Re: [RESEND][PATCH] Fix MACsec kernel panics, oopses and bugs

Hi Andreas, 2019-05-23, 09:46:15 +0200, Andreas Steinmetz wrote: > MACsec causes oopses followed by a kernel panic when attached > directly or indirectly to a bridge. It causes erroneous checksum > messages when attached to vxlan. It looks like you're fixing multiple separate bugs in a single pat

Re: [PATCH net] net: fix use-after-free in __netif_receive_skb_core

2019-07-12, 16:29:48 +0100, Edward Cree wrote: > On 10/07/2019 23:47, Sabrina Dubroca wrote: > > 2019-07-10, 16:07:43 +0100, Edward Cree wrote: > >> On 10/07/2019 14:52, Sabrina Dubroca wrote: > >>> -static int __netif_receive_skb_core(struct sk_buff *skb, bool

[PATCH iproute2] ip: xfrm: add NUL character to security context name before printing

ction, since the exact same code is used to print the security context for both policies and states. Fixes: b2bb289a57fe ("xfrm security context support") Reported-by: Paul Wouters Signed-off-by: Sabrina Dubroca --- ip/ipxfrm.c | 46 -- 1 f

Re: [PATCH ipsec,v2] xfrm: interface: fix ipv4 pmtu check to honor ip header df

: f203b76d7809 ("xfrm: Add virtual xfrm interfaces") > Signed-off-by: Eyal Birger > > - > > v2: better align coding with ip_vti LGTM. We also need to do the same thing in ip_vti and ip6_vti. Do you want to take care of it, or should I? Either way, for this patch: Reviewed-by: Sabrina Dubroca -- Sabrina

[PATCH ipsec] xfrm: xfrm_state_mtu should return at least 1280 for ipv6

for esp payload size calculation") Reported-by: Jianwen Ji Signed-off-by: Sabrina Dubroca --- include/net/xfrm.h| 1 + net/ipv4/esp4.c | 2 +- net/ipv6/esp6.c | 2 +- net/xfrm/xfrm_state.c | 14 -- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/inc

[PATCH ipsec-next] xfrm: ipcomp: remove unnecessary get_cpu()

.@linutronix.de/ Cc: Juri Lelli Reported-by: Xiumei Mu Suggested-by: Sebastian Andrzej Siewior Signed-off-by: Sabrina Dubroca --- net/xfrm/xfrm_ipcomp.c | 25 - 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_i

Re: [PATCH ipsec 0/2] vti(6): fix ipv4 pmtu check to honor ip header df

ipv4 pmtu check to honor ip header df > vti6: fix ipv4 pmtu check to honor ip header df Thanks Eyal. Reviewed-by: Sabrina Dubroca Steffen, that's going to conflict with commit 4372339efc06 ("net: always use icmp{,v6}_ndo_send from ndo_start_xmit") from net. -- Sabrina

Re: [PATCH iproute2] ip: xfrm: add NUL character to security context name before printing

Hi Stephen/David, 2021-02-16, 17:50:58 +0100, Sabrina Dubroca wrote: > Security context names are not guaranteed to be NUL-terminated by the > kernel, so we can't just print them using %s directly. The length of > the string is capped by the size of the netlink attribute (u16)

[PATCH iproute2 v2] ip: xfrm: limit the length of the security context name when printing

ince the exact same code is used to print the security context for both policies and states. Fixes: b2bb289a57fe ("xfrm security context support") Reported-by: Paul Wouters Signed-off-by: Sabrina Dubroca --- v2: drop the memcpy and use %.*s, suggested by Stephen Hemminger

Re: [PATCH] xfrm: return error when esp offload is requested and not supported

2021-03-15, 11:43:50 +0100, Steffen Klassert wrote: > On Wed, Mar 10, 2021 at 10:36:11AM +0100, Antony Antony wrote: > > When ESP offload is not supported by the device return an error, > > -EINVAL, instead of silently ignoring it, creating a SA without offload, > > and returning success. > > > >

[PATCH iproute2-next] ip: xfrm: add support for tfcpad

This patch adds support for setting and displaying the Traffic Flow Confidentiality attribute for an XFRM state, which allows padding ESP packets to a specified length. Signed-off-by: Sabrina Dubroca --- ip/ipxfrm.c| 8 ip/xfrm_state.c| 10 +- man/man8/ip-xfrm.8

Re: [PATCH] xfrm: return error when esp offload is requested and not supported

2021-03-17, 09:42:43 +0100, Antony Antony wrote: > Hi, > > On Mon, Mar 15, 2021 at 16:29:59 +0100, Sabrina Dubroca wrote: > > 2021-03-15, 11:43:50 +0100, Steffen Klassert wrote: > > > On Wed, Mar 10, 2021 at 10:36:11AM +0100, Antony Antony wrote: > > > > When

