tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Merge in fixes directly in prep for the 5.17 merge window.
No conflicts.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+398
-145
+1
-1
drivers/net/amt.c
+1
-1
drivers/net/amt.c
+2
-3
drivers/net/can/rcar/rcar_canfd.c
+2
-3
drivers/net/can/rcar/rcar_canfd.c
···
1633
1633
ndev = alloc_candev(sizeof(*priv), RCANFD_FIFO_DEPTH);
1634
1634
if (!ndev) {
1635
1635
dev_err(&pdev->dev, "alloc_candev() failed\n");
1636
-
err = -ENOMEM;
1637
-
goto fail;
1636
+
return -ENOMEM;
1638
1637
}
1639
1638
priv = netdev_priv(ndev);
1640
1639
···
1729
1730
1730
1731
fail_candev:
1731
1732
netif_napi_del(&priv->napi);
1732
-
free_candev(ndev);
1733
1733
fail:
1734
+
free_candev(ndev);
1734
1735
return err;
1735
1736
}
1736
1737
+1
-1
drivers/net/can/softing/softing_cs.c
+1
-1
drivers/net/can/softing/softing_cs.c
+6
-5
drivers/net/can/softing/softing_fw.c
+6
-5
drivers/net/can/softing/softing_fw.c
···
565
565
if (ret < 0)
566
566
goto failed;
567
567
}
568
-
/* enable_error_frame */
569
-
/*
568
+
569
+
/* enable_error_frame
570
+
*
570
571
* Error reporting is switched off at the moment since
571
572
* the receiving of them is not yet 100% verified
572
573
* This should be enabled sooner or later
573
-
*
574
-
if (error_reporting) {
574
+
*/
575
+
if (0 && error_reporting) {
575
576
ret = softing_fct_cmd(card, 51, "enable_error_frame");
576
577
if (ret < 0)
577
578
goto failed;
578
579
}
579
-
*/
580
+
580
581
/* initialize interface */
581
582
iowrite16(1, &card->dpram[DPRAM_FCT_PARAM + 2]);
582
583
iowrite16(1, &card->dpram[DPRAM_FCT_PARAM + 4]);
+4
-1
drivers/net/can/usb/gs_usb.c
+4
-1
drivers/net/can/usb/gs_usb.c
···
321
321
322
322
/* device reports out of range channel id */
323
323
if (hf->channel >= GS_MAX_INTF)
324
-
goto resubmit_urb;
324
+
goto device_detach;
325
325
326
326
dev = usbcan->canch[hf->channel];
327
327
···
405
405
406
406
/* USB failure take down all interfaces */
407
407
if (rc == -ENODEV) {
408
+
device_detach:
408
409
for (rc = 0; rc < GS_MAX_INTF; rc++) {
409
410
if (usbcan->canch[rc])
410
411
netif_device_detach(usbcan->canch[rc]->netdev);
···
507
506
508
507
hf->echo_id = idx;
509
508
hf->channel = dev->channel;
509
+
hf->flags = 0;
510
+
hf->reserved = 0;
510
511
511
512
cf = (struct can_frame *)skb->data;
512
513
+6
-1
drivers/net/can/xilinx_can.c
+6
-1
drivers/net/can/xilinx_can.c
···
1758
1758
spin_lock_init(&priv->tx_lock);
1759
1759
1760
1760
/* Get IRQ for the device */
1761
-
ndev->irq = platform_get_irq(pdev, 0);
1761
+
ret = platform_get_irq(pdev, 0);
1762
+
if (ret < 0)
1763
+
goto err_free;
1764
+
1765
+
ndev->irq = ret;
1766
+
1762
1767
ndev->flags |= IFF_ECHO; /* We support local echo */
1763
1768
1764
1769
platform_set_drvdata(pdev, ndev);
+16
-5
drivers/net/ethernet/freescale/fman/mac.c
+16
-5
drivers/net/ethernet/freescale/fman/mac.c
···
94
94
__func__, ex);
95
95
}
96
96
97
-
static void set_fman_mac_params(struct mac_device *mac_dev,
98
-
struct fman_mac_params *params)
97
+
static int set_fman_mac_params(struct mac_device *mac_dev,
98
+
struct fman_mac_params *params)
99
99
{
100
100
struct mac_priv_s *priv = mac_dev->priv;
101
101
102
102
params->base_addr = (typeof(params->base_addr))
103
103
devm_ioremap(priv->dev, mac_dev->res->start,
104
104
resource_size(mac_dev->res));
105
+
if (!params->base_addr)
106
+
return -ENOMEM;
107
+
105
108
memcpy(¶ms->addr, mac_dev->addr, sizeof(mac_dev->addr));
106
109
params->max_speed = priv->max_speed;
107
110
params->phy_if = mac_dev->phy_if;
···
115
112
params->event_cb = mac_exception;
116
113
params->dev_id = mac_dev;
117
114
params->internal_phy_node = priv->internal_phy_node;
115
+
116
+
return 0;
118
117
}
119
118
120
119
static int tgec_initialization(struct mac_device *mac_dev)
···
128
123
129
124
priv = mac_dev->priv;
130
125
131
-
set_fman_mac_params(mac_dev, ¶ms);
126
+
err = set_fman_mac_params(mac_dev, ¶ms);
127
+
if (err)
128
+
goto _return;
132
129
133
130
mac_dev->fman_mac = tgec_config(¶ms);
134
131
if (!mac_dev->fman_mac) {
···
176
169
177
170
priv = mac_dev->priv;
178
171
179
-
set_fman_mac_params(mac_dev, ¶ms);
172
+
err = set_fman_mac_params(mac_dev, ¶ms);
173
+
if (err)
174
+
goto _return;
180
175
181
176
mac_dev->fman_mac = dtsec_config(¶ms);
182
177
if (!mac_dev->fman_mac) {
···
227
218
228
219
priv = mac_dev->priv;
229
220
230
-
set_fman_mac_params(mac_dev, ¶ms);
221
+
err = set_fman_mac_params(mac_dev, ¶ms);
222
+
if (err)
223
+
goto _return;
231
224
232
225
if (priv->max_speed == SPEED_10000)
233
226
params.phy_if = PHY_INTERFACE_MODE_XGMII;
+2
drivers/net/ethernet/marvell/octeontx2/af/ptp.c
+2
drivers/net/ethernet/marvell/octeontx2/af/ptp.c
+2
-3
drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.c
+2
-3
drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.c
···
172
172
{
173
173
struct rvu *rvu = block->rvu;
174
174
int blkaddr = block->addr;
175
-
char irq_name[16];
