Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'net-5.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Pull networking fixes from Jakub Kicinski:
"Including fixes from wireless and netfilter.

Current release - regressions:

- dsa: lantiq_gswip: fix use after free in gswip_remove()

- smc: avoid overwriting the copies of clcsock callback functions

Current release - new code bugs:

- iwlwifi:
- fix use-after-free when no FW is present
- mei: fix the pskb_may_pull check in ipv4
- mei: retry mapping the shared area
- mvm: don't feed the hardware RFKILL into iwlmei

Previous releases - regressions:

- ipv6: mcast: use rcu-safe version of ipv6_get_lladdr()

- tipc: fix wrong publisher node address in link publications

- iwlwifi: mvm: don't send SAR GEO command for 3160 devices, avoid FW
assertion

- bgmac: make idm and nicpm resource optional again

- atl1c: fix tx timeout after link flap

Previous releases - always broken:

- vsock: remove vsock from connected table when connect is
interrupted by a signal

- ping: change destination interface checks to match raw sockets

- crypto: af_alg - get rid of alg_memory_allocated to avoid confusing
semantics (and null-deref) after SO_RESERVE_MEM was added

- ipv6: make exclusive flowlabel checks per-netns

- bonding: force carrier update when releasing slave

- sched: limit TC_ACT_REPEAT loops

- bridge: multicast: notify switchdev driver whenever MC processing
gets disabled because of max entries reached

- wifi: brcmfmac: fix crash in brcm_alt_fw_path when WLAN not found

- iwlwifi: fix locking when "HW not ready"

- phy: mediatek: remove PHY mode check on MT7531

- dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN

- dsa: lan9303:
- fix polarity of reset during probe
- fix accelerated VLAN handling"

* tag 'net-5.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (65 commits)
bonding: force carrier update when releasing slave
nfp: flower: netdev offload check for ip6gretap
ipv6: fix data-race in fib6_info_hw_flags_set / fib6_purge_rt
ipv4: fix data races in fib_alias_hw_flags_set
net: dsa: lan9303: add VLAN IDs to master device
net: dsa: lan9303: handle hwaccel VLAN tags
vsock: remove vsock from connected table when connect is interrupted by a signal
Revert "net: ethernet: bgmac: Use devm_platform_ioremap_resource_byname"
ping: fix the dif and sdif check in ping_lookup
net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
net: sched: limit TC_ACT_REPEAT loops
tipc: fix wrong notification node addresses
net: dsa: lantiq_gswip: fix use after free in gswip_remove()
ipv6: per-netns exclusive flowlabel checks
net: bridge: multicast: notify switchdev driver whenever MC processing gets disabled
CDC-NCM: avoid overflow in sanity checking
mctp: fix use after free
net: mscc: ocelot: fix use-after-free in ocelot_vlan_del()
bonding: fix data-races around agg_select_timer
dpaa2-eth: Initialize mutex used in one step timestamping path
...

