On Fri, 2018-03-02 at 10:44 -0800, Stephen Hemminger wrote:
> On Fri, 2 Mar 2018 21:16:48 +0300
>
> Since this is a generic problem why is not fixed in qdisc_drop instead?
AFAIK only netem and tbf might segment GSO packets so far.
I am not sure we want to add code in qdisc_drop() that is used u
From: Intiyaz Basha
Added support to the ndo_get_phys_port_id() callback to provide
port specific unique id to the netdev layer.
Port id needs to be unique across different liquidio devices in the system.
So used MAC address for port_id.
Usage: cat /sys/class/net//phys_port_id
Signed-off-by: I
From: Daniel Borkmann
Date: Sat, 3 Mar 2018 02:42:01 +0100
> The following pull-request contains BPF updates for your *net-next* tree.
>
> The main changes are:
>
> 1) Extend bpftool to build up CFG information of eBPF programs and add an
>option to dump this in DOT format such that this c
From: Intiyaz Basha
Corrected stats mismatch between Host Tx and its peer Rx stats
Signed-off-by: Intiyaz Basha
Acked-by: Derek Chickles
Signed-off-by: Felix Manlunas
---
drivers/net/ethernet/cavium/liquidio/lio_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dri
From: Daniel Axtens
SCTP GSO skbs have a gso_size of GSO_BY_FRAGS, so any sort of
unconditionally mangling of that will result in nonsense value
and would corrupt the skb later on.
Therefore, i) add two helpers skb_increase_gso_size() and
skb_decrease_gso_size() that would throw a one time warni
nfig|4 ++--
drivers/net/wireless/zydas/Kconfig |4 ++--
16 files changed, 32 insertions(+), 32 deletions(-)
--- linux-next-20180302.orig/drivers/net/wireless/admtek/Kconfig
+++ linux-next-20180302/drivers/net/wireless/admtek/Kconfig
@@ -5,8 +5,8 @@ config WLAN_VENDOR_ADMTEK
Signed-off-by: Roman Mashak
---
net/sched/act_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 1f65d6a..a54fa7b 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -1083,7 +1083,7 @@ tcf_add_notify(struct net *net,
Hi David,
The following pull-request contains BPF updates for your *net-next* tree.
The main changes are:
1) Extend bpftool to build up CFG information of eBPF programs and add an
option to dump this in DOT format such that this can later be used with
DOT graphic tools (xdot, graphviz, etc
From: Pablo Neira Ayuso
Date: Fri, 2 Mar 2018 21:32:48 +0100
> The following patchset contains Netfilter fixes for your net tree,
> they are:
...
> You can pull these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git
Pulled, thank you.
> From: Alex Williamson [mailto:alex.william...@redhat.com]
> Sent: Saturday, March 3, 2018 2:14 AM
>
> On Fri, 2 Mar 2018 06:54:17 +
> "Tian, Kevin" wrote:
>
> > > From: Alex Williamson
> > > Sent: Friday, March 2, 2018 4:22 AM
> > > >
> > > > I am pretty sure that you are describing is tru
changed, 5 insertions(+), 5 deletions(-)
--- linux-next-20180302.orig/drivers/net/ethernet/8390/Kconfig
+++ linux-next-20180302/drivers/net/ethernet/8390/Kconfig
@@ -3,7 +3,7 @@
#
config NET_VENDOR_8390
- bool "National Semi-conductor 8390 devices"
+ bool "National Sem
On Fri, Mar 2, 2018 at 3:59 PM, Alex Williamson
wrote:
> On Fri, 02 Mar 2018 15:44:25 -0800
> Alexander Duyck wrote:
>
>> From: Alexander Duyck
>>
>> This patch is meant to add some basic functionality to support for SR-IOV
