* [PATCH bpf-next v4 1/2] bpf: setup socket family and addresses in bpf_prog_test_run_skb
From: Dmitry Yakunin @ 2020-08-02 18:26 UTC (permalink / raw)
To: alexei.starovoitov, daniel, netdev, bpf; +Cc: sdf
In-Reply-To: <20200802182638.77377-1-zeil@yandex-team.ru>
Now it's impossible to test all branches of cgroup_skb bpf program which
accesses skb->family and skb->{local,remote}_ip{4,6} fields because they
are zeroed during socket allocation. This commit fills socket family and
addresses from related fields in constructed skb.
v2:
- fix build without CONFIG_IPV6 (kernel test robot <lkp@intel.com>)
Signed-off-by: Dmitry Yakunin <zeil@yandex-team.ru>
---
net/bpf/test_run.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index b03c469..2521b27 100644
--- a/net/bpf/test_run.c
+++ b/net/bpf/test_run.c
@@ -449,6 +449,23 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
skb->protocol = eth_type_trans(skb, current->nsproxy->net_ns->loopback_dev);
skb_reset_network_header(skb);
+ switch (skb->protocol) {
+ case htons(ETH_P_IP):
+ sk->sk_family = AF_INET;
+ sk->sk_rcv_saddr = ip_hdr(skb)->saddr;
+ sk->sk_daddr = ip_hdr(skb)->daddr;
+ break;
+#if IS_ENABLED(CONFIG_IPV6)
+ case htons(ETH_P_IPV6):
+ sk->sk_family = AF_INET6;
+ sk->sk_v6_rcv_saddr = ipv6_hdr(skb)->saddr;
+ sk->sk_v6_daddr = ipv6_hdr(skb)->daddr;
+ break;
+#endif
+ default:
+ break;
+ }
+
if (is_l2)
__skb_push(skb, hh_len);
if (is_direct_pkt_access)
--
2.7.4
^ permalink raw reply related
* Re: [PATCH v9 bpf-next 10/14] bpf: Add d_path helper
From: Jiri Olsa @ 2020-08-02 18:26 UTC (permalink / raw)
To: Alexei Starovoitov
Cc: Jiri Olsa, Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko,
netdev, bpf, Song Liu, Yonghong Song, Martin KaFai Lau,
David Miller, John Fastabend, Wenbo Zhang, KP Singh,
Brendan Gregg, Florent Revest, Al Viro
In-Reply-To: <20200802031342.3bfxqo22ezi2zzu4@ast-mbp.dhcp.thefacebook.com>
On Sat, Aug 01, 2020 at 08:13:42PM -0700, Alexei Starovoitov wrote:
> On Sat, Aug 01, 2020 at 07:03:18PM +0200, Jiri Olsa wrote:
> > Adding d_path helper function that returns full path for
> > given 'struct path' object, which needs to be the kernel
> > BTF 'path' object. The path is returned in buffer provided
> > 'buf' of size 'sz' and is zero terminated.
> >
> > bpf_d_path(&file->f_path, buf, size);
> >
> > The helper calls directly d_path function, so there's only
> > limited set of function it can be called from. Adding just
> > very modest set for the start.
> >
> > Updating also bpf.h tools uapi header and adding 'path' to
> > bpf_helpers_doc.py script.
> >
> > Signed-off-by: Jiri Olsa <jolsa@kernel.org>
> > ---
> > include/uapi/linux/bpf.h | 13 +++++++++
> > kernel/trace/bpf_trace.c | 48 ++++++++++++++++++++++++++++++++++
> > scripts/bpf_helpers_doc.py | 2 ++
> > tools/include/uapi/linux/bpf.h | 13 +++++++++
> > 4 files changed, 76 insertions(+)
> >
> > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> > index eb5e0c38eb2c..a356ea1357bf 100644
> > --- a/include/uapi/linux/bpf.h
> > +++ b/include/uapi/linux/bpf.h
> > @@ -3389,6 +3389,18 @@ union bpf_attr {
> > * A non-negative value equal to or less than *size* on success,
> > * or a negative error in case of failure.
> > *
> > + * int bpf_d_path(struct path *path, char *buf, u32 sz)
>
> Please make it return 'long'. As you well ware the generated code will be better.
>
will do, thanks
jirka
^ permalink raw reply
* [PATCH bpf-next v4 2/2] bpf: allow to specify ifindex for skb in bpf_prog_test_run_skb
From: Dmitry Yakunin @ 2020-08-02 18:26 UTC (permalink / raw)
To: alexei.starovoitov, daniel, netdev, bpf; +Cc: sdf
In-Reply-To: <20200802182638.77377-1-zeil@yandex-team.ru>
Now skb->dev is unconditionally set to the loopback device in current net
namespace. But if we want to test bpf program which contains code branch
based on ifindex condition (eg filters out localhost packets) it is useful
to allow specifying of ifindex from userspace. This patch adds such option
through ctx_in (__sk_buff) parameter.
Signed-off-by: Dmitry Yakunin <zeil@yandex-team.ru>
---
net/bpf/test_run.c | 22 ++++++++++++++++++++--
tools/testing/selftests/bpf/prog_tests/skb_ctx.c | 5 +++++
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index 2521b27..99cdd3c 100644
--- a/net/bpf/test_run.c
+++ b/net/bpf/test_run.c
@@ -327,6 +327,12 @@ static int convert___skb_to_skb(struct sk_buff *skb, struct __sk_buff *__skb)
/* priority is allowed */
if (!range_is_zero(__skb, offsetofend(struct __sk_buff, priority),
+ offsetof(struct __sk_buff, ifindex)))
+ return -EINVAL;
+
+ /* ifindex is allowed */
+
+ if (!range_is_zero(__skb, offsetofend(struct __sk_buff, ifindex),
offsetof(struct __sk_buff, cb)))
return -EINVAL;
@@ -381,6 +387,7 @@ static void convert_skb_to___skb(struct sk_buff *skb, struct __sk_buff *__skb)
__skb->mark = skb->mark;
__skb->priority = skb->priority;
+ __skb->ifindex = skb->dev->ifindex;
__skb->tstamp = skb->tstamp;
memcpy(__skb->cb, &cb->data, QDISC_CB_PRIV_LEN);
__skb->wire_len = cb->pkt_len;
@@ -391,6 +398,8 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
union bpf_attr __user *uattr)
{
bool is_l2 = false, is_direct_pkt_access = false;
+ struct net *net = current->nsproxy->net_ns;
+ struct net_device *dev = net->loopback_dev;
u32 size = kattr->test.data_size_in;
u32 repeat = kattr->test.repeat;
struct __sk_buff *ctx = NULL;
@@ -432,7 +441,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
kfree(ctx);
return -ENOMEM;
}
- sock_net_set(sk, current->nsproxy->net_ns);
+ sock_net_set(sk, net);
sock_init_data(NULL, sk);
skb = build_skb(data, 0);
@@ -446,7 +455,14 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN);
__skb_put(skb, size);
- skb->protocol = eth_type_trans(skb, current->nsproxy->net_ns->loopback_dev);
+ if (ctx && ctx->ifindex > 1) {
+ dev = dev_get_by_index(net, ctx->ifindex);
+ if (!dev) {
+ ret = -ENODEV;
+ goto out;
+ }
+ }
+ skb->protocol = eth_type_trans(skb, dev);
skb_reset_network_header(skb);
switch (skb->protocol) {
@@ -498,6 +514,8 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
ret = bpf_ctx_finish(kattr, uattr, ctx,
sizeof(struct __sk_buff));
out:
+ if (dev && dev != net->loopback_dev)
+ dev_put(dev);
kfree_skb(skb);
bpf_sk_storage_free(sk);
kfree(sk);
diff --git a/tools/testing/selftests/bpf/prog_tests/skb_ctx.c b/tools/testing/selftests/bpf/prog_tests/skb_ctx.c
index 7021b92..25de86a 100644
--- a/tools/testing/selftests/bpf/prog_tests/skb_ctx.c
+++ b/tools/testing/selftests/bpf/prog_tests/skb_ctx.c
@@ -11,6 +11,7 @@ void test_skb_ctx(void)
.cb[3] = 4,
.cb[4] = 5,
.priority = 6,
+ .ifindex = 1,
.tstamp = 7,
.wire_len = 100,
.gso_segs = 8,
@@ -92,6 +93,10 @@ void test_skb_ctx(void)
"ctx_out_priority",
"skb->priority == %d, expected %d\n",
skb.priority, 7);
+ CHECK_ATTR(skb.ifindex != 1,
+ "ctx_out_ifindex",
+ "skb->ifindex == %d, expected %d\n",
+ skb.ifindex, 1);
CHECK_ATTR(skb.tstamp != 8,
"ctx_out_tstamp",
"skb->tstamp == %lld, expected %d\n",
--
2.7.4
^ permalink raw reply related
* Re: [RFC PATCH 00/17] Drop uses of pci_read_config_*() return value
From: Saheed Bolarinwa @ 2020-08-02 17:28 UTC (permalink / raw)
To: Borislav Petkov, trix
Cc: helgaas, Kalle Valo, David S. Miller, Jakub Kicinski,
Wolfgang Grandegger, Marc Kleine-Budde, Miquel Raynal,
Richard Weinberger, Vignesh Raghavendra, Joerg Roedel, bjorn,
skhan, linux-kernel-mentees, linux-pci, linux-kernel,
linux-wireless, netdev, linux-mtd, iommu, linux-rdma, linux-ide,
linux-i2c, linux-hwmon, dri-devel, intel-gfx, linux-gpio,
linux-fpga, linux-edac, dmaengine, linux-crypto,
linux-atm-general
In-Reply-To: <20200801125657.GA25391@nazgul.tnic>
On 8/1/20 2:56 PM, Borislav Petkov wrote:
> On Sat, Aug 01, 2020 at 01:24:29PM +0200, Saheed O. Bolarinwa wrote:
>> The return value of pci_read_config_*() may not indicate a device error.
>> However, the value read by these functions is more likely to indicate
>> this kind of error. This presents two overlapping ways of reporting
>> errors and complicates error checking.
> So why isn't the *value check done in the pci_read_config_* functions
> instead of touching gazillion callers?
Because the value ~0 has a meaning to some drivers and only
drivers have this knowledge. For those cases more checks will
be needed to ensure that it is an error that has actually
happened.
> For example, pci_conf{1,2}_read() could check whether the u32 *value it
> just read depending on the access method, whether that value is ~0 and
> return proper PCIBIOS_ error in that case.
The primary goal is to make pci_config_read*() return void, so
that there is *only* one way to check for error i.e. through the
obtained value.
Again, only the drivers can determine if ~0 is a valid value. This
information is not available inside pci_config_read*().
- Saheed
^ permalink raw reply
* [PATCH 0/7] Netfilter updates for net-next
From: Pablo Neira Ayuso @ 2020-08-02 18:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
Hi,
1) UAF in chain binding support from previous batch, from Dan Carpenter.
2) Queue up delayed work to expire connections with no destination,
from Andrew Sy Kim.
3) Use fallthrough pseudo-keyword, from Gustavo A. R. Silva.
4) Replace HTTP links with HTTPS, from Alexander A. Klimov.
5) Remove superfluous null header checks in ip6tables, from
Gaurav Singh.
6) Add extended netlink error reporting for expression.
7) Report EEXIST on overlapping chain, set elements and flowtable
devices.
Please, pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git
Thank you.