Re: [PATCH ipsec] xfrmi: drop ignore_df check before updating pmtu

2020-08-07, 17:41:09 +0200, Bram Yvakh wrote: > > On 7/08/2020 16:47, Sabrina Dubroca wrote: > > 2020-08-04, 14:32:56 +0200, Bram Yvakh wrote: > > > >> On 4/08/2020 11:37, Sabrina Dubroca wrote: > >> > >>> diff --git a/net/xfrm/xfrm_int

Re: Severe performance regression in "net: macsec: preserve ingress frame ordering"

[adding the linux-crypto list] 2020-08-06, 23:48:16 -0400, Scott Dial wrote: > On 8/6/2020 5:11 PM, Ryan Cox wrote: > > With 5.7 I get: > > * 9.90 Gb/s with no macsec at all > > * 1.80 Gb/s with macsec WITHOUT encryption > > * 1.00 Gb/s (sometimes, but often less) with macsec WITH encryption > >

Re: Severe performance regression in "net: macsec: preserve ingress frame ordering"

2020-08-10, 12:09:40 -0400, Scott Dial wrote: > On 8/10/2020 9:34 AM, Sabrina Dubroca wrote: > > [adding the linux-crypto list] > > > > 2020-08-06, 23:48:16 -0400, Scott Dial wrote: > >> On 8/6/2020 5:11 PM, Ryan Cox wrote: > >>> With 5.7 I ge

[PATCH ipsec] espintcp: restore IP CB before handing the packet to xfrm

small part of tcp_skb_tb), so we can just relocate it to the start of skb->cb. Fixes: e27cca96cd68 ("xfrm: add espintcp (RFC 8229)") Reported-by: Xiumei Mu Signed-off-by: Sabrina Dubroca --- net/xfrm/espintcp.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --g

[PATCH RFC ipsec-next 4/7] xfrm: add route lookup to xfrm4_rcv_encap

At this point, with TCP encapsulation, the dst may be gone, but xfrm_input needs one. Signed-off-by: Sabrina Dubroca --- net/ipv4/xfrm4_protocol.c | 9 + 1 file changed, 9 insertions(+) diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c index bcab48944c15..1665e1a05ec5

[PATCH RFC ipsec-next 3/7] xfrm: introduce xfrm_trans_queue_net

it, add a BUILD_BUG_ON like we usually do for skb->cb, since it's missing for struct xfrm_trans_cb. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- include/net/xfrm.h| 3 +++ net/xfrm/xfrm_input.c | 21 + 2 files chan

[PATCH RFC ipsec-next 0/7] ipsec: add TCP encapsulation support (RFC 8229)

0x13 conference [2] in Prague, last March. [0] https://tools.ietf.org/html/rfc8229 [1] https://patchwork.ozlabs.org/patch/859107/ [2] https://netdevconf.org/0x13/session.html?talk-ipsec-encap Herbert Xu (1): skbuff: Avoid sleeping in skb_send_sock_locked Sabrina Dubroca (6): net: add queue arg

[PATCH RFC ipsec-next 1/7] net: add queue argument to __skb_wait_for_more_packets and __skb_{,try_}recv_datagram

This will be used by ESP over TCP to handle the queue of IKE messages. Signed-off-by: Sabrina Dubroca --- include/linux/skbuff.h | 11 --- net/core/datagram.c| 26 -- net/ipv4/udp.c | 3 ++- net/unix/af_unix.c | 7 --- 4 files changed, 30

[PATCH RFC ipsec-next 7/7] xfrm: add espintcp (RFC 8229)

Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- include/net/espintcp.h | 38 +++ include/net/xfrm.h | 1 + include/uapi/linux/udp.h | 1 + net/ipv4/esp4.c | 189 ++- net/xfrm/Kconfig | 9 + net/xfrm/Makefile| 1 + net/xfrm/

[PATCH RFC ipsec-next 2/7] skbuff: Avoid sleeping in skb_send_sock_locked

part. Resulting in sleeping when the socket send buffer is full. This patch fixes it by setting the MSG_DONTWAIT flag when calling kernel_sendmsg_locked. Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/core/skbuff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/core/skbuf

[PATCH RFC ipsec-next 5/7] esp4: prepare esp_input_done2 for non-UDP encapsulation

For espintcp encapsulation, we will need to get the source port from the TCP header instead of UDP. Introduce a variable to hold the port. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 16 ++-- 1 file changed, 14

[PATCH RFC ipsec-next 6/7] esp4: split esp_output_udp_encap and introduce esp_output_encap

Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 57 - 1 file changed, 37 insertions(+), 20 deletions(-) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 5608dd47ee97..344660e2a17b

[PATCH iproute2-next 1/2] man: ip link: document GRE tunnels

GRE tunnels are currently only documented together with IPIP and SIT tunnels, but they actually have very different configuration options. Let's separate them. Signed-off-by: Sabrina Dubroca --- man/man8/ip-link.8.in | 152 -- 1 file changed