>> on devices when the VFs are not managed by the kernel. The functions
On Fri, Mar 2, 2018 at 3:12 PM, Samudrala, Sridhar
wrote:
> On 3/2/2018 1:11 PM, Siwei Liu wrote:
>>
>> On Thu, Mar 1, 2018 at 12:08 PM, Sridhar Samudrala
>> wrote:
>>>
>>> This patch enables virtio_net to switch over to a VF datapath when a VF
>>> netdev is present with the same MAC address. It
On Fri, 02 Mar 2018 15:44:25 -0800
Alexander Duyck wrote:
> From: Alexander Duyck
>
> This patch is meant to add some basic functionality to support for SR-IOV
> on devices when the VFs are not managed by the kernel. The functions
> provided here can be used by drivers such as vfio-pci and virt
On Fri, Mar 2, 2018 at 1:36 PM, Michael S. Tsirkin wrote:
> On Fri, Mar 02, 2018 at 01:11:56PM -0800, Siwei Liu wrote:
>> On Thu, Mar 1, 2018 at 12:08 PM, Sridhar Samudrala
>> wrote:
>> > This patch enables virtio_net to switch over to a VF datapath when a VF
>> > netdev is present with the same
From: Alexander Duyck
Hardware-realized virtio_pci devices can implement SR-IOV, so this
patch enables its use. The device in question is an upcoming Intel
NIC that implements both a virtio_net PF and virtio_net VFs. These
are hardware realizations of what has been up to now been a software
inter
From: Alexander Duyck
This patch is meant to allow assignment of an SR-IOV enabled PF, as in VFs
have been generated, with vfio-pci. My understanding is the primary use
case for this is something like DPDK running the PF while the VFs are all
assigned to guests.
A secondary effect of this is tha
This series is meant to add support for SR-IOV on devices when the VFs are
not managed by the kernel. Examples of recent patches attempting to do this
include:
virto - https://patchwork.kernel.org/patch/10241225/
pci-stub - https://patchwork.kernel.org/patch/10109935/
vfio - https://patchwork.kerne
From: Alexander Duyck
This patch is meant to add some basic functionality to support for SR-IOV
on devices when the VFs are not managed by the kernel. The functions
provided here can be used by drivers such as vfio-pci and virtio to enable
SR-IOV on devices that are either managed by userspace, o
On 3/2/18 4:09 PM, David Ahern wrote:
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index f0ae58424c45..792e7432ba6d 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -2820,9 +2820,9 @@ static struct rt6_info *ip6_route_info_create(struct
> fib6_config *cfg,
>* p
On Fri, Mar 02, 2018 at 09:54:11AM -0500, David Miller wrote:
> From: Pavel Machek
> Date: Fri, 2 Mar 2018 10:20:00 +0100
>
Hello Pavel, David
> >> This barrier cannot be a simple dma_wmb(), since a dma_wmb() is only
> >> used to guarantee the ordering, with respect to other writes,
> >> to cach
On Fri, Mar 2, 2018 at 10:55 AM, Jakub Kicinski wrote:
> On Fri, 2 Mar 2018 15:24:29 +, Edward Cree wrote:
>> On Tue, Feb 27, 2018 at 3:47 PM, Jakub Kicinski wrote:
>>
>> > Please, let's stop extending ethtool_rx_flow APIs. I bit my tongue
>> > when Intel was adding their "redirection to VF"
Dear Friend,
How are you today with your family, Hope all is well?. Please, I would
like you to give an urgent attention to this proposal. I have a very
lucrative business transaction which requires your utmost discretion.
