1. 20 Nov, 2019 21 commits
    • Prashant Malani's avatar
      r8152: Re-order napi_disable in rtl8152_close · 84811412
      Prashant Malani authored
      Both rtl_work_func_t() and rtl8152_close() call napi_disable().
      Since the two calls aren't protected by a lock, if the close
      function starts executing before the work function, we can get into a
      situation where the napi_disable() function is called twice in
      succession (first by rtl8152_close(), then by set_carrier()).
      
      In such a situation, the second call would loop indefinitely, since
      rtl8152_close() doesn't call napi_enable() to clear the NAPI_STATE_SCHED
      bit.
      
      The rtl8152_close() function in turn issues a
      cancel_delayed_work_sync(), and so it would wait indefinitely for the
      rtl_work_func_t() to complete. Since rtl8152_close() is called by a
      process holding rtnl_lock() which is requested by other processes, this
      eventually leads to a system deadlock and crash.
      
      Re-order the napi_disable() call to occur after the work function
      disabling and urb cancellation calls are issued.
      
      Change-Id: I6ef0b703fc214998a037a68f722f784e1d07815e
      Reported-by: http://crbug.com/1017928Signed-off-by: default avatarPrashant Malani <pmalani@chromium.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      84811412
    • David S. Miller's avatar
      Merge branch 'qca_spi-fixes' · b172845a
      David S. Miller authored
      Stefan Wahren says:
      
      ====================
      net: qca_spi: Fix receive and reset issues
      
      This small patch series fixes two major issues in the SPI driver for the
      QCA700x.
      
      It has been tested on a Charge Control C 300 (NXP i.MX6ULL +
      2x QCA7000).
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b172845a
    • Stefan Wahren's avatar
      net: qca_spi: Move reset_count to struct qcaspi · bc19c329
      Stefan Wahren authored
      The reset counter is specific for every QCA700x chip. So move this
      into the private driver struct. Otherwise we get unpredictable reset
      behavior in setups with multiple QCA700x chips.
      
      Fixes: 291ab06e (net: qualcomm: new Ethernet over SPI driver for QCA7000)
      Signed-off-by: default avatarStefan Wahren <stefan.wahren@in-tech.com>
      Signed-off-by: default avatarStefan Wahren <wahrenst@gmx.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bc19c329
    • Michael Heimpold's avatar
      net: qca_spi: fix receive buffer size check · 3e7e676c
      Michael Heimpold authored
      When receiving many or larger packets, e.g. when doing a file download,
      it was observed that the read buffer size register reports up to 4 bytes
      more than the current define allows in the check.
      If this is the case, then no data transfer is initiated to receive the
      packets (and thus to empty the buffer) which results in a stall of the
      interface.
      
      These 4 bytes are a hardware generated frame length which is prepended
      to the actual frame, thus we have to respect it during our check.
      
      Fixes: 026b907d ("net: qca_spi: Add available buffer space verification")
      Signed-off-by: default avatarMichael Heimpold <michael.heimpold@in-tech.com>
      Signed-off-by: default avatarStefan Wahren <wahrenst@gmx.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3e7e676c
    • David S. Miller's avatar
      Merge branch 'ibmvnic-regression' · aee024f6
      David S. Miller authored
      Juliet Kim says:
      
      ====================
      Support both XIVE and XICS modes in ibmvnic
      
      This series aims to support both XICS and XIVE with avoiding
      a regression in behavior when a system runs in XICS mode.
      
      Patch 1 reverts commit 11d49ce9
      (“net/ibmvnic: Fix EOI when running in XIVE mode.”)
      
