Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Fix state pruning in bpf verifier wrt. alignment, from Daniel
Borkmann.
2) Handle non-linear SKBs properly in SCTP ICMP parsing, from Davide
Caratti.
3) Fix bit field definitions for rss_hash_type of descriptors in mlx5
driver, from Jesper Brouer.
4) Defer slave->link updates until bonding is ready to do a full commit
to the new settings, from Nithin Sujir.
5) Properly reference count ipv4 FIB metrics to avoid use after free
situations, from Eric Dumazet and several others including Cong Wang
and Julian Anastasov.
6) Fix races in llc_ui_bind(), from Lin Zhang.
7) Fix regression of ESP UDP encapsulation for TCP packets, from
Steffen Klassert.
8) Fix mdio-octeon driver Kconfig deps, from Randy Dunlap.
9) Fix regression in setting DSCP on ipv6/GRE encapsulation, from Peter
Dawson.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (43 commits)
ipv4: add reference counting to metrics
net: ethernet: ax88796: don't call free_irq without request_irq first
ip6_tunnel, ip6_gre: fix setting of DSCP on encapsulated packets
sctp: fix ICMP processing if skb is non-linear
net: llc: add lock_sock in llc_ui_bind to avoid a race condition
bonding: Don't update slave->link until ready to commit
test_bpf: Add a couple of tests for BPF_JSGE.
bpf: add various verifier test cases
bpf: fix wrong exposure of map_flags into fdinfo for lpm
bpf: add bpf_clone_redirect to bpf_helper_changes_pkt_data
bpf: properly reset caller saved regs after helper call and ld_abs/ind
bpf: fix incorrect pruning decision when alignment must be tracked
arp: fixed -Wuninitialized compiler warning
tcp: avoid fastopen API to be used on AF_UNSPEC
net: move somaxconn init from sysctl code
net: fix potential null pointer dereference
geneve: fix fill_info when using collect_metadata
virtio-net: enable TSO/checksum offloads for Q-in-Q vlans
be2net: Fix offload features for Q-in-Q packets
vlan: Fix tcp checksum offloads in Q-in-Q vlans
...
+702
-255
+4
Documentation/devicetree/bindings/net/fsl-fec.txt
+4
Documentation/devicetree/bindings/net/fsl-fec.txt
···
15
15
- phy-reset-active-high : If present then the reset sequence using the GPIO
16
16
specified in the "phy-reset-gpios" property is reversed (H=reset state,
17
17
L=operation state).
18
+
- phy-reset-post-delay : Post reset delay in milliseconds. If present then
19
+
a delay of phy-reset-post-delay milliseconds will be observed after the
20
+
phy-reset-gpios has been toggled. Can be omitted thus no delay is
21
+
observed. Delay is in range of 1ms to 1000ms. Other delays are invalid.
18
22
- phy-supply : regulator that powers the Ethernet PHY.
19
23
- phy-handle : phandle to the PHY device connected to this device.
20
24
- fixed-link : Assume a fixed link. See fixed-link.txt in the same directory.
+9
-2
drivers/net/bonding/bond_main.c
+9
-2
drivers/net/bonding/bond_main.c
···
2612
2612
bond_for_each_slave_rcu(bond, slave, iter) {
2613
2613
unsigned long trans_start = dev_trans_start(slave->dev);
2614
2614
2615
+
slave->new_link = BOND_LINK_NOCHANGE;
2616
+
2615
2617
if (slave->link != BOND_LINK_UP) {
2616
2618
if (bond_time_in_interval(bond, trans_start, 1) &&
2617
2619
bond_time_in_interval(bond, slave->last_rx, 1)) {
2618
2620
2619
-
slave->link = BOND_LINK_UP;
2621
+
slave->new_link = BOND_LINK_UP;
2620
2622
slave_state_changed = 1;
2621
2623
2622
2624
/* primary_slave has no meaning in round-robin
···
2645
2643
if (!bond_time_in_interval(bond, trans_start, 2) ||
2646
2644
!bond_time_in_interval(bond, slave->last_rx, 2)) {
2647
2645
2648
-
slave->link = BOND_LINK_DOWN;
2646
+
slave->new_link = BOND_LINK_DOWN;
2649
2647
slave_state_changed = 1;
2650
2648
2651
2649
if (slave->link_failure_count < UINT_MAX)
···
2675
2673
if (do_failover || slave_state_changed) {
2676
2674
if (!rtnl_trylock())
2677
2675
goto re_arm;
2676
+
2677
+
bond_for_each_slave(bond, slave, iter) {
2678
+
if (slave->new_link != BOND_LINK_NOCHANGE)
2679
+
slave->link = slave->new_link;
2680
+
}
2678
2681
2679
2682
if (slave_state_changed) {
2680
2683
bond_slave_state_change(bond);
+2
-5
drivers/net/ethernet/8390/ax88796.c
+2
-5
drivers/net/ethernet/8390/ax88796.c
···
748
748
749
749
ret = ax_mii_init(dev);
750
750
if (ret)
751
-
goto out_irq;
751
+
goto err_out;
752
752
753
753
ax_NS8390_init(dev, 0);
754
754
755
755
ret = register_netdev(dev);
756
756
if (ret)
757
-
goto out_irq;
757
+
goto err_out;
758
758
759
759
netdev_info(dev, "%dbit, irq %d, %lx, MAC: %pM\n",
760
760
ei_local->word16 ? 16 : 8, dev->irq, dev->base_addr,
···
762
762
763
763
return 0;
764
764
765
-
out_irq:
766
-
/* cleanup irq */
767
-
free_irq(dev->irq, dev);
768
765
err_out:
769
766
return ret;
770
767
}
+3
-1
drivers/net/ethernet/emulex/benet/be_main.c
+3
-1
drivers/net/ethernet/emulex/benet/be_main.c
···
5078
5078
struct be_adapter *adapter = netdev_priv(dev);
5079
5079
u8 l4_hdr = 0;
5080
5080
5081
-
/* The code below restricts offload features for some tunneled packets.
5081
+
/* The code below restricts offload features for some tunneled and
5082
+
* Q-in-Q packets.
5082
5083
* Offload features for normal (non tunnel) packets are unchanged.
5083
5084
*/
5085
+
features = vlan_features_check(skb, features);
5084
5086
if (!skb->encapsulation ||
5085
5087
!(adapter->flags & BE_FLAGS_VXLAN_OFFLOADS))
5086
5088
return features;
+15
-1
drivers/net/ethernet/freescale/fec_main.c
+15
-1
drivers/net/ethernet/freescale/fec_main.c
···
3192
3192
{
3193
3193
int err, phy_reset;
3194
3194
bool active_high = false;
3195
-
int msec = 1;
3195
+
int msec = 1, phy_post_delay = 0;
3196
3196
struct device_node *np = pdev->dev.of_node;
3197
3197
3198
3198
if (!np)
···
3208
3208
return phy_reset;
3209
3209
else if (!gpio_is_valid(phy_reset))
3210
3210
return 0;
3211
+
3212
+
err = of_property_read_u32(np, "phy-reset-post-delay", &phy_post_delay);
3213
+
/* valid reset duration should be less than 1s */
3214
+
if (!err && phy_post_delay > 1000)
3215
+
return -EINVAL;
3211
3216
3212
3217
active_high = of_property_read_bool(np, "phy-reset-active-high");
3213
3218
···
3230
3225
usleep_range(msec * 1000, msec * 1000 + 1000);
3231
3226
3232
3227
gpio_set_value_cansleep(phy_reset, !active_high);
3228
+
3229
+
if (!phy_post_delay)
3230
+
return 0;
3231
+
3232
+
if (phy_post_delay > 20)
3233
+
msleep(phy_post_delay);
3234
+
else
3235
+
usleep_range(phy_post_delay * 1000,
3236
+
phy_post_delay * 1000 + 1000);
3233
3237
3234
3238
return 0;
3235
3239
}
+36
-5
drivers/net/ethernet/mellanox/mlx5/core/cmd.c
+36
-5
drivers/net/ethernet/mellanox/mlx5/core/cmd.c
···
774
774
mlx5_core_warn(dev, "%s(0x%x) timeout. Will cause a leak of a command resource\n",
775
775
mlx5_command_str(msg_to_opcode(ent->in)),
776
776
msg_to_opcode(ent->in));
777
-
mlx5_cmd_comp_handler(dev, 1UL << ent->idx);
777
+
mlx5_cmd_comp_handler(dev, 1UL << ent->idx, true);
778
778
}
779
779
780
780
static void cmd_work_handler(struct work_struct *work)
···
804
804
}
805
805
806
806
cmd->ent_arr[ent->idx] = ent;
807
+
set_bit(MLX5_CMD_ENT_STATE_PENDING_COMP, &ent->state);
807
808
lay = get_inst(cmd, ent->idx);
808
809
ent->lay = lay;
809
810
memset(lay, 0, sizeof(*lay));
···
826
825
if (ent->callback)
827
826
schedule_delayed_work(&ent->cb_timeout_work, cb_timeout);
828
827
828
+
/* Skip sending command to fw if internal error */
829
+
if (pci_channel_offline(dev->pdev) ||
830
+
dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR) {
831
+
u8 status = 0;
832
+
u32 drv_synd;
833
+
834
+
ent->ret = mlx5_internal_err_ret_value(dev, msg_to_opcode(ent->in), &drv_synd, &status);
835
+
MLX5_SET(mbox_out, ent->out, status, status);
836
+
MLX5_SET(mbox_out, ent->out, syndrome, drv_synd);
