tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'net-6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Including fixes from netfilter, and wifi.
Current release - regressions:
- Revert "net/sched: taprio: make qdisc_leaf() see the
per-netdev-queue pfifo child qdiscs", it may cause crashes when the
qdisc is reconfigured
- inet: ping: fix splat due to packet allocation refactoring in inet
- tcp: clean up kernel listener's reqsk in inet_twsk_purge(), fix UAF
due to races when per-netns hash table is used
Current release - new code bugs:
- eth: adin1110: check in netdev_event that netdev belongs to driver
- fixes for PTR_ERR() vs NULL bugs in driver code, from Dan and co.
Previous releases - regressions:
- ipv4: handle attempt to delete multipath route when fib_info
contains an nh reference, avoid oob access
- wifi: fix handful of bugs in the new Multi-BSSID code
- wifi: mt76: fix rate reporting / throughput regression on mt7915
and newer, fix checksum offload
- wifi: iwlwifi: mvm: fix double list_add at
iwl_mvm_mac_wake_tx_queue (other cases)
- wifi: mac80211: do not drop packets smaller than the LLC-SNAP
header on fast-rx
Previous releases - always broken:
- ieee802154: don't warn zero-sized raw_sendmsg()
- ipv6: ping: fix wrong checksum for large frames
- mctp: prevent double key removal and unref
- tcp/udp: fix memory leaks and races around IPV6_ADDRFORM
- hv_netvsc: fix race between VF offering and VF association message
Misc:
- remove -Warray-bounds silencing in the drivers, compilers fixed"
* tag 'net-6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (73 commits)
sunhme: fix an IS_ERR() vs NULL check in probe
net: marvell: prestera: fix a couple NULL vs IS_ERR() checks
kcm: avoid potential race in kcm_tx_work
tcp: Clean up kernel listener's reqsk in inet_twsk_purge()
net: phy: micrel: Fixes FIELD_GET assertion
openvswitch: add nf_ct_is_confirmed check before assigning the helper
tcp: Fix data races around icsk->icsk_af_ops.
ipv6: Fix data races around sk->sk_prot.
tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
tcp/udp: Fix memory leak in ipv6_renew_options().
mctp: prevent double key removal and unref
selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1
netfilter: rpfilter/fib: Populate flowic_l3mdev field
selftests: netfilter: Test reverse path filtering
net/mlx5: Make ASO poll CQ usable in atomic context
tcp: cdg: allow tcp_cdg_release() to be called multiple times
inet: ping: fix recent breakage
ipv6: ping: fix wrong checksum for large frames
net: ethernet: ti: am65-cpsw: set correct devlink flavour for unused ports
...
+683
-274
+1
-1
Documentation/networking/phy.rst
+1
-1
Documentation/networking/phy.rst
···
120
120
available:
121
121
122
122
* Some SoCs may offer a pin pad/mux/controller capable of configuring a given
123
-
set of pins'strength, delays, and voltage; and it may be a suitable
123
+
set of pins' strength, delays, and voltage; and it may be a suitable
124
124
option to insert the expected 2ns RGMII delay.
125
125
126
126
* Modifying the PCB design to include a fixed delay (e.g: using a specifically
+1
MAINTAINERS
+1
MAINTAINERS
···
18670
18670
SHARED MEMORY COMMUNICATIONS (SMC) SOCKETS
18671
18671
M: Karsten Graul <kgraul@linux.ibm.com>
18672
18672
M: Wenjia Zhang <wenjia@linux.ibm.com>
18673
+
M: Jan Karcher <jaka@linux.ibm.com>
18673
18674
L: linux-s390@vger.kernel.org
18674
18675
S: Supported
18675
18676
W: http://www.ibm.com/developerworks/linux/linux390/
+1
-2
drivers/isdn/hardware/mISDN/hfcpci.c
+1
-2
drivers/isdn/hardware/mISDN/hfcpci.c
+2
drivers/net/can/usb/kvaser_usb/kvaser_usb.h
+2
drivers/net/can/usb/kvaser_usb/kvaser_usb.h
···
178
178
extern const struct kvaser_usb_dev_ops kvaser_usb_hydra_dev_ops;
179
179
extern const struct kvaser_usb_dev_ops kvaser_usb_leaf_dev_ops;
180
180
181
+
void kvaser_usb_unlink_tx_urbs(struct kvaser_usb_net_priv *priv);
182
+
181
183
int kvaser_usb_recv_cmd(const struct kvaser_usb *dev, void *cmd, int len,
182
184
int *actual_len);
183
185
+2
-1
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
+2
-1
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
···
477
477
/* This method might sleep. Do not call it in the atomic context
478
478
* of URB completions.
479
479
*/
480
-
static void kvaser_usb_unlink_tx_urbs(struct kvaser_usb_net_priv *priv)
480
+
void kvaser_usb_unlink_tx_urbs(struct kvaser_usb_net_priv *priv)
481
481
{
482
482
usb_kill_anchored_urbs(&priv->tx_submitted);
483
483
kvaser_usb_reset_tx_urb_contexts(priv);
···
729
729
init_usb_anchor(&priv->tx_submitted);
730
730
init_completion(&priv->start_comp);
731
731
init_completion(&priv->stop_comp);
732
+
init_completion(&priv->flush_comp);
732
733
priv->can.ctrlmode_supported = 0;
733
734
734
735
priv->dev = dev;
+1
-1
drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
+1
-1
drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c
+79
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+79
drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
···
310
310
} u;
311
311
} __packed;
312
312
313
+
#define CMD_SIZE_ANY 0xff
314
+
#define kvaser_fsize(field) sizeof_field(struct kvaser_cmd, field)
315
+
316
+
static const u8 kvaser_usb_leaf_cmd_sizes_leaf[] = {
317
+
[CMD_START_CHIP_REPLY] = kvaser_fsize(u.simple),
318
+
[CMD_STOP_CHIP_REPLY] = kvaser_fsize(u.simple),
319
+
[CMD_GET_CARD_INFO_REPLY] = kvaser_fsize(u.cardinfo),
320
+
[CMD_TX_ACKNOWLEDGE] = kvaser_fsize(u.tx_acknowledge_header),
321
+
[CMD_GET_SOFTWARE_INFO_REPLY] = kvaser_fsize(u.leaf.softinfo),
322
+
[CMD_RX_STD_MESSAGE] = kvaser_fsize(u.leaf.rx_can),
323
+
[CMD_RX_EXT_MESSAGE] = kvaser_fsize(u.leaf.rx_can),
324
+
[CMD_LEAF_LOG_MESSAGE] = kvaser_fsize(u.leaf.log_message),
325
+
[CMD_CHIP_STATE_EVENT] = kvaser_fsize(u.leaf.chip_state_event),
326
+
[CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.leaf.error_event),
327
+
/* ignored events: */
328
+
[CMD_FLUSH_QUEUE_REPLY] = CMD_SIZE_ANY,
329
+
};
330
+
331
+
static const u8 kvaser_usb_leaf_cmd_sizes_usbcan[] = {
332
+
[CMD_START_CHIP_REPLY] = kvaser_fsize(u.simple),
333
+
[CMD_STOP_CHIP_REPLY] = kvaser_fsize(u.simple),
334
+
[CMD_GET_CARD_INFO_REPLY] = kvaser_fsize(u.cardinfo),
335
+
[CMD_TX_ACKNOWLEDGE] = kvaser_fsize(u.tx_acknowledge_header),
336
+
[CMD_GET_SOFTWARE_INFO_REPLY] = kvaser_fsize(u.usbcan.softinfo),
337
+
[CMD_RX_STD_MESSAGE] = kvaser_fsize(u.usbcan.rx_can),
338
+
[CMD_RX_EXT_MESSAGE] = kvaser_fsize(u.usbcan.rx_can),
339
+
[CMD_CHIP_STATE_EVENT] = kvaser_fsize(u.usbcan.chip_state_event),
340
+
[CMD_CAN_ERROR_EVENT] = kvaser_fsize(u.usbcan.error_event),
341
+
/* ignored events: */
342
+
[CMD_USBCAN_CLOCK_OVERFLOW_EVENT] = CMD_SIZE_ANY,
343
+
};
344
+
313
345
/* Summary of a kvaser error event, for a unified Leaf/Usbcan error
314
346
* handling. Some discrepancies between the two families exist:
315
347
*
···
428
396
.timestamp_freq = 1,
429
397
.bittiming_const = &kvaser_usb_flexc_bittiming_const,
430
398
};
399
+
400
+
static int kvaser_usb_leaf_verify_size(const struct kvaser_usb *dev,
401
+
const struct kvaser_cmd *cmd)
402
+
{
403
+
/* buffer size >= cmd->len ensured by caller */
404
+
u8 min_size = 0;
405
+
406
+
switch (dev->driver_info->family) {
407
+
case KVASER_LEAF:
408
+
if (cmd->id < ARRAY_SIZE(kvaser_usb_leaf_cmd_sizes_leaf))
409
+
min_size = kvaser_usb_leaf_cmd_sizes_leaf[cmd->id];
410
+
break;
411
+
case KVASER_USBCAN:
412
+
if (cmd->id < ARRAY_SIZE(kvaser_usb_leaf_cmd_sizes_usbcan))
413
+
min_size = kvaser_usb_leaf_cmd_sizes_usbcan[cmd->id];
414
+
break;
415
+
}
416
+
417
+
if (min_size == CMD_SIZE_ANY)
418
+
return 0;
419
+
420
+
if (min_size) {
421
+
min_size += CMD_HEADER_LEN;
422
+
if (cmd->len >= min_size)
423
+
return 0;
424
+
425
+
dev_err_ratelimited(&dev->intf->dev,
426
+
"Received command %u too short (size %u, needed %u)",
427
+
cmd->id, cmd->len, min_size);
428
+
return -EIO;
429
+
}
430
+
431
+
dev_warn_ratelimited(&dev->intf->dev,
432
+
"Unhandled command (%d, size %d)\n",
433
+
cmd->id, cmd->len);
434
+
return -EINVAL;
435
+
}
431
436
432
437
static void *
433
438
kvaser_usb_leaf_frame_to_cmd(const struct kvaser_usb_net_priv *priv,
···
570
501
571
502
end:
572
503
kfree(buf);
504
+
505
+
if (err == 0)
506
+
err = kvaser_usb_leaf_verify_size(dev, cmd);
573
507
574
508
return err;
575
509
}
···
1205
1133
static void kvaser_usb_leaf_handle_command(const struct kvaser_usb *dev,
1206
1134
const struct kvaser_cmd *cmd)
1207
1135
{
1136
+
if (kvaser_usb_leaf_verify_size(dev, cmd) < 0)
1137
+
return;
1138
+
1208
1139
switch (cmd->id) {
1209
1140
case CMD_START_CHIP_REPLY:
1210
1141
kvaser_usb_leaf_start_chip_reply(dev, cmd);
···
1426
1351
1427
1352
switch (mode) {
1428
1353
case CAN_MODE_START:
1354
+
kvaser_usb_unlink_tx_urbs(priv);
1355
+
1429
1356
err = kvaser_usb_leaf_simple_cmd_async(priv, CMD_START_CHIP);
1430
1357
if (err)
1431
1358
return err;
1359
+
1360
+
priv->can.state = CAN_STATE_ERROR_ACTIVE;
1432
1361
break;
1433
1362
default:
1434
1363
return -EOPNOTSUPP;
+8
-5
drivers/net/ethernet/adi/adin1110.c