[PATCH iproute2-next 2/2] gre/gre6: allow clearing {,i,o}{key,seq,csum} flags

Currently, iproute allows setting those flags, but it's impossible to clear them, since their current value is fetched from the kernel and then we OR in the additional flags passed on the command line. Add no* variants to allow clearing them. Signed-off-by: Sabrina Dubroca --- ip/link_

Re: [PATCH iproute2-next 2/2] gre/gre6: allow clearing {,i,o}{key,seq,csum} flags

2018-04-19, 12:22:42 +0200, Sabrina Dubroca wrote: > @@ -210,28 +210,49 @@ get_failed: > iflags |= GRE_KEY; > oflags |= GRE_KEY; > ikey = okey = tnl_parse_key("key", *argv); > + } else i

[PATCH iproute2-next v2 2/2] gre/gre6: allow clearing {,i,o}{key,seq,csum} flags

Currently, iproute allows setting those flags, but it's impossible to clear them, since their current value is fetched from the kernel and then we OR in the additional flags passed on the command line. Add no* variants to allow clearing them. Signed-off-by: Sabrina Dubroca --- v2: fixed up

[PATCH iproute2-next v2 1/2] man: ip link: document GRE tunnels

GRE tunnels are currently only documented together with IPIP and SIT tunnels, but they actually have very different configuration options. Let's separate them. Signed-off-by: Sabrina Dubroca --- man/man8/ip-link.8.in | 152 -- 1 file changed

Re: [PATCH v13 net-next 02/12] ethtool: enable Inline TLS in HW

2018-03-27, 23:06:31 +0530, Atul Gupta wrote: > Ethtool option enables TLS record offload on HW, user > configures the feature for netdev capable of Inline TLS. > This allows user to define custom sk_prot for Inline TLS sock > > Signed-off-by: Atul Gupta > Reviewed-by: Sabrina

Re: [PATCH v14 net-next 09/12] crypto: chtls - Inline TLS record Tx

2018-03-29, 21:27:51 +0530, Atul Gupta wrote: > TLS handler for record transmit. > Create Inline TLS work request and post to FW. > Create Inline TLS record CPLs for hardware > > Signed-off-by: Atul Gupta > Signed-off-by: Michael Werner > --- ... > +int chtls_sendmsg(struct sock *sk, struct msg

Re: [PATCH v14 net-next 08/12] crypto : chtls - CPL handler definition

2018-03-29, 21:27:50 +0530, Atul Gupta wrote: ... > +static void chtls_pass_accept_request(struct sock *sk, > + struct sk_buff *skb) > +{ ... > + if (chtls_get_module(newsk)) > + goto reject; > + inet_csk_reqsk_queue_added(sk); > + reply_skb

Re: [PATCH net-next 3/3] macsec: add brackets and indentation after calling macsec_decrypt

2019-06-30, 22:05:41 -0400, Willem de Bruijn wrote: > On Sun, Jun 30, 2019 at 4:48 PM Andreas Steinmetz wrote: > > > > At this point, skb could only be a valid pointer, so this patch does > > not introduce any functional change. > > Previously, macsec_post_decrypt could be called on the original

[PATCH net] net: fix use-after-free in __netif_receive_skb_core

te SKB lists through packet_type lookup") Reported-by: Andreas Steinmetz Signed-off-by: Sabrina Dubroca --- net/core/dev.c | 26 -- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index d6edd218babd..0bbf6d2a9c32 100644 -

Re: [PATCH net] net: fix use-after-free in __netif_receive_skb_core

2019-07-10, 16:07:43 +0100, Edward Cree wrote: > On 10/07/2019 14:52, Sabrina Dubroca wrote: > > -static int __netif_receive_skb_core(struct sk_buff *skb, bool pfmemalloc, > > +static int __netif_receive_skb_core(struct sk_buff **pskb, bool pfmemalloc, > >

[PATCH net] macsec: add genl family module alias

This helps tools such as wpa_supplicant can start even if the macsec module isn't loaded yet. Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") Signed-off-by: Sabrina Dubroca --- I think this should go to stable as well. drivers/net/macsec.c | 1 + 1 file chang

[PATCH net] tcp: fix refcnt leak with ebpf congestion control

it back into tcp core to avoid passing a ca pointer back to BPF. Fixes: 91b5b21c7c16 ("bpf: Add support for changing congestion control") Signed-off-by: Sabrina Dubroca --- include/net/tcp.h | 4 +--- net/core/filter.c | 7 ++- net/ipv4/tcp.c | 2 +- net/ipv4/tcp_cong.c |

Re: [PATCH net-next 1/4] net: Add SRIOV VGT+ support

2017-08-27, 14:06:15 +0300, Saeed Mahameed wrote: [...] > +#define VF_VLAN_BITMAP DIV_ROUND_UP(VF_VLAN_N_VID, sizeof(__u64) * > BITS_PER_BYTE) > +struct ifla_vf_vlan_trunk { > + __u32 vf; > + __u64 allowed_vlans_8021q_bm[VF_VLAN_BITMAP]; > + __u64 allowed_vlans_8021ad_bm[VF_VLAN_