176
175
int i, ret;
177
176
178
177
for (i = CPT_10K_AF_INT_VEC_FLT0; i < CPT_10K_AF_INT_VEC_RVU; i++) {
179
-
snprintf(irq_name, sizeof(irq_name), "CPTAF FLT%d", i);
178
+
sprintf(&rvu->irq_name[(off + i) * NAME_SIZE], "CPTAF FLT%d", i);
180
179
ret = rvu_cpt_do_register_interrupt(block, off + i,
181
180
rvu_cpt_af_flt_intr_handler,
182
-
irq_name);
181
+
&rvu->irq_name[(off + i) * NAME_SIZE]);
183
182
if (ret)
184
183
goto err;
185
184
rvu_write64(rvu, blkaddr, CPT_AF_FLTX_INT_ENA_W1S(i), 0x1);
+1
-1
drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c
+1
-1
drivers/net/ethernet/marvell/octeontx2/af/rvu_devlink.c
···
41
41
struct rvu_devlink *rvu_dl = rvu->rvu_dl;
42
42
int rc;
43
43
44
-
sprintf(&rvu->irq_name[offset * NAME_SIZE], name);
44
+
sprintf(&rvu->irq_name[offset * NAME_SIZE], "%s", name);
45
45
rc = request_irq(pci_irq_vector(rvu->pdev, offset), fn, 0,
46
46
&rvu->irq_name[offset * NAME_SIZE], rvu_dl);
47
47
if (rc)
+4
-1
drivers/net/ethernet/marvell/octeontx2/nic/otx2_vf.c
+4
-1
drivers/net/ethernet/marvell/octeontx2/nic/otx2_vf.c
···
684
684
err = register_netdev(netdev);
685
685
if (err) {
686
686
dev_err(dev, "Failed to register netdevice\n");
687
-
goto err_detach_rsrc;
687
+
goto err_ptp_destroy;
688
688
}
689
689
690
690
err = otx2_wq_init(vf);
···
709
709
710
710
err_unreg_netdev:
711
711
unregister_netdev(netdev);
712
+
err_ptp_destroy:
713
+
otx2_ptp_destroy(vf);
712
714
err_detach_rsrc:
713
715
if (test_bit(CN10K_LMTST, &vf->hw.cap_flag))
714
716
qmem_free(vf->dev, vf->dync_lmt);
···
744
742
unregister_netdev(netdev);
745
743
if (vf->otx2_wq)
746
744
destroy_workqueue(vf->otx2_wq);
745
+
otx2_ptp_destroy(vf);
747
746
otx2vf_disable_mbox_intr(vf);
748
747
otx2_detach_resources(&vf->mbox);
749
748
if (test_bit(CN10K_LMTST, &vf->hw.cap_flag))
+7
-29
drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+7
-29
drivers/net/ethernet/mellanox/mlx5/core/cmd.c
···
148
148
if (!refcount_dec_and_test(&ent->refcnt))
149
149
return;
150
150
151
-
if (ent->idx >= 0)
152
-
cmd_free_index(ent->cmd, ent->idx);
151
+
if (ent->idx >= 0) {
152
+
struct mlx5_cmd *cmd = ent->cmd;
153
+
154
+
cmd_free_index(cmd, ent->idx);
155
+
up(ent->page_queue ? &cmd->pages_sem : &cmd->sem);
156
+
}
153
157
154
158
cmd_free_ent(ent);
155
159
}
···
904
900
return cmd->allowed_opcode == opcode;
905
901
}
906
902
907
-
static int cmd_alloc_index_retry(struct mlx5_cmd *cmd)
908
-
{
909
-
unsigned long alloc_end = jiffies + msecs_to_jiffies(1000);
910
-
int idx;
911
-
912
-
retry:
913
-
idx = cmd_alloc_index(cmd);
914
-
if (idx < 0 && time_before(jiffies, alloc_end)) {
915
-
/* Index allocation can fail on heavy load of commands. This is a temporary
916
-
* situation as the current command already holds the semaphore, meaning that
917
-
* another command completion is being handled and it is expected to release
918
-
* the entry index soon.
919
-
*/
920
-
cpu_relax();
921
-
goto retry;
922
-
}
923
-
return idx;
924
-
}
925
-
926
903
bool mlx5_cmd_is_down(struct mlx5_core_dev *dev)
927
904
{
928
905
return pci_channel_offline(dev->pdev) ||
···
931
946
sem = ent->page_queue ? &cmd->pages_sem : &cmd->sem;
932
947
down(sem);
933
948
if (!ent->page_queue) {
934
-
alloc_ret = cmd_alloc_index_retry(cmd);
949
+
alloc_ret = cmd_alloc_index(cmd);
935
950
if (alloc_ret < 0) {
936
951
mlx5_core_err_rl(dev, "failed to allocate command entry\n");
937
952
if (ent->callback) {
···
1587
1602
vector = vec & 0xffffffff;
1588
1603
for (i = 0; i < (1 << cmd->log_sz); i++) {
1589
1604
if (test_bit(i, &vector)) {
1590
-
struct semaphore *sem;
1591
-
1592
1605
ent = cmd->ent_arr[i];
1593
1606
1594
1607
/* if we already completed the command, ignore it */
···
1609
1626
dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR)
1610
1627
cmd_ent_put(ent);
1611
1628
1612
-
if (ent->page_queue)
1613
-
sem = &cmd->pages_sem;
1614
-
else
1615
-
sem = &cmd->sem;
1616
1629
ent->ts2 = ktime_get_ns();
1617
1630
memcpy(ent->out->first.data, ent->lay->out, sizeof(ent->lay->out));
1618
1631
dump_command(dev, ent, 0);
···
1662
1683
*/
1663
1684
complete(&ent->done);
1664
1685
}
1665
-
up(sem);
1666
1686
}
1667
1687
}
1668
1688
}
+2
drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c
+2
drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c
···
1579
1579
struct net_device *fib_dev;
1580
1580
1581
1581
fen_info = container_of(info, struct fib_entry_notifier_info, info);
1582
+
if (fen_info->fi->nh)
1583
+
return NULL;
1582
1584
fib_dev = fib_info_nh(fen_info->fi, 0)->fib_nh_dev;
1583
1585
if (!fib_dev || fib_dev->netdev_ops != &mlx5e_netdev_ops ||
1584
1586
fen_info->dst_len != 32)
+2
-2
drivers/net/ethernet/mellanox/mlx5/core/en/xsk/pool.c
+2
-2
drivers/net/ethernet/mellanox/mlx5/core/en/xsk/pool.c
···
11
11
{
12
12
struct device *dev = mlx5_core_dma_dev(priv->mdev);
13
13
14
-
return xsk_pool_dma_map(pool, dev, 0);
14
+
return xsk_pool_dma_map(pool, dev, DMA_ATTR_SKIP_CPU_SYNC);
