1. 27 May, 2021 4 commits
    • Ariel Levkovich's avatar
      net/sched: act_ct: Fix ct template allocation for zone 0 · fb91702b
      Ariel Levkovich authored
      Fix current behavior of skipping template allocation in case the
      ct action is in zone 0.
      
      Skipping the allocation may cause the datapath ct code to ignore the
      entire ct action with all its attributes (commit, nat) in case the ct
      action in zone 0 was preceded by a ct clear action.
      
      The ct clear action sets the ct_state to untracked and resets the
      skb->_nfct pointer. Under these conditions and without an allocated
      ct template, the skb->_nfct pointer will remain NULL which will
      cause the tc ct action handler to exit without handling commit and nat
      actions, if such exist.
      
      For example, the following rule in OVS dp:
      recirc_id(0x2),ct_state(+new-est-rel-rpl+trk),ct_label(0/0x1), \
      in_port(eth0),actions:ct_clear,ct(commit,nat(src=10.11.0.12)), \
      recirc(0x37a)
      
      Will result in act_ct skipping the commit and nat actions in zone 0.
      
      The change removes the skipping of template allocation for zone 0 and
      treats it the same as any other zone.
      
      Fixes: b57dc7c1 ("net/sched: Introduce action ct")
      Signed-off-by: default avatarAriel Levkovich <lariel@nvidia.com>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Link: https://lore.kernel.org/r/20210526170110.54864-1-lariel@nvidia.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      fb91702b
    • Paul Blakey's avatar
      net/sched: act_ct: Offload connections with commit action · 0cc254e5
      Paul Blakey authored
      Currently established connections are not offloaded if the filter has a
      "ct commit" action. This behavior will not offload connections of the
      following scenario:
      
      $ tc_filter add dev $DEV ingress protocol ip prio 1 flower \
        ct_state -trk \
        action ct commit action goto chain 1
      
      $ tc_filter add dev $DEV ingress protocol ip chain 1 prio 1 flower \
        action mirred egress redirect dev $DEV2
      
      $ tc_filter add dev $DEV2 ingress protocol ip prio 1 flower \
        action ct commit action goto chain 1
      
      $ tc_filter add dev $DEV2 ingress protocol ip prio 1 chain 1 flower \
        ct_state +trk+est \
        action mirred egress redirect dev $DEV
      
      Offload established connections, regardless of the commit flag.
      
      Fixes: 46475bb2 ("net/sched: act_ct: Software offload of established flows")
      Reviewed-by: default avatarOz Shlomo <ozsh@nvidia.com>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarPaul Blakey <paulb@nvidia.com>
      Link: https://lore.kernel.org/r/1622029449-27060-1-git-send-email-paulb@nvidia.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      0cc254e5
    • Parav Pandit's avatar
      devlink: Correct VIRTUAL port to not have phys_port attributes · b28d8f0c
      Parav Pandit authored
      Physical port name, port number attributes do not belong to virtual port
      flavour. When VF or SF virtual ports are registered they incorrectly
      append "np0" string in the netdevice name of the VF/SF.
      
      Before this fix, VF netdevice name were ens2f0np0v0, ens2f0np0v1 for VF
      0 and 1 respectively.
      
      After the fix, they are ens2f0v0, ens2f0v1.
      
      With this fix, reading /sys/class/net/ens2f0v0/phys_port_name returns
      -EOPNOTSUPP.
      
      Also devlink port show example for 2 VFs on one PF to ensure that any
      physical port attributes are not exposed.
      
      $ devlink port show
      pci/0000:06:00.0/65535: type eth netdev ens2f0np0 flavour physical port 0 splittable false
      pci/0000:06:00.3/196608: type eth netdev ens2f0v0 flavour virtual splittable false
      pci/0000:06:00.4/262144: type eth netdev ens2f0v1 flavour virtual splittable false
      
      This change introduces a netdevice name change on systemd/udev
      version 245 and higher which honors phys_port_name sysfs file for
      generation of netdevice name.
      