Re: [PATCH RFC ipsec-next 0/7] ipsec: add TCP encapsulation support (RFC 8229)

Hi Steffen, 2019-06-25, 12:11:33 +0200, Sabrina Dubroca wrote: > This patchset introduces support for TCP encapsulation of IKE and ESP > messages, as defined by RFC 8229 [0]. It is an evolution of what > Herbert Xu proposed in January 2018 [1] that addresses the main > criticism ag

Re: [PATCH RFC ipsec-next 0/7] ipsec: add TCP encapsulation support (RFC 8229)

2019-08-21, 08:59:11 +0200, Steffen Klassert wrote: > On Fri, Aug 16, 2019 at 04:18:14PM +0200, Sabrina Dubroca wrote: > > Hi Steffen, > > > > 2019-06-25, 12:11:33 +0200, Sabrina Dubroca wrote: > > > This patchset introduces support for TCP encapsulation of IKE and

[PATCH ipsec-next 1/7] net: add queue argument to __skb_wait_for_more_packets and __skb_{,try_}recv_datagram

This will be used by ESP over TCP to handle the queue of IKE messages. Signed-off-by: Sabrina Dubroca --- include/linux/skbuff.h | 11 --- net/core/datagram.c| 26 -- net/ipv4/udp.c | 3 ++- net/unix/af_unix.c | 7 --- 4 files changed, 30

[PATCH ipsec-next 2/7] skbuff: Avoid sleeping in skb_send_sock_locked

part. Resulting in sleeping when the socket send buffer is full. This patch fixes it by setting the MSG_DONTWAIT flag when calling kernel_sendmsg_locked. Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/core/skbuff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/core/skbuf

[PATCH ipsec-next 3/7] xfrm: introduce xfrm_trans_queue_net

it, add a BUILD_BUG_ON like we usually do for skb->cb, since it's missing for struct xfrm_trans_cb. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- include/net/xfrm.h| 3 +++ net/xfrm/xfrm_input.c | 21 + 2 files chan

[PATCH ipsec-next 4/7] xfrm: add route lookup to xfrm4_rcv_encap

At this point, with TCP encapsulation, the dst may be gone, but xfrm_input needs one. Signed-off-by: Sabrina Dubroca --- net/ipv4/xfrm4_protocol.c | 9 + 1 file changed, 9 insertions(+) diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c index bcab48944c15..1665e1a05ec5

[PATCH ipsec-next 0/7] ipsec: add TCP encapsulation support (RFC 8229)

f: Avoid sleeping in skb_send_sock_locked Sabrina Dubroca (6): net: add queue argument to __skb_wait_for_more_packets and __skb_{,try_}recv_datagram xfrm: introduce xfrm_trans_queue_net xfrm: add route lookup to xfrm4_rcv_encap esp4: prepare esp_input_done2 for non-UDP encapsu

[PATCH ipsec-next 7/7] xfrm: add espintcp (RFC 8229)

Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- include/net/espintcp.h | 38 +++ include/net/xfrm.h | 1 + include/uapi/linux/udp.h | 1 + net/ipv4/esp4.c | 189 ++- net/xfrm/Kconfig | 9 + net/xfrm/Makefile| 1 + net/xfrm/

[PATCH ipsec-next 5/7] esp4: prepare esp_input_done2 for non-UDP encapsulation

For espintcp encapsulation, we will need to get the source port from the TCP header instead of UDP. Introduce a variable to hold the port. Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 16 ++-- 1 file changed, 14

[PATCH ipsec-next 6/7] esp4: split esp_output_udp_encap and introduce esp_output_encap

Co-developed-by: Herbert Xu Signed-off-by: Herbert Xu Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 57 - 1 file changed, 37 insertions(+), 20 deletions(-) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index c5d826642229..033c61d27148

[PATCH net] ipv6: propagate ipv6_add_dev's error returns out of ipv6_find_idev

2000::/64 dev dummyX RTNETLINK answers: No buffer space available Commit a317a2f19da7 ("ipv6: fail early when creating netdev named all or default") introduced error returns in ipv6_add_dev. Before that, that function would simply return NULL for all failures. Signed-off-by: Sabri

Re: [PATCH ipsec-next 7/7] xfrm: add espintcp (RFC 8229)

2019-08-29, 09:04:31 +0200, Steffen Klassert wrote: > On Wed, Aug 21, 2019 at 11:46:25PM +0200, Sabrina Dubroca wrote: > > +static struct sock *esp_find_tcp_sk(struct xfrm_state *x) > > +{ > > + struct xfrm_encap_tmpl *encap = x->encap; > > + struct esp_tcp_sk *es

Re: [PATCH net] ipv4: Add ICMPv6 support when parse route ipproto

2019-02-25, 15:47:00 +0800, Hangbin Liu wrote: > @@ -14,6 +15,7 @@ int rtm_getroute_parse_ip_proto(struct nlattr *attr, u8 > *ip_proto, > case IPPROTO_TCP: > case IPPROTO_UDP: > case IPPROTO_ICMP: > + case IPPROTO_ICMPV6: Is IPPROTO_ICMPV6 supposed to be valid in the IPv4 co