15
15
}
16
16
17
17
static void mlx5e_xsk_unmap_pool(struct mlx5e_priv *priv,
18
18
struct xsk_buff_pool *pool)
19
19
{
20
-
return xsk_pool_dma_unmap(pool, 0);
20
+
return xsk_pool_dma_unmap(pool, DMA_ATTR_SKIP_CPU_SYNC);
21
21
}
22
22
23
23
static int mlx5e_xsk_get_pools(struct mlx5e_xsk *xsk)
+13
-6
drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+13
-6
drivers/net/ethernet/mellanox/mlx5/core/en_main.c
···
4818
4818
}
4819
4819
4820
4820
if (mlx5_vxlan_allowed(mdev->vxlan) || mlx5_geneve_tx_allowed(mdev)) {
4821
-
netdev->hw_features |= NETIF_F_GSO_UDP_TUNNEL;
4822
-
netdev->hw_enc_features |= NETIF_F_GSO_UDP_TUNNEL;
4823
-
netdev->vlan_features |= NETIF_F_GSO_UDP_TUNNEL;
4821
+
netdev->hw_features |= NETIF_F_GSO_UDP_TUNNEL |
4822
+
NETIF_F_GSO_UDP_TUNNEL_CSUM;
4823
+
netdev->hw_enc_features |= NETIF_F_GSO_UDP_TUNNEL |
4824
+
NETIF_F_GSO_UDP_TUNNEL_CSUM;
4825
+
netdev->gso_partial_features = NETIF_F_GSO_UDP_TUNNEL_CSUM;
4826
+
netdev->vlan_features |= NETIF_F_GSO_UDP_TUNNEL |
4827
+
NETIF_F_GSO_UDP_TUNNEL_CSUM;
4824
4828
}
4825
4829
4826
4830
if (mlx5e_tunnel_proto_supported_tx(mdev, IPPROTO_GRE)) {
4827
-
netdev->hw_features |= NETIF_F_GSO_GRE;
4828
-
netdev->hw_enc_features |= NETIF_F_GSO_GRE;
4829
-
netdev->gso_partial_features |= NETIF_F_GSO_GRE;
4831
+
netdev->hw_features |= NETIF_F_GSO_GRE |
4832
+
NETIF_F_GSO_GRE_CSUM;
4833
+
netdev->hw_enc_features |= NETIF_F_GSO_GRE |
4834
+
NETIF_F_GSO_GRE_CSUM;
4835
+
netdev->gso_partial_features |= NETIF_F_GSO_GRE |
4836
+
NETIF_F_GSO_GRE_CSUM;
4830
4837
}
4831
4838
4832
4839
if (mlx5e_tunnel_proto_supported_tx(mdev, IPPROTO_IPIP)) {
+3
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c
+3
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c
···
50
50
#include "fs_core.h"
51
51
#include "lib/mlx5.h"
52
52
#include "lib/devcom.h"
53
+
#include "lib/vxlan.h"
53
54
#define CREATE_TRACE_POINTS
54
55
#include "diag/en_rep_tracepoint.h"
55
56
#include "en_accel/ipsec.h"
···
1040
1039
rtnl_lock();
1041
1040
if (netif_running(netdev))
1042
1041
mlx5e_open(netdev);
1042
+
udp_tunnel_nic_reset_ntf(priv->netdev);
1043
1043
netif_device_attach(netdev);
1044
1044
rtnl_unlock();
1045
1045
}
···
1062
1060
mlx5_notifier_unregister(mdev, &priv->events_nb);
1063
1061
mlx5e_rep_tc_disable(priv);
1064
1062
mlx5_lag_remove_netdev(mdev, priv->netdev);
1063
+
mlx5_vxlan_reset_to_default(mdev->vxlan);
1065
1064
}
1066
1065
1067
1066
static MLX5E_DEFINE_STATS_GRP(sw_rep, 0);
+4
-3
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
+4
-3
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
···
279
279
if (unlikely(!dma_info->page))
280
280
return -ENOMEM;
281
281
282
-
dma_info->addr = dma_map_page(rq->pdev, dma_info->page, 0,
283
-
PAGE_SIZE, rq->buff.map_dir);
282
+
dma_info->addr = dma_map_page_attrs(rq->pdev, dma_info->page, 0, PAGE_SIZE,
283
+
rq->buff.map_dir, DMA_ATTR_SKIP_CPU_SYNC);
284
284
if (unlikely(dma_mapping_error(rq->pdev, dma_info->addr))) {
285
285
page_pool_recycle_direct(rq->page_pool, dma_info->page);
286
286
dma_info->page = NULL;
···
301
301
302
302
void mlx5e_page_dma_unmap(struct mlx5e_rq *rq, struct mlx5e_dma_info *dma_info)
303
303
{
304
-
dma_unmap_page(rq->pdev, dma_info->addr, PAGE_SIZE, rq->buff.map_dir);
304
+
dma_unmap_page_attrs(rq->pdev, dma_info->addr, PAGE_SIZE, rq->buff.map_dir,
305
+
DMA_ATTR_SKIP_CPU_SYNC);
305
306
}
306
307
307
308
void mlx5e_page_release_dynamic(struct mlx5e_rq *rq,
+116
-4
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+116
-4
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
···
1938
1938
return ip_version;
1939
1939
}
1940
1940
1941
+
/* Tunnel device follows RFC 6040, see include/net/inet_ecn.h.
1942
+
* And changes inner ip_ecn depending on inner and outer ip_ecn as follows:
1943
+
* +---------+----------------------------------------+
1944
+
* |Arriving | Arriving Outer Header |
1945
+
* | Inner +---------+---------+---------+----------+
1946
+
* | Header | Not-ECT | ECT(0) | ECT(1) | CE |
1947
+
* +---------+---------+---------+---------+----------+
1948
+
* | Not-ECT | Not-ECT | Not-ECT | Not-ECT | <drop> |
1949
+
* | ECT(0) | ECT(0) | ECT(0) | ECT(1) | CE* |
1950
+
* | ECT(1) | ECT(1) | ECT(1) | ECT(1)* | CE* |
1951
+
* | CE | CE | CE | CE | CE |
1952
+
* +---------+---------+---------+---------+----------+
1953
+
*
1954
+
* Tc matches on inner after decapsulation on tunnel device, but hw offload matches
1955
+
* the inner ip_ecn value before hardware decap action.
1956
+
*
1957
+
* Cells marked are changed from original inner packet ip_ecn value during decap, and
1958
+
* so matching those values on inner ip_ecn before decap will fail.
1959
+
*
1960
+
* The following helper allows offload when inner ip_ecn won't be changed by outer ip_ecn,
1961
+
* except for the outer ip_ecn = CE, where in all cases inner ip_ecn will be changed to CE,
1962
+
* and such we can drop the inner ip_ecn=CE match.