837
+
838
+
mlx5_cmd_comp_handler(dev, 1UL << ent->idx, true);
839
+
return;
840
+
}
841
+
829
842
/* ring doorbell after the descriptor is valid */
830
843
mlx5_core_dbg(dev, "writing 0x%x to command doorbell\n", 1 << ent->idx);
831
844
wmb();
···
850
835
poll_timeout(ent);
851
836
/* make sure we read the descriptor after ownership is SW */
852
837
rmb();
853
-
mlx5_cmd_comp_handler(dev, 1UL << ent->idx);
838
+
mlx5_cmd_comp_handler(dev, 1UL << ent->idx, (ent->ret == -ETIMEDOUT));
854
839
}
855
840
}
856
841
···
894
879
wait_for_completion(&ent->done);
895
880
} else if (!wait_for_completion_timeout(&ent->done, timeout)) {
896
881
ent->ret = -ETIMEDOUT;
897
-
mlx5_cmd_comp_handler(dev, 1UL << ent->idx);
882
+
mlx5_cmd_comp_handler(dev, 1UL << ent->idx, true);
898
883
}
899
884
900
885
err = ent->ret;
···
1390
1375
}
1391
1376
}
1392
1377
1393
-
void mlx5_cmd_comp_handler(struct mlx5_core_dev *dev, u64 vec)
1378
+
void mlx5_cmd_comp_handler(struct mlx5_core_dev *dev, u64 vec, bool forced)
1394
1379
{
1395
1380
struct mlx5_cmd *cmd = &dev->cmd;
1396
1381
struct mlx5_cmd_work_ent *ent;
···
1410
1395
struct semaphore *sem;
1411
1396
1412
1397
ent = cmd->ent_arr[i];
1398
+
1399
+
/* if we already completed the command, ignore it */
1400
+
if (!test_and_clear_bit(MLX5_CMD_ENT_STATE_PENDING_COMP,
1401
+
&ent->state)) {
1402
+
/* only real completion can free the cmd slot */
1403
+
if (!forced) {
1404
+
mlx5_core_err(dev, "Command completion arrived after timeout (entry idx = %d).\n",
1405
+
ent->idx);
1406
+
free_ent(cmd, ent->idx);
1407
+
}
1408
+
continue;
1409
+
}
1410
+
1413
1411
if (ent->callback)
1414
1412
cancel_delayed_work(&ent->cb_timeout_work);
1415
1413
if (ent->page_queue)
···
1445
1417
mlx5_core_dbg(dev, "command completed. ret 0x%x, delivery status %s(0x%x)\n",
1446
1418
ent->ret, deliv_status_to_str(ent->status), ent->status);
1447
1419
}
1448
-
free_ent(cmd, ent->idx);
1420
+
1421
+
/* only real completion will free the entry slot */
1422
+
if (!forced)
1423
+
free_ent(cmd, ent->idx);
1449
1424
1450
1425
if (ent->callback) {
1451
1426
ds = ent->ts2 - ent->ts1;
+7
-1
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
+7
-1
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
···
1041
1041
#define MLX5_IB_GRH_BYTES 40
1042
1042
#define MLX5_IPOIB_ENCAP_LEN 4
1043
1043
#define MLX5_GID_SIZE 16
1044
+
#define MLX5_IPOIB_PSEUDO_LEN 20
1045
+
#define MLX5_IPOIB_HARD_LEN (MLX5_IPOIB_PSEUDO_LEN + MLX5_IPOIB_ENCAP_LEN)
1044
1046
1045
1047
static inline void mlx5i_complete_rx_cqe(struct mlx5e_rq *rq,
1046
1048
struct mlx5_cqe64 *cqe,
···
1050
1048
struct sk_buff *skb)
1051
1049
{
1052
1050
struct net_device *netdev = rq->netdev;
1051
+
char *pseudo_header;
1053
1052
u8 *dgid;
1054
1053
u8 g;
1055
1054
···
1079
1076
if (likely(netdev->features & NETIF_F_RXHASH))
1080
1077
mlx5e_skb_set_hash(cqe, skb);
1081
1078
1079
+
/* 20 bytes of ipoib header and 4 for encap existing */
1080
+
pseudo_header = skb_push(skb, MLX5_IPOIB_PSEUDO_LEN);
1081
+
memset(pseudo_header, 0, MLX5_IPOIB_PSEUDO_LEN);
1082
1082
skb_reset_mac_header(skb);
1083
-
skb_pull(skb, MLX5_IPOIB_ENCAP_LEN);
1083
+
skb_pull(skb, MLX5_IPOIB_HARD_LEN);
1084
1084
1085
1085
skb->dev = netdev;
1086
1086
+50
-10
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+50
-10
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
···
43
43
#include <net/tc_act/tc_vlan.h>
44
44
#include <net/tc_act/tc_tunnel_key.h>
45
45
#include <net/tc_act/tc_pedit.h>
46
+
#include <net/tc_act/tc_csum.h>
46
47
#include <net/vxlan.h>
47
48
#include <net/arp.h>
48
49
#include "en.h"
···
385
384
if (e->flags & MLX5_ENCAP_ENTRY_VALID)
386
385
mlx5_encap_dealloc(priv->mdev, e->encap_id);
387
386
388
-
hlist_del_rcu(&e->encap_hlist);
387
+
hash_del_rcu(&e->encap_hlist);
389
388
kfree(e->encap_header);
390
389
kfree(e);
391
390
}
···
926
925
struct mlx5e_tc_flow_parse_attr *parse_attr)
927
926
{
928
927
struct pedit_headers *set_masks, *add_masks, *set_vals, *add_vals;
929
-
int i, action_size, nactions, max_actions, first, last;
928
+
int i, action_size, nactions, max_actions, first, last, first_z;
930
929
void *s_masks_p, *a_masks_p, *vals_p;
931
-
u32 s_mask, a_mask, val;
932
930
struct mlx5_fields *f;
933
931
u8 cmd, field_bsize;
932
+
u32 s_mask, a_mask;
934
933
unsigned long mask;
935
934
void *action;
936
935
···
947
946
for (i = 0; i < ARRAY_SIZE(fields); i++) {
948
947
f = &fields[i];
949
948
/* avoid seeing bits set from previous iterations */
950
-
s_mask = a_mask = mask = val = 0;
949
+
s_mask = 0;
950
+
a_mask = 0;
951
951
952
952
s_masks_p = (void *)set_masks + f->offset;
953
953
a_masks_p = (void *)add_masks + f->offset;
···
983
981
memset(a_masks_p, 0, f->size);
984
982
}
985
983
986
-
memcpy(&val, vals_p, f->size);
987
-
988
984
field_bsize = f->size * BITS_PER_BYTE;
985
+
986
+
first_z = find_first_zero_bit(&mask, field_bsize);
989
987
first = find_first_bit(&mask, field_bsize);
990
988
last = find_last_bit(&mask, field_bsize);
991
-
if (first > 0 || last != (field_bsize - 1)) {
989
+
if (first > 0 || last != (field_bsize - 1) || first_z < last) {
992
990
printk(KERN_WARNING "mlx5: partial rewrite (mask %lx) is currently not offloaded\n",
993
991
mask);
994
992
return -EOPNOTSUPP;
···
1004
1002
}
1005
1003
1006
1004
if (field_bsize == 32)
1007
-
MLX5_SET(set_action_in, action, data, ntohl(val));
1005
+
MLX5_SET(set_action_in, action, data, ntohl(*(__be32 *)vals_p));
1008
1006
else if (field_bsize == 16)
1009
-
MLX5_SET(set_action_in, action, data, ntohs(val));
1007
+
MLX5_SET(set_action_in, action, data, ntohs(*(__be16 *)vals_p));
1010
1008
else if (field_bsize == 8)
1011
-
MLX5_SET(set_action_in, action, data, val);
1009
+
MLX5_SET(set_action_in, action, data, *(u8 *)vals_p);
1012
1010
1013
1011
action += action_size;
1014
1012
nactions++;
···
1111
1109
return err;
1112
1110
}
1113
1111
1112
+
static bool csum_offload_supported(struct mlx5e_priv *priv, u32 action, u32 update_flags)
1113
+
{
1114
+
u32 prot_flags = TCA_CSUM_UPDATE_FLAG_IPV4HDR | TCA_CSUM_UPDATE_FLAG_TCP |
1115
+
TCA_CSUM_UPDATE_FLAG_UDP;
1116
+
1117
+
/* The HW recalcs checksums only if re-writing headers */
1118
+
if (!(action & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR)) {
1119
+
netdev_warn(priv->netdev,
1120
+
"TC csum action is only offloaded with pedit\n");
1121
+
return false;
1122
+
}
1123
+
1124
+
if (update_flags & ~prot_flags) {
1125
+
netdev_warn(priv->netdev,
1126
+
"can't offload TC csum action for some header/s - flags %#x\n",
1127
+
update_flags);
1128
+
return false;
1129
+
}
1130
+
1131
+
return true;
1132
+
}
1133
+
1114
1134
static int parse_tc_nic_actions(struct mlx5e_priv *priv, struct tcf_exts *exts,
1115
1135
struct mlx5e_tc_flow_parse_attr *parse_attr,
1116
1136
struct mlx5e_tc_flow *flow)
···
1171
1147
attr->action |= MLX5_FLOW_CONTEXT_ACTION_MOD_HDR |
1172
1148
MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
1173
1149
continue;
1150
+
}
1151
+
1152
+
if (is_tcf_csum(a)) {
1153
+
if (csum_offload_supported(priv, attr->action,
1154
+
tcf_csum_update_flags(a)))
1155
+
continue;
1156
+
1157
+
return -EOPNOTSUPP;
1174
1158
}
1175
1159
1176
1160
if (is_tcf_skbedit_mark(a)) {
···
1681
1649
1682
1650
attr->action |= MLX5_FLOW_CONTEXT_ACTION_MOD_HDR;
1683
1651
continue;
1652
+
}
1653
+
1654
+
if (is_tcf_csum(a)) {
1655
+
if (csum_offload_supported(priv, attr->action,
1656
+
tcf_csum_update_flags(a)))
1657
+
continue;
1658
+
1659
+
return -EOPNOTSUPP;
1684
1660
}
1685
1661
1686
1662
if (is_tcf_mirred_egress_redirect(a)) {
+1
-1
drivers/net/ethernet/mellanox/mlx5/core/eq.c
+1
-1
drivers/net/ethernet/mellanox/mlx5/core/eq.c
+1