      This also aligns to phys_port_name usage which is limited to switchdev
      ports as described in [1].
      
      [1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/tree/Documentation/networking/switchdev.rst
      
      Fixes: acf1ee44 ("devlink: Introduce devlink port flavour virtual")
      Signed-off-by: default avatarParav Pandit <parav@nvidia.com>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Link: https://lore.kernel.org/r/20210526200027.14008-1-parav@nvidia.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      b28d8f0c
    • Linus Torvalds's avatar
      Merge tag 'net-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · d7c5303f
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Networking fixes for 5.13-rc4, including fixes from bpf, netfilter,
        can and wireless trees. Notably including fixes for the recently
        announced "FragAttacks" WiFi vulnerabilities. Rather large batch,
        touching some core parts of the stack, too, but nothing hair-raising.
      
        Current release - regressions:
      
         - tipc: make node link identity publish thread safe
      
         - dsa: felix: re-enable TAS guard band mode
      
         - stmmac: correct clocks enabled in stmmac_vlan_rx_kill_vid()
      
         - stmmac: fix system hang if change mac address after interface
           ifdown
      
        Current release - new code bugs:
      
         - mptcp: avoid OOB access in setsockopt()
      
         - bpf: Fix nested bpf_bprintf_prepare with more per-cpu buffers
      
         - ethtool: stats: fix a copy-paste error - init correct array size
      
        Previous releases - regressions:
      
         - sched: fix packet stuck problem for lockless qdisc
      
         - net: really orphan skbs tied to closing sk
      
         - mlx4: fix EEPROM dump support
      
         - bpf: fix alu32 const subreg bound tracking on bitwise operations
      
         - bpf: fix mask direction swap upon off reg sign change
      
         - bpf, offload: reorder offload callback 'prepare' in verifier
      
         - stmmac: Fix MAC WoL not working if PHY does not support WoL
      
         - packetmmap: fix only tx timestamp on request
      
         - tipc: skb_linearize the head skb when reassembling msgs
      
        Previous releases - always broken:
      
         - mac80211: address recent "FragAttacks" vulnerabilities
      
         - mac80211: do not accept/forward invalid EAPOL frames
      
         - mptcp: avoid potential error message floods
      
         - bpf, ringbuf: deny reserve of buffers larger than ringbuf to
           prevent out of buffer writes
      
         - bpf: forbid trampoline attach for functions with variable arguments
      
         - bpf: add deny list of functions to prevent inf recursion of tracing
           programs
      
         - tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT
      
         - can: isotp: prevent race between isotp_bind() and
           isotp_setsockopt()
      
         - netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check,
           fallback to non-AVX2 version
      
        Misc:
      
         - bpf: add kconfig knob for disabling unpriv bpf by default"
      
      * tag 'net-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (172 commits)
        net: phy: Document phydev::dev_flags bits allocation
        mptcp: validate 'id' when stopping the ADD_ADDR retransmit timer
        mptcp: avoid error message on infinite mapping
        mptcp: drop unconditional pr_warn on bad opt
        mptcp: avoid OOB access in setsockopt()
        nfp: update maintainer and mailing list addresses
        net: mvpp2: add buffer header handling in RX
        bnx2x: Fix missing error code in bnx2x_iov_init_one()
        net: zero-initialize tc skb extension on allocation
        net: hns: Fix kernel-doc
        sctp: fix the proc_handler for sysctl encap_port
        sctp: add the missing setting for asoc encap_port
        bpf, selftests: Adjust few selftest result_unpriv outcomes
        bpf: No need to simulate speculative domain for immediates
        bpf: Fix mask direction swap upon off reg sign change
        bpf: Wrap aux data inside bpf_sanitize_info container
        bpf: Fix BPF_LSM kconfig symbol dependency
        selftests/bpf: Add test for l3 use of bpf_redirect_peer
        bpftool: Add sock_release help info for cgroup attach/prog load command
        net: dsa: microchip: enable phy errata workaround on 9567
        ...
      d7c5303f
  2. 26 May, 2021 2 commits
  3. 25 May, 2021 26 commits
  4. 24 May, 2021 8 commits
    • George McCollister's avatar
      net: dsa: microchip: enable phy errata workaround on 9567 · 8c42a497
      George McCollister authored
      Also enable phy errata workaround on 9567 since has the same errata as
      the 9477 according to the manufacture's documentation.
      Signed-off-by: default avatarGeorge McCollister <george.mccollister@gmail.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8c42a497
    • Pavel Skripkin's avatar
      net: usb: fix memory leak in smsc75xx_bind · 46a8b29c
      Pavel Skripkin authored
      Syzbot reported memory leak in smsc75xx_bind().
      The problem was is non-freed memory in case of
      errors after memory allocation.
      