+520 -788
+7 -8
MAINTAINERS
··· 3139 3139 F: drivers/net/wireless/ath/ath5k/ 3140 3140 3141 3141 ATHEROS ATH6KL WIRELESS DRIVER 3142 - M: Kalle Valo <kvalo@kernel.org> 3143 3142 L: linux-wireless@vger.kernel.org 3144 - S: Supported 3143 + S: Orphan 3145 3144 W: https://wireless.wiki.kernel.org/en/users/Drivers/ath6kl 3146 - T: git git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git 3147 3145 F: drivers/net/wireless/ath/ath6kl/ 3148 3146 3149 3147 ATI_REMOTE2 DRIVER ··· 7186 7188 7187 7189 ETHERNET BRIDGE 7188 7190 M: Roopa Prabhu <roopa@nvidia.com> 7189 - M: Nikolay Aleksandrov <nikolay@nvidia.com> 7191 + M: Nikolay Aleksandrov <razor@blackwall.org> 7190 7192 L: bridge@lists.linux-foundation.org (moderated for non-subscribers) 7191 7193 L: netdev@vger.kernel.org 7192 7194 S: Maintained ··· 15910 15912 W: https://wireless.wiki.kernel.org/en/users/Drivers/ath10k 15911 15913 T: git git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git 15912 15914 F: drivers/net/wireless/ath/ath10k/ 15915 + F: Documentation/devicetree/bindings/net/wireless/qcom,ath10k.txt 15913 15916 15914 15917 QUALCOMM ATHEROS ATH11K WIRELESS DRIVER 15915 15918 M: Kalle Valo <kvalo@kernel.org> ··· 15918 15919 S: Supported 15919 15920 T: git git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git 15920 15921 F: drivers/net/wireless/ath/ath11k/ 15922 + F: Documentation/devicetree/bindings/net/wireless/qcom,ath11k.txt 15921 15923 15922 15924 QUALCOMM ATHEROS ATH9K WIRELESS DRIVER 15923 - M: ath9k-devel@qca.qualcomm.com 15925 + M: Toke Høiland-Jørgensen <toke@toke.dk> 15924 15926 L: linux-wireless@vger.kernel.org 15925 - S: Supported 15927 + S: Maintained 15926 15928 W: https://wireless.wiki.kernel.org/en/users/Drivers/ath9k 15927 15929 F: Documentation/devicetree/bindings/net/wireless/qca,ath9k.yaml 15928 15930 F: drivers/net/wireless/ath/ath9k/ ··· 16104 16104 F: drivers/media/platform/qcom/venus/ 16105 16105 16106 16106 QUALCOMM WCN36XX WIRELESS DRIVER 16107 - M: Kalle Valo <kvalo@kernel.org> 16107 + M: Loic Poulain <loic.poulain@linaro.org> 16108 16108 L: wcn36xx@lists.infradead.org 16109 16109 S: Supported 16110 16110 W: https://wireless.wiki.kernel.org/en/users/Drivers/wcn36xx 16111 - T: git git://github.com/KrasnikovEugene/wcn36xx.git 16112 16111 F: drivers/net/wireless/ath/wcn36xx/ 16113 16112 16114 16113 QUANTENNA QTNFMAC WIRELESS DRIVER
-3
crypto/af_alg.c
··· 25 25 struct list_head list; 26 26 }; 27 27 28 - static atomic_long_t alg_memory_allocated; 29 - 30 28 static struct proto alg_proto = { 31 29 .name = "ALG", 32 30 .owner = THIS_MODULE, 33 - .memory_allocated = &alg_memory_allocated, 34 31 .obj_size = sizeof(struct alg_sock), 35 32 }; 36 33
+25 -5
drivers/net/bonding/bond_3ad.c
··· 225 225 if (bond == NULL) 226 226 return 0; 227 227 228 - return BOND_AD_INFO(bond).agg_select_timer ? 1 : 0; 228 + return atomic_read(&BOND_AD_INFO(bond).agg_select_timer) ? 1 : 0; 229 229 } 230 230 231 231 /** ··· 1995 1995 */ 1996 1996 void bond_3ad_initiate_agg_selection(struct bonding *bond, int timeout) 1997 1997 { 1998 - BOND_AD_INFO(bond).agg_select_timer = timeout; 1998 + atomic_set(&BOND_AD_INFO(bond).agg_select_timer, timeout); 1999 1999 } 2000 2000 2001 2001 /** ··· 2279 2279 } 2280 2280 2281 2281 /** 2282 + * bond_agg_timer_advance - advance agg_select_timer 2283 + * @bond: bonding structure 2284 + * 2285 + * Return true when agg_select_timer reaches 0. 2286 + */ 2287 + static bool bond_agg_timer_advance(struct bonding *bond) 2288 + { 2289 + int val, nval; 2290 + 2291 + while (1) { 2292 + val = atomic_read(&BOND_AD_INFO(bond).agg_select_timer); 2293 + if (!val) 2294 + return false; 2295 + nval = val - 1; 2296 + if (atomic_cmpxchg(&BOND_AD_INFO(bond).agg_select_timer, 2297 + val, nval) == val) 2298 + break; 2299 + } 2300 + return nval == 0; 2301 + } 2302 + 2303 + /** 2282 2304 * bond_3ad_state_machine_handler - handle state machines timeout 2283 2305 * @work: work context to fetch bonding struct to work on from 2284 2306 * ··· 2335 2313 if (!bond_has_slaves(bond)) 2336 2314 goto re_arm; 2337 2315 2338 - /* check if agg_select_timer timer after initialize is timed out */ 2339 - if (BOND_AD_INFO(bond).agg_select_timer && 2340 - !(--BOND_AD_INFO(bond).agg_select_timer)) { 2316 + if (bond_agg_timer_advance(bond)) { 2341 2317 slave = bond_first_slave_rcu(bond); 2342 2318 port = slave ? &(SLAVE_AD_INFO(slave)->port) : NULL; 2343 2319
+2 -3
drivers/net/bonding/bond_main.c
··· 2379 2379 bond_select_active_slave(bond); 2380 2380 } 2381 2381 2382 - if (!bond_has_slaves(bond)) { 2383 - bond_set_carrier(bond); 2382 + bond_set_carrier(bond); 2383 + if (!bond_has_slaves(bond)) 2384 2384 eth_hw_addr_random(bond_dev); 2385 - } 2386 2385 2387 2386 unblock_netpoll_tx(); 2388 2387 synchronize_rcu();
+1
drivers/net/dsa/Kconfig
··· 82 82 83 83 config NET_DSA_SMSC_LAN9303 84 84 tristate 85 + depends on VLAN_8021Q || VLAN_8021Q=n 85 86 select NET_DSA_TAG_LAN9303 86 87 select REGMAP 87 88 help
+10 -3
drivers/net/dsa/lan9303-core.c
··· 10 10 #include <linux/mii.h> 11 11 #include <linux/phy.h> 12 12 #include <linux/if_bridge.h> 13 + #include <linux/if_vlan.h> 13 14 #include <linux/etherdevice.h> 14 15 15 16 #include "lan9303.h" ··· 1084 1083 static int lan9303_port_enable(struct dsa_switch *ds, int port, 1085 1084 struct phy_device *phy) 1086 1085 { 1086 + struct dsa_port *dp = dsa_to_port(ds, port); 1087 1087 struct lan9303 *chip = ds->priv; 1088 1088 1089 - if (!dsa_is_user_port(ds, port)) 1089 + if (!dsa_port_is_user(dp)) 1090 1090 return 0; 1091 + 1092 + vlan_vid_add(dp->cpu_dp->master, htons(ETH_P_8021Q), port); 1091 1093 1092 1094 return lan9303_enable_processing_port(chip, port); 1093 1095 } 1094 1096 1095 1097 static void lan9303_port_disable(struct dsa_switch *ds, int port) 1096 1098 { 1099 + struct dsa_port *dp = dsa_to_port(ds, port); 1097 1100 struct lan9303 *chip = ds->priv; 1098 1101 1099 - if (!dsa_is_user_port(ds, port)) 1102 + if (!dsa_port_is_user(dp)) 1100 1103 return; 1104 + 1105 + vlan_vid_del(dp->cpu_dp->master, htons(ETH_P_8021Q), port); 1101 1106 1102 1107 lan9303_disable_processing_port(chip, port); 1103 1108 lan9303_phy_write(ds, chip->phy_addr_base + port, MII_BMCR, BMCR_PDOWN); ··· 1317 1310 struct device_node *np) 1318 1311 { 1319 1312 chip->reset_gpio = devm_gpiod_get_optional(chip->dev, "reset", 1320 - GPIOD_OUT_LOW); 1313 + GPIOD_OUT_HIGH); 1321 1314 if (IS_ERR(chip->reset_gpio)) 1322 1315 return PTR_ERR(chip->reset_gpio); 1323 1316
+1 -1
drivers/net/dsa/lantiq_gswip.c
··· 2176 2176 2177 2177 if (priv->ds->slave_mii_bus) { 2178 2178 mdiobus_unregister(priv->ds->slave_mii_bus); 2179 - mdiobus_free(priv->ds->slave_mii_bus); 2180 2179 of_node_put(priv->ds->slave_mii_bus->dev.of_node); 2180 + mdiobus_free(priv->ds->slave_mii_bus); 2181 2181 } 2182 2182 2183 2183 for (i = 0; i < priv->num_gphy_fw; i++)
+7
drivers/net/dsa/mv88e6xxx/chip.c
··· 2284 2284 if (!mv88e6xxx_max_vid(chip)) 2285 2285 return -EOPNOTSUPP; 2286 2286 2287 + /* The ATU removal procedure needs the FID to be mapped in the VTU, 2288 + * but FDB deletion runs concurrently with VLAN deletion. Flush the DSA 2289 + * switchdev workqueue to ensure that all FDB entries are deleted 2290 + * before we remove the VLAN. 2291 + */ 2292 + dsa_flush_workqueue(); 2293 + 2287 2294 mv88e6xxx_reg_lock(chip); 2288 2295 2289 2296 err = mv88e6xxx_port_get_pvid(chip, port, &pvid);
+1 -1
drivers/net/ethernet/atheros/atl1c/atl1c_main.c
··· 900 900 atl1c_clean_buffer(pdev, buffer_info); 901 901 } 902 902 903 - netdev_reset_queue(adapter->netdev); 903 + netdev_tx_reset_queue(netdev_get_tx_queue(adapter->netdev, queue)); 904 904 905 905 /* Zero out Tx-buffers */ 906 906 memset(tpd_ring->desc, 0, sizeof(struct atl1c_tpd_desc) *
+16 -7
drivers/net/ethernet/broadcom/bgmac-platform.c
··· 172 172 { 173 173 struct device_node *np = pdev->dev.of_node; 174 174 struct bgmac *bgmac; 175 + struct resource *regs; 175 176 int ret; 176 177 177 178 bgmac = bgmac_alloc(&pdev->dev); ··· 209 208 if (IS_ERR(bgmac->plat.base)) 210 209 return PTR_ERR(bgmac->plat.base); 211 210 212 - bgmac->plat.idm_base = devm_platform_ioremap_resource_byname(pdev, "idm_base"); 213 - if (IS_ERR(bgmac->plat.idm_base)) 214 - return PTR_ERR(bgmac->plat.idm_base); 215 - else 211 + /* The idm_base resource is optional for some platforms */ 212 + regs = platform_get_resource_byname(pdev, IORESOURCE_MEM, "idm_base"); 213 + if (regs) { 214 + bgmac->plat.idm_base = devm_ioremap_resource(&pdev->dev, regs); 215 + if (IS_ERR(bgmac->plat.idm_base)) 216 + return PTR_ERR(bgmac->plat.idm_base); 216 217 bgmac->feature_flags &= ~BGMAC_FEAT_IDM_MASK; 218 + } 217 219 218 - bgmac->plat.nicpm_base = devm_platform_ioremap_resource_byname(pdev, "nicpm_base"); 219 - if (IS_ERR(bgmac->plat.nicpm_base)) 220 - return PTR_ERR(bgmac->plat.nicpm_base); 220 + /* The nicpm_base resource is optional for some platforms */ 221 + regs = platform_get_resource_byname(pdev, IORESOURCE_MEM, "nicpm_base"); 222 + if (regs) { 223 + bgmac->plat.nicpm_base = devm_ioremap_resource(&pdev->dev, 224 + regs); 225 + if (IS_ERR(bgmac->plat.nicpm_base)) 226 + return PTR_ERR(bgmac->plat.nicpm_base); 227 + } 221 228 222 229 bgmac->read = platform_bgmac_read; 223 230 bgmac->write = platform_bgmac_write;
