tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking fixes from David Miller:

1) Don't leak ipvs->sysctl_tbl, from Tommi Rentala.

2) Fix neighbour table entry leak in rocker driver, from Ying Xue.

3) Do not emit bonding notifications for unregistered interfaces, from
Nicolas Dichtel.

4) Set ipv6 flow label properly when in TIME_WAIT state, from Florent
Fourcot.

5) Fix regression in ipv6 multicast filter test, from Henning Rogge.

6) do_replace() in various footables netfilter modules is missing a
check for 0 counters in the datastructure provided by the user. Fix
from Dave Jones, and found with trinity.

7) Fix RCU bug in packet scheduler classifier module unloads, from
Daniel Borkmann.

8) Avoid deadlock in tcp_get_info() by using u64_sync. From Eric
Dumzaet.

9) Input packet processing can race with inetdev_destroy() teardown,
fix potential OOPS in ip_error() by explicitly testing whether the
inetdev is still attached. From Eric W Biederman.

10) MLDv2 parser in bridge multicast code breaks too early while
parsing. Fix from Thadeu Lima de Souza Cascardo.

11) Asking for settings on non-zero PHYID doesn't work because we do not
import the command structure from the user and use the PHYID
provided there. Fix from Arun Parameswaran.

12) Fix UDP checksums with IPV6 RAW sockets, from Vlad Yasevich.

13) Missing NF_TABLES depends for TPROXY etc can cause build failures,
fix from Florian Westphal.

14) Fix netfilter conntrack to handle RFC5961 challenge ACKs properly,
from Jesper Dangaard Brouer.

15) If netlink autobind retry fails, we have to reset the sockets portid
back to zero. From Herbert Xu.

16) VXLAN netns exit code unregisters using wrong device, from John W
Linville.

17) Add some USB device IDs to ath3k and btusb bluetooth drivers, from
Dmitry Tunin and Wen-chien Jesse Sung.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
bridge: fix lockdep splat
net: core: 'ethtool' issue with querying phy settings
bridge: fix parsing of MLDv2 reports
ARM: zynq: DT: Use the zynq binding with macb
net: macb: Disable half duplex gigabit on Zynq
net: macb: Document zynq gem dt binding
ipv4: fill in table id when replacing a route
cdc_ncm: Fix tx_bytes statistics
ipv4: Avoid crashing in ip_error
tcp: fix a potential deadlock in tcp_get_info()
net: sched: fix call_rcu() race on classifier module unloads
net: phy: Make sure phy_start() always re-enables the phy interrupts
ipv6: fix ECMP route replacement
ipv6: do not delete previously existing ECMP routes if add fails
Revert "netfilter: bridge: query conntrack about skb dnat"
netfilter: ensure number of counters is >0 in do_replace()
netfilter: nfnetlink_{log,queue}: Register pernet in first place
tcp: don't over-send F-RTO probes
tcp: only undo on partial ACKs in CA_Loss
net/ipv6/udp: Fix ipv6 multicast socket filter regression
...