      backtrace:
        [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline]
        [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline]
        [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460
        [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728
      
      Fixes: d0cad871 ("smsc75xx: SMSC LAN75xx USB gigabit ethernet adapter driver")
      Cc: stable@kernel.vger.org
      Reported-and-tested-by: syzbot+b558506ba8165425fee2@syzkaller.appspotmail.com
      Signed-off-by: default avatarPavel Skripkin <paskripkin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      46a8b29c
    • George McCollister's avatar
      net: hsr: fix mac_len checks · 48b491a5
      George McCollister authored
      Commit 2e9f6093 ("net: hsr: check skb can contain struct hsr_ethhdr
      in fill_frame_info") added the following which resulted in -EINVAL
      always being returned:
      	if (skb->mac_len < sizeof(struct hsr_ethhdr))
      		return -EINVAL;
      
      mac_len was not being set correctly so this check completely broke
      HSR/PRP since it was always 14, not 20.
      
      Set mac_len correctly and modify the mac_len checks to test in the
      correct places since sometimes it is legitimately 14.
      
      Fixes: 2e9f6093 ("net: hsr: check skb can contain struct hsr_ethhdr in fill_frame_info")
      Signed-off-by: default avatarGeorge McCollister <george.mccollister@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      48b491a5
    • Saubhik Mukherjee's avatar
      net: appletalk: cops: Fix data race in cops_probe1 · a4dd4fc6
      Saubhik Mukherjee authored
      In cops_probe1(), there is a write to dev->base_addr after requesting an
      interrupt line and registering the interrupt handler cops_interrupt().
      The handler might be called in parallel to handle an interrupt.
      cops_interrupt() tries to read dev->base_addr leading to a potential
      data race. So write to dev->base_addr before calling request_irq().
      
      Found by Linux Driver Verification project (linuxtesting.org).
      Signed-off-by: default avatarSaubhik Mukherjee <saubhik.mukherjee@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a4dd4fc6
    • David S. Miller's avatar
      Merge branch 'sja1105-fixes' · 93c5d741
      David S. Miller authored
      Vladimir Oltean says:
      
      ====================
      Fixes for SJA1105 DSA driver
      
      This series contains some minor fixes in the sja1105 driver:
      - improved error handling in the probe path
      - rejecting an invalid phy-mode specified in the device tree
      - register access fix for SJA1105P/Q/R/S for the virtual links through
        the dynamic reconfiguration interface
      - handling 2 bridge VLANs where the second is supposed to overwrite the
        first
      - making sure that the lack of a pvid results in the actual dropping of
        untagged traffic
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      93c5d741
    • Vladimir Oltean's avatar
      net: dsa: sja1105: update existing VLANs from the bridge VLAN list · b38e659d
      Vladimir Oltean authored
      When running this sequence of operations:
      
      ip link add br0 type bridge vlan_filtering 1
      ip link set swp4 master br0
      bridge vlan add dev swp4 vid 1
      
      We observe the traffic sent on swp4 is still untagged, even though the
      bridge has overwritten the existing VLAN entry:
      
      port    vlan ids
      swp4     1 PVID
      
      br0      1 PVID Egress Untagged
      
      This happens because we didn't consider that the 'bridge vlan add'
      command just overwrites VLANs like it's nothing. We treat the 'vid 1
      pvid untagged' and the 'vid 1' as two separate VLANs, and the first
      still has precedence when calling sja1105_build_vlan_table. Obviously
      there is a disagreement regarding semantics, and we end up doing
      something unexpected from the PoV of the bridge.
      