-1
drivers/net/ethernet/mellanox/mlx5/core/health.c
+1
-1
drivers/net/ethernet/mellanox/mlx5/core/health.c
+4
-11
drivers/net/ethernet/mellanox/mlx5/core/main.c
+4
-11
drivers/net/ethernet/mellanox/mlx5/core/main.c
···
612
612
struct mlx5_priv *priv = &mdev->priv;
613
613
struct msix_entry *msix = priv->msix_arr;
614
614
int irq = msix[i + MLX5_EQ_VEC_COMP_BASE].vector;
615
-
int err;
616
615
617
616
if (!zalloc_cpumask_var(&priv->irq_info[i].mask, GFP_KERNEL)) {
618
617
mlx5_core_warn(mdev, "zalloc_cpumask_var failed");
···
621
622
cpumask_set_cpu(cpumask_local_spread(i, priv->numa_node),
622
623
priv->irq_info[i].mask);
623
624
624
-
err = irq_set_affinity_hint(irq, priv->irq_info[i].mask);
625
-
if (err) {
626
-
mlx5_core_warn(mdev, "irq_set_affinity_hint failed,irq 0x%.4x",
627
-
irq);
628
-
goto err_clear_mask;
629
-
}
625
+
#ifdef CONFIG_SMP
626
+
if (irq_set_affinity_hint(irq, priv->irq_info[i].mask))
627
+
mlx5_core_warn(mdev, "irq_set_affinity_hint failed, irq 0x%.4x", irq);
628
+
#endif
630
629
631
630
return 0;
632
-
633
-
err_clear_mask:
634
-
free_cpumask_var(priv->irq_info[i].mask);
635
-
return err;
636
631
}
637
632
638
633
static void mlx5_irq_clear_affinity_hint(struct mlx5_core_dev *mdev, int i)
+5
-3
drivers/net/geneve.c
+5
-3
drivers/net/geneve.c
···
1293
1293
if (nla_put_u32(skb, IFLA_GENEVE_ID, vni))
1294
1294
goto nla_put_failure;
1295
1295
1296
-
if (ip_tunnel_info_af(info) == AF_INET) {
1296
+
if (rtnl_dereference(geneve->sock4)) {
1297
1297
if (nla_put_in_addr(skb, IFLA_GENEVE_REMOTE,
1298
1298
info->key.u.ipv4.dst))
1299
1299
goto nla_put_failure;
···
1302
1302
!!(info->key.tun_flags & TUNNEL_CSUM)))
1303
1303
goto nla_put_failure;
1304
1304
1305
+
}
1306
+
1305
1307
#if IS_ENABLED(CONFIG_IPV6)
1306
-
} else {
1308
+
if (rtnl_dereference(geneve->sock6)) {
1307
1309
if (nla_put_in6_addr(skb, IFLA_GENEVE_REMOTE6,
1308
1310
&info->key.u.ipv6.dst))
1309
1311
goto nla_put_failure;
···
1317
1315
if (nla_put_u8(skb, IFLA_GENEVE_UDP_ZERO_CSUM6_RX,
1318
1316
!geneve->use_udp6_rx_checksums))
1319
1317
goto nla_put_failure;
1320
-
#endif
1321
1318
}
1319
+
#endif
1322
1320
1323
1321
if (nla_put_u8(skb, IFLA_GENEVE_TTL, info->key.ttl) ||
1324
1322
nla_put_u8(skb, IFLA_GENEVE_TOS, info->key.tos) ||
+1
-1
drivers/net/gtp.c
+1
-1
drivers/net/gtp.c
···
873
873
874
874
/* Check if there's an existing gtpX device to configure */
875
875
dev = dev_get_by_index_rcu(net, nla_get_u32(nla[GTPA_LINK]));
876
-
if (dev->netdev_ops == >p_netdev_ops)
876
+
if (dev && dev->netdev_ops == >p_netdev_ops)
877
877
gtp = netdev_priv(dev);
878
878
879
879
put_net(net);
+1
-1
drivers/net/phy/Kconfig
+1
-1
drivers/net/phy/Kconfig
+37
-29
drivers/net/phy/marvell.c
+37
-29
drivers/net/phy/marvell.c
···
255
255
{
256
256
int err;
257
257
258
-
/* The Marvell PHY has an errata which requires
259
-
* that certain registers get written in order
260
-
* to restart autonegotiation */
261
-
err = phy_write(phydev, MII_BMCR, BMCR_RESET);
262
-
263
-
if (err < 0)
264
-
return err;
265
-
266
-
err = phy_write(phydev, 0x1d, 0x1f);
267
-
if (err < 0)
268
-
return err;
269
-
270
-
err = phy_write(phydev, 0x1e, 0x200c);
271
-
if (err < 0)
272
-
return err;
273
-
274
-
err = phy_write(phydev, 0x1d, 0x5);
275
-
if (err < 0)
276
-
return err;
277
-
278
-
err = phy_write(phydev, 0x1e, 0);
279
-
if (err < 0)
280
-
return err;
281
-
282
-
err = phy_write(phydev, 0x1e, 0x100);
283
-
if (err < 0)
284
-
return err;
285
-
286
258
err = marvell_set_polarity(phydev, phydev->mdix_ctrl);
287
259
if (err < 0)
288
260
return err;
···
286
314
}
287
315
288
316
return 0;
317
+
}
318
+
319
+
static int m88e1101_config_aneg(struct phy_device *phydev)
320
+
{
321
+
int err;
322
+
323
+
/* This Marvell PHY has an errata which requires
324
+
* that certain registers get written in order
325
+
* to restart autonegotiation
326
+
*/
327
+
err = phy_write(phydev, MII_BMCR, BMCR_RESET);
328
+
329
+
if (err < 0)
330
+
return err;
331
+
332
+
err = phy_write(phydev, 0x1d, 0x1f);
333
+
if (err < 0)
334
+
return err;
335
+
336
+
err = phy_write(phydev, 0x1e, 0x200c);
337
+
if (err < 0)
338
+
return err;
339
+
340
+
err = phy_write(phydev, 0x1d, 0x5);
341
+
if (err < 0)
342
+
return err;
343
+
344
+
err = phy_write(phydev, 0x1e, 0);
345
+
if (err < 0)
346
+
return err;
347
+
348
+
err = phy_write(phydev, 0x1e, 0x100);
349
+
if (err < 0)
350
+
return err;
351
+
352
+
return marvell_config_aneg(phydev);
289
353
}
290
354
291
355
static int m88e1111_config_aneg(struct phy_device *phydev)
···
1900
1892
.flags = PHY_HAS_INTERRUPT,
1901
1893
.probe = marvell_probe,
1902
1894
.config_init = &marvell_config_init,
1903
-
.config_aneg = &marvell_config_aneg,
1895
+
.config_aneg = &m88e1101_config_aneg,
1904
1896
.read_status = &genphy_read_status,
1905
1897
.ack_interrupt = &marvell_ack_interrupt,
1906
1898
.config_intr = &marvell_config_intr,
+25
-8
drivers/net/usb/cdc_ether.c
+25
-8
drivers/net/usb/cdc_ether.c
···
310
310
return -ENODEV;
311
311
}
312
312
313
-
/* Some devices don't initialise properly. In particular
314
-
* the packet filter is not reset. There are devices that
315
-
* don't do reset all the way. So the packet filter should
316
-
* be set to a sane initial value.
317
-
*/
318
-
usbnet_cdc_update_filter(dev);
319
-
320
313
return 0;
321
314
322
315
bad_desc:
···
317
324
return -ENODEV;
318
325
}
319
326
EXPORT_SYMBOL_GPL(usbnet_generic_cdc_bind);
327
+
328
+
329
+
/* like usbnet_generic_cdc_bind() but handles filter initialization
330
+
* correctly
331
+
*/
332
+
int usbnet_ether_cdc_bind(struct usbnet *dev, struct usb_interface *intf)
333
+
{
334
+
int rv;
335
+
336
+
rv = usbnet_generic_cdc_bind(dev, intf);
337
+
if (rv < 0)
338
+
goto bail_out;
339
+
340
+
/* Some devices don't initialise properly. In particular
341
+
* the packet filter is not reset. There are devices that
342
+
* don't do reset all the way. So the packet filter should
343
+
* be set to a sane initial value.
344
+
*/
345
+
usbnet_cdc_update_filter(dev);
346
+
347
+
bail_out:
348
+
return rv;
349
+
}
350
+
EXPORT_SYMBOL_GPL(usbnet_ether_cdc_bind);
320
351
321
352
void usbnet_cdc_unbind(struct usbnet *dev, struct usb_interface *intf)
322
353
{
···
434
417
BUILD_BUG_ON((sizeof(((struct usbnet *)0)->data)
435
418
< sizeof(struct cdc_state)));
436
419
437
-
status = usbnet_generic_cdc_bind(dev, intf);
420
+
status = usbnet_ether_cdc_bind(dev, intf);
438
421
if (status < 0)
439
422
return status;
440
423
+1
drivers/net/virtio_net.c
+1
drivers/net/virtio_net.c
+10
include/linux/filter.h
+10
include/linux/filter.h
···
272
272
.off = OFF, \
273
273
.imm = IMM })
274
274
275
+
/* Unconditional jumps, goto pc + off16 */
276
+
277
+
#define BPF_JMP_A(OFF) \
278
+
((struct bpf_insn) { \
279
+
.code = BPF_JMP | BPF_JA, \
280
+
.dst_reg = 0, \
281
+
.src_reg = 0, \
282
+
.off = OFF, \
283
+
.imm = 0 })
284
+
275
285
/* Function call */
276
286
277
287
#define BPF_EMIT_CALL(FUNC) \
+10
-8
include/linux/if_vlan.h
+10
-8
include/linux/if_vlan.h
···
614
614
static inline netdev_features_t vlan_features_check(const struct sk_buff *skb,
615
615
netdev_features_t features)
616
616
{
617
-
if (skb_vlan_tagged_multi(skb))
618
-
features = netdev_intersect_features(features,
619
-
NETIF_F_SG |
620
-
NETIF_F_HIGHDMA |
621
-
NETIF_F_FRAGLIST |
622
-
NETIF_F_HW_CSUM |
623
-
NETIF_F_HW_VLAN_CTAG_TX |
624
-
NETIF_F_HW_VLAN_STAG_TX);
617
+
if (skb_vlan_tagged_multi(skb)) {
618
+
/* In the case of multi-tagged packets, use a direct mask
619
+
* instead of using netdev_interesect_features(), to make
620
+
* sure that only devices supporting NETIF_F_HW_CSUM will
621
+
* have checksum offloading support.