Linus Torvalds 0b6280c6 1c8df7bd

+308 -105
+2 -1
Documentation/devicetree/bindings/net/cdns-emac.txt
··· 3 3 Required properties: 4 4 - compatible: Should be "cdns,[<chip>-]{emac}" 5 5 Use "cdns,at91rm9200-emac" Atmel at91rm9200 SoC. 6 - or the generic form: "cdns,emac". 6 + Use "cdns,zynq-gem" Xilinx Zynq-7xxx SoC. 7 + Or the generic form: "cdns,emac". 7 8 - reg: Address and length of the register set for the device 8 9 - interrupts: Should contain macb interrupt 9 10 - phy-mode: see ethernet.txt file in the same directory.
+2 -2
arch/arm/boot/dts/zynq-7000.dtsi
··· 193 193 }; 194 194 195 195 gem0: ethernet@e000b000 { 196 - compatible = "cdns,gem"; 196 + compatible = "cdns,zynq-gem"; 197 197 reg = <0xe000b000 0x1000>; 198 198 status = "disabled"; 199 199 interrupts = <0 22 4>; ··· 204 204 }; 205 205 206 206 gem1: ethernet@e000c000 { 207 - compatible = "cdns,gem"; 207 + compatible = "cdns,zynq-gem"; 208 208 reg = <0xe000c000 0x1000>; 209 209 status = "disabled"; 210 210 interrupts = <0 45 4>;
+4
drivers/bluetooth/ath3k.c
··· 88 88 { USB_DEVICE(0x04CA, 0x3007) }, 89 89 { USB_DEVICE(0x04CA, 0x3008) }, 90 90 { USB_DEVICE(0x04CA, 0x300b) }, 91 + { USB_DEVICE(0x04CA, 0x300f) }, 91 92 { USB_DEVICE(0x04CA, 0x3010) }, 92 93 { USB_DEVICE(0x0930, 0x0219) }, 93 94 { USB_DEVICE(0x0930, 0x0220) }, ··· 105 104 { USB_DEVICE(0x0cf3, 0xe003) }, 106 105 { USB_DEVICE(0x0CF3, 0xE004) }, 107 106 { USB_DEVICE(0x0CF3, 0xE005) }, 107 + { USB_DEVICE(0x0CF3, 0xE006) }, 108 108 { USB_DEVICE(0x13d3, 0x3362) }, 109 109 { USB_DEVICE(0x13d3, 0x3375) }, 110 110 { USB_DEVICE(0x13d3, 0x3393) }, ··· 145 143 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 146 144 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 147 145 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 146 + { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, 148 147 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, 149 148 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 150 149 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, ··· 161 158 { USB_DEVICE(0x0CF3, 0x817a), .driver_info = BTUSB_ATH3012 }, 162 159 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 163 160 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 161 + { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 }, 164 162 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 165 163 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 166 164 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 },
+3
drivers/bluetooth/btusb.c
··· 186 186 { USB_DEVICE(0x04ca, 0x3007), .driver_info = BTUSB_ATH3012 }, 187 187 { USB_DEVICE(0x04ca, 0x3008), .driver_info = BTUSB_ATH3012 }, 188 188 { USB_DEVICE(0x04ca, 0x300b), .driver_info = BTUSB_ATH3012 }, 189 + { USB_DEVICE(0x04ca, 0x300f), .driver_info = BTUSB_ATH3012 }, 189 190 { USB_DEVICE(0x04ca, 0x3010), .driver_info = BTUSB_ATH3012 }, 190 191 { USB_DEVICE(0x0930, 0x0219), .driver_info = BTUSB_ATH3012 }, 191 192 { USB_DEVICE(0x0930, 0x0220), .driver_info = BTUSB_ATH3012 }, ··· 203 202 { USB_DEVICE(0x0cf3, 0xe003), .driver_info = BTUSB_ATH3012 }, 204 203 { USB_DEVICE(0x0cf3, 0xe004), .driver_info = BTUSB_ATH3012 }, 205 204 { USB_DEVICE(0x0cf3, 0xe005), .driver_info = BTUSB_ATH3012 }, 205 + { USB_DEVICE(0x0cf3, 0xe006), .driver_info = BTUSB_ATH3012 }, 206 206 { USB_DEVICE(0x13d3, 0x3362), .driver_info = BTUSB_ATH3012 }, 207 207 { USB_DEVICE(0x13d3, 0x3375), .driver_info = BTUSB_ATH3012 }, 208 208 { USB_DEVICE(0x13d3, 0x3393), .driver_info = BTUSB_ATH3012 }, ··· 220 218 { USB_DEVICE(0x0489, 0xe03c), .driver_info = BTUSB_ATH3012 }, 221 219 222 220 /* QCA ROME chipset */ 221 + { USB_DEVICE(0x0cf3, 0xe007), .driver_info = BTUSB_QCA_ROME }, 223 222 { USB_DEVICE(0x0cf3, 0xe300), .driver_info = BTUSB_QCA_ROME }, 224 223 { USB_DEVICE(0x0cf3, 0xe360), .driver_info = BTUSB_QCA_ROME }, 225 224
+1 -1
drivers/net/bonding/bond_options.c
··· 624 624 out: 625 625 if (ret) 626 626 bond_opt_error_interpret(bond, opt, ret, val); 627 - else 627 + else if (bond->dev->reg_state == NETREG_REGISTERED) 628 628 call_netdevice_notifiers(NETDEV_CHANGEINFODATA, bond->dev); 629 629 630 630 return ret;
+18
drivers/net/ethernet/cadence/macb.c
··· 350 350 else 351 351 phydev->supported &= PHY_BASIC_FEATURES; 352 352 353 + if (bp->caps & MACB_CAPS_NO_GIGABIT_HALF) 354 + phydev->supported &= ~SUPPORTED_1000baseT_Half; 355 + 353 356 phydev->advertising = phydev->supported; 354 357 355 358 bp->link = 0; ··· 1040 1037 * add that if/when we get our hands on a full-blown MII PHY. 1041 1038 */ 1042 1039 1040 + /* There is a hardware issue under heavy load where DMA can 1041 + * stop, this causes endless "used buffer descriptor read" 1042 + * interrupts but it can be cleared by re-enabling RX. See 1043 + * the at91 manual, section 41.3.1 or the Zynq manual 1044 + * section 16.7.4 for details. 1045 + */ 1043 1046 if (status & MACB_BIT(RXUBR)) { 1044 1047 ctrl = macb_readl(bp, NCR); 1045 1048 macb_writel(bp, NCR, ctrl & ~MACB_BIT(RE)); ··· 2702 2693 .init = at91ether_init, 2703 2694 }; 2704 2695 2696 + static const struct macb_config zynq_config = { 2697 + .caps = MACB_CAPS_SG_DISABLED | MACB_CAPS_GIGABIT_MODE_AVAILABLE | 2698 + MACB_CAPS_NO_GIGABIT_HALF, 2699 + .dma_burst_length = 16, 2700 + .clk_init = macb_clk_init, 2701 + .init = macb_init, 2702 + }; 2703 + 2705 2704 static const struct of_device_id macb_dt_ids[] = { 2706 2705 { .compatible = "cdns,at32ap7000-macb" }, 2707 2706 { .compatible = "cdns,at91sam9260-macb", .data = &at91sam9260_config }, ··· 2720 2703 { .compatible = "atmel,sama5d4-gem", .data = &sama5d4_config }, 2721 2704 { .compatible = "cdns,at91rm9200-emac", .data = &emac_config }, 2722 2705 { .compatible = "cdns,emac", .data = &emac_config }, 2706 + { .compatible = "cdns,zynq-gem", .data = &zynq_config }, 2723 2707 { /* sentinel */ } 2724 2708 }; 2725 2709 MODULE_DEVICE_TABLE(of, macb_dt_ids);
