VF reset
      
         - i40e: fix potential NULL pointer dereferencing of pf->vf in
           i40e_sync_vsi_filters()
      
         - tg3: use slab_build_skb() when needed
      
         - mtk_eth_soc: fix NULL pointer on hw reset
      
        Previous releases - always broken:
      
         - core: validate veth and vxcan peer ifindexes
      
         - sched: fix a qdisc modification with ambiguous command request
      
         - devlink: add missing unregister linecard notification
      
         - wifi: mac80211: limit reorder_buf_filtered to avoid UBSAN warning
      
         - batman:
            - do not get eth header before batadv_check_management_packet
            - fix batadv_v_ogm_aggr_send memory leak
      
         - bonding: fix macvlan over alb bond support
      
         - mlxsw: set time stamp fields also when its type is MIRROR_UTC"
      
      * tag 'net-6.5-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (54 commits)
        selftests: bonding: add macvlan over bond testing
        selftest: bond: add new topo bond_topo_2d1c.sh
        bonding: fix macvlan over alb bond support
        rtnetlink: Reject negative ifindexes in RTM_NEWLINK
        netfilter: nf_tables: defer gc run if previous batch is still pending
        netfilter: nf_tables: fix out of memory error handling
        netfilter: nf_tables: use correct lock to protect gc_list
        netfilter: nf_tables: GC transaction race with abort path
        netfilter: nf_tables: flush pending destroy work before netlink notifier
        netfilter: nf_tables: validate all pending tables
        ibmveth: Use dcbf rather than dcbfl
        i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters()
        net/sched: fix a qdisc modification with ambiguous command request
        igc: Fix the typo in the PTM Control macro
        batman-adv: Hold rtnl lock during MTU update via netlink
        igb: Avoid starting unnecessary workqueues
        can: raw: add missing refcount for memory leak fix
        can: isotp: fix support for transmission of SF without flow control
        bnx2x: new flag for track HW resource allocation
        sfc: allocate a big enough SKB for loopback selftest packet
        ...
      b5cc3833
    • Paolo Abeni's avatar
      Merge tag 'nf-23-08-23' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/netfilter/nf · 8938fc0c
      Paolo Abeni authored
      Florian Westphal says:
      
      ====================
      netfilter updates for net
      
      This PR contains nf_tables updates for your *net* tree.
      
      First patch fixes table validation, I broke this in 6.4 when tracking
      validation state per table, reported by Pablo, fixup from myself.
      
      Second patch makes sure objects waiting for memory release have been
      released, this was broken in 6.1, patch from Pablo Neira Ayuso.
      
      Patch three is a fix-for-fix from previous PR: In case a transaction
      gets aborted, gc sequence counter needs to be incremented so pending
      gc requests are invalidated, from Pablo.
      
      Same for patch 4: gc list needs to use gc list lock, not destroy lock,
      also from Pablo.
      
      Patch 5 fixes a UaF in a set backend, but this should only occur when
      failslab is enabled for GFP_KERNEL allocations, broken since feature
      was added in 5.6, from myself.
      
      Patch 6 fixes a double-free bug that was also added via previous PR:
      We must not schedule gc work if the previous batch is still queued.
      
      netfilter pull request 2023-08-23
      
      * tag 'nf-23-08-23' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
        netfilter: nf_tables: defer gc run if previous batch is still pending
        netfilter: nf_tables: fix out of memory error handling
        netfilter: nf_tables: use correct lock to protect gc_list
        netfilter: nf_tables: GC transaction race with abort path
        netfilter: nf_tables: flush pending destroy work before netlink notifier
        netfilter: nf_tables: validate all pending tables
      ====================
      
      Link: https://lore.kernel.org/r/20230823152711.15279-1-fw@strlen.deSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      8938fc0c
    • Paolo Abeni's avatar
      Merge branch 'fix-macvlan-over-alb-bond-support' · b251610c
      Paolo Abeni authored
      Hangbin Liu says:
      
      ====================
      fix macvlan over alb bond support
      
      Currently, the macvlan over alb bond is broken after commit
      14af9963 ("bonding: Support macvlans on top of tlb/rlb mode bonds").
      Fix this and add relate tests.
      ====================
      
      Link: https://lore.kernel.org/r/20230823071907.3027782-1-liuhangbin@gmail.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      b251610c
    • Hangbin Liu's avatar
      selftests: bonding: add macvlan over bond testing · 246af950
      Hangbin Liu authored
      Add a macvlan over bonding test with mode active-backup, balance-tlb
      and balance-alb.
      