622
+
*/
623
+
features &= NETIF_F_SG | NETIF_F_HIGHDMA | NETIF_F_HW_CSUM |
624
+
NETIF_F_FRAGLIST | NETIF_F_HW_VLAN_CTAG_TX |
625
+
NETIF_F_HW_VLAN_STAG_TX;
626
+
}
625
627
626
628
return features;
627
629
}
+8
-2
include/linux/mlx5/device.h
+8
-2
include/linux/mlx5/device.h
···
787
787
};
788
788
789
789
enum {
790
-
CQE_RSS_HTYPE_IP = 0x3 << 6,
791
-
CQE_RSS_HTYPE_L4 = 0x3 << 2,
790
+
CQE_RSS_HTYPE_IP = 0x3 << 2,
791
+
/* cqe->rss_hash_type[3:2] - IP destination selected for hash
792
+
* (00 = none, 01 = IPv4, 10 = IPv6, 11 = Reserved)
793
+
*/
794
+
CQE_RSS_HTYPE_L4 = 0x3 << 6,
795
+
/* cqe->rss_hash_type[7:6] - L4 destination selected for hash
796
+
* (00 = none, 01 = TCP. 10 = UDP, 11 = IPSEC.SPI
797
+
*/
792
798
};
793
799
794
800
enum {
+6
-1
include/linux/mlx5/driver.h
+6
-1
include/linux/mlx5/driver.h
···
787
787
788
788
typedef void (*mlx5_cmd_cbk_t)(int status, void *context);
789
789
790
+
enum {
791
+
MLX5_CMD_ENT_STATE_PENDING_COMP,
792
+
};
793
+
790
794
struct mlx5_cmd_work_ent {
795
+
unsigned long state;
791
796
struct mlx5_cmd_msg *in;
792
797
struct mlx5_cmd_msg *out;
793
798
void *uout;
···
981
976
void mlx5_rsc_event(struct mlx5_core_dev *dev, u32 rsn, int event_type);
982
977
void mlx5_srq_event(struct mlx5_core_dev *dev, u32 srqn, int event_type);
983
978
struct mlx5_core_srq *mlx5_core_get_srq(struct mlx5_core_dev *dev, u32 srqn);
984
-
void mlx5_cmd_comp_handler(struct mlx5_core_dev *dev, u64 vec);
979
+
void mlx5_cmd_comp_handler(struct mlx5_core_dev *dev, u64 vec, bool forced);
985
980
void mlx5_cq_event(struct mlx5_core_dev *dev, u32 cqn, int event_type);
986
981
int mlx5_create_map_eq(struct mlx5_core_dev *dev, struct mlx5_eq *eq, u8 vecidx,
987
982
int nent, u64 mask, const char *name,
+1
include/linux/usb/usbnet.h
+1
include/linux/usb/usbnet.h
···
206
206
};
207
207
208
208
extern int usbnet_generic_cdc_bind(struct usbnet *, struct usb_interface *);
209
+
extern int usbnet_ether_cdc_bind(struct usbnet *dev, struct usb_interface *intf);
209
210
extern int usbnet_cdc_bind(struct usbnet *, struct usb_interface *);
210
211
extern void usbnet_cdc_unbind(struct usbnet *, struct usb_interface *);
211
212
extern void usbnet_cdc_status(struct usbnet *, struct urb *);
+7
-1
include/net/dst.h
+7
-1
include/net/dst.h
···
107
107
};
108
108
};
109
109
110
+
struct dst_metrics {
111
+
u32 metrics[RTAX_MAX];
112
+
atomic_t refcnt;
113
+
};
114
+
extern const struct dst_metrics dst_default_metrics;
115
+
110
116
u32 *dst_cow_metrics_generic(struct dst_entry *dst, unsigned long old);
111
-
extern const u32 dst_default_metrics[];
112
117
113
118
#define DST_METRICS_READ_ONLY 0x1UL
119
+
#define DST_METRICS_REFCOUNTED 0x2UL
114
120
#define DST_METRICS_FLAGS 0x3UL
115
121
#define __DST_METRICS_PTR(Y) \
116
122
((u32 *)((Y) & ~DST_METRICS_FLAGS))
+5
-5
include/net/ip_fib.h
+5
-5
include/net/ip_fib.h
···
114
114
__be32 fib_prefsrc;
115
115
u32 fib_tb_id;
116
116
u32 fib_priority;
117
-
u32 *fib_metrics;
118
-
#define fib_mtu fib_metrics[RTAX_MTU-1]
119
-
#define fib_window fib_metrics[RTAX_WINDOW-1]
120
-
#define fib_rtt fib_metrics[RTAX_RTT-1]
121
-
#define fib_advmss fib_metrics[RTAX_ADVMSS-1]
117
+
struct dst_metrics *fib_metrics;
118
+
#define fib_mtu fib_metrics->metrics[RTAX_MTU-1]
119
+
#define fib_window fib_metrics->metrics[RTAX_WINDOW-1]
120
+
#define fib_rtt fib_metrics->metrics[RTAX_RTT-1]
121
+
#define fib_advmss fib_metrics->metrics[RTAX_ADVMSS-1]
122
122
int fib_nhs;
123
123
#ifdef CONFIG_IP_ROUTE_MULTIPATH
124
124
int fib_weight;
+15
include/net/tc_act/tc_csum.h
+15
include/net/tc_act/tc_csum.h
···
3
3
4
4
#include <linux/types.h>
5
5
#include <net/act_api.h>
6
+
#include <linux/tc_act/tc_csum.h>
6
7
7
8
struct tcf_csum {
8
9
struct tc_action common;
···
11
10
u32 update_flags;
12
11
};
13
12
#define to_tcf_csum(a) ((struct tcf_csum *)a)
13
+
14
+
static inline bool is_tcf_csum(const struct tc_action *a)
15
+
{
16
+
#ifdef CONFIG_NET_CLS_ACT
17
+
if (a->ops && a->ops->type == TCA_ACT_CSUM)
18
+
return true;
19
+
#endif
20
+
return false;
21
+
}
22
+
23
+
static inline u32 tcf_csum_update_flags(const struct tc_action *a)
24
+
{
25
+
return to_tcf_csum(a)->update_flags;
26
+
}
14
27
15
28
#endif /* __NET_TC_CSUM_H */
-10
include/net/xfrm.h
-10
include/net/xfrm.h
···
979
979
struct flow_cache_object flo;
980
980
struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
981
981
int num_pols, num_xfrms;
982
-
#ifdef CONFIG_XFRM_SUB_POLICY
983
-
struct flowi *origin;
984
-
struct xfrm_selector *partner;
985
-
#endif
986
982
u32 xfrm_genid;
987
983
u32 policy_genid;
988
984
u32 route_mtu_cached;
···
994
998
dst_release(xdst->route);
995
999
if (likely(xdst->u.dst.xfrm))
996
1000
xfrm_state_put(xdst->u.dst.xfrm);
997
-
#ifdef CONFIG_XFRM_SUB_POLICY
998
-
kfree(xdst->origin);
999
-
xdst->origin = NULL;
1000
-
kfree(xdst->partner);
1001
-
xdst->partner = NULL;
1002
-
#endif
1003
1001
}
1004
1002
#endif
1005
1003
+1
kernel/bpf/arraymap.c
+1
kernel/bpf/arraymap.c
+1
kernel/bpf/lpm_trie.c
+1
kernel/bpf/lpm_trie.c
···
432
432
trie->map.key_size = attr->key_size;
433
433
trie->map.value_size = attr->value_size;
434
434
trie->map.max_entries = attr->max_entries;
435
+
trie->map.map_flags = attr->map_flags;
435
436
trie->data_size = attr->key_size -
436
437
offsetof(struct bpf_lpm_trie_key, data);
437
438
trie->max_prefixlen = trie->data_size * 8;
+1
kernel/bpf/stackmap.c
+1
kernel/bpf/stackmap.c
+26
-30
kernel/bpf/verifier.c
+26
-30
kernel/bpf/verifier.c
···
463
463
BPF_REG_0, BPF_REG_1, BPF_REG_2, BPF_REG_3, BPF_REG_4, BPF_REG_5
464
464
};
465
465
466
+
static void mark_reg_not_init(struct bpf_reg_state *regs, u32 regno)
467
+
{
468
+
BUG_ON(regno >= MAX_BPF_REG);
469
+
470
+
memset(®s[regno], 0, sizeof(regs[regno]));
471
+
regs[regno].type = NOT_INIT;
472
+
regs[regno].min_value = BPF_REGISTER_MIN_RANGE;
473
+
regs[regno].max_value = BPF_REGISTER_MAX_RANGE;
474
+
}
475
+
466
476
static void init_reg_state(struct bpf_reg_state *regs)
467
477
{
468
478
int i;
469
479
470
-
for (i = 0; i < MAX_BPF_REG; i++) {
471
-
regs[i].type = NOT_INIT;
472
-
regs[i].imm = 0;
473
-
regs[i].min_value = BPF_REGISTER_MIN_RANGE;
474
-
regs[i].max_value = BPF_REGISTER_MAX_RANGE;
475
-
regs[i].min_align = 0;
476
-
regs[i].aux_off = 0;
477
-
regs[i].aux_off_align = 0;
478
-
}
480
+
for (i = 0; i < MAX_BPF_REG; i++)
481
+
mark_reg_not_init(regs, i);
479
482
480
483
/* frame pointer */
481
484
regs[BPF_REG_FP].type = FRAME_PTR;
···
845
842
int off, int size)
846
843
{
847
844
bool strict = env->strict_alignment;
848
-
849
-
if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
850
-
strict = true;
851
845
852
846
switch (reg->type) {
853
847
case PTR_TO_PACKET:
···
1349
1349
struct bpf_verifier_state *state = &env->cur_state;
1350
1350
const struct bpf_func_proto *fn = NULL;
1351
1351
struct bpf_reg_state *regs = state->regs;
1352
-
struct bpf_reg_state *reg;
1353
1352
struct bpf_call_arg_meta meta;
1354
1353
bool changes_data;
1355
1354
int i, err;
···
1415
1416
}
1416
1417
1417
1418
/* reset caller saved regs */
1418
-
for (i = 0; i < CALLER_SAVED_REGS; i++) {
1419
-
reg = regs + caller_saved[i];
1420
-
reg->type = NOT_INIT;
1421
-
reg->imm = 0;
1422
-
}
1419
+
for (i = 0; i < CALLER_SAVED_REGS; i++)
1420
+
mark_reg_not_init(regs, caller_saved[i]);
1423
1421
1424
1422
/* update return register */
1425
1423
if (fn->ret_type == RET_INTEGER) {
···
2444
2448
{
2445
2449
struct bpf_reg_state *regs = env->cur_state.regs;
2446
2450
u8 mode = BPF_MODE(insn->code);
2447
-
struct bpf_reg_state *reg;
2448
2451
int i, err;
2449
2452
2450
2453
if (!may_access_skb(env->prog->type)) {
···
2476
2481
}
2477
2482
2478
2483
/* reset caller saved regs to unreadable */
2479
-
for (i = 0; i < CALLER_SAVED_REGS; i++) {
2480
-
reg = regs + caller_saved[i];
2481
-
reg->type = NOT_INIT;
2482
-
reg->imm = 0;
2483
-
}
2484
+
for (i = 0; i < CALLER_SAVED_REGS; i++)
2485
+
mark_reg_not_init(regs, caller_saved[i]);
2484
2486
2485
2487
/* mark destination R0 register as readable, since it contains
2486
2488
* the value fetched from the packet
···
2688
2696
/* the following conditions reduce the number of explored insns
2689
2697
* from ~140k to ~80k for ultra large programs that use a lot of ptr_to_packet
2690
2698
*/
2691
-
static bool compare_ptrs_to_packet(struct bpf_reg_state *old,
2699
+
static bool compare_ptrs_to_packet(struct bpf_verifier_env *env,
2700
+
struct bpf_reg_state *old,
2692
2701
struct bpf_reg_state *cur)
2693
2702
{
2694
2703
if (old->id != cur->id)
···
2732
2739
* 'if (R4 > data_end)' and all further insn were already good with r=20,
2733
2740
* so they will be good with r=30 and we can prune the search.