1963
+
*/
1964
+
1965
+
static int mlx5e_tc_verify_tunnel_ecn(struct mlx5e_priv *priv,
1966
+
struct flow_cls_offload *f,
1967
+
bool *match_inner_ecn)
1968
+
{
1969
+
u8 outer_ecn_mask = 0, outer_ecn_key = 0, inner_ecn_mask = 0, inner_ecn_key = 0;
1970
+
struct flow_rule *rule = flow_cls_offload_flow_rule(f);
1971
+
struct netlink_ext_ack *extack = f->common.extack;
1972
+
struct flow_match_ip match;
1973
+
1974
+
*match_inner_ecn = true;
1975
+
1976
+
if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_IP)) {
1977
+
flow_rule_match_enc_ip(rule, &match);
1978
+
outer_ecn_key = match.key->tos & INET_ECN_MASK;
1979
+
outer_ecn_mask = match.mask->tos & INET_ECN_MASK;
1980
+
}
1981
+
1982
+
if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) {
1983
+
flow_rule_match_ip(rule, &match);
1984
+
inner_ecn_key = match.key->tos & INET_ECN_MASK;
1985
+
inner_ecn_mask = match.mask->tos & INET_ECN_MASK;
1986
+
}
1987
+
1988
+
if (outer_ecn_mask != 0 && outer_ecn_mask != INET_ECN_MASK) {
1989
+
NL_SET_ERR_MSG_MOD(extack, "Partial match on enc_tos ecn bits isn't supported");
1990
+
netdev_warn(priv->netdev, "Partial match on enc_tos ecn bits isn't supported");
1991
+
return -EOPNOTSUPP;
1992
+
}
1993
+
1994
+
if (!outer_ecn_mask) {
1995
+
if (!inner_ecn_mask)
1996
+
return 0;
1997
+
1998
+
NL_SET_ERR_MSG_MOD(extack,
1999
+
"Matching on tos ecn bits without also matching enc_tos ecn bits isn't supported");
2000
+
netdev_warn(priv->netdev,
2001
+
"Matching on tos ecn bits without also matching enc_tos ecn bits isn't supported");
2002
+
return -EOPNOTSUPP;
2003
+
}
2004
+
2005
+
if (inner_ecn_mask && inner_ecn_mask != INET_ECN_MASK) {
2006
+
NL_SET_ERR_MSG_MOD(extack,
2007
+
"Partial match on tos ecn bits with match on enc_tos ecn bits isn't supported");
2008
+
netdev_warn(priv->netdev,
2009
+
"Partial match on tos ecn bits with match on enc_tos ecn bits isn't supported");
2010
+
return -EOPNOTSUPP;
2011
+
}
2012
+
2013
+
if (!inner_ecn_mask)
2014
+
return 0;
2015
+
2016
+
/* Both inner and outer have full mask on ecn */
2017
+
2018
+
if (outer_ecn_key == INET_ECN_ECT_1) {
2019
+
/* inner ecn might change by DECAP action */
2020
+
2021
+
NL_SET_ERR_MSG_MOD(extack, "Match on enc_tos ecn = ECT(1) isn't supported");
2022
+
netdev_warn(priv->netdev, "Match on enc_tos ecn = ECT(1) isn't supported");
2023
+
return -EOPNOTSUPP;
2024
+
}
2025
+
2026
+
if (outer_ecn_key != INET_ECN_CE)
2027
+
return 0;
2028
+
2029
+
if (inner_ecn_key != INET_ECN_CE) {
2030
+
/* Can't happen in software, as packet ecn will be changed to CE after decap */
2031
+
NL_SET_ERR_MSG_MOD(extack,
2032
+
"Match on tos enc_tos ecn = CE while match on tos ecn != CE isn't supported");
2033
+
netdev_warn(priv->netdev,
2034
+
"Match on tos enc_tos ecn = CE while match on tos ecn != CE isn't supported");
2035
+
return -EOPNOTSUPP;
2036
+
}
2037
+
2038
+
/* outer ecn = CE, inner ecn = CE, as decap will change inner ecn to CE in anycase,
2039
+
* drop match on inner ecn
2040
+
*/
2041
+
*match_inner_ecn = false;
2042
+
2043
+
return 0;
2044
+
}
2045
+
1941
2046
static int parse_tunnel_attr(struct mlx5e_priv *priv,
1942
2047
struct mlx5e_tc_flow *flow,
1943
2048
struct mlx5_flow_spec *spec,
···
2236
2131
struct flow_rule *rule = flow_cls_offload_flow_rule(f);
2237
2132
struct flow_dissector *dissector = rule->match.dissector;
2238
2133
enum fs_flow_table_type fs_type;
2134
+
bool match_inner_ecn = true;
2239
2135
u16 addr_type = 0;
2240
2136
u8 ip_proto = 0;
2241
2137
u8 *match_level;
···
2290
2184
headers_c = get_match_inner_headers_criteria(spec);
2291
2185
headers_v = get_match_inner_headers_value(spec);
2292
2186
}
2187
+
2188
+
err = mlx5e_tc_verify_tunnel_ecn(priv, f, &match_inner_ecn);
2189
+
if (err)
2190
+
return err;
2293
2191
}
2294
2192
2295
2193
err = mlx5e_flower_parse_meta(filter_dev, f);
···
2517
2407
struct flow_match_ip match;
2518
2408
2519
2409
flow_rule_match_ip(rule, &match);
2520
-
MLX5_SET(fte_match_set_lyr_2_4, headers_c, ip_ecn,
2521
-
match.mask->tos & 0x3);
2522
-
MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_ecn,
2523
-
match.key->tos & 0x3);
2410
+
if (match_inner_ecn) {
2411
+
MLX5_SET(fte_match_set_lyr_2_4, headers_c, ip_ecn,
2412
+
match.mask->tos & 0x3);
2413
+
MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_ecn,
2414
+
match.key->tos & 0x3);
2415
+
}
2524
2416
2525
2417
MLX5_SET(fte_match_set_lyr_2_4, headers_c, ip_dscp,
2526
2418
match.mask->tos >> 2);
+15
-13
drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
+15
-13
drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
···
295
295
int *i)
296
296
{
297
297
struct mlx5_esw_flow_attr *esw_attr = attr->esw_attr;
298
-
int j, err;
298
+
int err;
299
299
300
300
if (!(attr->flags & MLX5_ESW_ATTR_FLAG_SRC_REWRITE))
301
301
return -EOPNOTSUPP;
302
302
303
-
for (j = esw_attr->split_count; j < esw_attr->out_count; j++, (*i)++) {
304
-
err = esw_setup_chain_dest(dest, flow_act, chains, attr->dest_chain, 1, 0, *i);
305
-
if (err)
306
-
goto err_setup_chain;
303
+
/* flow steering cannot handle more than one dest with the same ft
304
+
* in a single flow
305
+
*/
306
+