+8
-5
drivers/net/ethernet/adi/adin1110.c
···
1169
1169
return ret;
1170
1170
}
1171
1171
1172
+
static bool adin1110_port_dev_check(const struct net_device *dev)
1173
+
{
1174
+
return dev->netdev_ops == &adin1110_netdev_ops;
1175
+
}
1176
+
1172
1177
static int adin1110_netdevice_event(struct notifier_block *unused,
1173
1178
unsigned long event, void *ptr)
1174
1179
{
···
1181
1176
struct adin1110_port_priv *port_priv = netdev_priv(dev);
1182
1177
struct netdev_notifier_changeupper_info *info = ptr;
1183
1178
int ret = 0;
1179
+
1180
+
if (!adin1110_port_dev_check(dev))
1181
+
return NOTIFY_DONE;
1184
1182
1185
1183
switch (event) {
1186
1184
case NETDEV_CHANGEUPPER:
···
1208
1200
static void adin1110_disconnect_phy(void *data)
1209
1201
{
1210
1202
phy_disconnect(data);
1211
-
}
1212
-
1213
-
static bool adin1110_port_dev_check(const struct net_device *dev)
1214
-
{
1215
-
return dev->netdev_ops == &adin1110_netdev_ops;
1216
1203
}
1217
1204
1218
1205
static int adin1110_port_set_forwarding_state(struct adin1110_port_priv *port_priv)
-5
drivers/net/ethernet/broadcom/Makefile
-5
drivers/net/ethernet/broadcom/Makefile
+1
-1
drivers/net/ethernet/broadcom/bcmsysport.h
+1
-1
drivers/net/ethernet/broadcom/bcmsysport.h
-1
drivers/net/ethernet/freescale/enetc/enetc_qos.c
-1
drivers/net/ethernet/freescale/enetc/enetc_qos.c
+3
-1
drivers/net/ethernet/marvell/octeontx2/af/mcs.c
+3
-1
drivers/net/ethernet/marvell/octeontx2/af/mcs.c
···
1182
1182
mcs_reg_write(mcs, MCSX_PAB_TX_SLAVE_PAB_INT_ENB, 0xff);
1183
1183
1184
1184
mcs->tx_sa_active = alloc_mem(mcs, mcs->hw->sc_entries);
1185
-
if (!mcs->tx_sa_active)
1185
+
if (!mcs->tx_sa_active) {
1186
+
ret = -ENOMEM;
1186
1187
goto exit;
1188
+
}
1187
1189
1188
1190
return ret;
1189
1191
exit:
+4
-3
drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
+4
-3
drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c
···
133
133
default:
134
134
ret = -EINVAL;
135
135
goto fail;
136
-
};
136
+
}
137
137
138
138
mutex_unlock(&mbox->lock);
139
139
···
284
284
285
285
sc_req = otx2_mbox_alloc_msg_mcs_rx_sc_cam_write(mbox);
286
286
if (!sc_req) {
287
-
return -ENOMEM;
287
+
ret = -ENOMEM;
288
288
goto fail;
289
289
}
290
290
···
594
594
595
595
req = otx2_mbox_alloc_msg_mcs_flowid_ena_entry(mbox);
596
596
if (!req) {
597
-
return -ENOMEM;
597
+
ret = -ENOMEM;
598
598
goto fail;
599
599
}
600
600
···
1653
1653
return 0;
1654
1654
fail:
1655
1655
dev_err(pfvf->dev, "Cannot notify PN wrapped event\n");
1656
+
mutex_unlock(&mbox->lock);
1656
1657
return 0;
1657
1658
}
1658
1659
+3
-1
drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c
+3
-1
drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c
···
2810
2810
err = register_netdev(netdev);
2811
2811
if (err) {
2812
2812
dev_err(dev, "Failed to register netdevice\n");
2813
-
goto err_del_mcam_entries;
2813
+
goto err_mcs_free;
2814
2814
}
2815
2815
2816
2816
err = otx2_wq_init(pf);
···
2849
2849
otx2_mcam_flow_del(pf);
2850
2850
err_unreg_netdev:
2851
2851
unregister_netdev(netdev);
2852
+
err_mcs_free:
2853
+
cn10k_mcs_free(pf);
2852
2854
err_del_mcam_entries:
2853
2855
otx2_mcam_flow_del(pf);
2854
2856
err_ptp_destroy:
+2
drivers/net/ethernet/marvell/prestera/prestera_matchall.c
+2
drivers/net/ethernet/marvell/prestera/prestera_matchall.c
+3
-3
drivers/net/ethernet/marvell/prestera/prestera_router_hw.c
+3
-3
drivers/net/ethernet/marvell/prestera/prestera_router_hw.c
···
498
498
refcount_inc(&nh_grp->refcount);
499
499
} else {
500
500
nh_grp = __prestera_nexthop_group_create(sw, key);
501
-
if (IS_ERR(nh_grp))
502
-
return ERR_CAST(nh_grp);
501
+
if (!nh_grp)
502
+
return ERR_PTR(-ENOMEM);
503
503
504
504
refcount_set(&nh_grp->refcount, 1);
505
505
}
···
651
651
case PRESTERA_FIB_TYPE_UC_NH:
652
652
fib_node->info.nh_grp = prestera_nexthop_group_get(sw,
653
653
nh_grp_key);
654
-
if (!fib_node->info.nh_grp)
654
+
if (IS_ERR(fib_node->info.nh_grp))
655
655
goto err_nh_grp_get;
656
656
657
657
grp_id = fib_node->info.nh_grp->grp_id;
+4
-1
drivers/net/ethernet/marvell/prestera/prestera_span.c
+4
-1
drivers/net/ethernet/marvell/prestera/prestera_span.c
···
107
107
108
108
entry = prestera_span_entry_find_by_id(sw->span, span_id);
109
109
if (!entry)
110
-
return false;
110
+
return -ENOENT;
111
111
112
112
if (!refcount_dec_and_test(&entry->ref_count))
113
113
return 0;
···
150
150
bool ingress)
151
151
{
152
152
int err;
153
+
154
+
if (binding->span_id == PRESTERA_SPAN_INVALID_ID)
155
+
return -ENOENT;
153
156
154
157
err = prestera_hw_span_unbind(binding->port, ingress);
155
158
if (err)
-5
drivers/net/ethernet/mediatek/Makefile
-5
drivers/net/ethernet/mediatek/Makefile
+7
-1
drivers/net/ethernet/mellanox/mlx5/core/en/tc/meter.c
+7
-1
drivers/net/ethernet/mellanox/mlx5/core/en/tc/meter.c
···
115
115
struct mlx5e_flow_meters *flow_meters;
116
116
u8 cir_man, cir_exp, cbs_man, cbs_exp;
117
117
struct mlx5_aso_wqe *aso_wqe;
118
+
unsigned long expires;
118
119
struct mlx5_aso *aso;
119
120
u64 rate, burst;
120
121
u8 ds_cnt;
···
188
187
mlx5_aso_post_wqe(aso, true, &aso_wqe->ctrl);
189
188
190
189
/* With newer FW, the wait for the first ASO WQE is more than 2us, put the wait 10ms. */
191
-
err = mlx5_aso_poll_cq(aso, true, 10);
190
+
expires = jiffies + msecs_to_jiffies(10);
191
+
do {
192
+
err = mlx5_aso_poll_cq(aso, true);
193
+
if (err)
194
+
usleep_range(2, 10);
195
+
} while (err && time_is_after_jiffies(expires));
192
196
mutex_unlock(&flow_meters->aso_lock);
193
197
194
198
return err;
+2
-2
drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
+2
-2
drivers/net/ethernet/mellanox/mlx5/core/en_accel/macsec.c
···
1405
1405
MLX5_ACCESS_ASO_OPC_MOD_MACSEC);
1406
1406
macsec_aso_build_ctrl(aso, &aso_wqe->aso_ctrl, in);
1407
1407
mlx5_aso_post_wqe(maso, false, &aso_wqe->ctrl);
1408
-
err = mlx5_aso_poll_cq(maso, false, 10);
1408
+
err = mlx5_aso_poll_cq(maso, false);
1409
1409
mutex_unlock(&aso->aso_lock);
1410
1410
1411
1411
return err;
···
1430
1430
macsec_aso_build_wqe_ctrl_seg(aso, &aso_wqe->aso_ctrl, NULL);
1431
1431
1432
1432
mlx5_aso_post_wqe(maso, false, &aso_wqe->ctrl);
1433
-
err = mlx5_aso_poll_cq(maso, false, 10);
1433
+
err = mlx5_aso_poll_cq(maso, false);
1434
1434
if (err)
1435
1435
goto err_out;
1436
1436
+1
-9
drivers/net/ethernet/mellanox/mlx5/core/lib/aso.c
+1
-9
drivers/net/ethernet/mellanox/mlx5/core/lib/aso.c
···
381
381
WRITE_ONCE(doorbell_cseg, NULL);
382
382
}
383
383
384
-
int mlx5_aso_poll_cq(struct mlx5_aso *aso, bool with_data, u32 interval_ms)
384
+
int mlx5_aso_poll_cq(struct mlx5_aso *aso, bool with_data)
385
385
{
386
386
struct mlx5_aso_cq *cq = &aso->cq;
387
387
struct mlx5_cqe64 *cqe;
388
-
unsigned long expires;
389
388
390
389
cqe = mlx5_cqwq_get_cqe(&cq->wq);
391
-
392
-
expires = jiffies + msecs_to_jiffies(interval_ms);
393
-
while (!cqe && time_is_after_jiffies(expires)) {
394
-
usleep_range(2, 10);
395
-
cqe = mlx5_cqwq_get_cqe(&cq->wq);
396
-
}
397
-
398
390
if (!cqe)
399
391
return -ETIMEDOUT;
400
392
+1
-1
drivers/net/ethernet/mellanox/mlx5/core/lib/aso.h
+1
-1
drivers/net/ethernet/mellanox/mlx5/core/lib/aso.h
···
83
83
u32 obj_id, u32 opc_mode);
84
84
void mlx5_aso_post_wqe(struct mlx5_aso *aso, bool with_data,
85
85
struct mlx5_wqe_ctrl_seg *doorbell_cseg);
86
-
int mlx5_aso_poll_cq(struct mlx5_aso *aso, bool with_data, u32 interval_ms);
86
+
int mlx5_aso_poll_cq(struct mlx5_aso *aso, bool with_data);
87
87
88
88
struct mlx5_aso *mlx5_aso_create(struct mlx5_core_dev *mdev, u32 pdn);
89
89
void mlx5_aso_destroy(struct mlx5_aso *aso);
+2
-2
drivers/net/ethernet/netronome/nfp/flower/offload.c
+2
-2
drivers/net/ethernet/netronome/nfp/flower/offload.c
···
373
373
if (ipv6_tun) {
374
374
key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6;
375
375
key_size +=
376
-
sizeof(struct nfp_flower_ipv6_udp_tun);
376
+
sizeof(struct nfp_flower_ipv6_gre_tun);
377
377
} else {
378
378
key_size +=
379
-
sizeof(struct nfp_flower_ipv4_udp_tun);
379
+
sizeof(struct nfp_flower_ipv4_gre_tun);
380
380
}
381
381
382
382
if (enc_op.key) {
+2
-2
drivers/net/ethernet/sun/sunhme.c
+2
-2
drivers/net/ethernet/sun/sunhme.c
···
2896
2896
2897
2897
hpreg_res = devm_request_region(&pdev->dev, pci_resource_start(pdev, 0),
2898
2898
pci_resource_len(pdev, 0), DRV_NAME);
2899
-
if (IS_ERR(hpreg_res)) {
2900
-
err = PTR_ERR(hpreg_res);
2899
+
if (!hpreg_res) {
2900
+
err = -EBUSY;
2901
2901
dev_err(&pdev->dev, "Cannot obtain PCI resources, aborting.\n");
2902
2902
goto err_out_clear_quattro;
2903
2903
}
+4
-1
drivers/net/ethernet/ti/am65-cpsw-nuss.c
+4
-1
drivers/net/ethernet/ti/am65-cpsw-nuss.c
···
2476
2476
port = am65_common_get_port(common, i);
2477
2477
dl_port = &port->devlink_port;
2478
2478
2479
-
attrs.flavour = DEVLINK_PORT_FLAVOUR_PHYSICAL;
2479
+
if (port->ndev)
2480
+
attrs.flavour = DEVLINK_PORT_FLAVOUR_PHYSICAL;
2481
+
else
2482
+
attrs.flavour = DEVLINK_PORT_FLAVOUR_UNUSED;
2480
2483
attrs.phys.port_number = port->port_id;
2481
2484
attrs.switch_id.id_len = sizeof(resource_size_t);
2482
2485