----------------------------------------------------------------
The following changes since commit 4ff91fa0a3acd072c9a46ebe08a6e2471ddd3c95:
Merge branch 'udp_tunnel-NIC-RX-port-offload-infrastructure' (2020-07-14 17:04:28 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git HEAD
for you to fetch changes up to 77a92189ecfd061616ad531d386639aab7baaad9:
netfilter: nf_tables: report EEXIST on overlaps (2020-08-02 19:53:45 +0200)
----------------------------------------------------------------
Alexander A. Klimov (1):
netfilter: Replace HTTP links with HTTPS ones
Andrew Sy Kim (1):
ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1
Dan Carpenter (1):
netfilter: nf_tables: Fix a use after free in nft_immediate_destroy()
Gaurav Singh (1):
netfilter: ip6tables: Remove redundant null checks
Gustavo A. R. Silva (1):
netfilter: Use fallthrough pseudo-keyword
Pablo Neira Ayuso (2):
netfilter: nf_tables: extended netlink error reporting for expressions
netfilter: nf_tables: report EEXIST on overlaps
include/net/ip_vs.h | 29 ++++++++++++++++++
include/uapi/linux/netfilter/xt_connmark.h | 2 +-
net/bridge/netfilter/ebtables.c | 2 +-
net/decnet/netfilter/dn_rtmsg.c | 2 +-
net/ipv6/netfilter/ip6t_ah.c | 3 +-
net/ipv6/netfilter/ip6t_frag.c | 3 +-
net/ipv6/netfilter/ip6t_hbh.c | 3 +-
net/ipv6/netfilter/ip6t_rt.c | 3 +-
net/netfilter/Kconfig | 2 +-
net/netfilter/ipset/ip_set_core.c | 2 +-
net/netfilter/ipvs/ip_vs_conn.c | 39 +++++++++++++++++++++++++
net/netfilter/ipvs/ip_vs_core.c | 47 +++++++++++++-----------------
net/netfilter/ipvs/ip_vs_ctl.c | 22 ++++++++++++++
net/netfilter/nf_conntrack_h323_asn1.c | 6 ++--
net/netfilter/nf_conntrack_proto.c | 2 +-
net/netfilter/nf_conntrack_proto_tcp.c | 2 +-
net/netfilter/nf_conntrack_standalone.c | 2 +-
net/netfilter/nf_nat_core.c | 12 ++++----
net/netfilter/nf_synproxy_core.c | 6 ++--
net/netfilter/nf_tables_api.c | 31 +++++++++++---------
net/netfilter/nf_tables_core.c | 2 +-
net/netfilter/nfnetlink_acct.c | 2 +-
net/netfilter/nfnetlink_cttimeout.c | 2 +-
net/netfilter/nft_cmp.c | 4 +--
net/netfilter/nft_ct.c | 6 ++--
net/netfilter/nft_fib.c | 2 +-
net/netfilter/nft_immediate.c | 4 +--
net/netfilter/nft_payload.c | 2 +-
net/netfilter/nft_set_pipapo.c | 4 +--
net/netfilter/utils.c | 8 ++---
net/netfilter/x_tables.c | 2 +-
net/netfilter/xt_CONNSECMARK.c | 2 +-
net/netfilter/xt_connmark.c | 2 +-
net/netfilter/xt_nfacct.c | 2 +-
net/netfilter/xt_time.c | 2 +-
35 files changed, 173 insertions(+), 93 deletions(-)
^ permalink raw reply
* [PATCH 1/7] netfilter: nf_tables: Fix a use after free in nft_immediate_destroy()
From: Pablo Neira Ayuso @ 2020-08-02 18:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20200802183149.2808-1-pablo@netfilter.org>
From: Dan Carpenter <dan.carpenter@oracle.com>
The nf_tables_rule_release() function frees "rule" so we have to use
the _safe() version of list_for_each_entry().
Fixes: d0e2c7de92c7 ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nft_immediate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nft_immediate.c b/net/netfilter/nft_immediate.c
index 9e556638bb32..c63eb3b17178 100644
--- a/net/netfilter/nft_immediate.c
+++ b/net/netfilter/nft_immediate.c
@@ -103,9 +103,9 @@ static void nft_immediate_destroy(const struct nft_ctx *ctx,
{
const struct nft_immediate_expr *priv = nft_expr_priv(expr);
const struct nft_data *data = &priv->data;
+ struct nft_rule *rule, *n;
struct nft_ctx chain_ctx;
struct nft_chain *chain;
- struct nft_rule *rule;
if (priv->dreg != NFT_REG_VERDICT)
return;
@@ -121,7 +121,7 @@ static void nft_immediate_destroy(const struct nft_ctx *ctx,
chain_ctx = *ctx;
chain_ctx.chain = chain;
- list_for_each_entry(rule, &chain->rules, list)
+ list_for_each_entry_safe(rule, n, &chain->rules, list)
nf_tables_rule_release(&chain_ctx, rule);
nf_tables_chain_destroy(&chain_ctx);
--
2.20.1
^ permalink raw reply related
* [PATCH 2/7] ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1
From: Pablo Neira Ayuso @ 2020-08-02 18:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20200802183149.2808-1-pablo@netfilter.org>
From: Andrew Sy Kim <kim.andrewsy@gmail.com>
When expire_nodest_conn=1 and a destination is deleted, IPVS does not
expire the existing connections until the next matching incoming packet.
If there are many connection entries from a single client to a single
destination, many packets may get dropped before all the connections are
expired (more likely with lots of UDP traffic). An optimization can be
made where upon deletion of a destination, IPVS queues up delayed work
to immediately expire any connections with a deleted destination. This
ensures any reused source ports from a client (within the IPVS timeouts)
are scheduled to new real servers instead of silently dropped.
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/net/ip_vs.h | 29 ++++++++++++++++++++
net/netfilter/ipvs/ip_vs_conn.c | 39 +++++++++++++++++++++++++++
net/netfilter/ipvs/ip_vs_core.c | 47 ++++++++++++++-------------------
net/netfilter/ipvs/ip_vs_ctl.c | 22 +++++++++++++++
4 files changed, 110 insertions(+), 27 deletions(-)
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 011f407b76fe..9a59a33787cb 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -14,6 +14,7 @@
#include <linux/spinlock.h> /* for struct rwlock_t */
#include <linux/atomic.h> /* for struct atomic_t */
#include <linux/refcount.h> /* for struct refcount_t */
+#include <linux/workqueue.h>
#include <linux/compiler.h>
#include <linux/timer.h>
@@ -886,6 +887,8 @@ struct netns_ipvs {
atomic_t conn_out_counter;
#ifdef CONFIG_SYSCTL
+ /* delayed work for expiring no dest connections */
+ struct delayed_work expire_nodest_conn_work;
/* 1/rate drop and drop-entry variables */
struct delayed_work defense_work; /* Work handler */
int drop_rate;
@@ -1051,6 +1054,11 @@ static inline int sysctl_conn_reuse_mode(struct netns_ipvs *ipvs)
return ipvs->sysctl_conn_reuse_mode;
}
+static inline int sysctl_expire_nodest_conn(struct netns_ipvs *ipvs)
+{
+ return ipvs->sysctl_expire_nodest_conn;
+}
+
static inline int sysctl_schedule_icmp(struct netns_ipvs *ipvs)
{
return ipvs->sysctl_schedule_icmp;
@@ -1138,6 +1146,11 @@ static inline int sysctl_conn_reuse_mode(struct netns_ipvs *ipvs)
return 1;
}
+static inline int sysctl_expire_nodest_conn(struct netns_ipvs *ipvs)
+{
+ return 0;
+}
+
static inline int sysctl_schedule_icmp(struct netns_ipvs *ipvs)
{
return 0;
@@ -1507,6 +1520,22 @@ static inline int ip_vs_todrop(struct netns_ipvs *ipvs)
static inline int ip_vs_todrop(struct netns_ipvs *ipvs) { return 0; }
#endif
+#ifdef CONFIG_SYSCTL
+/* Enqueue delayed work for expiring no dest connections
+ * Only run when sysctl_expire_nodest=1
+ */
+static inline void ip_vs_enqueue_expire_nodest_conns(struct netns_ipvs *ipvs)
+{
+ if (sysctl_expire_nodest_conn(ipvs))
+ queue_delayed_work(system_long_wq,
+ &ipvs->expire_nodest_conn_work, 1);
+}
+
+void ip_vs_expire_nodest_conn_flush(struct netns_ipvs *ipvs);
+#else
+static inline void ip_vs_enqueue_expire_nodest_conns(struct netns_ipvs *ipvs) {}
+#endif
+
#define IP_VS_DFWD_METHOD(dest) (atomic_read(&(dest)->conn_flags) & \
IP_VS_CONN_F_FWD_MASK)
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index b3921ae92740..a90b8eac16ac 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -1389,6 +1389,45 @@ static void ip_vs_conn_flush(struct netns_ipvs *ipvs)
goto flush_again;
}
}
+
+#ifdef CONFIG_SYSCTL
+void ip_vs_expire_nodest_conn_flush(struct netns_ipvs *ipvs)
+{
+ int idx;
+ struct ip_vs_conn *cp, *cp_c;
+ struct ip_vs_dest *dest;
+
+ rcu_read_lock();
+ for (idx = 0; idx < ip_vs_conn_tab_size; idx++) {
+ hlist_for_each_entry_rcu(cp, &ip_vs_conn_tab[idx], c_list) {
+ if (cp->ipvs != ipvs)
+ continue;
+
+ dest = cp->dest;
+ if (!dest || (dest->flags & IP_VS_DEST_F_AVAILABLE))
+ continue;
+
+ if (atomic_read(&cp->n_control))
+ continue;
+
+ cp_c = cp->control;
+ IP_VS_DBG(4, "del connection\n");
+ ip_vs_conn_del(cp);
+ if (cp_c && !atomic_read(&cp_c->n_control)) {
+ IP_VS_DBG(4, "del controlling connection\n");
+ ip_vs_conn_del(cp_c);
+ }
+ }
+ cond_resched_rcu();
+
+ /* netns clean up started, abort delayed work */
+ if (!ipvs->enable)
+ break;
+ }
+ rcu_read_unlock();
+}
+#endif
+
/*
* per netns init and exit
*/
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index b4a6b7662f3f..e3668a6e54e4 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -694,16 +694,10 @@ static int sysctl_nat_icmp_send(struct netns_ipvs *ipvs)
return ipvs->sysctl_nat_icmp_send;
}
-static int sysctl_expire_nodest_conn(struct netns_ipvs *ipvs)
-{
- return ipvs->sysctl_expire_nodest_conn;
-}
-
#else
static int sysctl_snat_reroute(struct netns_ipvs *ipvs) { return 0; }
static int sysctl_nat_icmp_send(struct netns_ipvs *ipvs) { return 0; }
-static int sysctl_expire_nodest_conn(struct netns_ipvs *ipvs) { return 0; }
#endif
@@ -2097,36 +2091,35 @@ ip_vs_in(struct netns_ipvs *ipvs, unsigned int hooknum, struct sk_buff *skb, int
}
}
- if (unlikely(!cp)) {
- int v;
-
- if (!ip_vs_try_to_schedule(ipvs, af, skb, pd, &v, &cp, &iph))
- return v;
- }
-
- IP_VS_DBG_PKT(11, af, pp, skb, iph.off, "Incoming packet");
-
/* Check the server status */
- if (cp->dest && !(cp->dest->flags & IP_VS_DEST_F_AVAILABLE)) {
+ if (cp && cp->dest && !(cp->dest->flags & IP_VS_DEST_F_AVAILABLE)) {
/* the destination server is not available */
+ if (sysctl_expire_nodest_conn(ipvs)) {
+ bool old_ct = ip_vs_conn_uses_old_conntrack(cp, skb);
- __u32 flags = cp->flags;
-
- /* when timer already started, silently drop the packet.*/
- if (timer_pending(&cp->timer))
- __ip_vs_conn_put(cp);
- else
- ip_vs_conn_put(cp);
+ if (!old_ct)
+ cp->flags &= ~IP_VS_CONN_F_NFCT;
- if (sysctl_expire_nodest_conn(ipvs) &&
- !(flags & IP_VS_CONN_F_ONE_PACKET)) {
- /* try to expire the connection immediately */
ip_vs_conn_expire_now(cp);
+ __ip_vs_conn_put(cp);
+ if (old_ct)
+ return NF_DROP;
+ cp = NULL;
+ } else {
+ __ip_vs_conn_put(cp);
+ return NF_DROP;
}
+ }
- return NF_DROP;
+ if (unlikely(!cp)) {
+ int v;
+
+ if (!ip_vs_try_to_schedule(ipvs, af, skb, pd, &v, &cp, &iph))
+ return v;
}
+ IP_VS_DBG_PKT(11, af, pp, skb, iph.off, "Incoming packet");
+
ip_vs_in_stats(cp, skb);
ip_vs_set_state(cp, IP_VS_DIR_INPUT, skb, pd);
if (cp->packet_xmit)
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 4af83f466dfc..f984d2c881ff 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -210,6 +210,17 @@ static void update_defense_level(struct netns_ipvs *ipvs)
local_bh_enable();
}
+/* Handler for delayed work for expiring no
+ * destination connections
+ */
+static void expire_nodest_conn_handler(struct work_struct *work)
+{
+ struct netns_ipvs *ipvs;
+
+ ipvs = container_of(work, struct netns_ipvs,
+ expire_nodest_conn_work.work);
+ ip_vs_expire_nodest_conn_flush(ipvs);
+}
/*
* Timer for checking the defense
@@ -1164,6 +1175,12 @@ static void __ip_vs_del_dest(struct netns_ipvs *ipvs, struct ip_vs_dest *dest,
list_add(&dest->t_list, &ipvs->dest_trash);
dest->idle_start = 0;
spin_unlock_bh(&ipvs->dest_trash_lock);
+
+ /* Queue up delayed work to expire all no destination connections.