if (esw_attr->out_count - esw_attr->split_count > 1)
307
+
return -EOPNOTSUPP;
307
308
308
-
if (esw_attr->dests[j].pkt_reformat) {
309
-
flow_act->action |= MLX5_FLOW_CONTEXT_ACTION_PACKET_REFORMAT;
310
-
flow_act->pkt_reformat = esw_attr->dests[j].pkt_reformat;
311
-
}
309
+
err = esw_setup_chain_dest(dest, flow_act, chains, attr->dest_chain, 1, 0, *i);
310
+
if (err)
311
+
return err;
312
+
313
+
if (esw_attr->dests[esw_attr->split_count].pkt_reformat) {
314
+
flow_act->action |= MLX5_FLOW_CONTEXT_ACTION_PACKET_REFORMAT;
315
+
flow_act->pkt_reformat = esw_attr->dests[esw_attr->split_count].pkt_reformat;
312
316
}
313
-
return 0;
317
+
(*i)++;
314
318
315
-
err_setup_chain:
316
-
esw_put_dest_tables_loop(esw, attr, esw_attr->split_count, j);
317
-
return err;
319
+
return 0;
318
320
}
319
321
320
322
static void esw_cleanup_chain_src_port_rewrite(struct mlx5_eswitch *esw,
+2
-4
drivers/net/ethernet/mellanox/mlx5/core/lag/mp.c
+2
-4
drivers/net/ethernet/mellanox/mlx5/core/lag/mp.c
···
268
268
fen_info = container_of(info, struct fib_entry_notifier_info,
269
269
info);
270
270
fi = fen_info->fi;
271
-
if (fi->nh) {
272
-
NL_SET_ERR_MSG_MOD(info->extack, "IPv4 route with nexthop objects is not supported");
273
-
return notifier_from_errno(-EINVAL);
274
-
}
271
+
if (fi->nh)
272
+
return NOTIFY_DONE;
275
273
fib_dev = fib_info_nh(fen_info->fi, 0)->fib_nh_dev;
276
274
if (fib_dev != ldev->pf[MLX5_LAG_P1].netdev &&
277
275
fib_dev != ldev->pf[MLX5_LAG_P2].netdev) {
+1
-4
drivers/net/ethernet/mellanox/mlx5/core/sf/dev/dev.c
+1
-4
drivers/net/ethernet/mellanox/mlx5/core/sf/dev/dev.c
···
30
30
{
31
31
struct mlx5_sf_dev_table *table = dev->priv.sf_dev_table;
32
32
33
-
if (!mlx5_sf_dev_supported(dev))
34
-
return false;
35
-
36
-
return !xa_empty(&table->devices);
33
+
return table && !xa_empty(&table->devices);
37
34
}
38
35
39
36
static ssize_t sfnum_show(struct device *dev, struct device_attribute *attr, char *buf)
+2
-1
drivers/net/ethernet/rocker/rocker_ofdpa.c
+2
-1
drivers/net/ethernet/rocker/rocker_ofdpa.c
···
2783
2783
if (!ofdpa_port)
2784
2784
continue;
2785
2785
nh->fib_nh_flags &= ~RTNH_F_OFFLOAD;
2786
-
ofdpa_flow_tbl_del(ofdpa_port, OFDPA_OP_FLAG_REMOVE,
2786
+
ofdpa_flow_tbl_del(ofdpa_port,
2787
+
OFDPA_OP_FLAG_REMOVE | OFDPA_OP_FLAG_NOWAIT,
2787
2788
flow_entry);
2788
2789
}
2789
2790
spin_unlock_irqrestore(&ofdpa->flow_tbl_lock, flags);
+6
-1
drivers/net/ppp/ppp_generic.c
+6
-1
drivers/net/ppp/ppp_generic.c
···
69
69
#define MPHDRLEN 6 /* multilink protocol header length */
70
70
#define MPHDRLEN_SSN 4 /* ditto with short sequence numbers */
71
71
72
+
#define PPP_PROTO_LEN 2
73
+
72
74
/*
73
75
* An instance of /dev/ppp can be associated with either a ppp
74
76
* interface unit or a ppp channel. In both cases, file->private_data
···
500
498
501
499
if (!pf)
502
500
return -ENXIO;
501
+
/* All PPP packets should start with the 2-byte protocol */
502
+
if (count < PPP_PROTO_LEN)
503
+
return -EINVAL;
503
504
ret = -ENOMEM;
504
505
skb = alloc_skb(count + pf->hdrlen, GFP_KERNEL);
505
506
if (!skb)
···
1770
1765
}
1771
1766
1772
1767
++ppp->stats64.tx_packets;
1773
-
ppp->stats64.tx_bytes += skb->len - 2;
1768
+
ppp->stats64.tx_bytes += skb->len - PPP_PROTO_LEN;
1774
1769
1775
1770
switch (proto) {
1776
1771
case PPP_IP:
+10
-2
drivers/net/usb/mcs7830.c
+10
-2
drivers/net/usb/mcs7830.c
···
108
108
109
109
static int mcs7830_get_reg(struct usbnet *dev, u16 index, u16 size, void *data)
110
110
{
111
-
return usbnet_read_cmd(dev, MCS7830_RD_BREQ, MCS7830_RD_BMREQ,
112
-
0x0000, index, data, size);
111
+
int ret;
112
+
113
+
ret = usbnet_read_cmd(dev, MCS7830_RD_BREQ, MCS7830_RD_BMREQ,
114
+
0x0000, index, data, size);
115
+
if (ret < 0)
116
+
return ret;
117
+
else if (ret < size)
118
+
return -ENODATA;
119
+
120
+
return ret;
113
121
}
114
122
115
123
static int mcs7830_set_reg(struct usbnet *dev, u16 index, u16 size, const void *data)
+3
-1
include/linux/skbuff.h
+3
-1
include/linux/skbuff.h
+3
-1
include/net/pkt_sched.h
+3
-1
include/net/pkt_sched.h
+1
-1
include/net/xfrm.h
+1
-1
include/net/xfrm.h
···
1168
1168
{
1169
1169
struct net *net = dev_net(skb->dev);
1170
1170
1171
-
if (xfrm_default_allow(net, XFRM_POLICY_FWD))
1171
+
if (xfrm_default_allow(net, XFRM_POLICY_OUT))
1172
1172
return !net->xfrm.policy_count[XFRM_POLICY_OUT] ||
1173
1173
(skb_dst(skb)->flags & DST_NOXFRM) ||
1174
1174
__xfrm_route_forward(skb, family);
+5
-5
net/ax25/af_ax25.c
+5
-5
net/ax25/af_ax25.c
···
536
536
ax25_cb *ax25;
537
537
struct net_device *dev;
538
538
char devname[IFNAMSIZ];
539
-
unsigned long opt;
539
+
unsigned int opt;
540
540
int res = 0;
541
541
542
542
if (level != SOL_AX25)
···
568
568
break;
569
569
570
570
case AX25_T1:
571
-
if (opt < 1 || opt > ULONG_MAX / HZ) {
571
+
if (opt < 1 || opt > UINT_MAX / HZ) {
572
572
res = -EINVAL;
573
573
break;
574
574
}
···
577
577
break;
578
578
579
579
case AX25_T2:
580
-
if (opt < 1 || opt > ULONG_MAX / HZ) {
580
+
if (opt < 1 || opt > UINT_MAX / HZ) {
581
581
res = -EINVAL;
582
582
break;
583
583
}
···
593
593
break;
594
594
595
595
case AX25_T3:
596
-
if (opt < 1 || opt > ULONG_MAX / HZ) {
596
+