memcpy(attrs.switch_id.id, common->switch_id, attrs.switch_id.id_len);
+2
-1
drivers/net/hyperv/hyperv_net.h
+2
-1
drivers/net/hyperv/hyperv_net.h
···
1051
1051
u32 vf_alloc;
1052
1052
/* Serial number of the VF to team with */
1053
1053
u32 vf_serial;
1054
-
1054
+
/* completion variable to confirm vf association */
1055
+
struct completion vf_add;
1055
1056
/* Is the current data path through the VF NIC? */
1056
1057
bool data_path_is_vf;
1057
1058
+4
drivers/net/hyperv/netvsc.c
+4
drivers/net/hyperv/netvsc.c
···
1580
1580
1581
1581
net_device_ctx->vf_alloc = nvmsg->msg.v4_msg.vf_assoc.allocated;
1582
1582
net_device_ctx->vf_serial = nvmsg->msg.v4_msg.vf_assoc.serial;
1583
+
1584
+
if (net_device_ctx->vf_alloc)
1585
+
complete(&net_device_ctx->vf_add);
1586
+
1583
1587
netdev_info(ndev, "VF slot %u %s\n",
1584
1588
net_device_ctx->vf_serial,
1585
1589
net_device_ctx->vf_alloc ? "added" : "removed");
+19
drivers/net/hyperv/netvsc_drv.c
+19
drivers/net/hyperv/netvsc_drv.c
···
2313
2313
2314
2314
}
2315
2315
2316
+
/* Fallback path to check synthetic vf with
2317
+
* help of mac addr
2318
+
*/
2319
+
list_for_each_entry(ndev_ctx, &netvsc_dev_list, list) {
2320
+
ndev = hv_get_drvdata(ndev_ctx->device_ctx);
2321
+
if (ether_addr_equal(vf_netdev->perm_addr, ndev->perm_addr)) {
2322
+
netdev_notice(vf_netdev,
2323
+
"falling back to mac addr based matching\n");
2324
+
return ndev;
2325
+
}
2326
+
}
2327
+
2316
2328
netdev_notice(vf_netdev,
2317
2329
"no netdev found for vf serial:%u\n", serial);
2318
2330
return NULL;
···
2421
2409
if (net_device_ctx->data_path_is_vf == vf_is_up)
2422
2410
return NOTIFY_OK;
2423
2411
2412
+
if (vf_is_up && !net_device_ctx->vf_alloc) {
2413
+
netdev_info(ndev, "Waiting for the VF association from host\n");
2414
+
wait_for_completion(&net_device_ctx->vf_add);
2415
+
}
2416
+
2424
2417
ret = netvsc_switch_datapath(ndev, vf_is_up);
2425
2418
2426
2419
if (ret) {
···
2457
2440
2458
2441
netvsc_vf_setxdp(vf_netdev, NULL);
2459
2442
2443
+
reinit_completion(&net_device_ctx->vf_add);
2460
2444
netdev_rx_handler_unregister(vf_netdev);
2461
2445
netdev_upper_dev_unlink(vf_netdev, ndev);
2462
2446
RCU_INIT_POINTER(net_device_ctx->vf_netdev, NULL);
···
2497
2479
2498
2480
INIT_DELAYED_WORK(&net_device_ctx->dwork, netvsc_link_change);
2499
2481
2482
+
init_completion(&net_device_ctx->vf_add);
2500
2483
spin_lock_init(&net_device_ctx->lock);
2501
2484
INIT_LIST_HEAD(&net_device_ctx->reconfig_events);
2502
2485
INIT_DELAYED_WORK(&net_device_ctx->vf_takeover, netvsc_vf_setup);
+1
-1
drivers/net/macvlan.c
+1
-1
drivers/net/macvlan.c
+5
-4
drivers/net/phy/micrel.c
+5
-4
drivers/net/phy/micrel.c
···
1838
1838
return phy_clear_bits(phydev, MII_BMCR, BMCR_ANENABLE | BMCR_SPEED100);
1839
1839
}
1840
1840
1841
-
static int ksz886x_cable_test_result_trans(u16 status, u16 mask)
1841
+
static __always_inline int ksz886x_cable_test_result_trans(u16 status, u16 mask)
1842
1842
{
1843
1843
switch (FIELD_GET(mask, status)) {
1844
1844
case KSZ8081_LMD_STAT_NORMAL:
···
1854
1854
}
1855
1855
}
1856
1856
1857
-
static bool ksz886x_cable_test_failed(u16 status, u16 mask)
1857
+
static __always_inline bool ksz886x_cable_test_failed(u16 status, u16 mask)
1858
1858
{
1859
1859
return FIELD_GET(mask, status) ==
1860
1860
KSZ8081_LMD_STAT_FAIL;
1861
1861
}
1862
1862
1863
-
static bool ksz886x_cable_test_fault_length_valid(u16 status, u16 mask)
1863
+
static __always_inline bool ksz886x_cable_test_fault_length_valid(u16 status, u16 mask)
1864
1864
{
1865
1865
switch (FIELD_GET(mask, status)) {
1866
1866
case KSZ8081_LMD_STAT_OPEN:
···
1871
1871
return false;
1872
1872
}
1873
1873
1874
-
static int ksz886x_cable_test_fault_length(struct phy_device *phydev, u16 status, u16 data_mask)
1874
+
static __always_inline int ksz886x_cable_test_fault_length(struct phy_device *phydev,
1875
+
u16 status, u16 data_mask)
1875
1876
{
1876
1877
int dt;
1877
1878
+3
drivers/net/phy/sfp-bus.c
+3
drivers/net/phy/sfp-bus.c
···
257
257
case SFF8024_ECC_100GBASE_SR4_25GBASE_SR:
258
258
phylink_set(modes, 100000baseSR4_Full);
259
259
phylink_set(modes, 25000baseSR_Full);
260
+
__set_bit(PHY_INTERFACE_MODE_25GBASER, interfaces);
260
261
break;
261
262
case SFF8024_ECC_100GBASE_LR4_25GBASE_LR:
262
263
case SFF8024_ECC_100GBASE_ER4_25GBASE_ER:
···
269
268
case SFF8024_ECC_25GBASE_CR_S:
270
269
case SFF8024_ECC_25GBASE_CR_N:
271
270
phylink_set(modes, 25000baseCR_Full);
271
+
__set_bit(PHY_INTERFACE_MODE_25GBASER, interfaces);
272
272
break;
273
273
case SFF8024_ECC_10GBASE_T_SFI:
274
274
case SFF8024_ECC_10GBASE_T_SR:
···
278
276
break;
279
277
case SFF8024_ECC_5GBASE_T:
280
278
phylink_set(modes, 5000baseT_Full);
279
+
__set_bit(PHY_INTERFACE_MODE_5GBASER, interfaces);
281
280
break;
282
281
case SFF8024_ECC_2_5GBASE_T:
283
282
phylink_set(modes, 2500baseT_Full);
+1
drivers/net/pse-pd/Kconfig
+1
drivers/net/pse-pd/Kconfig
+3
-2
drivers/net/wireless/ath/ath11k/mac.c
+3
-2
drivers/net/wireless/ath/ath11k/mac.c
···
2081
2081
struct cfg80211_chan_def def;
2082
2082
const struct ieee80211_sta_he_cap *he_cap = &sta->deflink.he_cap;
2083
2083
enum nl80211_band band;
2084
-
u16 *he_mcs_mask;
2084
+
u16 he_mcs_mask[NL80211_HE_NSS_MAX];
2085
2085
u8 max_nss, he_mcs;
2086
2086
u16 he_tx_mcs = 0, v = 0;
2087
2087
int i, he_nss, nss_idx;
···
2098
2098
return;
2099
2099
2100
2100
band = def.chan->band;
2101
-
he_mcs_mask = arvif->bitrate_mask.control[band].he_mcs;
2101
+
memcpy(he_mcs_mask, arvif->bitrate_mask.control[band].he_mcs,
2102
+
sizeof(he_mcs_mask));
2102
2103
2103
2104
if (ath11k_peer_assoc_h_he_masked(he_mcs_mask))
2104
2105
return;
+2
drivers/net/wireless/intel/iwlwifi/mvm/sta.c
+2
drivers/net/wireless/intel/iwlwifi/mvm/sta.c
···
384
384
iwl_mvm_txq_from_tid(sta, tid);
385
385
386
386
mvmtxq->txq_id = IWL_MVM_INVALID_QUEUE;
387
+
list_del_init(&mvmtxq->list);
387
388
}
388
389
389
390
/* Regardless if this is a reserved TXQ for a STA - mark it as false */
···
479
478
mvmsta->tid_data[tid].txq_id = IWL_MVM_INVALID_QUEUE;
480
479
481
480
mvmtxq->txq_id = IWL_MVM_INVALID_QUEUE;
481
+
list_del_init(&mvmtxq->list);
482
482
}
483
483
484
484
mvmsta->tfd_queue_msk &= ~BIT(queue); /* Don't use this queue anymore */
+2
drivers/net/wireless/mac80211_hwsim.c
+2
drivers/net/wireless/mac80211_hwsim.c
···
4973
4973
}
4974
4974
4975
4975
rx_status.rate_idx = nla_get_u32(info->attrs[HWSIM_ATTR_RX_RATE]);
4976
+
if (rx_status.rate_idx >= data2->hw->wiphy->bands[rx_status.band]->n_bitrates)
4977
+
goto out;
4976
4978
rx_status.signal = nla_get_u32(info->attrs[HWSIM_ATTR_SIGNAL]);
4977
4979
4978
4980
hdr = (void *)skb->data;
+1
-4
drivers/net/wireless/mediatek/mt76/dma.c
+1
-4
drivers/net/wireless/mediatek/mt76/dma.c
+7
-5
drivers/net/wireless/mediatek/mt76/mt7615/mac.c
+7
-5
drivers/net/wireless/mediatek/mt76/mt7615/mac.c
···
345
345
u32 rxd1 = le32_to_cpu(rxd[1]);
346
346
u32 rxd2 = le32_to_cpu(rxd[2]);
347
347
u32 csum_mask = MT_RXD0_NORMAL_IP_SUM | MT_RXD0_NORMAL_UDP_TCP_SUM;
348
+
u32 csum_status = *(u32 *)skb->cb;
348
349
bool unicast, hdr_trans, remove_pad, insert_ccmp_hdr = false;
349
350
u16 hdr_gap;
350
351
int phy_idx;
···
395
394
spin_unlock_bh(&dev->sta_poll_lock);
396
395
}
397
396
398
-
if ((rxd0 & csum_mask) == csum_mask)
397
+
if (mt76_is_mmio(&dev->mt76) && (rxd0 & csum_mask) == csum_mask &&
398
+
!(csum_status & (BIT(0) | BIT(2) | BIT(3))))
399
399
skb->ip_summed = CHECKSUM_UNNECESSARY;
400
400
401
401
if (rxd2 & MT_RXD2_NORMAL_FCS_ERR)
···
612
610
* When header translation failure is indicated,
613
611
* the hardware will insert an extra 2-byte field
614
612
* containing the data length after the protocol
615
-
* type field.
613
+
* type field. This happens either when the LLC-SNAP
614
+
* pattern did not match, or if a VLAN header was
615
+
* detected.
616
616
*/
617
617
pad_start = 12;
618
618
if (get_unaligned_be16(skb->data + pad_start) == ETH_P_8021Q)
619
619
pad_start += 4;
620
-
621
-
if (get_unaligned_be16(skb->data + pad_start) !=
622
-
skb->len - pad_start - 2)
620
+
else
623
621
pad_start = 0;
624
622
}
625
623
+7
-5
drivers/net/wireless/mediatek/mt76/mt7915/mac.c
+7
-5
drivers/net/wireless/mediatek/mt76/mt7915/mac.c
···
233
233
u8 remove_pad, amsdu_info;
234
234
u8 mode = 0, qos_ctl = 0;
235
235
struct mt7915_sta *msta = NULL;
236
+
u32 csum_status = *(u32 *)skb->cb;
236
237
bool hdr_trans;
237
238
u16 hdr_gap;
238
239
u16 seq_ctrl = 0;
···
289
288
if (!sband->channels)
290
289
return -EINVAL;
291
290
292
-
if ((rxd0 & csum_mask) == csum_mask)
291
+
if ((rxd0 & csum_mask) == csum_mask &&
292
+
!(csum_status & (BIT(0) | BIT(2) | BIT(3))))
293
293
skb->ip_summed = CHECKSUM_UNNECESSARY;
294
294
295
295
if (rxd1 & MT_RXD1_NORMAL_FCS_ERR)
···
448
446
* When header translation failure is indicated,
449
447
* the hardware will insert an extra 2-byte field
450
448
* containing the data length after the protocol
451
-
* type field.
449
+
* type field. This happens either when the LLC-SNAP
450
+
* pattern did not match, or if a VLAN header was
451
+
* detected.