Though, I know it would come to you at uttermost surprise. I am Dr
Rhama B
On 3/2/2018 1:11 PM, Siwei Liu wrote:
On Thu, Mar 1, 2018 at 12:08 PM, Sridhar Samudrala
wrote:
This patch enables virtio_net to switch over to a VF datapath when a VF
netdev is present with the same MAC address. It allows live migration
of a VM with a direct attached VF without the need to set
On Fri, Mar 02, 2018 at 02:30:30PM -0800, Kees Cook wrote:
> On Fri, Mar 2, 2018 at 1:29 PM, Marcelo Ricardo Leitner
> wrote:
> > Note how it is using the irda_start_timer definition from
> > include/net/irda/timer.h instead of
> > drivers/staging/irda/include/net/irda/timer.h which was patched in
Hi all,
After turning on KASAN on one of my systems, I started getting lots of out of
bounds errors while fetching a given port's statistics, and indeed using
memcpy() is unsafe for copying strings which have not been declared as an array
of ETH_GSTRING_LEN bytes, so let's use strlcpy() instead. T
Our statistics strings are allocated at initialization without being
bound to a specific size, yet, we would copy ETH_GSTRING_LEN bytes using
memcpy() which would create out of bounds accesses, this was flagged by
KASAN. Replace this with strlcpy() to make sure we are bound the source
buffer size a
Our statistics strings are allocated at initialization without being
bound to a specific size, yet, we would copy ETH_GSTRING_LEN bytes using
memcpy() which would create out of bounds accesses, this was flagged by
KASAN. Replace this with strlcpy() to make sure we are bound the source
buffer size a
Our statistics strings are allocated at initialization without being
bound to a specific size, yet, we would copy ETH_GSTRING_LEN bytes using
memcpy() which would create out of bounds accesses, this was flagged by
KASAN. Replace this with strlcpy() to make sure we are bound the source
buffer size a
ipv6_chk_addr_and_flags determines if an address is a local address. It
is called by ip6_route_info_create to validate a gateway address is not a
local address. It currently does not consider L3 domains and as a result
does not allow a route to be added in one VRF if the nexthop points to
an addres
Our statistics strings are allocated at initialization without being
bound to a specific size, yet, we would copy ETH_GSTRING_LEN bytes using
memcpy() which would create out of bounds accesses, this was flagged by
KASAN. Replace this with strlcpy() to make sure we are bound the source
buffer size a
On 3/2/18 8:36 AM, Stefano Brivio wrote:
> Currently, administrative MTU changes on a given netdevice are
> not reflected on route exceptions for MTU-less routes, with a
> set PMTU value, for that device:
>
> # ip -6 route get 3000::b
> 3000::b from :: dev vti_a proto kernel src 3000::a metric 2
On Fri, 2 Mar 2018 13:49:00 -0800, Stephen Hemminger wrote:
>- change propogate rx mode patch to handle startup of vf
Thanks! :)
On Fri, Mar 2, 2018 at 2:26 PM, Alexei Starovoitov
wrote:
> On Fri, Mar 02, 2018 at 02:04:17PM -0800, Gianluca Borello wrote:
>> On Fri, Mar 2, 2018 at 12:42 PM, Alexei Starovoitov
>> wrote:
>> >
>> > good catch!
>> > I wonder why sched.h is using this flag insead of relying on #defines from
>>
On Fri, Mar 2, 2018 at 1:29 PM, Marcelo Ricardo Leitner
wrote:
> Note how it is using the irda_start_timer definition from
> include/net/irda/timer.h instead of
> drivers/staging/irda/include/net/irda/timer.h which was patched in
> this patch.
$ git show net-next/master:include/net/irda/iriap.h
f
On Fri, Mar 2, 2018 at 1:31 PM, Michael S. Tsirkin wrote:
> On Fri, Mar 02, 2018 at 12:44:56PM -0800, Siwei Liu wrote:
>> On Fri, Mar 2, 2018 at 12:10 PM, Michael S. Tsirkin wrote:
>> > On Fri, Mar 02, 2018 at 11:52:27AM -0800, Samudrala, Sridhar wrote:
>> >>
>> >>
>> >> On 3/2/2018 11:41 AM, Mic
On Fri, Mar 02, 2018 at 02:04:17PM -0800, Gianluca Borello wrote:
> On Fri, Mar 2, 2018 at 12:42 PM, Alexei Starovoitov
> wrote:
> >
> > good catch!
> > I wonder why sched.h is using this flag insead of relying on #defines from
> > autoconf.h
> > It could have been using CONFIG_HAVE_CC_STACKPROTE
On Fri, Mar 2, 2018 at 2:04 PM, Gianluca Borello wrote:
> On Fri, Mar 2, 2018 at 12:42 PM, Alexei Starovoitov
> wrote:
>>
>> good catch!