+1
drivers/net/ethernet/cadence/macb.h
··· 393 393 #define MACB_CAPS_ISR_CLEAR_ON_WRITE 0x00000001 394 394 #define MACB_CAPS_USRIO_HAS_CLKEN 0x00000002 395 395 #define MACB_CAPS_USRIO_DEFAULT_IS_MII 0x00000004 396 + #define MACB_CAPS_NO_GIGABIT_HALF 0x00000008 396 397 #define MACB_CAPS_FIFO_MODE 0x10000000 397 398 #define MACB_CAPS_GIGABIT_MODE_AVAILABLE 0x20000000 398 399 #define MACB_CAPS_SG_DISABLED 0x40000000
+4 -4
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c
··· 3187 3187 int cqn = vhcr->in_modifier; 3188 3188 struct mlx4_cq_context *cqc = inbox->buf; 3189 3189 int mtt_base = cq_get_mtt_addr(cqc) / dev->caps.mtt_entry_sz; 3190 - struct res_cq *cq; 3190 + struct res_cq *cq = NULL; 3191 3191 struct res_mtt *mtt; 3192 3192 3193 3193 err = cq_res_start_move_to(dev, slave, cqn, RES_CQ_HW, &cq); ··· 3223 3223 { 3224 3224 int err; 3225 3225 int cqn = vhcr->in_modifier; 3226 - struct res_cq *cq; 3226 + struct res_cq *cq = NULL; 3227 3227 3228 3228 err = cq_res_start_move_to(dev, slave, cqn, RES_CQ_ALLOCATED, &cq); 3229 3229 if (err) ··· 3362 3362 int err; 3363 3363 int srqn = vhcr->in_modifier; 3364 3364 struct res_mtt *mtt; 3365 - struct res_srq *srq; 3365 + struct res_srq *srq = NULL; 3366 3366 struct mlx4_srq_context *srqc = inbox->buf; 3367 3367 int mtt_base = srq_get_mtt_addr(srqc) / dev->caps.mtt_entry_sz; 3368 3368 ··· 3406 3406 { 3407 3407 int err; 3408 3408 int srqn = vhcr->in_modifier; 3409 - struct res_srq *srq; 3409 + struct res_srq *srq = NULL; 3410 3410 3411 3411 err = srq_res_start_move_to(dev, slave, srqn, RES_SRQ_ALLOCATED, &srq); 3412 3412 if (err)
+5 -3
drivers/net/ethernet/rocker/rocker.c
··· 2921 2921 struct neighbour *n = __ipv4_neigh_lookup(dev, (__force u32)ip_addr); 2922 2922 int err = 0; 2923 2923 2924 - if (!n) 2924 + if (!n) { 2925 2925 n = neigh_create(&arp_tbl, &ip_addr, dev); 2926 - if (!n) 2927 - return -ENOMEM; 2926 + if (IS_ERR(n)) 2927 + return IS_ERR(n); 2928 + } 2928 2929 2929 2930 /* If the neigh is already resolved, then go ahead and 2930 2931 * install the entry, otherwise start the ARP process to ··· 2937 2936 else 2938 2937 neigh_event_send(n, NULL); 2939 2938 2939 + neigh_release(n); 2940 2940 return err; 2941 2941 } 2942 2942
+19 -15
drivers/net/phy/phy.c
··· 742 742 */ 743 743 void phy_start(struct phy_device *phydev) 744 744 { 745 + bool do_resume = false; 746 + int err = 0; 747 + 745 748 mutex_lock(&phydev->lock); 746 749 747 750 switch (phydev->state) { ··· 755 752 phydev->state = PHY_UP; 756 753 break; 757 754 case PHY_HALTED: 755 + /* make sure interrupts are re-enabled for the PHY */ 756 + err = phy_enable_interrupts(phydev); 757 + if (err < 0) 758 + break; 759 + 758 760 phydev->state = PHY_RESUMING; 761 + do_resume = true; 762 + break; 759 763 default: 760 764 break; 761 765 } 762 766 mutex_unlock(&phydev->lock); 767 + 768 + /* if phy was suspended, bring the physical link up again */ 769 + if (do_resume) 770 + phy_resume(phydev); 763 771 } 764 772 EXPORT_SYMBOL(phy_start); 765 773 ··· 783 769 struct delayed_work *dwork = to_delayed_work(work); 784 770 struct phy_device *phydev = 785 771 container_of(dwork, struct phy_device, state_queue); 786 - bool needs_aneg = false, do_suspend = false, do_resume = false; 772 + bool needs_aneg = false, do_suspend = false; 787 773 int err = 0; 788 774 789 775 mutex_lock(&phydev->lock); ··· 902 888 } 903 889 break; 904 890 case PHY_RESUMING: 905 - err = phy_clear_interrupt(phydev); 906 - if (err) 907 - break; 908 - 909 - err = phy_config_interrupt(phydev, PHY_INTERRUPT_ENABLED); 910 - if (err) 911 - break; 912 - 913 891 if (AUTONEG_ENABLE == phydev->autoneg) { 914 892 err = phy_aneg_done(phydev); 915 893 if (err < 0) ··· 939 933 } 940 934 phydev->adjust_link(phydev->attached_dev); 941 935 } 942 - do_resume = true; 943 936 break; 944 937 } 945 938 ··· 948 943 err = phy_start_aneg(phydev); 949 944 else if (do_suspend) 950 945 phy_suspend(phydev); 951 - else if (do_resume) 952 - phy_resume(phydev); 953 946 954 947 if (err < 0) 955 948 phy_error(phydev); ··· 1056 1053 { 1057 1054 /* According to 802.3az,the EEE is supported only in full duplex-mode. 1058 1055 * Also EEE feature is active when core is operating with MII, GMII 1059 - * or RGMII. Internal PHYs are also allowed to proceed and should 1060 - * return an error if they do not support EEE. 1056 + * or RGMII (all kinds). Internal PHYs are also allowed to proceed and 1057 + * should return an error if they do not support EEE. 1061 1058 */ 1062 1059 if ((phydev->duplex == DUPLEX_FULL) && 1063 1060 ((phydev->interface == PHY_INTERFACE_MODE_MII) || 1064 1061 (phydev->interface == PHY_INTERFACE_MODE_GMII) || 1065 - (phydev->interface == PHY_INTERFACE_MODE_RGMII) || 1062 + (phydev->interface >= PHY_INTERFACE_MODE_RGMII && 1063 + phydev->interface <= PHY_INTERFACE_MODE_RGMII_TXID) || 1066 1064 phy_is_internal(phydev))) { 1067 1065 int eee_lp, eee_cap, eee_adv; 1068 1066 u32 lp, cap, adv;
+1 -1
