Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'net-5.17-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Including fixes from netfilter, ipsec, and wireless.
A few last minute revert / disable and fix patches came down from our
sub-trees. We're not waiting for any fixes at this point.
Current release - regressions:
- Revert "netfilter: nat: force port remap to prevent shadowing
well-known ports", restore working conntrack on asymmetric paths
- Revert "ath10k: drop beacon and probe response which leak from
other channel", restore working AP and mesh mode on QCA9984
- eth: intel: fix hang during reboot/shutdown
Current release - new code bugs:
- netfilter: nf_tables: disable register tracking, it needs more work
to cover all corner cases
Previous releases - regressions:
- ipv6: fix skb_over_panic in __ip6_append_data when (admin-only)
extension headers get specified
- esp6: fix ESP over TCP/UDP, interpret ipv6_skip_exthdr's return
value more selectively
- bnx2x: fix driver load failure when FW not present in initrd
Previous releases - always broken:
- vsock: stop destroying unrelated sockets in nested virtualization
- packet: fix slab-out-of-bounds access in packet_recvmsg()
Misc:
- add Paolo Abeni to networking maintainers!"
* tag 'net-5.17-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (26 commits)
iavf: Fix hang during reboot/shutdown
net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload
net: bcmgenet: skip invalid partial checksums
bnx2x: fix built-in kernel driver load failure
net: phy: mscc: Add MODULE_FIRMWARE macros
net: dsa: Add missing of_node_put() in dsa_port_parse_of
net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit()
Revert "ath10k: drop beacon and probe response which leak from other channel"
hv_netvsc: Add check for kvmalloc_array
iavf: Fix double free in iavf_reset_task
ice: destroy flow director filter mutex after releasing VSIs
ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()
Add Paolo Abeni to networking maintainers
atm: eni: Add check for dma_map_single
net/packet: fix slab-out-of-bounds access in packet_recvmsg()
net: mdio: mscc-miim: fix duplicate debugfs entry
net: phy: marvell: Fix invalid comparison in the resume and suspend functions
esp6: fix check on ipv6_skip_exthdr's return value
net: dsa: microchip: add spi_device_id tables
netfilter: nf_tables: disable register tracking
...
+154
-133
+2
MAINTAINERS
+2
MAINTAINERS
···
13376
13376
NETWORKING DRIVERS
13377
13377
M: "David S. Miller" <davem@davemloft.net>
13378
13378
M: Jakub Kicinski <kuba@kernel.org>
13379
+
M: Paolo Abeni <pabeni@redhat.com>
13379
13380
L: netdev@vger.kernel.org
13380
13381
S: Maintained
13381
13382
Q: https://patchwork.kernel.org/project/netdevbpf/list/
···
13423
13422
NETWORKING [GENERAL]
13424
13423
M: "David S. Miller" <davem@davemloft.net>
13425
13424
M: Jakub Kicinski <kuba@kernel.org>
13425
+
M: Paolo Abeni <pabeni@redhat.com>
13426
13426
L: netdev@vger.kernel.org
13427
13427
S: Maintained
13428
13428
Q: https://patchwork.kernel.org/project/netdevbpf/list/
+2
drivers/atm/eni.c
+2
drivers/atm/eni.c
···
1112
1112
skb_data3 = skb->data[3];
1113
1113
paddr = dma_map_single(&eni_dev->pci_dev->dev,skb->data,skb->len,
1114
1114
DMA_TO_DEVICE);
1115
+
if (dma_mapping_error(&eni_dev->pci_dev->dev, paddr))