+1 -1
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c
··· 4338 4338 } 4339 4339 4340 4340 INIT_WORK(&priv->tx_onestep_tstamp, dpaa2_eth_tx_onestep_tstamp); 4341 - 4341 + mutex_init(&priv->onestep_tstamp_lock); 4342 4342 skb_queue_head_init(&priv->tx_skbs); 4343 4343 4344 4344 priv->rx_copybreak = DPAA2_ETH_DEFAULT_COPYBREAK;
+3 -1
drivers/net/ethernet/freescale/dpaa2/dpaa2-switch-flower.c
··· 532 532 struct flow_rule *rule = flow_cls_offload_flow_rule(cls); 533 533 struct flow_dissector *dissector = rule->match.dissector; 534 534 struct netlink_ext_ack *extack = cls->common.extack; 535 + int ret = -EOPNOTSUPP; 535 536 536 537 if (dissector->used_keys & 537 538 ~(BIT(FLOW_DISSECTOR_KEY_BASIC) | ··· 562 561 } 563 562 564 563 *vlan = (u16)match.key->vlan_id; 564 + ret = 0; 565 565 } 566 566 567 - return 0; 567 + return ret; 568 568 } 569 569 570 570 static int
+6
drivers/net/ethernet/intel/ice/ice_lib.c
··· 1684 1684 if (status) 1685 1685 dev_dbg(dev, "ice_add_rss_cfg failed for sctp6 flow, vsi = %d, error = %d\n", 1686 1686 vsi_num, status); 1687 + 1688 + status = ice_add_rss_cfg(hw, vsi_handle, ICE_FLOW_HASH_ESP_SPI, 1689 + ICE_FLOW_SEG_HDR_ESP); 1690 + if (status) 1691 + dev_dbg(dev, "ice_add_rss_cfg failed for esp/spi flow, vsi = %d, error = %d\n", 1692 + vsi_num, status); 1687 1693 } 1688 1694 1689 1695 /**
+5 -1
drivers/net/ethernet/mscc/ocelot.c
··· 549 549 int ocelot_vlan_del(struct ocelot *ocelot, int port, u16 vid) 550 550 { 551 551 struct ocelot_port *ocelot_port = ocelot->ports[port]; 552 + bool del_pvid = false; 552 553 int err; 554 + 555 + if (ocelot_port->pvid_vlan && ocelot_port->pvid_vlan->vid == vid) 556 + del_pvid = true; 553 557 554 558 err = ocelot_vlan_member_del(ocelot, port, vid); 555 559 if (err) 556 560 return err; 557 561 558 562 /* Ingress */ 559 - if (ocelot_port->pvid_vlan && ocelot_port->pvid_vlan->vid == vid) 563 + if (del_pvid) 560 564 ocelot_port_set_pvid(ocelot, port, NULL); 561 565 562 566 /* Egress */
+2
drivers/net/ethernet/netronome/nfp/flower/cmsg.h
··· 723 723 return true; 724 724 if (netif_is_gretap(netdev)) 725 725 return true; 726 + if (netif_is_ip6gretap(netdev)) 727 + return true; 726 728 727 729 return false; 728 730 }
+2 -2
drivers/net/ieee802154/ca8210.c
··· 2975 2975 ca8210_hw->phy->cca.opt = NL802154_CCA_OPT_ENERGY_CARRIER_AND; 2976 2976 ca8210_hw->phy->cca_ed_level = -9800; 2977 2977 ca8210_hw->phy->symbol_duration = 16; 2978 - ca8210_hw->phy->lifs_period = 40; 2979 - ca8210_hw->phy->sifs_period = 12; 2978 + ca8210_hw->phy->lifs_period = 40 * ca8210_hw->phy->symbol_duration; 2979 + ca8210_hw->phy->sifs_period = 12 * ca8210_hw->phy->symbol_duration; 2980 2980 ca8210_hw->flags = 2981 2981 IEEE802154_HW_AFILT | 2982 2982 IEEE802154_HW_OMIT_CKSUM |
+8 -1
drivers/net/mctp/mctp-serial.c
··· 403 403 mctp_serial_push(dev, c[i]); 404 404 } 405 405 406 + static void mctp_serial_uninit(struct net_device *ndev) 407 + { 408 + struct mctp_serial *dev = netdev_priv(ndev); 409 + 410 + cancel_work_sync(&dev->tx_work); 411 + } 412 + 406 413 static const struct net_device_ops mctp_serial_netdev_ops = { 407 414 .ndo_start_xmit = mctp_serial_tx, 415 + .ndo_uninit = mctp_serial_uninit, 408 416 }; 409 417 410 418 static void mctp_serial_setup(struct net_device *ndev) ··· 491 483 int idx = dev->idx; 492 484 493 485 unregister_netdev(dev->netdev); 494 - cancel_work_sync(&dev->tx_work); 495 486 ida_free(&mctp_serial_ida, idx); 496 487 } 497 488
+2 -2
drivers/net/netdevsim/fib.c
··· 623 623 if (err) 624 624 goto err_fib6_rt_nh_del; 625 625 626 - fib6_event->rt_arr[i]->trap = true; 626 + WRITE_ONCE(fib6_event->rt_arr[i]->trap, true); 627 627 } 628 628 629 629 return 0; 630 630 631 631 err_fib6_rt_nh_del: 632 632 for (i--; i >= 0; i--) { 633 - fib6_event->rt_arr[i]->trap = false; 633 + WRITE_ONCE(fib6_event->rt_arr[i]->trap, false); 634 634 nsim_fib6_rt_nh_del(fib6_rt, fib6_event->rt_arr[i]); 635 635 } 636 636 return err;
-3
drivers/net/phy/mediatek-ge.c
··· 55 55 56 56 static int mt7531_phy_config_init(struct phy_device *phydev) 57 57 { 58 - if (phydev->interface != PHY_INTERFACE_MODE_INTERNAL) 59 - return -EINVAL; 60 - 61 58 mtk_gephy_config_init(phydev); 62 59 63 60 /* PHY link down power saving enable */
+12
drivers/net/usb/cdc_ether.c
··· 583 583 .bInterfaceSubClass = USB_CDC_SUBCLASS_ETHERNET, \ 584 584 .bInterfaceProtocol = USB_CDC_PROTO_NONE 585 585 586 + #define ZAURUS_FAKE_INTERFACE \ 587 + .bInterfaceClass = USB_CLASS_COMM, \ 588 + .bInterfaceSubClass = USB_CDC_SUBCLASS_MDLM, \ 589 + .bInterfaceProtocol = USB_CDC_PROTO_NONE 590 + 586 591 /* SA-1100 based Sharp Zaurus ("collie"), or compatible; 587 592 * wire-incompatible with true CDC Ethernet implementations. 588 593 * (And, it seems, needlessly so...) ··· 640 635 .idVendor = 0x04DD, 641 636 .idProduct = 0x9032, /* SL-6000 */ 642 637 ZAURUS_MASTER_INTERFACE, 638 + .driver_info = 0, 639 + }, { 640 + .match_flags = USB_DEVICE_ID_MATCH_INT_INFO 641 + | USB_DEVICE_ID_MATCH_DEVICE, 642 + .idVendor = 0x04DD, 643 + .idProduct = 0x9032, /* SL-6000 */ 644 + ZAURUS_FAKE_INTERFACE, 643 645 .driver_info = 0, 644 646 }, { 645 647 .match_flags = USB_DEVICE_ID_MATCH_INT_INFO
+5
drivers/net/usb/cdc_mbim.c
··· 659 659 .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle, 660 660 }, 661 661 662 + /* Telit FN990 */ 663 + { USB_DEVICE_AND_INTERFACE_INFO(0x1bc7, 0x1071, USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), 664 + .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle, 665 + }, 666 + 662 667 /* default entry */ 663 668 { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), 664 669 .driver_info = (unsigned long)&cdc_mbim_info_zlp,
+4 -4
drivers/net/usb/cdc_ncm.c
··· 1715 1715 { 1716 1716 struct sk_buff *skb; 1717 1717 struct cdc_ncm_ctx *ctx = (struct cdc_ncm_ctx *)dev->data[0]; 1718 - int len; 1718 + unsigned int len; 1719 1719 int nframes; 1720 1720 int x; 1721 - int offset; 1721 + unsigned int offset; 1722 1722 union { 1723 1723 struct usb_cdc_ncm_ndp16 *ndp16; 1724 1724 struct usb_cdc_ncm_ndp32 *ndp32; ··· 1790 1790 break; 1791 1791 } 1792 1792 1793 - /* sanity checking */ 1794 - if (((offset + len) > skb_in->len) || 1793 + /* sanity checking - watch out for integer wrap*/ 1794 + if ((offset > skb_in->len) || (len > skb_in->len - offset) || 1795 1795 (len > ctx->rx_max) || (len < ETH_HLEN)) { 1796 1796 netif_dbg(dev, rx_err, dev->net, 1797 1797 "invalid frame detected (ignored) offset[%u]=%u, length=%u, skb=%p\n",
+12
drivers/net/usb/zaurus.c
··· 256 256 .bInterfaceSubClass = USB_CDC_SUBCLASS_ETHERNET, \ 257 257 .bInterfaceProtocol = USB_CDC_PROTO_NONE 258 258 259 + #define ZAURUS_FAKE_INTERFACE \ 260 + .bInterfaceClass = USB_CLASS_COMM, \ 261 + .bInterfaceSubClass = USB_CDC_SUBCLASS_MDLM, \ 262 + .bInterfaceProtocol = USB_CDC_PROTO_NONE 263 + 259 264 /* SA-1100 based Sharp Zaurus ("collie"), or compatible. */ 260 265 { 261 266 .match_flags = USB_DEVICE_ID_MATCH_INT_INFO ··· 318 313 .idProduct = 0x9032, /* SL-6000 */ 319 314 ZAURUS_MASTER_INTERFACE, 320 315 .driver_info = ZAURUS_PXA_INFO, 316 + }, { 317 + .match_flags = USB_DEVICE_ID_MATCH_INT_INFO 318 + | USB_DEVICE_ID_MATCH_DEVICE, 319 + .idVendor = 0x04DD, 320 + .idProduct = 0x9032, /* SL-6000 */ 321 + ZAURUS_FAKE_INTERFACE, 322 + .driver_info = (unsigned long)&bogus_mdlm_info, 321 323 }, { 322 324 .match_flags = USB_DEVICE_ID_MATCH_INT_INFO 323 325 | USB_DEVICE_ID_MATCH_DEVICE,
+4 -2
drivers/net/wireless/broadcom/brcm80211/brcmfmac/firmware.c
··· 693 693 { 694 694 struct brcmf_fw_item *first = &req->items[0]; 695 695 struct brcmf_fw *fwctx; 696 - char *alt_path; 696 + char *alt_path = NULL; 697 697 int ret; 698 698 699 699 brcmf_dbg(TRACE, "enter: dev=%s\n", dev_name(dev)); ··· 712 712 fwctx->done = fw_cb; 713 713 714 714 /* First try alternative board-specific path if any */ 715 - alt_path = brcm_alt_fw_path(first->path, fwctx->req->board_type); 715 + if (fwctx->req->board_type) 716 + alt_path = brcm_alt_fw_path(first->path, 717 + fwctx->req->board_type); 716 718 if (alt_path) { 717 719 ret = request_firmware_nowait(THIS_MODULE, true, alt_path, 718 720 fwctx->dev, GFP_KERNEL, fwctx,
-13
drivers/net/wireless/intel/iwlwifi/Kconfig
··· 80 80 comment "WARNING: iwlwifi is useless without IWLDVM or IWLMVM" 81 81 depends on IWLDVM=n && IWLMVM=n 82 82 83 - config IWLWIFI_BCAST_FILTERING 84 - bool "Enable broadcast filtering" 85 - depends on IWLMVM 86 - help 87 - Say Y here to enable default bcast filtering configuration. 88 - 89 - Enabling broadcast filtering will drop any incoming wireless 90 - broadcast frames, except some very specific predefined 91 - patterns (e.g. incoming arp requests). 92 - 93 - If unsure, don't enable this option, as some programs might 94 - expect incoming broadcasts for their normal operations. 95 - 96 83 menu "Debugging Options" 97 84 98 85 config IWLWIFI_DEBUG
+6 -5
drivers/net/wireless/intel/iwlwifi/fw/acpi.c
