Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'net-5.16-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski"
"Networking fixes, including fixes from bpf, and WiFi. One last pull
request, turns out some of the recent fixes did more harm than good.
Current release - regressions:
- Revert "xsk: Do not sleep in poll() when need_wakeup set", made the
problem worse
- Revert "net: phy: fixed_phy: Fix NULL vs IS_ERR() checking in
__fixed_phy_register", broke EPROBE_DEFER handling
- Revert "net: usb: r8152: Add MAC pass-through support for more
Lenovo Docks", broke setups without a Lenovo dock
Current release - new code bugs:
- selftests: set amt.sh executable
Previous releases - regressions:
- batman-adv: mcast: don't send link-local multicast to mcast routers
Previous releases - always broken:
- ipv4/ipv6: check attribute length for RTA_FLOW / RTA_GATEWAY
- sctp: hold endpoint before calling cb in
sctp_transport_lookup_process
- mac80211: mesh: embed mesh_paths and mpp_paths into
ieee80211_if_mesh to avoid complicated handling of sub-object
allocation failures
- seg6: fix traceroute in the presence of SRv6
- tipc: fix a kernel-infoleak in __tipc_sendmsg()"
* tag 'net-5.16-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (36 commits)
selftests: set amt.sh executable
Revert "net: usb: r8152: Add MAC passthrough support for more Lenovo Docks"
sfc: The RX page_ring is optional
iavf: Fix limit of total number of queues to active queues of VF
i40e: Fix incorrect netdev's real number of RX/TX queues
i40e: Fix for displaying message regarding NVM version
i40e: fix use-after-free in i40e_sync_filters_subtask()
i40e: Fix to not show opcode msg on unsuccessful VF MAC change
ieee802154: atusb: fix uninit value in atusb_set_extended_addr
mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
mac80211: initialize variable have_higher_than_11mbit
sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
netrom: fix copying in user data in nr_setsockopt
udp6: Use Segment Routing Header for dest address if present
icmp: ICMPV6: Examine invoking packet for Segment Route Headers.
seg6: export get_srh() for ICMP handling
Revert "net: phy: fixed_phy: Fix NULL vs IS_ERR() checking in __fixed_phy_register"
ipv6: Do cleanup if attribute validation fails in multipath route
ipv6: Continue processing multipath route even if gateway attribute is invalid
net/fsl: Remove leftover definition in xgmac_mdio
...
+444
-232
+29
-20
drivers/net/ethernet/amazon/ena/ena_netdev.c
+29
-20
drivers/net/ethernet/amazon/ena/ena_netdev.c
···
1288
1288
1289
1289
static int validate_tx_req_id(struct ena_ring *tx_ring, u16 req_id)
1290
1290
{
1291
-
struct ena_tx_buffer *tx_info = NULL;
1291
+
struct ena_tx_buffer *tx_info;
1292
1292
1293
-
if (likely(req_id < tx_ring->ring_size)) {
1294
-
tx_info = &tx_ring->tx_buffer_info[req_id];
1295
-
if (likely(tx_info->skb))
1296
-
return 0;
1297
-
}
1293
+
tx_info = &tx_ring->tx_buffer_info[req_id];
1294
+
if (likely(tx_info->skb))
1295
+
return 0;
1298
1296
1299
1297
return handle_invalid_req_id(tx_ring, req_id, tx_info, false);
1300
1298
}
1301
1299
1302
1300
static int validate_xdp_req_id(struct ena_ring *xdp_ring, u16 req_id)
1303
1301
{
1304
-
struct ena_tx_buffer *tx_info = NULL;
1302
+
struct ena_tx_buffer *tx_info;
1305
1303
1306
-
if (likely(req_id < xdp_ring->ring_size)) {
1307
-
tx_info = &xdp_ring->tx_buffer_info[req_id];
1308
-
if (likely(tx_info->xdpf))
1309
-
return 0;
1310
-
}
1304
+
tx_info = &xdp_ring->tx_buffer_info[req_id];
1305
+
if (likely(tx_info->xdpf))
1306
+
return 0;
1311
1307
1312
1308
return handle_invalid_req_id(xdp_ring, req_id, tx_info, true);
1313
1309
}
···
1328
1332
1329
1333
rc = ena_com_tx_comp_req_id_get(tx_ring->ena_com_io_cq,
1330
1334
&req_id);
1331
-
if (rc)
1335
+
if (rc) {
1336
+
if (unlikely(rc == -EINVAL))
1337
+
handle_invalid_req_id(tx_ring, req_id, NULL,
1338
+
false);
1332
1339
break;
1340
+
}
1333
1341
1342
+
/* validate that the request id points to a valid skb */
1334
1343
rc = validate_tx_req_id(tx_ring, req_id);
1335
1344
if (rc)
1336
1345
break;
···
1428
1427
u16 *next_to_clean)
1429
1428
{
1430
1429
struct ena_rx_buffer *rx_info;
1430
+
struct ena_adapter *adapter;
1431
1431
u16 len, req_id, buf = 0;
1432
1432
struct sk_buff *skb;
1433
1433
void *page_addr;
···
1441
1439
rx_info = &rx_ring->rx_buffer_info[req_id];
1442
1440
1443
1441
if (unlikely(!rx_info->page)) {
1444
-
netif_err(rx_ring->adapter, rx_err, rx_ring->netdev,
1445
-
"Page is NULL\n");
1442
+
adapter = rx_ring->adapter;
1443
+
netif_err(adapter, rx_err, rx_ring->netdev,
1444
+
"Page is NULL. qid %u req_id %u\n", rx_ring->qid, req_id);
1445
+
ena_increase_stat(&rx_ring->rx_stats.bad_req_id, 1, &rx_ring->syncp);
1446
+
adapter->reset_reason = ENA_REGS_RESET_INV_RX_REQ_ID;
1447
+
/* Make sure reset reason is set before triggering the reset */
1448
+
smp_mb__before_atomic();
1449
+
set_bit(ENA_FLAG_TRIGGER_RESET, &adapter->flags);
1446
1450
return NULL;
1447
1451
}
1448
1452
···
1904
1896
1905
1897
rc = ena_com_tx_comp_req_id_get(xdp_ring->ena_com_io_cq,
1906
1898
&req_id);
1907
-
if (rc)
1899
+
if (rc) {
1900
+
if (unlikely(rc == -EINVAL))
1901
+
handle_invalid_req_id(xdp_ring, req_id, NULL,
1902
+
true);
1908
1903
break;
1904
+
}
1909
1905
1906
+
/* validate that the request id points to a valid xdp_frame */
1910
1907
rc = validate_xdp_req_id(xdp_ring, req_id);
1911
1908
if (rc)
1912
1909
break;
···
4026
4013
max_num_io_queues = min_t(u32, max_num_io_queues, io_tx_cq_num);
4027
4014
/* 1 IRQ for mgmnt and 1 IRQs for each IO direction */
4028
4015
max_num_io_queues = min_t(u32, max_num_io_queues, pci_msix_vec_count(pdev) - 1);
4029
-
if (unlikely(!max_num_io_queues)) {
4030
-
dev_err(&pdev->dev, "The device doesn't have io queues\n");
4031
-
return -EFAULT;
4032
-
}
4033
4016
4034
4017
return max_num_io_queues;
4035
4018
}
-1
drivers/net/ethernet/freescale/xgmac_mdio.c
-1
drivers/net/ethernet/freescale/xgmac_mdio.c