drivers/net/usb/cdc_ncm.c
··· 1182 1182 * payload data instead. 1183 1183 */ 1184 1184 usbnet_set_skb_tx_stats(skb_out, n, 1185 - ctx->tx_curr_frame_payload - skb_out->len); 1185 + (long)ctx->tx_curr_frame_payload - skb_out->len); 1186 1186 1187 1187 return skb_out; 1188 1188
+1 -1
drivers/net/vxlan.c
··· 2961 2961 * to the list by the previous loop. 2962 2962 */ 2963 2963 if (!net_eq(dev_net(vxlan->dev), net)) 2964 - unregister_netdevice_queue(dev, &list); 2964 + unregister_netdevice_queue(vxlan->dev, &list); 2965 2965 } 2966 2966 2967 2967 unregister_netdevice_many(&list);
+19
include/linux/rhashtable.h
··· 17 17 #ifndef _LINUX_RHASHTABLE_H 18 18 #define _LINUX_RHASHTABLE_H 19 19 20 + #include <linux/atomic.h> 20 21 #include <linux/compiler.h> 21 22 #include <linux/errno.h> 22 23 #include <linux/jhash.h> ··· 101 100 * @key_len: Length of key 102 101 * @key_offset: Offset of key in struct to be hashed 103 102 * @head_offset: Offset of rhash_head in struct to be hashed 103 + * @insecure_max_entries: Maximum number of entries (may be exceeded) 104 104 * @max_size: Maximum size while expanding 105 105 * @min_size: Minimum size while shrinking 106 106 * @nulls_base: Base value to generate nulls marker ··· 117 115 size_t key_len; 118 116 size_t key_offset; 119 117 size_t head_offset; 118 + unsigned int insecure_max_entries; 120 119 unsigned int max_size; 121 120 unsigned int min_size; 122 121 u32 nulls_base; ··· 287 284 { 288 285 return atomic_read(&ht->nelems) > tbl->size && 289 286 (!ht->p.max_size || tbl->size < ht->p.max_size); 287 + } 288 + 289 + /** 290 + * rht_grow_above_max - returns true if table is above maximum 291 + * @ht: hash table 292 + * @tbl: current table 293 + */ 294 + static inline bool rht_grow_above_max(const struct rhashtable *ht, 295 + const struct bucket_table *tbl) 296 + { 297 + return ht->p.insecure_max_entries && 298 + atomic_read(&ht->nelems) >= ht->p.insecure_max_entries; 290 299 } 291 300 292 301 /* The bucket lock is selected based on the hash and protects mutations ··· 603 588 goto slow_path; 604 589 goto out; 605 590 } 591 + 592 + err = -E2BIG; 593 + if (unlikely(rht_grow_above_max(ht, tbl))) 594 + goto out; 606 595 607 596 if (unlikely(rht_grow_above_100(ht, tbl))) { 608 597 slow_path:
+1
include/linux/skbuff.h
··· 176 176 struct net_device *physindev; 177 177 struct net_device *physoutdev; 178 178 char neigh_header[8]; 179 + __be32 ipv4_daddr; 179 180 }; 180 181 #endif 181 182
+2
include/linux/tcp.h
··· 158 158 * sum(delta(snd_una)), or how many bytes 159 159 * were acked. 160 160 */ 161 + struct u64_stats_sync syncp; /* protects 64bit vars (cf tcp_get_info()) */ 162 + 161 163 u32 snd_una; /* First byte we want an ack for */ 162 164 u32 snd_sml; /* Last byte of the most recently transmitted small packet */ 163 165 u32 rcv_tstamp; /* timestamp of last received ACK (for keepalives) */
+3 -2
include/net/inet_connection_sock.h
··· 129 129 130 130 u32 probe_timestamp; 131 131 } icsk_mtup; 132 - u32 icsk_ca_priv[16]; 133 132 u32 icsk_user_timeout; 134 - #define ICSK_CA_PRIV_SIZE (16 * sizeof(u32)) 133 + 134 + u64 icsk_ca_priv[64 / sizeof(u64)]; 135 + #define ICSK_CA_PRIV_SIZE (8 * sizeof(u64)) 135 136 }; 136 137 137 138 #define ICSK_TIME_RETRANS 1 /* Retransmit timer */
+3
include/uapi/linux/netfilter/nf_conntrack_tcp.h
··· 42 42 /* The field td_maxack has been set */ 43 43 #define IP_CT_TCP_FLAG_MAXACK_SET 0x20 44 44 45 + /* Marks possibility for expected RFC5961 challenge ACK */ 46 + #define IP_CT_EXP_CHALLENGE_ACK 0x40 47 + 45 48 struct nf_ct_tcp_flags { 46 49 __u8 flags; 47 50 __u8 mask;
+1 -1
include/uapi/linux/rtnetlink.h
··· 337 337 #define RTNH_F_DEAD 1 /* Nexthop is dead (used by multipath) */ 338 338 #define RTNH_F_PERVASIVE 2 /* Do recursive gateway lookup */ 339 339 #define RTNH_F_ONLINK 4 /* Gateway is forced on link */ 340 - #define RTNH_F_EXTERNAL 8 /* Route installed externally */ 340 + #define RTNH_F_OFFLOAD 8 /* offloaded route */ 341 341 342 342 /* Macros to handle hexthops */ 343 343
+11
lib/rhashtable.c
··· 14 14 * published by the Free Software Foundation. 15 15 */ 16 16 17 + #include <linux/atomic.h> 17 18 #include <linux/kernel.h> 18 19 #include <linux/init.h> 19 20 #include <linux/log2.h> ··· 447 446 if (key && rhashtable_lookup_fast(ht, key, ht->p)) 448 447 goto exit; 449 448 449 + err = -E2BIG; 450 + if (unlikely(rht_grow_above_max(ht, tbl))) 451 + goto exit; 452 + 450 453 err = -EAGAIN; 451 454 if (rhashtable_check_elasticity(ht, tbl, hash) || 452 455 rht_grow_above_100(ht, tbl)) ··· 742 737 743 738 if (params->max_size) 744 739 ht->p.max_size = rounddown_pow_of_two(params->max_size); 740 + 741 + if (params->insecure_max_entries) 742 + ht->p.insecure_max_entries = 743 + rounddown_pow_of_two(params->insecure_max_entries); 744 + else 745 + ht->p.insecure_max_entries = ht->p.max_size * 2; 745 746 746 747 ht->p.min_size = max(ht->p.min_size, HASH_MIN_SIZE); 747 748
+1 -1
net/8021q/vlan.c
··· 443 443 case NETDEV_UP: 444 444 /* Put all VLANs for this dev in the up state too. */ 445 445 vlan_group_for_each_dev(grp, i, vlandev) { 446 - flgs = vlandev->flags; 446 + flgs = dev_get_flags(vlandev); 447 447 if (flgs & IFF_UP) 448 448 continue; 449 449
+4 -2
net/bluetooth/hci_core.c
