1. 28 Feb, 2022 1 commit
    • j.nixdorf@avm.de's avatar
      net: ipv6: ensure we call ipv6_mc_down() at most once · 9995b408
      j.nixdorf@avm.de authored
      There are two reasons for addrconf_notify() to be called with NETDEV_DOWN:
      either the network device is actually going down, or IPv6 was disabled
      on the interface.
      
      If either of them stays down while the other is toggled, we repeatedly
      call the code for NETDEV_DOWN, including ipv6_mc_down(), while never
      calling the corresponding ipv6_mc_up() in between. This will cause a
      new entry in idev->mc_tomb to be allocated for each multicast group
      the interface is subscribed to, which in turn leaks one struct ifmcaddr6
      per nontrivial multicast group the interface is subscribed to.
      
      The following reproducer will leak at least $n objects:
      
      ip addr add ff2e::4242/32 dev eth0 autojoin
      sysctl -w net.ipv6.conf.eth0.disable_ipv6=1
      for i in $(seq 1 $n); do
      	ip link set up eth0; ip link set down eth0
      done
      
      Joining groups with IPV6_ADD_MEMBERSHIP (unprivileged) or setting the
      sysctl net.ipv6.conf.eth0.forwarding to 1 (=> subscribing to ff02::2)
      can also be used to create a nontrivial idev->mc_list, which will the
      leak objects with the right up-down-sequence.
      
      Based on both sources for NETDEV_DOWN events the interface IPv6 state
      should be considered:
      
       - not ready if the network interface is not ready OR IPv6 is disabled
         for it
       - ready if the network interface is ready AND IPv6 is enabled for it
      
      The functions ipv6_mc_up() and ipv6_down() should only be run when this
      state changes.
      
      Implement this by remembering when the IPv6 state is ready, and only
      run ipv6_mc_down() if it actually changed from ready to not ready.
      
      The other direction (not ready -> ready) already works correctly, as:
      
       - the interface notification triggered codepath for NETDEV_UP /
         NETDEV_CHANGE returns early if ipv6 is disabled, and
       - the disable_ipv6=0 triggered codepath skips fully initializing the
         interface as long as addrconf_link_ready(dev) returns false
       - calling ipv6_mc_up() repeatedly does not leak anything
      
      Fixes: 3ce62a84 ("ipv6: exit early in addrconf_notify() if IPv6 is disabled")
      Signed-off-by: default avatarJohannes Nixdorf <j.nixdorf@avm.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9995b408
  2. 26 Feb, 2022 1 commit
    • David S. Miller's avatar
      Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue · 519ca6fa
      David S. Miller authored
      Tony Nguyen says:
      
      ====================
      Intel Wired LAN Driver Updates 2022-02-25
      
      This series contains updates to iavf driver only.
      
      Slawomir fixes stability issues that can be seen when stressing the
      driver using a large number of VFs with a multitude of operations.
      Among the fixes are reworking mutexes to provide more effective locking,
      ensuring initialization is complete before teardown, preventing
      operations which could race while removing the driver, stopping certain
      tasks from being queued when the device is down, and adding a missing
      mutex unlock.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      519ca6fa
  3. 25 Feb, 2022 35 commits
  4. 24 Feb, 2022 3 commits
    • Linus Torvalds's avatar
      Merge tag 'pci-v5.17-fixes-5' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · d8152cfe
      Linus Torvalds authored
      Pull pci fixes from Bjorn Helgaas:
      
       - Fix a merge error that broke PCI device enumeration on mvebu
         platforms, including Turris Omnia (Armada 385) (Pali Rohár)
      
       - Avoid using ATS on all AMD Navi10 and Navi14 GPUs because some
         VBIOSes don't account for "harvested" (disabled) parts of the chip
         when initializing caches (Alex Deucher)
      
      * tag 'pci-v5.17-fixes-5' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken
        PCI: mvebu: Fix device enumeration regression
      d8152cfe
    • Linus Torvalds's avatar
      Merge tag 'net-5.17-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · f672ff91
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bpf and netfilter.
      