+51
-9
drivers/net/ethernet/intel/i40e/i40e_main.c
+51
-9
drivers/net/ethernet/intel/i40e/i40e_main.c
···
99
99
100
100
static struct workqueue_struct *i40e_wq;
101
101
102
+
static void netdev_hw_addr_refcnt(struct i40e_mac_filter *f,
103
+
struct net_device *netdev, int delta)
104
+
{
105
+
struct netdev_hw_addr *ha;
106
+
107
+
if (!f || !netdev)
108
+
return;
109
+
110
+
netdev_for_each_mc_addr(ha, netdev) {
111
+
if (ether_addr_equal(ha->addr, f->macaddr)) {
112
+
ha->refcount += delta;
113
+
if (ha->refcount <= 0)
114
+
ha->refcount = 1;
115
+
break;
116
+
}
117
+
}
118
+
}
119
+
102
120
/**
103
121
* i40e_allocate_dma_mem_d - OS specific memory alloc for shared code
104
122
* @hw: pointer to the HW structure
···
2054
2036
hlist_for_each_entry_safe(new, h, from, hlist) {
2055
2037
/* We can simply free the wrapper structure */
2056
2038
hlist_del(&new->hlist);
2039
+
netdev_hw_addr_refcnt(new->f, vsi->netdev, -1);
2057
2040
kfree(new);
2058
2041
}
2059
2042
}
···
2402
2383
&tmp_add_list,
2403
2384
&tmp_del_list,
2404
2385
vlan_filters);
2386
+
2387
+
hlist_for_each_entry(new, &tmp_add_list, hlist)
2388
+
netdev_hw_addr_refcnt(new->f, vsi->netdev, 1);
2389
+
2405
2390
if (retval)
2406
2391
goto err_no_memory_locked;
2407
2392
···
2538
2515
if (new->f->state == I40E_FILTER_NEW)
2539
2516
new->f->state = new->state;
2540
2517
hlist_del(&new->hlist);
2518
+
netdev_hw_addr_refcnt(new->f, vsi->netdev, -1);
2541
2519
kfree(new);
2542
2520
}
2543
2521
spin_unlock_bh(&vsi->mac_filter_hash_lock);
···
8741
8717
}
8742
8718
8743
8719
/**
8720
+
* i40e_netif_set_realnum_tx_rx_queues - Update number of tx/rx queues
8721
+
* @vsi: vsi structure
8722
+
*
8723
+
* This updates netdev's number of tx/rx queues
8724
+
*
8725
+
* Returns status of setting tx/rx queues
8726
+
**/
8727
+
static int i40e_netif_set_realnum_tx_rx_queues(struct i40e_vsi *vsi)
8728
+
{
8729
+
int ret;
8730
+
8731
+
ret = netif_set_real_num_rx_queues(vsi->netdev,
8732
+
vsi->num_queue_pairs);
8733
+
if (ret)
8734
+
return ret;
8735
+
8736
+
return netif_set_real_num_tx_queues(vsi->netdev,
8737
+
vsi->num_queue_pairs);
8738
+
}
8739
+
8740
+
/**
8744
8741
* i40e_vsi_open -
8745
8742
* @vsi: the VSI to open
8746
8743
*
···
8797
8752
goto err_setup_rx;
8798
8753
8799
8754
/* Notify the stack of the actual queue counts. */
8800
-
err = netif_set_real_num_tx_queues(vsi->netdev,
8801
-
vsi->num_queue_pairs);
8802
-
if (err)
8803
-
goto err_set_queues;
8804
-
8805
-
err = netif_set_real_num_rx_queues(vsi->netdev,
8806
-
vsi->num_queue_pairs);
8755
+
err = i40e_netif_set_realnum_tx_rx_queues(vsi);
8807
8756
if (err)
8808
8757
goto err_set_queues;
8809
8758
···
14190
14151
ret = i40e_config_netdev(vsi);
14191
14152
if (ret)
14192
14153
goto err_netdev;
14154
+
ret = i40e_netif_set_realnum_tx_rx_queues(vsi);
14155
+
if (ret)
14156
+
goto err_netdev;
14193
14157
ret = register_netdev(vsi->netdev);
14194
14158
if (ret)
14195
14159
goto err_netdev;
···
15493
15451
15494
15452
if (hw->aq.api_maj_ver == I40E_FW_API_VERSION_MAJOR &&
15495
15453
hw->aq.api_min_ver > I40E_FW_MINOR_VERSION(hw))
15496
-
dev_info(&pdev->dev,
15497
-
"The driver for the device detected a newer version of the NVM image v%u.%u than expected v%u.%u. Please install the most recent version of the network driver.\n",
15454
+
dev_dbg(&pdev->dev,
15455
+
"The driver for the device detected a newer version of the NVM image v%u.%u than v%u.%u.\n",
15498
15456
hw->aq.api_maj_ver,
15499
15457
hw->aq.api_min_ver,
15500
15458
I40E_FW_API_VERSION_MAJOR,
+32
-8
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+32
-8
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
···
1877
1877
/***********************virtual channel routines******************/
1878
1878
1879
1879
/**
1880
-
* i40e_vc_send_msg_to_vf
1880
+
* i40e_vc_send_msg_to_vf_ex
1881
1881
* @vf: pointer to the VF info
1882
1882
* @v_opcode: virtual channel opcode
1883
1883
* @v_retval: virtual channel return value
1884
1884
* @msg: pointer to the msg buffer
1885
1885
* @msglen: msg length
1886
+
* @is_quiet: true for not printing unsuccessful return values, false otherwise
1886
1887
*
1887
1888
* send msg to VF
1888
1889
**/
1889
-
static int i40e_vc_send_msg_to_vf(struct i40e_vf *vf, u32 v_opcode,
1890
-
u32 v_retval, u8 *msg, u16 msglen)
1890
+
static int i40e_vc_send_msg_to_vf_ex(struct i40e_vf *vf, u32 v_opcode,
1891
+
u32 v_retval, u8 *msg, u16 msglen,
1892
+
bool is_quiet)
1891
1893
{
1892
1894
struct i40e_pf *pf;
1893
1895
struct i40e_hw *hw;
···
1905
1903
abs_vf_id = vf->vf_id + hw->func_caps.vf_base_id;
1906
1904
1907
1905
/* single place to detect unsuccessful return values */
1908
-
if (v_retval) {
1906
+
if (v_retval && !is_quiet) {
1909
1907
vf->num_invalid_msgs++;
1910
1908
dev_info(&pf->pdev->dev, "VF %d failed opcode %d, retval: %d\n",
1911
1909
vf->vf_id, v_opcode, v_retval);
···
1933
1931
}
1934
1932
1935
1933
return 0;
1934
+
}
1935
+
1936
+
/**
1937
+
* i40e_vc_send_msg_to_vf
1938
+
* @vf: pointer to the VF info
1939
+
* @v_opcode: virtual channel opcode
1940
+
* @v_retval: virtual channel return value
1941
+
* @msg: pointer to the msg buffer
1942
+
* @msglen: msg length
1943
+
*
1944
+
* send msg to VF
1945
+
**/
1946
+
static int i40e_vc_send_msg_to_vf(struct i40e_vf *vf, u32 v_opcode,
1947
+
u32 v_retval, u8 *msg, u16 msglen)
1948
+
{
1949
+
return i40e_vc_send_msg_to_vf_ex(vf, v_opcode, v_retval,
1950
+
msg, msglen, false);
1936
1951
}
1937
1952
1938
1953
/**
···
2714
2695
* i40e_check_vf_permission
2715
2696
* @vf: pointer to the VF info
2716
2697
* @al: MAC address list from virtchnl
2698
+
* @is_quiet: set true for printing msg without opcode info, false otherwise
2717
2699
*
2718
2700
* Check that the given list of MAC addresses is allowed. Will return -EPERM
2719
2701
* if any address in the list is not valid. Checks the following conditions:
···
2729
2709
* addresses might not be accurate.