      Let's actually consider an "existing VLAN" to be one which is on the
      same port, and has the same VLAN ID, as one we already have, and update
      it if it has different flags than we do.
      
      The first blamed commit is the one introducing the bug, the second one
      is the latest on top of which the bugfix still applies.
      
      Fixes: ec5ae610 ("net: dsa: sja1105: save/restore VLANs using a delta commit method")
      Fixes: 5899ee36 ("net: dsa: tag_8021q: add a context structure")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b38e659d
    • Vladimir Oltean's avatar
      net: dsa: sja1105: use 4095 as the private VLAN for untagged traffic · ed040abc
      Vladimir Oltean authored
      One thing became visible when writing the blamed commit, and that was
      that STP and PTP frames injected by net/dsa/tag_sja1105.c using the
      deferred xmit mechanism are always classified to the pvid of the CPU
      port, regardless of whatever VLAN there might be in these packets.
      
      So a decision needed to be taken regarding the mechanism through which
      we should ensure that delivery of STP and PTP traffic is possible when
      we are in a VLAN awareness mode that involves tag_8021q. This is because
      tag_8021q is not concerned with managing the pvid of the CPU port, since
      as far as tag_8021q is concerned, no traffic should be sent as untagged
      from the CPU port. So we end up not actually having a pvid on the CPU
      port if we only listen to tag_8021q, and unless we do something about it.
      
      The decision taken at the time was to keep VLAN 1 in the list of
      priv->dsa_8021q_vlans, and make it a pvid of the CPU port. This ensures
      that STP and PTP frames can always be sent to the outside world.
      
      However there is a problem. If we do the following while we are in
      the best_effort_vlan_filtering=true mode:
      
      ip link add br0 type bridge vlan_filtering 1
      ip link set swp2 master br0
      bridge vlan del dev swp2 vid 1
      
      Then untagged and pvid-tagged frames should be dropped. But we observe
      that they aren't, and this is because of the precaution we took that VID
      1 is always installed on all ports.
      
      So clearly VLAN 1 is not good for this purpose. What about VLAN 0?
      Well, VLAN 0 is managed by the 8021q module, and that module wants to
      ensure that 802.1p tagged frames are always received by a port, and are
      always transmitted as VLAN-tagged (with VLAN ID 0). Whereas we want our
      STP and PTP frames to be untagged if the stack sent them as untagged -
      we don't want the driver to just decide out of the blue that it adds
      VID 0 to some packets.
      
      So what to do?
      
      Well, there is one other VLAN that is reserved, and that is 4095:
      $ ip link add link swp2 name swp2.4095 type vlan id 4095
      Error: 8021q: Invalid VLAN id.
      $ bridge vlan add dev swp2 vid 4095
      Error: bridge: Vlan id is invalid.
      
      After we made this change, VLAN 1 is indeed forwarded and/or dropped
      according to the bridge VLAN table, there are no further alterations
      done by the sja1105 driver.
      
      Fixes: ec5ae610 ("net: dsa: sja1105: save/restore VLANs using a delta commit method")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ed040abc
    • Vladimir Oltean's avatar
      net: dsa: sja1105: error out on unsupported PHY mode · 6729188d
      Vladimir Oltean authored
      The driver continues probing when a port is configured for an
      unsupported PHY interface type, instead it should stop.
      
      Fixes: 8aa9ebcc ("net: dsa: Introduce driver for NXP SJA1105 5-port L2 switch")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6729188d