Re: [PATCH net v2 2/2] selftests: pmtu: add explicit tests for PMTU exceptions cleanup

2019-02-25, 12:13:46 +0100, Paolo Abeni wrote: > + if ! timeout 1 ${ns_a} ip link del dev veth_A-R1; then That doesn't work. "ip link del" is stuck in a way that timeout can't terminate it, so this is still going to hang. Did you actually test this? :/ > + err " can't delete veth

Re: [PATCH net] ipv4: Add ICMPv6 support when parse route ipproto

2019-02-26, 11:48:54 +0800, Hangbin Liu wrote: > Hi David, > On Mon, Feb 25, 2019 at 07:23:33PM -0700, David Ahern wrote: > > On 2/25/19 7:17 PM, Hangbin Liu wrote: > > > I also thought about this issue. Currently we didn't check the ipproto in > > > both > > > IPv4 and IPv6. You can set icmp in i

[PATCH net] net: enforce xmit_recursion for devices with a queue

by incrementing xmit_recursion in code paths that can call dev_hard_start_xmit() (like commit 745e20f1b626 did). If the recursion limit is exceeded, the packet is enqueued and the qdisc is scheduled. Reported-by: Jianlin Shi Signed-off-by: Sabrina Dubroca Reviewed-by: Stefano Brivio --- No fixes tag

Re: [PATCH net] net: enforce xmit_recursion for devices with a queue

2019-03-14, 05:58:03 -0700, Eric Dumazet wrote: > > > On 03/14/2019 03:15 AM, Sabrina Dubroca wrote: > > Commit 745e20f1b626 ("net: add a recursion limit in xmit path") > > introduced a recursion limit, but it only applies to devices without a > > queue.

Re: [PATCH net] net: enforce xmit_recursion for devices with a queue

2019-03-14, 07:56:10 -0700, Eric Dumazet wrote: > > > On 03/14/2019 07:15 AM, Sabrina Dubroca wrote: > > 2019-03-14, 05:58:03 -0700, Eric Dumazet wrote: > >> > >> > >> On 03/14/2019 03:15 AM, Sabrina Dubroca wrote: > >>> Commit

Re: [PATCH net] net: enforce xmit_recursion for devices with a queue

2019-03-14, 10:51:49 -0700, Eric Dumazet wrote: > > > On 03/14/2019 10:40 AM, Sabrina Dubroca wrote: > > 2019-03-14, 07:56:10 -0700, Eric Dumazet wrote: > >> > >> > >> On 03/14/2019 07:15 AM, Sabrina Dubroca wrote: > >>> 2019-03-14, 05:58:03

[PATCH ipsec] esp4: add length check for UDP encapsulation

th. To prevent this, add a length check to esp_output_udp_encap and return -EMSGSIZE on failure. This seems to be older than git history. Signed-off-by: Sabrina Dubroca --- net/ipv4/esp4.c | 20 +++- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/net/ipv4/esp4.

Re: [PATCH v2 5/5] net/core: Allow the compiler to verify declaration and definition consistency

2019-03-25, 09:17:23 -0700, Bart Van Assche wrote: > diff --git a/net/core/datagram.h b/net/core/datagram.h > new file mode 100644 > index ..bcfb75bfa3b2 > --- /dev/null > +++ b/net/core/datagram.h > @@ -0,0 +1,15 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > + > +#ifndef _NET_CORE_DAT

[PATCH net] vrf: prevent adding upper devices

ED feature flag). Fix this by setting the IFF_NO_RX_HANDLER flag (introduced in commit f5426250a6ec ("net: introduce IFF_NO_RX_HANDLER")). Cc: David Ahern Fixes: 193125dbd8eb ("net: Introduce VRF device driver") Signed-off-by: Sabrina Dubroca --- drivers/net/vrf.c | 1

Re: [PATCH v2 5/5] net/core: Allow the compiler to verify declaration and definition consistency

2019-03-26, 10:11:34 -0700, Bart Van Assche wrote: > On Mon, 2019-03-25 at 19:26 +0100, Sabrina Dubroca wrote: > > 2019-03-25, 09:17:23 -0700, Bart Van Assche wrote: > > > diff --git a/net/core/datagram.h b/net/core/datagram.h > > > new file mode 100644 > > &

Re: [PATCH v2 5/5] net/core: Allow the compiler to verify declaration and definition consistency

2019-03-26, 18:17:58 +, Al Viro wrote: > Dumping everything into widely-included files is a Bloody Bad Idea(tm); > it makes reasoning about the code much harder. > > If anything, we should trim the hell out of those; details that matter > only to a well-defined subset of the kernel should be l