2730
2710
**/
2731
2711
static inline int i40e_check_vf_permission(struct i40e_vf *vf,
2732
-
struct virtchnl_ether_addr_list *al)
2712
+
struct virtchnl_ether_addr_list *al,
2713
+
bool *is_quiet)
2733
2714
{
2734
2715
struct i40e_pf *pf = vf->pf;
2735
2716
struct i40e_vsi *vsi = pf->vsi[vf->lan_vsi_idx];
2736
2717
int mac2add_cnt = 0;
2737
2718
int i;
2738
2719
2720
+
*is_quiet = false;
2739
2721
for (i = 0; i < al->num_elements; i++) {
2740
2722
struct i40e_mac_filter *f;
2741
2723
u8 *addr = al->list[i].addr;
···
2761
2739
!ether_addr_equal(addr, vf->default_lan_addr.addr)) {
2762
2740
dev_err(&pf->pdev->dev,
2763
2741
"VF attempting to override administratively set MAC address, bring down and up the VF interface to resume normal operation\n");
2742
+
*is_quiet = true;
2764
2743
return -EPERM;
2765
2744
}
2766
2745
···
2798
2775
(struct virtchnl_ether_addr_list *)msg;
2799
2776
struct i40e_pf *pf = vf->pf;
2800
2777
struct i40e_vsi *vsi = NULL;
2778
+
bool is_quiet = false;
2801
2779
i40e_status ret = 0;
2802
2780
int i;
2803
2781
···
2815
2791
*/
2816
2792
spin_lock_bh(&vsi->mac_filter_hash_lock);
2817
2793
2818
-
ret = i40e_check_vf_permission(vf, al);
2794
+
ret = i40e_check_vf_permission(vf, al, &is_quiet);
2819
2795
if (ret) {
2820
2796
spin_unlock_bh(&vsi->mac_filter_hash_lock);
2821
2797
goto error_param;
···
2853
2829
2854
2830
error_param:
2855
2831
/* send the response to the VF */
2856
-
return i40e_vc_send_resp_to_vf(vf, VIRTCHNL_OP_ADD_ETH_ADDR,
2857
-
ret);
2832
+
return i40e_vc_send_msg_to_vf_ex(vf, VIRTCHNL_OP_ADD_ETH_ADDR,
2833
+
ret, NULL, 0, is_quiet);
2858
2834
}
2859
2835
2860
2836
/**
+4
-1
drivers/net/ethernet/intel/iavf/iavf_main.c
+4
-1
drivers/net/ethernet/intel/iavf/iavf_main.c
···
2708
2708
total_max_rate += tx_rate;
2709
2709
num_qps += mqprio_qopt->qopt.count[i];
2710
2710
}
2711
-
if (num_qps > IAVF_MAX_REQ_QUEUES)
2711
+
if (num_qps > adapter->num_active_queues) {
2712
+
dev_err(&adapter->pdev->dev,
2713
+
"Cannot support requested number of queues\n");
2712
2714
return -EINVAL;
2715
+
}
2713
2716
2714
2717
ret = iavf_validate_tx_bandwidth(adapter, total_max_rate);
2715
2718
return ret;
+5
drivers/net/ethernet/sfc/falcon/rx.c
+5
drivers/net/ethernet/sfc/falcon/rx.c
···
110
110
struct ef4_rx_page_state *state;
111
111
unsigned index;
112
112
113
+
if (unlikely(!rx_queue->page_ring))
114
+
return NULL;
113
115
index = rx_queue->page_remove & rx_queue->page_ptr_mask;
114
116
page = rx_queue->page_ring[index];
115
117
if (page == NULL)
···
294
292
unsigned int n_frags)
295
293
{
296
294
struct ef4_rx_queue *rx_queue = ef4_channel_get_rx_queue(channel);
295
+
296
+
if (unlikely(!rx_queue->page_ring))
297
+
return;
297
298
298
299
do {
299
300
ef4_recycle_rx_page(channel, rx_buf);
+5
drivers/net/ethernet/sfc/rx_common.c
+5
drivers/net/ethernet/sfc/rx_common.c
···
45
45
unsigned int index;
46
46
struct page *page;
47
47
48
+
if (unlikely(!rx_queue->page_ring))
49
+
return NULL;
48
50
index = rx_queue->page_remove & rx_queue->page_ptr_mask;
49
51
page = rx_queue->page_ring[index];
50
52
if (page == NULL)
···
115
113
unsigned int n_frags)
116
114
{
117
115
struct efx_rx_queue *rx_queue = efx_channel_get_rx_queue(channel);
116
+
117
+
if (unlikely(!rx_queue->page_ring))
118
+
return;
118
119
119
120
do {
120
121
efx_recycle_rx_page(channel, rx_buf);
+6
-4
drivers/net/ieee802154/atusb.c
+6
-4
drivers/net/ieee802154/atusb.c
···
93
93
94
94
ret = usb_control_msg(usb_dev, pipe, request, requesttype,
95
95
value, index, data, size, timeout);
96
-
if (ret < 0) {
96
+
if (ret < size) {
97
+
ret = ret < 0 ? ret : -ENODATA;
98
+
97
99
atusb->err = ret;
98
100
dev_err(&usb_dev->dev,
99
101
"%s: req 0x%02x val 0x%x idx 0x%x, error %d\n",
···
863
861
if (!build)
864
862
return -ENOMEM;
865
863
866
-
ret = atusb_control_msg(atusb, usb_rcvctrlpipe(usb_dev, 0),
867
-
ATUSB_BUILD, ATUSB_REQ_FROM_DEV, 0, 0,
868
-
build, ATUSB_BUILD_SIZE, 1000);
864
+
/* We cannot call atusb_control_msg() here, since this request may read various length data */
865
+
ret = usb_control_msg(atusb->usb_dev, usb_rcvctrlpipe(usb_dev, 0), ATUSB_BUILD,
866
+
ATUSB_REQ_FROM_DEV, 0, 0, build, ATUSB_BUILD_SIZE, 1000);
869
867
if (ret >= 0) {
870
868
build[ret] = 0;
871
869
dev_info(&usb_dev->dev, "Firmware: build %s\n", build);
+2
-2
drivers/net/phy/fixed_phy.c
+2
-2
drivers/net/phy/fixed_phy.c
···
239
239
/* Check if we have a GPIO associated with this fixed phy */
240
240
if (!gpiod) {
241
241
gpiod = fixed_phy_get_gpiod(np);
242
-
if (!gpiod)
243
-
return ERR_PTR(-EINVAL);
242
+
if (IS_ERR(gpiod))
243
+
return ERR_CAST(gpiod);
244
244
}
245
245
246
246
/* Get the next available PHY address, up to PHY_MAX_ADDR */
+6
-3
drivers/net/usb/r8152.c
+6
-3
drivers/net/usb/r8152.c
···
9638
9638
netdev->hw_features &= ~NETIF_F_RXCSUM;
9639
9639
}
9640
9640
9641
-
if (udev->parent &&
9642
-
le16_to_cpu(udev->parent->descriptor.idVendor) == VENDOR_ID_LENOVO) {
9643
-
tp->lenovo_macpassthru = 1;
9641
+
if (le16_to_cpu(udev->descriptor.idVendor) == VENDOR_ID_LENOVO) {
9642
+
switch (le16_to_cpu(udev->descriptor.idProduct)) {
9643
+
case DEVICE_ID_THINKPAD_THUNDERBOLT3_DOCK_GEN2:
9644
+
case DEVICE_ID_THINKPAD_USB_C_DOCK_GEN2:
9645
+
tp->lenovo_macpassthru = 1;
9646
+
}
9644
9647
}
9645
9648
9646
9649
if (le16_to_cpu(udev->descriptor.bcdDevice) == 0x3011 && udev->serial &&
+5
drivers/net/usb/rndis_host.c
+5
drivers/net/usb/rndis_host.c
···
609
609
USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
610
610
.driver_info = (unsigned long) &rndis_poll_status_info,
611
611
}, {
612
+
/* Hytera Communications DMR radios' "Radio to PC Network" */
613
+
USB_VENDOR_AND_INTERFACE_INFO(0x238b,
614
+
USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
615
+
.driver_info = (unsigned long)&rndis_info,
616
+
}, {
612
617
/* RNDIS is MSFT's un-official variant of CDC ACM */
613
618
USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
614
619
.driver_info = (unsigned long) &rndis_info,
+2
include/linux/ipv6.h
+2
include/linux/ipv6.h
···
133
133
__u16 dsthao;
134
134
#endif
135
135
__u16 frag_max_size;
136
+
__u16 srhoff;
136
137
137
138
#define IP6SKB_XFRM_TRANSFORMED 1
138
139
#define IP6SKB_FORWARDED 2
···
143
142
#define IP6SKB_HOPBYHOP 32
144
143
#define IP6SKB_L3SLAVE 64
145
144
#define IP6SKB_JUMBOGRAM 128
145
+
#define IP6SKB_SEG6 256
146
146
};
147
147
148
148
#if defined(CONFIG_NET_L3_MASTER_DEV)
+1
-2
include/net/sctp/sctp.h
+1
-2
include/net/sctp/sctp.h
···
112
112
struct rhashtable_iter *iter);
113
113
struct sctp_transport *sctp_transport_get_idx(struct net *net,
114
114
struct rhashtable_iter *iter, int pos);
115
-
int sctp_transport_lookup_process(int (*cb)(struct sctp_transport *, void *),
116
-
struct net *net,
115
+
int sctp_transport_lookup_process(sctp_callback_t cb, struct net *net,
117
116
const union sctp_addr *laddr,
118
117
const union sctp_addr *paddr, void *p);
119
118
int sctp_transport_traverse_process(sctp_callback_t cb, sctp_callback_t cb_done,
+21
include/net/seg6.h
+21
include/net/seg6.h
···
58
58
extern void seg6_local_exit(void);
59
59
60
60
extern bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len, bool reduced);
61
+
extern struct ipv6_sr_hdr *seg6_get_srh(struct sk_buff *skb, int flags);
62
+
extern void seg6_icmp_srh(struct sk_buff *skb, struct inet6_skb_parm *opt);
61
63
extern int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh,
62
64
int proto);
63
65
extern int seg6_do_srh_inline(struct sk_buff *skb, struct ipv6_sr_hdr *osrh);
64
66
extern int seg6_lookup_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr,
65
67
u32 tbl_id);
68
+
69
+
/* If the packet which invoked an ICMP error contains an SRH return
70
+
* the true destination address from within the SRH, otherwise use the
71
+
* destination address in the IP header.