>> I wonder why sched.h is using this flag insead of relying on #defines from
>> autoconf.h
>> It could have been using CONFIG_HAVE_CC_STACKPROTECTOR
>> instea
On Fri, Mar 2, 2018 at 12:42 PM, Alexei Starovoitov
wrote:
>
> good catch!
> I wonder why sched.h is using this flag insead of relying on #defines from
> autoconf.h
> It could have been using CONFIG_HAVE_CC_STACKPROTECTOR
> instead of CONFIG_CC_STACKPROTECTOR, no ?
>
Thanks for your reply Alexei
Change the initialization order so that the device is ready to transmit
(ie connect vsp is completed) before setting the internal reference
to the device with RCU.
This avoids any races on initialization and prevents retry issues
on shutdown.
Signed-off-by: Stephen Hemminger
---
drivers/net/hyp
Don't wake transmit queues if link is not up yet.
Signed-off-by: Stephen Hemminger
---
drivers/net/hyperv/netvsc_drv.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c
index c5584c2d440e..fa6cf18e7719 100
These are improvements to netvsc driver. They aren't functionality
changes so not targeting net-next; and they are not show stopper
bugs that need to go to stable either.
v2
- drop the irq flags patch, defer it to net-next
- split the multicast filter flag patch out
- change propogate rx
Signed-off-by: Roman Mashak
---
net/sched/act_police.c | 8
1 file changed, 8 insertions(+)
diff --git a/net/sched/act_police.c b/net/sched/act_police.c
index 51fe4fe..d4b4b15 100644
--- a/net/sched/act_police.c
+++ b/net/sched/act_police.c
@@ -314,6 +314,13 @@ static int tcf_police_sea
Signed-off-by: Roman Mashak
---
net/sched/act_gact.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/net/sched/act_gact.c b/net/sched/act_gact.c
index 7456325..88fbb84 100644
--- a/net/sched/act_gact.c
+++ b/net/sched/act_gact.c
@@ -217,6 +217,19 @@ static int tcf_gact_search(
Add a new callback in tc_action_ops, it will be needed by the tc actions
to compute its size when a ADD/DELETE notification message is constructed.
This routine has to take into account optional/variable size TLVs specific
per action.
Signed-off-by: Roman Mashak
---
include/net/act_api.h | 1 +
Update add/delete action logic to have the size for event messages,
the size is passed to tcf_add_notify() and tcf_del_notify().
Signed-off-by: Roman Mashak
---
include/net/act_api.h | 3 ++-
net/sched/act_api.c | 26 ++
net/sched/cls_api.c | 3 ++-
3 files changed,
When adding or deleting a batch of entries, the kernel sends upto
TCA_ACT_MAX_PRIO entries in an event to user space. However it does not
consider that the action sizes may vary and require different skb sizes.
For example :
% cat tc-batch.sh
#!/bin/bash
TC="sudo /mnt/iproute2.git/tc/tc"
$TC act
Introduce routine to calculate size of the common tc netlink attributes,
and another helper routine to get the full message size including netlink
header and service header.
Signed-off-by: Roman Mashak
---
net/sched/act_api.c | 27 +++
1 file changed, 27 insertions(+)
di
Need to delete NAPI association if vmbus_open fails.
Signed-off-by: Stephen Hemminger
---
drivers/net/hyperv/netvsc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c
index 686900d61374..ff97a85b2e9d 100644
--- a/driver
There is a race between napi_reschedule and re-enabling interrupts
which could lead to missed host interrrupts. This occurs when
interrupts are re-enabled (hv_end_read) and vmbus irq callback
(netvsc_channel_cb) has already scheduled NAPI.
Signed-off-by: Stephen Hemminger
---
drivers/net/hyperv
The netvsc driver was always enabling all multicast and broadcast
even if netdevice flag had not enabled it.