··· 1 1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause 2 2 /* 3 3 * Copyright (C) 2017 Intel Deutschland GmbH 4 - * Copyright (C) 2019-2021 Intel Corporation 4 + * Copyright (C) 2019-2022 Intel Corporation 5 5 */ 6 6 #include <linux/uuid.h> 7 7 #include "iwl-drv.h" ··· 888 888 * only one using version 36, so skip this version entirely. 889 889 */ 890 890 return IWL_UCODE_SERIAL(fwrt->fw->ucode_ver) >= 38 || 891 - IWL_UCODE_SERIAL(fwrt->fw->ucode_ver) == 17 || 892 - (IWL_UCODE_SERIAL(fwrt->fw->ucode_ver) == 29 && 893 - ((fwrt->trans->hw_rev & CSR_HW_REV_TYPE_MSK) == 894 - CSR_HW_REV_TYPE_7265D)); 891 + (IWL_UCODE_SERIAL(fwrt->fw->ucode_ver) == 17 && 892 + fwrt->trans->hw_rev != CSR_HW_REV_TYPE_3160) || 893 + (IWL_UCODE_SERIAL(fwrt->fw->ucode_ver) == 29 && 894 + ((fwrt->trans->hw_rev & CSR_HW_REV_TYPE_MSK) == 895 + CSR_HW_REV_TYPE_7265D)); 895 896 } 896 897 IWL_EXPORT_SYMBOL(iwl_sar_geo_support); 897 898
-5
drivers/net/wireless/intel/iwlwifi/fw/api/commands.h
··· 502 502 DEBUG_LOG_MSG = 0xf7, 503 503 504 504 /** 505 - * @BCAST_FILTER_CMD: &struct iwl_bcast_filter_cmd 506 - */ 507 - BCAST_FILTER_CMD = 0xcf, 508 - 509 - /** 510 505 * @MCAST_FILTER_CMD: &struct iwl_mcast_filter_cmd 511 506 */ 512 507 MCAST_FILTER_CMD = 0xd0,
-88
drivers/net/wireless/intel/iwlwifi/fw/api/filter.h
··· 36 36 u8 addr_list[0]; 37 37 } __packed; /* MCAST_FILTERING_CMD_API_S_VER_1 */ 38 38 39 - #define MAX_BCAST_FILTERS 8 40 - #define MAX_BCAST_FILTER_ATTRS 2 41 - 42 - /** 43 - * enum iwl_mvm_bcast_filter_attr_offset - written by fw for each Rx packet 44 - * @BCAST_FILTER_OFFSET_PAYLOAD_START: offset is from payload start. 45 - * @BCAST_FILTER_OFFSET_IP_END: offset is from ip header end (i.e. 46 - * start of ip payload). 47 - */ 48 - enum iwl_mvm_bcast_filter_attr_offset { 49 - BCAST_FILTER_OFFSET_PAYLOAD_START = 0, 50 - BCAST_FILTER_OFFSET_IP_END = 1, 51 - }; 52 - 53 - /** 54 - * struct iwl_fw_bcast_filter_attr - broadcast filter attribute 55 - * @offset_type: &enum iwl_mvm_bcast_filter_attr_offset. 56 - * @offset: starting offset of this pattern. 57 - * @reserved1: reserved 58 - * @val: value to match - big endian (MSB is the first 59 - * byte to match from offset pos). 60 - * @mask: mask to match (big endian). 61 - */ 62 - struct iwl_fw_bcast_filter_attr { 63 - u8 offset_type; 64 - u8 offset; 65 - __le16 reserved1; 66 - __be32 val; 67 - __be32 mask; 68 - } __packed; /* BCAST_FILTER_ATT_S_VER_1 */ 69 - 70 - /** 71 - * enum iwl_mvm_bcast_filter_frame_type - filter frame type 72 - * @BCAST_FILTER_FRAME_TYPE_ALL: consider all frames. 73 - * @BCAST_FILTER_FRAME_TYPE_IPV4: consider only ipv4 frames 74 - */ 75 - enum iwl_mvm_bcast_filter_frame_type { 76 - BCAST_FILTER_FRAME_TYPE_ALL = 0, 77 - BCAST_FILTER_FRAME_TYPE_IPV4 = 1, 78 - }; 79 - 80 - /** 81 - * struct iwl_fw_bcast_filter - broadcast filter 82 - * @discard: discard frame (1) or let it pass (0). 83 - * @frame_type: &enum iwl_mvm_bcast_filter_frame_type. 84 - * @reserved1: reserved 85 - * @num_attrs: number of valid attributes in this filter. 86 - * @attrs: attributes of this filter. a filter is considered matched 87 - * only when all its attributes are matched (i.e. AND relationship) 88 - */ 89 - struct iwl_fw_bcast_filter { 90 - u8 discard; 91 - u8 frame_type; 92 - u8 num_attrs; 93 - u8 reserved1; 94 - struct iwl_fw_bcast_filter_attr attrs[MAX_BCAST_FILTER_ATTRS]; 95 - } __packed; /* BCAST_FILTER_S_VER_1 */ 96 - 97 - /** 98 - * struct iwl_fw_bcast_mac - per-mac broadcast filtering configuration. 99 - * @default_discard: default action for this mac (discard (1) / pass (0)). 100 - * @reserved1: reserved 101 - * @attached_filters: bitmap of relevant filters for this mac. 102 - */ 103 - struct iwl_fw_bcast_mac { 104 - u8 default_discard; 105 - u8 reserved1; 106 - __le16 attached_filters; 107 - } __packed; /* BCAST_MAC_CONTEXT_S_VER_1 */ 108 - 109 - /** 110 - * struct iwl_bcast_filter_cmd - broadcast filtering configuration 111 - * @disable: enable (0) / disable (1) 112 - * @max_bcast_filters: max number of filters (MAX_BCAST_FILTERS) 113 - * @max_macs: max number of macs (NUM_MAC_INDEX_DRIVER) 114 - * @reserved1: reserved 115 - * @filters: broadcast filters 116 - * @macs: broadcast filtering configuration per-mac 117 - */ 118 - struct iwl_bcast_filter_cmd { 119 - u8 disable; 120 - u8 max_bcast_filters; 121 - u8 max_macs; 122 - u8 reserved1; 123 - struct iwl_fw_bcast_filter filters[MAX_BCAST_FILTERS]; 124 - struct iwl_fw_bcast_mac macs[NUM_MAC_INDEX_DRIVER]; 125 - } __packed; /* BCAST_FILTERING_HCMD_API_S_VER_1 */ 126 - 127 39 #endif /* __iwl_fw_api_filter_h__ */
-1
drivers/net/wireless/intel/iwlwifi/fw/api/rs.h
··· 752 752 753 753 u8 iwl_fw_rate_idx_to_plcp(int idx); 754 754 u32 iwl_new_rate_from_v1(u32 rate_v1); 755 - u32 iwl_legacy_rate_to_fw_idx(u32 rate_n_flags); 756 755 const struct iwl_rate_mcs_info *iwl_rate_mcs(int idx); 757 756 const char *iwl_rs_pretty_ant(u8 ant); 758 757 const char *iwl_rs_pretty_bw(int bw);
-2
drivers/net/wireless/intel/iwlwifi/fw/file.h
··· 181 181 * @IWL_UCODE_TLV_FLAGS_NEW_NSOFFL_LARGE: new NS offload (large version) 182 182 * @IWL_UCODE_TLV_FLAGS_UAPSD_SUPPORT: General support for uAPSD 183 183 * @IWL_UCODE_TLV_FLAGS_P2P_PS_UAPSD: P2P client supports uAPSD power save 184 - * @IWL_UCODE_TLV_FLAGS_BCAST_FILTERING: uCode supports broadcast filtering. 185 184 * @IWL_UCODE_TLV_FLAGS_EBS_SUPPORT: this uCode image supports EBS. 186 185 */ 187 186 enum iwl_ucode_tlv_flag { ··· 195 196 IWL_UCODE_TLV_FLAGS_UAPSD_SUPPORT = BIT(24), 196 197 IWL_UCODE_TLV_FLAGS_EBS_SUPPORT = BIT(25), 197 198 IWL_UCODE_TLV_FLAGS_P2P_PS_UAPSD = BIT(26), 198 - IWL_UCODE_TLV_FLAGS_BCAST_FILTERING = BIT(29), 199 199 }; 200 200 201 201 typedef unsigned int __bitwise iwl_ucode_tlv_api_t;
+18 -15
drivers/net/wireless/intel/iwlwifi/fw/rs.c
··· 91 91 } 92 92 IWL_EXPORT_SYMBOL(iwl_rs_pretty_bw); 93 93 94 + static u32 iwl_legacy_rate_to_fw_idx(u32 rate_n_flags) 95 + { 96 + int rate = rate_n_flags & RATE_LEGACY_RATE_MSK_V1; 97 + int idx; 98 + bool ofdm = !(rate_n_flags & RATE_MCS_CCK_MSK_V1); 99 + int offset = ofdm ? IWL_FIRST_OFDM_RATE : 0; 100 + int last = ofdm ? IWL_RATE_COUNT_LEGACY : IWL_FIRST_OFDM_RATE; 101 + 102 + for (idx = offset; idx < last; idx++) 103 + if (iwl_fw_rate_idx_to_plcp(idx) == rate) 104 + return idx - offset; 105 + return IWL_RATE_INVALID; 106 + } 107 + 94 108 u32 iwl_new_rate_from_v1(u32 rate_v1) 95 109 { 96 110 u32 rate_v2 = 0; ··· 158 144 } else { 159 145 u32 legacy_rate = iwl_legacy_rate_to_fw_idx(rate_v1); 160 146 161 - WARN_ON(legacy_rate < 0); 147 + if (WARN_ON_ONCE(legacy_rate == IWL_RATE_INVALID)) 148 + legacy_rate = (rate_v1 & RATE_MCS_CCK_MSK_V1) ? 149 + IWL_FIRST_CCK_RATE : IWL_FIRST_OFDM_RATE; 150 + 162 151 rate_v2 |= legacy_rate; 163 152 if (!(rate_v1 & RATE_MCS_CCK_MSK_V1)) 164 153 rate_v2 |= RATE_MCS_LEGACY_OFDM_MSK; ··· 188 171 return rate_v2; 189 172 } 190 173 IWL_EXPORT_SYMBOL(iwl_new_rate_from_v1); 191 - 192 - u32 iwl_legacy_rate_to_fw_idx(u32 rate_n_flags) 193 - { 194 - int rate = rate_n_flags & RATE_LEGACY_RATE_MSK_V1; 195 - int idx; 196 - bool ofdm = !(rate_n_flags & RATE_MCS_CCK_MSK_V1); 197 - int offset = ofdm ? IWL_FIRST_OFDM_RATE : 0; 198 - int last = ofdm ? IWL_RATE_COUNT_LEGACY : IWL_FIRST_OFDM_RATE; 199 - 200 - for (idx = offset; idx < last; idx++) 201 - if (iwl_fw_rate_idx_to_plcp(idx) == rate) 202 - return idx - offset; 203 - return -1; 204 - } 205 174 206 175 int rs_pretty_print_rate(char *buf, int bufsz, const u32 rate) 207 176 {
+2 -1
drivers/net/wireless/intel/iwlwifi/iwl-csr.h
··· 1 1 /* SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause */ 2 2 /* 3 - * Copyright (C) 2005-2014, 2018-2021 Intel Corporation 3 + * Copyright (C) 2005-2014, 2018-2022 Intel Corporation 4 4 * Copyright (C) 2013-2014 Intel Mobile Communications GmbH 5 5 * Copyright (C) 2016 Intel Deutschland GmbH 6 6 */ ··· 329 329 #define CSR_HW_REV_TYPE_2x00 (0x0000100) 330 330 #define CSR_HW_REV_TYPE_105 (0x0000110) 331 331 #define CSR_HW_REV_TYPE_135 (0x0000120) 332 + #define CSR_HW_REV_TYPE_3160 (0x0000164) 332 333 #define CSR_HW_REV_TYPE_7265D (0x0000210) 333 334 #define CSR_HW_REV_TYPE_NONE (0x00001F0) 334 335 #define CSR_HW_REV_TYPE_QNJ (0x0000360)
+2
drivers/net/wireless/intel/iwlwifi/iwl-drv.c
··· 1707 1707 out_unbind: 1708 1708 complete(&drv->request_firmware_complete); 1709 1709 device_release_driver(drv->trans->dev); 1710 + /* drv has just been freed by the release */ 1711 + failure = false; 1710 1712 free: 1711 1713 if (failure) 1712 1714 iwl_dealloc_ucode(drv);
+34 -11
drivers/net/wireless/intel/iwlwifi/mei/main.c