452
452
*/
453
453
pad_start = 12;
454
454
if (get_unaligned_be16(skb->data + pad_start) == ETH_P_8021Q)
455
455
pad_start += 4;
456
-
457
-
if (get_unaligned_be16(skb->data + pad_start) !=
458
-
skb->len - pad_start - 2)
456
+
else
459
457
pad_start = 0;
460
458
}
461
459
+3
-1
drivers/net/wireless/mediatek/mt76/mt7921/mac.c
+3
-1
drivers/net/wireless/mediatek/mt76/mt7921/mac.c
···
230
230
struct mt76_phy *mphy = &dev->mt76.phy;
231
231
struct mt7921_phy *phy = &dev->phy;
232
232
struct ieee80211_supported_band *sband;
233
+
u32 csum_status = *(u32 *)skb->cb;
233
234
u32 rxd0 = le32_to_cpu(rxd[0]);
234
235
u32 rxd1 = le32_to_cpu(rxd[1]);
235
236
u32 rxd2 = le32_to_cpu(rxd[2]);
···
291
290
if (!sband->channels)
292
291
return -EINVAL;
293
292
294
-
if ((rxd0 & csum_mask) == csum_mask)
293
+
if (mt76_is_mmio(&dev->mt76) && (rxd0 & csum_mask) == csum_mask &&
294
+
!(csum_status & (BIT(0) | BIT(2) | BIT(3))))
295
295
skb->ip_summed = CHECKSUM_UNNECESSARY;
296
296
297
297
if (rxd1 & MT_RXD1_NORMAL_FCS_ERR)
+8
-2
drivers/net/wireless/mediatek/mt76/tx.c
+8
-2
drivers/net/wireless/mediatek/mt76/tx.c
···
60
60
.skb = skb,
61
61
.info = IEEE80211_SKB_CB(skb),
62
62
};
63
+
struct ieee80211_rate_status rs = {};
63
64
struct mt76_tx_cb *cb = mt76_tx_skb_cb(skb);
64
65
struct mt76_wcid *wcid;
65
66
66
67
wcid = rcu_dereference(dev->wcid[cb->wcid]);
67
68
if (wcid) {
68
69
status.sta = wcid_to_sta(wcid);
69
-
status.rates = NULL;
70
-
status.n_rates = 0;
70
+
if (status.sta && (wcid->rate.flags || wcid->rate.legacy)) {
71
+
rs.rate_idx = wcid->rate;
72
+
status.rates = &rs;
73
+
status.n_rates = 1;
74
+
} else {
75
+
status.n_rates = 0;
76
+
}
71
77
}
72
78
73
79
hw = mt76_tx_status_get_hw(dev, skb);
+1
drivers/ptp/ptp_ocp.c
+1
drivers/ptp/ptp_ocp.c
···
3657
3657
struct device *dev = &bp->dev;
3658
3658
3659
3659
sysfs_remove_link(&dev->kobj, "ttyGNSS");
3660
+
sysfs_remove_link(&dev->kobj, "ttyGNSS2");
3660
3661
sysfs_remove_link(&dev->kobj, "ttyMAC");
3661
3662
sysfs_remove_link(&dev->kobj, "ptp");
3662
3663
sysfs_remove_link(&dev->kobj, "pps");
+9
-1
include/linux/wireless.h
+9
-1
include/linux/wireless.h
···
26
26
struct __compat_iw_event {
27
27
__u16 len; /* Real length of this stuff */
28
28
__u16 cmd; /* Wireless IOCTL */
29
-
compat_caddr_t pointer;
29
+
30
+
union {
31
+
compat_caddr_t pointer;
32
+
33
+
/* we need ptr_bytes to make memcpy() run-time destination
34
+
* buffer bounds checking happy, nothing special
35
+
*/
36
+
DECLARE_FLEX_ARRAY(__u8, ptr_bytes);
37
+
};
30
38
};
31
39
#define IW_EV_COMPAT_LCP_LEN offsetof(struct __compat_iw_event, pointer)
32
40
#define IW_EV_COMPAT_POINT_OFF offsetof(struct compat_iw_point, length)
+9
-3
include/net/ieee802154_netdev.h
+9
-3
include/net/ieee802154_netdev.h
···
185
185
ieee802154_sockaddr_check_size(struct sockaddr_ieee802154 *daddr, int len)
186
186
{
187
187
struct ieee802154_addr_sa *sa;
188
+
int ret = 0;
188
189
189
190
sa = &daddr->addr;
190
191
if (len < IEEE802154_MIN_NAMELEN)
191
192
return -EINVAL;
192
193
switch (sa->addr_type) {
194
+
case IEEE802154_ADDR_NONE:
195
+
break;
193
196
case IEEE802154_ADDR_SHORT:
194
197
if (len < IEEE802154_NAMELEN_SHORT)
195
-
return -EINVAL;
198
+
ret = -EINVAL;
196
199
break;
197
200
case IEEE802154_ADDR_LONG:
198
201
if (len < IEEE802154_NAMELEN_LONG)
199
-
return -EINVAL;
202
+
ret = -EINVAL;
203
+
break;
204
+
default:
205
+
ret = -EINVAL;
200
206
break;
201
207
}
202
-
return 0;
208
+
return ret;
203
209
}
204
210
205
211
static inline void ieee802154_addr_from_sa(struct ieee802154_addr *a,
+2
include/net/ipv6.h
+2
include/net/ipv6.h
···
1182
1182
void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info);
1183
1183
void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu);
1184
1184
1185
+
void inet6_cleanup_sock(struct sock *sk);
1186
+
void inet6_sock_destruct(struct sock *sk);
1185
1187
int inet6_release(struct socket *sock);
1186
1188
int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len);
1187
1189
int inet6_getname(struct socket *sock, struct sockaddr *uaddr,
+1
-1
include/net/udp.h
+1
-1
include/net/udp.h
···
247
247
}
248
248
249
249
/* net/ipv4/udp.c */
250
-
void udp_destruct_sock(struct sock *sk);
250
+
void udp_destruct_common(struct sock *sk);
251
251
void skb_consume_udp(struct sock *sk, struct sk_buff *skb, int len);
252
252
int __udp_enqueue_schedule_skb(struct sock *sk, struct sk_buff *skb);
253
253
void udp_skb_destructor(struct sock *sk, struct sk_buff *skb);
-8
include/net/udplite.h
-8
include/net/udplite.h
···
25
25
return copy_from_iter_full(to, len, &msg->msg_iter) ? 0 : -EFAULT;
26
26
}
27
27
28
-
/* Designate sk as UDP-Lite socket */
29
-
static inline int udplite_sk_init(struct sock *sk)
30
-
{
31
-
udp_init_sock(sk);
32
-
udp_sk(sk)->pcflag = UDPLITE_BIT;
33
-
return 0;
34
-
}
35
-
36
28
/*
37
29
* Checksumming routines
38
30
*/
+4
-2
net/core/sock.c
+4
-2
net/core/sock.c
···
3610
3610
{
3611
3611
struct sock *sk = sock->sk;
3612
3612
3613
-
return sk->sk_prot->getsockopt(sk, level, optname, optval, optlen);
3613
+
/* IPV6_ADDRFORM can change sk->sk_prot under us. */
3614
+
return READ_ONCE(sk->sk_prot)->getsockopt(sk, level, optname, optval, optlen);
3614
3615
}
3615
3616
EXPORT_SYMBOL(sock_common_getsockopt);
3616
3617
···
3637
3636
{
3638
3637
struct sock *sk = sock->sk;
3639
3638
3640
-
return sk->sk_prot->setsockopt(sk, level, optname, optval, optlen);
3639
+
/* IPV6_ADDRFORM can change sk->sk_prot under us. */
3640
+
return READ_ONCE(sk->sk_prot)->setsockopt(sk, level, optname, optval, optlen);
3641
3641
}
3642
3642
EXPORT_SYMBOL(sock_common_setsockopt);
3643
3643
+1
-1
net/dsa/port.c
+1
-1
net/dsa/port.c
···
1681
1681
pl = phylink_create(&dp->pl_config, of_fwnode_handle(dp->dn),
1682
1682
mode, &dsa_port_phylink_mac_ops);
1683
1683
if (IS_ERR(pl)) {
1684
-
pr_err("error creating PHYLINK: %ld\n", PTR_ERR(dp->pl));
1684
+
pr_err("error creating PHYLINK: %ld\n", PTR_ERR(pl));
1685
1685
return PTR_ERR(pl);
1686
1686
}
1687
1687
+4
-3
net/ieee802154/socket.c
+4
-3
net/ieee802154/socket.c
···
251
251
return -EOPNOTSUPP;
252
252
}
253
253
254
-
if (!size)
255
-
return -EINVAL;
256
-
257
254
lock_sock(sk);
258
255
if (!sk->sk_bound_dev_if)
259
256
dev = dev_getfirstbyhwtype(sock_net(sk), ARPHRD_IEEE802154);
···
270
273
if (size > mtu) {
271
274
pr_debug("size = %zu, mtu = %u\n", size, mtu);
272
275
err = -EMSGSIZE;
276
+
goto out_dev;
277
+
}
278
+
if (!size) {
279
+
err = 0;
273
280
goto out_dev;
274
281
}
275
282
+16
-7
net/ipv4/af_inet.c
+16
-7
net/ipv4/af_inet.c
···
558
558
int addr_len, int flags)
559
559
{
560
560
struct sock *sk = sock->sk;
561
+
const struct proto *prot;
561
562
int err;
562
563
563
564
if (addr_len < sizeof(uaddr->sa_family))
564
565
return -EINVAL;
566
+
567
+
/* IPV6_ADDRFORM can change sk->sk_prot under us. */
568
+
prot = READ_ONCE(sk->sk_prot);
569
+
565
570
if (uaddr->sa_family == AF_UNSPEC)
566
-
return sk->sk_prot->disconnect(sk, flags);
571
+
return prot->disconnect(sk, flags);
567
572
568
573
if (BPF_CGROUP_PRE_CONNECT_ENABLED(sk)) {
569
-
err = sk->sk_prot->pre_connect(sk, uaddr, addr_len);
574
+
err = prot->pre_connect(sk, uaddr, addr_len);
570
575
if (err)
571
576
return err;
572
577
}
573
578
574
579
if (data_race(!inet_sk(sk)->inet_num) && inet_autobind(sk))
575
580
return -EAGAIN;
576
-
return sk->sk_prot->connect(sk, uaddr, addr_len);
581
+
return prot->connect(sk, uaddr, addr_len);
577
582
}
578
583
EXPORT_SYMBOL(inet_dgram_connect);
579
584
···
739
734
int inet_accept(struct socket *sock, struct socket *newsock, int flags,
740
735
bool kern)
741
736
{
742
-
struct sock *sk1 = sock->sk;
737
+
struct sock *sk1 = sock->sk, *sk2;
743
738
int err = -EINVAL;
744
-
struct sock *sk2 = sk1->sk_prot->accept(sk1, flags, &err, kern);
745
739
740
+
/* IPV6_ADDRFORM can change sk->sk_prot under us. */
741
+
sk2 = READ_ONCE(sk1->sk_prot)->accept(sk1, flags, &err, kern);
746
742
if (!sk2)
747
743
goto do_err;
748
744
···
831
825
size_t size, int flags)
832
826
{
833
827
struct sock *sk = sock->sk;
828
+
const struct proto *prot;
834
829
835
830
if (unlikely(inet_send_prepare(sk)))
836
831
return -EAGAIN;
837
832
838
-
if (sk->sk_prot->sendpage)
839
-
return sk->sk_prot->sendpage(sk, page, offset, size, flags);
833
+
/* IPV6_ADDRFORM can change sk->sk_prot under us. */
834
+
prot = READ_ONCE(sk->sk_prot);
835
+
if (prot->sendpage)
836
+
return prot->sendpage(sk, page, offset, size, flags);
840
837
return sock_no_sendpage(sock, page, offset, size, flags);
841
838
}
842
839
EXPORT_SYMBOL(inet_sendpage);
+4
-4
net/ipv4/fib_semantics.c
+4
-4
net/ipv4/fib_semantics.c
···
888
888
return 1;
889
889
}
890
890
891
+
/* cannot match on nexthop object attributes */
892
+
if (fi->nh)
893
+
return 1;
894
+
891
895
if (cfg->fc_oif || cfg->fc_gw_family) {
892
896
struct fib_nh *nh;
893
-
894
-
/* cannot match on nexthop object attributes */
895
-
if (fi->nh)
896
-
return 1;
897
897
898
898
nh = fib_info_nh(fi, 0);
899
899
if (cfg->fc_encap) {
+14
-1
net/ipv4/inet_timewait_sock.c
+14
-1
net/ipv4/inet_timewait_sock.c
···
268
268
rcu_read_lock();
269
269
restart:
270
270
sk_nulls_for_each_rcu(sk, node, &head->chain) {
271
-
if (sk->sk_state != TCP_TIME_WAIT)
271
+
if (sk->sk_state != TCP_TIME_WAIT) {
272
+
/* A kernel listener socket might not hold refcnt for net,
273
+
* so reqsk_timer_handler() could be fired after net is
274
+
* freed. Userspace listener and reqsk never exist here.
275
+
*/
276
+
if (unlikely(sk->sk_state == TCP_NEW_SYN_RECV &&
277
+
hashinfo->pernet)) {
278
+
struct request_sock *req = inet_reqsk(sk);
279
+
280
+
inet_csk_reqsk_queue_drop_and_put(req->rsk_listener, req);
281
+
}
282
+
272
283
continue;
284
+
}
285
+
273
286
tw = inet_twsk(sk);
274
287
if ((tw->tw_family != family) ||
275
288
refcount_read(&twsk_net(tw)->ns.count))
+1
-1
net/ipv4/netfilter/ipt_rpfilter.c
+1
-1
net/ipv4/netfilter/ipt_rpfilter.c
···
77
77
flow.flowi4_mark = info->flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0;
78
78
flow.flowi4_tos = iph->tos & IPTOS_RT_MASK;
79
79
flow.flowi4_scope = RT_SCOPE_UNIVERSE;
80
-
flow.flowi4_oif = l3mdev_master_ifindex_rcu(xt_in(par));
80
+
flow.flowi4_l3mdev = l3mdev_master_ifindex_rcu(xt_in(par));
81
81
82
82
return rpfilter_lookup_reverse(xt_net(par), &flow, xt_in(par), info->flags) ^ invert;
83
83
}
+1
-1
net/ipv4/netfilter/nft_fib_ipv4.c
+1
-1
net/ipv4/netfilter/nft_fib_ipv4.c
+6
-17
net/ipv4/ping.c
+6
-17
net/ipv4/ping.c
···
617
617
{
618
618
struct pingfakehdr *pfh = from;
619
619
620
-
if (offset == 0) {
621
-
fraglen -= sizeof(struct icmphdr);
622
-
if (fraglen < 0)
623
-
BUG();
624
-
if (!csum_and_copy_from_iter_full(to + sizeof(struct icmphdr),
625
-
fraglen, &pfh->wcheck,
626
-
&pfh->msg->msg_iter))
627
-
return -EFAULT;
628
-
} else if (offset < sizeof(struct icmphdr)) {
629
-
BUG();
630
-
} else {
631
-
if (!csum_and_copy_from_iter_full(to, fraglen, &pfh->wcheck,
632
-
&pfh->msg->msg_iter))
633
-
return -EFAULT;
634
-
}
620
+
if (!csum_and_copy_from_iter_full(to, fraglen, &pfh->wcheck,
621
+
&pfh->msg->msg_iter))
622
+
return -EFAULT;
635
623
636
624
#if IS_ENABLED(CONFIG_IPV6)
637
625
/* For IPv6, checksum each skb as we go along, as expected by
···
627
639
* wcheck, it will be finalized in ping_v4_push_pending_frames.