Signed-off-by: Stephen Hemminger
---
drivers/net/hyperv/rndis_filter.c | 20
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/drivers/net/hyperv/rndis_f
Block setup of multiple channels earlier in the teardown
process. This avoids possible races between halt and subchannel
initialization.
Suggested-by: Haiyang Zhang
Signed-off-by: Stephen Hemminger
---
drivers/net/hyperv/rndis_filter.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/driv
The netvsc device should propagate filters to the SR-IOV VF
device (if present). The flags also need to be propagated to the
VF device as well. This only really matters on local Hyper-V
since Azure does not support multiple addresses.
Signed-off-by: Stephen Hemminger
---
drivers/net/hyperv/netvs
When VF is used for accelerated networking it will likely have
more queues (and different policy) than the synthetic NIC.
This patch defers the queue policy to the VF so that all the
queues can be used. This impacts workloads like local generate UDP.
Signed-off-by: Stephen Hemminger
---
drivers/
Since the netvsc_channel_cb is already called in interrupt
context from vmbus, there is no need to do irqsave/restore.
Signed-off-by: Stephen Hemminger
---
drivers/net/hyperv/netvsc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hy
Good day.
Do you need a loan to pay off bills ? To pay off your mortgage quickly ? To set
up a new business or to Re- finance your existing business ? I can help you
secure a private loan should you be interested please respond for more details
Thanks
Allen
On Fri, Mar 02, 2018 at 01:11:56PM -0800, Siwei Liu wrote:
> On Thu, Mar 1, 2018 at 12:08 PM, Sridhar Samudrala
> wrote:
> > This patch enables virtio_net to switch over to a VF datapath when a VF
> > netdev is present with the same MAC address. It allows live migration
> > of a VM with a direct a
On Fri, Mar 02, 2018 at 12:56:21PM -0800, Samudrala, Sridhar wrote:
>
>
> On 3/2/2018 12:44 PM, Siwei Liu wrote:
> > On Fri, Mar 2, 2018 at 12:10 PM, Michael S. Tsirkin wrote:
> > > On Fri, Mar 02, 2018 at 11:52:27AM -0800, Samudrala, Sridhar wrote:
> > > >
> > > > On 3/2/2018 11:41 AM, Michael
On Wed, 28 Feb 2018 14:16:42 -0800
Joe Stringer wrote:
> It's useful to be able to tell which section is being processed in the
> ELF when this error is triggered, so print that detail.
>
> Signed-off-by: Joe Stringer
Applied
Good day.
Do you need a loan to pay off bills ? To pay off your mortgage quickly ? To set
up a new business or to Re- finance your existing business ? I can help you
secure a private loan should you be interested please respond for more details
Thanks
Allen
On Thu, 1 Mar 2018 14:43:08 -0800
David Ahern wrote:
> William reported ip hanging and bisected to a recent commit for batching
> allowing more than 1 command to be sent per message. The loop over
> recvmsg should never cycle more than iovlen times -- 1 response for
> each command in the message
On Fri, Mar 02, 2018 at 12:44:56PM -0800, Siwei Liu wrote:
> On Fri, Mar 2, 2018 at 12:10 PM, Michael S. Tsirkin wrote:
> > On Fri, Mar 02, 2018 at 11:52:27AM -0800, Samudrala, Sridhar wrote:
> >>
> >>
> >> On 3/2/2018 11:41 AM, Michael S. Tsirkin wrote:
> >> > On Fri, Mar 02, 2018 at 07:26:25AM -
On Mon, Oct 16, 2017 at 05:28:53PM -0700, Kees Cook wrote:
> In preparation for unconditionally passing the struct timer_list pointer to
> all timer callbacks, switch to using the new timer_setup() and from_timer()
> to pass the timer pointer explicitly.
>
> Cc: Samuel Ortiz
> Cc: "David S. Mille
On Fri, Mar 2, 2018 at 2:54 PM, Richard Haines
wrote:
> Fix the following error when running regression tests using LTP as follows:
> cd /opt/ltp/
> cat runtest/syscalls |grep connect01>runtest/connect-syscall
> ./runltp -pq -f connect-syscall
>
> Running tests...