1116
+
return enq_next;
1115
1117
ENI_PRV_PADDR(skb) = paddr;
1116
1118
/* prepare DMA queue entries */
1117
1119
j = 0;
+11
drivers/net/dsa/microchip/ksz8795_spi.c
+11
drivers/net/dsa/microchip/ksz8795_spi.c
···
124
124
};
125
125
MODULE_DEVICE_TABLE(of, ksz8795_dt_ids);
126
126
127
+
static const struct spi_device_id ksz8795_spi_ids[] = {
128
+
{ "ksz8765" },
129
+
{ "ksz8794" },
130
+
{ "ksz8795" },
131
+
{ "ksz8863" },
132
+
{ "ksz8873" },
133
+
{ },
134
+
};
135
+
MODULE_DEVICE_TABLE(spi, ksz8795_spi_ids);
136
+
127
137
static struct spi_driver ksz8795_spi_driver = {
128
138
.driver = {
129
139
.name = "ksz8795-switch",
130
140
.owner = THIS_MODULE,
131
141
.of_match_table = of_match_ptr(ksz8795_dt_ids),
132
142
},
143
+
.id_table = ksz8795_spi_ids,
133
144
.probe = ksz8795_spi_probe,
134
145
.remove = ksz8795_spi_remove,
135
146
.shutdown = ksz8795_spi_shutdown,
+12
drivers/net/dsa/microchip/ksz9477_spi.c
+12
drivers/net/dsa/microchip/ksz9477_spi.c
···
98
98
};
99
99
MODULE_DEVICE_TABLE(of, ksz9477_dt_ids);
100
100
101
+
static const struct spi_device_id ksz9477_spi_ids[] = {
102
+
{ "ksz9477" },
103
+
{ "ksz9897" },
104
+
{ "ksz9893" },
105
+
{ "ksz9563" },
106
+
{ "ksz8563" },
107
+
{ "ksz9567" },
108
+
{ },
109
+
};
110
+
MODULE_DEVICE_TABLE(spi, ksz9477_spi_ids);
111
+
101
112
static struct spi_driver ksz9477_spi_driver = {
102
113
.driver = {
103
114
.name = "ksz9477-switch",
104
115
.owner = THIS_MODULE,
105
116
.of_match_table = of_match_ptr(ksz9477_dt_ids),
106
117
},
118
+
.id_table = ksz9477_spi_ids,
107
119
.probe = ksz9477_spi_probe,
108
120
.remove = ksz9477_spi_remove,
109
121
.shutdown = ksz9477_spi_shutdown,
+4
-1
drivers/net/ethernet/atheros/alx/main.c
+4
-1
drivers/net/ethernet/atheros/alx/main.c
···
1181
1181
alx->hw.mtu = mtu;
1182
1182
alx->rxbuf_size = max(max_frame, ALX_DEF_RXBUF_SIZE);
1183
1183
netdev_update_features(netdev);
1184
-
if (netif_running(netdev))
1184
+
if (netif_running(netdev)) {
1185
+
mutex_lock(&alx->mtx);
1185
1186
alx_reinit(alx);
1187
+
mutex_unlock(&alx->mtx);
1188
+
}
1186
1189
return 0;
1187
1190
}
1188
1191
-2
drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
-2
drivers/net/ethernet/broadcom/bnx2x/bnx2x.h
+17
-11
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
+17
-11
drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
···
2364
2364
/* is another pf loaded on this engine? */
2365
2365
if (load_code != FW_MSG_CODE_DRV_LOAD_COMMON_CHIP &&
2366
2366
load_code != FW_MSG_CODE_DRV_LOAD_COMMON) {
2367
-
/* build my FW version dword */
2368
-
u32 my_fw = (bp->fw_major) + (bp->fw_minor << 8) +
2369
-
(bp->fw_rev << 16) + (bp->fw_eng << 24);
2367
+
u8 loaded_fw_major, loaded_fw_minor, loaded_fw_rev, loaded_fw_eng;
2368
+
u32 loaded_fw;
2370
2369
2371
2370
/* read loaded FW from chip */
2372
-
u32 loaded_fw = REG_RD(bp, XSEM_REG_PRAM);
2371
+
loaded_fw = REG_RD(bp, XSEM_REG_PRAM);
2373
2372
2374
-
DP(BNX2X_MSG_SP, "loaded fw %x, my fw %x\n",
2375
-
loaded_fw, my_fw);
2373
+
loaded_fw_major = loaded_fw & 0xff;
2374
+
loaded_fw_minor = (loaded_fw >> 8) & 0xff;
2375
+
loaded_fw_rev = (loaded_fw >> 16) & 0xff;
2376
+
loaded_fw_eng = (loaded_fw >> 24) & 0xff;
2377
+
2378
+
DP(BNX2X_MSG_SP, "loaded fw 0x%x major 0x%x minor 0x%x rev 0x%x eng 0x%x\n",
2379
+