if (opt < 1 || opt > UINT_MAX / HZ) {
597
597
res = -EINVAL;
598
598
break;
599
599
}
···
601
601
break;
602
602
603
603
case AX25_IDLE:
604
-
if (opt > ULONG_MAX / (60 * HZ)) {
604
+
if (opt > UINT_MAX / (60 * HZ)) {
605
605
res = -EINVAL;
606
606
break;
607
607
}
+2
-2
net/can/isotp.c
+2
-2
net/can/isotp.c
+4
-1
net/ipv4/netfilter/ipt_CLUSTERIP.c
+4
-1
net/ipv4/netfilter/ipt_CLUSTERIP.c
···
520
520
if (IS_ERR(config))
521
521
return PTR_ERR(config);
522
522
}
523
-
} else if (memcmp(&config->clustermac, &cipinfo->clustermac, ETH_ALEN))
523
+
} else if (memcmp(&config->clustermac, &cipinfo->clustermac, ETH_ALEN)) {
524
+
clusterip_config_entry_put(config);
525
+
clusterip_config_put(config);
524
526
return -EINVAL;
527
+
}
525
528
526
529
ret = nf_ct_netns_get(par->net, par->family);
527
530
if (ret < 0) {
+4
-1
net/ipv6/ip6_gre.c
+4
-1
net/ipv6/ip6_gre.c
···
755
755
fl6->daddr = key->u.ipv6.dst;
756
756
fl6->flowlabel = key->label;
757
757
fl6->flowi6_uid = sock_net_uid(dev_net(dev), NULL);
758
+
fl6->fl6_gre_key = tunnel_id_to_key32(key->tun_id);
758
759
759
760
dsfield = key->tos;
760
761
flags = key->tun_flags &
···
991
990
fl6.daddr = key->u.ipv6.dst;
992
991
fl6.flowlabel = key->label;
993
992
fl6.flowi6_uid = sock_net_uid(dev_net(dev), NULL);
993
+
fl6.fl6_gre_key = tunnel_id_to_key32(key->tun_id);
994
994
995
995
dsfield = key->tos;
996
996
if (!(tun_info->key.tun_flags & TUNNEL_ERSPAN_OPT))
···
1100
1098
fl6->flowi6_oif = p->link;
1101
1099
fl6->flowlabel = 0;
1102
1100
fl6->flowi6_proto = IPPROTO_GRE;
1101
+
fl6->fl6_gre_key = t->parms.o_key;
1103
1102
1104
1103
if (!(p->flags&IP6_TNL_F_USE_ORIG_TCLASS))
1105
1104
fl6->flowlabel |= IPV6_TCLASS_MASK & p->flowinfo;
···
1547
1544
static struct inet6_protocol ip6gre_protocol __read_mostly = {
1548
1545
.handler = gre_rcv,
1549
1546
.err_handler = ip6gre_err,
1550
-
.flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1547
+
.flags = INET6_PROTO_FINAL,
1551
1548
};
1552
1549
1553
1550
static void ip6gre_destroy_tunnels(struct net *net, struct list_head *head)
+7
-3
net/mptcp/options.c
+7
-3
net/mptcp/options.c
···
845
845
if (mptcp_established_options_mp(sk, skb, snd_data_fin, &opt_size, remaining, opts))
846
846
ret = true;
847
847
else if (mptcp_established_options_dss(sk, skb, snd_data_fin, &opt_size, remaining, opts)) {
848
+
unsigned int mp_fail_size;
849
+
848
850
ret = true;
849
-
if (mptcp_established_options_mp_fail(sk, &opt_size, remaining, opts)) {
850
-
*size += opt_size;
851
-
remaining -= opt_size;
851
+
if (mptcp_established_options_mp_fail(sk, &mp_fail_size,
852
+
remaining - opt_size, opts)) {
853
+
*size += opt_size + mp_fail_size;
854
+
remaining -= opt_size - mp_fail_size;
852
855
return true;
853
856
}
854
857
}
···
1334
1331
put_unaligned_be32(mpext->data_len << 16 |
1335
1332
TCPOPT_NOP << 8 | TCPOPT_NOP, ptr);
1336
1333
}
1334
+
ptr += 1;
1337
1335
}
1338
1336
} else if (OPTIONS_MPTCP_MPC & opts->suboptions) {
1339
1337
u8 len, flag = MPTCP_CAP_HMAC_SHA256;
+3
-1
net/mptcp/protocol.c
+3
-1
net/mptcp/protocol.c
+3
net/netfilter/nft_payload.c
+3
net/netfilter/nft_payload.c
+8
net/netfilter/nft_set_pipapo.c
+8
net/netfilter/nft_set_pipapo.c
···
1290
1290
if (!new->scratch_aligned)
1291
1291
goto out_scratch;
1292
1292
#endif
1293
+
for_each_possible_cpu(i)
1294
+
*per_cpu_ptr(new->scratch, i) = NULL;
1295
+
1296
+
if (pipapo_realloc_scratch(new, old->bsize_max))
1297
+
goto out_scratch_realloc;
1293
1298
1294
1299
rcu_head_init(&new->rcu);
1295
1300
···
1339
1334
kvfree(dst->lt);
1340
1335
dst--;
1341
1336
}
1337
+
out_scratch_realloc:
1338
+
for_each_possible_cpu(i)
1339
+
kfree(*per_cpu_ptr(new->scratch, i));
1342
1340
#ifdef NFT_PIPAPO_ALIGN
1343
1341
free_percpu(new->scratch_aligned);
1344
1342
#endif
+6
-6
net/netrom/af_netrom.c
+6
-6
net/netrom/af_netrom.c
···
298
298
{
299
299
struct sock *sk = sock->sk;
300
300
struct nr_sock *nr = nr_sk(sk);
301
-
unsigned long opt;
301
+
unsigned int opt;
302
302
303
303
if (level != SOL_NETROM)
304
304
return -ENOPROTOOPT;
···
306
306
if (optlen < sizeof(unsigned int))
307
307
return -EINVAL;
308
308
309
-
if (copy_from_sockptr(&opt, optval, sizeof(unsigned long)))
309
+
if (copy_from_sockptr(&opt, optval, sizeof(opt)))
310
310
return -EFAULT;
311
311
312
312
switch (optname) {
313
313
case NETROM_T1:
314
-
if (opt < 1 || opt > ULONG_MAX / HZ)
314
+
if (opt < 1 || opt > UINT_MAX / HZ)
315
315
return -EINVAL;
316
316
nr->t1 = opt * HZ;
317
317
return 0;
318
318
319
319
case NETROM_T2:
320
-
if (opt < 1 || opt > ULONG_MAX / HZ)
320
+
if (opt < 1 || opt > UINT_MAX / HZ)
321
321
return -EINVAL;
322
322
nr->t2 = opt * HZ;
323
323
return 0;
···
329
329
return 0;
330
330
331
331
case NETROM_T4:
332
-
if (opt < 1 || opt > ULONG_MAX / HZ)
332
+
if (opt < 1 || opt > UINT_MAX / HZ)
333
333
return -EINVAL;
334
334
nr->t4 = opt * HZ;
335
335
return 0;
336
336
337
337
case NETROM_IDLE:
338
-
if (opt > ULONG_MAX / (60 * HZ))
338
+
if (opt > UINT_MAX / (60 * HZ))
339
339
return -EINVAL;
340
340
nr->idle = opt * 60 * HZ;
341
341
return 0;
+13
-3
net/openvswitch/flow.c
+13
-3
net/openvswitch/flow.c
···
859
859
#if IS_ENABLED(CONFIG_NET_TC_SKB_EXT)