+ * No-op when CONFIG_SYSCTL is disabled.
+ */
+ if (!cleanup)
+ ip_vs_enqueue_expire_nodest_conns(ipvs);
}
@@ -4086,6 +4103,10 @@ static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)
queue_delayed_work(system_long_wq, &ipvs->defense_work,
DEFENSE_TIMER_PERIOD);
+ /* Init delayed work for expiring no dest conn */
+ INIT_DELAYED_WORK(&ipvs->expire_nodest_conn_work,
+ expire_nodest_conn_handler);
+
return 0;
}
@@ -4093,6 +4114,7 @@ static void __net_exit ip_vs_control_net_cleanup_sysctl(struct netns_ipvs *ipvs)
{
struct net *net = ipvs->net;
+ cancel_delayed_work_sync(&ipvs->expire_nodest_conn_work);
cancel_delayed_work_sync(&ipvs->defense_work);
cancel_work_sync(&ipvs->defense_work.work);
unregister_net_sysctl_table(ipvs->sysctl_hdr);
--
2.20.1
^ permalink raw reply related
* [PATCH 4/7] netfilter: Replace HTTP links with HTTPS ones
From: Pablo Neira Ayuso @ 2020-08-02 18:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20200802183149.2808-1-pablo@netfilter.org>
From: "Alexander A. Klimov" <grandmaster@al2klimov.de>
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.
Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.
Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/uapi/linux/netfilter/xt_connmark.h | 2 +-
net/decnet/netfilter/dn_rtmsg.c | 2 +-
net/netfilter/Kconfig | 2 +-
net/netfilter/nfnetlink_acct.c | 2 +-
net/netfilter/nft_set_pipapo.c | 4 ++--
net/netfilter/xt_CONNSECMARK.c | 2 +-
net/netfilter/xt_connmark.c | 2 +-
net/netfilter/xt_nfacct.c | 2 +-
net/netfilter/xt_time.c | 2 +-
9 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/include/uapi/linux/netfilter/xt_connmark.h b/include/uapi/linux/netfilter/xt_connmark.h
index 1aa5c955ee1e..f01c19b83a2b 100644
--- a/include/uapi/linux/netfilter/xt_connmark.h
+++ b/include/uapi/linux/netfilter/xt_connmark.h
@@ -4,7 +4,7 @@
#include <linux/types.h>
-/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+/* Copyright (C) 2002,2004 MARA Systems AB <https://www.marasystems.com>
* by Henrik Nordstrom <hno@marasystems.com>
*
* This program is free software; you can redistribute it and/or modify
diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c
index dc705769acc9..26a9193df783 100644
--- a/net/decnet/netfilter/dn_rtmsg.c
+++ b/net/decnet/netfilter/dn_rtmsg.c
@@ -6,7 +6,7 @@
*
* DECnet Routing Message Grabulator
*
- * (C) 2000 ChyGwyn Limited - http://www.chygwyn.com/
+ * (C) 2000 ChyGwyn Limited - https://www.chygwyn.com/
*
* Author: Steven Whitehouse <steve@chygwyn.com>
*/
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 0ffe2b8723c4..25313c29d799 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -447,7 +447,7 @@ config NF_TABLES
replace the existing {ip,ip6,arp,eb}_tables infrastructure. It
provides a pseudo-state machine with an extensible instruction-set
(also known as expressions) that the userspace 'nft' utility
- (http://www.netfilter.org/projects/nftables) uses to build the
+ (https://www.netfilter.org/projects/nftables) uses to build the
rule-set. It also comes with the generic set infrastructure that
allows you to construct mappings between matchings and actions
for performance lookups.
diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c
index 5827117f2635..5bfec829c12f 100644
--- a/net/netfilter/nfnetlink_acct.c
+++ b/net/netfilter/nfnetlink_acct.c
@@ -1,7 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-or-later
/*
* (C) 2011 Pablo Neira Ayuso <pablo@netfilter.org>
- * (C) 2011 Intra2net AG <http://www.intra2net.com>
+ * (C) 2011 Intra2net AG <https://www.intra2net.com>
*/
#include <linux/init.h>
#include <linux/module.h>
diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c
index cc6082a5f7ad..9944523f5c2c 100644
--- a/net/netfilter/nft_set_pipapo.c
+++ b/net/netfilter/nft_set_pipapo.c
@@ -312,7 +312,7 @@
* Jay Ligatti, Josh Kuhn, and Chris Gage.
* Proceedings of the IEEE International Conference on Computer
* Communication Networks (ICCCN), August 2010.
- * http://www.cse.usf.edu/~ligatti/papers/grouper-conf.pdf
+ * https://www.cse.usf.edu/~ligatti/papers/grouper-conf.pdf
*
* [Rottenstreich 2010]
* Worst-Case TCAM Rule Expansion
@@ -325,7 +325,7 @@
* Kirill Kogan, Sergey Nikolenko, Ori Rottenstreich, William Culhane,
* and Patrick Eugster.
* Proceedings of the 2014 ACM conference on SIGCOMM, August 2014.
- * http://www.sigcomm.org/sites/default/files/ccr/papers/2014/August/2619239-2626294.pdf
+ * https://www.sigcomm.org/sites/default/files/ccr/papers/2014/August/2619239-2626294.pdf
*/
#include <linux/kernel.h>
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c
index a5c8b653476a..76acecf3e757 100644
--- a/net/netfilter/xt_CONNSECMARK.c
+++ b/net/netfilter/xt_CONNSECMARK.c
@@ -6,7 +6,7 @@
* with the SECMARK target and state match.
*
* Based somewhat on CONNMARK:
- * Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+ * Copyright (C) 2002,2004 MARA Systems AB <https://www.marasystems.com>
* by Henrik Nordstrom <hno@marasystems.com>
*
* (C) 2006,2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c
index eec2f3a88d73..e5ebc0810675 100644
--- a/net/netfilter/xt_connmark.c
+++ b/net/netfilter/xt_connmark.c
@@ -2,7 +2,7 @@
/*
* xt_connmark - Netfilter module to operate on connection marks
*
- * Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+ * Copyright (C) 2002,2004 MARA Systems AB <https://www.marasystems.com>
* by Henrik Nordstrom <hno@marasystems.com>
* Copyright © CC Computer Consultants GmbH, 2007 - 2008
* Jan Engelhardt <jengelh@medozas.de>
diff --git a/net/netfilter/xt_nfacct.c b/net/netfilter/xt_nfacct.c
index 5aab6df74e0f..a97c2259bbc8 100644
--- a/net/netfilter/xt_nfacct.c
+++ b/net/netfilter/xt_nfacct.c
@@ -1,7 +1,7 @@
// SPDX-License-Identifier: GPL-2.0-or-later
/*
* (C) 2011 Pablo Neira Ayuso <pablo@netfilter.org>
- * (C) 2011 Intra2net AG <http://www.intra2net.com>
+ * (C) 2011 Intra2net AG <https://www.intra2net.com>
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
diff --git a/net/netfilter/xt_time.c b/net/netfilter/xt_time.c
index 67cb98489415..6aa12d0f54e2 100644
--- a/net/netfilter/xt_time.c
+++ b/net/netfilter/xt_time.c
@@ -5,7 +5,7 @@
* based on ipt_time by Fabrice MARIE <fabrice@netfilter.org>
* This is a module which is used for time matching
* It is using some modified code from dietlibc (localtime() function)
- * that you can find at http://www.fefe.de/dietlibc/
+ * that you can find at https://www.fefe.de/dietlibc/
* This file is distributed under the terms of the GNU General Public
* License (GPL). Copies of the GPL can be obtained from gnu.org/gpl.
*/
--
2.20.1
^ permalink raw reply related
* [PATCH 5/7] netfilter: ip6tables: Remove redundant null checks
From: Pablo Neira Ayuso @ 2020-08-02 18:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20200802183149.2808-1-pablo@netfilter.org>
From: Gaurav Singh <gaurav1086@gmail.com>
Remove superfluous check for NULL pointer to header.
Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/ipv6/netfilter/ip6t_ah.c | 3 +--
net/ipv6/netfilter/ip6t_frag.c | 3 +--
net/ipv6/netfilter/ip6t_hbh.c | 3 +--
net/ipv6/netfilter/ip6t_rt.c | 3 +--
4 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index 4e15a14435e4..70da2f2ce064 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -74,8 +74,7 @@ static bool ah_mt6(const struct sk_buff *skb, struct xt_action_param *par)
ahinfo->hdrres, ah->reserved,
!(ahinfo->hdrres && ah->reserved));
- return (ah != NULL) &&
- spi_match(ahinfo->spis[0], ahinfo->spis[1],
+ return spi_match(ahinfo->spis[0], ahinfo->spis[1],
ntohl(ah->spi),
!!(ahinfo->invflags & IP6T_AH_INV_SPI)) &&
(!ahinfo->hdrlen ||
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index fb91eeee4a1e..3aad6439386b 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -85,8 +85,7 @@ frag_mt6(const struct sk_buff *skb, struct xt_action_param *par)
!((fraginfo->flags & IP6T_FRAG_NMF) &&
(ntohs(fh->frag_off) & IP6_MF)));
- return (fh != NULL) &&
- id_match(fraginfo->ids[0], fraginfo->ids[1],
+ return id_match(fraginfo->ids[0], fraginfo->ids[1],
ntohl(fh->identification),
!!(fraginfo->invflags & IP6T_FRAG_INV_IDS)) &&
!((fraginfo->flags & IP6T_FRAG_RES) &&
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index 467b2a86031b..e7a3fb9355ee 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -86,8 +86,7 @@ hbh_mt6(const struct sk_buff *skb, struct xt_action_param *par)
((optinfo->hdrlen == hdrlen) ^
!!(optinfo->invflags & IP6T_OPTS_INV_LEN))));
- ret = (oh != NULL) &&
- (!(optinfo->flags & IP6T_OPTS_LEN) ||
+ ret = (!(optinfo->flags & IP6T_OPTS_LEN) ||
((optinfo->hdrlen == hdrlen) ^
!!(optinfo->invflags & IP6T_OPTS_INV_LEN)));
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index f633dc84ca3f..733c83d38b30 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -89,8 +89,7 @@ static bool rt_mt6(const struct sk_buff *skb, struct xt_action_param *par)
!((rtinfo->flags & IP6T_RT_RES) &&
(((const struct rt0_hdr *)rh)->reserved)));
- ret = (rh != NULL) &&
- (segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1],
+ ret = (segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1],
rh->segments_left,
!!(rtinfo->invflags & IP6T_RT_INV_SGS))) &&
(!(rtinfo->flags & IP6T_RT_LEN) ||
--
2.20.1
^ permalink raw reply related
* [PATCH 3/7] netfilter: Use fallthrough pseudo-keyword
From: Pablo Neira Ayuso @ 2020-08-02 18:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20200802183149.2808-1-pablo@netfilter.org>
From: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Replace the existing /* fall through */ comments and its variants with
the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary
fall-through markings when it is the case.