      Patch 2 Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      aee024f6
    • Juliet Kim's avatar
      net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode · 2df5c60e
      Juliet Kim authored
      Reversion of commit 11d49ce9
      (“net/ibmvnic: Fix EOI when running in XIVE mode.”) leaves us
      calling H_EOI even in XIVE mode. That will fail with H_FUNCTION
      because H_EOI is not supported in that mode. That failure is
      harmless. Ignore it so we can use common code for both XICS and
      XIVE.
      Signed-off-by: default avatarJuliet Kim <julietk@linux.vnet.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2df5c60e
    • Juliet Kim's avatar
      Revert "net/ibmvnic: Fix EOI when running in XIVE mode" · 284f87d2
      Juliet Kim authored
      This reverts commit 11d49ce9
      (“net/ibmvnic: Fix EOI when running in XIVE mode.”) since that
      has the unintended effect of changing the interrupt priority
      and emits warning when running in legacy XICS mode.
      Signed-off-by: default avatarJuliet Kim <julietk@linux.vnet.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      284f87d2
    • David S. Miller's avatar
      Merge branch 's390-fixes' · a20ee510
      David S. Miller authored
      Julian Wiedmann says:
      
      ====================
      s390/qeth: fixes 2019-11-20
      
      please apply two late qeth fixes to your net tree.
      
      The first fixes a deadlock that can occur if a qeth device is set
      offline while in the middle of processing deferred HW events.
      The second patch converts the return value of an error path to
      use -EIO, so that it can be passed back to userspace.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a20ee510
    • Julian Wiedmann's avatar
      s390/qeth: return proper errno on IO error · 2f3c269d
      Julian Wiedmann authored
      When propagating IO errors back to userspace, one error path in
      qeth_irq() currently returns '1' instead of a proper errno.
      
      Fixes: 54daaca7 ("s390/qeth: cancel cmd on early error")
      Signed-off-by: default avatarJulian Wiedmann <jwi@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2f3c269d
    • Julian Wiedmann's avatar
      s390/qeth: fix potential deadlock on workqueue flush · c8183f54
      Julian Wiedmann authored
      The L2 bridgeport code uses the coarse 'conf_mutex' for guarding access
      to its configuration state.
      This can result in a deadlock when qeth_l2_stop_card() - called under the
      conf_mutex - blocks on flush_workqueue() to wait for the completion of
      pending bridgeport workers. Such workers would also need to aquire
      the conf_mutex, stalling indefinitely.
      
      Introduce a lock that specifically guards the bridgeport configuration,
      so that the workers no longer need the conf_mutex.
      Wrapping qeth_l2_promisc_to_bridge() in this fine-grained lock then also
      fixes a theoretical race against a concurrent qeth_bridge_port_role_store()
      operation.
      
      Fixes: c0a2e4d1 ("s390/qeth: conclude all event processing before offlining a card")
      Signed-off-by: default avatarJulian Wiedmann <jwi@linux.ibm.com>
      Reviewed-by: default avatarAlexandra Winter <wintera@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c8183f54
    • Hangbin Liu's avatar
      ipv6/route: return if there is no fib_nh_gw_family · 004b3942
      Hangbin Liu authored
      Previously we will return directly if (!rt || !rt->fib6_nh.fib_nh_gw_family)
      in function rt6_probe(), but after commit cc3a86c8
      ("ipv6: Change rt6_probe to take a fib6_nh"), the logic changed to
      return if there is fib_nh_gw_family.
      
      Fixes: cc3a86c8 ("ipv6: Change rt6_probe to take a fib6_nh")
      Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      004b3942
    • Jouni Hogander's avatar
      net-sysfs: Fix reference count leak in rx|netdev_queue_add_kobject · b8eb7183
      Jouni Hogander authored
      kobject_init_and_add takes reference even when it fails. This has
      to be given up by the caller in error handling. Otherwise memory
      allocated by kobject_init_and_add is never freed. Originally found
      by Syzkaller:
      