72
+
*/
73
+
static inline const struct in6_addr *seg6_get_daddr(struct sk_buff *skb,
74
+
struct inet6_skb_parm *opt)
75
+
{
76
+
struct ipv6_sr_hdr *srh;
77
+
78
+
if (opt->flags & IP6SKB_SEG6) {
79
+
srh = (struct ipv6_sr_hdr *)(skb->data + opt->srhoff);
80
+
return &srh->segments[0];
81
+
}
82
+
83
+
return NULL;
84
+
}
85
+
86
+
66
87
#endif
+10
-5
net/batman-adv/multicast.c
+10
-5
net/batman-adv/multicast.c
···
1339
1339
* @bat_priv: the bat priv with all the soft interface information
1340
1340
* @skb: The multicast packet to check
1341
1341
* @orig: an originator to be set to forward the skb to
1342
+
* @is_routable: stores whether the destination is routable
1342
1343
*
1343
1344
* Return: the forwarding mode as enum batadv_forw_mode and in case of
1344
1345
* BATADV_FORW_SINGLE set the orig to the single originator the skb
···
1347
1346
*/
1348
1347
enum batadv_forw_mode
1349
1348
batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb,
1350
-
struct batadv_orig_node **orig)
1349
+
struct batadv_orig_node **orig, int *is_routable)
1351
1350
{
1352
1351
int ret, tt_count, ip_count, unsnoop_count, total_count;
1353
1352
bool is_unsnoopable = false;
1354
1353
unsigned int mcast_fanout;
1355
1354
struct ethhdr *ethhdr;
1356
-
int is_routable = 0;
1357
1355
int rtr_count = 0;
1358
1356
1359
1357
ret = batadv_mcast_forw_mode_check(bat_priv, skb, &is_unsnoopable,
1360
-
&is_routable);
1358
+
is_routable);
1361
1359
if (ret == -ENOMEM)
1362
1360
return BATADV_FORW_NONE;
1363
1361
else if (ret < 0)
···
1369
1369
ip_count = batadv_mcast_forw_want_all_ip_count(bat_priv, ethhdr);
1370
1370
unsnoop_count = !is_unsnoopable ? 0 :
1371
1371
atomic_read(&bat_priv->mcast.num_want_all_unsnoopables);
1372
-
rtr_count = batadv_mcast_forw_rtr_count(bat_priv, is_routable);
1372
+
rtr_count = batadv_mcast_forw_rtr_count(bat_priv, *is_routable);
1373
1373
1374
1374
total_count = tt_count + ip_count + unsnoop_count + rtr_count;
1375
1375
···
1689
1689
* @bat_priv: the bat priv with all the soft interface information
1690
1690
* @skb: the multicast packet to transmit
1691
1691
* @vid: the vlan identifier
1692
+
* @is_routable: stores whether the destination is routable
1692
1693
*
1693
1694
* Sends copies of a frame with multicast destination to any node that signaled
1694
1695
* interest in it, that is either via the translation table or the according
···
1702
1701
* is neither IPv4 nor IPv6. NET_XMIT_SUCCESS otherwise.
1703
1702
*/
1704
1703
int batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb,
1705
-
unsigned short vid)
1704
+
unsigned short vid, int is_routable)
1706
1705
{
1707
1706
int ret;
1708
1707
···
1718
1717
return ret;
1719
1718
}
1720
1719
1720
+
if (!is_routable)
1721
+
goto skip_mc_router;
1722
+
1721
1723
ret = batadv_mcast_forw_want_rtr(bat_priv, skb, vid);
1722
1724
if (ret != NET_XMIT_SUCCESS) {
1723
1725
kfree_skb(skb);
1724
1726
return ret;
1725
1727
}
1726
1728
1729
+
skip_mc_router:
1727
1730
consume_skb(skb);
1728
1731
return ret;
1729
1732
}
+6
-4
net/batman-adv/multicast.h
+6
-4
net/batman-adv/multicast.h
···
43
43
44
44
enum batadv_forw_mode
45
45
batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb,
46
-
struct batadv_orig_node **mcast_single_orig);
46
+
struct batadv_orig_node **mcast_single_orig,
47
+
int *is_routable);
47
48
48
49
int batadv_mcast_forw_send_orig(struct batadv_priv *bat_priv,
49
50
struct sk_buff *skb,
···
52
51
struct batadv_orig_node *orig_node);
53
52
54
53
int batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb,
55
-
unsigned short vid);
54
+
unsigned short vid, int is_routable);
56
55
57
56
void batadv_mcast_init(struct batadv_priv *bat_priv);
58
57
···
69
68
70
69
static inline enum batadv_forw_mode
71
70
batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb,
72
-
struct batadv_orig_node **mcast_single_orig)
71
+
struct batadv_orig_node **mcast_single_orig,
72
+
int *is_routable)
73
73
{
74
74
return BATADV_FORW_ALL;
75
75
}
···
87
85
88
86
static inline int
89
87
batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb,
90
-
unsigned short vid)
88
+
unsigned short vid, int is_routable)
91
89
{
92
90
kfree_skb(skb);
93
91
return NET_XMIT_DROP;
+5
-2
net/batman-adv/soft-interface.c
+5
-2
net/batman-adv/soft-interface.c
···
198
198
int gw_mode;
199
199
enum batadv_forw_mode forw_mode = BATADV_FORW_SINGLE;
200
200
struct batadv_orig_node *mcast_single_orig = NULL;
201
+
int mcast_is_routable = 0;
201
202
int network_offset = ETH_HLEN;
202
203
__be16 proto;
203
204
···
301
300
send:
302
301
if (do_bcast && !is_broadcast_ether_addr(ethhdr->h_dest)) {
303
302
forw_mode = batadv_mcast_forw_mode(bat_priv, skb,
304
-
&mcast_single_orig);
303
+
&mcast_single_orig,
304
+
&mcast_is_routable);
305
305
if (forw_mode == BATADV_FORW_NONE)
306
306
goto dropped;
307
307
···
361
359
ret = batadv_mcast_forw_send_orig(bat_priv, skb, vid,
362
360
mcast_single_orig);
363
361
} else if (forw_mode == BATADV_FORW_SOME) {
364
-
ret = batadv_mcast_forw_send(bat_priv, skb, vid);
362
+
ret = batadv_mcast_forw_send(bat_priv, skb, vid,
363
+
mcast_is_routable);
365
364
} else {
366
365
if (batadv_dat_snoop_outgoing_arp_request(bat_priv,
367
366
skb))
+4
net/core/lwtunnel.c
+4
net/core/lwtunnel.c
···
197
197
nla_entype = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
198
198
199
199
if (nla_entype) {
200
+
if (nla_len(nla_entype) < sizeof(u16)) {
201
+
NL_SET_ERR_MSG(extack, "Invalid RTA_ENCAP_TYPE");
202
+
return -EINVAL;
203
+
}
200
204
encap_type = nla_get_u16(nla_entype);
201
205
202
206
if (lwtunnel_valid_encap_type(encap_type,
+43
-6
net/ipv4/fib_semantics.c
+43
-6
net/ipv4/fib_semantics.c
···
662
662
return nhs;
663
663
}
664
664
665
+
static int fib_gw_from_attr(__be32 *gw, struct nlattr *nla,
666
+
struct netlink_ext_ack *extack)
667
+
{
668
+
if (nla_len(nla) < sizeof(*gw)) {
669
+
NL_SET_ERR_MSG(extack, "Invalid IPv4 address in RTA_GATEWAY");
670
+
return -EINVAL;
671
+
}
672
+
673
+
*gw = nla_get_in_addr(nla);
674
+
675
+
return 0;
676
+
}
677
+
665
678
/* only called when fib_nh is integrated into fib_info */
666
679
static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh,
667
680
int remaining, struct fib_config *cfg,
···
717
704
return -EINVAL;
718
705
}
719
706
if (nla) {
720
-
fib_cfg.fc_gw4 = nla_get_in_addr(nla);
707
+
ret = fib_gw_from_attr(&fib_cfg.fc_gw4, nla,
708
+
extack);
709
+
if (ret)
710
+
goto errout;
711
+
721
712
if (fib_cfg.fc_gw4)
722
713
fib_cfg.fc_gw_family = AF_INET;
723
714
} else if (nlav) {
···
731
714
}
732
715
733
716
nla = nla_find(attrs, attrlen, RTA_FLOW);
734
-
if (nla)
717
+
if (nla) {
718
+
if (nla_len(nla) < sizeof(u32)) {
719
+
NL_SET_ERR_MSG(extack, "Invalid RTA_FLOW");
720
+
return -EINVAL;
721
+
}
735
722
fib_cfg.fc_flow = nla_get_u32(nla);
723
+
}
736
724
737
725