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/bridge/netfilter/ebtables.c | 2 +-
net/netfilter/ipset/ip_set_core.c | 2 +-
net/netfilter/nf_conntrack_h323_asn1.c | 6 +++---
net/netfilter/nf_conntrack_proto.c | 2 +-
net/netfilter/nf_conntrack_proto_tcp.c | 2 +-
net/netfilter/nf_conntrack_standalone.c | 2 +-
net/netfilter/nf_nat_core.c | 12 ++++++------
net/netfilter/nf_synproxy_core.c | 6 ++----
net/netfilter/nf_tables_api.c | 8 ++++----
net/netfilter/nf_tables_core.c | 2 +-
net/netfilter/nfnetlink_cttimeout.c | 2 +-
net/netfilter/nft_cmp.c | 4 ++--
net/netfilter/nft_ct.c | 6 +++---
net/netfilter/nft_fib.c | 2 +-
net/netfilter/nft_payload.c | 2 +-
net/netfilter/utils.c | 8 ++++----
net/netfilter/x_tables.c | 2 +-
17 files changed, 34 insertions(+), 36 deletions(-)
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index c83ffe912163..38e946fdd041 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1935,7 +1935,7 @@ static int compat_mtw_from_user(const struct compat_ebt_entry_mwt *mwt,
size_kern = match_size;
module_put(match->me);
break;
- case EBT_COMPAT_WATCHER: /* fallthrough */
+ case EBT_COMPAT_WATCHER:
case EBT_COMPAT_TARGET:
wt = xt_request_find_target(NFPROTO_BRIDGE, name,
mwt->u.revision);
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 56621d6bfd29..920b7c4331f0 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1644,7 +1644,7 @@ ip_set_dump_do(struct sk_buff *skb, struct netlink_callback *cb)
goto next_set;
if (set->variant->uref)
set->variant->uref(set, cb, true);
- /* fall through */
+ fallthrough;
default:
ret = set->variant->list(set, skb, cb);
if (!cb->args[IPSET_CB_ARG0])
diff --git a/net/netfilter/nf_conntrack_h323_asn1.c b/net/netfilter/nf_conntrack_h323_asn1.c
index 573cb4481481..e697a824b001 100644
--- a/net/netfilter/nf_conntrack_h323_asn1.c
+++ b/net/netfilter/nf_conntrack_h323_asn1.c
@@ -257,15 +257,15 @@ static unsigned int get_uint(struct bitstr *bs, int b)
case 4:
v |= *bs->cur++;
v <<= 8;
- /* fall through */
+ fallthrough;
case 3:
v |= *bs->cur++;
v <<= 8;
- /* fall through */
+ fallthrough;
case 2:
v |= *bs->cur++;
v <<= 8;
- /* fall through */
+ fallthrough;
case 1:
v |= *bs->cur++;
break;
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index a0560d175a7f..95f79980348c 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -610,7 +610,7 @@ void nf_ct_netns_put(struct net *net, uint8_t nfproto)
switch (nfproto) {
case NFPROTO_BRIDGE:
nf_ct_netns_do_put(net, NFPROTO_BRIDGE);
- /* fall through */
+ fallthrough;
case NFPROTO_INET:
nf_ct_netns_do_put(net, NFPROTO_IPV4);
nf_ct_netns_do_put(net, NFPROTO_IPV6);
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 1926fd56df56..6892e497781c 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -900,7 +900,7 @@ int nf_conntrack_tcp_packet(struct nf_conn *ct,
return -NF_REPEAT;
return NF_DROP;
}
- /* Fall through */
+ fallthrough;
case TCP_CONNTRACK_IGNORE:
/* Ignored packets:
*
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 6a26299cb064..a604f43e3e6b 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -60,7 +60,7 @@ print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple,
ntohs(tuple->src.u.tcp.port),
ntohs(tuple->dst.u.tcp.port));
break;
- case IPPROTO_UDPLITE: /* fallthrough */
+ case IPPROTO_UDPLITE:
case IPPROTO_UDP:
seq_printf(s, "sport=%hu dport=%hu ",
ntohs(tuple->src.u.udp.port),
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index bfc555fcbc72..ea923f8cf9c4 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -408,7 +408,7 @@ static void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple,
static const unsigned int max_attempts = 128;
switch (tuple->dst.protonum) {
- case IPPROTO_ICMP: /* fallthrough */
+ case IPPROTO_ICMP:
case IPPROTO_ICMPV6:
/* id is same for either direction... */
keyptr = &tuple->src.u.icmp.id;
@@ -442,11 +442,11 @@ static void nf_nat_l4proto_unique_tuple(struct nf_conntrack_tuple *tuple,
}
goto find_free_id;
#endif
- case IPPROTO_UDP: /* fallthrough */
- case IPPROTO_UDPLITE: /* fallthrough */
- case IPPROTO_TCP: /* fallthrough */
- case IPPROTO_SCTP: /* fallthrough */
- case IPPROTO_DCCP: /* fallthrough */
+ case IPPROTO_UDP:
+ case IPPROTO_UDPLITE:
+ case IPPROTO_TCP:
+ case IPPROTO_SCTP:
+ case IPPROTO_DCCP:
if (maniptype == NF_NAT_MANIP_SRC)
keyptr = &tuple->src.u.all;
else
diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c
index ebcdc8e54476..9cca35d22927 100644
--- a/net/netfilter/nf_synproxy_core.c
+++ b/net/netfilter/nf_synproxy_core.c
@@ -704,8 +704,7 @@ ipv4_synproxy_hook(void *priv, struct sk_buff *skb,
nf_ct_seqadj_init(ct, ctinfo, 0);
synproxy->tsoff = 0;
this_cpu_inc(snet->stats->conn_reopened);
-
- /* fall through */
+ fallthrough;
case TCP_CONNTRACK_SYN_SENT:
if (!synproxy_parse_options(skb, thoff, th, &opts))
return NF_DROP;
@@ -1128,8 +1127,7 @@ ipv6_synproxy_hook(void *priv, struct sk_buff *skb,
nf_ct_seqadj_init(ct, ctinfo, 0);
synproxy->tsoff = 0;
this_cpu_inc(snet->stats->conn_reopened);
-
- /* fall through */
+ fallthrough;
case TCP_CONNTRACK_SYN_SENT:
if (!synproxy_parse_options(skb, thoff, th, &opts))
return NF_DROP;
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 6708a4f2eec8..0d96e4eb754d 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4375,7 +4375,7 @@ void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
case NFT_TRANS_ABORT:
case NFT_TRANS_RELEASE:
set->use--;
- /* fall through */
+ fallthrough;
default:
nf_tables_unbind_set(ctx, set, binding,
phase == NFT_TRANS_COMMIT);
@@ -6256,7 +6256,7 @@ void nf_tables_deactivate_flowtable(const struct nft_ctx *ctx,
case NFT_TRANS_ABORT:
case NFT_TRANS_RELEASE:
flowtable->use--;
- /* fall through */
+ fallthrough;
default:
return;
}
@@ -7262,7 +7262,7 @@ static int nf_tables_validate(struct net *net)
break;
case NFT_VALIDATE_NEED:
nft_validate_state_update(net, NFT_VALIDATE_DO);
- /* fall through */
+ fallthrough;
case NFT_VALIDATE_DO:
list_for_each_entry(table, &net->nft.tables, list) {
if (nft_table_validate(net, table) < 0)
@@ -8336,7 +8336,7 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
default:
return -EINVAL;
}
- /* fall through */
+ fallthrough;
case NFT_CONTINUE:
case NFT_BREAK:
case NFT_RETURN:
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index 96c74c4c7176..587897a2498b 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -213,7 +213,7 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv)
jumpstack[stackptr].chain = chain;
jumpstack[stackptr].rules = rules + 1;
stackptr++;
- /* fall through */
+ fallthrough;
case NFT_GOTO:
nft_trace_packet(&info, chain, rule,
NFT_TRACETYPE_RULE);
diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c
index da915c224a82..89a381f7f945 100644
--- a/net/netfilter/nfnetlink_cttimeout.c
+++ b/net/netfilter/nfnetlink_cttimeout.c
@@ -451,7 +451,7 @@ static int cttimeout_default_get(struct net *net, struct sock *ctnl,
case IPPROTO_TCP:
timeouts = nf_tcp_pernet(net)->timeouts;
break;
- case IPPROTO_UDP: /* fallthrough */
+ case IPPROTO_UDP:
case IPPROTO_UDPLITE:
timeouts = nf_udp_pernet(net)->timeouts;
break;
diff --git a/net/netfilter/nft_cmp.c b/net/netfilter/nft_cmp.c
index 8a28c127effc..16f4d84599ac 100644
--- a/net/netfilter/nft_cmp.c
+++ b/net/netfilter/nft_cmp.c
@@ -43,7 +43,7 @@ void nft_cmp_eval(const struct nft_expr *expr,
case NFT_CMP_LT:
if (d == 0)
goto mismatch;
- /* fall through */
+ fallthrough;
case NFT_CMP_LTE:
if (d > 0)
goto mismatch;
@@ -51,7 +51,7 @@ void nft_cmp_eval(const struct nft_expr *expr,
case NFT_CMP_GT:
if (d == 0)
goto mismatch;
- /* fall through */
+ fallthrough;
case NFT_CMP_GTE:
if (d < 0)
goto mismatch;
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index 77258af1fce0..322bd674963e 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -129,7 +129,7 @@ static void nft_ct_get_eval(const struct nft_expr *expr,
return;
}
#endif
- case NFT_CT_BYTES: /* fallthrough */
+ case NFT_CT_BYTES:
case NFT_CT_PKTS: {
const struct nf_conn_acct *acct = nf_conn_acct_find(ct);
u64 count = 0;
@@ -1013,8 +1013,8 @@ static int nft_ct_helper_obj_init(const struct nft_ctx *ctx,
help6 = nf_conntrack_helper_try_module_get(name, family,
priv->l4proto);
break;
- case NFPROTO_NETDEV: /* fallthrough */
- case NFPROTO_BRIDGE: /* same */
+ case NFPROTO_NETDEV:
+ case NFPROTO_BRIDGE:
case NFPROTO_INET:
help4 = nf_conntrack_helper_try_module_get(name, NFPROTO_IPV4,
priv->l4proto);
diff --git a/net/netfilter/nft_fib.c b/net/netfilter/nft_fib.c
index cfac0964f48d..4dfdaeaf09a5 100644
--- a/net/netfilter/nft_fib.c
+++ b/net/netfilter/nft_fib.c
@@ -32,7 +32,7 @@ int nft_fib_validate(const struct nft_ctx *ctx, const struct nft_expr *expr,
unsigned int hooks;
switch (priv->result) {
- case NFT_FIB_RESULT_OIF: /* fallthrough */
+ case NFT_FIB_RESULT_OIF:
case NFT_FIB_RESULT_OIFNAME:
hooks = (1 << NF_INET_PRE_ROUTING);
break;
diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index a7de3a58f553..ed7cb9f747f6 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -467,7 +467,7 @@ static int nft_payload_l4csum_offset(const struct nft_pktinfo *pkt,
case IPPROTO_UDP:
if (!nft_payload_udp_checksum(skb, pkt->xt.thoff))
return -1;
- /* Fall through. */
+ fallthrough;
case IPPROTO_UDPLITE:
*l4csum_offset = offsetof(struct udphdr, check);
break;
diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c
index 51b454d8fa9c..cedf47ab3c6f 100644
--- a/net/netfilter/utils.c
+++ b/net/netfilter/utils.c
@@ -25,7 +25,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
skb->ip_summed = CHECKSUM_UNNECESSARY;
break;
}
- /* fall through */
+ fallthrough;
case CHECKSUM_NONE:
if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP)
skb->csum = 0;
@@ -51,7 +51,7 @@ static __sum16 nf_ip_checksum_partial(struct sk_buff *skb, unsigned int hook,
case CHECKSUM_COMPLETE:
if (len == skb->len - dataoff)
return nf_ip_checksum(skb, hook, dataoff, protocol);
- /* fall through */
+ fallthrough;
case CHECKSUM_NONE:
skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr, protocol,
skb->len - dataoff, 0);
@@ -79,7 +79,7 @@ __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
skb->ip_summed = CHECKSUM_UNNECESSARY;
break;
}
- /* fall through */
+ fallthrough;
case CHECKSUM_NONE:
skb->csum = ~csum_unfold(
csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
@@ -106,7 +106,7 @@ static __sum16 nf_ip6_checksum_partial(struct sk_buff *skb, unsigned int hook,
case CHECKSUM_COMPLETE:
if (len == skb->len - dataoff)
return nf_ip6_checksum(skb, hook, dataoff, protocol);
- /* fall through */
+ fallthrough;
case CHECKSUM_NONE:
hsum = skb_checksum(skb, 0, dataoff, 0);
skb->csum = ~csum_unfold(csum_ipv6_magic(&ip6h->saddr,
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 99a468be4a59..8b2daccaf8df 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -1571,7 +1571,7 @@ static void *xt_mttg_seq_next(struct seq_file *seq, void *v, loff_t *ppos,
trav->curr = trav->curr->next;
if (trav->curr != trav->head)
break;
- /* fall through */
+ fallthrough;
default:
return NULL;
}
--
2.20.1
^ permalink raw reply related
* [PATCH 7/7] netfilter: nf_tables: report EEXIST on overlaps
From: Pablo Neira Ayuso @ 2020-08-02 18:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20200802183149.2808-1-pablo@netfilter.org>
Replace EBUSY by EEXIST in the following cases:
- If the user adds a chain with a different configuration such as different
type, hook and priority.