      BUG: memory leak
      unreferenced object 0xffff8880679f8b08 (size 8):
        comm "netdev_register", pid 269, jiffies 4294693094 (age 12.132s)
        hex dump (first 8 bytes):
          72 78 2d 30 00 36 20 d4                          rx-0.6 .
        backtrace:
          [<000000008c93818e>] __kmalloc_track_caller+0x16e/0x290
          [<000000001f2e4e49>] kvasprintf+0xb1/0x140
          [<000000007f313394>] kvasprintf_const+0x56/0x160
          [<00000000aeca11c8>] kobject_set_name_vargs+0x5b/0x140
          [<0000000073a0367c>] kobject_init_and_add+0xd8/0x170
          [<0000000088838e4b>] net_rx_queue_update_kobjects+0x152/0x560
          [<000000006be5f104>] netdev_register_kobject+0x210/0x380
          [<00000000e31dab9d>] register_netdevice+0xa1b/0xf00
          [<00000000f68b2465>] __tun_chr_ioctl+0x20d5/0x3dd0
          [<000000004c50599f>] tun_chr_ioctl+0x2f/0x40
          [<00000000bbd4c317>] do_vfs_ioctl+0x1c7/0x1510
          [<00000000d4c59e8f>] ksys_ioctl+0x99/0xb0
          [<00000000946aea81>] __x64_sys_ioctl+0x78/0xb0
          [<0000000038d946e5>] do_syscall_64+0x16f/0x580
          [<00000000e0aa5d8f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
          [<00000000285b3d1a>] 0xffffffffffffffff
      
      Cc: David Miller <davem@davemloft.net>
      Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
      Signed-off-by: default avatarJouni Hogander <jouni.hogander@unikie.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b8eb7183
    • Geert Uytterhoeven's avatar
      mdio_bus: Fix init if CONFIG_RESET_CONTROLLER=n · 6e4ff1c9
      Geert Uytterhoeven authored
      Commit 1d463956 ("mdio_bus: Fix PTR_ERR applied after initialization
      to constant") accidentally changed a check from -ENOTSUPP to -ENOSYS,
      causing failures if reset controller support is not enabled.  E.g. on
      r7s72100/rskrza1:
      
          sh-eth e8203000.ethernet: MDIO init failed: -524
          sh-eth: probe of e8203000.ethernet failed with error -524
      
      Seen on r8a7740/armadillo, r7s72100/rskrza1, and r7s9210/rza2mevb.
      
      Fixes: 1d463956 ("mdio_bus: Fix PTR_ERR applied after initialization to constant")
      Signed-off-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
      Cc: YueHaibing <yuehaibing@huawei.com>
      Cc: David S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6e4ff1c9
    • David S. Miller's avatar
      Revert "mdio_bus: fix mdio_register_device when RESET_CONTROLLER is disabled" · 2c61e821
      David S. Miller authored
      This reverts commit 075e238d.
      
      Going to go with Geert's fix instead, which also has a
      correct Fixes tag.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2c61e821
    • Huazhong Tan's avatar
      net: hns3: fix a wrong reset interrupt status mask · 74e78d6b
      Huazhong Tan authored
      According to hardware user manual, bits5~7 in register
      HCLGE_MISC_VECTOR_INT_STS means reset interrupts status,
      but HCLGE_RESET_INT_M is defined as bits0~2 now. So it
      will make hclge_reset_err_handle() read the wrong reset
      interrupt status.
      
      This patch fixes this wrong bit mask.
      
      Fixes: 2336f19d ("net: hns3: check reset interrupt status when reset fails")
      Signed-off-by: default avatarHuazhong Tan <tanhuazhong@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      74e78d6b
    • Chuhong Yuan's avatar
      net: fec: fix clock count mis-match · a31eda65
      Chuhong Yuan authored
      pm_runtime_put_autosuspend in probe will call runtime suspend to
      disable clks automatically if CONFIG_PM is defined. (If CONFIG_PM
      is not defined, its implementation will be empty, then runtime
      suspend will not be called.)
      
      Therefore, we can call pm_runtime_get_sync to runtime resume it
      first to enable clks, which matches the runtime suspend. (Only when
      CONFIG_PM is defined, otherwise pm_runtime_get_sync will also be
      empty, then runtime resume will not be called.)
      
      Then it is fine to disable clks without causing clock count mis-match.
      