··· 1 1 // SPDX-License-Identifier: GPL-2.0-only 2 2 /* 3 - * Copyright (C) 2021 Intel Corporation 3 + * Copyright (C) 2021-2022 Intel Corporation 4 4 */ 5 5 6 6 #include <linux/etherdevice.h> ··· 146 146 * @csme_taking_ownership: true when CSME is taking ownership. Used to remember 147 147 * to send CSME_OWNERSHIP_CONFIRMED when the driver completes its down 148 148 * flow. 149 + * @link_prot_state: true when we are in link protection PASSIVE 149 150 * @csa_throttle_end_wk: used when &csa_throttled is true 150 151 * @data_q_lock: protects the access to the data queues which are 151 152 * accessed without the mutex. ··· 166 165 bool amt_enabled; 167 166 bool csa_throttled; 168 167 bool csme_taking_ownership; 168 + bool link_prot_state; 169 169 struct delayed_work csa_throttle_end_wk; 170 170 spinlock_t data_q_lock; 171 171 ··· 231 229 if (IS_ERR(mem->ctrl)) { 232 230 int ret = PTR_ERR(mem->ctrl); 233 231 234 - dev_err(&cldev->dev, "Couldn't allocate the shared memory: %d\n", 235 - ret); 236 232 mem->ctrl = NULL; 237 233 238 234 return ret; ··· 668 668 ether_addr_copy(conn_info.bssid, status->conn_info.bssid); 669 669 670 670 iwl_mei_cache.ops->me_conn_status(iwl_mei_cache.priv, &conn_info); 671 + 672 + mei->link_prot_state = status->link_prot_state; 671 673 672 674 /* 673 675 * Update the Rfkill state in case the host does not own the device: ··· 1665 1663 mei_cldev_get_drvdata(iwl_mei_global_cldev); 1666 1664 1667 1665 /* we have already a SAP connection */ 1668 - if (iwl_mei_is_connected()) 1666 + if (iwl_mei_is_connected()) { 1669 1667 iwl_mei_send_sap_msg(mei->cldev, 1670 1668 SAP_MSG_NOTIF_WIFIDR_UP); 1669 + ops->rfkill(priv, mei->link_prot_state); 1670 + } 1671 1671 } 1672 1672 ret = 0; 1673 1673 ··· 1788 1784 1789 1785 #endif /* CONFIG_DEBUG_FS */ 1790 1786 1787 + #define ALLOC_SHARED_MEM_RETRY_MAX_NUM 3 1788 + 1791 1789 /* 1792 1790 * iwl_mei_probe - the probe function called by the mei bus enumeration 1793 1791 * ··· 1801 1795 static int iwl_mei_probe(struct mei_cl_device *cldev, 1802 1796 const struct mei_cl_device_id *id) 1803 1797 { 1798 + int alloc_retry = ALLOC_SHARED_MEM_RETRY_MAX_NUM; 1804 1799 struct iwl_mei *mei; 1805 1800 int ret; 1806 1801 ··· 1819 1812 mei_cldev_set_drvdata(cldev, mei); 1820 1813 mei->cldev = cldev; 1821 1814 1822 - /* 1823 - * The CSME firmware needs to boot the internal WLAN client. Wait here 1824 - * so that the DMA map request will succeed. 1825 - */ 1826 - msleep(20); 1815 + do { 1816 + ret = iwl_mei_alloc_shared_mem(cldev); 1817 + if (!ret) 1818 + break; 1819 + /* 1820 + * The CSME firmware needs to boot the internal WLAN client. 1821 + * This can take time in certain configurations (usually 1822 + * upon resume and when the whole CSME firmware is shut down 1823 + * during suspend). 1824 + * 1825 + * Wait a bit before retrying and hope we'll succeed next time. 1826 + */ 1827 1827 1828 - ret = iwl_mei_alloc_shared_mem(cldev); 1829 - if (ret) 1828 + dev_dbg(&cldev->dev, 1829 + "Couldn't allocate the shared memory: %d, attempt %d / %d\n", 1830 + ret, alloc_retry, ALLOC_SHARED_MEM_RETRY_MAX_NUM); 1831 + msleep(100); 1832 + alloc_retry--; 1833 + } while (alloc_retry); 1834 + 1835 + if (ret) { 1836 + dev_err(&cldev->dev, "Couldn't allocate the shared memory: %d\n", 1837 + ret); 1830 1838 goto free; 1839 + } 1831 1840 1832 1841 iwl_mei_init_shared_mem(mei); 1833 1842
+1 -2
drivers/net/wireless/intel/iwlwifi/mei/net.c
··· 195 195 bool match; 196 196 197 197 if (!pskb_may_pull(skb, skb_network_offset(skb) + sizeof(*iphdr)) || 198 - !pskb_may_pull(skb, skb_network_offset(skb) + 199 - sizeof(ip_hdrlen(skb) - sizeof(*iphdr)))) 198 + !pskb_may_pull(skb, skb_network_offset(skb) + ip_hdrlen(skb))) 200 199 return false; 201 200 202 201 iphdrlen = ip_hdrlen(skb);
-203
drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
··· 1369 1369 return count; 1370 1370 } 1371 1371 1372 - #define ADD_TEXT(...) pos += scnprintf(buf + pos, bufsz - pos, __VA_ARGS__) 1373 - #ifdef CONFIG_IWLWIFI_BCAST_FILTERING 1374 - static ssize_t iwl_dbgfs_bcast_filters_read(struct file *file, 1375 - char __user *user_buf, 1376 - size_t count, loff_t *ppos) 1377 - { 1378 - struct iwl_mvm *mvm = file->private_data; 1379 - struct iwl_bcast_filter_cmd cmd; 1380 - const struct iwl_fw_bcast_filter *filter; 1381 - char *buf; 1382 - int bufsz = 1024; 1383 - int i, j, pos = 0; 1384 - ssize_t ret; 1385 - 1386 - buf = kzalloc(bufsz, GFP_KERNEL); 1387 - if (!buf) 1388 - return -ENOMEM; 1389 - 1390 - mutex_lock(&mvm->mutex); 1391 - if (!iwl_mvm_bcast_filter_build_cmd(mvm, &cmd)) { 1392 - ADD_TEXT("None\n"); 1393 - mutex_unlock(&mvm->mutex); 1394 - goto out; 1395 - } 1396 - mutex_unlock(&mvm->mutex); 1397 - 1398 - for (i = 0; cmd.filters[i].attrs[0].mask; i++) { 1399 - filter = &cmd.filters[i]; 1400 - 1401 - ADD_TEXT("Filter [%d]:\n", i); 1402 - ADD_TEXT("\tDiscard=%d\n", filter->discard); 1403 - ADD_TEXT("\tFrame Type: %s\n", 1404 - filter->frame_type ? "IPv4" : "Generic"); 1405 - 1406 - for (j = 0; j < ARRAY_SIZE(filter->attrs); j++) { 1407 - const struct iwl_fw_bcast_filter_attr *attr; 1408 - 1409 - attr = &filter->attrs[j]; 1410 - if (!attr->mask) 1411 - break; 1412 - 1413 - ADD_TEXT("\tAttr [%d]: offset=%d (from %s), mask=0x%x, value=0x%x reserved=0x%x\n", 1414 - j, attr->offset, 1415 - attr->offset_type ? "IP End" : 1416 - "Payload Start", 1417 - be32_to_cpu(attr->mask), 1418 - be32_to_cpu(attr->val), 1419 - le16_to_cpu(attr->reserved1)); 1420 - } 1421 - } 1422 - out: 1423 - ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos); 1424 - kfree(buf); 1425 - return ret; 1426 - } 1427 - 1428 - static ssize_t iwl_dbgfs_bcast_filters_write(struct iwl_mvm *mvm, char *buf, 1429 - size_t count, loff_t *ppos) 1430 - { 1431 - int pos, next_pos; 1432 - struct iwl_fw_bcast_filter filter = {}; 1433 - struct iwl_bcast_filter_cmd cmd; 1434 - u32 filter_id, attr_id, mask, value; 1435 - int err = 0; 1436 - 1437 - if (sscanf(buf, "%d %hhi %hhi %n", &filter_id, &filter.discard, 1438 - &filter.frame_type, &pos) != 3) 1439 - return -EINVAL; 1440 - 1441 - if (filter_id >= ARRAY_SIZE(mvm->dbgfs_bcast_filtering.cmd.filters) || 1442 - filter.frame_type > BCAST_FILTER_FRAME_TYPE_IPV4) 1443 - return -EINVAL; 1444 - 1445 - for (attr_id = 0; attr_id < ARRAY_SIZE(filter.attrs); 1446 - attr_id++) { 1447 - struct iwl_fw_bcast_filter_attr *attr = 1448 - &filter.attrs[attr_id]; 1449 - 1450 - if (pos >= count) 1451 - break; 1452 - 1453 - if (sscanf(&buf[pos], "%hhi %hhi %i %i %n", 1454 - &attr->offset, &attr->offset_type, 1455 - &mask, &value, &next_pos) != 4) 1456 - return -EINVAL; 1457 - 1458 - attr->mask = cpu_to_be32(mask); 1459 - attr->val = cpu_to_be32(value); 1460 - if (mask) 1461 - filter.num_attrs++; 1462 - 1463 - pos += next_pos; 1464 - } 1465 - 1466 - mutex_lock(&mvm->mutex); 1467 - memcpy(&mvm->dbgfs_bcast_filtering.cmd.filters[filter_id], 1468 - &filter, sizeof(filter)); 1469 - 1470 - /* send updated bcast filtering configuration */ 1471 - if (iwl_mvm_firmware_running(mvm) && 1472 - mvm->dbgfs_bcast_filtering.override && 1473 - iwl_mvm_bcast_filter_build_cmd(mvm, &cmd)) 1474 - err = iwl_mvm_send_cmd_pdu(mvm, BCAST_FILTER_CMD, 0, 1475 - sizeof(cmd), &cmd); 1476 - mutex_unlock(&mvm->mutex); 1477 - 1478 - return err ?: count; 1479 - } 1480 - 1481 - static ssize_t iwl_dbgfs_bcast_filters_macs_read(struct file *file, 1482 - char __user *user_buf, 1483 - size_t count, loff_t *ppos) 1484 - { 1485 - struct iwl_mvm *mvm = file->private_data; 1486 - struct iwl_bcast_filter_cmd cmd; 1487 - char *buf; 1488 - int bufsz = 1024; 1489 - int i, pos = 0; 1490 - ssize_t ret; 1491 - 1492 - buf = kzalloc(bufsz, GFP_KERNEL); 1493 - if (!buf) 1494 - return -ENOMEM; 1495 - 1496 - mutex_lock(&mvm->mutex); 1497 - if (!iwl_mvm_bcast_filter_build_cmd(mvm, &cmd)) { 1498 - ADD_TEXT("None\n"); 1499 - mutex_unlock(&mvm->mutex); 1500 - goto out; 1501 - } 1502 - mutex_unlock(&mvm->mutex); 1503 - 1504 - for (i = 0; i < ARRAY_SIZE(cmd.macs); i++) { 1505 - const struct iwl_fw_bcast_mac *mac = &cmd.macs[i]; 1506 - 1507 - ADD_TEXT("Mac [%d]: discard=%d attached_filters=0x%x\n", 1508 - i, mac->default_discard, mac->attached_filters); 1509 - } 1510 - out: 1511 - ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos); 1512 - kfree(buf); 1513 - return ret; 1514 - } 1515 - 1516 - static ssize_t iwl_dbgfs_bcast_filters_macs_write(struct iwl_mvm *mvm, 1517 - char *buf, size_t count, 1518 - loff_t *ppos) 1519 - { 1520 - struct iwl_bcast_filter_cmd cmd; 1521 - struct iwl_fw_bcast_mac mac = {}; 1522 - u32 mac_id, attached_filters; 1523 - int err = 0; 1524 - 1525 - if (!mvm->bcast_filters) 1526 - return -ENOENT; 1527 - 1528 - if (sscanf(buf, "%d %hhi %i", &mac_id, &mac.default_discard, 1529 - &attached_filters) != 3) 1530 - return -EINVAL; 1531 - 1532 - if (mac_id >= ARRAY_SIZE(cmd.macs) || 1533 - mac.default_discard > 1 || 1534 - attached_filters >= BIT(ARRAY_SIZE(cmd.filters))) 1535 - return -EINVAL; 1536 - 1537 - mac.attached_filters = cpu_to_le16(attached_filters); 1538 - 1539 - mutex_lock(&mvm->mutex); 1540 - memcpy(&mvm->dbgfs_bcast_filtering.cmd.macs[mac_id], 1541 - &mac, sizeof(mac)); 1542 - 1543 - /* send updated bcast filtering configuration */ 1544 - if (iwl_mvm_firmware_running(mvm) && 1545 - mvm->dbgfs_bcast_filtering.override && 1546 - iwl_mvm_bcast_filter_build_cmd(mvm, &cmd)) 1547 - err = iwl_mvm_send_cmd_pdu(mvm, BCAST_FILTER_CMD, 0, 1548 - sizeof(cmd), &cmd); 1549 - mutex_unlock(&mvm->mutex); 1550 - 1551 - return err ?: count; 1552 - } 1553 - #endif 1554 - 1555 1372 #define MVM_DEBUGFS_WRITE_FILE_OPS(name, bufsz) \ 1556 1373 _MVM_DEBUGFS_WRITE_FILE_OPS(name, bufsz, struct iwl_mvm) 1557 1374 #define MVM_DEBUGFS_READ_WRITE_FILE_OPS(name, bufsz) \ ··· 1698 1881 1699 1882 MVM_DEBUGFS_READ_FILE_OPS(uapsd_noagg_bssids); 1700 1883 1701 - #ifdef CONFIG_IWLWIFI_BCAST_FILTERING 1702 - MVM_DEBUGFS_READ_WRITE_FILE_OPS(bcast_filters, 256); 1703 - MVM_DEBUGFS_READ_WRITE_FILE_OPS(bcast_filters_macs, 256); 1704 - #endif 1705 - 1706 1884 #ifdef CONFIG_ACPI 1707 1885 MVM_DEBUGFS_READ_FILE_OPS(sar_geo_profile); 1708 1886 #endif ··· 1908 2096 &mvm->drop_bcn_ap_mode); 1909 2097 1910 2098 MVM_DEBUGFS_ADD_FILE(uapsd_noagg_bssids, mvm->debugfs_dir, S_IRUSR); 1911 - 1912 - #ifdef CONFIG_IWLWIFI_BCAST_FILTERING 1913 - if (mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_BCAST_FILTERING) { 1914 - bcast_dir = debugfs_create_dir("bcast_filtering", 1915 - mvm->debugfs_dir); 1916 - 1917 - debugfs_create_bool("override", 0600, bcast_dir, 1918 - &mvm->dbgfs_bcast_filtering.override); 1919 - 1920 - MVM_DEBUGFS_ADD_FILE_ALIAS("filters", bcast_filters, 1921 - bcast_dir, 0600); 1922 - MVM_DEBUGFS_ADD_FILE_ALIAS("macs", bcast_filters_macs, 1923 - bcast_dir, 0600); 1924 - } 1925 - #endif 1926 2099 1927 2100 #ifdef CONFIG_PM_SLEEP 1928 2101 MVM_DEBUGFS_ADD_FILE(d3_test, mvm->debugfs_dir, 0400);
