1. 13 Mar, 2017 4 commits
    • Etienne Noss's avatar
      act_connmark: avoid crashing on malformed nlattrs with null parms · 52491c76
      Etienne Noss authored
      tcf_connmark_init does not check in its configuration if TCA_CONNMARK_PARMS
      is set, resulting in a null pointer dereference when trying to access it.
      
      [501099.043007] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
      [501099.043039] IP: [<ffffffffc10c60fb>] tcf_connmark_init+0x8b/0x180 [act_connmark]
      ...
      [501099.044334] Call Trace:
      [501099.044345]  [<ffffffffa47270e8>] ? tcf_action_init_1+0x198/0x1b0
      [501099.044363]  [<ffffffffa47271b0>] ? tcf_action_init+0xb0/0x120
      [501099.044380]  [<ffffffffa47250a4>] ? tcf_exts_validate+0xc4/0x110
      [501099.044398]  [<ffffffffc0f5fa97>] ? u32_set_parms+0xa7/0x270 [cls_u32]
      [501099.044417]  [<ffffffffc0f60bf0>] ? u32_change+0x680/0x87b [cls_u32]
      [501099.044436]  [<ffffffffa4725d1d>] ? tc_ctl_tfilter+0x4dd/0x8a0
      [501099.044454]  [<ffffffffa44a23a1>] ? security_capable+0x41/0x60
      [501099.044471]  [<ffffffffa470ca01>] ? rtnetlink_rcv_msg+0xe1/0x220
      [501099.044490]  [<ffffffffa470c920>] ? rtnl_newlink+0x870/0x870
      [501099.044507]  [<ffffffffa472cc61>] ? netlink_rcv_skb+0xa1/0xc0
      [501099.044524]  [<ffffffffa47073f4>] ? rtnetlink_rcv+0x24/0x30
      [501099.044541]  [<ffffffffa472c634>] ? netlink_unicast+0x184/0x230
      [501099.044558]  [<ffffffffa472c9d8>] ? netlink_sendmsg+0x2f8/0x3b0
      [501099.044576]  [<ffffffffa46d8880>] ? sock_sendmsg+0x30/0x40
      [501099.044592]  [<ffffffffa46d8e03>] ? SYSC_sendto+0xd3/0x150
      [501099.044608]  [<ffffffffa425fda1>] ? __do_page_fault+0x2d1/0x510
      [501099.044626]  [<ffffffffa47fbd7b>] ? system_call_fast_compare_end+0xc/0x9b
      
      Fixes: 22a5dc0e ("net: sched: Introduce connmark action")
      Signed-off-by: default avatarÉtienne Noss <etienne.noss@wifirst.fr>
      Signed-off-by: default avatarVictorien Molle <victorien.molle@wifirst.fr>
      Acked-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      52491c76
    • Neil Jerram's avatar
      Make IP 'forwarding' doc more precise · 88a7cddc
      Neil Jerram authored
      It wasn't clear if the 'forwarding' setting needs to be enabled on the
      interface that packets are received from, or on the interface that
      packets are forwarded to, or both.
      
      In fact (according to my code reading) the setting is relevant on the
      interface that packets are received from, so this change updates the doc
      to say that.
      Signed-off-by: default avatarNeil Jerram <neil@tigera.io>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      88a7cddc
    • stephen hemminger's avatar
      netvsc: handle select_queue when device is being removed · 7ce10124
      stephen hemminger authored
      Move the send indirection table from the inner device (netvsc)
      to the network device context.
      
      It is possible that netvsc_device is not present (remove in progress).
      This solves potential use after free issues when packet is being
      created during MTU change, shutdown, or queue count changes.
      
      Fixes: d8e18ee0 ("netvsc: enhance transmit select_queue")
      Signed-off-by: default avatarStephen Hemminger <sthemmin@microsoft.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7ce10124
    • David Arcari's avatar
      net: ethernet: aquantia: call set_irq_affinity_hint before free_irq · ecd05225
      David Arcari authored
      When a network interface controlled by the aquantia ethernet driver is brought
      down a warning is output in dmesg (see below).
      
      The problem is that aq_pci_func_free_irqs() is calling free_irq() before it is
      calling irq_set_affinity_hint().
      
      WARNING: CPU: 4 PID: 10068 at kernel/irq/manage.c:1503 __free_irq+0x24d/0x2b0
      <snip>
      Call Trace:
       dump_stack+0x63/0x87
       __warn+0xd1/0xf0
       warn_slowpath_null+0x1d/0x20
       __free_irq+0x24d/0x2b0
       free_irq+0x39/0x90
       aq_pci_func_free_irqs+0x52/0xa0 [atlantic]
       aq_nic_stop+0xca/0xd0 [atlantic]
       aq_ndev_close+0x1d/0x40 [atlantic]
       __dev_close_many+0x99/0x100
       __dev_close+0x67/0xb0
      <snip>
      
      Fixes: 36a4a50f ("net: ethernet: aquantia: switch to pci_alloc_irq_vectors")
      
      Cc: Christoph Hellwig <hch@lst.de>
      Cc: Pavel Belous <pavel.belous@aquantia.com>
      Signed-off-by: default avatarDavid Arcari <darcari@redhat.com>
      Tested-by: default avatarPavel Belous <pavel.belous@aquantia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ecd05225
  2. 10 Mar, 2017 28 commits
  3. 09 Mar, 2017 8 commits