628
640
*/
629
641
if (pfh->family == AF_INET6) {
630
-
skb->csum = pfh->wcheck;
642
+
skb->csum = csum_block_add(skb->csum, pfh->wcheck, odd);
631
643
skb->ip_summed = CHECKSUM_NONE;
632
644
pfh->wcheck = 0;
633
645
}
···
830
842
pfh.family = AF_INET;
831
843
832
844
err = ip_append_data(sk, &fl4, ping_getfrag, &pfh, len,
833
-
0, &ipc, &rt, msg->msg_flags);
845
+
sizeof(struct icmphdr), &ipc, &rt,
846
+
msg->msg_flags);
834
847
if (err)
835
848
ip_flush_pending_frames(sk);
836
849
else
+6
-4
net/ipv4/tcp.c
+6
-4
net/ipv4/tcp.c
···
3796
3796
const struct inet_connection_sock *icsk = inet_csk(sk);
3797
3797
3798
3798
if (level != SOL_TCP)
3799
-
return icsk->icsk_af_ops->setsockopt(sk, level, optname,
3800
-
optval, optlen);
3799
+
/* Paired with WRITE_ONCE() in do_ipv6_setsockopt() and tcp_v6_connect() */
3800
+
return READ_ONCE(icsk->icsk_af_ops)->setsockopt(sk, level, optname,
3801
+
optval, optlen);
3801
3802
return do_tcp_setsockopt(sk, level, optname, optval, optlen);
3802
3803
}
3803
3804
EXPORT_SYMBOL(tcp_setsockopt);
···
4397
4396
struct inet_connection_sock *icsk = inet_csk(sk);
4398
4397
4399
4398
if (level != SOL_TCP)
4400
-
return icsk->icsk_af_ops->getsockopt(sk, level, optname,
4401
-
optval, optlen);
4399
+
/* Paired with WRITE_ONCE() in do_ipv6_setsockopt() and tcp_v6_connect() */
4400
+
return READ_ONCE(icsk->icsk_af_ops)->getsockopt(sk, level, optname,
4401
+
optval, optlen);
4402
4402
return do_tcp_getsockopt(sk, level, optname, USER_SOCKPTR(optval),
4403
4403
USER_SOCKPTR(optlen));
4404
4404
}
+2
net/ipv4/tcp_cdg.c
+2
net/ipv4/tcp_cdg.c
···
375
375
struct cdg *ca = inet_csk_ca(sk);
376
376
struct tcp_sock *tp = tcp_sk(sk);
377
377
378
+
ca->gradients = NULL;
378
379
/* We silently fall back to window = 1 if allocation fails. */
379
380
if (window > 1)
380
381
ca->gradients = kcalloc(window, sizeof(ca->gradients[0]),
···
389
388
struct cdg *ca = inet_csk_ca(sk);
390
389
391
390
kfree(ca->gradients);
391
+
ca->gradients = NULL;
392
392
}
393
393
394
394
static struct tcp_congestion_ops tcp_cdg __read_mostly = {
+5
-4
net/ipv4/tcp_minisocks.c
+5
-4
net/ipv4/tcp_minisocks.c
···
353
353
struct net *net;
354
354
355
355
list_for_each_entry(net, net_exit_list, exit_list) {
356
-
/* The last refcount is decremented in tcp_sk_exit_batch() */
357
-
if (refcount_read(&net->ipv4.tcp_death_row.tw_refcount) == 1)
358
-
continue;
359
-
360
356
if (net->ipv4.tcp_death_row.hashinfo->pernet) {
357
+
/* Even if tw_refcount == 1, we must clean up kernel reqsk */
361
358
inet_twsk_purge(net->ipv4.tcp_death_row.hashinfo, family);
362
359
} else if (!purged_once) {
360
+
/* The last refcount is decremented in tcp_sk_exit_batch() */
361
+
if (refcount_read(&net->ipv4.tcp_death_row.tw_refcount) == 1)
362
+
continue;
363
+
363
364
inet_twsk_purge(&tcp_hashinfo, family);
364
365
purged_once = true;
365
366
}
+6
-3
net/ipv4/udp.c
+6
-3
net/ipv4/udp.c
···
1598
1598
}
1599
1599
EXPORT_SYMBOL_GPL(__udp_enqueue_schedule_skb);
1600
1600
1601
-
void udp_destruct_sock(struct sock *sk)
1601
+
void udp_destruct_common(struct sock *sk)
1602
1602
{
1603
1603
/* reclaim completely the forward allocated memory */
1604
1604
struct udp_sock *up = udp_sk(sk);
···
1611
1611
kfree_skb(skb);
1612
1612
}
1613
1613
udp_rmem_release(sk, total, 0, true);
1614
+
}
1615
+
EXPORT_SYMBOL_GPL(udp_destruct_common);
1614
1616
1617
+
static void udp_destruct_sock(struct sock *sk)
1618
+
{
1619
+
udp_destruct_common(sk);
1615
1620
inet_sock_destruct(sk);
1616
1621
}
1617
-
EXPORT_SYMBOL_GPL(udp_destruct_sock);
1618
1622
1619
1623
int udp_init_sock(struct sock *sk)
1620
1624
{
···
1626
1622
sk->sk_destruct = udp_destruct_sock;
1627
1623
return 0;
1628
1624
}
1629
-
EXPORT_SYMBOL_GPL(udp_init_sock);
1630
1625
1631
1626
void skb_consume_udp(struct sock *sk, struct sk_buff *skb, int len)
1632
1627
{
+8
net/ipv4/udplite.c
+8
net/ipv4/udplite.c
···
17
17
struct udp_table udplite_table __read_mostly;
18
18
EXPORT_SYMBOL(udplite_table);
19
19
20
+
/* Designate sk as UDP-Lite socket */
21
+
static int udplite_sk_init(struct sock *sk)
22
+
{
23
+
udp_init_sock(sk);
24
+
udp_sk(sk)->pcflag = UDPLITE_BIT;
25
+
return 0;
26
+
}
27
+
20
28
static int udplite_rcv(struct sk_buff *skb)
21
29
{
22
30
return __udp4_lib_rcv(skb, &udplite_table, IPPROTO_UDPLITE);
+13
-1
net/ipv6/af_inet6.c
+13
-1
net/ipv6/af_inet6.c
···
109
109
return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
110
110
}
111
111
112
+
void inet6_sock_destruct(struct sock *sk)
113
+
{
114
+
inet6_cleanup_sock(sk);
115
+
inet_sock_destruct(sk);
116
+
}
117
+
112
118
static int inet6_create(struct net *net, struct socket *sock, int protocol,
113
119
int kern)
114
120
{
···
207
201
inet->hdrincl = 1;
208
202
}
209
203
210
-
sk->sk_destruct = inet_sock_destruct;
204
+
sk->sk_destruct = inet6_sock_destruct;
211
205
sk->sk_family = PF_INET6;
212
206
sk->sk_protocol = protocol;
213
207
···
515
509
}
516
510
}
517
511
EXPORT_SYMBOL_GPL(inet6_destroy_sock);
512
+
513
+
void inet6_cleanup_sock(struct sock *sk)
514
+
{
515
+
inet6_destroy_sock(sk);
516
+
}
517
+
EXPORT_SYMBOL_GPL(inet6_cleanup_sock);
518
518
519
519
/*
520
520
* This does both peername and sockname.
+19
-15
net/ipv6/ipv6_sockglue.c
+19
-15
net/ipv6/ipv6_sockglue.c
···
419
419
rtnl_lock();
420
420
sockopt_lock_sock(sk);
421
421
422
+
/* Another thread has converted the socket into IPv4 with
423
+
* IPV6_ADDRFORM concurrently.
424
+
*/
425
+
if (unlikely(sk->sk_family != AF_INET6))
426
+
goto unlock;
427
+
422
428
switch (optname) {
423
429
424
430
case IPV6_ADDRFORM:
425
431
if (optlen < sizeof(int))
426
432
goto e_inval;
427
433
if (val == PF_INET) {
428
-
struct ipv6_txoptions *opt;
429
-
struct sk_buff *pktopt;
430
-
431
434
if (sk->sk_type == SOCK_RAW)
432
435
break;
433
436
···
461
458
break;
462
459
}
463
460
464
-
fl6_free_socklist(sk);
465
461
__ipv6_sock_mc_close(sk);
466
462
__ipv6_sock_ac_close(sk);
467
463
···
477
475
sock_prot_inuse_add(net, sk->sk_prot, -1);
478
476
sock_prot_inuse_add(net, &tcp_prot, 1);
479
477
480
-
/* Paired with READ_ONCE(sk->sk_prot) in net/ipv6/af_inet6.c */
478
+
/* Paired with READ_ONCE(sk->sk_prot) in inet6_stream_ops */
481
479
WRITE_ONCE(sk->sk_prot, &tcp_prot);
482
-
icsk->icsk_af_ops = &ipv4_specific;
480
+
/* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
481
+
WRITE_ONCE(icsk->icsk_af_ops, &ipv4_specific);
483
482
sk->sk_socket->ops = &inet_stream_ops;
484
483
sk->sk_family = PF_INET;
485
484
tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
···
493
490
sock_prot_inuse_add(net, sk->sk_prot, -1);
494
491
sock_prot_inuse_add(net, prot, 1);
495
492
496
-
/* Paired with READ_ONCE(sk->sk_prot) in net/ipv6/af_inet6.c */
493
+
/* Paired with READ_ONCE(sk->sk_prot) in inet6_dgram_ops */
497
494
WRITE_ONCE(sk->sk_prot, prot);
498
495
sk->sk_socket->ops = &inet_dgram_ops;
499
496
sk->sk_family = PF_INET;
500
497
}
501
-
opt = xchg((__force struct ipv6_txoptions **)&np->opt,
502
-
NULL);
503
-
if (opt) {
504
-
atomic_sub(opt->tot_len, &sk->sk_omem_alloc);
505
-
txopt_put(opt);
506
-
}
507
-
pktopt = xchg(&np->pktoptions, NULL);
508
-
kfree_skb(pktopt);
498
+
499
+
/* Disable all options not to allocate memory anymore,
500
+
* but there is still a race. See the lockless path
501
+
* in udpv6_sendmsg() and ipv6_local_rxpmtu().
502
+
*/
503
+
np->rxopt.all = 0;
504
+
505
+
inet6_cleanup_sock(sk);
509
506
510
507
/*
511
508
* ... and add it to the refcnt debug socks count
···
997
994
break;
998
995
}
999
996
997
+
unlock:
1000
998
sockopt_release_sock(sk);
1001
999
if (needs_rtnl)
1002
1000
rtnl_unlock();
+3
-6
net/ipv6/netfilter/ip6t_rpfilter.c
+3
-6
net/ipv6/netfilter/ip6t_rpfilter.c
···
37
37
bool ret = false;
38
38
struct flowi6 fl6 = {
39
39
.flowi6_iif = LOOPBACK_IFINDEX,
40
+
.flowi6_l3mdev = l3mdev_master_ifindex_rcu(dev),
40
41
.flowlabel = (* (__be32 *) iph) & IPV6_FLOWINFO_MASK,
41
42
.flowi6_proto = iph->nexthdr,
42
43
.daddr = iph->saddr,
···
56
55
if (rpfilter_addr_linklocal(&iph->saddr)) {
57
56
lookup_flags |= RT6_LOOKUP_F_IFACE;
58
57
fl6.flowi6_oif = dev->ifindex;
59
-
/* Set flowi6_oif for vrf devices to lookup route in l3mdev domain. */
60
-
} else if (netif_is_l3_master(dev) || netif_is_l3_slave(dev) ||
61
-
(flags & XT_RPFILTER_LOOSE) == 0)
58
+
} else if ((flags & XT_RPFILTER_LOOSE) == 0)
62
59
fl6.flowi6_oif = dev->ifindex;
63
60
64
61
rt = (void *)ip6_route_lookup(net, &fl6, skb, lookup_flags);
···
71
72
goto out;
72
73
}
73
74
74
-
if (rt->rt6i_idev->dev == dev ||
75
-
l3mdev_master_ifindex_rcu(rt->rt6i_idev->dev) == dev->ifindex ||
76
-
(flags & XT_RPFILTER_LOOSE))
75
+
if (rt->rt6i_idev->dev == dev || (flags & XT_RPFILTER_LOOSE))
77
76
ret = true;
78
77
out:
79
78
ip6_rt_put(rt);
+2
-3
net/ipv6/netfilter/nft_fib_ipv6.c
+2
-3
net/ipv6/netfilter/nft_fib_ipv6.c
···
41
41
if (ipv6_addr_type(&fl6->daddr) & IPV6_ADDR_LINKLOCAL) {
42
42
lookup_flags |= RT6_LOOKUP_F_IFACE;
43
43
fl6->flowi6_oif = get_ifindex(dev ? dev : pkt->skb->dev);
44
-
} else if ((priv->flags & NFTA_FIB_F_IIF) &&
45
-
(netif_is_l3_master(dev) || netif_is_l3_slave(dev))) {
46
-
fl6->flowi6_oif = dev->ifindex;
44
+
} else if (priv->flags & NFTA_FIB_F_IIF) {
45
+
fl6->flowi6_l3mdev = l3mdev_master_ifindex_rcu(dev);
47
46
}
48
47
49
48
if (ipv6_addr_type(&fl6->saddr) & IPV6_ADDR_UNICAST)
+1
-1
net/ipv6/ping.c
+1
-1
net/ipv6/ping.c
+4
-2
net/ipv6/tcp_ipv6.c
+4
-2
net/ipv6/tcp_ipv6.c
···
238
238
sin.sin_port = usin->sin6_port;
239
239
sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
240
240
241
-
icsk->icsk_af_ops = &ipv6_mapped;
241
+
/* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
242
+
WRITE_ONCE(icsk->icsk_af_ops, &ipv6_mapped);
242
243
if (sk_is_mptcp(sk))
243
244
mptcpv6_handle_mapped(sk, true);
244
245
sk->sk_backlog_rcv = tcp_v4_do_rcv;
···
251
250
252
251
if (err) {
253
252
icsk->icsk_ext_hdr_len = exthdrlen;
254
-
icsk->icsk_af_ops = &ipv6_specific;
253
+
/* Paired with READ_ONCE() in tcp_(get|set)sockopt() */
254
+
WRITE_ONCE(icsk->icsk_af_ops, &ipv6_specific);
255
255
if (sk_is_mptcp(sk))
256
256
mptcpv6_handle_mapped(sk, false);
257
257
sk->sk_backlog_rcv = tcp_v6_do_rcv;
+14
-1
net/ipv6/udp.c
+14
-1
net/ipv6/udp.c
···
56
56
#include <trace/events/skb.h>
57
57
#include "udp_impl.h"
58
58
59
+
static void udpv6_destruct_sock(struct sock *sk)
60
+
{
61
+
udp_destruct_common(sk);
62
+
inet6_sock_destruct(sk);
63
+
}
64
+
65
+
int udpv6_init_sock(struct sock *sk)
66
+
{
67
+
skb_queue_head_init(&udp_sk(sk)->reader_queue);
68
+
sk->sk_destruct = udpv6_destruct_sock;
69
+
return 0;
70
+
}
71
+
59
72
static u32 udp6_ehashfn(const struct net *net,
60
73
const struct in6_addr *laddr,
61
74
const u16 lport,
···
1746
1733
.connect = ip6_datagram_connect,
1747
1734
.disconnect = udp_disconnect,
1748
1735
.ioctl = udp_ioctl,
1749
-
.init = udp_init_sock,
1736
+
.init = udpv6_init_sock,
1750
1737
.destroy = udpv6_destroy_sock,
1751
1738
.setsockopt = udpv6_setsockopt,
1752
1739
.getsockopt = udpv6_getsockopt,
+1
net/ipv6/udp_impl.h
+1
net/ipv6/udp_impl.h
+8
-1
net/ipv6/udplite.c
+8
-1
net/ipv6/udplite.c
···
12
12
#include <linux/proc_fs.h>
13
13
#include "udp_impl.h"
14
14
15
+
static int udplitev6_sk_init(struct sock *sk)
16
+
{
17
+
udpv6_init_sock(sk);
18
+
udp_sk(sk)->pcflag = UDPLITE_BIT;
19
+
return 0;
20
+
}
21
+
15
22
static int udplitev6_rcv(struct sk_buff *skb)
16
23
{
17
24
return __udp6_lib_rcv(skb, &udplite_table, IPPROTO_UDPLITE);
···
45
38
.connect = ip6_datagram_connect,
46
39
.disconnect = udp_disconnect,
47
40
.ioctl = udp_ioctl,
48
-
.init = udplite_sk_init,
41
+
.init = udplitev6_sk_init,
49
42
.destroy = udpv6_destroy_sock,
50
43
.setsockopt = udpv6_setsockopt,
51
44
.getsockopt = udpv6_getsockopt,
+1
-1
net/kcm/kcmsock.c
+1
-1
net/kcm/kcmsock.c
···
1838
1838
kcm = kcm_sk(sk);
1839
1839
mux = kcm->mux;
1840
1840
1841
+
lock_sock(sk);
1841
1842
sock_orphan(sk);
1842
1843
kfree_skb(kcm->seq_skb);
1843
1844
1844
-
lock_sock(sk);
1845
1845
/* Purge queue under lock to avoid race condition with tx_work trying
1846
1846
* to act when queue is nonempty. If tx_work runs after this point
1847
1847
* it will just return.