+1 -1
drivers/net/wireless/intel/iwlwifi/mvm/fw.c
··· 1741 1741 ret = iwl_mvm_sar_init(mvm); 1742 1742 if (ret == 0) 1743 1743 ret = iwl_mvm_sar_geo_init(mvm); 1744 - else if (ret < 0) 1744 + if (ret < 0) 1745 1745 goto error; 1746 1746 1747 1747 ret = iwl_mvm_sgom_init(mvm);
-240
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
··· 55 55 }, 56 56 }; 57 57 58 - #ifdef CONFIG_IWLWIFI_BCAST_FILTERING 59 - /* 60 - * Use the reserved field to indicate magic values. 61 - * these values will only be used internally by the driver, 62 - * and won't make it to the fw (reserved will be 0). 63 - * BC_FILTER_MAGIC_IP - configure the val of this attribute to 64 - * be the vif's ip address. in case there is not a single 65 - * ip address (0, or more than 1), this attribute will 66 - * be skipped. 67 - * BC_FILTER_MAGIC_MAC - set the val of this attribute to 68 - * the LSB bytes of the vif's mac address 69 - */ 70 - enum { 71 - BC_FILTER_MAGIC_NONE = 0, 72 - BC_FILTER_MAGIC_IP, 73 - BC_FILTER_MAGIC_MAC, 74 - }; 75 - 76 - static const struct iwl_fw_bcast_filter iwl_mvm_default_bcast_filters[] = { 77 - { 78 - /* arp */ 79 - .discard = 0, 80 - .frame_type = BCAST_FILTER_FRAME_TYPE_ALL, 81 - .attrs = { 82 - { 83 - /* frame type - arp, hw type - ethernet */ 84 - .offset_type = 85 - BCAST_FILTER_OFFSET_PAYLOAD_START, 86 - .offset = sizeof(rfc1042_header), 87 - .val = cpu_to_be32(0x08060001), 88 - .mask = cpu_to_be32(0xffffffff), 89 - }, 90 - { 91 - /* arp dest ip */ 92 - .offset_type = 93 - BCAST_FILTER_OFFSET_PAYLOAD_START, 94 - .offset = sizeof(rfc1042_header) + 2 + 95 - sizeof(struct arphdr) + 96 - ETH_ALEN + sizeof(__be32) + 97 - ETH_ALEN, 98 - .mask = cpu_to_be32(0xffffffff), 99 - /* mark it as special field */ 100 - .reserved1 = cpu_to_le16(BC_FILTER_MAGIC_IP), 101 - }, 102 - }, 103 - }, 104 - { 105 - /* dhcp offer bcast */ 106 - .discard = 0, 107 - .frame_type = BCAST_FILTER_FRAME_TYPE_IPV4, 108 - .attrs = { 109 - { 110 - /* udp dest port - 68 (bootp client)*/ 111 - .offset_type = BCAST_FILTER_OFFSET_IP_END, 112 - .offset = offsetof(struct udphdr, dest), 113 - .val = cpu_to_be32(0x00440000), 114 - .mask = cpu_to_be32(0xffff0000), 115 - }, 116 - { 117 - /* dhcp - lsb bytes of client hw address */ 118 - .offset_type = BCAST_FILTER_OFFSET_IP_END, 119 - .offset = 38, 120 - .mask = cpu_to_be32(0xffffffff), 121 - /* mark it as special field */ 122 - .reserved1 = cpu_to_le16(BC_FILTER_MAGIC_MAC), 123 - }, 124 - }, 125 - }, 126 - /* last filter must be empty */ 127 - {}, 128 - }; 129 - #endif 130 - 131 58 static const struct cfg80211_pmsr_capabilities iwl_mvm_pmsr_capa = { 132 59 .max_peers = IWL_MVM_TOF_MAX_APS, 133 60 .report_ap_tsf = 1, ··· 618 691 iwl_umac_scan_get_max_profiles(mvm->fw); 619 692 hw->wiphy->wowlan = &mvm->wowlan; 620 693 } 621 - #endif 622 - 623 - #ifdef CONFIG_IWLWIFI_BCAST_FILTERING 624 - /* assign default bcast filtering configuration */ 625 - mvm->bcast_filters = iwl_mvm_default_bcast_filters; 626 694 #endif 627 695 628 696 ret = iwl_mvm_leds_init(mvm); ··· 1775 1853 mutex_unlock(&mvm->mutex); 1776 1854 } 1777 1855 1778 - #ifdef CONFIG_IWLWIFI_BCAST_FILTERING 1779 - struct iwl_bcast_iter_data { 1780 - struct iwl_mvm *mvm; 1781 - struct iwl_bcast_filter_cmd *cmd; 1782 - u8 current_filter; 1783 - }; 1784 - 1785 - static void 1786 - iwl_mvm_set_bcast_filter(struct ieee80211_vif *vif, 1787 - const struct iwl_fw_bcast_filter *in_filter, 1788 - struct iwl_fw_bcast_filter *out_filter) 1789 - { 1790 - struct iwl_fw_bcast_filter_attr *attr; 1791 - int i; 1792 - 1793 - memcpy(out_filter, in_filter, sizeof(*out_filter)); 1794 - 1795 - for (i = 0; i < ARRAY_SIZE(out_filter->attrs); i++) { 1796 - attr = &out_filter->attrs[i]; 1797 - 1798 - if (!attr->mask) 1799 - break; 1800 - 1801 - switch (attr->reserved1) { 1802 - case cpu_to_le16(BC_FILTER_MAGIC_IP): 1803 - if (vif->bss_conf.arp_addr_cnt != 1) { 1804 - attr->mask = 0; 1805 - continue; 1806 - } 1807 - 1808 - attr->val = vif->bss_conf.arp_addr_list[0]; 1809 - break; 1810 - case cpu_to_le16(BC_FILTER_MAGIC_MAC): 1811 - attr->val = *(__be32 *)&vif->addr[2]; 1812 - break; 1813 - default: 1814 - break; 1815 - } 1816 - attr->reserved1 = 0; 1817 - out_filter->num_attrs++; 1818 - } 1819 - } 1820 - 1821 - static void iwl_mvm_bcast_filter_iterator(void *_data, u8 *mac, 1822 - struct ieee80211_vif *vif) 1823 - { 1824 - struct iwl_bcast_iter_data *data = _data; 1825 - struct iwl_mvm *mvm = data->mvm; 1826 - struct iwl_bcast_filter_cmd *cmd = data->cmd; 1827 - struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif); 1828 - struct iwl_fw_bcast_mac *bcast_mac; 1829 - int i; 1830 - 1831 - if (WARN_ON(mvmvif->id >= ARRAY_SIZE(cmd->macs))) 1832 - return; 1833 - 1834 - bcast_mac = &cmd->macs[mvmvif->id]; 1835 - 1836 - /* 1837 - * enable filtering only for associated stations, but not for P2P 1838 - * Clients 1839 - */ 1840 - if (vif->type != NL80211_IFTYPE_STATION || vif->p2p || 1841 - !vif->bss_conf.assoc) 1842 - return; 1843 - 1844 - bcast_mac->default_discard = 1; 1845 - 1846 - /* copy all configured filters */ 1847 - for (i = 0; mvm->bcast_filters[i].attrs[0].mask; i++) { 1848 - /* 1849 - * Make sure we don't exceed our filters limit. 1850 - * if there is still a valid filter to be configured, 1851 - * be on the safe side and just allow bcast for this mac. 1852 - */ 1853 - if (WARN_ON_ONCE(data->current_filter >= 1854 - ARRAY_SIZE(cmd->filters))) { 1855 - bcast_mac->default_discard = 0; 1856 - bcast_mac->attached_filters = 0; 1857 - break; 1858 - } 1859 - 1860 - iwl_mvm_set_bcast_filter(vif, 1861 - &mvm->bcast_filters[i], 1862 - &cmd->filters[data->current_filter]); 1863 - 1864 - /* skip current filter if it contains no attributes */ 1865 - if (!cmd->filters[data->current_filter].num_attrs) 1866 - continue; 1867 - 1868 - /* attach the filter to current mac */ 1869 - bcast_mac->attached_filters |= 1870 - cpu_to_le16(BIT(data->current_filter)); 1871 - 1872 - data->current_filter++; 1873 - } 1874 - } 1875 - 1876 - bool iwl_mvm_bcast_filter_build_cmd(struct iwl_mvm *mvm, 1877 - struct iwl_bcast_filter_cmd *cmd) 1878 - { 1879 - struct iwl_bcast_iter_data iter_data = { 1880 - .mvm = mvm, 1881 - .cmd = cmd, 1882 - }; 1883 - 1884 - if (IWL_MVM_FW_BCAST_FILTER_PASS_ALL) 1885 - return false; 1886 - 1887 - memset(cmd, 0, sizeof(*cmd)); 1888 - cmd->max_bcast_filters = ARRAY_SIZE(cmd->filters); 1889 - cmd->max_macs = ARRAY_SIZE(cmd->macs); 1890 - 1891 - #ifdef CONFIG_IWLWIFI_DEBUGFS 1892 - /* use debugfs filters/macs if override is configured */ 1893 - if (mvm->dbgfs_bcast_filtering.override) { 1894 - memcpy(cmd->filters, &mvm->dbgfs_bcast_filtering.cmd.filters, 1895 - sizeof(cmd->filters)); 1896 - memcpy(cmd->macs, &mvm->dbgfs_bcast_filtering.cmd.macs, 1897 - sizeof(cmd->macs)); 1898 - return true; 1899 - } 1900 - #endif 1901 - 1902 - /* if no filters are configured, do nothing */ 1903 - if (!mvm->bcast_filters) 1904 - return false; 1905 - 1906 - /* configure and attach these filters for each associated sta vif */ 1907 - ieee80211_iterate_active_interfaces( 1908 - mvm->hw, IEEE80211_IFACE_ITER_NORMAL, 1909 - iwl_mvm_bcast_filter_iterator, &iter_data); 1910 - 1911 - return true; 1912 - } 1913 - 1914 - static int iwl_mvm_configure_bcast_filter(struct iwl_mvm *mvm) 1915 - { 1916 - struct iwl_bcast_filter_cmd cmd; 1917 - 1918 - if (!(mvm->fw->ucode_capa.flags & IWL_UCODE_TLV_FLAGS_BCAST_FILTERING)) 1919 - return 0; 1920 - 1921 - if (!iwl_mvm_bcast_filter_build_cmd(mvm, &cmd)) 1922 - return 0; 1923 - 1924 - return iwl_mvm_send_cmd_pdu(mvm, BCAST_FILTER_CMD, 0, 1925 - sizeof(cmd), &cmd); 1926 - } 1927 - #else 1928 - static inline int iwl_mvm_configure_bcast_filter(struct iwl_mvm *mvm) 1929 - { 1930 - return 0; 1931 - } 1932 - #endif 1933 - 1934 1856 static int iwl_mvm_update_mu_groups(struct iwl_mvm *mvm, 1935 1857 struct ieee80211_vif *vif) 1936 1858 { ··· 2286 2520 } 2287 2521 2288 2522 iwl_mvm_recalc_multicast(mvm); 2289 - iwl_mvm_configure_bcast_filter(mvm); 2290 2523 2291 2524 /* reset rssi values */ 2292 2525 mvmvif->bf_data.ave_beacon_signal = 0; ··· 2333 2568 IWL_ERR(mvm, 2334 2569 "failed to update CQM thresholds\n"); 2335 2570 } 2336 - } 2337 - 2338 - if (changes & BSS_CHANGED_ARP_FILTER) { 2339 - IWL_DEBUG_MAC80211(mvm, "arp filter changed\n"); 2340 - iwl_mvm_configure_bcast_filter(mvm); 2341 2571 } 2342 2572 2343 2573 if (changes & BSS_CHANGED_BANDWIDTH)