fib_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP);
726
+
/* RTA_ENCAP_TYPE length checked in
727
+
* lwtunnel_valid_encap_type_attr
728
+
*/
738
729
nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
739
730
if (nla)
740
731
fib_cfg.fc_encap_type = nla_get_u16(nla);
···
927
902
attrlen = rtnh_attrlen(rtnh);
928
903
if (attrlen > 0) {
929
904
struct nlattr *nla, *nlav, *attrs = rtnh_attrs(rtnh);
905
+
int err;
930
906
931
907
nla = nla_find(attrs, attrlen, RTA_GATEWAY);
932
908
nlav = nla_find(attrs, attrlen, RTA_VIA);
···
938
912
}
939
913
940
914
if (nla) {
915
+
__be32 gw;
916
+
917
+
err = fib_gw_from_attr(&gw, nla, extack);
918
+
if (err)
919
+
return err;
920
+
941
921
if (nh->fib_nh_gw_family != AF_INET ||
942
-
nla_get_in_addr(nla) != nh->fib_nh_gw4)
922
+
gw != nh->fib_nh_gw4)
943
923
return 1;
944
924
} else if (nlav) {
945
925
struct fib_config cfg2;
946
-
int err;
947
926
948
927
err = fib_gw_from_via(&cfg2, nlav, extack);
949
928
if (err)
···
971
940
972
941
#ifdef CONFIG_IP_ROUTE_CLASSID
973
942
nla = nla_find(attrs, attrlen, RTA_FLOW);
974
-
if (nla && nla_get_u32(nla) != nh->nh_tclassid)
975
-
return 1;
943
+
if (nla) {
944
+
if (nla_len(nla) < sizeof(u32)) {
945
+
NL_SET_ERR_MSG(extack, "Invalid RTA_FLOW");
946
+
return -EINVAL;
947
+
}
948
+
if (nla_get_u32(nla) != nh->nh_tclassid)
949
+
return 1;
950
+
}
976
951
#endif
977
952
}
978
953
+5
-1
net/ipv6/icmp.c
+5
-1
net/ipv6/icmp.c
···
57
57
#include <net/protocol.h>
58
58
#include <net/raw.h>
59
59
#include <net/rawv6.h>
60
+
#include <net/seg6.h>
60
61
#include <net/transp_v6.h>
61
62
#include <net/ip6_route.h>
62
63
#include <net/addrconf.h>
···
821
820
822
821
void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
823
822
{
823
+
struct inet6_skb_parm *opt = IP6CB(skb);
824
824
const struct inet6_protocol *ipprot;
825
825
int inner_offset;
826
826
__be16 frag_off;
···
830
828
831
829
if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
832
830
goto out;
831
+
832
+
seg6_icmp_srh(skb, opt);
833
833
834
834
nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
835
835
if (ipv6_ext_hdr(nexthdr)) {
···
857
853
858
854
ipprot = rcu_dereference(inet6_protos[nexthdr]);
859
855
if (ipprot && ipprot->err_handler)
860
-
ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
856
+
ipprot->err_handler(skb, opt, type, code, inner_offset, info);
861
857
862
858
raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
863
859
return;
+30
-2
net/ipv6/route.c
+30
-2
net/ipv6/route.c
···
5224
5224
return should_notify;
5225
5225
}
5226
5226
5227
+
static int fib6_gw_from_attr(struct in6_addr *gw, struct nlattr *nla,
5228
+
struct netlink_ext_ack *extack)
5229
+
{
5230
+
if (nla_len(nla) < sizeof(*gw)) {
5231
+
NL_SET_ERR_MSG(extack, "Invalid IPv6 address in RTA_GATEWAY");
5232
+
return -EINVAL;
5233
+
}
5234
+
5235
+
*gw = nla_get_in6_addr(nla);
5236
+
5237
+
return 0;
5238
+
}
5239
+
5227
5240
static int ip6_route_multipath_add(struct fib6_config *cfg,
5228
5241
struct netlink_ext_ack *extack)
5229
5242
{
···
5277
5264
5278
5265
nla = nla_find(attrs, attrlen, RTA_GATEWAY);
5279
5266
if (nla) {
5280
-
r_cfg.fc_gateway = nla_get_in6_addr(nla);
5267
+
err = fib6_gw_from_attr(&r_cfg.fc_gateway, nla,
5268
+
extack);
5269
+
if (err)
5270
+
goto cleanup;
5271
+
5281
5272
r_cfg.fc_flags |= RTF_GATEWAY;
5282
5273
}
5283
5274
r_cfg.fc_encap = nla_find(attrs, attrlen, RTA_ENCAP);
5275
+
5276
+
/* RTA_ENCAP_TYPE length checked in
5277
+
* lwtunnel_valid_encap_type_attr
5278
+
*/
5284
5279
nla = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
5285
5280
if (nla)
5286
5281
r_cfg.fc_encap_type = nla_get_u16(nla);
···
5455
5434
5456
5435
nla = nla_find(attrs, attrlen, RTA_GATEWAY);
5457
5436
if (nla) {
5458
-
nla_memcpy(&r_cfg.fc_gateway, nla, 16);
5437
+
err = fib6_gw_from_attr(&r_cfg.fc_gateway, nla,
5438
+
extack);
5439
+
if (err) {
5440
+
last_err = err;
5441
+
goto next_rtnh;
5442
+
}
5443
+
5459
5444
r_cfg.fc_flags |= RTF_GATEWAY;
5460
5445
}
5461
5446
}
···
5469
5442
if (err)
5470
5443
last_err = err;
5471
5444
5445
+
next_rtnh:
5472
5446
rtnh = rtnh_next(rtnh, &remaining);
5473
5447
}
5474
5448
+59
net/ipv6/seg6.c
+59
net/ipv6/seg6.c
···
75
75
return true;
76
76
}
77
77
78
+
struct ipv6_sr_hdr *seg6_get_srh(struct sk_buff *skb, int flags)
79
+
{
80
+
struct ipv6_sr_hdr *srh;
81
+
int len, srhoff = 0;
82
+
83
+
if (ipv6_find_hdr(skb, &srhoff, IPPROTO_ROUTING, NULL, &flags) < 0)
84
+
return NULL;
85
+
86
+
if (!pskb_may_pull(skb, srhoff + sizeof(*srh)))
87
+
return NULL;
88
+
89
+
srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
90
+
91
+
len = (srh->hdrlen + 1) << 3;
92
+
93
+
if (!pskb_may_pull(skb, srhoff + len))
94
+
return NULL;
95
+
96
+
/* note that pskb_may_pull may change pointers in header;
97
+
* for this reason it is necessary to reload them when needed.
98
+
*/
99
+
srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
100
+
101
+
if (!seg6_validate_srh(srh, len, true))
102
+
return NULL;
103
+
104
+
return srh;
105
+
}
106
+
107
+
/* Determine if an ICMP invoking packet contains a segment routing
108
+
* header. If it does, extract the offset to the true destination
109
+
* address, which is in the first segment address.
110
+
*/
111
+
void seg6_icmp_srh(struct sk_buff *skb, struct inet6_skb_parm *opt)
112
+
{
113
+
__u16 network_header = skb->network_header;
114
+
struct ipv6_sr_hdr *srh;
115
+
116
+
/* Update network header to point to the invoking packet
117
+
* inside the ICMP packet, so we can use the seg6_get_srh()
118
+
* helper.
119
+
*/
120
+
skb_reset_network_header(skb);
121
+
122
+
srh = seg6_get_srh(skb, 0);
123
+
if (!srh)
124
+
goto out;
125
+
126
+
if (srh->type != IPV6_SRCRT_TYPE_4)
127
+
goto out;
128
+
129
+
opt->flags |= IP6SKB_SEG6;
130
+
opt->srhoff = (unsigned char *)srh - skb->data;
131
+
132
+
out:
133
+
/* Restore the network header back to the ICMP packet */
134
+
skb->network_header = network_header;
135
+
}
136
+
78
137
static struct genl_family seg6_genl_family;
79
138
80
139
static const struct nla_policy seg6_genl_policy[SEG6_ATTR_MAX + 1] = {
+2
-31
net/ipv6/seg6_local.c
+2
-31
net/ipv6/seg6_local.c
···
150
150
return (struct seg6_local_lwt *)lwt->data;
151
151
}
152
152
153
-
static struct ipv6_sr_hdr *get_srh(struct sk_buff *skb, int flags)
154
-
{
155
-
struct ipv6_sr_hdr *srh;
156
-
int len, srhoff = 0;
157
-
158
-
if (ipv6_find_hdr(skb, &srhoff, IPPROTO_ROUTING, NULL, &flags) < 0)
159
-
return NULL;
160
-
161
-
if (!pskb_may_pull(skb, srhoff + sizeof(*srh)))
162
-
return NULL;
163
-
164
-
srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
165
-
166
-
len = (srh->hdrlen + 1) << 3;
167
-
168
-
if (!pskb_may_pull(skb, srhoff + len))
169
-
return NULL;
170
-
171
-
/* note that pskb_may_pull may change pointers in header;
172
-
* for this reason it is necessary to reload them when needed.