[PATCH net] rtnetlink: always put ILFA_LINK for links with a link-netnsid

TNSID attribute in a dump, always put the IFLA_LINK attribute as well. Thanks to Dan Winship for analyzing the original OpenShift bug down to the missing netlink attribute. Analyzed-by: Dan Winship Fixes: a54acb3a6f85 ("dev: introduce dev_get_iflink()") Signed-off-by: Sabrina Dubroca

Re: [PATCH net] rtnetlink: always put ILFA_LINK for links with a link-netnsid

2019-05-13, 15:17:33 +0200, Nicolas Dichtel wrote: > Le 13/05/2019 à 15:01, Sabrina Dubroca a écrit : > > Currently, nla_put_iflink() doesn't put the IFLA_LINK attribute when > > iflink == ifindex. > > > > In some cases, a device can be created in a different ne

[PATCH net v2] rtnetlink: always put ILFA_LINK for links with a link-netnsid

TNSID attribute in a dump, always put the IFLA_LINK attribute as well. Thanks to Dan Winship for analyzing the original OpenShift bug down to the missing netlink attribute. Analyzed-by: Dan Winship Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Sabrina Dubroca Acked-by: Nicolas

Re: [PATCH net v2] rtnetlink: always put ILFA_LINK for links with a link-netnsid

2019-05-13, 16:50:51 +0200, Nicolas Dichtel wrote: > Le 13/05/2019 à 15:47, Sabrina Dubroca a écrit : > > Currently, nla_put_iflink() doesn't put the IFLA_LINK attribute when > > iflink == ifindex. > > > > In some cases, a device can be created in a different ne

Re: [PATCH net v2] rtnetlink: always put ILFA_LINK for links with a link-netnsid

2019-05-13, 17:13:36 +0200, Nicolas Dichtel wrote: > Le 13/05/2019 à 17:08, Sabrina Dubroca a écrit : > > 2019-05-13, 16:50:51 +0200, Nicolas Dichtel wrote: > >> Le 13/05/2019 à 15:47, Sabrina Dubroca a écrit : > >>> Currently, nla_put_iflink() doesn't put the IF

Re: [PATCH net v2] rtnetlink: always put ILFA_LINK for links with a link-netnsid

2019-05-14, 09:32:32 +0200, Nicolas Dichtel wrote: > Le 13/05/2019 à 23:46, Sabrina Dubroca a écrit : > > 2019-05-13, 17:13:36 +0200, Nicolas Dichtel wrote: > >> Le 13/05/2019 à 17:08, Sabrina Dubroca a écrit : > >>> 2019-05-13, 16:50:51 +0200, Nicolas Dichtel wrote

Re: [PATCH net v2] rtnetlink: always put ILFA_LINK for links with a link-netnsid

2019-05-14, 12:05:16 +0200, Nicolas Dichtel wrote: > Le 14/05/2019 à 10:01, Sabrina Dubroca a écrit : > > 2019-05-14, 09:32:32 +0200, Nicolas Dichtel wrote: > [snip] > >> What about this one? > >> Fixes: d8a5ec672768 ("[NET]: netlink support for moving devices be

[PATCH net v3] rtnetlink: always put IFLA_LINK for links with a link-netnsid

ix subject typo, spotted by Edward Cree Analyzed-by: Dan Winship Fixes: d8a5ec672768 ("[NET]: netlink support for moving devices between network namespaces.") Signed-off-by: Sabrina Dubroca Acked-by: Nicolas Dichtel --- net/core/rtnetlink.c | 16 ++-- 1 file changed, 10 i

[PATCH net] macsec: fix memory leaks when skb_to_sgvec fails

Fixes: cda7ea690350 ("macsec: check return value of skb_to_sgvec always") Signed-off-by: Sabrina Dubroca --- drivers/net/macsec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 98e4deaa3a6a..5ab1b8849c30 100644 --- a/drivers/ne

Re: [PATCH net-next] selftests: rtnetlink: add a small macsec test case

2017-10-12, 11:11:22 +0200, Florian Westphal wrote: > Signed-off-by: Florian Westphal Reviewed-by: Sabrina Dubroca Just a small detail: the "ip macsec" commands actually use genetlink and not rtnetlink. -- Sabrina

[PATCH net] alx: take rtnl before calling __alx_open from resume

t;igb: Move the calls to set the Tx and Rx queues into igb_open"). Fixes: d768319cd427 ("alx: enable multiple tx queues") Signed-off-by: Sabrina Dubroca --- drivers/net/ethernet/atheros/alx/main.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/net/

[PATCH net] net: fix use-after-free in GRO with ESP

Fixes: 5f114163f2f5 ("net: Add a skb_gro_flush_final helper.") Signed-off-by: Sabrina Dubroca Reviewed-by: Stefano Brivio --- drivers/net/geneve.c | 2 +- drivers/net/vxlan.c | 4 +--- include/linux/netdevice.h | 20 net/8021q/vlan.c | 2 +-