- If the user adds a non-base chain that clashes with an existing basechain.
- If the user adds a { key : value } mapping element and the key exists
but the value differs.
- If the device already belongs to an existing flowtable.
User describe that this error reporting is confusing:
- https://bugzilla.netfilter.org/show_bug.cgi?id=1176
- https://bugzilla.netfilter.org/show_bug.cgi?id=1413
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_tables_api.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index fac552b0179f..6571789989bc 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2097,7 +2097,7 @@ static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy,
if (nla[NFTA_CHAIN_HOOK]) {
if (!nft_is_base_chain(chain))
- return -EBUSY;
+ return -EEXIST;
err = nft_chain_parse_hook(ctx->net, nla, &hook, ctx->family,
false);
@@ -2107,21 +2107,21 @@ static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy,
basechain = nft_base_chain(chain);
if (basechain->type != hook.type) {
nft_chain_release_hook(&hook);
- return -EBUSY;
+ return -EEXIST;
}
if (ctx->family == NFPROTO_NETDEV) {
if (!nft_hook_list_equal(&basechain->hook_list,
&hook.list)) {
nft_chain_release_hook(&hook);
- return -EBUSY;
+ return -EEXIST;
}
} else {
ops = &basechain->ops;
if (ops->hooknum != hook.num ||
ops->priority != hook.priority) {
nft_chain_release_hook(&hook);
- return -EBUSY;
+ return -EEXIST;
}
}
nft_chain_release_hook(&hook);
@@ -5262,10 +5262,8 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,
if (nft_set_ext_exists(ext, NFT_SET_EXT_DATA) ^
nft_set_ext_exists(ext2, NFT_SET_EXT_DATA) ||
nft_set_ext_exists(ext, NFT_SET_EXT_OBJREF) ^
- nft_set_ext_exists(ext2, NFT_SET_EXT_OBJREF)) {
- err = -EBUSY;
+ nft_set_ext_exists(ext2, NFT_SET_EXT_OBJREF))
goto err_element_clash;
- }
if ((nft_set_ext_exists(ext, NFT_SET_EXT_DATA) &&
nft_set_ext_exists(ext2, NFT_SET_EXT_DATA) &&
memcmp(nft_set_ext_data(ext),
@@ -5273,7 +5271,7 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,
(nft_set_ext_exists(ext, NFT_SET_EXT_OBJREF) &&
nft_set_ext_exists(ext2, NFT_SET_EXT_OBJREF) &&
*nft_set_ext_obj(ext) != *nft_set_ext_obj(ext2)))
- err = -EBUSY;
+ goto err_element_clash;
else if (!(nlmsg_flags & NLM_F_EXCL))
err = 0;
} else if (err == -ENOTEMPTY) {
@@ -6423,7 +6421,7 @@ static int nft_register_flowtable_net_hooks(struct net *net,
list_for_each_entry(hook2, &ft->hook_list, list) {
if (hook->ops.dev == hook2->ops.dev &&
hook->ops.pf == hook2->ops.pf) {
- err = -EBUSY;
+ err = -EEXIST;
goto err_unregister_net_hooks;
}
}
--
2.20.1
^ permalink raw reply related
* [PATCH 6/7] netfilter: nf_tables: extended netlink error reporting for expressions
From: Pablo Neira Ayuso @ 2020-08-02 18:31 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20200802183149.2808-1-pablo@netfilter.org>
This patch extends 36dd1bcc07e5 ("netfilter: nf_tables: initial support
for extended ACK reporting") to include netlink extended error reporting
for expressions. This allows userspace to identify what rule expression
is triggering the error.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_tables_api.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 0d96e4eb754d..fac552b0179f 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2509,6 +2509,7 @@ int nft_expr_dump(struct sk_buff *skb, unsigned int attr,
struct nft_expr_info {
const struct nft_expr_ops *ops;
+ const struct nlattr *attr;
struct nlattr *tb[NFT_EXPR_MAXATTR + 1];
};
@@ -2556,7 +2557,9 @@ static int nf_tables_expr_parse(const struct nft_ctx *ctx,
} else
ops = type->ops;
+ info->attr = nla;
info->ops = ops;
+
return 0;
err1:
@@ -3214,8 +3217,10 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk,
expr = nft_expr_first(rule);
for (i = 0; i < n; i++) {
err = nf_tables_newexpr(&ctx, &info[i], expr);
- if (err < 0)
+ if (err < 0) {
+ NL_SET_BAD_ATTR(extack, info[i].attr);
goto err2;
+ }
if (info[i].ops->validate)
nft_validate_state_update(net, NFT_VALIDATE_NEED);
--
2.20.1
^ permalink raw reply related
* Re: [RFC PATCH 00/17] Drop uses of pci_read_config_*() return value
From: Borislav Petkov @ 2020-08-02 18:46 UTC (permalink / raw)
To: Saheed Bolarinwa
Cc: trix, helgaas, Kalle Valo, David S. Miller, Jakub Kicinski,
Wolfgang Grandegger, Marc Kleine-Budde, Miquel Raynal,
Richard Weinberger, Vignesh Raghavendra, Joerg Roedel, bjorn,
skhan, linux-kernel-mentees, linux-pci, linux-kernel,
linux-wireless, netdev, linux-mtd, iommu, linux-rdma, linux-ide,
linux-i2c, linux-hwmon, dri-devel, intel-gfx, linux-gpio,
linux-fpga, linux-edac, dmaengine, linux-crypto,
linux-atm-general
In-Reply-To: <b720aa44-895a-203b-e220-ecdb3acd9278@gmail.com>
On Sun, Aug 02, 2020 at 07:28:00PM +0200, Saheed Bolarinwa wrote:
> Because the value ~0 has a meaning to some drivers and only
No, ~0 means that the PCI read failed. For *every* PCI device I know.
Here's me reading from 0xf0 offset of my hostbridge:
# setpci -s 00:00.0 0xf0.l
01000000
That device doesn't have extended config space, so the last valid byte
is 0xff. Let's read beyond that:
# setpci -s 00:00.0 0x100.l
ffffffff
> Again, only the drivers can determine if ~0 is a valid value. This
> information is not available inside pci_config_read*().
Of course it is.
*every* change you've done in 6/17 - this is the only patch I have
received - checks for == ~0. So that check can just as well be moved
inside pci_config_read_*().
Here's how one could do it:
#define PCI_OP_READ(size, type, len) \
int noinline pci_bus_read_config_##size \
(struct pci_bus *bus, unsigned int devfn, int pos, type *value) \
{ \
int res; \
unsigned long flags; \
u32 data = 0; \
if (PCI_##size##_BAD) return PCIBIOS_BAD_REGISTER_NUMBER; \
pci_lock_config(flags); \
res = bus->ops->read(bus, devfn, pos, len, &data); \
/* Check we actually read something which is not all 1s.*/
if (data == ~0)
return PCIBIOS_READ_FAILED;
*value = (type)data; \
pci_unlock_config(flags); \
return res; \
}
Also, I'd prefer a function to *not* return void but return either
an error or success. In the success case, the @value argument can be
consumed by the caller and otherwise not.
In any case, that change is a step in the wrong direction and I don't
like it, sorry.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply
* pull-request: wireless-drivers-next-2020-08-02
From: Kalle Valo @ 2020-08-02 19:01 UTC (permalink / raw)
To: netdev; +Cc: linux-wireless
Hi,
here's a pull request to net-next tree, more info below. Please let me know if
there are any problems.
Kalle
The following changes since commit dfecd3e00cd32b2a6d1cfdb30b513dd42575ada3:
Merge branch 'net-dsa-mv88e6xxx-port-mtu-support' (2020-07-24 20:03:28 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git tags/wireless-drivers-next-2020-08-02
for you to fetch changes up to 3dc05ffb04436020f63138186dbc4f37bd938552:
brcmfmac: Set timeout value when configuring power save (2020-08-02 18:32:06 +0300)
----------------------------------------------------------------
wireless-drivers-next patches for v5.9
Second set of patches for v5.9. These patches have not been build
tested as much as normally because I'm on vacation right now.
Hopefully this does not cause any regressions.
mt76 has most of patches this time. Otherwise it's just smaller fixed
and cleanups to other drivers.