> connect011 TPASS : b
On Thu, Mar 01, 2018 at 05:13:40PM +1100, Daniel Axtens wrote:
> They're very hard to use properly as they do not consider the
> GSO_BY_FRAGS case. Code should use skb_gso_validate_network_len
> and skb_gso_validate_mac_len as they do consider this case.
>
> Make the seglen functions static, which
On Thu, Mar 01, 2018 at 05:13:39PM +1100, Daniel Axtens wrote:
> Replace skb_gso_network_seglen() with
> skb_gso_validate_network_len(), as it considers the GSO_BY_FRAGS
> case.
>
> Signed-off-by: Daniel Axtens
Reviewed-by: Marcelo Ricardo Leitner
> ---
> net/ipv4/xfrm4_output.c | 3 ++-
> ne
On Thu, Mar 1, 2018 at 12:08 PM, Sridhar Samudrala
wrote:
> This patch enables virtio_net to switch over to a VF datapath when a VF
> netdev is present with the same MAC address. It allows live migration
> of a VM with a direct attached VF without the need to setup a bond/team
> between a VF and v
On Thu, Mar 01, 2018 at 05:13:37PM +1100, Daniel Axtens wrote:
> If you take a GSO skb, and split it into packets, will the network
> length (L3 headers + L4 headers + payload) of those packets be small
> enough to fit within a given MTU?
>
> skb_gso_validate_mtu gives you the answer to that quest
On Thu, Mar 01, 2018 at 05:13:38PM +1100, Daniel Axtens wrote:
> tbf_enqueue() checks the size of a packet before enqueuing it.
> However, the GSO size check does not consider the GSO_BY_FRAGS
> case, and so will drop GSO SCTP packets, causing a massive drop
> in throughput.
>
> Use skb_gso_valida
On Thu, Mar 1, 2018 at 11:21 PM, Stefan Assmann wrote:
> On 2018-03-01 19:40, Alexander Duyck wrote:
>> On Thu, Mar 1, 2018 at 8:12 AM, wrote:
>> > + intel-wired-...@lists.osuosl.org
>> >
>> >
>> > On 2018-03-01 21:41, p...@codeaurora.org wrote:
>> >>
>> >> Hi All,
>> >>
>> >> I am facing the fo
On 3/2/2018 12:44 PM, Siwei Liu wrote:
On Fri, Mar 2, 2018 at 12:10 PM, Michael S. Tsirkin wrote:
On Fri, Mar 02, 2018 at 11:52:27AM -0800, Samudrala, Sridhar wrote:
On 3/2/2018 11:41 AM, Michael S. Tsirkin wrote:
On Fri, Mar 02, 2018 at 07:26:25AM -0800, Alexander Duyck wrote:
The design
On Wed, Feb 28, 2018 at 3:17 PM, Arnd Bergmann wrote:
> The new ixgbevf_set_rx_buffer_len() function causes a harmless warnings
> in configurations with large page size:
>
> drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c: In function
> 'ixgbevf_set_rx_buffer_len':
> drivers/net/ethernet/intel/
On Fri, Mar 2, 2018 at 11:42 AM, Michael S. Tsirkin wrote:
> On Fri, Mar 02, 2018 at 05:20:17PM +0100, Jiri Pirko wrote:
>> >Yeah, this code essentially calls out the "shareable" code with a
>> >comment at the start and end of the section what defines the
>> >virtio_bypass functionality. It would
On Fri, Mar 2, 2018 at 12:10 PM, Michael S. Tsirkin wrote:
> On Fri, Mar 02, 2018 at 11:52:27AM -0800, Samudrala, Sridhar wrote:
>>
>>
>> On 3/2/2018 11:41 AM, Michael S. Tsirkin wrote:
>> > On Fri, Mar 02, 2018 at 07:26:25AM -0800, Alexander Duyck wrote:
>> > > The design limits things to a 1:1 r
On Fri, Mar 02, 2018 at 12:09:57PM -0800, Gianluca Borello wrote:
> Hello,
>
> While testing bpf-next, I noticed that I was reading garbage when
> accessing some task_struct members, and the issue seems caused by the
> recent commit 2bc2f688fdf8 ("Makefile: move stack-protector
> availability out
Hi David,
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Put back reference on CLUSTERIP configuration structure from the
error path, patch from Florian Westphal.