        Current release - regressions:
      
         - bpf: fix crash due to out of bounds access into reg2btf_ids
      
         - mvpp2: always set port pcs ops, avoid null-deref
      
         - eth: marvell: fix driver load from initrd
      
         - eth: intel: revert "Fix reset bw limit when DCB enabled with 1 TC"
      
        Current release - new code bugs:
      
         - mptcp: fix race in overlapping signal events
      
        Previous releases - regressions:
      
         - xen-netback: revert hotplug-status changes causing devices to not
           be configured
      
         - dsa:
            - avoid call to __dev_set_promiscuity() while rtnl_mutex isn't
              held
            - fix panic when removing unoffloaded port from bridge
      
         - dsa: microchip: fix bridging with more than two member ports
      
        Previous releases - always broken:
      
         - bpf:
            - fix crash due to incorrect copy_map_value when both spin lock
              and timer are present in a single value
            - fix a bpf_timer initialization issue with clang
            - do not try bpf_msg_push_data with len 0
            - add schedule points in batch ops
      
         - nf_tables:
            - unregister flowtable hooks on netns exit
            - correct flow offload action array size
            - fix a couple of memory leaks
      
         - vsock: don't check owner in vhost_vsock_stop() while releasing
      
         - gso: do not skip outer ip header in case of ipip and net_failover
      
         - smc: use a mutex for locking "struct smc_pnettable"
      
         - openvswitch: fix setting ipv6 fields causing hw csum failure
      
         - mptcp: fix race in incoming ADD_ADDR option processing
      
         - sysfs: add check for netdevice being present to speed_show
      
         - sched: act_ct: fix flow table lookup after ct clear or switching
           zones
      
         - eth: intel: fixes for SR-IOV forwarding offloads
      
         - eth: broadcom: fixes for selftests and error recovery
      
         - eth: mellanox: flow steering and SR-IOV forwarding fixes
      
        Misc:
      
         - make __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor
           friends not report freed skbs as drops
      
         - force inlining of checksum functions in net/checksum.h"
      
      * tag 'net-5.17-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (85 commits)
        net: mv643xx_eth: process retval from of_get_mac_address
        ping: remove pr_err from ping_lookup
        Revert "i40e: Fix reset bw limit when DCB enabled with 1 TC"
        openvswitch: Fix setting ipv6 fields causing hw csum failure
        ipv6: prevent a possible race condition with lifetimes
        net/smc: Use a mutex for locking "struct smc_pnettable"
        bnx2x: fix driver load from initrd
        Revert "xen-netback: Check for hotplug-status existence before watching"
        Revert "xen-netback: remove 'hotplug-status' once it has served its purpose"
        net/mlx5e: Fix VF min/max rate parameters interchange mistake
        net/mlx5e: Add missing increment of count
        net/mlx5e: MPLSoUDP decap, fix check for unsupported matches
        net/mlx5e: Fix MPLSoUDP encap to use MPLS action information
        net/mlx5e: Add feature check for set fec counters
        net/mlx5e: TC, Skip redundant ct clear actions
        net/mlx5e: TC, Reject rules with forward and drop actions
        net/mlx5e: TC, Reject rules with drop and modify hdr action
        net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets
        net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
        net/mlx5: Fix possible deadlock on rule deletion
        ...
      f672ff91
    • Luiz Augusto von Dentz's avatar
      Bluetooth: hci_sync: Fix not using conn_timeout · a56a1138
      Luiz Augusto von Dentz authored
      When using hci_le_create_conn_sync it shall wait for the conn_timeout
      since the connection complete may take longer than just 2 seconds.
      
      Also fix the masking of HCI_EV_LE_ENHANCED_CONN_COMPLETE and
      HCI_EV_LE_CONN_COMPLETE so they are never both set so we can predict
      which one the controller will use in case of HCI_OP_LE_CREATE_CONN.
      
      Fixes: 6cd29ec6 ("Bluetooth: hci_sync: Wait for proper events when connecting LE")
      Signed-off-by: default avatarLuiz Augusto von Dentz <luiz.von.dentz@intel.com>
      Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      a56a1138