This pull request causes conflicts in four files in
drivers/net/wireless/mediatek/mt76/mt7615/, here is how I fixed those:
* usb.c: take the hunk which uses mt7663_usb_sdio_tx_*() functions
* mt7615.h: remove either one of the duplicate (and identical) enum tx_pkt_queue_idx
* mt7615.h: take the hunk which has mt7615_mutex_acquire/release() functions
* main.c: take the hunk which uses mt7615_mutex_acquire/release()
* mac.c: take the hunk which uses is_mmio
Major changes:
rtw88
* add support for ieee80211_ops::change_interface
* add support for enabling and disabling beacon
* add debugfs file for testing h2c
mt76
* ARP filter offload for 7663
* runtime power management for 7663
* testmode support for mfg calibration
* support for more channels
----------------------------------------------------------------
Ajay Singh (1):
wilc1000: Move wilc1000 SDIO ID's from driver source to common header file
Alexander A. Klimov (4):
prism54: Replace HTTP links with HTTPS ones
ipw2x00: Replace HTTP links with HTTPS ones
b43: Replace HTTP links with HTTPS ones
b43legacy: Replace HTTP links with HTTPS ones
Andy Shevchenko (1):
rtlwifi: btcoex: use %*ph to print small buffer
Christophe JAILLET (4):
p54: switch from 'pci_' to 'dma_' API
prism54: switch from 'pci_' to 'dma_' API
ipw2100: Use GFP_KERNEL instead of GFP_ATOMIC in some memory allocation
ipw2x00: switch from 'pci_' to 'dma_' API
Colin Ian King (1):
rtlwifi: btcoex: remove redundant initialization of variables ant_num and single_ant_path
Dan Carpenter (1):
mt76: mt7915: potential array overflow in mt7915_mcu_tx_rate_report()
Felix Fietkau (8):
mt76: mt7615: re-enable offloading of sequence number assignment
mt76: mt7615: schedule tx tasklet and sta poll on mac tx free
mt76: mt7615: add support for accessing mapped registers via bus ops
mt76: mt7615: add support for accessing RF registers via MCU
mt76: mt7615: use full on-chip memory address for WF_PHY registers
mt76: vif_mask to struct mt76_phy
mt76: add API for testmode support
mt76: mt7615: implement testmode support
Flavio Suligoi (1):
intersil: fix wiki website url
Kalle Valo (1):
Merge tag 'mt76-for-kvalo-2020-07-21' of https://github.com/nbd168/wireless
Linus Walleij (1):
bcma: gpio: Use irqchip template
Lorenzo Bianconi (41):
mt76: add missing lock configuring coverage class
mt76: mt7615: fix lmac queue debugsfs entry
mt76: mt7615: fix hw queue mapping
mt76: overwrite qid for non-bufferable mgmt frames
mt76: usb: rely on mt76_for_each_q_rx
mt76: rely on register macros
mt76: add U-APSD support on AP side
mt76: mt76x2e: rename routines in pci.c
mt76: mt76x2: fix pci suspend/resume on mt7612e
mt76: mt76x2u: enable HC-M7662BU1
mt76: mt7615: avoid polling in fw_own for mt7663
mt76: move mt76 workqueue in common code
mt76: mt7615: add mt7615_pm_wake utility routine
mt76: mt7615: introduce mt7615_mutex_{acquire,release} utilities
mt76: mt7615: wake device before accessing regmap in debugfs
mt76: mt7615: wake device before configuring hw keys
mt76: mt7615: introduce pm_power_save delayed work
mt76: mt7615: wake device in mt7615_update_channel before access regmap
mt76: mt7615: acquire driver_own before configuring device for suspend
mt76: mt7615: wake device before performing freq scan
mt76: mt7615: add missing lock in mt7615_regd_notifier
mt76: mt7615: run mt7615_mcu_set_wmm holding mt76 mutex
mt76: mt7615: run mt7615_mcu_set_roc holding mt76 mutex
mt76: mt7615: wake device before pulling packets from mac80211 queues
mt76: mt7615: wake device before pushing frames in mt7615_tx
mt76: mt7615: run mt7615_pm_wake in mt7615_mac_sta_{add,remove}
mt76: mt7615: check MT76_STATE_PM flag before accessing the device
mt76: mt7615: do not request {driver,fw}_own if already granted
mt76: mt7615: add runtime-pm knob in mt7615 debugfs
mt76: mt7615: enable beacon hw filter for runtime-pm
mt76: mt7615: add idle-timeout knob in mt7615 debugfs
mt76: mt7615: improve mt7615_driver_own reliability
mt76: mt7663u: sync probe sampling with rate configuration
mt76: mt7615: avoid scheduling runtime-pm during hw scan
mt76: mt7615: reschedule ps work according to last activity
mt76: mt7615: take into account sdio bus configuring txwi
mt76: mt76u: add mt76_skb_adjust_pad utility routine
mt76: mt7615: sdio code must access rate/key regs in preocess context
mt76: mt7615: introduce mt7663-usb-sdio-common module
mt76: mt76s: move queue accounting in mt76s_tx_queue_skb
mt76: mt7615: fix possible memory leak in mt7615_mcu_wtbl_sta_add
Markus Theil (2):
mt76: allow more channels, allowed in ETSI domain
mt76: fix include in pci.h
Navid Emamdoost (2):
mt76: mt76u: add missing release on skb in __mt76x02u_mcu_send_msg
mt7601u: add missing release on skb in mt7601u_mcu_msg_send
Nicolas Saenz Julienne (1):
brcmfmac: Set timeout value when configuring power save
Ping-Cheng Chen (1):
rtw88: 8821c: coex: add functions and parameters
Ryder Lee (9):
mt76: mt7615: add .set_tsf callback
mt76: mt7915: add a fixed AC queue mapping
mt76: mt7915: add MU-MIMO support
mt76: mt7915: use ieee80211_tx_queue_params to avoid open coded
mt76: mt7915: overwrite qid for non-bufferable mgmt frames
mt76: mt7915: update HE capabilities
mt76: mt7915: avoid memcpy in rxv operation
mt76: mt7915: add missing CONFIG_MAC80211_DEBUGFS
mt76: mt7915: fix potential memory leak in mcu message handler
Sean Wang (7):
mt76: mt7663: introduce ARP filter offload
mt76: mt7615: fix up typo in Kconfig for MT7663U
mt76: mt7663u: fix memory leak in set key
mt76: mt7663u: fix potential memory leak in mcu message handler
mt76: mt7615: fix potential memory leak in mcu message handler
mt76: introduce mt76_sdio module
mt76: mt7615: introduce mt7663s support
Tsang-Shian Lin (2):
rtw88: fix LDPC field for RA info
rtw88: fix short GI capability based on current bandwidth
Tzu-En Huang (2):
rtw88: update tx descriptor of mgmt and reserved page packets
rtw88: add h2c command in debugfs
Vaibhav Gupta (4):
prism54: islpci_hotplug: use generic power management
rt2x00: pci: use generic power management
hostap: use generic power management
airo: use generic power management
Wang Hai (2):
qtnfmac: Missing platform_device_unregister() on error in qtnf_core_mac_alloc()
wl1251: fix always return 0 error
Wei Yongjun (1):
rtw88: 8821c: make symbol 'rtw8821c_rtw_pwr_track_tbl' static
Wolfram Sang (1):
iwlwifi: yoyo: don't print failure if debug firmware is missing
Xu Wang (1):
mwifiex: 11n_rxreorder: Remove unnecessary cast in kfree()
Yan-Hsuan Chuang (3):
rtw88: coex: only skip coex triggered by BT info
rtw88: add ieee80211_ops::change_interface
rtw88: allows driver to enable/disable beacon
Zheng Yongjun (1):
drivers: bcma: remove set but not used variable `addrh` and `sizeh`
.../device_drivers/wifi/intel/ipw2100.rst | 2 +-
drivers/bcma/driver_gpio.c | 23 +-
drivers/bcma/scan.c | 8 +-
drivers/net/wireless/broadcom/b43/main.c | 14 +-
drivers/net/wireless/broadcom/b43/phy_common.c | 2 +-
drivers/net/wireless/broadcom/b43/phy_g.c | 12 +-
drivers/net/wireless/broadcom/b43/phy_ht.c | 2 +-
drivers/net/wireless/broadcom/b43/phy_lp.c | 2 +-
drivers/net/wireless/broadcom/b43/phy_n.c | 150 +++----
drivers/net/wireless/broadcom/b43/radio_2056.c | 2 +-
drivers/net/wireless/broadcom/b43/tables_nphy.c | 4 +-
drivers/net/wireless/broadcom/b43legacy/main.c | 8 +-
drivers/net/wireless/broadcom/b43legacy/phy.c | 8 +-
drivers/net/wireless/broadcom/b43legacy/radio.c | 8 +-
.../broadcom/brcm80211/brcmfmac/cfg80211.c | 8 +
drivers/net/wireless/cisco/airo.c | 39 +-
drivers/net/wireless/intel/ipw2x00/Kconfig | 4 +-
drivers/net/wireless/intel/ipw2x00/ipw2100.c | 123 +++--
drivers/net/wireless/intel/ipw2x00/ipw2200.c | 56 +--
drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 2 +-
drivers/net/wireless/intersil/Kconfig | 2 +-
drivers/net/wireless/intersil/hostap/hostap_hw.c | 6 +-
drivers/net/wireless/intersil/hostap/hostap_pci.c | 34 +-
drivers/net/wireless/intersil/orinoco/Kconfig | 4 +-
drivers/net/wireless/intersil/p54/Kconfig | 6 +-
drivers/net/wireless/intersil/p54/fwio.c | 2 +-
drivers/net/wireless/intersil/p54/p54pci.c | 65 +--
drivers/net/wireless/intersil/p54/p54usb.c | 2 +-
drivers/net/wireless/intersil/prism54/isl_oid.h | 2 +-
drivers/net/wireless/intersil/prism54/islpci_dev.c | 30 +-
drivers/net/wireless/intersil/prism54/islpci_eth.c | 24 +-
.../net/wireless/intersil/prism54/islpci_hotplug.c | 39 +-
drivers/net/wireless/intersil/prism54/islpci_mgt.c | 21 +-
.../net/wireless/marvell/mwifiex/11n_rxreorder.c | 2 +-
drivers/net/wireless/mediatek/mt76/Kconfig | 4 +
drivers/net/wireless/mediatek/mt76/Makefile | 3 +
drivers/net/wireless/mediatek/mt76/debugfs.c | 7 +-
drivers/net/wireless/mediatek/mt76/dma.c | 6 +
drivers/net/wireless/mediatek/mt76/eeprom.c | 5 +
drivers/net/wireless/mediatek/mt76/mac80211.c | 37 +-
drivers/net/wireless/mediatek/mt76/mt76.h | 116 ++++-
drivers/net/wireless/mediatek/mt76/mt7603/main.c | 8 +-
drivers/net/wireless/mediatek/mt76/mt7603/mt7603.h | 2 -
drivers/net/wireless/mediatek/mt76/mt7615/Kconfig | 19 +-
drivers/net/wireless/mediatek/mt76/mt7615/Makefile | 7 +-
.../net/wireless/mediatek/mt76/mt7615/debugfs.c | 111 ++++-
drivers/net/wireless/mediatek/mt76/mt7615/dma.c | 13 +-
drivers/net/wireless/mediatek/mt76/mt7615/init.c | 17 +-
drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 330 ++++++++++++--
drivers/net/wireless/mediatek/mt76/mt7615/mac.h | 20 +-
drivers/net/wireless/mediatek/mt76/mt7615/main.c | 332 +++++++++++---
drivers/net/wireless/mediatek/mt76/mt7615/mcu.c | 371 ++++++++++++---
drivers/net/wireless/mediatek/mt76/mt7615/mcu.h | 54 ++-
drivers/net/wireless/mediatek/mt76/mt7615/mmio.c | 51 ++-
drivers/net/wireless/mediatek/mt76/mt7615/mt7615.h | 125 +++++-
drivers/net/wireless/mediatek/mt76/mt7615/pci.c | 4 +
.../net/wireless/mediatek/mt76/mt7615/pci_init.c | 4 +
.../net/wireless/mediatek/mt76/mt7615/pci_mac.c | 1 -
drivers/net/wireless/mediatek/mt76/mt7615/regs.h | 33 +-
drivers/net/wireless/mediatek/mt76/mt7615/sdio.c | 478 ++++++++++++++++++++
drivers/net/wireless/mediatek/mt76/mt7615/sdio.h | 115 +++++
.../net/wireless/mediatek/mt76/mt7615/sdio_mcu.c | 162 +++++++
.../net/wireless/mediatek/mt76/mt7615/sdio_txrx.c | 268 +++++++++++
.../net/wireless/mediatek/mt76/mt7615/testmode.c | 363 +++++++++++++++
drivers/net/wireless/mediatek/mt76/mt7615/usb.c | 248 +---------
.../net/wireless/mediatek/mt76/mt7615/usb_init.c | 145 ------
.../net/wireless/mediatek/mt76/mt7615/usb_mcu.c | 7 +-
.../net/wireless/mediatek/mt76/mt7615/usb_sdio.c | 394 ++++++++++++++++
drivers/net/wireless/mediatek/mt76/mt76x0/usb.c | 6 +-
drivers/net/wireless/mediatek/mt76/mt76x02.h | 1 -
drivers/net/wireless/mediatek/mt76/mt76x02_mmio.c | 2 +-
.../net/wireless/mediatek/mt76/mt76x02_usb_core.c | 3 +-
.../net/wireless/mediatek/mt76/mt76x02_usb_mcu.c | 7 +-