173
-
*/
174
-
srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
175
-
176
-
if (!seg6_validate_srh(srh, len, true))
177
-
return NULL;
178
-
179
-
return srh;
180
-
}
181
-
182
153
static struct ipv6_sr_hdr *get_and_validate_srh(struct sk_buff *skb)
183
154
{
184
155
struct ipv6_sr_hdr *srh;
185
156
186
-
srh = get_srh(skb, IP6_FH_F_SKIP_RH);
157
+
srh = seg6_get_srh(skb, IP6_FH_F_SKIP_RH);
187
158
if (!srh)
188
159
return NULL;
189
160
···
171
200
struct ipv6_sr_hdr *srh;
172
201
unsigned int off = 0;
173
202
174
-
srh = get_srh(skb, 0);
203
+
srh = seg6_get_srh(skb, 0);
175
204
if (srh && srh->segments_left > 0)
176
205
return false;
177
206
+2
-1
net/ipv6/udp.c
+2
-1
net/ipv6/udp.c
···
40
40
#include <net/transp_v6.h>
41
41
#include <net/ip6_route.h>
42
42
#include <net/raw.h>
43
+
#include <net/seg6.h>
43
44
#include <net/tcp_states.h>
44
45
#include <net/ip6_checksum.h>
45
46
#include <net/ip6_tunnel.h>
···
562
561
struct ipv6_pinfo *np;
563
562
const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
564
563
const struct in6_addr *saddr = &hdr->saddr;
565
-
const struct in6_addr *daddr = &hdr->daddr;
564
+
const struct in6_addr *daddr = seg6_get_daddr(skb, opt) ? : &hdr->daddr;
566
565
struct udphdr *uh = (struct udphdr *)(skb->data+offset);
567
566
bool tunnel = false;
568
567
struct sock *sk;
+22
-2
net/mac80211/ieee80211_i.h
+22
-2
net/mac80211/ieee80211_i.h
···
647
647
struct cfg80211_csa_settings settings;
648
648
};
649
649
650
+
/**
651
+
* struct mesh_table
652
+
*
653
+
* @known_gates: list of known mesh gates and their mpaths by the station. The
654
+
* gate's mpath may or may not be resolved and active.
655
+
* @gates_lock: protects updates to known_gates
656
+
* @rhead: the rhashtable containing struct mesh_paths, keyed by dest addr
657
+
* @walk_head: linked list containing all mesh_path objects
658
+
* @walk_lock: lock protecting walk_head
659
+
* @entries: number of entries in the table
660
+
*/
661
+
struct mesh_table {
662
+
struct hlist_head known_gates;
663
+
spinlock_t gates_lock;
664
+
struct rhashtable rhead;
665
+
struct hlist_head walk_head;
666
+
spinlock_t walk_lock;
667
+
atomic_t entries; /* Up to MAX_MESH_NEIGHBOURS */
668
+
};
669
+
650
670
struct ieee80211_if_mesh {
651
671
struct timer_list housekeeping_timer;
652
672
struct timer_list mesh_path_timer;
···
741
721
/* offset from skb->data while building IE */
742
722
int meshconf_offset;
743
723
744
-
struct mesh_table *mesh_paths;
745
-
struct mesh_table *mpp_paths; /* Store paths for MPP&MAP */
724
+
struct mesh_table mesh_paths;
725
+
struct mesh_table mpp_paths; /* Store paths for MPP&MAP */
746
726
int mesh_paths_generation;
747
727
int mpp_paths_generation;
748
728
};
+1
-21
net/mac80211/mesh.h
+1
-21
net/mac80211/mesh.h
···
127
127
u32 path_change_count;
128
128
};
129
129
130
-
/**
131
-
* struct mesh_table
132
-
*
133
-
* @known_gates: list of known mesh gates and their mpaths by the station. The
134
-
* gate's mpath may or may not be resolved and active.
135
-
* @gates_lock: protects updates to known_gates
136
-
* @rhead: the rhashtable containing struct mesh_paths, keyed by dest addr
137
-
* @walk_head: linked list containing all mesh_path objects
138
-
* @walk_lock: lock protecting walk_head
139
-
* @entries: number of entries in the table
140
-
*/
141
-
struct mesh_table {
142
-
struct hlist_head known_gates;
143
-
spinlock_t gates_lock;
144
-
struct rhashtable rhead;
145
-
struct hlist_head walk_head;
146
-
spinlock_t walk_lock;
147
-
atomic_t entries; /* Up to MAX_MESH_NEIGHBOURS */
148
-
};
149
-
150
130
/* Recent multicast cache */
151
131
/* RMC_BUCKETS must be a power of 2, maximum 256 */
152
132
#define RMC_BUCKETS 256
···
288
308
void mesh_path_assign_nexthop(struct mesh_path *mpath, struct sta_info *sta);
289
309
void mesh_path_flush_pending(struct mesh_path *mpath);
290
310
void mesh_path_tx_pending(struct mesh_path *mpath);
291
-
int mesh_pathtbl_init(struct ieee80211_sub_if_data *sdata);
311
+
void mesh_pathtbl_init(struct ieee80211_sub_if_data *sdata);
292
312
void mesh_pathtbl_unregister(struct ieee80211_sub_if_data *sdata);
293
313
int mesh_path_del(struct ieee80211_sub_if_data *sdata, const u8 *addr);
294
314
void mesh_path_timer(struct timer_list *t);
+31
-58
net/mac80211/mesh_pathtbl.c
+31
-58
net/mac80211/mesh_pathtbl.c
···
47
47
mesh_path_free_rcu(tbl, mpath);
48
48
}
49
49
50
-
static struct mesh_table *mesh_table_alloc(void)
50
+
static void mesh_table_init(struct mesh_table *tbl)
51
51
{
52
-
struct mesh_table *newtbl;
52
+
INIT_HLIST_HEAD(&tbl->known_gates);
53
+
INIT_HLIST_HEAD(&tbl->walk_head);
54
+
atomic_set(&tbl->entries, 0);
55
+
spin_lock_init(&tbl->gates_lock);
56
+
spin_lock_init(&tbl->walk_lock);
53
57
54
-
newtbl = kmalloc(sizeof(struct mesh_table), GFP_ATOMIC);
55
-
if (!newtbl)
56
-
return NULL;
57
-
58
-
INIT_HLIST_HEAD(&newtbl->known_gates);
59
-
INIT_HLIST_HEAD(&newtbl->walk_head);
60
-
atomic_set(&newtbl->entries, 0);
61
-
spin_lock_init(&newtbl->gates_lock);
62
-
spin_lock_init(&newtbl->walk_lock);
63
-
if (rhashtable_init(&newtbl->rhead, &mesh_rht_params)) {
64
-
kfree(newtbl);
65
-
return NULL;
66
-
}
67
-
68
-
return newtbl;
58
+
/* rhashtable_init() may fail only in case of wrong
59
+
* mesh_rht_params
60
+
*/
61
+
WARN_ON(rhashtable_init(&tbl->rhead, &mesh_rht_params));
69
62
}
70
63
71
64
static void mesh_table_free(struct mesh_table *tbl)
72
65
{
73
66
rhashtable_free_and_destroy(&tbl->rhead,
74
67
mesh_path_rht_free, tbl);
75
-
kfree(tbl);
76
68
}
77
69
78
70
/**
···
230
238
struct mesh_path *
231
239
mesh_path_lookup(struct ieee80211_sub_if_data *sdata, const u8 *dst)
232
240
{
233
-