··· 2854 2854 * state. If we were running both LE and BR/EDR inquiry 2855 2855 * simultaneously, and BR/EDR inquiry is already 2856 2856 * finished, stop discovery, otherwise BR/EDR inquiry 2857 - * will stop discovery when finished. 2857 + * will stop discovery when finished. If we will resolve 2858 + * remote device name, do not change discovery state. 2858 2859 */ 2859 - if (!test_bit(HCI_INQUIRY, &hdev->flags)) 2860 + if (!test_bit(HCI_INQUIRY, &hdev->flags) && 2861 + hdev->discovery.state != DISCOVERY_RESOLVING) 2860 2862 hci_discovery_set_state(hdev, 2861 2863 DISCOVERY_STOPPED); 2862 2864 } else {
+1 -1
net/bridge/br_multicast.c
··· 1072 1072 1073 1073 err = br_ip6_multicast_add_group(br, port, &grec->grec_mca, 1074 1074 vid); 1075 - if (!err) 1075 + if (err) 1076 1076 break; 1077 1077 } 1078 1078
+9 -18
net/bridge/br_netfilter.c
··· 37 37 #include <net/route.h> 38 38 #include <net/netfilter/br_netfilter.h> 39 39 40 - #if IS_ENABLED(CONFIG_NF_CONNTRACK) 41 - #include <net/netfilter/nf_conntrack.h> 42 - #endif 43 - 44 40 #include <asm/uaccess.h> 45 41 #include "br_private.h" 46 42 #ifdef CONFIG_SYSCTL ··· 346 350 return 0; 347 351 } 348 352 349 - static bool dnat_took_place(const struct sk_buff *skb) 353 + static bool daddr_was_changed(const struct sk_buff *skb, 354 + const struct nf_bridge_info *nf_bridge) 350 355 { 351 - #if IS_ENABLED(CONFIG_NF_CONNTRACK) 352 - enum ip_conntrack_info ctinfo; 353 - struct nf_conn *ct; 354 - 355 - ct = nf_ct_get(skb, &ctinfo); 356 - if (!ct || nf_ct_is_untracked(ct)) 357 - return false; 358 - 359 - return test_bit(IPS_DST_NAT_BIT, &ct->status); 360 - #else 361 - return false; 362 - #endif 356 + return ip_hdr(skb)->daddr != nf_bridge->ipv4_daddr; 363 357 } 364 358 365 359 /* This requires some explaining. If DNAT has taken place, 366 360 * we will need to fix up the destination Ethernet address. 361 + * This is also true when SNAT takes place (for the reply direction). 367 362 * 368 363 * There are two cases to consider: 369 364 * 1. The packet was DNAT'ed to a device in the same bridge ··· 408 421 nf_bridge->pkt_otherhost = false; 409 422 } 410 423 nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING; 411 - if (dnat_took_place(skb)) { 424 + if (daddr_was_changed(skb, nf_bridge)) { 412 425 if ((err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev))) { 413 426 struct in_device *in_dev = __in_dev_get_rcu(dev); 414 427 ··· 619 632 struct sk_buff *skb, 620 633 const struct nf_hook_state *state) 621 634 { 635 + struct nf_bridge_info *nf_bridge; 622 636 struct net_bridge_port *p; 623 637 struct net_bridge *br; 624 638 __u32 len = nf_bridge_encap_header_len(skb); ··· 656 668 return NF_DROP; 657 669 if (!setup_pre_routing(skb)) 658 670 return NF_DROP; 671 + 672 + nf_bridge = nf_bridge_info_get(skb); 673 + nf_bridge->ipv4_daddr = ip_hdr(skb)->daddr; 659 674 660 675 skb->protocol = htons(ETH_P_IP); 661 676
+2
net/bridge/br_stp_timer.c
··· 97 97 netif_carrier_on(br->dev); 98 98 } 99 99 br_log_state(p); 100 + rcu_read_lock(); 100 101 br_ifinfo_notify(RTM_NEWLINK, p); 102 + rcu_read_unlock(); 101 103 spin_unlock(&br->lock); 102 104 } 103 105
+4
net/bridge/netfilter/ebtables.c
··· 1117 1117 return -ENOMEM; 1118 1118 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter)) 1119 1119 return -ENOMEM; 1120 + if (tmp.num_counters == 0) 1121 + return -EINVAL; 1120 1122 1121 1123 tmp.name[sizeof(tmp.name) - 1] = 0; 1122 1124 ··· 2161 2159 return -ENOMEM; 2162 2160 if (tmp.num_counters >= INT_MAX / sizeof(struct ebt_counter)) 2163 2161 return -ENOMEM; 2162 + if (tmp.num_counters == 0) 2163 + return -EINVAL; 2164 2164 2165 2165 memcpy(repl, &tmp, offsetof(struct ebt_replace, hook_entry)); 2166 2166
+9 -1
net/core/ethtool.c
··· 359 359 int err; 360 360 struct ethtool_cmd cmd; 361 361 362 - err = __ethtool_get_settings(dev, &cmd); 362 + if (!dev->ethtool_ops->get_settings) 363 + return -EOPNOTSUPP; 364 + 365 + if (copy_from_user(&cmd, useraddr, sizeof(cmd))) 366 + return -EFAULT; 367 + 368 + cmd.cmd = ETHTOOL_GSET; 369 + 370 + err = dev->ethtool_ops->get_settings(dev, &cmd); 363 371 if (err < 0) 364 372 return err; 365 373
+3
net/core/rtnetlink.c
··· 2416 2416 { 2417 2417 struct sk_buff *skb; 2418 2418 2419 + if (dev->reg_state != NETREG_REGISTERED) 2420 + return; 2421 + 2419 2422 skb = rtmsg_ifinfo_build_skb(type, dev, change, flags); 2420 2423 if (skb) 2421 2424 rtmsg_ifinfo_send(skb, dev, flags);
+2 -1
net/ipv4/fib_trie.c
··· 1164 1164 state = fa->fa_state; 1165 1165 new_fa->fa_state = state & ~FA_S_ACCESSED; 1166 1166 new_fa->fa_slen = fa->fa_slen; 1167 + new_fa->tb_id = tb->tb_id; 1167 1168 1168 1169 err = netdev_switch_fib_ipv4_add(key, plen, fi, 1169 1170 new_fa->fa_tos, ··· 1765 1764 /* record local slen */ 1766 1765 slen = fa->fa_slen; 1767 1766 1768 - if (!fi || !(fi->fib_flags & RTNH_F_EXTERNAL)) 1767 + if (!fi || !(fi->fib_flags & RTNH_F_OFFLOAD)) 1769 1768 continue; 1770 1769 1771 1770 netdev_switch_fib_ipv4_del(n->key,
+6
net/ipv4/netfilter/arp_tables.c
··· 1075 1075 /* overflow check */ 1076 1076 if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) 1077 1077 return -ENOMEM; 1078 + if (tmp.num_counters == 0) 1079 + return -EINVAL; 1080 + 1078 1081 tmp.name[sizeof(tmp.name)-1] = 0; 1079 1082 1080 1083 newinfo = xt_alloc_table_info(tmp.size); ··· 1502 1499 return -ENOMEM; 1503 1500 if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) 1504 1501 return -ENOMEM; 1502 + if (tmp.num_counters == 0) 1503 + return -EINVAL; 1504 + 1505 1505 tmp.name[sizeof(tmp.name)-1] = 0; 1506 1506 1507 1507 newinfo = xt_alloc_table_info(tmp.size);