2) Put reference on CLUSTERIP configuration instead of freeing it,
another cpu may still be wa
From: Florian Westphal
Once struct is added to per-netns list it becomes visible to other cpus,
so we cannot use kfree().
Also delay setting entries refcount to 1 until after everything is
initialised so that when we call clusterip_config_put() in this spot
entries is still zero.
Signed-off-by:
From: Florian Westphal
l4proto->manip_pkt() can cause reallocation of skb head so pointer
to the ipv6 header must be reloaded.
Reported-and-tested-by:
Fixes: 58a317f1061c89 ("netfilter: ipv6: add IPv6 NAT support")
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/ipv6
From: Florian Westphal
We need to make sure the offsets are not out of range of the
total size.
Also check that they are in ascending order.
The WARN_ON triggered by syzkaller (it sets panic_on_warn) is
changed to also bail out, no point in continuing parsing.
Briefly tested with simple ruleset
From: Florian Westphal
ebt_among is special, it has a dynamic match size and is exempt
from the central size checks.
Therefore it must check that the size of the match structure
provided from userspace is sane by making sure em->match_size
is at least the minimum size of the expected structure.
From: Felix Fietkau
Add a missing call to csum_replace4 like on SNAT.
Signed-off-by: Felix Fietkau
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/nf_flow_table_ipv4.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv4/netfilter/nf_flow_table_ipv4.c
b/net/ipv4/netfilter/nf_
From: Florian Westphal
This needs to put() the entry to avoid a resource leak in error path.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/ipv4/netfilter/ipt_CLUSTERIP.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/netfilter/i
From: Taehee Yoo
In the ip_rcv, IPSTATS_MIB_CSUMERRORS is increased when
checksum error is occurred.
bridge netfilter routine should increase IPSTATS_MIB_CSUMERRORS.
Signed-off-by: Taehee Yoo
Signed-off-by: Pablo Neira Ayuso
---
net/bridge/br_netfilter_hooks.c | 4 +++-
1 file changed, 3 inse
From: Florian Westphal
All of these conditions are not fatal and should have
been WARN_ONs from the get-go.
Convert them to WARN_ONs and bail out.
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
---
net/bridge/netfilter/ebtables.c | 27 ++-
1 file cha
Use the right loop index, not the number of devices in the array that we
need to remove, the following message uncovered the problem:
[ 5437.044119] hook not found, pf 5 num 0
[ 5437.044140] WARNING: CPU: 2 PID: 24983 at net/netfilter/core.c:376
__nf_unregister_net_hook+0x250/0x280
Signed-off-by
If the netdevice is already part of a flowtable, return EBUSY. I cannot
find a valid usecase for having two flowtables bound to the same
netdevice. We can still have two flowtable where the device set is
disjoint.
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_tables_api.c | 18 ++
From: Florian Westphal
"fib" starts to behave strangely when an ipv6 default route is
added - the FIB lookup returns a route using 'oif' in this case.
This behaviour was inherited from ip6tables rpfilter so change
this as well.
Bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=1221
Signe
Return -EINVAL is mandatory attributes are missing.
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_tables_api.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 43acdeef045d..2b5aa78979db 100644
--- a/net/netfilte
From: Eric Dumazet
For some reason, Florian forgot to apply to ip6_route_me_harder
the fix that went in commit 29e09229d9f2 ("netfilter: use
skb_to_full_sk in ip_route_me_harder")
Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of
listener")
Signed-off-by: Eric Dum
From: Julian Anastasov
The IPS_NAT_MASK check in 4.12 replaced previous check for nfct_nat()
which was needed to fix a crash in 2.6.36-rc, see
commit 7bcbf81a2296 ("ipvs: avoid oops for passive FTP").