loaded_fw, loaded_fw_major, loaded_fw_minor, loaded_fw_rev, loaded_fw_eng);
2376
2380
2377
2381
/* abort nic load if version mismatch */
2378
-
if (my_fw != loaded_fw) {
2382
+
if (loaded_fw_major != BCM_5710_FW_MAJOR_VERSION ||
2383
+
loaded_fw_minor != BCM_5710_FW_MINOR_VERSION ||
2384
+
loaded_fw_eng != BCM_5710_FW_ENGINEERING_VERSION ||
2385
+
loaded_fw_rev < BCM_5710_FW_REVISION_VERSION_V15) {
2379
2386
if (print_err)
2380
-
BNX2X_ERR("bnx2x with FW %x was already loaded which mismatches my %x FW. Aborting\n",
2381
-
loaded_fw, my_fw);
2387
+
BNX2X_ERR("loaded FW incompatible. Aborting\n");
2382
2388
else
2383
-
BNX2X_DEV_INFO("bnx2x with FW %x was already loaded which mismatches my %x FW, possibly due to MF UNDI\n",
2384
-
loaded_fw, my_fw);
2389
+
BNX2X_DEV_INFO("loaded FW incompatible, possibly due to MF UNDI\n");
2390
+
2385
2391
return -EBUSY;
2386
2392
}
2387
2393
}
+2
-13
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+2
-13
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
···
12319
12319
12320
12320
bnx2x_read_fwinfo(bp);
12321
12321
12322
-
if (IS_PF(bp)) {
12323
-
rc = bnx2x_init_firmware(bp);
12324
-
12325
-
if (rc) {
12326
-
bnx2x_free_mem_bp(bp);
12327
-
return rc;
12328
-
}
12329
-
}
12330
-
12331
12322
func = BP_FUNC(bp);
12332
12323
12333
12324
/* need to reset chip if undi was active */
···
12331
12340
12332
12341
rc = bnx2x_prev_unload(bp);
12333
12342
if (rc) {
12334
-
bnx2x_release_firmware(bp);
12335
12343
bnx2x_free_mem_bp(bp);
12336
12344
return rc;
12337
12345
}
···
13399
13409
(u8 *)bp->arr, len); \
13400
13410
} while (0)
13401
13411
13402
-
int bnx2x_init_firmware(struct bnx2x *bp)
13412
+
static int bnx2x_init_firmware(struct bnx2x *bp)
13403
13413
{
13404
13414
const char *fw_file_name, *fw_file_name_v15;
13405
13415
struct bnx2x_fw_file_hdr *fw_hdr;
···
13499
13509
return rc;
13500
13510
}
13501
13511
13502
-
void bnx2x_release_firmware(struct bnx2x *bp)
13512
+
static void bnx2x_release_firmware(struct bnx2x *bp)
13503
13513
{
13504
13514
kfree(bp->init_ops_offsets);
13505
13515
kfree(bp->init_ops);
···
14016
14026
return 0;
14017
14027
14018
14028
init_one_freemem:
14019
-
bnx2x_release_firmware(bp);
14020
14029
bnx2x_free_mem_bp(bp);
14021
14030
14022
14031
init_one_exit:
+4
-2
drivers/net/ethernet/broadcom/genet/bcmgenet.c
+4
-2
drivers/net/ethernet/broadcom/genet/bcmgenet.c
···
2287
2287
dma_length_status = status->length_status;
2288
2288
if (dev->features & NETIF_F_RXCSUM) {
2289
2289
rx_csum = (__force __be16)(status->rx_csum & 0xffff);
2290
-
skb->csum = (__force __wsum)ntohs(rx_csum);
2291
-
skb->ip_summed = CHECKSUM_COMPLETE;
2290
+
if (rx_csum) {
2291
+
skb->csum = (__force __wsum)ntohs(rx_csum);
2292
+
skb->ip_summed = CHECKSUM_COMPLETE;
2293
+
}
2292
2294
}
2293
2295
2294
2296
/* DMA flags and length are still valid no matter how
+14
-1
drivers/net/ethernet/intel/iavf/iavf_main.c
+14
-1
drivers/net/ethernet/intel/iavf/iavf_main.c
···
2541
2541
queue_delayed_work(iavf_wq, &adapter->watchdog_task, HZ * 2);
2542
2542
}
2543
2543
2544
+
/**
2545
+
* iavf_disable_vf - disable VF
2546
+
* @adapter: board private structure
2547
+
*
2548
+
* Set communication failed flag and free all resources.
2549
+
* NOTE: This function is expected to be called with crit_lock being held.