2734
2741
*/
2735
-
if (old->off <= cur->off &&
2742
+
if (!env->strict_alignment && old->off <= cur->off &&
2736
2743
old->off >= old->range && cur->off >= cur->range)
2737
2744
return true;
2738
2745
···
2803
2810
continue;
2804
2811
2805
2812
if (rold->type == PTR_TO_PACKET && rcur->type == PTR_TO_PACKET &&
2806
-
compare_ptrs_to_packet(rold, rcur))
2813
+
compare_ptrs_to_packet(env, rold, rcur))
2807
2814
continue;
2808
2815
2809
2816
return false;
···
3581
3588
} else {
3582
3589
log_level = 0;
3583
3590
}
3584
-
if (attr->prog_flags & BPF_F_STRICT_ALIGNMENT)
3591
+
3592
+
env->strict_alignment = !!(attr->prog_flags & BPF_F_STRICT_ALIGNMENT);
3593
+
if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
3585
3594
env->strict_alignment = true;
3586
-
else
3587
-
env->strict_alignment = false;
3588
3595
3589
3596
ret = replace_map_fd_with_map_ptr(env);
3590
3597
if (ret < 0)
···
3690
3697
mutex_lock(&bpf_verifier_lock);
3691
3698
3692
3699
log_level = 0;
3700
+
3693
3701
env->strict_alignment = false;
3702
+
if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
3703
+
env->strict_alignment = true;
3694
3704
3695
3705
env->explored_states = kcalloc(env->prog->len,
3696
3706
sizeof(struct bpf_verifier_state_list *),
+38
lib/test_bpf.c
+38
lib/test_bpf.c
···
4504
4504
{ },
4505
4505
{ { 0, 1 } },
4506
4506
},
4507
+
{
4508
+
"JMP_JSGE_K: Signed jump: value walk 1",
4509
+
.u.insns_int = {
4510
+
BPF_ALU32_IMM(BPF_MOV, R0, 0),
4511
+
BPF_LD_IMM64(R1, -3),
4512
+
BPF_JMP_IMM(BPF_JSGE, R1, 0, 6),
4513
+
BPF_ALU64_IMM(BPF_ADD, R1, 1),
4514
+
BPF_JMP_IMM(BPF_JSGE, R1, 0, 4),
4515
+
BPF_ALU64_IMM(BPF_ADD, R1, 1),
4516
+
BPF_JMP_IMM(BPF_JSGE, R1, 0, 2),
4517
+
BPF_ALU64_IMM(BPF_ADD, R1, 1),
4518
+
BPF_JMP_IMM(BPF_JSGE, R1, 0, 1),
4519
+
BPF_EXIT_INSN(), /* bad exit */
4520
+
BPF_ALU32_IMM(BPF_MOV, R0, 1), /* good exit */
4521
+
BPF_EXIT_INSN(),
4522
+
},
4523
+
INTERNAL,
4524
+
{ },
4525
+
{ { 0, 1 } },
4526
+
},
4527
+
{
4528
+
"JMP_JSGE_K: Signed jump: value walk 2",
4529
+
.u.insns_int = {
4530
+
BPF_ALU32_IMM(BPF_MOV, R0, 0),
4531
+
BPF_LD_IMM64(R1, -3),
4532
+
BPF_JMP_IMM(BPF_JSGE, R1, 0, 4),
4533
+
BPF_ALU64_IMM(BPF_ADD, R1, 2),
4534
+
BPF_JMP_IMM(BPF_JSGE, R1, 0, 2),
4535
+
BPF_ALU64_IMM(BPF_ADD, R1, 2),
4536
+
BPF_JMP_IMM(BPF_JSGE, R1, 0, 1),
4537
+
BPF_EXIT_INSN(), /* bad exit */
4538
+
BPF_ALU32_IMM(BPF_MOV, R0, 1), /* good exit */
4539
+
BPF_EXIT_INSN(),
4540
+
},
4541
+
INTERNAL,
4542
+
{ },
4543
+
{ { 0, 1 } },
4544
+
},
4507
4545
/* BPF_JMP | BPF_JGT | BPF_K */
4508
4546
{
4509
4547
"JMP_JGT_K: if (3 > 2) return 1",
+14
-9
net/core/dst.c
+14
-9
net/core/dst.c
···
151
151
}
152
152
EXPORT_SYMBOL(dst_discard_out);
153
153
154
-
const u32 dst_default_metrics[RTAX_MAX + 1] = {
154
+
const struct dst_metrics dst_default_metrics = {
155
155
/* This initializer is needed to force linker to place this variable
156
156
* into const section. Otherwise it might end into bss section.
157
157
* We really want to avoid false sharing on this variable, and catch
158
158
* any writes on it.
159
159
*/
160
-
[RTAX_MAX] = 0xdeadbeef,
160
+
.refcnt = ATOMIC_INIT(1),
161
161
};
162
162
163
163
void dst_init(struct dst_entry *dst, struct dst_ops *ops,
···
169
169
if (dev)
170
170
dev_hold(dev);
171
171
dst->ops = ops;
172
-
dst_init_metrics(dst, dst_default_metrics, true);
172
+
dst_init_metrics(dst, dst_default_metrics.metrics, true);
173
173
dst->expires = 0UL;
174
174
dst->path = dst;
175
175
dst->from = NULL;
···
314
314
315
315
u32 *dst_cow_metrics_generic(struct dst_entry *dst, unsigned long old)
316
316
{
317
-
u32 *p = kmalloc(sizeof(u32) * RTAX_MAX, GFP_ATOMIC);
317
+
struct dst_metrics *p = kmalloc(sizeof(*p), GFP_ATOMIC);
318
318
319
319
if (p) {
320
-
u32 *old_p = __DST_METRICS_PTR(old);
320
+
struct dst_metrics *old_p = (struct dst_metrics *)__DST_METRICS_PTR(old);
321
321
unsigned long prev, new;
322
322
323
-
memcpy(p, old_p, sizeof(u32) * RTAX_MAX);
323
+
atomic_set(&p->refcnt, 1);
324
+
memcpy(p->metrics, old_p->metrics, sizeof(p->metrics));
324
325
325
326
new = (unsigned long) p;
326
327
prev = cmpxchg(&dst->_metrics, old, new);
327
328
328
329
if (prev != old) {
329
330
kfree(p);
330
-
p = __DST_METRICS_PTR(prev);
331
+
p = (struct dst_metrics *)__DST_METRICS_PTR(prev);
331
332
if (prev & DST_METRICS_READ_ONLY)
332
333
p = NULL;
334
+
} else if (prev & DST_METRICS_REFCOUNTED) {
335
+
if (atomic_dec_and_test(&old_p->refcnt))
336
+
kfree(old_p);
333
337
}
334
338
}
335
-
return p;
339
+
BUILD_BUG_ON(offsetof(struct dst_metrics, metrics) != 0);
340
+
return (u32 *)p;
336
341
}
337
342
EXPORT_SYMBOL(dst_cow_metrics_generic);
338
343
···
346
341
{
347
342
unsigned long prev, new;
348
343
349
-
new = ((unsigned long) dst_default_metrics) | DST_METRICS_READ_ONLY;
344
+
new = ((unsigned long) &dst_default_metrics) | DST_METRICS_READ_ONLY;
350
345
prev = cmpxchg(&dst->_metrics, old, new);
351
346
if (prev == old)
352
347
kfree(__DST_METRICS_PTR(old));
+1
net/core/filter.c
+1
net/core/filter.c
+19
net/core/net_namespace.c
+19
net/core/net_namespace.c
···
315
315
goto out;
316
316
}
317
317
318
+
static int __net_init net_defaults_init_net(struct net *net)
319
+
{
320
+
net->core.sysctl_somaxconn = SOMAXCONN;
321
+
return 0;
322
+
}
323
+
324
+
static struct pernet_operations net_defaults_ops = {
325
+
.init = net_defaults_init_net,
326
+
};
327
+
328
+
static __init int net_defaults_init(void)
329
+
{
330
+
if (register_pernet_subsys(&net_defaults_ops))
331
+
panic("Cannot initialize net default settings");
332
+
333
+
return 0;
334
+
}
335
+
336
+
core_initcall(net_defaults_init);
318
337
319
338
#ifdef CONFIG_NET_NS
320
339
static struct ucounts *inc_net_namespaces(struct user_namespace *ns)
+5
-2
net/core/rtnetlink.c
+5
-2
net/core/rtnetlink.c
···
3231
3231
int err = 0;
3232
3232
int fidx = 0;
3233
3233
3234
-
if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb,
3235
-
IFLA_MAX, ifla_policy, NULL) == 0) {
3234
+
err = nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb,
3235
+
IFLA_MAX, ifla_policy, NULL);
3236
+
if (err < 0) {
3237
+
return -EINVAL;
3238
+
} else if (err == 0) {
3236
3239
if (tb[IFLA_MASTER])
3237
3240
br_idx = nla_get_u32(tb[IFLA_MASTER]);
3238
3241
}
-2
net/core/sysctl_net_core.c
-2
net/core/sysctl_net_core.c
+1
-1
net/ipv4/arp.c
+1
-1
net/ipv4/arp.c
+4
-1
net/ipv4/esp4.c
+4
-1
net/ipv4/esp4.c
···
248
248
u8 *tail;
249
249
u8 *vaddr;
250
250
int nfrags;
251
+
int esph_offset;
251
252
struct page *page;
252
253
struct sk_buff *trailer;
253
254
int tailen = esp->tailen;
···
314
313
}
315
314
316
315
cow:
316
+
esph_offset = (unsigned char *)esp->esph - skb_transport_header(skb);
317
+
317
318
nfrags = skb_cow_data(skb, tailen, &trailer);
318
319
if (nfrags < 0)
319
320
goto out;
320
321
tail = skb_tail_pointer(trailer);
321
-
esp->esph = ip_esp_hdr(skb);
322
+
esp->esph = (struct ip_esp_hdr *)(skb_transport_header(skb) + esph_offset);
322
323
323
324
skip_cow:
324
325
esp_output_fill_trailer(tail, esp->tfclen, esp->plen, esp->proto);
+10
-7
net/ipv4/fib_semantics.c
+10
-7
net/ipv4/fib_semantics.c
···
203
203
static void free_fib_info_rcu(struct rcu_head *head)
204
204
{
205
205
struct fib_info *fi = container_of(head, struct fib_info, rcu);
206
+
struct dst_metrics *m;
206
207
207
208
change_nexthops(fi) {
208
209
if (nexthop_nh->nh_dev)
···
214
213
rt_fibinfo_free(&nexthop_nh->nh_rth_input);
215
214
} endfor_nexthops(fi);
216
215
217
-
if (fi->fib_metrics != (u32 *) dst_default_metrics)
218
-
kfree(fi->fib_metrics);
216
+
m = fi->fib_metrics;
217
+
if (m != &dst_default_metrics && atomic_dec_and_test(&m->refcnt))
218
+
kfree(m);
219
219
kfree(fi);
220
220
}
221
221
···
973
971
val = 255;
974
972
if (type == RTAX_FEATURES && (val & ~RTAX_FEATURE_MASK))
975
973
return -EINVAL;
976
-
fi->fib_metrics[type - 1] = val;
974
+
fi->fib_metrics->metrics[type - 1] = val;
977
975
}
978
976
979
977
if (ecn_ca)
980
-
fi->fib_metrics[RTAX_FEATURES - 1] |= DST_FEATURE_ECN_CA;
978
+
fi->fib_metrics->metrics[RTAX_FEATURES - 1] |= DST_FEATURE_ECN_CA;
981
979
982
980
return 0;
983
981
}
···
1035
1033
goto failure;
1036
1034
fib_info_cnt++;
1037
1035
if (cfg->fc_mx) {
1038
-
fi->fib_metrics = kzalloc(sizeof(u32) * RTAX_MAX, GFP_KERNEL);
1036
+
fi->fib_metrics = kzalloc(sizeof(*fi->fib_metrics), GFP_KERNEL);
1039
1037
if (!fi->fib_metrics)
1040
1038
goto failure;
1039
+
atomic_set(&fi->fib_metrics->refcnt, 1);
1041
1040
} else
1042
-