+1 -14
drivers/net/wireless/intel/iwlwifi/mvm/mvm.h
··· 884 884 /* rx chain antennas set through debugfs for the scan command */ 885 885 u8 scan_rx_ant; 886 886 887 - #ifdef CONFIG_IWLWIFI_BCAST_FILTERING 888 - /* broadcast filters to configure for each associated station */ 889 - const struct iwl_fw_bcast_filter *bcast_filters; 890 - #ifdef CONFIG_IWLWIFI_DEBUGFS 891 - struct { 892 - bool override; 893 - struct iwl_bcast_filter_cmd cmd; 894 - } dbgfs_bcast_filtering; 895 - #endif 896 - #endif 897 - 898 887 /* Internal station */ 899 888 struct iwl_mvm_int_sta aux_sta; 900 889 struct iwl_mvm_int_sta snif_sta; ··· 1582 1593 int iwl_mvm_load_d3_fw(struct iwl_mvm *mvm); 1583 1594 1584 1595 int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm); 1585 - bool iwl_mvm_bcast_filter_build_cmd(struct iwl_mvm *mvm, 1586 - struct iwl_bcast_filter_cmd *cmd); 1587 1596 1588 1597 /* 1589 1598 * FW notifications / CMD responses handlers ··· 2212 2225 static inline void iwl_mvm_mei_set_sw_rfkill_state(struct iwl_mvm *mvm) 2213 2226 { 2214 2227 bool sw_rfkill = 2215 - mvm->hw_registered ? rfkill_blocked(mvm->hw->wiphy->rfkill) : false; 2228 + mvm->hw_registered ? rfkill_soft_blocked(mvm->hw->wiphy->rfkill) : false; 2216 2229 2217 2230 if (mvm->mei_registered) 2218 2231 iwl_mei_set_rfkill_state(iwl_mvm_is_radio_killed(mvm),
-1
drivers/net/wireless/intel/iwlwifi/mvm/ops.c
··· 469 469 HCMD_NAME(MCC_CHUB_UPDATE_CMD), 470 470 HCMD_NAME(MARKER_CMD), 471 471 HCMD_NAME(BT_PROFILE_NOTIFICATION), 472 - HCMD_NAME(BCAST_FILTER_CMD), 473 472 HCMD_NAME(MCAST_FILTER_CMD), 474 473 HCMD_NAME(REPLY_SF_CFG_CMD), 475 474 HCMD_NAME(REPLY_BEACON_FILTERING_CMD),
+1 -1
drivers/net/wireless/intel/iwlwifi/mvm/tx.c
··· 1427 1427 struct ieee80211_tx_rate *r = &info->status.rates[0]; 1428 1428 1429 1429 if (iwl_fw_lookup_notif_ver(fw, LONG_GROUP, 1430 - TX_CMD, 0) > 6) 1430 + TX_CMD, 0) <= 6) 1431 1431 rate_n_flags = iwl_new_rate_from_v1(rate_n_flags); 1432 1432 1433 1433 info->status.antenna =
+1 -2
drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c
··· 385 385 /* This may fail if AMT took ownership of the device */ 386 386 if (iwl_pcie_prepare_card_hw(trans)) { 387 387 IWL_WARN(trans, "Exit HW not ready\n"); 388 - ret = -EIO; 389 - goto out; 388 + return -EIO; 390 389 } 391 390 392 391 iwl_enable_rfkill_int(trans);
+1 -2
drivers/net/wireless/intel/iwlwifi/pcie/trans.c
··· 1329 1329 /* This may fail if AMT took ownership of the device */ 1330 1330 if (iwl_pcie_prepare_card_hw(trans)) { 1331 1331 IWL_WARN(trans, "Exit HW not ready\n"); 1332 - ret = -EIO; 1333 - goto out; 1332 + return -EIO; 1334 1333 } 1335 1334 1336 1335 iwl_enable_rfkill_int(trans);
+13
drivers/net/wireless/mac80211_hwsim.c
··· 2336 2336 if (req->ie_len) 2337 2337 skb_put_data(probe, req->ie, req->ie_len); 2338 2338 2339 + if (!ieee80211_tx_prepare_skb(hwsim->hw, 2340 + hwsim->hw_scan_vif, 2341 + probe, 2342 + hwsim->tmp_chan->band, 2343 + NULL)) { 2344 + kfree_skb(probe); 2345 + continue; 2346 + } 2347 + 2339 2348 local_bh_disable(); 2340 2349 mac80211_hwsim_tx_frame(hwsim->hw, probe, 2341 2350 hwsim->tmp_chan); ··· 3779 3770 } 3780 3771 txi->flags |= IEEE80211_TX_STAT_ACK; 3781 3772 } 3773 + 3774 + if (hwsim_flags & HWSIM_TX_CTL_NO_ACK) 3775 + txi->flags |= IEEE80211_TX_STAT_NOACK_TRANSMITTED; 3776 + 3782 3777 ieee80211_tx_status_irqsafe(data2->hw, skb); 3783 3778 return 0; 3784 3779 out:
+1 -1
include/linux/netdevice.h
··· 2158 2158 struct netdev_queue *_tx ____cacheline_aligned_in_smp; 2159 2159 unsigned int num_tx_queues; 2160 2160 unsigned int real_num_tx_queues; 2161 - struct Qdisc *qdisc; 2161 + struct Qdisc __rcu *qdisc; 2162 2162 unsigned int tx_queue_len; 2163 2163 spinlock_t tx_global_lock; 2164 2164
-2
include/net/addrconf.h
··· 109 109 int ipv6_dev_get_saddr(struct net *net, const struct net_device *dev, 110 110 const struct in6_addr *daddr, unsigned int srcprefs, 111 111 struct in6_addr *saddr); 112 - int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr, 113 - u32 banned_flags); 114 112 int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr, 115 113 u32 banned_flags); 116 114 bool inet_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2,
+1 -1
include/net/bond_3ad.h
··· 262 262 struct ad_bond_info { 263 263 struct ad_system system; /* 802.3ad system structure */ 264 264 struct bond_3ad_stats stats; 265 - u32 agg_select_timer; /* Timer to select aggregator after all adapter's hand shakes */ 265 + atomic_t agg_select_timer; /* Timer to select aggregator after all adapter's hand shakes */ 266 266 u16 aggregator_identifier; 267 267 }; 268 268
+1
include/net/dsa.h
··· 1187 1187 int dsa_register_switch(struct dsa_switch *ds); 1188 1188 void dsa_switch_shutdown(struct dsa_switch *ds); 1189 1189 struct dsa_switch *dsa_switch_find(int tree_index, int sw_index); 1190 + void dsa_flush_workqueue(void); 1190 1191 #ifdef CONFIG_PM_SLEEP 1191 1192 int dsa_switch_suspend(struct dsa_switch *ds); 1192 1193 int dsa_switch_resume(struct dsa_switch *ds);
+6 -4
include/net/ip6_fib.h
··· 190 190 u32 fib6_metric; 191 191 u8 fib6_protocol; 192 192 u8 fib6_type; 193 + 194 + u8 offload; 195 + u8 trap; 196 + u8 offload_failed; 197 + 193 198 u8 should_flush:1, 194 199 dst_nocount:1, 195 200 dst_nopolicy:1, 196 201 fib6_destroying:1, 197 - offload:1, 198 - trap:1, 199 - offload_failed:1, 200 - unused:1; 202 + unused:4; 201 203 202 204 struct rcu_head rcu; 203 205 struct nexthop *nh;
+4 -1
include/net/ipv6.h
··· 393 393 kfree_rcu(opt, rcu); 394 394 } 395 395 396 + #if IS_ENABLED(CONFIG_IPV6) 396 397 struct ip6_flowlabel *__fl6_sock_lookup(struct sock *sk, __be32 label); 397 398 398 399 extern struct static_key_false_deferred ipv6_flowlabel_exclusive; 399 400 static inline struct ip6_flowlabel *fl6_sock_lookup(struct sock *sk, 400 401 __be32 label) 401 402 { 402 - if (static_branch_unlikely(&ipv6_flowlabel_exclusive.key)) 403 + if (static_branch_unlikely(&ipv6_flowlabel_exclusive.key) && 404 + READ_ONCE(sock_net(sk)->ipv6.flowlabel_has_excl)) 403 405 return __fl6_sock_lookup(sk, label) ? : ERR_PTR(-ENOENT); 404 406 405 407 return NULL; 406 408 } 409 + #endif 407 410 408 411 struct ipv6_txoptions *fl6_merge_options(struct ipv6_txoptions *opt_space, 409 412 struct ip6_flowlabel *fl,
+2 -1
include/net/netns/ipv6.h
··· 77 77 spinlock_t fib6_gc_lock; 78 78 unsigned int ip6_rt_gc_expire; 79 79 unsigned long ip6_rt_last_gc; 80 + unsigned char flowlabel_has_excl; 80 81 #ifdef CONFIG_IPV6_MULTIPLE_TABLES 81 - unsigned int fib6_rules_require_fldissect; 82 82 bool fib6_has_custom_rules; 83 + unsigned int fib6_rules_require_fldissect; 83 84 #ifdef CONFIG_IPV6_SUBTREES 84 85 unsigned int fib6_routes_require_src; 85 86 #endif
+4
net/bridge/br_multicast.c
··· 82 82 struct net_bridge_port_group *pg); 83 83 static void __br_multicast_stop(struct net_bridge_mcast *brmctx); 84 84 85 + static int br_mc_disabled_update(struct net_device *dev, bool value, 86 + struct netlink_ext_ack *extack); 87 + 85 88 static struct net_bridge_port_group * 86 89 br_sg_port_find(struct net_bridge *br, 87 90 struct net_bridge_port_group_sg_key *sg_p) ··· 1159 1156 return mp; 1160 1157 1161 1158 if (atomic_read(&br->mdb_hash_tbl.nelems) >= br->hash_max) { 1159 + br_mc_disabled_update(br->dev, false, NULL); 1162 1160 br_opt_toggle(br, BROPT_MULTICAST_ENABLED, false); 1163 1161 return ERR_PTR(-E2BIG); 1164 1162 }
+9 -2
net/core/drop_monitor.c
··· 283 283 284 284 rcu_read_lock(); 285 285 list_for_each_entry_rcu(new_stat, &hw_stats_list, list) { 286 + struct net_device *dev; 287 + 286 288 /* 287 289 * only add a note to our monitor buffer if: 288 290 * 1) this is the dev we received on 289 291 * 2) its after the last_rx delta 290 292 * 3) our rx_dropped count has gone up 291 293 */ 292 - if ((new_stat->dev == napi->dev) && 294 + /* Paired with WRITE_ONCE() in dropmon_net_event() */ 295 + dev = READ_ONCE(new_stat->dev); 296 + if ((dev == napi->dev) && 293 297 (time_after(jiffies, new_stat->last_rx + dm_hw_check_delta)) && 294 298 (napi->dev->stats.rx_dropped != new_stat->last_drop_val)) { 295 299 trace_drop_common(NULL, NULL); ··· 1580 1576 mutex_lock(&net_dm_mutex); 1581 1577 list_for_each_entry_safe(new_stat, tmp, &hw_stats_list, list) { 1582 1578 if (new_stat->dev == dev) { 1583 - new_stat->dev = NULL; 1579 + 1580 + /* Paired with READ_ONCE() in trace_napi_poll_hit() */ 1581 + WRITE_ONCE(new_stat->dev, NULL); 1582 + 1584 1583 if (trace_state == TRACE_OFF) { 1585 1584 list_del_rcu(&new_stat->list); 1586 1585 kfree_rcu(new_stat, rcu);
+4 -2
net/core/rtnetlink.c