+8
net/mac80211/ieee80211_i.h
+8
net/mac80211/ieee80211_i.h
···
1709
1709
1710
1710
/* whether a parse error occurred while retrieving these elements */
1711
1711
bool parse_error;
1712
+
1713
+
/*
1714
+
* scratch buffer that can be used for various element parsing related
1715
+
* tasks, e.g., element de-fragmentation etc.
1716
+
*/
1717
+
size_t scratch_len;
1718
+
u8 *scratch_pos;
1719
+
u8 scratch[];
1712
1720
};
1713
1721
1714
1722
static inline struct ieee80211_local *hw_to_local(
+4
-4
net/mac80211/iface.c
+4
-4
net/mac80211/iface.c
···
243
243
*/
244
244
break;
245
245
default:
246
-
return -EOPNOTSUPP;
246
+
ret = -EOPNOTSUPP;
247
247
}
248
248
249
249
unlock:
···
461
461
/*
462
462
* Stop TX on this interface first.
463
463
*/
464
-
if (sdata->dev)
464
+
if (!local->ops->wake_tx_queue && sdata->dev)
465
465
netif_tx_stop_all_queues(sdata->dev);
466
466
467
467
ieee80211_roc_purge(local, sdata);
···
1412
1412
sdata->vif.type != NL80211_IFTYPE_STATION);
1413
1413
}
1414
1414
1415
-
set_bit(SDATA_STATE_RUNNING, &sdata->state);
1416
-
1417
1415
switch (sdata->vif.type) {
1418
1416
case NL80211_IFTYPE_P2P_DEVICE:
1419
1417
rcu_assign_pointer(local->p2p_sdata, sdata);
···
1469
1471
}
1470
1472
spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1471
1473
}
1474
+
1475
+
set_bit(SDATA_STATE_RUNNING, &sdata->state);
1472
1476
1473
1477
return 0;
1474
1478
err_del_interface:
+4
-3
net/mac80211/mlme.c
+4
-3
net/mac80211/mlme.c
···
4409
4409
he_cap_elem = cfg80211_find_ext_elem(WLAN_EID_EXT_HE_CAPABILITY,
4410
4410
ies->data, ies->len);
4411
4411
4412
+
if (!he_cap_elem)
4413
+
return false;
4414
+
4412
4415
/* invalid HE IE */
4413
-
if (!he_cap_elem || he_cap_elem->datalen < 1 + sizeof(*he_cap)) {
4416
+
if (he_cap_elem->datalen < 1 + sizeof(*he_cap)) {
4414
4417
sdata_info(sdata,
4415
4418
"Invalid HE elem, Disable HE\n");
4416
4419
return false;
···
4679
4676
}
4680
4677
4681
4678
if (!elems->vht_cap_elem) {
4682
-
sdata_info(sdata,
4683
-
"bad VHT capabilities, disabling VHT\n");
4684
4679
*conn_flags |= IEEE80211_CONN_DISABLE_VHT;
4685
4680
vht_oper = NULL;
4686
4681
}
+12
-9
net/mac80211/rx.c
+12
-9
net/mac80211/rx.c
···
1978
1978
1979
1979
if (mmie_keyidx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS ||
1980
1980
mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
1981
-
NUM_DEFAULT_BEACON_KEYS) {
1982
-
cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
1983
-
skb->data,
1984
-
skb->len);
1981
+
NUM_DEFAULT_BEACON_KEYS) {
1982
+
if (rx->sdata->dev)
1983
+
cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
1984
+
skb->data,
1985
+
skb->len);
1985
1986
return RX_DROP_MONITOR; /* unexpected BIP keyidx */
1986
1987
}
1987
1988
···
2132
2131
/* either the frame has been decrypted or will be dropped */
2133
2132
status->flag |= RX_FLAG_DECRYPTED;
2134
2133
2135
-
if (unlikely(ieee80211_is_beacon(fc) && result == RX_DROP_UNUSABLE))
2134
+
if (unlikely(ieee80211_is_beacon(fc) && result == RX_DROP_UNUSABLE &&
2135
+
rx->sdata->dev))
2136
2136
cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
2137
2137
skb->data, skb->len);
2138
2138
···
4354
4352
.vif_type = sdata->vif.type,
4355
4353
.control_port_protocol = sdata->control_port_protocol,
4356
4354
}, *old, *new = NULL;
4355
+
u32 offload_flags;
4357
4356
bool set_offload = false;
4358
4357
bool assign = false;
4359
4358
bool offload;
···
4470
4467
if (assign)
4471
4468
new = kmemdup(&fastrx, sizeof(fastrx), GFP_KERNEL);
4472
4469
4473
-
offload = assign &&
4474
-
(sdata->vif.offload_flags & IEEE80211_OFFLOAD_DECAP_ENABLED);
4470
+
offload_flags = get_bss_sdata(sdata)->vif.offload_flags;
4471
+
offload = offload_flags & IEEE80211_OFFLOAD_DECAP_ENABLED;
4475
4472
4476
-
if (offload)
4473
+
if (assign && offload)
4477
4474
set_offload = !test_and_set_sta_flag(sta, WLAN_STA_DECAP_OFFLOAD);
4478
4475
else
4479
4476
set_offload = test_and_clear_sta_flag(sta, WLAN_STA_DECAP_OFFLOAD);
···
4711
4708
4712
4709
if (!(status->rx_flags & IEEE80211_RX_AMSDU)) {
4713
4710
if (!pskb_may_pull(skb, snap_offs + sizeof(*payload)))
4714
-
goto drop;
4711
+
return false;
4715
4712
4716
4713
payload = (void *)(skb->data + snap_offs);
4717
4714
+6
-4
net/mac80211/tx.c
+6
-4
net/mac80211/tx.c
···
2319
2319
u16 len_rthdr;
2320
2320
int hdrlen;
2321
2321
2322
+
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2323
+
if (unlikely(!ieee80211_sdata_running(sdata)))
2324
+
goto fail;
2325
+
2322
2326
memset(info, 0, sizeof(*info));
2323
2327
info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2324
2328
IEEE80211_TX_CTL_INJECTED;
···
2382
2378
* This is necessary, for example, for old hostapd versions that
2383
2379
* don't use nl80211-based management TX/RX.
2384
2380
*/
2385
-
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2386
-
2387
2381
list_for_each_entry_rcu(tmp_sdata, &local->interfaces, list) {
2388
2382
if (!ieee80211_sdata_running(tmp_sdata))
2389
2383
continue;
···
4171
4169
struct sk_buff *next;
4172
4170
int len = skb->len;
4173
4171
4174
-
if (unlikely(skb->len < ETH_HLEN)) {
4172
+
if (unlikely(!ieee80211_sdata_running(sdata) || skb->len < ETH_HLEN)) {
4175
4173
kfree_skb(skb);
4176
4174
return;
4177
4175
}
···
4568
4566
struct ieee80211_key *key;
4569
4567
struct sta_info *sta;
4570
4568
4571
-
if (unlikely(skb->len < ETH_HLEN)) {
4569
+
if (unlikely(!ieee80211_sdata_running(sdata) || skb->len < ETH_HLEN)) {
4572
4570
kfree_skb(skb);
4573
4571
return NETDEV_TX_OK;
4574
4572
}
+17
-15
net/mac80211/util.c
+17
-15
net/mac80211/util.c
···
1445
1445
for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, start, len) {
1446
1446
if (elem->datalen < 2)
1447
1447
continue;
1448
+
if (elem->data[0] < 1 || elem->data[0] > 8)
1449
+
continue;
1448
1450
1449
1451
for_each_element(sub, elem->data + 1, elem->datalen - 1) {
1450
1452
u8 new_bssid[ETH_ALEN];
···
1506
1504
const struct element *non_inherit = NULL;
1507
1505
u8 *nontransmitted_profile;
1508
1506
int nontransmitted_profile_len = 0;
1507
+
size_t scratch_len = params->len;
1509
1508
1510
-
elems = kzalloc(sizeof(*elems), GFP_ATOMIC);
1509
+
elems = kzalloc(sizeof(*elems) + scratch_len, GFP_ATOMIC);
1511
1510
if (!elems)
1512
1511
return NULL;
1513
1512
elems->ie_start = params->start;
1514
1513
elems->total_len = params->len;
1514
+
elems->scratch_len = scratch_len;
1515
+
elems->scratch_pos = elems->scratch;
1515
1516
1516
-
nontransmitted_profile = kmalloc(params->len, GFP_ATOMIC);
1517
-
if (nontransmitted_profile) {
1518
-
nontransmitted_profile_len =
1519
-
ieee802_11_find_bssid_profile(params->start, params->len,
1520
-
elems, params->bss,
1521
-
nontransmitted_profile);
1522
-
non_inherit =
1523
-
cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
1524
-
nontransmitted_profile,
1525
-
nontransmitted_profile_len);
1526
-
}
1517
+
nontransmitted_profile = elems->scratch_pos;
1518
+
nontransmitted_profile_len =
1519
+
ieee802_11_find_bssid_profile(params->start, params->len,
1520
+
elems, params->bss,
1521
+
nontransmitted_profile);
1522
+
elems->scratch_pos += nontransmitted_profile_len;
1523
+
elems->scratch_len -= nontransmitted_profile_len;
1524
+
non_inherit = cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
1525
+
nontransmitted_profile,
1526
+
nontransmitted_profile_len);
1527
1527
1528
1528
elems->crc = _ieee802_11_parse_elems_full(params, elems, non_inherit);
1529
1529
···
1558
1554
elems->bssid_index_len >=
1559
1555
offsetofend(struct ieee80211_bssid_index, dtim_count))
1560
1556
elems->dtim_count = elems->bssid_index->dtim_count;
1561
-
1562
-
kfree(nontransmitted_profile);
1563
1557
1564
1558
return elems;
1565
1559
}
···
2048
2046
if (he_cap) {
2049
2047
enum nl80211_iftype iftype =
2050
2048
ieee80211_vif_type_p2p(&sdata->vif);
2051
-
__le16 cap = ieee80211_get_he_6ghz_capa(sband, iftype);
2049
+
__le16 cap = ieee80211_get_he_6ghz_capa(sband6, iftype);
2052
2050
2053
2051
pos = ieee80211_write_he_6ghz_cap(pos, cap, end);
2054
2052
}
+16
-7
net/mctp/af_mctp.c
+16
-7
net/mctp/af_mctp.c
···
295
295
mctp_dev_release_key(key->dev, key);
296
296
spin_unlock_irqrestore(&key->lock, flags);
297
297
298
-
hlist_del(&key->hlist);
299
-
hlist_del(&key->sklist);
300
-
301
-
/* unref for the lists */
302
-
mctp_key_unref(key);
298
+
if (!hlist_unhashed(&key->hlist)) {
299
+
hlist_del_init(&key->hlist);
300
+
hlist_del_init(&key->sklist);
301
+
/* unref for the lists */
302
+
mctp_key_unref(key);
303
+
}
303
304
304
305
kfree_skb(skb);
305
306
}
···
374
373
375
374
ctl.tag = tag | MCTP_TAG_OWNER | MCTP_TAG_PREALLOC;
376
375
if (copy_to_user((void __user *)arg, &ctl, sizeof(ctl))) {
377
-
spin_lock_irqsave(&key->lock, flags);
378
-
__mctp_key_remove(key, net, flags, MCTP_TRACE_KEY_DROPPED);
376
+
unsigned long fl2;
377
+
/* Unwind our key allocation: the keys list lock needs to be
378
+
* taken before the individual key locks, and we need a valid
379
+
* flags value (fl2) to pass to __mctp_key_remove, hence the
380
+
* second spin_lock_irqsave() rather than a plain spin_lock().