2550
+
**/
2544
2551
static void iavf_disable_vf(struct iavf_adapter *adapter)
2545
2552
{
2546
2553
struct iavf_mac_filter *f, *ftmp;
···
2602
2595
memset(adapter->vf_res, 0, IAVF_VIRTCHNL_VF_RESOURCE_SIZE);
2603
2596
iavf_shutdown_adminq(&adapter->hw);
2604
2597
adapter->netdev->flags &= ~IFF_UP;
2605
-
mutex_unlock(&adapter->crit_lock);
2606
2598
adapter->flags &= ~IAVF_FLAG_RESET_PENDING;
2607
2599
iavf_change_state(adapter, __IAVF_DOWN);
2608
2600
wake_up(&adapter->down_waitqueue);
···
4619
4613
struct iavf_cloud_filter *cf, *cftmp;
4620
4614
struct iavf_hw *hw = &adapter->hw;
4621
4615
int err;
4616
+
4617
+
/* When reboot/shutdown is in progress no need to do anything
4618
+
* as the adapter is already REMOVE state that was set during
4619
+
* iavf_shutdown() callback.
4620
+
*/
4621
+
if (adapter->state == __IAVF_REMOVE)
4622
+
return;
4622
4623
4623
4624
set_bit(__IAVF_IN_REMOVE_TASK, &adapter->crit_section);
4624
4625
/* Wait until port initialization is complete.
+4
-3
drivers/net/ethernet/intel/ice/ice_main.c
+4
-3
drivers/net/ethernet/intel/ice/ice_main.c
···
4880
4880
ice_devlink_unregister_params(pf);
4881
4881
set_bit(ICE_DOWN, pf->state);
4882
4882
4883
-
mutex_destroy(&(&pf->hw)->fdir_fltr_lock);
4884
4883
ice_deinit_lag(pf);
4885
4884
if (test_bit(ICE_FLAG_PTP_SUPPORTED, pf->flags))
4886
4885
ice_ptp_release(pf);
···
4887
4888
ice_remove_arfs(pf);
4888
4889
ice_setup_mc_magic_wake(pf);
4889
4890
ice_vsi_release_all(pf);
4891
+
mutex_destroy(&(&pf->hw)->fdir_fltr_lock);
4890
4892
ice_set_wake(pf);
4891
4893
ice_free_irq_msix_misc(pf);
4892
4894
ice_for_each_vsi(pf, i) {
···
5962
5962
u64 pkts = 0, bytes = 0;
5963
5963
5964
5964
ring = READ_ONCE(rings[i]);
5965
-
if (ring)
5966
-
ice_fetch_u64_stats_per_ring(&ring->syncp, ring->stats, &pkts, &bytes);
5965
+
if (!ring)
5966
+
continue;
5967
+
ice_fetch_u64_stats_per_ring(&ring->syncp, ring->stats, &pkts, &bytes);
5967
5968
vsi_stats->tx_packets += pkts;
5968
5969
vsi_stats->tx_bytes += bytes;
5969
5970
vsi->tx_restart += ring->tx_stats.restart_q;
+15
-1
drivers/net/ethernet/mscc/ocelot_flower.c
+15
-1
drivers/net/ethernet/mscc/ocelot_flower.c
···
60
60
*/
61
61
static int ocelot_chain_to_lookup(int chain)
62
62
{
63
+
/* Backwards compatibility with older, single-chain tc-flower
64
+
* offload support in Ocelot
65
+
*/
66
+
if (chain == 0)
67
+
return 0;
68
+
63
69
return (chain / VCAP_LOOKUP) % 10;
64
70
}
65
71
···
74
68
*/
75
69
static int ocelot_chain_to_pag(int chain)
76
70
{
77
-
int lookup = ocelot_chain_to_lookup(chain);
71
+
int lookup;
72
+
73
+
/* Backwards compatibility with older, single-chain tc-flower
74
+
* offload support in Ocelot
75
+
*/
76
+
if (chain == 0)
77
+
return 0;
78
+
79
+
lookup = ocelot_chain_to_lookup(chain);
78
80
79
81
/* calculate PAG value as chain index relative to the first PAG */
80
82
return chain - VCAP_IS2_CHAIN(lookup, 0);
+3
drivers/net/hyperv/netvsc_drv.c
+3
drivers/net/hyperv/netvsc_drv.c
···
1587
1587
pcpu_sum = kvmalloc_array(num_possible_cpus(),
1588
1588
sizeof(struct netvsc_ethtool_pcpu_stats),
1589
1589
GFP_KERNEL);
1590
+
if (!pcpu_sum)
1591
+
return;
1592
+
1590
1593
netvsc_get_pcpu_stats(dev, pcpu_sum);
1591
1594
for_each_present_cpu(cpu) {
1592
1595
struct netvsc_ethtool_pcpu_stats *this_sum = &pcpu_sum[cpu];
+8
-1
drivers/net/mdio/mdio-mscc-miim.c
+8
-1
drivers/net/mdio/mdio-mscc-miim.c
···
187
187
.reg_stride = 4,
188
188
};
189
189
190
+