+6
net/ipv4/netfilter/ip_tables.c
··· 1262 1262 /* overflow check */ 1263 1263 if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) 1264 1264 return -ENOMEM; 1265 + if (tmp.num_counters == 0) 1266 + return -EINVAL; 1267 + 1265 1268 tmp.name[sizeof(tmp.name)-1] = 0; 1266 1269 1267 1270 newinfo = xt_alloc_table_info(tmp.size); ··· 1812 1809 return -ENOMEM; 1813 1810 if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) 1814 1811 return -ENOMEM; 1812 + if (tmp.num_counters == 0) 1813 + return -EINVAL; 1814 + 1815 1815 tmp.name[sizeof(tmp.name)-1] = 0; 1816 1816 1817 1817 newinfo = xt_alloc_table_info(tmp.size);
+4
net/ipv4/route.c
··· 902 902 bool send; 903 903 int code; 904 904 905 + /* IP on this device is disabled. */ 906 + if (!in_dev) 907 + goto out; 908 + 905 909 net = dev_net(rt->dst.dev); 906 910 if (!IN_DEV_FORWARD(in_dev)) { 907 911 switch (rt->dst.error) {
+7 -4
net/ipv4/tcp.c
··· 402 402 tp->snd_ssthresh = TCP_INFINITE_SSTHRESH; 403 403 tp->snd_cwnd_clamp = ~0; 404 404 tp->mss_cache = TCP_MSS_DEFAULT; 405 + u64_stats_init(&tp->syncp); 405 406 406 407 tp->reordering = sysctl_tcp_reordering; 407 408 tcp_enable_early_retrans(tp); ··· 2599 2598 const struct tcp_sock *tp = tcp_sk(sk); 2600 2599 const struct inet_connection_sock *icsk = inet_csk(sk); 2601 2600 u32 now = tcp_time_stamp; 2601 + unsigned int start; 2602 2602 u32 rate; 2603 2603 2604 2604 memset(info, 0, sizeof(*info)); ··· 2667 2665 rate = READ_ONCE(sk->sk_max_pacing_rate); 2668 2666 info->tcpi_max_pacing_rate = rate != ~0U ? rate : ~0ULL; 2669 2667 2670 - spin_lock_bh(&sk->sk_lock.slock); 2671 - info->tcpi_bytes_acked = tp->bytes_acked; 2672 - info->tcpi_bytes_received = tp->bytes_received; 2673 - spin_unlock_bh(&sk->sk_lock.slock); 2668 + do { 2669 + start = u64_stats_fetch_begin_irq(&tp->syncp); 2670 + info->tcpi_bytes_acked = tp->bytes_acked; 2671 + info->tcpi_bytes_received = tp->bytes_received; 2672 + } while (u64_stats_fetch_retry_irq(&tp->syncp, start)); 2674 2673 } 2675 2674 EXPORT_SYMBOL_GPL(tcp_get_info); 2676 2675
+4
net/ipv4/tcp_fastopen.c
··· 206 206 skb_set_owner_r(skb2, child); 207 207 __skb_queue_tail(&child->sk_receive_queue, skb2); 208 208 tp->syn_data_acked = 1; 209 + 210 + /* u64_stats_update_begin(&tp->syncp) not needed here, 211 + * as we certainly are not changing upper 32bit value (0) 212 + */ 209 213 tp->bytes_received = end_seq - TCP_SKB_CB(skb)->seq - 1; 210 214 } else { 211 215 end_seq = TCP_SKB_CB(skb)->seq + 1;
+13 -6
net/ipv4/tcp_input.c
··· 2698 2698 struct tcp_sock *tp = tcp_sk(sk); 2699 2699 bool recovered = !before(tp->snd_una, tp->high_seq); 2700 2700 2701 + if ((flag & FLAG_SND_UNA_ADVANCED) && 2702 + tcp_try_undo_loss(sk, false)) 2703 + return; 2704 + 2701 2705 if (tp->frto) { /* F-RTO RFC5682 sec 3.1 (sack enhanced version). */ 2702 2706 /* Step 3.b. A timeout is spurious if not all data are 2703 2707 * lost, i.e., never-retransmitted data are (s)acked. 2704 2708 */ 2705 - if (tcp_try_undo_loss(sk, flag & FLAG_ORIG_SACK_ACKED)) 2709 + if ((flag & FLAG_ORIG_SACK_ACKED) && 2710 + tcp_try_undo_loss(sk, true)) 2706 2711 return; 2707 2712 2708 - if (after(tp->snd_nxt, tp->high_seq) && 2709 - (flag & FLAG_DATA_SACKED || is_dupack)) { 2710 - tp->frto = 0; /* Loss was real: 2nd part of step 3.a */ 2713 + if (after(tp->snd_nxt, tp->high_seq)) { 2714 + if (flag & FLAG_DATA_SACKED || is_dupack) 2715 + tp->frto = 0; /* Step 3.a. loss was real */ 2711 2716 } else if (flag & FLAG_SND_UNA_ADVANCED && !recovered) { 2712 2717 tp->high_seq = tp->snd_nxt; 2713 2718 __tcp_push_pending_frames(sk, tcp_current_mss(sk), ··· 2737 2732 else if (flag & FLAG_SND_UNA_ADVANCED) 2738 2733 tcp_reset_reno_sack(tp); 2739 2734 } 2740 - if (tcp_try_undo_loss(sk, false)) 2741 - return; 2742 2735 tcp_xmit_retransmit_queue(sk); 2743 2736 } 2744 2737 ··· 3286 3283 { 3287 3284 u32 delta = ack - tp->snd_una; 3288 3285 3286 + u64_stats_update_begin(&tp->syncp); 3289 3287 tp->bytes_acked += delta; 3288 + u64_stats_update_end(&tp->syncp); 3290 3289 tp->snd_una = ack; 3291 3290 } 3292 3291 ··· 3297 3292 { 3298 3293 u32 delta = seq - tp->rcv_nxt; 3299 3294 3295 + u64_stats_update_begin(&tp->syncp); 3300 3296 tp->bytes_received += delta; 3297 + u64_stats_update_end(&tp->syncp); 3301 3298 tp->rcv_nxt = seq; 3302 3299 } 3303 3300
+1 -1
net/ipv4/tcp_minisocks.c
··· 300 300 tw->tw_v6_daddr = sk->sk_v6_daddr; 301 301 tw->tw_v6_rcv_saddr = sk->sk_v6_rcv_saddr; 302 302 tw->tw_tclass = np->tclass; 303 - tw->tw_flowlabel = np->flow_label >> 12; 303 + tw->tw_flowlabel = be32_to_cpu(np->flow_label & IPV6_FLOWLABEL_MASK); 304 304 tw->tw_ipv6only = sk->sk_ipv6only; 305 305 } 306 306 #endif
+37 -2
net/ipv6/ip6_fib.c