381
+
*/
382
+
spin_lock_irqsave(&net->mctp.keys_lock, flags);
383
+
spin_lock_irqsave(&key->lock, fl2);
384
+
__mctp_key_remove(key, net, fl2, MCTP_TRACE_KEY_DROPPED);
379
385
mctp_key_unref(key);
386
+
spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
380
387
return -EFAULT;
381
388
}
382
389
+5
-5
net/mctp/route.c
+5
-5
net/mctp/route.c
···
228
228
229
229
if (!key->manual_alloc) {
230
230
spin_lock_irqsave(&net->mctp.keys_lock, flags);
231
-
hlist_del(&key->hlist);
232
-
hlist_del(&key->sklist);
231
+
if (!hlist_unhashed(&key->hlist)) {
232
+
hlist_del_init(&key->hlist);
233
+
hlist_del_init(&key->sklist);
234
+
mctp_key_unref(key);
235
+
}
233
236
spin_unlock_irqrestore(&net->mctp.keys_lock, flags);
234
-
235
-
/* unref for the lists */
236
-
mctp_key_unref(key);
237
237
}
238
238
239
239
/* and one for the local reference */
+2
-1
net/openvswitch/conntrack.c
+2
-1
net/openvswitch/conntrack.c
···
1015
1015
* connections which we will commit, we may need to attach
1016
1016
* the helper here.
1017
1017
*/
1018
-
if (info->commit && info->helper && !nfct_help(ct)) {
1018
+
if (!nf_ct_is_confirmed(ct) && info->commit &&
1019
+
info->helper && !nfct_help(ct)) {
1019
1020
int err = __nf_ct_try_assign_helper(ct, info->ct,
1020
1021
GFP_ATOMIC);
1021
1022
if (err)
+3
-5
net/sched/sch_taprio.c
+3
-5
net/sched/sch_taprio.c
···
2043
2043
2044
2044
static struct Qdisc *taprio_leaf(struct Qdisc *sch, unsigned long cl)
2045
2045
{
2046
-
struct taprio_sched *q = qdisc_priv(sch);
2047
-
struct net_device *dev = qdisc_dev(sch);
2048
-
unsigned int ntx = cl - 1;
2046
+
struct netdev_queue *dev_queue = taprio_queue_get(sch, cl);
2049
2047
2050
-
if (ntx >= dev->num_tx_queues)
2048
+
if (!dev_queue)
2051
2049
return NULL;
2052
2050
2053
-
return q->qdiscs[ntx];
2051
+
return dev_queue->qdisc_sleeping;
2054
2052
}
2055
2053
2056
2054
static unsigned long taprio_find(struct Qdisc *sch, u32 classid)
+3
-1
net/wireless/nl80211.c
+3
-1
net/wireless/nl80211.c
···
13265
13265
wake_mask_size);
13266
13266
if (tok) {
13267
13267
cfg->tokens_size = tokens_size;
13268
-
memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
13268
+
cfg->payload_tok = *tok;
13269
+
memcpy(cfg->payload_tok.token_stream, tok->token_stream,
13270
+
tokens_size);
13269
13271
}
13270
13272
13271
13273
trig->tcp = cfg;
+50
-27
net/wireless/scan.c
+50
-27
net/wireless/scan.c
···
143
143
lockdep_assert_held(&rdev->bss_lock);
144
144
145
145
bss->refcount++;
146
-
if (bss->pub.hidden_beacon_bss) {
147
-
bss = container_of(bss->pub.hidden_beacon_bss,
148
-
struct cfg80211_internal_bss,
149
-
pub);
150
-
bss->refcount++;
151
-
}
152
-
if (bss->pub.transmitted_bss) {
153
-
bss = container_of(bss->pub.transmitted_bss,
154
-
struct cfg80211_internal_bss,
155
-
pub);
156
-
bss->refcount++;
157
-
}
146
+
147
+
if (bss->pub.hidden_beacon_bss)
148
+
bss_from_pub(bss->pub.hidden_beacon_bss)->refcount++;
149
+
150
+
if (bss->pub.transmitted_bss)
151
+
bss_from_pub(bss->pub.transmitted_bss)->refcount++;
158
152
}
159
153
160
154
static inline void bss_ref_put(struct cfg80211_registered_device *rdev,
···
298
304
tmp_old = cfg80211_find_ie(WLAN_EID_SSID, ie, ielen);
299
305
tmp_old = (tmp_old) ? tmp_old + tmp_old[1] + 2 : ie;
300
306
301
-
while (tmp_old + tmp_old[1] + 2 - ie <= ielen) {
307
+
while (tmp_old + 2 - ie <= ielen &&
308
+
tmp_old + tmp_old[1] + 2 - ie <= ielen) {
302
309
if (tmp_old[0] == 0) {
303
310
tmp_old++;
304
311
continue;
···
359
364
* copied to new ie, skip ssid, capability, bssid-index ie
360
365
*/
361
366
tmp_new = sub_copy;
362
-
while (tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) {
367
+
while (tmp_new + 2 - sub_copy <= subie_len &&
368
+
tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) {
363
369
if (!(tmp_new[0] == WLAN_EID_NON_TX_BSSID_CAP ||
364
370
tmp_new[0] == WLAN_EID_SSID)) {
365
371
memcpy(pos, tmp_new, tmp_new[1] + 2);
···
422
426
}
423
427
424
428
rcu_read_unlock();
429
+
430
+
/*
431
+
* This is a bit weird - it's not on the list, but already on another
432
+
* one! The only way that could happen is if there's some BSSID/SSID
433
+
* shared by multiple APs in their multi-BSSID profiles, potentially
434
+
* with hidden SSID mixed in ... ignore it.
435
+
*/
436
+
if (!list_empty(&nontrans_bss->nontrans_list))
437
+
return -EINVAL;
425
438
426
439
/* add to the list */
427
440
list_add_tail(&nontrans_bss->nontrans_list, &trans_bss->nontrans_list);
···
1607
1602
u8 bssid_index;
1608
1603
};
1609
1604
1605
+
static void cfg80211_update_hidden_bsses(struct cfg80211_internal_bss *known,
1606
+
const struct cfg80211_bss_ies *new_ies,
1607
+
const struct cfg80211_bss_ies *old_ies)
1608
+
{
1609
+
struct cfg80211_internal_bss *bss;
1610
+
1611
+
/* Assign beacon IEs to all sub entries */
1612
+
list_for_each_entry(bss, &known->hidden_list, hidden_list) {
1613
+
const struct cfg80211_bss_ies *ies;
1614
+
1615
+
ies = rcu_access_pointer(bss->pub.beacon_ies);
1616
+
WARN_ON(ies != old_ies);
1617
+
1618
+
rcu_assign_pointer(bss->pub.beacon_ies, new_ies);
1619
+
}
1620
+
}
1621
+
1610
1622
static bool
1611
1623
cfg80211_update_known_bss(struct cfg80211_registered_device *rdev,
1612
1624
struct cfg80211_internal_bss *known,
···
1647
1625
kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head);
1648
1626
} else if (rcu_access_pointer(new->pub.beacon_ies)) {
1649
1627
const struct cfg80211_bss_ies *old;
1650
-
struct cfg80211_internal_bss *bss;
1651
1628
1652
1629
if (known->pub.hidden_beacon_bss &&
1653
1630
!list_empty(&known->hidden_list)) {
···
1674
1653
if (old == rcu_access_pointer(known->pub.ies))
1675
1654
rcu_assign_pointer(known->pub.ies, new->pub.beacon_ies);
1676
1655
1677
-
/* Assign beacon IEs to all sub entries */
1678
-
list_for_each_entry(bss, &known->hidden_list, hidden_list) {
1679
-
const struct cfg80211_bss_ies *ies;
1680
-
1681
-
ies = rcu_access_pointer(bss->pub.beacon_ies);
1682
-
WARN_ON(ies != old);
1683
-
1684
-
rcu_assign_pointer(bss->pub.beacon_ies,
1685
-
new->pub.beacon_ies);
1686
-
}
1656
+
cfg80211_update_hidden_bsses(known, new->pub.beacon_ies, old);
1687
1657
1688
1658
if (old)
1689
1659
kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head);
···
1751
1739
new->refcount = 1;
1752
1740
INIT_LIST_HEAD(&new->hidden_list);
1753
1741
INIT_LIST_HEAD(&new->pub.nontrans_list);
1742
+
/* we'll set this later if it was non-NULL */
1743
+
new->pub.transmitted_bss = NULL;
1754
1744
1755
1745
if (rcu_access_pointer(tmp->pub.proberesp_ies)) {
1756
1746
hidden = rb_find_bss(rdev, tmp, BSS_CMP_HIDE_ZLEN);
···
2035
2021
spin_lock_bh(&rdev->bss_lock);
2036
2022
if (cfg80211_add_nontrans_list(non_tx_data->tx_bss,
2037
2023
&res->pub)) {
2038
-
if (__cfg80211_unlink_bss(rdev, res))
2024
+
if (__cfg80211_unlink_bss(rdev, res)) {
2039
2025
rdev->bss_generation++;
2026
+
res = NULL;
2027
+
}
2040
2028
}
2041
2029
spin_unlock_bh(&rdev->bss_lock);
2030
+
2031
+
if (!res)
2032
+
return NULL;
2042
2033
}
2043
2034
2044
2035
trace_cfg80211_return_bss(&res->pub);
···
2161
2142
2162
2143
for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, ie, ielen) {
2163
2144
if (elem->datalen < 4)
2145
+
continue;
2146
+
if (elem->data[0] < 1 || (int)elem->data[0] > 8)
2164
2147
continue;
2165
2148
for_each_element(sub, elem->data + 1, elem->datalen - 1) {
2166
2149
u8 profile_len;
···
2300
2279
size_t new_ie_len;
2301
2280
struct cfg80211_bss_ies *new_ies;
2302
2281
const struct cfg80211_bss_ies *old;
2303
-
u8 cpy_len;
2282
+
size_t cpy_len;
2304
2283
2305
2284
lockdep_assert_held(&wiphy_to_rdev(wiphy)->bss_lock);
2306
2285
···
2367
2346
} else {
2368
2347
old = rcu_access_pointer(nontrans_bss->beacon_ies);
2369
2348
rcu_assign_pointer(nontrans_bss->beacon_ies, new_ies);
2349
+
cfg80211_update_hidden_bsses(bss_from_pub(nontrans_bss),
2350
+
new_ies, old);
2370
2351
rcu_assign_pointer(nontrans_bss->ies, new_ies);
2371
2352
if (old)
2372
2353
kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head);
+21
-19
net/wireless/util.c
+21
-19
net/wireless/util.c
···
559
559
return -1;
560
560
561
561
hdrlen = ieee80211_hdrlen(hdr->frame_control) + data_offset;
562
-
if (skb->len < hdrlen + 8)
562
+
if (skb->len < hdrlen)
563
563
return -1;
564
564
565
565
/* convert IEEE 802.11 header + possible LLC headers into Ethernet
···
574
574
memcpy(tmp.h_dest, ieee80211_get_DA(hdr), ETH_ALEN);
575
575
memcpy(tmp.h_source, ieee80211_get_SA(hdr), ETH_ALEN);
576
576
577
-
if (iftype == NL80211_IFTYPE_MESH_POINT)
578
-
skb_copy_bits(skb, hdrlen, &mesh_flags, 1);
577
+
if (iftype == NL80211_IFTYPE_MESH_POINT &&
578
+
skb_copy_bits(skb, hdrlen, &mesh_flags, 1) < 0)
579
+
return -1;
579
580
580
581
mesh_flags &= MESH_FLAGS_AE;
581
582
···
596
595
if (iftype == NL80211_IFTYPE_MESH_POINT) {
597
596
if (mesh_flags == MESH_FLAGS_AE_A4)
598
597
return -1;
599
-
if (mesh_flags == MESH_FLAGS_AE_A5_A6) {
600
-
skb_copy_bits(skb, hdrlen +
601
-
offsetof(struct ieee80211s_hdr, eaddr1),
602
-
tmp.h_dest, 2 * ETH_ALEN);
603
-
}
598
+
if (mesh_flags == MESH_FLAGS_AE_A5_A6 &&
599
+
skb_copy_bits(skb, hdrlen +
600
+
offsetof(struct ieee80211s_hdr, eaddr1),
601
+
tmp.h_dest, 2 * ETH_ALEN) < 0)
602
+
return -1;
603
+
604
604
hdrlen += __ieee80211_get_mesh_hdrlen(mesh_flags);
605
605
}
606
606
break;
···
615
613
if (iftype == NL80211_IFTYPE_MESH_POINT) {
616
614
if (mesh_flags == MESH_FLAGS_AE_A5_A6)
617
615
return -1;
618
-
if (mesh_flags == MESH_FLAGS_AE_A4)
619
-
skb_copy_bits(skb, hdrlen +
620
-
offsetof(struct ieee80211s_hdr, eaddr1),