fi->fib_metrics = (u32 *) dst_default_metrics;
1041
+
fi->fib_metrics = (struct dst_metrics *)&dst_default_metrics;
1043
1042
1044
1043
fi->fib_net = net;
1045
1044
fi->fib_protocol = cfg->fc_protocol;
···
1241
1238
if (fi->fib_priority &&
1242
1239
nla_put_u32(skb, RTA_PRIORITY, fi->fib_priority))
1243
1240
goto nla_put_failure;
1244
-
if (rtnetlink_put_metrics(skb, fi->fib_metrics) < 0)
1241
+
if (rtnetlink_put_metrics(skb, fi->fib_metrics->metrics) < 0)
1245
1242
goto nla_put_failure;
1246
1243
1247
1244
if (fi->fib_prefsrc &&
+9
-1
net/ipv4/route.c
+9
-1
net/ipv4/route.c
···
1385
1385
1386
1386
static void ipv4_dst_destroy(struct dst_entry *dst)
1387
1387
{
1388
+
struct dst_metrics *p = (struct dst_metrics *)DST_METRICS_PTR(dst);
1388
1389
struct rtable *rt = (struct rtable *) dst;
1390
+
1391
+
if (p != &dst_default_metrics && atomic_dec_and_test(&p->refcnt))
1392
+
kfree(p);
1389
1393
1390
1394
if (!list_empty(&rt->rt_uncached)) {
1391
1395
struct uncached_list *ul = rt->rt_uncached_list;
···
1442
1438
rt->rt_gateway = nh->nh_gw;
1443
1439
rt->rt_uses_gateway = 1;
1444
1440
}
1445
-
dst_init_metrics(&rt->dst, fi->fib_metrics, true);
1441
+
dst_init_metrics(&rt->dst, fi->fib_metrics->metrics, true);
1442
+
if (fi->fib_metrics != &dst_default_metrics) {
1443
+
rt->dst._metrics |= DST_METRICS_REFCOUNTED;
1444
+
atomic_inc(&fi->fib_metrics->refcnt);
1445
+
}
1446
1446
#ifdef CONFIG_IP_ROUTE_CLASSID
1447
1447
rt->dst.tclassid = nh->nh_tclassid;
1448
1448
#endif
+5
-2
net/ipv4/tcp.c
+5
-2
net/ipv4/tcp.c
···
1084
1084
{
1085
1085
struct tcp_sock *tp = tcp_sk(sk);
1086
1086
struct inet_sock *inet = inet_sk(sk);
1087
+
struct sockaddr *uaddr = msg->msg_name;
1087
1088
int err, flags;
1088
1089
1089
-
if (!(sysctl_tcp_fastopen & TFO_CLIENT_ENABLE))
1090
+
if (!(sysctl_tcp_fastopen & TFO_CLIENT_ENABLE) ||
1091
+
(uaddr && msg->msg_namelen >= sizeof(uaddr->sa_family) &&
1092
+
uaddr->sa_family == AF_UNSPEC))
1090
1093
return -EOPNOTSUPP;
1091
1094
if (tp->fastopen_req)
1092
1095
return -EALREADY; /* Another Fast Open is in progress */
···
1111
1108
}
1112
1109
}
1113
1110
flags = (msg->msg_flags & MSG_DONTWAIT) ? O_NONBLOCK : 0;
1114
-
err = __inet_stream_connect(sk->sk_socket, msg->msg_name,
1111
+
err = __inet_stream_connect(sk->sk_socket, uaddr,
1115
1112
msg->msg_namelen, flags, 1);
1116
1113
/* fastopen_req could already be freed in __inet_stream_connect
1117
1114
* if the connection times out or gets rst
+7
-6
net/ipv6/ip6_gre.c
+7
-6
net/ipv6/ip6_gre.c
···
537
537
538
538
memcpy(&fl6, &t->fl.u.ip6, sizeof(fl6));
539
539
540
-
dsfield = ipv4_get_dsfield(iph);
541
-
542
540
if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
543
-
fl6.flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT)
544
-
& IPV6_TCLASS_MASK;
541
+
dsfield = ipv4_get_dsfield(iph);
542
+
else
543
+
dsfield = ip6_tclass(t->parms.flowinfo);
545
544
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
546
545
fl6.flowi6_mark = skb->mark;
547
546
else
···
597
598
598
599
memcpy(&fl6, &t->fl.u.ip6, sizeof(fl6));
599
600
600
-
dsfield = ipv6_get_dsfield(ipv6h);
601
601
if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
602
-
fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK);
602
+
dsfield = ipv6_get_dsfield(ipv6h);
603
+
else
604
+
dsfield = ip6_tclass(t->parms.flowinfo);
605
+
603
606
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
604
607
fl6.flowlabel |= ip6_flowlabel(ipv6h);
605
608
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
+13
-8
net/ipv6/ip6_tunnel.c
+13
-8
net/ipv6/ip6_tunnel.c
···
1196
1196
skb_push(skb, sizeof(struct ipv6hdr));
1197
1197
skb_reset_network_header(skb);
1198
1198
ipv6h = ipv6_hdr(skb);
1199
-
ip6_flow_hdr(ipv6h, INET_ECN_encapsulate(0, dsfield),
1199
+
ip6_flow_hdr(ipv6h, dsfield,
1200
1200
ip6_make_flowlabel(net, skb, fl6->flowlabel, true, fl6));
1201
1201
ipv6h->hop_limit = hop_limit;
1202
1202
ipv6h->nexthdr = proto;
···
1231
1231
if (tproto != IPPROTO_IPIP && tproto != 0)
1232
1232
return -1;
1233
1233
1234
-
dsfield = ipv4_get_dsfield(iph);
1235
-
1236
1234
if (t->parms.collect_md) {
1237
1235
struct ip_tunnel_info *tun_info;
1238
1236
const struct ip_tunnel_key *key;
···
1244
1246
fl6.flowi6_proto = IPPROTO_IPIP;
1245
1247
fl6.daddr = key->u.ipv6.dst;
1246
1248
fl6.flowlabel = key->label;
1249
+
dsfield = ip6_tclass(key->label);
1247
1250
} else {
1248
1251
if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT))
1249
1252
encap_limit = t->parms.encap_limit;
···
1253
1254
fl6.flowi6_proto = IPPROTO_IPIP;
1254
1255
1255
1256
if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
1256
-
fl6.flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT)
1257
-
& IPV6_TCLASS_MASK;
1257
+
dsfield = ipv4_get_dsfield(iph);
1258
+
else
1259
+
dsfield = ip6_tclass(t->parms.flowinfo);
1258
1260
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
1259
1261
fl6.flowi6_mark = skb->mark;
1260
1262
else
···
1266
1266
1267
1267
if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6))
1268
1268
return -1;
1269
+
1270
+
dsfield = INET_ECN_encapsulate(dsfield, ipv4_get_dsfield(iph));
1269
1271
1270
1272
skb_set_inner_ipproto(skb, IPPROTO_IPIP);
1271
1273
···
1302
1300
ip6_tnl_addr_conflict(t, ipv6h))
1303
1301
return -1;
1304
1302
1305
-
dsfield = ipv6_get_dsfield(ipv6h);
1306
-
1307
1303
if (t->parms.collect_md) {
1308
1304
struct ip_tunnel_info *tun_info;
1309
1305
const struct ip_tunnel_key *key;
···
1315
1315
fl6.flowi6_proto = IPPROTO_IPV6;
1316
1316
fl6.daddr = key->u.ipv6.dst;
1317
1317
fl6.flowlabel = key->label;
1318
+
dsfield = ip6_tclass(key->label);
1318
1319
} else {
1319
1320
offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb));
1320
1321
/* ip6_tnl_parse_tlv_enc_lim() might have reallocated skb->head */
···
1338
1337
fl6.flowi6_proto = IPPROTO_IPV6;
1339
1338
1340
1339
if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
1341
-
fl6.flowlabel |= (*(__be32 *)ipv6h & IPV6_TCLASS_MASK);
1340
+
dsfield = ipv6_get_dsfield(ipv6h);
1341
+
else
1342
+
dsfield = ip6_tclass(t->parms.flowinfo);
1342
1343
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
1343
1344
fl6.flowlabel |= ip6_flowlabel(ipv6h);
1344
1345
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
···
1353
1350
1354
1351
if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6))
1355
1352
return -1;
1353
+
1354
+
dsfield = INET_ECN_encapsulate(dsfield, ipv6_get_dsfield(ipv6h));
1356
1355
1357
1356
skb_set_inner_ipproto(skb, IPPROTO_IPV6);
1358
1357
+1
-1
net/key/af_key.c
+1
-1
net/key/af_key.c
+3
net/llc/af_llc.c
+3
net/llc/af_llc.c
···
311
311
int rc = -EINVAL;
312
312
313
313
dprintk("%s: binding %02X\n", __func__, addr->sllc_sap);
314
+
315
+
lock_sock(sk);
314
316
if (unlikely(!sock_flag(sk, SOCK_ZAPPED) || addrlen != sizeof(*addr)))
315
317
goto out;
316
318
rc = -EAFNOSUPPORT;
···
384
382
out_put:
385
383
llc_sap_put(sap);
386
384
out:
385
+
release_sock(sk);
387
386
return rc;
388
387
}
389
388
+2
-1
net/mac80211/rx.c
+2
-1
net/mac80211/rx.c
···
2492
2492
if (is_multicast_ether_addr(hdr->addr1)) {
2493
2493
mpp_addr = hdr->addr3;
2494
2494
proxied_addr = mesh_hdr->eaddr1;
2495
-
} else if (mesh_hdr->flags & MESH_FLAGS_AE_A5_A6) {
2495
+
} else if ((mesh_hdr->flags & MESH_FLAGS_AE) ==
2496
+
MESH_FLAGS_AE_A5_A6) {
2496
2497
/* has_a4 already checked in ieee80211_rx_mesh_check */
2497
2498
mpp_addr = hdr->addr4;
2498
2499
proxied_addr = mesh_hdr->eaddr2;
+3
-1
net/sctp/associola.c
+3
-1
net/sctp/associola.c
···
1176
1176
1177
1177
asoc->ctsn_ack_point = asoc->next_tsn - 1;
1178
1178
asoc->adv_peer_ack_point = asoc->ctsn_ack_point;
1179
-
if (!asoc->stream) {
1179
+
1180
+
if (sctp_state(asoc, COOKIE_WAIT)) {
1181
+
sctp_stream_free(asoc->stream);
1180
1182
asoc->stream = new->stream;
1181
1183
new->stream = NULL;
1182
1184
}
+9
-7
net/sctp/input.c
+9
-7
net/sctp/input.c
···
473
473
struct sctp_association **app,
474
474
struct sctp_transport **tpp)
475
475
{
476
+
struct sctp_init_chunk *chunkhdr, _chunkhdr;
476
477
union sctp_addr saddr;
477
478
union sctp_addr daddr;
478
479
struct sctp_af *af;
479
480
struct sock *sk = NULL;
480
481
struct sctp_association *asoc;
481
482
struct sctp_transport *transport = NULL;
482
-
struct sctp_init_chunk *chunkhdr;
483
483
__u32 vtag = ntohl(sctphdr->vtag);
484
-
int len = skb->len - ((void *)sctphdr - (void *)skb->data);
485
484
486
485
*app = NULL; *tpp = NULL;
487
486
···
515
516
* discard the packet.