static const struct regmap_config mscc_miim_phy_regmap_config = {
191
+
.reg_bits = 32,
192
+
.val_bits = 32,
193
+
.reg_stride = 4,
194
+
.name = "phy",
195
+
};
196
+
190
197
int mscc_miim_setup(struct device *dev, struct mii_bus **pbus, const char *name,
191
198
struct regmap *mii_regmap, int status_offset)
192
199
{
···
257
250
}
258
251
259
252
phy_regmap = devm_regmap_init_mmio(&pdev->dev, phy_regs,
260
-
&mscc_miim_regmap_config);
253
+
&mscc_miim_phy_regmap_config);
261
254
if (IS_ERR(phy_regmap)) {
262
255
dev_err(&pdev->dev, "Unable to create phy register regmap\n");
263
256
return PTR_ERR(phy_regmap);
+4
-4
drivers/net/phy/marvell.c
+4
-4
drivers/net/phy/marvell.c
···
1687
1687
int err;
1688
1688
1689
1689
/* Suspend the fiber mode first */
1690
-
if (!linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT,
1691
-
phydev->supported)) {
1690
+
if (linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT,
1691
+
phydev->supported)) {
1692
1692
err = marvell_set_page(phydev, MII_MARVELL_FIBER_PAGE);
1693
1693
if (err < 0)
1694
1694
goto error;
···
1722
1722
int err;
1723
1723
1724
1724
/* Resume the fiber mode first */
1725
-
if (!linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT,
1726
-
phydev->supported)) {
1725
+
if (linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT,
1726
+
phydev->supported)) {
1727
1727
err = marvell_set_page(phydev, MII_MARVELL_FIBER_PAGE);
1728
1728
if (err < 0)
1729
1729
goto error;
+3
drivers/net/phy/mscc/mscc_main.c
+3
drivers/net/phy/mscc/mscc_main.c
+1
-32
drivers/net/wireless/ath/ath10k/wmi.c
+1
-32
drivers/net/wireless/ath/ath10k/wmi.c
···
2611
2611
ath10k_mac_handle_beacon(ar, skb);
2612
2612
2613
2613
if (ieee80211_is_beacon(hdr->frame_control) ||
2614
-
ieee80211_is_probe_resp(hdr->frame_control)) {
2615
-
struct ieee80211_mgmt *mgmt = (void *)skb->data;
2616
-
enum cfg80211_bss_frame_type ftype;
2617
-
u8 *ies;
2618
-
int ies_ch;
2619
-
2614
+
ieee80211_is_probe_resp(hdr->frame_control))
2620
2615
status->boottime_ns = ktime_get_boottime_ns();
2621
-
2622
-
if (!ar->scan_channel)
2623
-
goto drop;
2624
-
2625
-
ies = mgmt->u.beacon.variable;
2626
-
2627
-
if (ieee80211_is_beacon(mgmt->frame_control))
2628
-
ftype = CFG80211_BSS_FTYPE_BEACON;
2629
-
else
2630
-
ftype = CFG80211_BSS_FTYPE_PRESP;
2631
-
2632
-
ies_ch = cfg80211_get_ies_channel_number(mgmt->u.beacon.variable,
2633
-
skb_tail_pointer(skb) - ies,
2634
-
sband->band, ftype);
2635
-
2636
-
if (ies_ch > 0 && ies_ch != channel) {
2637
-
ath10k_dbg(ar, ATH10K_DBG_MGMT,
2638
-
"channel mismatched ds channel %d scan channel %d\n",
2639
-
ies_ch, channel);
2640
-
goto drop;
2641
-
}
2642
-
}
2643
2616
2644
2617
ath10k_dbg(ar, ATH10K_DBG_MGMT,
2645
2618
"event mgmt rx skb %pK len %d ftype %02x stype %02x\n",
···
2626
2653
2627
2654
ieee80211_rx_ni(ar->hw, skb);
2628
2655
2629
-
return 0;
2630
-
2631
-
drop:
2632
-
dev_kfree_skb(skb);
2633
2656
return 0;
2634
2657
}
2635
2658
+2
-1
drivers/vhost/vsock.c
+2
-1
drivers/vhost/vsock.c
···
753
753
754
754
/* Iterating over all connections for all CIDs to find orphans is
755
755
* inefficient. Room for improvement here. */
756
-
vsock_for_each_connected_socket(vhost_vsock_reset_orphans);
756
+
vsock_for_each_connected_socket(&vhost_transport.transport,
757
+
vhost_vsock_reset_orphans);
757
758
758
759
/* Don't check the owner, because we are in the release path, so we
759
760
* need to stop the vsock device in any case.
