1. 28 Nov, 2017 12 commits
  2. 27 Nov, 2017 16 commits
  3. 26 Nov, 2017 2 commits
    • zhangliping's avatar
      openvswitch: fix the incorrect flow action alloc size · 67c8d22a
      zhangliping authored
      If we want to add a datapath flow, which has more than 500 vxlan outputs'
      action, we will get the following error reports:
        openvswitch: netlink: Flow action size 32832 bytes exceeds max
        openvswitch: netlink: Flow action size 32832 bytes exceeds max
        openvswitch: netlink: Actions may not be safe on all matching packets
        ... ...
      
      It seems that we can simply enlarge the MAX_ACTIONS_BUFSIZE to fix it, but
      this is not the root cause. For example, for a vxlan output action, we need
      about 60 bytes for the nlattr, but after it is converted to the flow
      action, it only occupies 24 bytes. This means that we can still support
      more than 1000 vxlan output actions for a single datapath flow under the
      the current 32k max limitation.
      
      So even if the nla_len(attr) is larger than MAX_ACTIONS_BUFSIZE, we
      shouldn't report EINVAL and keep it move on, as the judgement can be
      done by the reserve_sfa_size.
      Signed-off-by: default avatarzhangliping <zhangliping02@baidu.com>
      Acked-by: default avatarPravin B Shelar <pshelar@ovn.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      67c8d22a
    • Gustavo A. R. Silva's avatar
      net: openvswitch: datapath: fix data type in queue_gso_packets · 2734166e
      Gustavo A. R. Silva authored
      gso_type is being used in binary AND operations together with SKB_GSO_UDP.
      The issue is that variable gso_type is of type unsigned short and
      SKB_GSO_UDP expands to more than 16 bits:
      
      SKB_GSO_UDP = 1 << 16
      
      this makes any binary AND operation between gso_type and SKB_GSO_UDP to
      be always zero, hence making some code unreachable and likely causing
      undesired behavior.
      
      Fix this by changing the data type of variable gso_type to unsigned int.
      
      Addresses-Coverity-ID: 1462223
      Fixes: 0c19f846 ("net: accept UFO datagrams from tuntap and packet")
      Signed-off-by: default avatarGustavo A. R. Silva <garsilva@embeddedor.com>
      Acked-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2734166e
  4. 25 Nov, 2017 6 commits
  5. 24 Nov, 2017 4 commits
    • Johannes Berg's avatar
      cfg80211: select CRYPTO_SHA256 if needed · 01a95b21
      Johannes Berg authored
      When regulatory database certificates are built-in, they're
      currently using the SHA256 digest algorithm, so add that to
      the build in that case.
      
      Also add a note that for custom certificates, one may need
      to add the right algorithms.
      Reported-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Tested-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      01a95b21
    • Zhu Yanjun's avatar
      forcedeth: replace pci_unmap_page with dma_unmap_page · ca43a0c7
      Zhu Yanjun authored
      The function pci_unmap_page is obsolete. So it is replaced with
      the function dma_unmap_page.
      
      CC: Srinivas Eeda <srinivas.eeda@oracle.com>
      CC: Joe Jin <joe.jin@oracle.com>
      CC: Junxiao Bi <junxiao.bi@oracle.com>
      Signed-off-by: default avatarZhu Yanjun <yanjun.zhu@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ca43a0c7
    • David S. Miller's avatar
      Merge tag 'rxrpc-fixes-20171124' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs · 5f109b94
      David S. Miller authored
      David Howells says:
      
      ====================
      rxrpc: Fixes and improvements
      
      Here's a set of patches that fix and improve some stuff in the AF_RXRPC
      protocol:
      
      The patches are:
      
       (1) Unlock mutex returned by rxrpc_accept_call().
      
       (2) Don't set connection upgrade by default.
      
       (3) Differentiate the call->user_mutex used by the kernel from that used
           by userspace calling sendmsg() to avoid lockdep warnings.
      
       (4) Delay terminal ACK transmission to a work queue so that it can be
           replaced by the next call if there is one.
      
       (5) Split the call parameters from the connection parameters so that more
           call-specific parameters can be passed through.
      
       (6) Fix the call timeouts to work the same as for other RxRPC/AFS
           implementations.
      
       (7) Don't transmit DELAY ACKs immediately, but instead delay them slightly
           so that can be discarded or can represent more packets.
      
       (8) Use RTT to calculate certain protocol timeouts.
      
       (9) Add a timeout to detect lost ACK/DATA packets.
      
      (10) Add a keepalive function so that we ping the peer if we haven't
           transmitted for a short while, thereby keeping intervening firewall
           routes open.
      
      (11) Make service endpoints expire like they're supposed to so that the UDP
           port can be reused.
      
      (12) Fix connection expiry timers to make cleanup happen in a more timely
           fashion.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5f109b94
    • David Howells's avatar
      rxrpc: Fix conn expiry timers · 3d18cbb7
      David Howells authored
      Fix the rxrpc connection expiry timers so that connections for closed
      AF_RXRPC sockets get deleted in a more timely fashion, freeing up the
      transport UDP port much more quickly.
      
       (1) Replace the delayed work items with work items plus timers so that
           timer_reduce() can be used to shorten them and so that the timer
           doesn't requeue the work item if the net namespace is dead.
      
       (2) Don't use queue_delayed_work() as that won't alter the timeout if the
           timer is already running.
      
       (3) Don't rearm the timers if the network namespace is dead.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      3d18cbb7