516
517
*/
517
518
if (vtag == 0) {
518
-
chunkhdr = (void *)sctphdr + sizeof(struct sctphdr);
519
-
if (len < sizeof(struct sctphdr) + sizeof(sctp_chunkhdr_t)
520
-
+ sizeof(__be32) ||
519
+
/* chunk header + first 4 octects of init header */
520
+
chunkhdr = skb_header_pointer(skb, skb_transport_offset(skb) +
521
+
sizeof(struct sctphdr),
522
+
sizeof(struct sctp_chunkhdr) +
523
+
sizeof(__be32), &_chunkhdr);
524
+
if (!chunkhdr ||
521
525
chunkhdr->chunk_hdr.type != SCTP_CID_INIT ||
522
-
ntohl(chunkhdr->init_hdr.init_tag) != asoc->c.my_vtag) {
526
+
ntohl(chunkhdr->init_hdr.init_tag) != asoc->c.my_vtag)
523
527
goto out;
524
-
}
528
+
525
529
} else if (vtag != asoc->c.peer_vtag) {
526
530
goto out;
527
531
}
+4
-9
net/sctp/sm_make_chunk.c
+4
-9
net/sctp/sm_make_chunk.c
···
2454
2454
* stream sequence number shall be set to 0.
2455
2455
*/
2456
2456
2457
-
/* Allocate storage for the negotiated streams if it is not a temporary
2458
-
* association.
2459
-
*/
2460
-
if (!asoc->temp) {
2461
-
if (sctp_stream_init(asoc, gfp))
2462
-
goto clean_up;
2457
+
if (sctp_stream_init(asoc, gfp))
2458
+
goto clean_up;
2463
2459
2464
-
if (sctp_assoc_set_id(asoc, gfp))
2465
-
goto clean_up;
2466
-
}
2460
+
if (!asoc->temp && sctp_assoc_set_id(asoc, gfp))
2461
+
goto clean_up;
2467
2462
2468
2463
/* ADDIP Section 4.1 ASCONF Chunk Procedures
2469
2464
*
+3
net/sctp/sm_statefuns.c
+3
net/sctp/sm_statefuns.c
+4
-4
net/wireless/scan.c
+4
-4
net/wireless/scan.c
···
322
322
{
323
323
struct cfg80211_sched_scan_request *pos;
324
324
325
-
ASSERT_RTNL();
325
+
WARN_ON_ONCE(!rcu_read_lock_held() && !lockdep_rtnl_is_held());
326
326
327
-
list_for_each_entry(pos, &rdev->sched_scan_req_list, list) {
327
+
list_for_each_entry_rcu(pos, &rdev->sched_scan_req_list, list) {
328
328
if (pos->reqid == reqid)
329
329
return pos;
330
330
}
···
398
398
trace_cfg80211_sched_scan_results(wiphy, reqid);
399
399
/* ignore if we're not scanning */
400
400
401
-
rtnl_lock();
401
+
rcu_read_lock();
402
402
request = cfg80211_find_sched_scan_req(rdev, reqid);
403
403
if (request) {
404
404
request->report_results = true;
405
405
queue_work(cfg80211_wq, &rdev->sched_scan_res_wk);
406
406
}
407
-
rtnl_unlock();
407
+
rcu_read_unlock();
408
408
}
409
409
EXPORT_SYMBOL(cfg80211_sched_scan_results);
410
410
+6
-4
net/wireless/util.c
+6
-4
net/wireless/util.c
···
454
454
if (iftype == NL80211_IFTYPE_MESH_POINT)
455
455
skb_copy_bits(skb, hdrlen, &mesh_flags, 1);
456
456
457
+
mesh_flags &= MESH_FLAGS_AE;
458
+
457
459
switch (hdr->frame_control &
458
460
cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) {
459
461
case cpu_to_le16(IEEE80211_FCTL_TODS):
···
471
469
iftype != NL80211_IFTYPE_STATION))
472
470
return -1;
473
471
if (iftype == NL80211_IFTYPE_MESH_POINT) {
474
-
if (mesh_flags & MESH_FLAGS_AE_A4)
472
+
if (mesh_flags == MESH_FLAGS_AE_A4)
475
473
return -1;
476
-
if (mesh_flags & MESH_FLAGS_AE_A5_A6) {
474
+
if (mesh_flags == MESH_FLAGS_AE_A5_A6) {
477
475
skb_copy_bits(skb, hdrlen +
478
476
offsetof(struct ieee80211s_hdr, eaddr1),
479
477
tmp.h_dest, 2 * ETH_ALEN);
···
489
487
ether_addr_equal(tmp.h_source, addr)))
490
488
return -1;
491
489
if (iftype == NL80211_IFTYPE_MESH_POINT) {
492
-
if (mesh_flags & MESH_FLAGS_AE_A5_A6)
490
+
if (mesh_flags == MESH_FLAGS_AE_A5_A6)
493
491
return -1;
494
-
if (mesh_flags & MESH_FLAGS_AE_A4)
492
+
if (mesh_flags == MESH_FLAGS_AE_A4)
495
493
skb_copy_bits(skb, hdrlen +
496
494
offsetof(struct ieee80211s_hdr, eaddr1),
497
495
tmp.h_source, ETH_ALEN);
+1
-1
net/xfrm/xfrm_device.c
+1
-1
net/xfrm/xfrm_device.c
-47
net/xfrm/xfrm_policy.c
-47
net/xfrm/xfrm_policy.c
···
1797
1797
goto out;
1798
1798
}
1799
1799
1800
-
#ifdef CONFIG_XFRM_SUB_POLICY
1801
-
static int xfrm_dst_alloc_copy(void **target, const void *src, int size)
1802
-
{
1803
-
if (!*target) {
1804
-
*target = kmalloc(size, GFP_ATOMIC);
1805
-
if (!*target)
1806
-
return -ENOMEM;
1807
-
}
1808
-
1809
-
memcpy(*target, src, size);
1810
-
return 0;
1811
-
}
1812
-
#endif
1813
-
1814
-
static int xfrm_dst_update_parent(struct dst_entry *dst,
1815
-
const struct xfrm_selector *sel)
1816
-
{
1817
-
#ifdef CONFIG_XFRM_SUB_POLICY
1818
-
struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
1819
-
return xfrm_dst_alloc_copy((void **)&(xdst->partner),
1820
-
sel, sizeof(*sel));
1821
-
#else
1822
-
return 0;
1823
-
#endif
1824
-
}
1825
-
1826
-
static int xfrm_dst_update_origin(struct dst_entry *dst,
1827
-
const struct flowi *fl)
1828
-
{
1829
-
#ifdef CONFIG_XFRM_SUB_POLICY
1830
-
struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
1831
-
return xfrm_dst_alloc_copy((void **)&(xdst->origin), fl, sizeof(*fl));
1832
-
#else
1833
-
return 0;
1834
-
#endif
1835
-
}
1836
-
1837
1800
static int xfrm_expand_policies(const struct flowi *fl, u16 family,
1838
1801
struct xfrm_policy **pols,
1839
1802
int *num_pols, int *num_xfrms)
···
1868
1905
1869
1906
xdst = (struct xfrm_dst *)dst;
1870
1907
xdst->num_xfrms = err;
1871
-
if (num_pols > 1)
1872
-
err = xfrm_dst_update_parent(dst, &pols[1]->selector);
1873
-
else
1874
-
err = xfrm_dst_update_origin(dst, fl);
1875
-
if (unlikely(err)) {
1876
-
dst_free(dst);
1877
-
XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTBUNDLECHECKERROR);
1878
-
return ERR_PTR(err);
1879
-
}
1880
-
1881
1908
xdst->num_pols = num_pols;
1882
1909
memcpy(xdst->pols, pols, sizeof(struct xfrm_policy *) * num_pols);
1883
1910
xdst->policy_genid = atomic_read(&pols[0]->genid);
+2
net/xfrm/xfrm_state.c
+2
net/xfrm/xfrm_state.c
+10
tools/include/linux/filter.h
+10
tools/include/linux/filter.h
···
208
208
.off = OFF, \
209
209
.imm = IMM })
210
210
211
+
/* Unconditional jumps, goto pc + off16 */
212
+
213
+
#define BPF_JMP_A(OFF) \
214
+
((struct bpf_insn) { \
215
+
.code = BPF_JMP | BPF_JA, \
216
+
.dst_reg = 0, \
217
+
.src_reg = 0, \
218
+
.off = OFF, \
219
+
.imm = 0 })
220
+
211
221
/* Function call */
212
222
213
223
#define BPF_EMIT_CALL(FUNC) \
+235
-4
tools/testing/selftests/bpf/test_verifier.c
+235
-4
tools/testing/selftests/bpf/test_verifier.c
···
49
49
#define MAX_NR_MAPS 4
50
50
51
51
#define F_NEEDS_EFFICIENT_UNALIGNED_ACCESS (1 << 0)
52
+
#define F_LOAD_WITH_STRICT_ALIGNMENT (1 << 1)
52
53
53
54
struct bpf_test {
54
55
const char *descr;
···
2616
2615
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
2617
2616
},
2618
2617
{
2618
+
"direct packet access: test17 (pruning, alignment)",
2619
+
.insns = {
2620
+
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
2621
+
offsetof(struct __sk_buff, data)),
2622
+
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
2623
+
offsetof(struct __sk_buff, data_end)),
2624
+
BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
2625
+
offsetof(struct __sk_buff, mark)),
2626
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
2627
+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 14),
2628
+
BPF_JMP_IMM(BPF_JGT, BPF_REG_7, 1, 4),
2629
+
BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
2630
+
BPF_STX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, -4),
2631
+
BPF_MOV64_IMM(BPF_REG_0, 0),
2632
+
BPF_EXIT_INSN(),
2633
+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1),
2634
+
BPF_JMP_A(-6),
2635
+
},
2636
+
.errstr = "misaligned packet access off 2+15+-4 size 4",
2637
+
.result = REJECT,
2638
+
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
2639
+
.flags = F_LOAD_WITH_STRICT_ALIGNMENT,
2640
+
},
2641
+
{
2619
2642
"helper access to packet: test1, valid packet_ptr range",
2620
2643
.insns = {
2621
2644
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
···
3363
3338
},
3364
3339
.fixup_map1 = { 4 },
3365
3340
.result = ACCEPT,
3341
+
.prog_type = BPF_PROG_TYPE_SCHED_CLS
3342
+