drivers/net/wireless/mediatek/mt76/mt76x02_util.c | 8 +-
drivers/net/wireless/mediatek/mt76/mt76x2/mt76x2.h | 1 +
drivers/net/wireless/mediatek/mt76/mt76x2/pci.c | 70 ++-
.../net/wireless/mediatek/mt76/mt76x2/pci_init.c | 17 +
drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 8 +-
.../net/wireless/mediatek/mt76/mt7915/debugfs.c | 11 +-
drivers/net/wireless/mediatek/mt76/mt7915/dma.c | 21 +-
drivers/net/wireless/mediatek/mt76/mt7915/init.c | 44 +-
drivers/net/wireless/mediatek/mt76/mt7915/mac.c | 93 ++--
drivers/net/wireless/mediatek/mt76/mt7915/mac.h | 17 -
drivers/net/wireless/mediatek/mt76/mt7915/main.c | 16 +-
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 117 ++++-
drivers/net/wireless/mediatek/mt76/mt7915/mcu.h | 6 +-
drivers/net/wireless/mediatek/mt76/mt7915/mt7915.h | 35 +-
drivers/net/wireless/mediatek/mt76/mt7915/pci.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/regs.h | 5 +
drivers/net/wireless/mediatek/mt76/pci.c | 1 +
drivers/net/wireless/mediatek/mt76/sdio.c | 368 +++++++++++++++
drivers/net/wireless/mediatek/mt76/testmode.c | 497 +++++++++++++++++++++
drivers/net/wireless/mediatek/mt76/testmode.h | 156 +++++++
drivers/net/wireless/mediatek/mt76/tx.c | 54 +++
drivers/net/wireless/mediatek/mt76/usb.c | 107 ++---
drivers/net/wireless/mediatek/mt76/util.c | 4 +-
drivers/net/wireless/mediatek/mt7601u/mcu.c | 4 +-
drivers/net/wireless/microchip/wilc1000/sdio.c | 6 +-
drivers/net/wireless/quantenna/qtnfmac/core.c | 5 +-
drivers/net/wireless/ralink/rt2x00/rt2400pci.c | 3 +-
drivers/net/wireless/ralink/rt2x00/rt2500pci.c | 3 +-
drivers/net/wireless/ralink/rt2x00/rt2800pci.c | 3 +-
drivers/net/wireless/ralink/rt2x00/rt2x00.h | 5 +-
drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 4 +-
drivers/net/wireless/ralink/rt2x00/rt2x00pci.c | 31 +-
drivers/net/wireless/ralink/rt2x00/rt2x00pci.h | 9 +-
drivers/net/wireless/ralink/rt2x00/rt2x00soc.c | 2 +-
drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 2 +-
drivers/net/wireless/ralink/rt2x00/rt61pci.c | 3 +-
.../realtek/rtlwifi/btcoexist/halbtcoutsrc.c | 8 +-
drivers/net/wireless/realtek/rtw88/coex.c | 3 +-
drivers/net/wireless/realtek/rtw88/debug.c | 30 ++
drivers/net/wireless/realtek/rtw88/fw.c | 17 +-
drivers/net/wireless/realtek/rtw88/fw.h | 2 +
drivers/net/wireless/realtek/rtw88/mac80211.c | 27 ++
drivers/net/wireless/realtek/rtw88/main.c | 11 +-
drivers/net/wireless/realtek/rtw88/main.h | 2 +
drivers/net/wireless/realtek/rtw88/reg.h | 1 +
drivers/net/wireless/realtek/rtw88/rtw8821c.c | 405 ++++++++++++++++-
drivers/net/wireless/realtek/rtw88/rtw8821c.h | 26 ++
drivers/net/wireless/realtek/rtw88/tx.c | 104 +++--
drivers/net/wireless/realtek/rtw88/tx.h | 13 +-
drivers/net/wireless/ti/wl1251/event.c | 2 +-
include/linux/mmc/sdio_ids.h | 3 +
124 files changed, 5667 insertions(+), 1320 deletions(-)
create mode 100644 drivers/net/wireless/mediatek/mt76/mt7615/sdio.c
create mode 100644 drivers/net/wireless/mediatek/mt76/mt7615/sdio.h
create mode 100644 drivers/net/wireless/mediatek/mt76/mt7615/sdio_mcu.c
create mode 100644 drivers/net/wireless/mediatek/mt76/mt7615/sdio_txrx.c
create mode 100644 drivers/net/wireless/mediatek/mt76/mt7615/testmode.c
delete mode 100644 drivers/net/wireless/mediatek/mt76/mt7615/usb_init.c
create mode 100644 drivers/net/wireless/mediatek/mt76/mt7615/usb_sdio.c
create mode 100644 drivers/net/wireless/mediatek/mt76/sdio.c
create mode 100644 drivers/net/wireless/mediatek/mt76/testmode.c
create mode 100644 drivers/net/wireless/mediatek/mt76/testmode.h
^ permalink raw reply
* Re: [RFC PATCH 00/17] Drop uses of pci_read_config_*() return value
From: Bjorn Helgaas @ 2020-08-02 19:14 UTC (permalink / raw)
To: Borislav Petkov
Cc: Saheed Bolarinwa, trix, Kalle Valo, David S. Miller,
Jakub Kicinski, Wolfgang Grandegger, Marc Kleine-Budde,
Miquel Raynal, Richard Weinberger, Vignesh Raghavendra,
Joerg Roedel, bjorn, skhan, linux-kernel-mentees, linux-pci,
linux-kernel, linux-wireless, netdev, linux-mtd, iommu,
linux-rdma, linux-ide, linux-i2c, linux-hwmon, dri-devel,
intel-gfx, linux-gpio, linux-fpga, linux-edac, dmaengine,
linux-crypto, linux-atm-general
In-Reply-To: <20200802184648.GA23190@nazgul.tnic>
On Sun, Aug 02, 2020 at 08:46:48PM +0200, Borislav Petkov wrote:
> On Sun, Aug 02, 2020 at 07:28:00PM +0200, Saheed Bolarinwa wrote:
> > Because the value ~0 has a meaning to some drivers and only
>
> No, ~0 means that the PCI read failed. For *every* PCI device I know.
Wait, I'm not convinced yet. I know that if a PCI read fails, you
normally get ~0 data because the host bridge fabricates it to complete
the CPU load.
But what guarantees that a PCI config register cannot contain ~0?
If there's something about that in the spec I'd love to know where it
is because it would simplify a lot of things.
I don't think we should merge any of these patches as-is. If we *do*
want to go this direction, we at least need some kind of macro or
function that tests for ~0 so we have a clue about what's happening
and can grep for it.
Bjorn
^ permalink raw reply
* [net v3] drivers/net/wan/lapbether: Use needed_headroom instead of hard_header_len
From: Xie He @ 2020-08-02 19:50 UTC (permalink / raw)
To: David S. Miller, Jakub Kicinski, netdev, linux-kernel, linux-x25
Cc: Xie He, Willem de Bruijn, Brian Norris
In net/packet/af_packet.c, the function packet_snd first reserves a
headroom of length (dev->hard_header_len + dev->needed_headroom).
Then if the socket is a SOCK_DGRAM socket, it calls dev_hard_header,
which calls dev->header_ops->create, to create the link layer header.
If the socket is a SOCK_RAW socket, it "un-reserves" a headroom of
length (dev->hard_header_len), and assumes the user to provide the
appropriate link layer header.
So according to the logic of af_packet.c, dev->hard_header_len should
be the length of the header that would be created by
dev->header_ops->create.
However, this driver doesn't provide dev->header_ops, so logically
dev->hard_header_len should be 0.
So we should use dev->needed_headroom instead of dev->hard_header_len
to request necessary headroom to be allocated.
This change fixes kernel panic when this driver is used with AF_PACKET
SOCK_RAW sockets. Call stack when panic:
[ 168.399197] skbuff: skb_under_panic: text:ffffffff819d95fb len:20
put:14 head:ffff8882704c0a00 data:ffff8882704c09fd tail:0x11 end:0xc0
dev:veth0
...
[ 168.399255] Call Trace:
[ 168.399259] skb_push.cold+0x14/0x24
[ 168.399262] eth_header+0x2b/0xc0
[ 168.399267] lapbeth_data_transmit+0x9a/0xb0 [lapbether]
[ 168.399275] lapb_data_transmit+0x22/0x2c [lapb]
[ 168.399277] lapb_transmit_buffer+0x71/0xb0 [lapb]
[ 168.399279] lapb_kick+0xe3/0x1c0 [lapb]
[ 168.399281] lapb_data_request+0x76/0xc0 [lapb]
[ 168.399283] lapbeth_xmit+0x56/0x90 [lapbether]
[ 168.399286] dev_hard_start_xmit+0x91/0x1f0
[ 168.399289] ? irq_init_percpu_irqstack+0xc0/0x100
[ 168.399291] __dev_queue_xmit+0x721/0x8e0
[ 168.399295] ? packet_parse_headers.isra.0+0xd2/0x110
[ 168.399297] dev_queue_xmit+0x10/0x20
[ 168.399298] packet_sendmsg+0xbf0/0x19b0
......
Additional change:
When sending, check skb->len to ensure the 1-byte pseudo header is
present before reading it.
Cc: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Cc: Brian Norris <briannorris@chromium.org>
Signed-off-by: Xie He <xie.he.0141@gmail.com>
---
Change from v2:
Added skb->len check when sending.
Change from v1:
None
---
drivers/net/wan/lapbether.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wan/lapbether.c b/drivers/net/wan/lapbether.c
index b2868433718f..8a3f7ba36f7e 100644
--- a/drivers/net/wan/lapbether.c
+++ b/drivers/net/wan/lapbether.c
@@ -157,6 +157,9 @@ static netdev_tx_t lapbeth_xmit(struct sk_buff *skb,
if (!netif_running(dev))
goto drop;
+ if (skb->len < 1)
+ goto drop;
+
switch (skb->data[0]) {
case X25_IFACE_DATA:
break;
@@ -305,6 +308,7 @@ static void lapbeth_setup(struct net_device *dev)
dev->netdev_ops = &lapbeth_netdev_ops;
dev->needs_free_netdev = true;
dev->type = ARPHRD_X25;
+ dev->hard_header_len = 0;
dev->mtu = 1000;
dev->addr_len = 0;
}
@@ -331,7 +335,8 @@ static int lapbeth_new_device(struct net_device *dev)
* then this driver prepends a length field of 2 bytes,
* then the underlying Ethernet device prepends its own header.
*/
- ndev->hard_header_len = -1 + 3 + 2 + dev->hard_header_len;
+ ndev->needed_headroom = -1 + 3 + 2 + dev->hard_header_len
+ + dev->needed_headroom;
lapbeth = netdev_priv(ndev);
lapbeth->axdev = ndev;
--
2.25.1
^ permalink raw reply related
* Re: Bug#966459: linux: traffic class socket options (both IPv4/IPv6) inconsistent with docs/standards
From: Thorsten Glaser @ 2020-08-02 19:29 UTC (permalink / raw)
To: Ben Hutchings; +Cc: 966459, netdev
In-Reply-To: <e67190b7de22fff20fb4c5c084307e0b76001248.camel@decadent.org.uk>
Ben Hutchings dixit:
>ip(7) also doesn't document IP_PKTOPIONS.
Hmm, I don’t use IP_PKTOPIONS though. I’m not exactly sure I found
the correct place in the kernel for what I do.
On the sending side, I use setsockopt with either
IPPROTO_IP,IP_TOS or IPPROTO_IPV6,IPV6_TCLASS to
set the default traffic class on outgoing packets.
On the receiving side I use setsockopt with either
IPPROTO_IP,IP_RECVTOS or IPPROTO_IPV6,IPV6_RECVTCLASS
to set up the socket then recvmsg to get a cmsg(3) of
IPPROTO_IP,IP_TOS/IPPROTO_IPV6,IPV6_TCLASS from which
I read the traffic class octet.
These are where I believe I found inconsistencies
between code and documentation.
>Those are two different APIs though: recvmsg() for datagram sockets, vs
>getsockopt(... IP_PKTOPTIONS ...) for stream sockets. They obviously
>ought to be consistent, but mistakes happen.
OK, I’m currently looking at the datagram case only.
This may change later if there’s enough time.
>I see no point in changing the IPv6 behaviour: it seems to be
>consistent with itself and with the standard
Not really: if the kernel writes an int and userspace reads
its first byte, it only works by accident on little endian,
but not elsewhere.
>so only risks breaking user-space that works today.
Hrm. It risks breaking userspace that reads an int. But the
RFC clearly says it should read the first byte, not an int.
>But you should know that the highest priority for Linux API
>compatibility is to avoid breaking currently working user-space. That
>means that ugly and inconsistent APIs won't get fixed if it causes a
>regression for the programs people actually use. If the API never
>worked like it was supposed to on some architectures, that's not a
>regression, and is lower priority.
This is why I just put this up for discussion instead of
requesting a specific change.
That being said, given that the IPv6 API is *only* documented
in the RFC and *not* documented in the Linux manpages…
(Perhaps codesearching for IPV6_TCLASS might also help.