··· 693 693 { 694 694 struct rt6_info *iter = NULL; 695 695 struct rt6_info **ins; 696 + struct rt6_info **fallback_ins = NULL; 696 697 int replace = (info->nlh && 697 698 (info->nlh->nlmsg_flags & NLM_F_REPLACE)); 698 699 int add = (!info->nlh || ··· 717 716 (info->nlh->nlmsg_flags & NLM_F_EXCL)) 718 717 return -EEXIST; 719 718 if (replace) { 720 - found++; 721 - break; 719 + if (rt_can_ecmp == rt6_qualify_for_ecmp(iter)) { 720 + found++; 721 + break; 722 + } 723 + if (rt_can_ecmp) 724 + fallback_ins = fallback_ins ?: ins; 725 + goto next_iter; 722 726 } 723 727 724 728 if (iter->dst.dev == rt->dst.dev && ··· 759 753 if (iter->rt6i_metric > rt->rt6i_metric) 760 754 break; 761 755 756 + next_iter: 762 757 ins = &iter->dst.rt6_next; 758 + } 759 + 760 + if (fallback_ins && !found) { 761 + /* No ECMP-able route found, replace first non-ECMP one */ 762 + ins = fallback_ins; 763 + iter = *ins; 764 + found++; 763 765 } 764 766 765 767 /* Reset round-robin state, if necessary */ ··· 829 815 } 830 816 831 817 } else { 818 + int nsiblings; 819 + 832 820 if (!found) { 833 821 if (add) 834 822 goto add; ··· 851 835 info->nl_net->ipv6.rt6_stats->fib_route_nodes++; 852 836 fn->fn_flags |= RTN_RTINFO; 853 837 } 838 + nsiblings = iter->rt6i_nsiblings; 854 839 fib6_purge_rt(iter, fn, info->nl_net); 855 840 rt6_release(iter); 841 + 842 + if (nsiblings) { 843 + /* Replacing an ECMP route, remove all siblings */ 844 + ins = &rt->dst.rt6_next; 845 + iter = *ins; 846 + while (iter) { 847 + if (rt6_qualify_for_ecmp(iter)) { 848 + *ins = iter->dst.rt6_next; 849 + fib6_purge_rt(iter, fn, info->nl_net); 850 + rt6_release(iter); 851 + nsiblings--; 852 + } else { 853 + ins = &iter->dst.rt6_next; 854 + } 855 + iter = *ins; 856 + } 857 + WARN_ON(nsiblings != 0); 858 + } 856 859 } 857 860 858 861 return 0;
+3 -1
net/ipv6/ip6_output.c
··· 1300 1300 1301 1301 /* If this is the first and only packet and device 1302 1302 * supports checksum offloading, let's use it. 1303 + * Use transhdrlen, same as IPv4, because partial 1304 + * sums only work when transhdrlen is set. 1303 1305 */ 1304 - if (!skb && sk->sk_protocol == IPPROTO_UDP && 1306 + if (transhdrlen && sk->sk_protocol == IPPROTO_UDP && 1305 1307 length + fragheaderlen < mtu && 1306 1308 rt->dst.dev->features & NETIF_F_V6_CSUM && 1307 1309 !exthdrlen)
+6
net/ipv6/netfilter/ip6_tables.c
··· 1275 1275 /* overflow check */ 1276 1276 if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) 1277 1277 return -ENOMEM; 1278 + if (tmp.num_counters == 0) 1279 + return -EINVAL; 1280 + 1278 1281 tmp.name[sizeof(tmp.name)-1] = 0; 1279 1282 1280 1283 newinfo = xt_alloc_table_info(tmp.size); ··· 1825 1822 return -ENOMEM; 1826 1823 if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) 1827 1824 return -ENOMEM; 1825 + if (tmp.num_counters == 0) 1826 + return -EINVAL; 1827 + 1828 1828 tmp.name[sizeof(tmp.name)-1] = 0; 1829 1829 1830 1830 newinfo = xt_alloc_table_info(tmp.size);
+9 -5
net/ipv6/route.c
··· 2504 2504 int attrlen; 2505 2505 int err = 0, last_err = 0; 2506 2506 2507 + remaining = cfg->fc_mp_len; 2507 2508 beginning: 2508 2509 rtnh = (struct rtnexthop *)cfg->fc_mp; 2509 - remaining = cfg->fc_mp_len; 2510 2510 2511 2511 /* Parse a Multipath Entry */ 2512 2512 while (rtnh_ok(rtnh, remaining)) { ··· 2536 2536 * next hops that have been already added. 2537 2537 */ 2538 2538 add = 0; 2539 + remaining = cfg->fc_mp_len - remaining; 2539 2540 goto beginning; 2540 2541 } 2541 2542 } 2542 2543 /* Because each route is added like a single route we remove 2543 - * this flag after the first nexthop (if there is a collision, 2544 - * we have already fail to add the first nexthop: 2545 - * fib6_add_rt2node() has reject it). 2544 + * these flags after the first nexthop: if there is a collision, 2545 + * we have already failed to add the first nexthop: 2546 + * fib6_add_rt2node() has rejected it; when replacing, old 2547 + * nexthops have been replaced by first new, the rest should 2548 + * be added to it. 2546 2549 */ 2547 - cfg->fc_nlinfo.nlh->nlmsg_flags &= ~NLM_F_EXCL; 2550 + cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | 2551 + NLM_F_REPLACE); 2548 2552 rtnh = rtnh_next(rtnh, &remaining); 2549 2553 } 2550 2554
+1 -1
net/ipv6/tcp_ipv6.c
··· 914 914 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale, 915 915 tcp_time_stamp + tcptw->tw_ts_offset, 916 916 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw), 917 - tw->tw_tclass, (tw->tw_flowlabel << 12)); 917 + tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel)); 918 918 919 919 inet_twsk_put(tw); 920 920 }
+3 -1
net/ipv6/udp.c
··· 731 731 (inet->inet_dport && inet->inet_dport != rmt_port) || 732 732 (!ipv6_addr_any(&sk->sk_v6_daddr) && 733 733 !ipv6_addr_equal(&sk->sk_v6_daddr, rmt_addr)) || 734 - (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif)) 734 + (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif) || 735 + (!ipv6_addr_any(&sk->sk_v6_rcv_saddr) && 736 + !ipv6_addr_equal(&sk->sk_v6_rcv_saddr, loc_addr))) 735 737 return false; 736 738 if (!inet6_mc_check(sk, loc_addr, rmt_addr)) 737 739 return false;
+4 -2
net/mac80211/wep.c
··· 98 98 99 99 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 100 100 101 - if (WARN_ON(skb_tailroom(skb) < IEEE80211_WEP_ICV_LEN || 102 - skb_headroom(skb) < IEEE80211_WEP_IV_LEN)) 101 + if (WARN_ON(skb_headroom(skb) < IEEE80211_WEP_IV_LEN)) 103 102 return NULL; 104 103 105 104 hdrlen = ieee80211_hdrlen(hdr->frame_control); ··· 165 166 u8 *iv; 166 167 size_t len; 167 168 u8 rc4key[3 + WLAN_KEY_LEN_WEP104]; 169 + 170 + if (WARN_ON(skb_tailroom(skb) < IEEE80211_WEP_ICV_LEN)) 171 + return -1; 168 172 169 173 iv = ieee80211_wep_add_iv(local, skb, keylen, keyidx); 170 174 if (!iv)
+2
net/netfilter/Kconfig
··· 863 863 depends on NETFILTER_XTABLES 864 864 depends on NETFILTER_ADVANCED 865 865 depends on (IPV6 || IPV6=n) 866 + depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) 866 867 depends on IP_NF_MANGLE 867 868 select NF_DEFRAG_IPV4 868 869 select NF_DEFRAG_IPV6 if IP6_NF_IPTABLES ··· 1357 1356 depends on NETFILTER_ADVANCED 1358 1357 depends on !NF_CONNTRACK || NF_CONNTRACK 1359 1358 depends on (IPV6 || IPV6=n) 1359 + depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) 1360 1360 select NF_DEFRAG_IPV4 1361 1361 select NF_DEFRAG_IPV6 if IP6_NF_IPTABLES 1362 1362 help