+1
include/linux/if_arp.h
+1
include/linux/if_arp.h
+2
-1
include/net/af_vsock.h
+2
-1
include/net/af_vsock.h
···
205
205
struct sock *vsock_find_connected_socket(struct sockaddr_vm *src,
206
206
struct sockaddr_vm *dst);
207
207
void vsock_remove_sock(struct vsock_sock *vsk);
208
-
void vsock_for_each_connected_socket(void (*fn)(struct sock *sk));
208
+
void vsock_for_each_connected_socket(struct vsock_transport *transport,
209
+
void (*fn)(struct sock *sk));
209
210
int vsock_assign_transport(struct vsock_sock *vsk, struct vsock_sock *psk);
210
211
bool vsock_find_cid(unsigned int cid);
211
212
-1
include/net/netfilter/nf_conntrack.h
-1
include/net/netfilter/nf_conntrack.h
+1
net/dsa/dsa2.c
+1
net/dsa/dsa2.c
+1
-2
net/ipv6/esp6.c
+1
-2
net/ipv6/esp6.c
+2
-2
net/ipv6/ip6_output.c
+2
-2
net/ipv6/ip6_output.c
···
1476
1476
sizeof(struct frag_hdr) : 0) +
1477
1477
rt->rt6i_nfheader_len;
1478
1478
1479
-
if (mtu < fragheaderlen ||
1480
-
((mtu - fragheaderlen) & ~7) + fragheaderlen < sizeof(struct frag_hdr))
1479
+
if (mtu <= fragheaderlen ||
1480
+
((mtu - fragheaderlen) & ~7) + fragheaderlen <= sizeof(struct frag_hdr))
1481
1481
goto emsgsize;
1482
1482
1483
1483
maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
+1
-1
net/key/af_key.c
+1
-1
net/key/af_key.c
···
1699
1699
1700
1700
xfrm_probe_algs();
1701
1701
1702
-
supp_skb = compose_sadb_supported(hdr, GFP_KERNEL);
1702
+
supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO);
1703
1703
if (!supp_skb) {
1704
1704
if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC)
1705
1705
pfk->registered &= ~(1<<hdr->sadb_msg_satype);
-3
net/netfilter/nf_conntrack_core.c
-3
net/netfilter/nf_conntrack_core.c
+3
-40
net/netfilter/nf_nat_core.c
+3
-40
net/netfilter/nf_nat_core.c
···
494
494
goto another_round;
495
495
}
496
496
497
-
static bool tuple_force_port_remap(const struct nf_conntrack_tuple *tuple)
498
-
{
499
-
u16 sp, dp;
500
-
501
-
switch (tuple->dst.protonum) {
502
-
case IPPROTO_TCP:
503
-
sp = ntohs(tuple->src.u.tcp.port);
504
-
dp = ntohs(tuple->dst.u.tcp.port);
505
-
break;
506
-
case IPPROTO_UDP:
507
-
case IPPROTO_UDPLITE:
508
-
sp = ntohs(tuple->src.u.udp.port);
509
-
dp = ntohs(tuple->dst.u.udp.port);
510
-
break;
511
-
default:
512
-
return false;
513
-
}
514
-
515
-
/* IANA: System port range: 1-1023,
516
-
* user port range: 1024-49151,
517
-
* private port range: 49152-65535.
518
-
*
519
-
* Linux default ephemeral port range is 32768-60999.