860
860
struct tc_skb_ext *tc_ext;
861
861
#endif
862
-
bool post_ct = false;
862
+
bool post_ct = false, post_ct_snat = false, post_ct_dnat = false;
863
863
int res, err;
864
864
u16 zone = 0;
865
865
···
900
900
key->recirc_id = tc_ext ? tc_ext->chain : 0;
901
901
OVS_CB(skb)->mru = tc_ext ? tc_ext->mru : 0;
902
902
post_ct = tc_ext ? tc_ext->post_ct : false;
903
+
post_ct_snat = post_ct ? tc_ext->post_ct_snat : false;
904
+
post_ct_dnat = post_ct ? tc_ext->post_ct_dnat : false;
903
905
zone = post_ct ? tc_ext->zone : 0;
904
906
} else {
905
907
key->recirc_id = 0;
···
913
911
err = key_extract(skb, key);
914
912
if (!err) {
915
913
ovs_ct_fill_key(skb, key, post_ct); /* Must be after key_extract(). */
916
-
if (post_ct && !skb_get_nfct(skb))
917
-
key->ct_zone = zone;
914
+
if (post_ct) {
915
+
if (!skb_get_nfct(skb)) {
916
+
key->ct_zone = zone;
917
+
} else {
918
+
if (!post_ct_dnat)
919
+
key->ct_state &= ~OVS_CS_F_DST_NAT;
920
+
if (!post_ct_snat)
921
+
key->ct_state &= ~OVS_CS_F_SRC_NAT;
922
+
}
923
+
}
918
924
}
919
925
return err;
920
926
}
+6
net/sched/act_ct.c
+6
net/sched/act_ct.c
···
856
856
}
857
857
858
858
err = nf_nat_packet(ct, ctinfo, hooknum, skb);
859
+
if (err == NF_ACCEPT) {
860
+
if (maniptype == NF_NAT_MANIP_SRC)
861
+
tc_skb_cb(skb)->post_ct_snat = 1;
862
+
if (maniptype == NF_NAT_MANIP_DST)
863
+
tc_skb_cb(skb)->post_ct_dnat = 1;
864
+
}
859
865
out:
860
866
return err;
861
867
}
+2
net/sched/cls_api.c
+2
net/sched/cls_api.c
+5
-3
net/smc/af_smc.c
+5
-3
net/smc/af_smc.c
···
632
632
633
633
static void smc_conn_abort(struct smc_sock *smc, int local_first)
634
634
{
635
+
struct smc_connection *conn = &smc->conn;
636
+
struct smc_link_group *lgr = conn->lgr;
637
+
638
+
smc_conn_free(conn);
635
639
if (local_first)
636
-
smc_lgr_cleanup_early(&smc->conn);
637
-
else
638
-
smc_conn_free(&smc->conn);
640
+
smc_lgr_cleanup_early(lgr);
639
641
}
640
642
641
643
/* check if there is a rdma device available for this connection. */
+7
-5
net/smc/smc_core.c
+7
-5
net/smc/smc_core.c
···
171
171
172
172
if (!conn->lgr->is_smcd) {
173
173
rc = smcr_lgr_conn_assign_link(conn, first);
174
-
if (rc)
174
+
if (rc) {
175
+
conn->lgr = NULL;
175
176
return rc;
177
+
}
176
178
}
177
179
/* find a new alert_token_local value not yet used by some connection
178
180
* in this link group
···
627
625
return skb->len;
628
626
}
629
627
630
-
void smc_lgr_cleanup_early(struct smc_connection *conn)
628
+
void smc_lgr_cleanup_early(struct smc_link_group *lgr)
631
629
{
632
-
struct smc_link_group *lgr = conn->lgr;
633
630
spinlock_t *lgr_lock;
634
631
635
632
if (!lgr)
636
633
return;
637
634
638
-
smc_conn_free(conn);
639
635
smc_lgr_list_head(lgr, &lgr_lock);
640
636
spin_lock_bh(lgr_lock);
641
637
/* do not use this link group for new connections */
···
1851
1851
write_lock_bh(&lgr->conns_lock);
1852
1852
rc = smc_lgr_register_conn(conn, true);
1853
1853
write_unlock_bh(&lgr->conns_lock);
1854
-
if (rc)
1854
+
if (rc) {
1855
+
smc_lgr_cleanup_early(lgr);
1855
1856
goto out;
1857
+
}
1856
1858
}
1857
1859
conn->local_tx_ctrl.common.type = SMC_CDC_MSG_TYPE;
1858
1860
conn->local_tx_ctrl.len = SMC_WR_TX_SIZE;
+1
-1
net/smc/smc_core.h
+1
-1
net/smc/smc_core.h
···
485
485
struct smc_sock;
486
486
struct smc_clc_msg_accept_confirm;
487
487
488
-
void smc_lgr_cleanup_early(struct smc_connection *conn);
488
+
void smc_lgr_cleanup_early(struct smc_link_group *lgr);
489
489
void smc_lgr_terminate_sched(struct smc_link_group *lgr);
490
490
void smcr_port_add(struct smc_ib_device *smcibdev, u8 ibport);
491
491
void smcr_port_err(struct smc_ib_device *smcibdev, u8 ibport);
+12
-2
net/xfrm/xfrm_interface.c
+12
-2
net/xfrm/xfrm_interface.c
···
637
637
struct netlink_ext_ack *extack)
638
638
{
639
639
struct net *net = dev_net(dev);
640
-
struct xfrm_if_parms p;
640
+
struct xfrm_if_parms p = {};
641
641
struct xfrm_if *xi;
642
642
int err;
643
643
644
644
xfrmi_netlink_parms(data, &p);
645
+
if (!p.if_id) {
646
+
NL_SET_ERR_MSG(extack, "if_id must be non zero");
647
+
return -EINVAL;
648
+
}
649
+
645
650
xi = xfrmi_locate(net, &p);
646
651
if (xi)
647
652
return -EEXIST;
···
671
666
{
672
667
struct xfrm_if *xi = netdev_priv(dev);
673
668
struct net *net = xi->net;
674
-
struct xfrm_if_parms p;
669
+
struct xfrm_if_parms p = {};
670
+
671
+
if (!p.if_id) {
672
+
NL_SET_ERR_MSG(extack, "if_id must be non zero");
673
+
return -EINVAL;
674
+
}
675
675
676
676
xfrmi_netlink_parms(data, &p);
677
677
xi = xfrmi_locate(net, &p);
+25
-5
net/xfrm/xfrm_output.c
+25
-5
net/xfrm/xfrm_output.c
···
648
648
* This requires hardware to know the inner packet type to calculate
649
649
* the inner header checksum. Save inner ip protocol here to avoid
650
650
* traversing the packet in the vendor's xmit code.
651
-
* If the encap type is IPIP, just save skb->inner_ipproto. Otherwise,
652
-
* get the ip protocol from the IP header.
651
+
* For IPsec tunnel mode save the ip protocol from the IP header of the
652
+
* plain text packet. Otherwise If the encap type is IPIP, just save
653
+
* skb->inner_ipproto in any other case get the ip protocol from the IP
654
+
* header.