+3
net/netfilter/ipvs/ip_vs_ctl.c
··· 3823 3823 cancel_work_sync(&ipvs->defense_work.work); 3824 3824 unregister_net_sysctl_table(ipvs->sysctl_hdr); 3825 3825 ip_vs_stop_estimator(net, &ipvs->tot_stats); 3826 + 3827 + if (!net_eq(net, &init_net)) 3828 + kfree(ipvs->sysctl_tbl); 3826 3829 } 3827 3830 3828 3831 #else
+32 -3
net/netfilter/nf_conntrack_proto_tcp.c
··· 202 202 * sES -> sES :-) 203 203 * sFW -> sCW Normal close request answered by ACK. 204 204 * sCW -> sCW 205 - * sLA -> sTW Last ACK detected. 205 + * sLA -> sTW Last ACK detected (RFC5961 challenged) 206 206 * sTW -> sTW Retransmitted last ACK. Remain in the same state. 207 207 * sCL -> sCL 208 208 */ ··· 261 261 * sES -> sES :-) 262 262 * sFW -> sCW Normal close request answered by ACK. 263 263 * sCW -> sCW 264 - * sLA -> sTW Last ACK detected. 264 + * sLA -> sTW Last ACK detected (RFC5961 challenged) 265 265 * sTW -> sTW Retransmitted last ACK. 266 266 * sCL -> sCL 267 267 */ ··· 906 906 1 : ct->proto.tcp.last_win; 907 907 ct->proto.tcp.seen[ct->proto.tcp.last_dir].td_scale = 908 908 ct->proto.tcp.last_wscale; 909 + ct->proto.tcp.last_flags &= ~IP_CT_EXP_CHALLENGE_ACK; 909 910 ct->proto.tcp.seen[ct->proto.tcp.last_dir].flags = 910 911 ct->proto.tcp.last_flags; 911 912 memset(&ct->proto.tcp.seen[dir], 0, ··· 924 923 * may be in sync but we are not. In that case, we annotate 925 924 * the TCP options and let the packet go through. If it is a 926 925 * valid SYN packet, the server will reply with a SYN/ACK, and 927 - * then we'll get in sync. Otherwise, the server ignores it. */ 926 + * then we'll get in sync. Otherwise, the server potentially 927 + * responds with a challenge ACK if implementing RFC5961. 928 + */ 928 929 if (index == TCP_SYN_SET && dir == IP_CT_DIR_ORIGINAL) { 929 930 struct ip_ct_tcp_state seen = {}; 930 931 ··· 942 939 ct->proto.tcp.last_flags |= 943 940 IP_CT_TCP_FLAG_SACK_PERM; 944 941 } 942 + /* Mark the potential for RFC5961 challenge ACK, 943 + * this pose a special problem for LAST_ACK state 944 + * as ACK is intrepretated as ACKing last FIN. 945 + */ 946 + if (old_state == TCP_CONNTRACK_LAST_ACK) 947 + ct->proto.tcp.last_flags |= 948 + IP_CT_EXP_CHALLENGE_ACK; 945 949 } 946 950 spin_unlock_bh(&ct->lock); 947 951 if (LOG_INVALID(net, IPPROTO_TCP)) ··· 980 970 nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL, 981 971 "nf_ct_tcp: invalid state "); 982 972 return -NF_ACCEPT; 973 + case TCP_CONNTRACK_TIME_WAIT: 974 + /* RFC5961 compliance cause stack to send "challenge-ACK" 975 + * e.g. in response to spurious SYNs. Conntrack MUST 976 + * not believe this ACK is acking last FIN. 977 + */ 978 + if (old_state == TCP_CONNTRACK_LAST_ACK && 979 + index == TCP_ACK_SET && 980 + ct->proto.tcp.last_dir != dir && 981 + ct->proto.tcp.last_index == TCP_SYN_SET && 982 + (ct->proto.tcp.last_flags & IP_CT_EXP_CHALLENGE_ACK)) { 983 + /* Detected RFC5961 challenge ACK */ 984 + ct->proto.tcp.last_flags &= ~IP_CT_EXP_CHALLENGE_ACK; 985 + spin_unlock_bh(&ct->lock); 986 + if (LOG_INVALID(net, IPPROTO_TCP)) 987 + nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL, 988 + "nf_ct_tcp: challenge-ACK ignored "); 989 + return NF_ACCEPT; /* Don't change state */ 990 + } 991 + break; 983 992 case TCP_CONNTRACK_CLOSE: 984 993 if (index == TCP_RST_SET 985 994 && (ct->proto.tcp.seen[!dir].flags & IP_CT_TCP_FLAG_MAXACK_SET)
+2 -2
net/netfilter/nf_tables_api.c
··· 4472 4472 */ 4473 4473 void nft_data_uninit(const struct nft_data *data, enum nft_data_types type) 4474 4474 { 4475 - switch (type) { 4476 - case NFT_DATA_VALUE: 4475 + if (type < NFT_DATA_VERDICT) 4477 4476 return; 4477 + switch (type) { 4478 4478 case NFT_DATA_VERDICT: 4479 4479 return nft_verdict_uninit(data); 4480 4480 default:
+2 -1
net/netlink/af_netlink.c
··· 89 89 return nlk_sk(sk)->flags & NETLINK_KERNEL_SOCKET; 90 90 } 91 91 92 - struct netlink_table *nl_table; 92 + struct netlink_table *nl_table __read_mostly; 93 93 EXPORT_SYMBOL_GPL(nl_table); 94 94 95 95 static DECLARE_WAIT_QUEUE_HEAD(nl_table_wait); ··· 1081 1081 if (err) { 1082 1082 if (err == -EEXIST) 1083 1083 err = -EADDRINUSE; 1084 + nlk_sk(sk)->portid = 0; 1084 1085 sock_put(sk); 1085 1086 } 1086 1087
+5
net/sched/cls_api.c
··· 81 81 struct tcf_proto_ops *t; 82 82 int rc = -ENOENT; 83 83 84 + /* Wait for outstanding call_rcu()s, if any, from a 85 + * tcf_proto_ops's destroy() handler. 86 + */ 87 + rcu_barrier(); 88 + 84 89 write_lock(&cls_mod_lock); 85 90 list_for_each_entry(t, &tcf_proto_base, head) { 86 91 if (t == ops) {
+3 -3
net/switchdev/switchdev.c
··· 338 338 fi, tos, type, nlflags, 339 339 tb_id); 340 340 if (!err) 341 - fi->fib_flags |= RTNH_F_EXTERNAL; 341 + fi->fib_flags |= RTNH_F_OFFLOAD; 342 342 } 343 343 344 344 return err; ··· 364 364 const struct swdev_ops *ops; 365 365 int err = 0; 366 366 367 - if (!(fi->fib_flags & RTNH_F_EXTERNAL)) 367 + if (!(fi->fib_flags & RTNH_F_OFFLOAD)) 368 368 return 0; 369 369 370 370 dev = netdev_switch_get_dev_by_nhs(fi); ··· 376 376 err = ops->swdev_fib_ipv4_del(dev, htonl(dst), dst_len, 377 377 fi, tos, type, tb_id); 378 378 if (!err) 379 - fi->fib_flags &= ~RTNH_F_EXTERNAL; 379 + fi->fib_flags &= ~RTNH_F_OFFLOAD; 380 380 } 381 381 382 382 return err;