520
-
*
521
-
* Enforce port remapping if sport is significantly lower
522
-
* than dport to prevent NAT port shadowing, i.e.
523
-
* accidental match of 'new' inbound connection vs.
524
-
* existing outbound one.
525
-
*/
526
-
return sp < 16384 && dp >= 32768;
527
-
}
528
-
529
497
/* Manipulate the tuple into the range given. For NF_INET_POST_ROUTING,
530
498
* we change the source to map into the range. For NF_INET_PRE_ROUTING
531
499
* and NF_INET_LOCAL_OUT, we change the destination to map into the
···
507
539
struct nf_conn *ct,
508
540
enum nf_nat_manip_type maniptype)
509
541
{
510
-
bool random_port = range->flags & NF_NAT_RANGE_PROTO_RANDOM_ALL;
511
542
const struct nf_conntrack_zone *zone;
512
543
struct net *net = nf_ct_net(ct);
513
544
514
545
zone = nf_ct_zone(ct);
515
-
516
-
if (maniptype == NF_NAT_MANIP_SRC &&
517
-
!random_port &&
518
-
!ct->local_origin)
519
-
random_port = tuple_force_port_remap(orig_tuple);
520
546
521
547
/* 1) If this srcip/proto/src-proto-part is currently mapped,
522
548
* and that same mapping gives a unique tuple within the given
···
520
558
* So far, we don't do local source mappings, so multiple
521
559
* manips not an issue.
522
560
*/
523
-
if (maniptype == NF_NAT_MANIP_SRC && !random_port) {
561
+
if (maniptype == NF_NAT_MANIP_SRC &&
562
+
!(range->flags & NF_NAT_RANGE_PROTO_RANDOM_ALL)) {
524
563
/* try the original tuple first */
525
564
if (in_range(orig_tuple, range)) {
526
565
if (!nf_nat_used_tuple(orig_tuple, ct)) {
···
545
582
*/
546
583
547
584
/* Only bother mapping if it's not already in range and unique */
548
-
if (!random_port) {
585
+
if (!(range->flags & NF_NAT_RANGE_PROTO_RANDOM_ALL)) {
549
586
if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
550
587
if (!(range->flags & NF_NAT_RANGE_PROTO_OFFSET) &&
551
588
l4proto_in_range(tuple, maniptype,
+7
-2
net/netfilter/nf_tables_api.c
+7
-2
net/netfilter/nf_tables_api.c
···
8260
8260
}
8261
8261
EXPORT_SYMBOL_GPL(nf_tables_trans_destroy_flush_work);
8262
8262
8263
+
static bool nft_expr_reduce(struct nft_regs_track *track,
8264
+
const struct nft_expr *expr)
8265
+
{
8266
+
return false;
8267
+
}
8268
+
8263
8269
static int nf_tables_commit_chain_prepare(struct net *net, struct nft_chain *chain)
8264
8270
{
8265
8271
const struct nft_expr *expr, *last;
···
8313
8307
nft_rule_for_each_expr(expr, last, rule) {
8314
8308
track.cur = expr;
8315
8309
8316
-
if (expr->ops->reduce &&
8317
-
expr->ops->reduce(&track, expr)) {
8310
+
if (nft_expr_reduce(&track, expr)) {
8318
8311
expr = track.cur;
8319
8312
continue;
8320
8313
}
+10
-1
net/packet/af_packet.c
+10
-1
net/packet/af_packet.c
···
2317
2317
copy_skb = skb_get(skb);
2318
2318
skb_head = skb->data;
2319
2319
}
2320
-
if (copy_skb)
2320
+
if (copy_skb) {
2321
+
memset(&PACKET_SKB_CB(copy_skb)->sa.ll, 0,
2322
+
sizeof(PACKET_SKB_CB(copy_skb)->sa.ll));
2321
2323
skb_set_owner_r(copy_skb, sk);
2324
+
}
2322
2325
}
2323
2326
snaplen = po->rx_ring.frame_size - macoff;
2324
2327
if ((int)snaplen < 0) {
···
3465
3462
sock_recv_ts_and_drops(msg, sk, skb);
3466
3463
3467
3464
if (msg->msg_name) {
3465
+
const size_t max_len = min(sizeof(skb->cb),
3466
+
sizeof(struct sockaddr_storage));
3468
3467
int copy_len;
3469
3468
3470
3469
/* If the address length field is there to be filled
···
3488
3483
0, sizeof(sll->sll_addr));
3489
3484
msg->msg_namelen = sizeof(struct sockaddr_ll);
3490