[PATCH net 3/3] net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE

inet6_ifla6_size() is called to check how much space is needed by inet6_fill_link_af() and inet6_fill_ifinfo(), both of which include the IFLA_INET6_ADDR_GEN_MODE attribute. Reserve some room for it. Fixes: bc91b0f07ada ("ipv6: addrconf: implement address generation modes") Signed-off-b

[PATCH net 1/3] net/ipv6: fix addrconf_sysctl_addr_gen_mode

ge link-local address generation mode") Signed-off-by: Sabrina Dubroca --- net/ipv6/addrconf.c | 27 ++- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 91580c62bb86..e9ba53d2a147 100644 --- a/net/ipv6/addrc

[PATCH net 0/3] net/ipv6: addr_gen_mode fixes

This series fixes bugs in handling of the addr_gen_mode option, mainly related to the sysctl. A minor netlink issue was also present in the initial commit introducing the option on a per-netdevice basis. Sabrina Dubroca (3): net/ipv6: fix addrconf_sysctl_addr_gen_mode net/ipv6: don&#

[PATCH net 2/3] net/ipv6: don't reinitialize ndev->cnf.addr_gen_mode on new inet6_dev

The value has already been copied from this netns's devconf_dflt, it shouldn't be reset to the global kernel default. Fixes: d35a00b8e33d ("net/ipv6: allow sysctl to change link-local address generation mode") Signed-off-by: Sabrina Dubroca --- net/ipv6/addrconf.c | 2 -

Re: [PATCH net 1/3] net/ipv6: fix addrconf_sysctl_addr_gen_mode

2018-07-06, 08:42:01 -0600, David Ahern wrote: > On 7/6/18 7:49 AM, Sabrina Dubroca wrote: > > diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > > index 91580c62bb86..e9ba53d2a147 100644 > > --- a/net/ipv6/addrconf.c > > +++ b/net/ipv6/addrconf.c > > @

Re: [PATCH net 1/3] net/ipv6: fix addrconf_sysctl_addr_gen_mode

2018-07-06, 09:28:48 -0600, David Ahern wrote: > On 7/6/18 9:02 AM, Sabrina Dubroca wrote: > > 2018-07-06, 08:42:01 -0600, David Ahern wrote: > >> On 7/6/18 7:49 AM, Sabrina Dubroca wrote: > >>> diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c > >>&g

[PATCH net v2 0/5] net/ipv6: addr_gen_mode fixes

documentation for the sysctl patches 1, 2, 3 are unchanged Sabrina Dubroca (5): net/ipv6: fix addrconf_sysctl_addr_gen_mode net/ipv6: don't reinitialize ndev->cnf.addr_gen_mode on new inet6_dev net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE net/ipv6: propagate

[PATCH net v2 3/5] net/ipv6: reserve room for IFLA_INET6_ADDR_GEN_MODE

inet6_ifla6_size() is called to check how much space is needed by inet6_fill_link_af() and inet6_fill_ifinfo(), both of which include the IFLA_INET6_ADDR_GEN_MODE attribute. Reserve some room for it. Fixes: bc91b0f07ada ("ipv6: addrconf: implement address generation modes") Signed-off-b

[PATCH net v2 2/5] net/ipv6: don't reinitialize ndev->cnf.addr_gen_mode on new inet6_dev

The value has already been copied from this netns's devconf_dflt, it shouldn't be reset to the global kernel default. Fixes: d35a00b8e33d ("net/ipv6: allow sysctl to change link-local address generation mode") Signed-off-by: Sabrina Dubroca Reviewed-by: David Ahern --- net

[PATCH net v2 1/5] net/ipv6: fix addrconf_sysctl_addr_gen_mode

ge link-local address generation mode") Signed-off-by: Sabrina Dubroca --- net/ipv6/addrconf.c | 27 ++- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 91580c62bb86..e9ba53d2a147 100644 --- a/net/ipv6/addrc

[PATCH net v2 4/5] net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices

This aligns the addr_gen_mode sysctl with the expected behavior of the "all" variant. Fixes: d35a00b8e33d ("net/ipv6: allow sysctl to change link-local address generation mode") Suggested-by: David Ahern Signed-off-by: Sabrina Dubroca --- net/ipv6/addrconf.c | 12

[PATCH net v2 5/5] Documentation: ip-sysctl.txt: document addr_gen_mode

addr_gen_mode was introduced in without documentation, add it now. Fixes: d35a00b8e33d ("net/ipv6: allow sysctl to change link-local address generation mode") Signed-off-by: Sabrina Dubroca --- Documentation/networking/ip-sysctl.txt | 9 + 1 file changed, 9 insertions(+) di

Re: [PATCH net v2 4/5] net/ipv6: propagate net.ipv6.conf.all.addr_gen_mode to devices

2018-07-09, 11:24:49 -0600, David Ahern wrote: > On 7/9/18 4:25 AM, Sabrina Dubroca wrote: > > This aligns the addr_gen_mode sysctl with the expected behavior of the > > "all" variant. > > > > Fixes: d35a00b8e33d ("net/ipv6: allow sysctl to chan