},
3343
+
{
3344
+
"alu ops on ptr_to_map_value_or_null, 1",
3345
+
.insns = {
3346
+
BPF_MOV64_IMM(BPF_REG_1, 10),
3347
+
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_1, -8),
3348
+
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
3349
+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
3350
+
BPF_LD_MAP_FD(BPF_REG_1, 0),
3351
+
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
3352
+
BPF_FUNC_map_lookup_elem),
3353
+
BPF_MOV64_REG(BPF_REG_4, BPF_REG_0),
3354
+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, -2),
3355
+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 2),
3356
+
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 1),
3357
+
BPF_ST_MEM(BPF_DW, BPF_REG_4, 0, 0),
3358
+
BPF_EXIT_INSN(),
3359
+
},
3360
+
.fixup_map1 = { 4 },
3361
+
.errstr = "R4 invalid mem access",
3362
+
.result = REJECT,
3363
+
.prog_type = BPF_PROG_TYPE_SCHED_CLS
3364
+
},
3365
+
{
3366
+
"alu ops on ptr_to_map_value_or_null, 2",
3367
+
.insns = {
3368
+
BPF_MOV64_IMM(BPF_REG_1, 10),
3369
+
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_1, -8),
3370
+
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
3371
+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
3372
+
BPF_LD_MAP_FD(BPF_REG_1, 0),
3373
+
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
3374
+
BPF_FUNC_map_lookup_elem),
3375
+
BPF_MOV64_REG(BPF_REG_4, BPF_REG_0),
3376
+
BPF_ALU64_IMM(BPF_AND, BPF_REG_4, -1),
3377
+
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 1),
3378
+
BPF_ST_MEM(BPF_DW, BPF_REG_4, 0, 0),
3379
+
BPF_EXIT_INSN(),
3380
+
},
3381
+
.fixup_map1 = { 4 },
3382
+
.errstr = "R4 invalid mem access",
3383
+
.result = REJECT,
3384
+
.prog_type = BPF_PROG_TYPE_SCHED_CLS
3385
+
},
3386
+
{
3387
+
"alu ops on ptr_to_map_value_or_null, 3",
3388
+
.insns = {
3389
+
BPF_MOV64_IMM(BPF_REG_1, 10),
3390
+
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_1, -8),
3391
+
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
3392
+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
3393
+
BPF_LD_MAP_FD(BPF_REG_1, 0),
3394
+
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
3395
+
BPF_FUNC_map_lookup_elem),
3396
+
BPF_MOV64_REG(BPF_REG_4, BPF_REG_0),
3397
+
BPF_ALU64_IMM(BPF_LSH, BPF_REG_4, 1),
3398
+
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 1),
3399
+
BPF_ST_MEM(BPF_DW, BPF_REG_4, 0, 0),
3400
+
BPF_EXIT_INSN(),
3401
+
},
3402
+
.fixup_map1 = { 4 },
3403
+
.errstr = "R4 invalid mem access",
3404
+
.result = REJECT,
3366
3405
.prog_type = BPF_PROG_TYPE_SCHED_CLS
3367
3406
},
3368
3407
{
···
5026
4937
.fixup_map_in_map = { 3 },
5027
4938
.errstr = "R1 type=map_value_or_null expected=map_ptr",
5028
4939
.result = REJECT,
5029
-
}
4940
+
},
4941
+
{
4942
+
"ld_abs: check calling conv, r1",
4943
+
.insns = {
4944
+
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
4945
+
BPF_MOV64_IMM(BPF_REG_1, 0),
4946
+
BPF_LD_ABS(BPF_W, -0x200000),
4947
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_1),
4948
+
BPF_EXIT_INSN(),
4949
+
},
4950
+
.errstr = "R1 !read_ok",
4951
+
.result = REJECT,
4952
+
},
4953
+
{
4954
+
"ld_abs: check calling conv, r2",
4955
+
.insns = {
4956
+
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
4957
+
BPF_MOV64_IMM(BPF_REG_2, 0),
4958
+
BPF_LD_ABS(BPF_W, -0x200000),
4959
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
4960
+
BPF_EXIT_INSN(),
4961
+
},
4962
+
.errstr = "R2 !read_ok",
4963
+
.result = REJECT,
4964
+
},
4965
+
{
4966
+
"ld_abs: check calling conv, r3",
4967
+
.insns = {
4968
+
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
4969
+
BPF_MOV64_IMM(BPF_REG_3, 0),
4970
+
BPF_LD_ABS(BPF_W, -0x200000),
4971
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_3),
4972
+
BPF_EXIT_INSN(),
4973
+
},
4974
+
.errstr = "R3 !read_ok",
4975
+
.result = REJECT,
4976
+
},
4977
+
{
4978
+
"ld_abs: check calling conv, r4",
4979
+
.insns = {
4980
+
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
4981
+
BPF_MOV64_IMM(BPF_REG_4, 0),
4982
+
BPF_LD_ABS(BPF_W, -0x200000),
4983
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_4),
4984
+
BPF_EXIT_INSN(),
4985
+
},
4986
+
.errstr = "R4 !read_ok",
4987
+
.result = REJECT,
4988
+
},
4989
+
{
4990
+
"ld_abs: check calling conv, r5",
4991
+
.insns = {
4992
+
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
4993
+
BPF_MOV64_IMM(BPF_REG_5, 0),
4994
+
BPF_LD_ABS(BPF_W, -0x200000),
4995
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_5),
4996
+
BPF_EXIT_INSN(),
4997
+
},
4998
+
.errstr = "R5 !read_ok",
4999
+
.result = REJECT,
5000
+
},
5001
+
{
5002
+
"ld_abs: check calling conv, r7",
5003
+
.insns = {
5004
+
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
5005
+
BPF_MOV64_IMM(BPF_REG_7, 0),
5006
+
BPF_LD_ABS(BPF_W, -0x200000),
5007
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_7),
5008
+
BPF_EXIT_INSN(),
5009
+
},
5010
+
.result = ACCEPT,
5011
+
},
5012
+
{
5013
+
"ld_ind: check calling conv, r1",
5014
+
.insns = {
5015
+
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
5016
+
BPF_MOV64_IMM(BPF_REG_1, 1),
5017
+
BPF_LD_IND(BPF_W, BPF_REG_1, -0x200000),
5018
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_1),
5019
+
BPF_EXIT_INSN(),
5020
+
},
5021
+
.errstr = "R1 !read_ok",
5022
+
.result = REJECT,
5023
+
},
5024
+
{
5025
+
"ld_ind: check calling conv, r2",
5026
+
.insns = {
5027
+
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
5028
+
BPF_MOV64_IMM(BPF_REG_2, 1),
5029
+
BPF_LD_IND(BPF_W, BPF_REG_2, -0x200000),
5030
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
5031
+
BPF_EXIT_INSN(),
5032
+
},
5033
+
.errstr = "R2 !read_ok",
5034
+
.result = REJECT,
5035
+
},
5036
+
{
5037
+
"ld_ind: check calling conv, r3",
5038
+
.insns = {
5039
+
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
5040
+
BPF_MOV64_IMM(BPF_REG_3, 1),
5041
+
BPF_LD_IND(BPF_W, BPF_REG_3, -0x200000),
5042
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_3),
5043
+
BPF_EXIT_INSN(),
5044
+
},
5045
+
.errstr = "R3 !read_ok",
5046
+
.result = REJECT,
5047
+
},
5048
+
{
5049
+
"ld_ind: check calling conv, r4",
5050
+
.insns = {
5051
+
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
5052
+
BPF_MOV64_IMM(BPF_REG_4, 1),
5053
+
BPF_LD_IND(BPF_W, BPF_REG_4, -0x200000),
5054
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_4),
5055
+
BPF_EXIT_INSN(),
5056
+
},
5057
+
.errstr = "R4 !read_ok",
5058
+
.result = REJECT,
5059
+
},
5060
+
{
5061
+
"ld_ind: check calling conv, r5",
5062
+
.insns = {
5063
+
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
5064
+
BPF_MOV64_IMM(BPF_REG_5, 1),
5065
+
BPF_LD_IND(BPF_W, BPF_REG_5, -0x200000),
5066
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_5),
5067
+
BPF_EXIT_INSN(),
5068
+
},
5069
+
.errstr = "R5 !read_ok",
5070
+
.result = REJECT,
5071
+
},
5072
+
{
5073
+
"ld_ind: check calling conv, r7",
5074
+
.insns = {
5075
+
BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
5076
+
BPF_MOV64_IMM(BPF_REG_7, 1),
5077
+
BPF_LD_IND(BPF_W, BPF_REG_7, -0x200000),
5078
+
BPF_MOV64_REG(BPF_REG_0, BPF_REG_7),
5079
+
BPF_EXIT_INSN(),
5080
+
},
5081
+
.result = ACCEPT,
5082
+
},
5030
5083
};
5031
5084
5032
5085
static int probe_filter_length(const struct bpf_insn *fp)
···
5290
5059
5291
5060
do_test_fixup(test, prog, map_fds);
5292
5061
5293
-
fd_prog = bpf_load_program(prog_type ? : BPF_PROG_TYPE_SOCKET_FILTER,
5294
-
prog, prog_len, "GPL", 0, bpf_vlog,
5295
-
sizeof(bpf_vlog));
5062
+
fd_prog = bpf_verify_program(prog_type ? : BPF_PROG_TYPE_SOCKET_FILTER,
5063
+
prog, prog_len, test->flags & F_LOAD_WITH_STRICT_ALIGNMENT,
5064
+
"GPL", 0, bpf_vlog, sizeof(bpf_vlog));
5296
5065
5297
5066
expected_ret = unpriv && test->result_unpriv != UNDEF ?
5298
5067
test->result_unpriv : test->result;