But as IPVS does not set the IPS_SRC_NAT and IPS_DST_NAT bits,
checking for IPS_NAT_MASK prevent
On Fri, 2018-03-02 at 11:53 +0100, Lorenzo Bianconi wrote:
> Fix the following slab-out-of-bounds kasan report in
> ndisc_fill_redirect_hdr_option when the incoming ipv6 packet is not
> linear and the accessed data are not in the linear data region of orig_skb
>
> Reported-by: Jianlin Shi
> Revi
> Hi Andrew,
>
> The phy is built in for LAN7430, and external for LAN7431. But the
> same reset should work in both cases because it asserts the normal
> phy reset line.
Assuming the PHY reset is connect to the external line, not a GPIO.
So this is O.K.
> > Assuming it is built in, does the MA
On Fri, Mar 02, 2018 at 11:52:27AM -0800, Samudrala, Sridhar wrote:
>
>
> On 3/2/2018 11:41 AM, Michael S. Tsirkin wrote:
> > On Fri, Mar 02, 2018 at 07:26:25AM -0800, Alexander Duyck wrote:
> > > The design limits things to a 1:1 relationship since we just have the
> > > child and backup pointer
Sample output:
# rdma resource
2: cxgb4_0: pd 5 cq 2 qp 2 cm_id 3 mr 7
3: mlx4_0: pd 7 cq 3 qp 3 cm_id 3 mr 7
# rdma resource show cm_id
link cxgb4_0/- lqpn 0 qp-type RC state LISTEN ps TCP pid 30485 comm rping
src-addr 0.0.0.0:7174
link cxgb4_0/2 lqpn 1048 qp-type RC state CONNECT ps TCP pid 30
Sample output:
Without CAP_NET_ADMIN capability:
link mlx4_0/- users 0 pid 0 comm [ib_srpt]
link mlx4_0/- users 0 pid 0 comm [ib_srp]
link mlx4_0/- users 1 pid 0 comm [ib_core]
link cxgb4_0/- users 0 pid 0 comm [ib_srp]
With CAP_NET_ADMIN capability:
link mlx4_0/- local_dma_lkey 0x8000 users 0 p
Sample output:
Without CAP_NET_ADMIN:
$ rdma resource show mr mrlen 65536
link mlx4_0/- mrlen 65536 pid 0 comm [nvme_rdma]
link cxgb4_0/- mrlen 65536 pid 0 comm [nvme_rdma]
With CAP_NET_ADMIN:
# rdma resource show mr mrlen 65536
link mlx4_0/- rkey 0x12702 lkey 0x12702 iova 0x85724a000 mrlen 655
From: Steve Wise
Pull in the latest rdma_netlink.h which has support for
the rdma nldev resource tracking objects being added
with this patch series.
Signed-off-by: Steve Wise
---
include/uapi/rdma/rdma_netlink.h | 44 +---
1 file changed, 41 insertions(+),
Hello,
While testing bpf-next, I noticed that I was reading garbage when
accessing some task_struct members, and the issue seems caused by the
recent commit 2bc2f688fdf8 ("Makefile: move stack-protector
availability out of Kconfig") which removes CONFIG_CC_STACKPROTECTOR
from autoconf.h.
When I c
Initialize the rd struct so port_idx is 0 unless set otherwise.
Otherwise, strict_port queries end up passing an uninitialized PORT
nlattr.
Signed-off-by: Steve Wise
---
rdma/rdma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rdma/rdma.c b/rdma/rdma.c
index 19608f4..c6525
Sample output:
# rdma resource show cq
link cxgb4_0/- cqe 46 users 2 pid 30503 comm rping
link cxgb4_0/- cqe 46 users 2 pid 30498 comm rping
link mlx4_0/- cqe 63 users 2 pid 30494 comm rping
link mlx4_0/- cqe 63 users 2 pid 30489 comm rping
link mlx4_0/- cqe 1023 users 2 poll_ctx WORKQUEUE pid 0 c
1 - 100 of 248 matches
Mail list logo