return mpath_lookup(sdata->u.mesh.mesh_paths, dst, sdata);
241
+
return mpath_lookup(&sdata->u.mesh.mesh_paths, dst, sdata);
234
242
}
235
243
236
244
struct mesh_path *
237
245
mpp_path_lookup(struct ieee80211_sub_if_data *sdata, const u8 *dst)
238
246
{
239
-
return mpath_lookup(sdata->u.mesh.mpp_paths, dst, sdata);
247
+
return mpath_lookup(&sdata->u.mesh.mpp_paths, dst, sdata);
240
248
}
241
249
242
250
static struct mesh_path *
···
273
281
struct mesh_path *
274
282
mesh_path_lookup_by_idx(struct ieee80211_sub_if_data *sdata, int idx)
275
283
{
276
-
return __mesh_path_lookup_by_idx(sdata->u.mesh.mesh_paths, idx);
284
+
return __mesh_path_lookup_by_idx(&sdata->u.mesh.mesh_paths, idx);
277
285
}
278
286
279
287
/**
···
288
296
struct mesh_path *
289
297
mpp_path_lookup_by_idx(struct ieee80211_sub_if_data *sdata, int idx)
290
298
{
291
-
return __mesh_path_lookup_by_idx(sdata->u.mesh.mpp_paths, idx);
299
+
return __mesh_path_lookup_by_idx(&sdata->u.mesh.mpp_paths, idx);
292
300
}
293
301
294
302
/**
···
301
309
int err;
302
310
303
311
rcu_read_lock();
304
-
tbl = mpath->sdata->u.mesh.mesh_paths;
312
+
tbl = &mpath->sdata->u.mesh.mesh_paths;
305
313
306
314
spin_lock_bh(&mpath->state_lock);
307
315
if (mpath->is_gate) {
···
410
418
if (!new_mpath)
411
419
return ERR_PTR(-ENOMEM);
412
420
413
-
tbl = sdata->u.mesh.mesh_paths;
421
+
tbl = &sdata->u.mesh.mesh_paths;
414
422
spin_lock_bh(&tbl->walk_lock);
415
423
mpath = rhashtable_lookup_get_insert_fast(&tbl->rhead,
416
424
&new_mpath->rhash,
···
452
460
return -ENOMEM;
453
461
454
462
memcpy(new_mpath->mpp, mpp, ETH_ALEN);
455
-
tbl = sdata->u.mesh.mpp_paths;
463
+
tbl = &sdata->u.mesh.mpp_paths;
456
464
457
465
spin_lock_bh(&tbl->walk_lock);
458
466
ret = rhashtable_lookup_insert_fast(&tbl->rhead,
···
481
489
void mesh_plink_broken(struct sta_info *sta)
482
490
{
483
491
struct ieee80211_sub_if_data *sdata = sta->sdata;
484
-
struct mesh_table *tbl = sdata->u.mesh.mesh_paths;
492
+
struct mesh_table *tbl = &sdata->u.mesh.mesh_paths;
485
493
static const u8 bcast[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
486
494
struct mesh_path *mpath;
487
495
···
540
548
void mesh_path_flush_by_nexthop(struct sta_info *sta)
541
549
{
542
550
struct ieee80211_sub_if_data *sdata = sta->sdata;
543
-
struct mesh_table *tbl = sdata->u.mesh.mesh_paths;
551
+
struct mesh_table *tbl = &sdata->u.mesh.mesh_paths;
544
552
struct mesh_path *mpath;
545
553
struct hlist_node *n;
546
554
···
555
563
static void mpp_flush_by_proxy(struct ieee80211_sub_if_data *sdata,
556
564
const u8 *proxy)
557
565
{
558
-
struct mesh_table *tbl = sdata->u.mesh.mpp_paths;
566
+
struct mesh_table *tbl = &sdata->u.mesh.mpp_paths;
559
567
struct mesh_path *mpath;
560
568
struct hlist_node *n;
561
569
···
589
597
*/
590
598
void mesh_path_flush_by_iface(struct ieee80211_sub_if_data *sdata)
591
599
{
592
-
table_flush_by_iface(sdata->u.mesh.mesh_paths);
593
-
table_flush_by_iface(sdata->u.mesh.mpp_paths);
600
+
table_flush_by_iface(&sdata->u.mesh.mesh_paths);
601
+
table_flush_by_iface(&sdata->u.mesh.mpp_paths);
594
602
}
595
603
596
604
/**
···
636
644
/* flush relevant mpp entries first */
637
645
mpp_flush_by_proxy(sdata, addr);
638
646
639
-
err = table_path_del(sdata->u.mesh.mesh_paths, sdata, addr);
647
+
err = table_path_del(&sdata->u.mesh.mesh_paths, sdata, addr);
640
648
sdata->u.mesh.mesh_paths_generation++;
641
649
return err;
642
650
}
···
674
682
struct mesh_path *gate;
675
683
bool copy = false;
676
684
677
-
tbl = sdata->u.mesh.mesh_paths;
685
+
tbl = &sdata->u.mesh.mesh_paths;
678
686
679
687
rcu_read_lock();
680
688
hlist_for_each_entry_rcu(gate, &tbl->known_gates, gate_list) {
···
754
762
mesh_path_tx_pending(mpath);
755
763
}
756
764
757
-
int mesh_pathtbl_init(struct ieee80211_sub_if_data *sdata)
765
+
void mesh_pathtbl_init(struct ieee80211_sub_if_data *sdata)
758
766
{
759
-
struct mesh_table *tbl_path, *tbl_mpp;
760
-
int ret;
761
-
762
-
tbl_path = mesh_table_alloc();
763
-
if (!tbl_path)
764
-
return -ENOMEM;
765
-
766
-
tbl_mpp = mesh_table_alloc();
767
-
if (!tbl_mpp) {
768
-
ret = -ENOMEM;
769
-
goto free_path;
770
-
}
771
-
772
-
sdata->u.mesh.mesh_paths = tbl_path;
773
-
sdata->u.mesh.mpp_paths = tbl_mpp;
774
-
775
-
return 0;
776
-
777
-
free_path:
778
-
mesh_table_free(tbl_path);
779
-
return ret;
767
+
mesh_table_init(&sdata->u.mesh.mesh_paths);
768
+
mesh_table_init(&sdata->u.mesh.mpp_paths);
780
769
}
781
770
782
771
static
···
779
806
780
807
void mesh_path_expire(struct ieee80211_sub_if_data *sdata)
781
808
{
782
-
mesh_path_tbl_expire(sdata, sdata->u.mesh.mesh_paths);
783
-
mesh_path_tbl_expire(sdata, sdata->u.mesh.mpp_paths);
809
+
mesh_path_tbl_expire(sdata, &sdata->u.mesh.mesh_paths);
810
+
mesh_path_tbl_expire(sdata, &sdata->u.mesh.mpp_paths);
784
811
}
785
812
786
813
void mesh_pathtbl_unregister(struct ieee80211_sub_if_data *sdata)
787
814
{
788
-
mesh_table_free(sdata->u.mesh.mesh_paths);
789
-
mesh_table_free(sdata->u.mesh.mpp_paths);
815
+
mesh_table_free(&sdata->u.mesh.mesh_paths);
816
+
mesh_table_free(&sdata->u.mesh.mpp_paths);
790
817
}
+1
-1
net/mac80211/mlme.c
+1
-1
net/mac80211/mlme.c
···
5265
5265
*/
5266
5266
if (new_sta) {
5267
5267
u32 rates = 0, basic_rates = 0;
5268
-
bool have_higher_than_11mbit;
5268
+
bool have_higher_than_11mbit = false;
5269
5269
int min_rate = INT_MAX, min_rate_index = -1;
5270
5270
const struct cfg80211_bss_ies *ies;
5271
5271
int shift = ieee80211_vif_get_shift(&sdata->vif);
+5
-4
net/mctp/neigh.c
+5
-4
net/mctp/neigh.c
···
85
85
mutex_unlock(&net->mctp.neigh_lock);
86
86
}
87
87
88
-
// TODO: add a "source" flag so netlink can only delete static neighbours?