3485
}
3486
+
}
3487
+
if (WARN_ON_ONCE(copy_len > max_len)) {
3488
+
copy_len = max_len;
3489
+
msg->msg_namelen = copy_len;
3491
3490
}
3492
3491
memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, copy_len);
3493
3492
}
+7
-2
net/vmw_vsock/af_vsock.c
+7
-2
net/vmw_vsock/af_vsock.c
···
334
334
}
335
335
EXPORT_SYMBOL_GPL(vsock_remove_sock);
336
336
337
-
void vsock_for_each_connected_socket(void (*fn)(struct sock *sk))
337
+
void vsock_for_each_connected_socket(struct vsock_transport *transport,
338
+
void (*fn)(struct sock *sk))
338
339
{
339
340
int i;
340
341
···
344
343
for (i = 0; i < ARRAY_SIZE(vsock_connected_table); i++) {
345
344
struct vsock_sock *vsk;
346
345
list_for_each_entry(vsk, &vsock_connected_table[i],
347
-
connected_table)
346
+
connected_table) {
347
+
if (vsk->transport != transport)
348
+
continue;
349
+
348
350
fn(sk_vsock(vsk));
351
+
}
349
352
}
350
353
351
354
spin_unlock_bh(&vsock_table_lock);
+5
-2
net/vmw_vsock/virtio_transport.c
+5
-2
net/vmw_vsock/virtio_transport.c
···
24
24
static struct workqueue_struct *virtio_vsock_workqueue;
25
25
static struct virtio_vsock __rcu *the_virtio_vsock;
26
26
static DEFINE_MUTEX(the_virtio_vsock_mutex); /* protects the_virtio_vsock */
27
+
static struct virtio_transport virtio_transport; /* forward declaration */
27
28
28
29
struct virtio_vsock {
29
30
struct virtio_device *vdev;
···
385
384
switch (le32_to_cpu(event->id)) {
386
385
case VIRTIO_VSOCK_EVENT_TRANSPORT_RESET:
387
386
virtio_vsock_update_guest_cid(vsock);
388
-
vsock_for_each_connected_socket(virtio_vsock_reset_sock);
387
+
vsock_for_each_connected_socket(&virtio_transport.transport,
388
+
virtio_vsock_reset_sock);
389
389
break;
390
390
}
391
391
}
···
664
662
synchronize_rcu();
665
663
666
664
/* Reset all connected sockets when the device disappear */
667
-
vsock_for_each_connected_socket(virtio_vsock_reset_sock);
665
+
vsock_for_each_connected_socket(&virtio_transport.transport,
666
+
virtio_vsock_reset_sock);
668
667
669
668
/* Stop all work handlers to make sure no one is accessing the device,
670
669
* so we can safely call virtio_reset_device().
+4
-1
net/vmw_vsock/vmci_transport.c
+4
-1
net/vmw_vsock/vmci_transport.c
···
75
75
76
76
static int PROTOCOL_OVERRIDE = -1;
77
77
78
+
static struct vsock_transport vmci_transport; /* forward declaration */
79
+
78
80
/* Helper function to convert from a VMCI error code to a VSock error code. */
79
81
80
82
static s32 vmci_transport_error_to_vsock_error(s32 vmci_error)
···
884
882
const struct vmci_event_data *e_data,
885
883
void *client_data)
886
884
{
887
-
vsock_for_each_connected_socket(vmci_transport_handle_detach);
885
+
vsock_for_each_connected_socket(&vmci_transport,
886
+
vmci_transport_handle_detach);
888
887
}
889
888
890
889
static void vmci_transport_recv_pkt_work(struct work_struct *work)
+2
-3
tools/testing/selftests/netfilter/nft_nat.sh
+2
-3
tools/testing/selftests/netfilter/nft_nat.sh
···
880
880
return $ksft_skip
881
881
fi
882
882
883
-
# test default behaviour. Packet from ns1 to ns0 is not redirected
884
-
# due to automatic port translation.
885
-
test_port_shadow "default" "ROUTER"
883
+
# test default behaviour. Packet from ns1 to ns0 is redirected to ns2.
884
+
test_port_shadow "default" "CLIENT"
886
885
887
886
# test packet filter based mitigation: prevent forwarding of
888
887
# packets claiming to come from the service port.