      ]# ./bond_macvlan.sh
      TEST: active-backup: IPv4: client->server                           [ OK ]
      TEST: active-backup: IPv6: client->server                           [ OK ]
      TEST: active-backup: IPv4: client->macvlan_1                        [ OK ]
      TEST: active-backup: IPv6: client->macvlan_1                        [ OK ]
      TEST: active-backup: IPv4: client->macvlan_2                        [ OK ]
      TEST: active-backup: IPv6: client->macvlan_2                        [ OK ]
      TEST: active-backup: IPv4: macvlan_1->macvlan_2                     [ OK ]
      TEST: active-backup: IPv6: macvlan_1->macvlan_2                     [ OK ]
      TEST: active-backup: IPv4: server->client                           [ OK ]
      TEST: active-backup: IPv6: server->client                           [ OK ]
      TEST: active-backup: IPv4: macvlan_1->client                        [ OK ]
      TEST: active-backup: IPv6: macvlan_1->client                        [ OK ]
      TEST: active-backup: IPv4: macvlan_2->client                        [ OK ]
      TEST: active-backup: IPv6: macvlan_2->client                        [ OK ]
      TEST: active-backup: IPv4: macvlan_2->macvlan_2                     [ OK ]
      TEST: active-backup: IPv6: macvlan_2->macvlan_2                     [ OK ]
      [...]
      TEST: balance-alb: IPv4: client->server                             [ OK ]
      TEST: balance-alb: IPv6: client->server                             [ OK ]
      TEST: balance-alb: IPv4: client->macvlan_1                          [ OK ]
      TEST: balance-alb: IPv6: client->macvlan_1                          [ OK ]
      TEST: balance-alb: IPv4: client->macvlan_2                          [ OK ]
      TEST: balance-alb: IPv6: client->macvlan_2                          [ OK ]
      TEST: balance-alb: IPv4: macvlan_1->macvlan_2                       [ OK ]
      TEST: balance-alb: IPv6: macvlan_1->macvlan_2                       [ OK ]
      TEST: balance-alb: IPv4: server->client                             [ OK ]
      TEST: balance-alb: IPv6: server->client                             [ OK ]
      TEST: balance-alb: IPv4: macvlan_1->client                          [ OK ]
      TEST: balance-alb: IPv6: macvlan_1->client                          [ OK ]
      TEST: balance-alb: IPv4: macvlan_2->client                          [ OK ]
      TEST: balance-alb: IPv6: macvlan_2->client                          [ OK ]
      TEST: balance-alb: IPv4: macvlan_2->macvlan_2                       [ OK ]
      TEST: balance-alb: IPv6: macvlan_2->macvlan_2                       [ OK ]
      Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Acked-by: default avatarJay Vosburgh <jay.vosburgh@canonical.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      246af950
    • Hangbin Liu's avatar
      selftest: bond: add new topo bond_topo_2d1c.sh · 27aa43f8
      Hangbin Liu authored
      Add a new testing topo bond_topo_2d1c.sh which is used more commonly.
      Make bond_topo_3d1c.sh just source bond_topo_2d1c.sh and add the
      extra link.
      Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Acked-by: default avatarJay Vosburgh <jay.vosburgh@canonical.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      27aa43f8
    • Hangbin Liu's avatar
      bonding: fix macvlan over alb bond support · e74216b8
      Hangbin Liu authored
      The commit 14af9963 ("bonding: Support macvlans on top of tlb/rlb mode
      bonds") aims to enable the use of macvlans on top of rlb bond mode. However,
      the current rlb bond mode only handles ARP packets to update remote neighbor
      entries. This causes an issue when a macvlan is on top of the bond, and
      remote devices send packets to the macvlan using the bond's MAC address
      as the destination. After delivering the packets to the macvlan, the macvlan
      will rejects them as the MAC address is incorrect. Consequently, this commit
      makes macvlan over bond non-functional.
      
      To address this problem, one potential solution is to check for the presence
      of a macvlan port on the bond device using netif_is_macvlan_port(bond->dev)
      and return NULL in the rlb_arp_xmit() function. However, this approach
      doesn't fully resolve the situation when a VLAN exists between the bond and
      macvlan.
      
      So let's just do a partial revert for commit 14af9963 in rlb_arp_xmit().
      As the comment said, Don't modify or load balance ARPs that do not originate
      locally.
      
      Fixes: 14af9963 ("bonding: Support macvlans on top of tlb/rlb mode bonds")
      Reported-by: susan.zheng@veritas.com
      Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2117816Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Acked-by: default avatarJay Vosburgh <jay.vosburgh@canonical.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      e74216b8
    • Ido Schimmel's avatar
      rtnetlink: Reject negative ifindexes in RTM_NEWLINK · 30188bd7
      Ido Schimmel authored
      Negative ifindexes are illegal, but the kernel does not validate the
      ifindex in the ancillary header of RTM_NEWLINK messages, resulting in
      the kernel generating a warning [1] when such an ifindex is specified.
      
      Fix by rejecting negative ifindexes.
      
      [1]
      WARNING: CPU: 0 PID: 5031 at net/core/dev.c:9593 dev_index_reserve+0x1a2/0x1c0 net/core/dev.c:9593
      [...]
      Call Trace:
       <TASK>
       register_netdevice+0x69a/0x1490 net/core/dev.c:10081
       br_dev_newlink+0x27/0x110 net/bridge/br_netlink.c:1552
       rtnl_newlink_create net/core/rtnetlink.c:3471 [inline]
       __rtnl_newlink+0x115e/0x18c0 net/core/rtnetlink.c:3688
       rtnl_newlink+0x67/0xa0 net/core/rtnetlink.c:3701
       rtnetlink_rcv_msg+0x439/0xd30 net/core/rtnetlink.c:6427
       netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2545
       netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
       netlink_unicast+0x536/0x810 net/netlink/af_netlink.c:1368
       netlink_sendmsg+0x93c/0xe40 net/netlink/af_netlink.c:1910
       sock_sendmsg_nosec net/socket.c:728 [inline]
       sock_sendmsg+0xd9/0x180 net/socket.c:751
       ____sys_sendmsg+0x6ac/0x940 net/socket.c:2538
       ___sys_sendmsg+0x135/0x1d0 net/socket.c:2592
       __sys_sendmsg+0x117/0x1e0 net/socket.c:2621
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd
      
      Fixes: 38f7b870 ("[RTNETLINK]: Link creation API")
      Reported-by: syzbot+5ba06978f34abb058571@syzkaller.appspotmail.com
      Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Reviewed-by: default avatarJakub Kicinski <kuba@kernel.org>
      Link: https://lore.kernel.org/r/20230823064348.2252280-1-idosch@nvidia.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      30188bd7
  4. 23 Aug, 2023 20 commits
  5. 22 Aug, 2023 1 commit