89
-
static int mctp_neigh_remove(struct mctp_dev *mdev, mctp_eid_t eid)
88
+
static int mctp_neigh_remove(struct mctp_dev *mdev, mctp_eid_t eid,
89
+
enum mctp_neigh_source source)
90
90
{
91
91
struct net *net = dev_net(mdev->dev);
92
92
struct mctp_neigh *neigh, *tmp;
···
94
94
95
95
mutex_lock(&net->mctp.neigh_lock);
96
96
list_for_each_entry_safe(neigh, tmp, &net->mctp.neighbours, list) {
97
-
if (neigh->dev == mdev && neigh->eid == eid) {
97
+
if (neigh->dev == mdev && neigh->eid == eid &&
98
+
neigh->source == source) {
98
99
list_del_rcu(&neigh->list);
99
100
/* TODO: immediate RTM_DELNEIGH */
100
101
call_rcu(&neigh->rcu, __mctp_neigh_free);
···
203
202
if (!mdev)
204
203
return -ENODEV;
205
204
206
-
return mctp_neigh_remove(mdev, eid);
205
+
return mctp_neigh_remove(mdev, eid, MCTP_NEIGH_STATIC);
207
206
}
208
207
209
208
static int mctp_fill_neigh(struct sk_buff *skb, u32 portid, u32 seq, int event,
+1
-1
net/netrom/af_netrom.c
+1
-1
net/netrom/af_netrom.c
+2
-4
net/sched/sch_qfq.c
+2
-4
net/sched/sch_qfq.c
···
1421
1421
if (err < 0)
1422
1422
return err;
1423
1423
1424
-
if (qdisc_dev(sch)->tx_queue_len + 1 > QFQ_MAX_AGG_CLASSES)
1425
-
max_classes = QFQ_MAX_AGG_CLASSES;
1426
-
else
1427
-
max_classes = qdisc_dev(sch)->tx_queue_len + 1;
1424
+
max_classes = min_t(u64, (u64)qdisc_dev(sch)->tx_queue_len + 1,
1425
+
QFQ_MAX_AGG_CLASSES);
1428
1426
/* max_cl_shift = floor(log_2(max_classes)) */
1429
1427
max_cl_shift = __fls(max_classes);
1430
1428
q->max_agg_classes = 1<<max_cl_shift;
+24
-28
net/sctp/diag.c
+24
-28
net/sctp/diag.c
···
245
245
+ 64;
246
246
}
247
247
248
-
static int sctp_tsp_dump_one(struct sctp_transport *tsp, void *p)
248
+
static int sctp_sock_dump_one(struct sctp_endpoint *ep, struct sctp_transport *tsp, void *p)
249
249
{
250
250
struct sctp_association *assoc = tsp->asoc;
251
-
struct sock *sk = tsp->asoc->base.sk;
252
251
struct sctp_comm_param *commp = p;
253
-
struct sk_buff *in_skb = commp->skb;
252
+
struct sock *sk = ep->base.sk;
254
253
const struct inet_diag_req_v2 *req = commp->r;
255
-
const struct nlmsghdr *nlh = commp->nlh;
256
-
struct net *net = sock_net(in_skb->sk);
254
+
struct sk_buff *skb = commp->skb;
257
255
struct sk_buff *rep;
258
256
int err;
259
257
260
258
err = sock_diag_check_cookie(sk, req->id.idiag_cookie);
261
259
if (err)
262
-
goto out;
260
+
return err;
263
261
264
-
err = -ENOMEM;
265
262
rep = nlmsg_new(inet_assoc_attr_size(assoc), GFP_KERNEL);
266
263
if (!rep)
267
-
goto out;
264
+
return -ENOMEM;
268
265
269
266
lock_sock(sk);
270
-
if (sk != assoc->base.sk) {
271
-
release_sock(sk);
272
-
sk = assoc->base.sk;
273
-
lock_sock(sk);
274
-
}
275
-
err = inet_sctp_diag_fill(sk, assoc, rep, req,
276
-
sk_user_ns(NETLINK_CB(in_skb).sk),
277
-
NETLINK_CB(in_skb).portid,
278
-
nlh->nlmsg_seq, 0, nlh,
279
-
commp->net_admin);
280
-
release_sock(sk);
281
-
if (err < 0) {
282
-
WARN_ON(err == -EMSGSIZE);
283
-
kfree_skb(rep);
267
+
if (ep != assoc->ep) {
268
+
err = -EAGAIN;
284
269
goto out;
285
270
}
286
271
287
-
err = nlmsg_unicast(net->diag_nlsk, rep, NETLINK_CB(in_skb).portid);
272
+
err = inet_sctp_diag_fill(sk, assoc, rep, req, sk_user_ns(NETLINK_CB(skb).sk),
273
+
NETLINK_CB(skb).portid, commp->nlh->nlmsg_seq, 0,
274
+
commp->nlh, commp->net_admin);
275
+
if (err < 0) {
276
+
WARN_ON(err == -EMSGSIZE);
277
+
goto out;
278
+
}
279
+
release_sock(sk);
280
+
281
+
return nlmsg_unicast(sock_net(skb->sk)->diag_nlsk, rep, NETLINK_CB(skb).portid);
288
282
289
283
out:
284
+
release_sock(sk);
285
+
kfree_skb(rep);
290
286
return err;
291
287
}
292
288
···
425
429
static int sctp_diag_dump_one(struct netlink_callback *cb,
426
430
const struct inet_diag_req_v2 *req)
427
431
{
428
-
struct sk_buff *in_skb = cb->skb;
429
-
struct net *net = sock_net(in_skb->sk);
432
+
struct sk_buff *skb = cb->skb;
433
+
struct net *net = sock_net(skb->sk);
430
434
const struct nlmsghdr *nlh = cb->nlh;
431
435
union sctp_addr laddr, paddr;
432
436
struct sctp_comm_param commp = {
433
-
.skb = in_skb,
437
+
.skb = skb,
434
438
.r = req,
435
439
.nlh = nlh,
436
-
.net_admin = netlink_net_capable(in_skb, CAP_NET_ADMIN),
440
+
.net_admin = netlink_net_capable(skb, CAP_NET_ADMIN),
437
441
};
438
442
439
443
if (req->sdiag_family == AF_INET) {
···
456
460
paddr.v6.sin6_family = AF_INET6;
457
461
}
458
462
459
-
return sctp_transport_lookup_process(sctp_tsp_dump_one,
463
+
return sctp_transport_lookup_process(sctp_sock_dump_one,
460
464
net, &laddr, &paddr, &commp);
461
465
}
462
466
+15
-7
net/sctp/socket.c
+15
-7
net/sctp/socket.c
···
5317
5317
}
5318
5318
EXPORT_SYMBOL_GPL(sctp_for_each_endpoint);
5319
5319
5320
-
int sctp_transport_lookup_process(int (*cb)(struct sctp_transport *, void *),
5321
-
struct net *net,
5320
+
int sctp_transport_lookup_process(sctp_callback_t cb, struct net *net,
5322
5321
const union sctp_addr *laddr,
5323
5322
const union sctp_addr *paddr, void *p)
5324
5323
{
5325
5324
struct sctp_transport *transport;
5326
-
int err;
5325
+
struct sctp_endpoint *ep;
5326
+
int err = -ENOENT;
5327
5327
5328
5328
rcu_read_lock();
5329
5329
transport = sctp_addrs_lookup_transport(net, laddr, paddr);
5330
+
if (!transport) {
5331
+
rcu_read_unlock();
5332
+
return err;
5333
+
}
5334
+
ep = transport->asoc->ep;
5335
+
if (!sctp_endpoint_hold(ep)) { /* asoc can be peeled off */
5336
+
sctp_transport_put(transport);
5337
+
rcu_read_unlock();
5338
+
return err;
5339
+
}
5330
5340
rcu_read_unlock();
5331
-
if (!transport)
5332
-
return -ENOENT;
5333
5341
5334
-
err = cb(transport, p);
5342
+
err = cb(ep, transport, p);
5343
+
sctp_endpoint_put(ep);
5335
5344
sctp_transport_put(transport);
5336
-
5337
5345
return err;
5338
5346
}
5339
5347
EXPORT_SYMBOL_GPL(sctp_transport_lookup_process);
+2
net/tipc/socket.c
+2
net/tipc/socket.c
+2
-2
net/xdp/xsk.c
+2
-2
net/xdp/xsk.c
···
677
677
struct xdp_sock *xs = xdp_sk(sk);
678
678
struct xsk_buff_pool *pool;
679
679
680
+
sock_poll_wait(file, sock, wait);
681
+
680
682
if (unlikely(!xsk_is_bound(xs)))
681
683
return mask;
682
684
···
690
688
else
691
689
/* Poll needs to drive Tx also in copy mode */
692
690
__xsk_sendmsg(sk);
693
-
} else {
694
-
sock_poll_wait(file, sock, wait);
695
691
}
696
692
697
693
if (xs->rx && !xskq_prod_is_empty(xs->rx))
+1
-1
tools/testing/selftests/bpf/verifier/value_ptr_arith.c
+1
-1
tools/testing/selftests/bpf/verifier/value_ptr_arith.c
···
1078
1078
.errstr_unpriv = "R0 pointer -= pointer prohibited",
1079
1079
},
1080
1080
{
1081
-
"map access: trying to leak tained dst reg",
1081
+
"map access: trying to leak tainted dst reg",
1082
1082
.insns = {
1083
1083
BPF_MOV64_IMM(BPF_REG_0, 0),
1084
1084
BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
tools/testing/selftests/net/amt.sh
tools/testing/selftests/net/amt.sh
+2
-1
tools/testing/selftests/net/udpgro_fwd.sh
+2
-1
tools/testing/selftests/net/udpgro_fwd.sh