It’s unclear how many users this has…)
In the end, what I really want, is clear documentation for
how I should implement the following file that it works on
Linux, and ideally also other systems implementing the RFC
API (FreeBSD supposedly does but needs testing):
https://github.com/tarent/ECN-Bits/blob/master/linux-c/lib/ecn.c
Given that there’s no documentation, trying to read the
coffee grounds from the kernel source, finding it doesn’t
even match the RFC (which, again, doesn’t match what itojun
proposed, for some reason), does not instigate trust in the
things I *think* I’ve found.
bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
^ permalink raw reply
* INFO: task can't die in p9_client_rpc
From: syzbot @ 2020-08-02 19:59 UTC (permalink / raw)
To: asmadeus, davem, ericvh, kuba, linux-kernel, lucho, netdev,
syzkaller-bugs, v9fs-developer
Hello,
syzbot found the following issue on:
HEAD commit: 01830e6c Add linux-next specific files for 20200731
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=176146cc900000
kernel config: https://syzkaller.appspot.com/x/.config?x=2e226b2d1364112c
dashboard link: https://syzkaller.appspot.com/bug?extid=a42aa715d3d32226792a
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a42aa715d3d32226792a@syzkaller.appspotmail.com
INFO: task syz-executor.5:24879 can't die for more than 143 seconds.
syz-executor.5 D25688 24879 7480 0x00004004
Call Trace:
context_switch kernel/sched/core.c:3669 [inline]
__schedule+0x8e5/0x21e0 kernel/sched/core.c:4418
schedule+0xd0/0x2a0 kernel/sched/core.c:4493
p9_client_rpc+0x3b5/0x11f0 net/9p/client.c:757
p9_client_flush+0x1f9/0x430 net/9p/client.c:665
p9_client_rpc+0xf93/0x11f0 net/9p/client.c:782
p9_client_version net/9p/client.c:953 [inline]
p9_client_create+0xa8f/0x10c0 net/9p/client.c:1053
v9fs_session_init+0x1dd/0x1770 fs/9p/v9fs.c:406
v9fs_mount+0x79/0x970 fs/9p/vfs_super.c:124
legacy_get_tree+0x105/0x220 fs/fs_context.c:592
vfs_get_tree+0x89/0x2f0 fs/super.c:1549
do_new_mount fs/namespace.c:2912 [inline]
do_mount+0x14f6/0x1e20 fs/namespace.c:3238
__do_sys_mount fs/namespace.c:3448 [inline]
__se_sys_mount fs/namespace.c:3425 [inline]
__x64_sys_mount+0x18f/0x230 fs/namespace.c:3425
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45cc79
Code: Bad RIP value.
RSP: 002b:00007f92f26b9c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000020480 RCX: 000000000045cc79
RDX: 0000000020000100 RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000078bf50 R08: 0000000020000200 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
R13: 00007fff9a822f9f R14: 00007f92f26ba9c0 R15: 000000000078bf0c
Showing all locks held in the system:
1 lock held by khungtaskd/1164:
#0: ffffffff89c52a80 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:5823
1 lock held by in:imklog/6729:
#0: ffff8880a97c7db0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:930
=============================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
^ permalink raw reply
* Re: [PATCH v2 1/4 net-next] dt-bindings: net: mdio: add reset-post-delay-us property
From: Florian Fainelli @ 2020-08-02 20:16 UTC (permalink / raw)
To: Bruno Thomsen, netdev
Cc: Andrew Lunn, Fabio Estevam, Russell King - ARM Linux,
Heiner Kallweit, Lars Alex Pedersen, Bruno Thomsen
In-Reply-To: <20200730195749.4922-2-bruno.thomsen@gmail.com>
On 7/30/2020 12:57 PM, Bruno Thomsen wrote:
> Add "reset-post-delay-us" parameter to MDIO bus properties,
> so it's possible to add a delay after reset deassert.
> This is optional in case external hardware slows down
> release of the reset signal.
>
> Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
> ---
> Documentation/devicetree/bindings/net/mdio.yaml | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/Documentation/devicetree/bindings/net/mdio.yaml b/Documentation/devicetree/bindings/net/mdio.yaml
> index d6a3bf8550eb..26afb556dfae 100644
> --- a/Documentation/devicetree/bindings/net/mdio.yaml
> +++ b/Documentation/devicetree/bindings/net/mdio.yaml
> @@ -39,6 +39,13 @@ properties:
> and must therefore be appropriately determined based on all devices
> requirements (maximum value of all per-device RESET pulse widths).
>
> + reset-post-delay-us:
> + description:
> + Delay after reset deassert in microseconds. It applies to all MDIO
> + devices and it's determined by how fast all devices are ready for
Uber nit: it is should be spelled out, but that does not warrant a resend.
--
Florian
^ permalink raw reply
* Re: [PATCH v2 2/4 net-next] net: mdiobus: use flexible sleeping for reset-delay-us
From: Florian Fainelli @ 2020-08-02 20:17 UTC (permalink / raw)
To: Bruno Thomsen, netdev
Cc: Andrew Lunn, Fabio Estevam, Russell King - ARM Linux,
Heiner Kallweit, Lars Alex Pedersen, Bruno Thomsen
In-Reply-To: <20200730195749.4922-3-bruno.thomsen@gmail.com>
On 7/30/2020 12:57 PM, Bruno Thomsen wrote:
> MDIO bus reset pulse width is created by using udelay()
> and that function might not be optimal depending on
> device tree value. By switching to the new fsleep() helper
> the correct delay function is called depending on
> delay length, e.g. udelay(), usleep_range() or msleep().
>
> Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
--
Florian
^ permalink raw reply
* Re: [PATCH v2 3/4 net-next] net: mdiobus: add reset-post-delay-us handling
From: Florian Fainelli @ 2020-08-02 20:18 UTC (permalink / raw)
To: Bruno Thomsen, netdev
Cc: Andrew Lunn, Fabio Estevam, Russell King - ARM Linux,
Heiner Kallweit, Lars Alex Pedersen, Bruno Thomsen
In-Reply-To: <20200730195749.4922-4-bruno.thomsen@gmail.com>
On 7/30/2020 12:57 PM, Bruno Thomsen wrote:
> Load new "reset-post-delay-us" value from MDIO properties,
> and if configured to a greater then zero delay do a
> flexible sleeping delay after MDIO bus reset deassert.
> This allows devices to exit reset state before start
> bus communication.
>
> Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
--
Florian
^ permalink raw reply
* Re: [net-next PATCH] net: phy: mdio-mvusb: select MDIO_DEVRES in Kconfig
From: Florian Fainelli @ 2020-08-02 20:18 UTC (permalink / raw)
To: Bartosz Golaszewski, Andrew Lunn, Heiner Kallweit, Russell King,
David S . Miller, Jakub Kicinski
Cc: netdev, linux-kernel, Bartosz Golaszewski, kernel test robot
In-Reply-To: <20200802074953.1529-1-brgl@bgdev.pl>
On 8/2/2020 12:49 AM, Bartosz Golaszewski wrote:
> From: Bartosz Golaszewski <bgolaszewski@baylibre.com>
>
> PHYLIB is not selected by the mvusb driver but it uses mdio devres
> helpers. Explicitly select MDIO_DEVRES in this driver's Kconfig entry.
>
> Reported-by: kernel test robot <lkp@intel.com>
> Fixes: 1814cff26739 ("net: phy: add a Kconfig option for mdio_devres")
> Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
--
Florian
^ permalink raw reply
* Re: [RFC PATCH 00/17] Drop uses of pci_read_config_*() return value
From: Borislav Petkov @ 2020-08-02 20:18 UTC (permalink / raw)
To: Bjorn Helgaas
Cc: Saheed Bolarinwa, trix, Kalle Valo, David S. Miller,
Jakub Kicinski, Wolfgang Grandegger, Marc Kleine-Budde,
Miquel Raynal, Richard Weinberger, Vignesh Raghavendra,
Joerg Roedel, bjorn, skhan, linux-kernel-mentees, linux-pci,
linux-kernel, linux-wireless, netdev, linux-mtd, iommu,
linux-rdma, linux-ide, linux-i2c, linux-hwmon, dri-devel,
intel-gfx, linux-gpio, linux-fpga, linux-edac, dmaengine,
linux-crypto, linux-atm-general
In-Reply-To: <20200802191406.GA248232@bjorn-Precision-5520>
On Sun, Aug 02, 2020 at 02:14:06PM -0500, Bjorn Helgaas wrote:
> Wait, I'm not convinced yet. I know that if a PCI read fails, you
> normally get ~0 data because the host bridge fabricates it to complete
> the CPU load.
>
> But what guarantees that a PCI config register cannot contain ~0?
Well, I don't think you can differentiate that case, right?
I guess this is where the driver knowledge comes into play: if the read
returns ~0, the pci_read_config* should probably return in that case
something like:
PCIBIOS_READ_MAYBE_FAILED
to denote it is all 1s and then the caller should be able to determine,
based on any of domain:bus:slot.func and whatever else the driver knows
about its hardware, whether the 1s are a valid value or an error.
Hopefully.
Or something better of which I cannot think of right now...
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
^ permalink raw reply
* Re: [PATCH bpf-next v4 1/2] bpf: setup socket family and addresses in bpf_prog_test_run_skb
From: Eric Dumazet @ 2020-08-02 20:19 UTC (permalink / raw)
To: Dmitry Yakunin, alexei.starovoitov, daniel, netdev, bpf; +Cc: sdf
In-Reply-To: <20200802182638.77377-2-zeil@yandex-team.ru>
On 8/2/20 11:26 AM, Dmitry Yakunin wrote:
> Now it's impossible to test all branches of cgroup_skb bpf program which
> accesses skb->family and skb->{local,remote}_ip{4,6} fields because they
> are zeroed during socket allocation. This commit fills socket family and
> addresses from related fields in constructed skb.
>
> v2:
> - fix build without CONFIG_IPV6 (kernel test robot <lkp@intel.com>)
>
> Signed-off-by: Dmitry Yakunin <zeil@yandex-team.ru>
> ---
> net/bpf/test_run.c | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
> index b03c469..2521b27 100644
> --- a/net/bpf/test_run.c
> +++ b/net/bpf/test_run.c
> @@ -449,6 +449,23 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
> skb->protocol = eth_type_trans(skb, current->nsproxy->net_ns->loopback_dev);
> skb_reset_network_header(skb);
>
At this point, there is no guarantee the skb contains these headers.
You will have to add safety checks against skb->len
> + switch (skb->protocol) {
> + case htons(ETH_P_IP):
> + sk->sk_family = AF_INET;
> + sk->sk_rcv_saddr = ip_hdr(skb)->saddr;
> + sk->sk_daddr = ip_hdr(skb)->daddr;
> + break;
> +#if IS_ENABLED(CONFIG_IPV6)
> + case htons(ETH_P_IPV6):
> + sk->sk_family = AF_INET6;
> + sk->sk_v6_rcv_saddr = ipv6_hdr(skb)->saddr;
> + sk->sk_v6_daddr = ipv6_hdr(skb)->daddr;
> + break;
> +#endif
> + default:
> + break;
> + }
> +
> if (is_l2)
> __skb_push(skb, hh_len);
> if (is_direct_pkt_access)
>
^ permalink raw reply
* Re: [PATCH v2 4/4 net-next] net: mdio device: use flexible sleeping in reset function
From: Florian Fainelli @ 2020-08-02 20:19 UTC (permalink / raw)
To: Bruno Thomsen, netdev
Cc: Andrew Lunn, Fabio Estevam, Russell King - ARM Linux,
Heiner Kallweit, Lars Alex Pedersen, Bruno Thomsen
In-Reply-To: <20200730195749.4922-5-bruno.thomsen@gmail.com>
On 7/30/2020 12:57 PM, Bruno Thomsen wrote:
> MDIO device reset assert and deassert length was created by
> usleep_range() but that does not ensure optimal handling of
> all the different values from device tree properties.
> By switching to the new flexible sleeping helper function,
> fsleep(), the correct delay function is called depending on
> delay length, e.g. udelay(), usleep_range() or msleep().
>
> Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
--
Florian
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox