Commit Graph

889034 Commits

Author SHA1 Message Date
Li RongQing
6b3acfc3cc flow_dissector: fix document for skb_flow_get_icmp_tci
using correct input parameter name to fix the below warning:

net/core/flow_dissector.c:242: warning: Function parameter or member 'thoff' not described in 'skb_flow_get_icmp_tci'
net/core/flow_dissector.c:242: warning: Excess function parameter 'toff' description in 'skb_flow_get_icmp_tci'

Signed-off-by: Li RongQing <lirongqing@baidu.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 18:37:00 -08:00
Vijay Khemka
5e0fcc16e5 net/ncsi: Support for multi host mellanox card
Multi host Mellanox cards require MAC affinity to be set
before receiving any config commands. All config commands
should also have unicast address for source address in
command header.

Adding GMA and SMAF(Set Mac Affinity) for Mellanox card
and call these in channel probe state machine if it is
defined in device tree.

Signed-off-by: Vijay Khemka <vijaykhemka@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 18:36:22 -08:00
Dejin Zheng
2cab57e065 net: stmmac: pci: remove the duplicate code of set phy_mask
All members of mdio_bus_data are cleared to 0 when it was obtained
by devm_kzalloc(). so It doesn't need to set phy_mask as 0 again.

Signed-off-by: Dejin Zheng <zhengdejin5@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 18:34:16 -08:00
David S. Miller
eb7537d88e Merge branch 'mlxsw-Firmware-version-updates'
Ido Schimmel says:

====================
mlxsw: Firmware version updates

This patch sets contains two firmware-related updates.

Patch #1 bumps the required firmware version in order to support 2x50
Gb/s split on SN3800 systems.

Patch #2 changes the driver to only enforce a minimum required firmware
version, which should allow us to reduce the frequency in which we need
to update the driver.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 12:35:53 -08:00
Ido Schimmel
4dab08df3b mlxsw: spectrum: Only require minimum firmware version
Currently, the driver ensures that the firmware version found on the
device matches the branch of the required version.

Remove this limitation so that the driver will accept the required
version or a newer version, from any branch.

This will allow us to reduce the frequency in which we need to update
the required version. New firmware versions that include necessary bug
fixes will be able to work with the driver, even if they are not from
the required branch.

Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 12:35:53 -08:00
Ido Schimmel
22895f8a0e mlxsw: spectrum: Update firmware version to xx.2000.2714
The version adds support for 2x50 Gb/s port split option on SN3800
systems.

Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 12:35:53 -08:00
David S. Miller
a2d6d7ae59 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
The ungrafting from PRIO bug fixes in net, when merged into net-next,
merge cleanly but create a build failure.  The resolution used here is
from Petr Machata.

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 12:13:43 -08:00
David S. Miller
b1daa4d194 Merge branch 'sfc-more-code-refactoring'
Alex Maftei says:

====================
sfc: more code refactoring

Splitting more of the driver code into different files, which will
later be used in another driver for a new product.

This is a continuation to my previous patch series.
There will be another series and a stand-alone patch as well
after this.

This series in particular covers MCDI (management controller
driver interface) code.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 10:58:35 -08:00
Alex Maftei (amaftei)
b69f7a3e53 sfc: move MCDI logging device attribute
A few bits were extracted from other functions.

Signed-off-by: Alexandru-Mihai Maftei <amaftei@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 10:58:35 -08:00
Alex Maftei (amaftei)
b5775b476e sfc: conditioned some functionality
Before calling certain function pointers, check that they are non-NULL.

Signed-off-by: Alexandru-Mihai Maftei <amaftei@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 10:58:35 -08:00
Alex Maftei (amaftei)
8da9264205 sfc: move MCDI receive queue management code
One function's prototype was changed in the header.

Signed-off-by: Alexandru-Mihai Maftei <amaftei@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 10:58:35 -08:00
Alex Maftei (amaftei)
8ee4c90772 sfc: move MCDI transmit queue management code
A function was split, the others were renamed.

Code style fixes included.

Signed-off-by: Alexandru-Mihai Maftei <amaftei@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 10:58:35 -08:00
Alex Maftei (amaftei)
4438b587fe sfc: move MCDI event queue management code
A function was split, the others were renamed.

Code style fixes included.

Signed-off-by: Alexandru-Mihai Maftei <amaftei@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 10:58:35 -08:00
Alex Maftei (amaftei)
37a5f9dceb sfc: move MCDI VI alloc/free code
One function was renamed here, the other contains code extracted from
another.

Signed-off-by: Alexandru-Mihai Maftei <amaftei@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 10:58:35 -08:00
Alex Maftei (amaftei)
1cf0f76ada sfc: move more MCDI port code
Various functions dealing with flow control, forward error correction,
polling, port number, and PHY testing.

Signed-off-by: Alexandru-Mihai Maftei <amaftei@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 10:58:35 -08:00
Alex Maftei (amaftei)
1a8d88a8b7 sfc: move some MCDI port utility functions
They just convert between different sets of flags/registers.
Some block comments were adjusted.

Signed-off-by: Alexandru-Mihai Maftei <amaftei@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 10:58:35 -08:00
Alex Maftei (amaftei)
a2ba4b971a sfc: move some port link state/caps code
The moved code handles MCDI port link state and capabilities.

Signed-off-by: Alexandru-Mihai Maftei <amaftei@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 10:58:34 -08:00
Linus Torvalds
e69ec487b2 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
Pull HID fixes from Jiri Kosina:

 - fix for OOB in hiddev, from Dmitry Torokhov

 - _poll API fixes for hidraw, from Marcel Holtmann

 - functional fix for Steam driver, from Rodrigo Rivas Costa

 - a few new device IDs / device-specific quirks and other assorted
   smaller fixes

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
  HID: steam: Fix input device disappearing
  HID: intel-ish-hid: ipc: Add Tiger Lake PCI device ID
  drivers/hid/hid-multitouch.c: fix a possible null pointer access.
  HID: wacom: Recognize new MobileStudio Pro PID
  HID: intel-ish-hid: ipc: add CMP device id
  HID: hiddev: fix mess in hiddev_open()
  HID: hid-input: clear unmapped usages
  HID: Add quirk for incorrect input length on Lenovo Y720
  HID: asus: Ignore Asus vendor-page usage-code 0xff events
  HID: ite: Add USB id match for Acer SW5-012 keyboard dock
  HID: Add quirk for Xin-Mo Dual Controller
  HID: Fix slab-out-of-bounds read in hid_field_extract
  HID: multitouch: Add LG MELF0410 I2C touchscreen support
  HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
  HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
2020-01-09 10:51:22 -08:00
Milind Parab
43ad352dc8 net: macb: add support for C45 MDIO read/write
This patch modify MDIO read/write functions to support
communication with C45 PHY.

Signed-off-by: Milind Parab <mparab@cadence.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-09 10:48:29 -08:00
Linus Torvalds
a5f48c7878 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from David Miller:

 1) Missing netns pointer init in arp_tables, from Florian Westphal.

 2) Fix normal tcp SACK being treated as D-SACK, from Pengcheng Yang.

 3) Fix divide by zero in sch_cake, from Wen Yang.

 4) Len passed to skb_put_padto() is wrong in qrtr code, from Carl
    Huang.

 5) cmd->obj.chunk is leaked in sctp code error paths, from Xin Long.

 6) cgroup bpf programs can be released out of order, fix from Roman
    Gushchin.

 7) Make sure stmmac debugfs entry name is changed when device name
    changes, from Jiping Ma.

 8) Fix memory leak in vlan_dev_set_egress_priority(), from Eric
    Dumazet.

 9) SKB leak in lan78xx usb driver, also from Eric Dumazet.

10) Ridiculous TCA_FQ_QUANTUM values configured can cause loops in fq
    packet scheduler, reject them. From Eric Dumazet.

* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (69 commits)
  tipc: fix wrong connect() return code
  tipc: fix link overflow issue at socket shutdown
  netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
  netfilter: conntrack: dccp, sctp: handle null timeout argument
  atm: eni: fix uninitialized variable warning
  macvlan: do not assume mac_header is set in macvlan_broadcast()
  net: sch_prio: When ungrafting, replace with FIFO
  mlxsw: spectrum_qdisc: Ignore grafting of invisible FIFO
  MAINTAINERS: Remove myself as co-maintainer for qcom-ethqos
  gtp: fix bad unlock balance in gtp_encap_enable_socket
  pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
  tipc: remove meaningless assignment in Makefile
  tipc: do not add socket.o to tipc-y twice
  net: stmmac: dwmac-sun8i: Allow all RGMII modes
  net: stmmac: dwmac-sunxi: Allow all RGMII modes
  net: usb: lan78xx: fix possible skb leak
  net: stmmac: Fixed link does not need MDIO Bus
  vlan: vlan_changelink() should propagate errors
  vlan: fix memory leak in vlan_dev_set_egress_priority
  stmmac: debugfs entry name is not be changed when udev rename device name.
  ...
2020-01-09 10:34:07 -08:00
Rodrigo Rivas Costa
20eee6e5af HID: steam: Fix input device disappearing
The `connected` value for wired devices was not properly initialized,
it must be set to `true` upon creation, because wired devices do not
generate connection events.

When a raw client (the Steam Client) uses the device, the input device
is destroyed. Then, when the raw client finishes, it must be recreated.
But since the `connected` variable was false this never happended.

Signed-off-by: Rodrigo Rivas Costa <rodrigorivascosta@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2020-01-09 10:57:41 +01:00
yuehaibing
4a4a52d49d vmxnet3: Remove always false conditional statement
param->rx_mini_pending is __u32 variable, it will never
be less than zero.

Signed-off-by: yuehaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 16:07:21 -08:00
Arnd Bergmann
ea217e874a netronome: fix ipv6 link error
When the driver is built-in but ipv6 is a module, the flower
support produces a link error:

drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.o: In function `nfp_tunnel_keep_alive_v6':
tunnel_conf.c:(.text+0x2aa8): undefined reference to `nd_tbl'

Add a Kconfig dependency to avoid that configuration.

Fixes: 9ea9bfa122 ("nfp: flower: support ipv6 tunnel keep-alive messages from fw")
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 16:06:29 -08:00
Arnd Bergmann
112463ddbe net: dsa: felix: fix link error
When the enetc driver is disabled, the mdio support fails to
get built:

drivers/net/dsa/ocelot/felix_vsc9959.o: In function `vsc9959_mdio_bus_alloc':
felix_vsc9959.c:(.text+0x19c): undefined reference to `enetc_hw_alloc'
felix_vsc9959.c:(.text+0x1d1): undefined reference to `enetc_mdio_read'
felix_vsc9959.c:(.text+0x1d8): undefined reference to `enetc_mdio_write'

Change the Makefile to enter the subdirectory for this as well.

Fixes: bdeced75b1 ("net: dsa: felix: Add PCS operations for PHYLINK")
Fixes: 6517798dd3 ("enetc: Make MDIO accessors more generic and export to include/linux/fsl")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 16:05:54 -08:00
Heiner Kallweit
09e6533536 r8169: add constant EnAnaPLL
Use constant EnAnaPLL for bit 14 as in vendor driver. The vendor
driver sets this bit for chip version 02 only, but I'm not aware of
any issues, so better leave it as it is.
In addition remove the useless debug message.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 16:04:48 -08:00
Dan Carpenter
ac9c41d5a0 ethtool: potential NULL dereference in strset_prepare_data()
Smatch complains that the NULL checking isn't done consistently:

    net/ethtool/strset.c:253 strset_prepare_data()
    error: we previously assumed 'dev' could be null (see line 233)

It looks like there is a missing return on this path.

Fixes: 71921690f9 ("ethtool: provide string sets with STRSET_GET request")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 16:03:35 -08:00
Dan Carpenter
d97772dbd7 ethtool: fix ->reply_size() error handling
The "ret < 0" comparison is never true because "ret" is still zero.

Fixes: 728480f124 ("ethtool: default handlers for GET requests")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 16:03:35 -08:00
Dan Carpenter
a6dd04807c ethtool: fix a memory leak in ethnl_default_start()
If ethnl_default_parse() fails then we need to free a couple
memory allocations before returning.

Fixes: 728480f124 ("ethtool: default handlers for GET requests")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 16:03:35 -08:00
David S. Miller
78b6d073bc Merge branch 'Broadcom-tags-support-for-531x5-539x-families'
Florian Fainelli says:

====================
Broadcom tags support for 531x5/539x families

This patch series finally allows us to enable Broadcom tags on the
BCM531x5/BCM539x switch series which are very often cascaded onto
another on-chip Broadcom switch. Because of that we need to be able to
detect that Broadcom tags are already enabled on our DSA master which
happens to be a DSA slave in that case since they are not part of the
same DSA switch tree, the protocol does not support that.

Due to the way DSA works, get_tag_protocol() is called prior to
ds->ops->setup and we do not have all data structures set-up (in
particular dsa_port::cpu_dp is not filed yet) so doing this at the time
get_tag_protocol() is called and without exporting a helper function is
desirable to limit our footprint into the framework.

Having the core (net/dsa/dsa2.c) return and enforce DSA_TAG_PROTO_NONE
was considered and done initially but this leaves the driver outside of
the decision to force/fallback to a particular protocol, instead of
letting it in control. Also there is no reason to suspect that all
tagging protocols are problematic, e.g.: "inner" Marvell EDSA with
"outer" Broadcom tag may work just fine, and vice versa.

This was tested on:

- Lamobo R1 which now has working Broadcom tags for its external BCM53125 switch
- BCM7445 which has a BCM53125 hanging off one of its internal switch
  port, the BCM53125 still works with DSA_TAG_PROTO_NONE
- BCM7278 which has a peculiar dual CPU port set-up (so dual IMP mode
  needs to be enabled)
- Northstar Plus with DSA_TAG_PROTO_BRCM_PREPEND and no external
  switches hanging off the internal switch
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 16:01:14 -08:00
Florian Fainelli
8fab459e69 net: dsa: b53: Enable Broadcom tags for 531x5/539x families
The BCM531x5 and BCM539x families require that the IMP port be enabled
within the management page and that management mode (SM_SW_FWD_MODE) be
turned on. Once this is done, everything works as expected, including
multicast with standalone DSA devices or bridge devices.

Because such switches are frequencly cascaded with other internal
Broadcom switches on which we want to enable Broadcom tags, update
b53_can_enable_brcm_tags() to check the kind of DSA master tagging
protocol being used, if it is one of the two supported Broadcom tagging
protocols, force DSA_TAG_PROTO_NONE.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 16:01:13 -08:00
Florian Fainelli
4d776482ec net: dsa: Get information about stacked DSA protocol
It is possible to stack multiple DSA switches in a way that they are not
part of the tree (disjoint) but the DSA master of a switch is a DSA
slave of another. When that happens switch drivers may have to know this
is the case so as to determine whether their tagging protocol has a
remove chance of working.

This is useful for specific switch drivers such as b53 where devices
have been known to be stacked in the wild without the Broadcom tag
protocol supporting that feature. This allows b53 to continue supporting
those devices by forcing the disabling of Broadcom tags on the outermost
switches if necessary.

The get_tag_protocol() function is therefore updated to gain an
additional enum dsa_tag_protocol argument which denotes the current
tagging protocol used by the DSA master we are attached to, else
DSA_TAG_PROTO_NONE for the top of the dsa_switch_tree.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 16:01:13 -08:00
Tuong Lien
9546a0b7ce tipc: fix wrong connect() return code
The current 'tipc_wait_for_connect()' function does a wait-loop for the
condition 'sk->sk_state != TIPC_CONNECTING' to conclude if the socket
connecting has done. However, when the condition is met, it returns '0'
even in the case the connecting is actually failed, the socket state is
set to 'TIPC_DISCONNECTING' (e.g. when the server socket has closed..).
This results in a wrong return code for the 'connect()' call from user,
making it believe that the connection is established and go ahead with
building, sending a message, etc. but finally failed e.g. '-EPIPE'.

This commit fixes the issue by changing the wait condition to the
'tipc_sk_connected(sk)', so the function will return '0' only when the
connection is really established. Otherwise, either the socket 'sk_err'
if any or '-ETIMEDOUT'/'-EINTR' will be returned correspondingly.

Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:57:35 -08:00
Tuong Lien
49afb806cb tipc: fix link overflow issue at socket shutdown
When a socket is suddenly shutdown or released, it will reject all the
unreceived messages in its receive queue. This applies to a connected
socket too, whereas there is only one 'FIN' message required to be sent
back to its peer in this case.

In case there are many messages in the queue and/or some connections
with such messages are shutdown at the same time, the link layer will
easily get overflowed at the 'TIPC_SYSTEM_IMPORTANCE' backlog level
because of the message rejections. As a result, the link will be taken
down. Moreover, immediately when the link is re-established, the socket
layer can continue to reject the messages and the same issue happens...

The commit refactors the '__tipc_shutdown()' function to only send one
'FIN' in the situation mentioned above. For the connectionless case, it
is unavoidable but usually there is no rejections for such socket
messages because they are 'dest-droppable' by default.

In addition, the new code makes the other socket states clear
(e.g.'TIPC_LISTEN') and treats as a separate case to avoid misbehaving.

Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:57:07 -08:00
David S. Miller
8d2ff12653 Merge branch 'Devlink-notification-after-recovery-complete-by-bnxt_en-driver'
Vikas Gupta says:

====================
Devlink notification after recovery complete by bnxt_en driver

 This patchset adds following feature in devlink
  1) Recovery complete direct call API to be used by drivers when it
     successfully completes. It is required as recovery triggered by
     devlink may return with EINPROGRESS and eventually recovery
     completes in different context.
  2) A notification when health status is updated by reporter.

 Patchset also contains required changes in bnxt_en driver to
 mark recovery in progress when recovery is triggered from kernel
 devlink.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:47:50 -08:00
Vikas Gupta
737d7a6c55 bnxt_en: Call recovery done after reset is successfully done
Return EINPROGRESS to devlink health reporter recover as we are not yet
done and call devlink_health_reporter_recovery_done once reset is
successfully completed from workqueue context.

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:47:50 -08:00
Vikas Gupta
97ff3bd37f devlink: add devink notification when reporter update health state
add a devlink notification when reporter update the health
state.

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:47:50 -08:00
Vikas Gupta
6181e5cb75 devlink: add support for reporter recovery completion
It is possible that a reporter recovery completion do not finish
successfully when recovery is triggered via
devlink_health_reporter_recover as recovery could be processed in
different context. In such scenario an error is returned by driver when
recover hook is invoked and successful recovery completion is
intimated later.
Expose devlink recover done API to update recovery stats.

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:47:50 -08:00
David S. Miller
b73a65610b Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Missing netns context in arp_tables, from Florian Westphal.

2) Underflow in flowtable reference counter, from wenxu.

3) Fix incorrect ethernet destination address in flowtable offload,
   from wenxu.

4) Check for status of neighbour entry, from wenxu.

5) Fix NAT port mangling, from wenxu.

6) Unbind callbacks from destroy path to cleanup hardware properly
   on flowtable removal.

7) Fix missing casting statistics timestamp, add nf_flowtable_time_stamp
   and use it.

8) NULL pointer exception when timeout argument is null in conntrack
   dccp and sctp protocol helpers, from Florian Westphal.

9) Possible nul-dereference in ipset with IPSET_ATTR_LINENO, also from
   Florian.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:22:41 -08:00
David S. Miller
6ea0032f84 Merge branch 'reduce-open-coded-skb-next-access-for-gso-segment-walking'
Jason A. Donenfeld says:

====================
reduce open coded skb->next access for gso segment walking

This patchset introduces the skb_list_walk_safe helper macro, in order
to add some sanity to the myrid ways drivers have of walking through gso
segments. The goal is to reduce future bugs commonly caused by open
coding these sorts of things, and to in the future make it easier to
swap out the underlying list representation.

This first patch series addresses the easy uses of drivers iterating
over the returned list of skb_gso_segments, for drivers that live in
drivers/net/*. There are still other use cases to tackle later for
net/*, and after these low-hanging fruits are taken care of, I imagine
there are more subtle cases of gso segment walking that isn't just a
direct return value from skb_gso_segments, and eventually this will have
to be tackled. This series is the first in that direction.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:19:55 -08:00
Jason A. Donenfeld
66de4b179f net: iwlwifi: use skb_list_walk_safe helper for gso segments
This is a straight-forward conversion case for the new function, and
while we're at it, we can remove a null write to skb->next by replacing
it with skb_mark_not_on_list.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:19:55 -08:00
Jason A. Donenfeld
536577f36f net: myri10ge: use skb_list_walk_safe helper for gso segments
This is a straight-forward conversion case for the new function, and
while we're at it, we can remove a null write to skb->next by replacing
it with skb_mark_not_on_list.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:19:55 -08:00
Jason A. Donenfeld
69b4ed5cbf net: sfc: use skb_list_walk_safe helper for gso segments
This is a straight-forward conversion case for the new function, and
while we're at it, we can remove a null write to skb->next by replacing
it with skb_mark_not_on_list.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:19:55 -08:00
Jason A. Donenfeld
90919f1450 net: sunvnet: use skb_list_walk_safe helper for gso segments
This is a straight-forward conversion case for the new function, and
while we're at it, we can remove a null write to skb->next by replacing
it with skb_mark_not_on_list.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:19:55 -08:00
Jason A. Donenfeld
9f0722380f net: tg3: use skb_list_walk_safe helper for gso segments
This is a straight-forward conversion case for the new function, and
while we're at it, we can remove a null write to skb->next by replacing
it with skb_mark_not_on_list.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:19:55 -08:00
Jason A. Donenfeld
1d7a7438d7 net: r8152: use skb_list_walk_safe helper for gso segments
This is a straight-forward conversion case for the new function, and
while we're at it, we can remove a null write to skb->next by replacing
it with skb_mark_not_on_list.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:19:55 -08:00
Jason A. Donenfeld
5643a552d3 net: tap: use skb_list_walk_safe helper for gso segments
This is a straight-forward conversion case for the new function, and
while we're at it, we can remove a null write to skb->next by replacing
it with skb_mark_not_on_list.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:19:55 -08:00
Jason A. Donenfeld
dcfea72e79 net: introduce skb_list_walk_safe for skb segment walking
As part of the continual effort to remove direct usage of skb->next and
skb->prev, this patch adds a helper for iterating through the
singly-linked variant of skb lists, which are used for lists of GSO
packet. The name "skb_list_..." has been chosen to match the existing
function, "kfree_skb_list, which also operates on these singly-linked
lists, and the "..._walk_safe" part is the same idiom as elsewhere in
the kernel.

This patch removes the helper from wireguard and puts it into
linux/skbuff.h, while making it a bit more robust for general usage. In
particular, parenthesis are added around the macro argument usage, and it
now accounts for trying to iterate through an already-null skb pointer,
which will simply run the iteration zero times. This latter enhancement
means it can be used to replace both do { ... } while and while (...)
open-coded idioms.

This should take care of these three possible usages, which match all
current methods of iterations.

skb_list_walk_safe(segs, skb, next) { ... }
skb_list_walk_safe(skb, skb, next) { ... }
skb_list_walk_safe(segs, skb, segs) { ... }

Gcc appears to generate efficient code for each of these.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:19:54 -08:00
Arnd Bergmann
542d3065f2 socket: fix unused-function warning
When procfs is disabled, the fdinfo code causes a harmless
warning:

net/socket.c:1000:13: error: 'sock_show_fdinfo' defined but not used [-Werror=unused-function]
 static void sock_show_fdinfo(struct seq_file *m, struct file *f)

Move the function definition up so we can use a single #ifdef
around it.

Fixes: b4653342b1 ("net: Allow to show socket-specific information in /proc/[pid]/fdinfo/[fd]")
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-01-08 15:02:21 -08:00
Florian Westphal
22dad713b8 netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
The set uadt functions assume lineno is never NULL, but it is in
case of ip_set_utest().

syzkaller managed to generate a netlink message that calls this with
LINENO attr present:

general protection fault: 0000 [#1] PREEMPT SMP KASAN
RIP: 0010:hash_mac4_uadt+0x1bc/0x470 net/netfilter/ipset/ip_set_hash_mac.c:104
Call Trace:
 ip_set_utest+0x55b/0x890 net/netfilter/ipset/ip_set_core.c:1867
 nfnetlink_rcv_msg+0xcf2/0xfb0 net/netfilter/nfnetlink.c:229
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 nfnetlink_rcv+0x1ba/0x460 net/netfilter/nfnetlink.c:563

pass a dummy lineno storage, its easier than patching all set
implementations.

This seems to be a day-0 bug.

Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Reported-by: syzbot+34bd2369d38707f3f4a7@syzkaller.appspotmail.com
Fixes: a7b4f989a6 ("netfilter: ipset: IP set core support")
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-08 23:31:46 +01:00
Florian Westphal
1d9a7acd3d netfilter: conntrack: dccp, sctp: handle null timeout argument
The timeout pointer can be NULL which means we should modify the
per-nets timeout instead.

All do this, except sctp and dccp which instead give:

general protection fault: 0000 [#1] PREEMPT SMP KASAN
net/netfilter/nf_conntrack_proto_dccp.c:682
 ctnl_timeout_parse_policy+0x150/0x1d0 net/netfilter/nfnetlink_cttimeout.c:67
 cttimeout_default_set+0x150/0x1c0 net/netfilter/nfnetlink_cttimeout.c:368
 nfnetlink_rcv_msg+0xcf2/0xfb0 net/netfilter/nfnetlink.c:229
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477

Reported-by: syzbot+46a4ad33f345d1dd346e@syzkaller.appspotmail.com
Fixes: c779e84960 ("netfilter: conntrack: remove get_timeout() indirection")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2020-01-08 23:31:22 +01:00