      Fixes: c43eab3e ("net: fec: add missed clk_disable_unprepare in remove")
      Signed-off-by: default avatarChuhong Yuan <hslester96@gmail.com>
      Acked-by: default avatarFugang Duan <fugang.duan@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a31eda65
    • Davide Caratti's avatar
      net/sched: act_pedit: fix WARN() in the traffic path · f67169fe
      Davide Caratti authored
      when configuring act_pedit rules, the number of keys is validated only on
      addition of a new entry. This is not sufficient to avoid hitting a WARN()
      in the traffic path: for example, it is possible to replace a valid entry
      with a new one having 0 extended keys, thus causing splats in dmesg like:
      
       pedit BUG: index 42
       WARNING: CPU: 2 PID: 4054 at net/sched/act_pedit.c:410 tcf_pedit_act+0xc84/0x1200 [act_pedit]
       [...]
       RIP: 0010:tcf_pedit_act+0xc84/0x1200 [act_pedit]
       Code: 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e ac 00 00 00 48 8b 44 24 10 48 c7 c7 a0 c4 e4 c0 8b 70 18 e8 1c 30 95 ea <0f> 0b e9 a0 fa ff ff e8 00 03 f5 ea e9 14 f4 ff ff 48 89 58 40 e9
       RSP: 0018:ffff888077c9f320 EFLAGS: 00010286
       RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffffac2983a2
       RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff888053927bec
       RBP: dffffc0000000000 R08: ffffed100a726209 R09: ffffed100a726209
       R10: 0000000000000001 R11: ffffed100a726208 R12: ffff88804beea780
       R13: ffff888079a77400 R14: ffff88804beea780 R15: ffff888027ab2000
       FS:  00007fdeec9bd740(0000) GS:ffff888053900000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       CR2: 00007ffdb3dfd000 CR3: 000000004adb4006 CR4: 00000000001606e0
       Call Trace:
        tcf_action_exec+0x105/0x3f0
        tcf_classify+0xf2/0x410
        __dev_queue_xmit+0xcbf/0x2ae0
        ip_finish_output2+0x711/0x1fb0
        ip_output+0x1bf/0x4b0
        ip_send_skb+0x37/0xa0
        raw_sendmsg+0x180c/0x2430
        sock_sendmsg+0xdb/0x110
        __sys_sendto+0x257/0x2b0
        __x64_sys_sendto+0xdd/0x1b0
        do_syscall_64+0xa5/0x4e0
        entry_SYSCALL_64_after_hwframe+0x49/0xbe
       RIP: 0033:0x7fdeeb72e993
       Code: 48 8b 0d e0 74 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 0d d6 2c 00 00 75 13 49 89 ca b8 2c 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 4b cc 00 00 48 89 04 24
       RSP: 002b:00007ffdb3de8a18 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
       RAX: ffffffffffffffda RBX: 000055c81972b700 RCX: 00007fdeeb72e993
       RDX: 0000000000000040 RSI: 000055c81972b700 RDI: 0000000000000003
       RBP: 00007ffdb3dea130 R08: 000055c819728510 R09: 0000000000000010
       R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000040
       R13: 000055c81972b6c0 R14: 000055c81972969c R15: 0000000000000080
      
      Fix this moving the check on 'nkeys' earlier in tcf_pedit_init(), so that
      attempts to install rules having 0 keys are always rejected with -EINVAL.
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f67169fe
    • Russell King's avatar
      net: phylink: fix link mode modification in PHY mode · d9922c0e
      Russell King authored
      Modifying the link settings via phylink_ethtool_ksettings_set() and
      phylink_ethtool_set_pauseparam() didn't always work as intended for
      PHY based setups, as calling phylink_mac_config() would result in the
      unresolved configuration being committed to the MAC, rather than the
      configuration with the speed and duplex setting.
      
      This would work fine if the update caused the link to renegotiate,
      but if no settings have changed, phylib won't trigger a renegotiation
      cycle, and the MAC will be left incorrectly configured.
      