621
-
tmp.h_source, ETH_ALEN);
616
+
if (mesh_flags == MESH_FLAGS_AE_A4 &&
617
+
skb_copy_bits(skb, hdrlen +
618
+
offsetof(struct ieee80211s_hdr, eaddr1),
619
+
tmp.h_source, ETH_ALEN) < 0)
620
+
return -1;
622
621
hdrlen += __ieee80211_get_mesh_hdrlen(mesh_flags);
623
622
}
624
623
break;
···
631
628
break;
632
629
}
633
630
634
-
skb_copy_bits(skb, hdrlen, &payload, sizeof(payload));
635
-
tmp.h_proto = payload.proto;
636
-
637
-
if (likely((!is_amsdu && ether_addr_equal(payload.hdr, rfc1042_header) &&
638
-
tmp.h_proto != htons(ETH_P_AARP) &&
639
-
tmp.h_proto != htons(ETH_P_IPX)) ||
640
-
ether_addr_equal(payload.hdr, bridge_tunnel_header))) {
631
+
if (likely(skb_copy_bits(skb, hdrlen, &payload, sizeof(payload)) == 0 &&
632
+
((!is_amsdu && ether_addr_equal(payload.hdr, rfc1042_header) &&
633
+
payload.proto != htons(ETH_P_AARP) &&
634
+
payload.proto != htons(ETH_P_IPX)) ||
635
+
ether_addr_equal(payload.hdr, bridge_tunnel_header)))) {
641
636
/* remove RFC1042 or Bridge-Tunnel encapsulation and
642
637
* replace EtherType */
643
638
hdrlen += ETH_ALEN + 2;
639
+
tmp.h_proto = payload.proto;
644
640
skb_postpull_rcsum(skb, &payload, ETH_ALEN + 2);
645
641
} else {
646
642
tmp.h_proto = htons(skb->len - hdrlen);
+10
-7
net/wireless/wext-core.c
+10
-7
net/wireless/wext-core.c
···
468
468
struct __compat_iw_event *compat_event;
469
469
struct compat_iw_point compat_wrqu;
470
470
struct sk_buff *compskb;
471
+
int ptr_len;
471
472
#endif
472
473
473
474
/*
···
583
582
nlmsg_end(skb, nlh);
584
583
#ifdef CONFIG_COMPAT
585
584
hdr_len = compat_event_type_size[descr->header_type];
585
+
586
+
/* ptr_len is remaining size in event header apart from LCP */
587
+
ptr_len = hdr_len - IW_EV_COMPAT_LCP_LEN;
586
588
event_len = hdr_len + extra_len;
587
589
588
590
compskb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
···
616
612
if (descr->header_type == IW_HEADER_TYPE_POINT) {
617
613
compat_wrqu.length = wrqu->data.length;
618
614
compat_wrqu.flags = wrqu->data.flags;
619
-
memcpy(&compat_event->pointer,
620
-
((char *) &compat_wrqu) + IW_EV_COMPAT_POINT_OFF,
621
-
hdr_len - IW_EV_COMPAT_LCP_LEN);
615
+
memcpy(compat_event->ptr_bytes,
616
+
((char *)&compat_wrqu) + IW_EV_COMPAT_POINT_OFF,
617
+
ptr_len);
622
618
if (extra_len)
623
-
memcpy(((char *) compat_event) + hdr_len,
624
-
extra, extra_len);
619
+
memcpy(&compat_event->ptr_bytes[ptr_len],
620
+
extra, extra_len);
625
621
} else {
626
622
/* extra_len must be zero, so no if (extra) needed */
627
-
memcpy(&compat_event->pointer, wrqu,
628
-
hdr_len - IW_EV_COMPAT_LCP_LEN);
623
+
memcpy(compat_event->ptr_bytes, wrqu, ptr_len);
629
624
}
630
625
631
626
nlmsg_end(compskb, nlh);
+5
tools/testing/selftests/net/fib_nexthops.sh
+5
tools/testing/selftests/net/fib_nexthops.sh
···
1223
1223
log_test $rc 0 "Delete nexthop route warning"
1224
1224
run_cmd "$IP route delete 172.16.101.1/32 nhid 12"
1225
1225
run_cmd "$IP nexthop del id 12"
1226
+
1227
+
run_cmd "$IP nexthop add id 21 via 172.16.1.6 dev veth1"
1228
+
run_cmd "$IP ro add 172.16.101.0/24 nhid 21"
1229
+
run_cmd "$IP ro del 172.16.101.0/24 nexthop via 172.16.1.7 dev veth1 nexthop via 172.16.1.8 dev veth1"
1230
+
log_test $? 2 "Delete multipath route with only nh id based entry"
1226
1231
}
1227
1232
1228
1233
ipv4_grp_fcnal()
+1
-1
tools/testing/selftests/netfilter/Makefile
+1
-1
tools/testing/selftests/netfilter/Makefile
···
6
6
nft_concat_range.sh nft_conntrack_helper.sh \
7
7
nft_queue.sh nft_meta.sh nf_nat_edemux.sh \
8
8
ipip-conntrack-mtu.sh conntrack_tcp_unreplied.sh \
9
-
conntrack_vrf.sh nft_synproxy.sh
9
+
conntrack_vrf.sh nft_synproxy.sh rpath.sh
10
10
11
11
CFLAGS += $(shell pkg-config --cflags libmnl 2>/dev/null || echo "-I/usr/include/libmnl")
12
12
LDLIBS = -lmnl
+1
tools/testing/selftests/netfilter/nft_fib.sh
+1
tools/testing/selftests/netfilter/nft_fib.sh
···
188
188
ip netns exec ${nsrouter} sysctl net.ipv6.conf.all.forwarding=1 > /dev/null
189
189
ip netns exec ${nsrouter} sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null
190
190
ip netns exec ${nsrouter} sysctl net.ipv4.conf.veth1.forwarding=1 > /dev/null
191
+
ip netns exec ${nsrouter} sysctl net.ipv4.conf.all.rp_filter=0 > /dev/null
191
192
ip netns exec ${nsrouter} sysctl net.ipv4.conf.veth0.rp_filter=0 > /dev/null
192
193
193
194
sleep 3
+147
tools/testing/selftests/netfilter/rpath.sh
+147
tools/testing/selftests/netfilter/rpath.sh
···
1
+
#!/bin/bash
2
+
# SPDX-License-Identifier: GPL-2.0
3
+
4
+
# return code to signal skipped test
5
+
ksft_skip=4
6
+
7
+
# search for legacy iptables (it uses the xtables extensions
8
+
if iptables-legacy --version >/dev/null 2>&1; then
9
+
iptables='iptables-legacy'
10
+
elif iptables --version >/dev/null 2>&1; then
11
+
iptables='iptables'
12
+
else
13
+
iptables=''
14
+
fi
15
+
16
+
if ip6tables-legacy --version >/dev/null 2>&1; then
17
+
ip6tables='ip6tables-legacy'
18
+
elif ! ip6tables --version >/dev/null 2>&1; then
19
+
ip6tables='ip6tables'
20
+
else
21
+
ip6tables=''
22
+
fi
23
+
24
+
if nft --version >/dev/null 2>&1; then
25
+
nft='nft'
26
+
else
27
+
nft=''
28
+
fi
29
+
30
+
if [ -z "$iptables$ip6tables$nft" ]; then
31
+
echo "SKIP: Test needs iptables, ip6tables or nft"
32
+
exit $ksft_skip
33
+
fi
34
+
35
+
sfx=$(mktemp -u "XXXXXXXX")
36
+
ns1="ns1-$sfx"
37
+
ns2="ns2-$sfx"
38
+
trap "ip netns del $ns1; ip netns del $ns2" EXIT
39
+
40
+
# create two netns, disable rp_filter in ns2 and
41
+
# keep IPv6 address when moving into VRF
42
+
ip netns add "$ns1"
43
+
ip netns add "$ns2"
44
+
ip netns exec "$ns2" sysctl -q net.ipv4.conf.all.rp_filter=0
45
+
ip netns exec "$ns2" sysctl -q net.ipv4.conf.default.rp_filter=0
46
+
ip netns exec "$ns2" sysctl -q net.ipv6.conf.all.keep_addr_on_down=1
47
+
48
+
# a standard connection between the netns, should not trigger rp filter
49
+
ip -net "$ns1" link add v0 type veth peer name v0 netns "$ns2"
50
+
ip -net "$ns1" link set v0 up; ip -net "$ns2" link set v0 up
51
+
ip -net "$ns1" a a 192.168.23.2/24 dev v0
52
+
ip -net "$ns2" a a 192.168.23.1/24 dev v0
53
+
ip -net "$ns1" a a fec0:23::2/64 dev v0 nodad
54
+
ip -net "$ns2" a a fec0:23::1/64 dev v0 nodad
55
+
56
+
# rp filter testing: ns1 sends packets via v0 which ns2 would route back via d0
57
+
ip -net "$ns2" link add d0 type dummy
58
+
ip -net "$ns2" link set d0 up
59
+
ip -net "$ns1" a a 192.168.42.2/24 dev v0
60
+
ip -net "$ns2" a a 192.168.42.1/24 dev d0
61
+
ip -net "$ns1" a a fec0:42::2/64 dev v0 nodad
62
+
ip -net "$ns2" a a fec0:42::1/64 dev d0 nodad
63
+
64
+
# firewall matches to test
65
+
ip netns exec "$ns2" "$iptables" -t raw -A PREROUTING -s 192.168.0.0/16 -m rpfilter
66
+
ip netns exec "$ns2" "$ip6tables" -t raw -A PREROUTING -s fec0::/16 -m rpfilter
67
+
ip netns exec "$ns2" nft -f - <<EOF
68
+
table inet t {
69
+
chain c {
70
+
type filter hook prerouting priority raw;
71
+
ip saddr 192.168.0.0/16 fib saddr . iif oif exists counter
72
+
ip6 saddr fec0::/16 fib saddr . iif oif exists counter
73
+
}
74
+
}
75
+
EOF
76
+
77
+
die() {
78
+
echo "FAIL: $*"
79
+
#ip netns exec "$ns2" "$iptables" -t raw -vS
80
+
#ip netns exec "$ns2" "$ip6tables" -t raw -vS
81
+
#ip netns exec "$ns2" nft list ruleset
82
+
exit 1
83
+
}
84
+
85
+
# check rule counters, return true if rule did not match
86
+
ipt_zero_rule() { # (command)
87
+
[ -n "$1" ] || return 0
88
+
ip netns exec "$ns2" "$1" -t raw -vS | grep -q -- "-m rpfilter -c 0 0"
89
+
}
90
+
nft_zero_rule() { # (family)
91
+
[ -n "$nft" ] || return 0
92
+
ip netns exec "$ns2" "$nft" list chain inet t c | \
93
+
grep -q "$1 saddr .* counter packets 0 bytes 0"
94
+
}
95
+
96
+
netns_ping() { # (netns, args...)
97
+
local netns="$1"
98
+
shift
99
+
ip netns exec "$netns" ping -q -c 1 -W 1 "$@" >/dev/null
100
+
}
101
+
102
+
testrun() {
103
+
# clear counters first
104
+
[ -n "$iptables" ] && ip netns exec "$ns2" "$iptables" -t raw -Z
105
+
[ -n "$ip6tables" ] && ip netns exec "$ns2" "$ip6tables" -t raw -Z
106
+
if [ -n "$nft" ]; then
107
+
(
108
+
echo "delete table inet t";
109
+
ip netns exec "$ns2" nft -s list table inet t;
110
+
) | ip netns exec "$ns2" nft -f -
111
+
fi
112
+
113
+
# test 1: martian traffic should fail rpfilter matches
114
+
netns_ping "$ns1" -I v0 192.168.42.1 && \
115
+
die "martian ping 192.168.42.1 succeeded"
116
+
netns_ping "$ns1" -I v0 fec0:42::1 && \
117
+
die "martian ping fec0:42::1 succeeded"
118
+
119
+
ipt_zero_rule "$iptables" || die "iptables matched martian"
120
+
ipt_zero_rule "$ip6tables" || die "ip6tables matched martian"
121
+
nft_zero_rule ip || die "nft IPv4 matched martian"
122
+
nft_zero_rule ip6 || die "nft IPv6 matched martian"
123
+
124
+
# test 2: rpfilter match should pass for regular traffic
125
+
netns_ping "$ns1" 192.168.23.1 || \
126
+
die "regular ping 192.168.23.1 failed"
127
+
netns_ping "$ns1" fec0:23::1 || \
128
+
die "regular ping fec0:23::1 failed"
129
+
130
+
ipt_zero_rule "$iptables" && die "iptables match not effective"
131
+
ipt_zero_rule "$ip6tables" && die "ip6tables match not effective"
132
+
nft_zero_rule ip && die "nft IPv4 match not effective"
133
+
nft_zero_rule ip6 && die "nft IPv6 match not effective"
134
+
135
+
}
136
+
137
+
testrun
138
+
139
+
# repeat test with vrf device in $ns2
140
+
ip -net "$ns2" link add vrf0 type vrf table 10
141
+
ip -net "$ns2" link set vrf0 up
142
+
ip -net "$ns2" link set v0 master vrf0
143
+
144
+
testrun
145
+
146
+
echo "PASS: netfilter reverse path match works as intended"
147
+
exit 0