653
655
*/
654
-
static void xfrm_get_inner_ipproto(struct sk_buff *skb)
656
+
static void xfrm_get_inner_ipproto(struct sk_buff *skb, struct xfrm_state *x)
655
657
{
656
658
struct xfrm_offload *xo = xfrm_offload(skb);
657
659
const struct ethhdr *eth;
658
660
659
661
if (!xo)
662
+
return;
663
+
664
+
if (x->outer_mode.encap == XFRM_MODE_TUNNEL) {
665
+
switch (x->outer_mode.family) {
666
+
case AF_INET:
667
+
xo->inner_ipproto = ip_hdr(skb)->protocol;
668
+
break;
669
+
case AF_INET6:
670
+
xo->inner_ipproto = ipv6_hdr(skb)->nexthdr;
671
+
break;
672
+
default:
673
+
break;
674
+
}
675
+
676
+
return;
677
+
}
678
+
679
+
/* non-Tunnel Mode */
680
+
if (!skb->encapsulation)
660
681
return;
661
682
662
683
if (skb->inner_protocol_type == ENCAP_TYPE_IPPROTO) {
···
734
713
sp->xvec[sp->len++] = x;
735
714
xfrm_state_hold(x);
736
715
737
-
if (skb->encapsulation)
738
-
xfrm_get_inner_ipproto(skb);
716
+
xfrm_get_inner_ipproto(skb, x);
739
717
skb->encapsulation = 1;
740
718
741
719
if (skb_is_gso(skb)) {
+21
net/xfrm/xfrm_policy.c
+21
net/xfrm/xfrm_policy.c
···
33
33
#include <net/flow.h>
34
34
#include <net/xfrm.h>
35
35
#include <net/ip.h>
36
+
#include <net/gre.h>
36
37
#if IS_ENABLED(CONFIG_IPV6_MIP6)
37
38
#include <net/mip6.h>
38
39
#endif
···
3422
3421
}
3423
3422
fl6->flowi6_proto = nexthdr;
3424
3423
return;
3424
+
case IPPROTO_GRE:
3425
+
if (!onlyproto &&
3426
+
(nh + offset + 12 < skb->data ||
3427
+
pskb_may_pull(skb, nh + offset + 12 - skb->data))) {
3428
+
struct gre_base_hdr *gre_hdr;
3429
+
__be32 *gre_key;
3430
+
3431
+
nh = skb_network_header(skb);
3432
+
gre_hdr = (struct gre_base_hdr *)(nh + offset);
3433
+
gre_key = (__be32 *)(gre_hdr + 1);
3434
+
3435
+
if (gre_hdr->flags & GRE_KEY) {
3436
+
if (gre_hdr->flags & GRE_CSUM)
3437
+
gre_key++;
3438
+
fl6->fl6_gre_key = *gre_key;
3439
+
}
3440
+
}
3441
+
fl6->flowi6_proto = nexthdr;
3442
+
return;
3443
+
3425
3444
#if IS_ENABLED(CONFIG_IPV6_MIP6)
3426
3445
case IPPROTO_MH:
3427
3446
offset += ipv6_optlen(exthdr);
+19
-4
net/xfrm/xfrm_user.c
+19
-4
net/xfrm/xfrm_user.c
···
630
630
631
631
xfrm_smark_init(attrs, &x->props.smark);
632
632
633
-
if (attrs[XFRMA_IF_ID])
633
+
if (attrs[XFRMA_IF_ID]) {
634
634
x->if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
635
+
if (!x->if_id) {
636
+
err = -EINVAL;
637
+
goto error;
638
+
}
639
+
}
635
640
636
641
err = __xfrm_init_state(x, false, attrs[XFRMA_OFFLOAD_DEV]);
637
642
if (err)
···
1432
1427
1433
1428
mark = xfrm_mark_get(attrs, &m);
1434
1429
1435
-
if (attrs[XFRMA_IF_ID])
1430
+
if (attrs[XFRMA_IF_ID]) {
1436
1431
if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
1432
+
if (!if_id) {
1433
+
err = -EINVAL;
1434
+
goto out_noput;
1435
+
}
1436
+
}
1437
1437
1438
1438
if (p->info.seq) {
1439
1439
x = xfrm_find_acq_byseq(net, mark, p->info.seq);
···
1751
1741
1752
1742
xfrm_mark_get(attrs, &xp->mark);
1753
1743
1754
-
if (attrs[XFRMA_IF_ID])
1744
+
if (attrs[XFRMA_IF_ID]) {
1755
1745
xp->if_id = nla_get_u32(attrs[XFRMA_IF_ID]);
1746
+
if (!xp->if_id) {
1747
+
err = -EINVAL;
1748
+
goto error;
1749
+
}
1750
+
}
1756
1751
1757
1752
return xp;
1758
1753
error:
···
3087
3072
if (x->props.extra_flags)
3088
3073
l += nla_total_size(sizeof(x->props.extra_flags));
3089
3074
if (x->xso.dev)
3090
-
l += nla_total_size(sizeof(x->xso));
3075
+
l += nla_total_size(sizeof(struct xfrm_user_offload));
3091
3076
if (x->props.smark.v | x->props.smark.m) {
3092
3077
l += nla_total_size(sizeof(x->props.smark.v));
3093
3078
l += nla_total_size(sizeof(x->props.smark.m));
+5
-4
tools/testing/selftests/netfilter/ipip-conntrack-mtu.sh
+5
-4
tools/testing/selftests/netfilter/ipip-conntrack-mtu.sh
···
41
41
42
42
checktool "iptables --version" "run test without iptables"
43
43
checktool "ip -Version" "run test without ip tool"
44
-
checktool "which nc" "run test without nc (netcat)"
44
+
checktool "which socat" "run test without socat"
45
45
checktool "ip netns add ${r_a}" "create net namespace"
46
46
47
47
for n in ${r_b} ${r_w} ${c_a} ${c_b};do
···
60
60
test_path() {
61
61
msg="$1"
62
62
63
-
ip netns exec ${c_b} nc -n -w 3 -q 3 -u -l -p 5000 > ${rx} < /dev/null &
63
+
ip netns exec ${c_b} socat -t 3 - udp4-listen:5000,reuseaddr > ${rx} < /dev/null &
64
64
65
65
sleep 1
66
66
for i in 1 2 3; do
67
-
head -c1400 /dev/zero | tr "\000" "a" | ip netns exec ${c_a} nc -n -w 1 -u 192.168.20.2 5000
67
+
head -c1400 /dev/zero | tr "\000" "a" | \
68
+
ip netns exec ${c_a} socat -t 1 -u STDIN UDP:192.168.20.2:5000
68
69
done
69
70
70
71
wait
···
190
189
#---------------------
191
190
#Now we send a 1400 bytes UDP packet from Client A to Client B:
192
191
193
-
# clienta:~# head -c1400 /dev/zero | tr "\000" "a" | nc -u 192.168.20.2 5000
192
+
# clienta:~# head -c1400 /dev/zero | tr "\000" "a" | socat -u STDIN UDP:192.168.20.2:5000
194
193
test_path "without"
195
194
196
195
# The IPv4 stack on Client A already knows the PMTU to Client B, so the
+5
-5
tools/testing/selftests/netfilter/nf_nat_edemux.sh
+5
-5
tools/testing/selftests/netfilter/nf_nat_edemux.sh
···
76
76
sleep 1
77
77
78
78
# add a persistent connection from the other namespace
79
-
ip netns exec $ns2 nc -q 10 -w 10 192.168.1.1 5201 > /dev/null &
79
+
ip netns exec $ns2 socat -t 10 - TCP:192.168.1.1:5201 > /dev/null &
80
80
81
81
sleep 1
82
82
83
83
# ip daddr:dport will be rewritten to 192.168.1.1 5201
84
84
# NAT must reallocate source port 10000 because
85
85
# 192.168.1.2:10000 -> 192.168.1.1:5201 is already in use
86
-
echo test | ip netns exec $ns2 nc -w 3 -q 3 10.96.0.1 443 >/dev/null
86
+
echo test | ip netns exec $ns2 socat -t 3 -u STDIN TCP:10.96.0.1:443 >/dev/null
87
87
ret=$?
88
88
89
89
kill $iperfs
90
90
91
-
# Check nc can connect to 10.96.0.1:443 (aka 192.168.1.1:5201).
91
+
# Check socat can connect to 10.96.0.1:443 (aka 192.168.1.1:5201).
92
92
if [ $ret -eq 0 ]; then
93
-
echo "PASS: nc can connect via NAT'd address"
93
+
echo "PASS: socat can connect via NAT'd address"
94
94
else
95
-
echo "FAIL: nc cannot connect via NAT'd address"
95
+
echo "FAIL: socat cannot connect via NAT'd address"
96
96
exit 1
97
97
fi
98
98