      Avoid calling phylink_mac_config() unless we are using an inband mode
      in phylink_ethtool_ksettings_set(), and use phy_set_asym_pause() as
      introduced in 4.20 to set the PHY settings in
      phylink_ethtool_set_pauseparam().
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d9922c0e
    • Russell King's avatar
      net: phylink: update documentation on create and destroy · 269a6b5f
      Russell King authored
      Update the documentation on phylink's create and destroy functions to
      explicitly state that the rtnl lock must not be held while calling
      these.
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      269a6b5f
    • Corinna Vinschen's avatar
      r8169: disable TSO on a single version of RTL8168c to fix performance · a0783cd0
      Corinna Vinschen authored
      During performance testing, I found that one of my r8169 NICs suffered
      a major performance loss, a 8168c model.
      
      Running netperf's TCP_STREAM test didn't return the expected
      throughput of > 900 Mb/s, but rather only about 22 Mb/s.  Strange
      enough, running the TCP_MAERTS and UDP_STREAM tests all returned with
      throughput > 900 Mb/s, as did TCP_STREAM with the other r8169 NICs I can
      test (either one of 8169s, 8168e, 8168f).
      
      Bisecting turned up commit 93681cd7,
      "r8169: enable HW csum and TSO" as the culprit.
      
      I added my 8168c version, RTL_GIGA_MAC_VER_22, to the code
      special-casing the 8168evl as per the patch below.  This fixed the
      performance problem for me.
      
      Fixes: 93681cd7 ("r8169: enable HW csum and TSO")
      Signed-off-by: default avatarCorinna Vinschen <vinschen@redhat.com>
      Reviewed-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a0783cd0
    • Zhu Yanjun's avatar
      MAINTAINERS: forcedeth: Change Zhu Yanjun's email address · c9d55b62
      Zhu Yanjun authored
      I prefer to use my personal email address for kernel related work.
      Signed-off-by: default avatarZhu Yanjun <yanjun.zhu@oracle.com>
      Acked-by: default avatarRain River <rain.1986.08.12@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c9d55b62
  2. 19 Nov, 2019 10 commits
  3. 17 Nov, 2019 6 commits
  4. 16 Nov, 2019 3 commits
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 5ffaf037
      Linus Torvalds authored
      Pull perf fixes from Ingo Molnar:
       "Misc fixes: a handful of AUX event handling related fixes, a Sparse
        fix and two ABI fixes"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/core: Fix missing static inline on perf_cgroup_switch()
        perf/core: Consistently fail fork on allocation failures
        perf/aux: Disallow aux_output for kernel events
        perf/core: Reattach a misplaced comment
        perf/aux: Fix the aux_output group inheritance fix
        perf/core: Disallow uncore-cgroup events
      5ffaf037
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 8be636dd
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix memory leak in xfrm_state code, from Steffen Klassert.
      
       2) Fix races between devlink reload operations and device
          setup/cleanup, from Jiri Pirko.
      
       3) Null deref in NFC code, from Stephan Gerhold.
      
       4) Refcount fixes in SMC, from Ursula Braun.
      
       5) Memory leak in slcan open error paths, from Jouni Hogander.
      
       6) Fix ETS bandwidth validation in hns3, from Yonglong Liu.
      
       7) Info leak on short USB request answers in ax88172a driver, from
          Oliver Neukum.
      
       8) Release mem region properly in ep93xx_eth, from Chuhong Yuan.
      
       9) PTP config timestamp flags validation, from Richard Cochran.
      
      10) Dangling pointers after SKB data realloc in seg6, from Andrea Mayer.
      