Re: [PATCH net] ipv4: reset fnhe_mtu_locked after cache route flushed

2018-05-10, 15:43:11 -0400, David Miller wrote: > From: Hangbin Liu > Date: Wed, 9 May 2018 18:06:44 +0800 > > > After route cache is flushed via ipv4_sysctl_rtcache_flush(), we forget > > to reset fnhe_mtu_locked in rt_bind_exception(). When pmtu is updated > > in __ip_rt_update_pmtu(), it will

Re: [PATCH net] skbuff: Unconditionally copy pfmemalloc in __skb_clone()

f it was set in the > original skb, but not cleared if it wasn't. This is wrong and > might lead to socket buffers being flagged with pfmemalloc even > if the skb data wasn't allocated from pfmemalloc reserves. Copy > the flag instead of ORing it. > > Reported-by

[PATCH net] ipv6: make DAD fail with enhanced DAD when nonce length differs

ed to veth0's peer, but is currently ignored. Fixes: adc176c54722 ("ipv6 addrconf: Implemented enhanced DAD (RFC7527)") Signed-off-by: Sabrina Dubroca Reviewed-by: Stefano Brivio --- net/ipv6/ndisc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv6/ndisc.c

[PATCH net] ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu

inetpeer.") Signed-off-by: Sabrina Dubroca Reviewed-by: Stefano Brivio --- include/net/ip.h | 11 +-- include/net/ip_fib.h | 1 + include/net/route.h | 1 + net/ipv4/route.c | 25 ++--- 4 files changed, 29 insertions(+), 9 deletions(-) diff --git a/inclu

Re: [PATCH net] ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu

2018-03-09, 16:06:19 -0500, David Miller wrote: > From: Sabrina Dubroca > Date: Fri, 9 Mar 2018 17:43:21 +0100 > > > diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h > > index f80524396c06..77d0a78cf7d2 100644 > > --- a/include/net/ip_fib.h > > +++ b/

[PATCH net v2] ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu

cec5c10bc ("ipv4: Cache learned PMTU information in inetpeer.") Signed-off-by: Sabrina Dubroca Reviewed-by: Stefano Brivio --- v2: make rt_pmtu a bitfield fix missing initializations of rt_mtu_locked include/net/ip.h| 11 +-- include/net/ip_fib.h| 1 + include/n

Re: [PATCH v11 crypto 06/12] crypto: chtls - structure and macro for Inline TLS

2018-03-16, 21:07:35 +0530, Atul Gupta wrote: [...] > +#define SOCK_INLINE (31) [...] > +static inline int csk_flag(const struct sock *sk, enum csk_flags flag) > +{ > + struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); > + > + if (!sock_flag(sk, SOCK_INLINE)) > + retur

[PATCH net] ip_gre: clear feature flags when incompatible o_flags are set

.10 remote 192.168.0.20 ttl 255 key 1 seq Fixes: dd9d598c6657 ("ip_gre: add the support for i/o_flags update via netlink") Signed-off-by: Sabrina Dubroca --- net/ipv4/ip_gre.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index a8772a

[PATCH net 1/2] tun: set the flags before registering the netdevice

Otherwise, register_netdevice advertises the creation of the device with the default flags, instead of what the user requested. Reported-by: Thomas Haller Fixes: 1ec010e70593 ("tun: export flags, uid, gid, queue information over netlink") Signed-off-by: Sabrina Dubroca --- drivers

[PATCH net 2/2] tun: send netlink notification when the device is modified

ons when owner/group or flags are modified, when queues are attached/detached, and when a tun fd is closed. Reported-by: Thomas Haller Fixes: 1ec010e70593 ("tun: export flags, uid, gid, queue information over netlink") Signed-off-by: Sabrina Dubroca --- drivers/net/tun.c | 24 ++

Re: Regression with 5dcd8400884c ("macsec: missing dev_put() on error in macsec_newlink()")

Hello Laura, 2018-04-14, 10:56:55 -0700, Laura Abbott wrote: > Hi, > > Fedora got a bug report of a regression when trying to remove the > the macsec module (https://bugzilla.redhat.com/show_bug.cgi?id=1566410). > I did a bisect and found > > commit 5dcd8400884cc4a043a6d4617e042489e5d566a9 > Aut

[PATCH iproute2-next] ip link: add json support for tun attributes

Reported-by: Stephen Hemminger Fixes: 118eda77d660 ("ip link: add support to display extended tun attributes") Signed-off-by: Sabrina Dubroca Reviewed-by: Stefano Brivio --- ip/iptuntap.c | 55 ++- 1 file changed, 34 inserti

[PATCH net] net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68

in_pmtu a u32, since it's only ever compared to unsigned ints. Reported-by: Jianlin Shi Signed-off-by: Sabrina Dubroca Reviewed-by: Stefano Brivio --- net/ipv4/route.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index a

  1   2   3   4   5   >