      11) Missing free_netdev() in gemini driver, from Chuhong Yuan.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (56 commits)
        ipmr: Fix skb headroom in ipmr_get_route().
        net: hns3: cleanup of stray struct hns3_link_mode_mapping
        net/smc: fix fastopen for non-blocking connect()
        rds: ib: update WR sizes when bringing up connection
        net: gemini: add missed free_netdev
        net: dsa: tag_8021q: Fix dsa_8021q_restore_pvid for an absent pvid
        seg6: fix skb transport_header after decap_and_validate()
        seg6: fix srh pointer in get_srh()
        net: stmmac: Use the correct style for SPDX License Identifier
        octeontx2-af: Use the correct style for SPDX License Identifier
        ptp: Extend the test program to check the external time stamp flags.
        mlx5: Reject requests to enable time stamping on both edges.
        igb: Reject requests that fail to enable time stamping on both edges.
        dp83640: Reject requests to enable time stamping on both edges.
        mv88e6xxx: Reject requests to enable time stamping on both edges.
        ptp: Introduce strict checking of external time stamp options.
        renesas: reject unsupported external timestamp flags
        mlx5: reject unsupported external timestamp flags
        igb: reject unsupported external timestamp flags
        dp83640: reject unsupported external timestamp flags
        ...
      8be636dd
    • Guillaume Nault's avatar
      ipmr: Fix skb headroom in ipmr_get_route(). · 7901cd97
      Guillaume Nault authored
      In route.c, inet_rtm_getroute_build_skb() creates an skb with no
      headroom. This skb is then used by inet_rtm_getroute() which may pass
      it to rt_fill_info() and, from there, to ipmr_get_route(). The later
      might try to reuse this skb by cloning it and prepending an IPv4
      header. But since the original skb has no headroom, skb_push() triggers
      skb_under_panic():
      
      skbuff: skb_under_panic: text:00000000ca46ad8a len:80 put:20 head:00000000cd28494e data:000000009366fd6b tail:0x3c end:0xec0 dev:veth0
      ------------[ cut here ]------------
      kernel BUG at net/core/skbuff.c:108!
      invalid opcode: 0000 [#1] SMP KASAN PTI
      CPU: 6 PID: 587 Comm: ip Not tainted 5.4.0-rc6+ #1
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-2.fc30 04/01/2014
      RIP: 0010:skb_panic+0xbf/0xd0
      Code: 41 a2 ff 8b 4b 70 4c 8b 4d d0 48 c7 c7 20 76 f5 8b 44 8b 45 bc 48 8b 55 c0 48 8b 75 c8 41 54 41 57 41 56 41 55 e8 75 dc 7a ff <0f> 0b 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00
      RSP: 0018:ffff888059ddf0b0 EFLAGS: 00010286
      RAX: 0000000000000086 RBX: ffff888060a315c0 RCX: ffffffff8abe4822
      RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88806c9a79cc
      RBP: ffff888059ddf118 R08: ffffed100d9361b1 R09: ffffed100d9361b0
      R10: ffff88805c68aee3 R11: ffffed100d9361b1 R12: ffff88805d218000
      R13: ffff88805c689fec R14: 000000000000003c R15: 0000000000000ec0
      FS:  00007f6af184b700(0000) GS:ffff88806c980000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007ffc8204a000 CR3: 0000000057b40006 CR4: 0000000000360ee0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       skb_push+0x7e/0x80
       ipmr_get_route+0x459/0x6fa
       rt_fill_info+0x692/0x9f0
       inet_rtm_getroute+0xd26/0xf20
       rtnetlink_rcv_msg+0x45d/0x630
       netlink_rcv_skb+0x1a5/0x220
       rtnetlink_rcv+0x15/0x20
       netlink_unicast+0x305/0x3a0
       netlink_sendmsg+0x575/0x730
       sock_sendmsg+0xb5/0xc0
       ___sys_sendmsg+0x497/0x4f0
       __sys_sendmsg+0xcb/0x150
       __x64_sys_sendmsg+0x48/0x50
       do_syscall_64+0xd2/0xac0
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      Actually the original skb used to have enough headroom, but the
      reserve_skb() call was lost with the introduction of
      inet_rtm_getroute_build_skb() by commit 404eb77e ("ipv4: support
      sport, dport and ip_proto in RTM_GETROUTE").
      
      We could reserve some headroom again in inet_rtm_getroute_build_skb(),
      but this function shouldn't be responsible for handling the special
      case of ipmr_get_route(). Let's handle that directly in
      ipmr_get_route() by calling skb_realloc_headroom() instead of
      skb_clone().
      
      Fixes: 404eb77e ("ipv4: support sport, dport and ip_proto in RTM_GETROUTE")
      Signed-off-by: default avatarGuillaume Nault <gnault@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7901cd97