··· 1699 1699 { 1700 1700 struct ifinfomsg *ifm; 1701 1701 struct nlmsghdr *nlh; 1702 + struct Qdisc *qdisc; 1702 1703 1703 1704 ASSERT_RTNL(); 1704 1705 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ifm), flags); ··· 1717 1716 if (tgt_netnsid >= 0 && nla_put_s32(skb, IFLA_TARGET_NETNSID, tgt_netnsid)) 1718 1717 goto nla_put_failure; 1719 1718 1719 + qdisc = rtnl_dereference(dev->qdisc); 1720 1720 if (nla_put_string(skb, IFLA_IFNAME, dev->name) || 1721 1721 nla_put_u32(skb, IFLA_TXQLEN, dev->tx_queue_len) || 1722 1722 nla_put_u8(skb, IFLA_OPERSTATE, ··· 1737 1735 #endif 1738 1736 put_master_ifindex(skb, dev) || 1739 1737 nla_put_u8(skb, IFLA_CARRIER, netif_carrier_ok(dev)) || 1740 - (dev->qdisc && 1741 - nla_put_string(skb, IFLA_QDISC, dev->qdisc->ops->id)) || 1738 + (qdisc && 1739 + nla_put_string(skb, IFLA_QDISC, qdisc->ops->id)) || 1742 1740 nla_put_ifalias(skb, dev) || 1743 1741 nla_put_u32(skb, IFLA_CARRIER_CHANGES, 1744 1742 atomic_read(&dev->carrier_up_count) +
+1
net/dsa/dsa.c
··· 349 349 { 350 350 flush_workqueue(dsa_owq); 351 351 } 352 + EXPORT_SYMBOL_GPL(dsa_flush_workqueue); 352 353 353 354 int dsa_devlink_param_get(struct devlink *dl, u32 id, 354 355 struct devlink_param_gset_ctx *ctx)
-1
net/dsa/dsa_priv.h
··· 147 147 const struct dsa_device_ops *dsa_find_tagger_by_name(const char *buf); 148 148 149 149 bool dsa_schedule_work(struct work_struct *work); 150 - void dsa_flush_workqueue(void); 151 150 const char *dsa_tag_protocol_to_str(const struct dsa_device_ops *ops); 152 151 153 152 static inline int dsa_tag_protocol_overhead(const struct dsa_device_ops *ops)
+7 -14
net/dsa/tag_lan9303.c
··· 77 77 78 78 static struct sk_buff *lan9303_rcv(struct sk_buff *skb, struct net_device *dev) 79 79 { 80 - __be16 *lan9303_tag; 81 80 u16 lan9303_tag1; 82 81 unsigned int source_port; 83 82 ··· 86 87 return NULL; 87 88 } 88 89 89 - lan9303_tag = dsa_etype_header_pos_rx(skb); 90 - 91 - if (lan9303_tag[0] != htons(ETH_P_8021Q)) { 92 - dev_warn_ratelimited(&dev->dev, "Dropping packet due to invalid VLAN marker\n"); 93 - return NULL; 90 + if (skb_vlan_tag_present(skb)) { 91 + lan9303_tag1 = skb_vlan_tag_get(skb); 92 + __vlan_hwaccel_clear_tag(skb); 93 + } else { 94 + skb_push_rcsum(skb, ETH_HLEN); 95 + __skb_vlan_pop(skb, &lan9303_tag1); 96 + skb_pull_rcsum(skb, ETH_HLEN); 94 97 } 95 98 96 - lan9303_tag1 = ntohs(lan9303_tag[1]); 97 99 source_port = lan9303_tag1 & 0x3; 98 100 99 101 skb->dev = dsa_master_find_slave(dev, 0, source_port); ··· 102 102 dev_warn_ratelimited(&dev->dev, "Dropping packet due to invalid source port\n"); 103 103 return NULL; 104 104 } 105 - 106 - /* remove the special VLAN tag between the MAC addresses 107 - * and the current ethertype field. 108 - */ 109 - skb_pull_rcsum(skb, 2 + 2); 110 - 111 - dsa_strip_etype_header(skb, LAN9303_TAG_LEN); 112 105 113 106 if (!(lan9303_tag1 & LAN9303_TAG_RX_TRAPPED_TO_CPU)) 114 107 dsa_default_offload_fwd_mark(skb);
+3
net/ipv4/fib_frontend.c
··· 436 436 if (net->ipv4.fib_has_custom_local_routes || 437 437 fib4_has_custom_rules(net)) 438 438 goto full_check; 439 + /* Within the same container, it is regarded as a martian source, 440 + * and the same host but different containers are not. 441 + */ 439 442 if (inet_lookup_ifaddr_rcu(net, src)) 440 443 return -EINVAL; 441 444
+3 -4
net/ipv4/fib_lookup.h
··· 16 16 u8 fa_slen; 17 17 u32 tb_id; 18 18 s16 fa_default; 19 - u8 offload:1, 20 - trap:1, 21 - offload_failed:1, 22 - unused:5; 19 + u8 offload; 20 + u8 trap; 21 + u8 offload_failed; 23 22 struct rcu_head rcu; 24 23 }; 25 24
+3 -3
net/ipv4/fib_semantics.c
··· 525 525 fri.dst_len = dst_len; 526 526 fri.tos = fa->fa_tos; 527 527 fri.type = fa->fa_type; 528 - fri.offload = fa->offload; 529 - fri.trap = fa->trap; 530 - fri.offload_failed = fa->offload_failed; 528 + fri.offload = READ_ONCE(fa->offload); 529 + fri.trap = READ_ONCE(fa->trap); 530 + fri.offload_failed = READ_ONCE(fa->offload_failed); 531 531 err = fib_dump_info(skb, info->portid, seq, event, &fri, nlm_flags); 532 532 if (err < 0) { 533 533 /* -EMSGSIZE implies BUG in fib_nlmsg_size() */
+13 -9
net/ipv4/fib_trie.c
··· 1047 1047 if (!fa_match) 1048 1048 goto out; 1049 1049 1050 - if (fa_match->offload == fri->offload && fa_match->trap == fri->trap && 1051 - fa_match->offload_failed == fri->offload_failed) 1050 + /* These are paired with the WRITE_ONCE() happening in this function. 1051 + * The reason is that we are only protected by RCU at this point. 1052 + */ 1053 + if (READ_ONCE(fa_match->offload) == fri->offload && 1054 + READ_ONCE(fa_match->trap) == fri->trap && 1055 + READ_ONCE(fa_match->offload_failed) == fri->offload_failed) 1052 1056 goto out; 1053 1057 1054 - fa_match->offload = fri->offload; 1055 - fa_match->trap = fri->trap; 1058 + WRITE_ONCE(fa_match->offload, fri->offload); 1059 + WRITE_ONCE(fa_match->trap, fri->trap); 1056 1060 1057 1061 /* 2 means send notifications only if offload_failed was changed. */ 1058 1062 if (net->ipv4.sysctl_fib_notify_on_flag_change == 2 && 1059 - fa_match->offload_failed == fri->offload_failed) 1063 + READ_ONCE(fa_match->offload_failed) == fri->offload_failed) 1060 1064 goto out; 1061 1065 1062 - fa_match->offload_failed = fri->offload_failed; 1066 + WRITE_ONCE(fa_match->offload_failed, fri->offload_failed); 1063 1067 1064 1068 if (!net->ipv4.sysctl_fib_notify_on_flag_change) 1065 1069 goto out; ··· 2301 2297 fri.dst_len = KEYLENGTH - fa->fa_slen; 2302 2298 fri.tos = fa->fa_tos; 2303 2299 fri.type = fa->fa_type; 2304 - fri.offload = fa->offload; 2305 - fri.trap = fa->trap; 2306 - fri.offload_failed = fa->offload_failed; 2300 + fri.offload = READ_ONCE(fa->offload); 2301 + fri.trap = READ_ONCE(fa->trap); 2302 + fri.offload_failed = READ_ONCE(fa->offload_failed); 2307 2303 err = fib_dump_info(skb, 2308 2304 NETLINK_CB(cb->skb).portid, 2309 2305 cb->nlh->nlmsg_seq,
+9 -2
net/ipv4/ping.c
··· 172 172 struct sock *sk = NULL; 173 173 struct inet_sock *isk; 174 174 struct hlist_nulls_node *hnode; 175 - int dif = skb->dev->ifindex; 175 + int dif, sdif; 176 176 177 177 if (skb->protocol == htons(ETH_P_IP)) { 178 + dif = inet_iif(skb); 179 + sdif = inet_sdif(skb); 178 180 pr_debug("try to find: num = %d, daddr = %pI4, dif = %d\n", 179 181 (int)ident, &ip_hdr(skb)->daddr, dif); 180 182 #if IS_ENABLED(CONFIG_IPV6) 181 183 } else if (skb->protocol == htons(ETH_P_IPV6)) { 184 + dif = inet6_iif(skb); 185 + sdif = inet6_sdif(skb); 182 186 pr_debug("try to find: num = %d, daddr = %pI6c, dif = %d\n", 183 187 (int)ident, &ipv6_hdr(skb)->daddr, dif); 184 188 #endif 189 + } else { 190 + pr_err("ping: protocol(%x) is not supported\n", ntohs(skb->protocol)); 191 + return NULL; 185 192 } 186 193 187 194 read_lock_bh(&ping_table.lock); ··· 228 221 } 229 222 230 223 if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif && 231 - sk->sk_bound_dev_if != inet_sdif(skb)) 224 + sk->sk_bound_dev_if != sdif) 232 225 continue; 233 226 234 227 sock_hold(sk);
+2 -2
net/ipv4/route.c
··· 3395 3395 fa->fa_tos == fri.tos && 3396 3396 fa->fa_info == res.fi && 3397 3397 fa->fa_type == fri.type) { 3398 - fri.offload = fa->offload; 3399 - fri.trap = fa->trap; 3398 + fri.offload = READ_ONCE(fa->offload); 3399 + fri.trap = READ_ONCE(fa->trap); 3400 3400 break; 3401 3401 } 3402 3402 }
+2 -2
net/ipv6/addrconf.c
··· 1839 1839 } 1840 1840 EXPORT_SYMBOL(ipv6_dev_get_saddr); 1841 1841 1842 - int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr, 1843 - u32 banned_flags) 1842 + static int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr, 1843 + u32 banned_flags) 1844 1844 { 1845 1845 struct inet6_ifaddr *ifp; 1846 1846 int err = -EADDRNOTAVAIL;
+3 -1
net/ipv6/ip6_flowlabel.c
··· 450 450 err = -EINVAL; 451 451 goto done; 452 452 } 453 - if (fl_shared_exclusive(fl) || fl->opt) 453 + if (fl_shared_exclusive(fl) || fl->opt) { 454 + WRITE_ONCE(sock_net(sk)->ipv6.flowlabel_has_excl, 1); 454 455 static_branch_deferred_inc(&ipv6_flowlabel_exclusive); 456 + } 455 457 return fl; 456 458 457 459 done:
+1 -1
net/ipv6/mcast.c
··· 1759 1759 skb_reserve(skb, hlen); 1760 1760 skb_tailroom_reserve(skb, mtu, tlen); 1761 1761 1762 - if (__ipv6_get_lladdr(idev, &addr_buf, IFA_F_TENTATIVE)) { 1762 + if (ipv6_get_lladdr(dev, &addr_buf, IFA_F_TENTATIVE)) { 1763 1763 /* <draft-ietf-magma-mld-source-05.txt>: 1764 1764 * use unspecified address as the source address 1765 1765 * when a valid link-local address is not available.
+10 -9
net/ipv6/route.c
··· 5753 5753 } 5754 5754 5755 5755 if (!dst) { 5756 - if (rt->offload) 5756 + if (READ_ONCE(rt->offload)) 5757 5757 rtm->rtm_flags |= RTM_F_OFFLOAD; 5758 - if (rt->trap) 5758 + if (READ_ONCE(rt->trap)) 5759 5759 rtm->rtm_flags |= RTM_F_TRAP; 5760 - if (rt->offload_failed) 5760 + if (READ_ONCE(rt->offload_failed)) 5761 5761 rtm->rtm_flags |= RTM_F_OFFLOAD_FAILED; 5762 5762 } 5763 5763 ··· 6215 6215 struct sk_buff *skb; 6216 6216 int err; 6217 6217 6218 - if (f6i->offload == offload && f6i->trap == trap && 6219 - f6i->offload_failed == offload_failed) 6218 + if (READ_ONCE(f6i->offload) == offload && 6219 + READ_ONCE(f6i->trap) == trap && 6220 + READ_ONCE(f6i->offload_failed) == offload_failed) 6220 6221 return; 6221 6222 6222 - f6i->offload = offload; 6223 - f6i->trap = trap; 6223 + WRITE_ONCE(f6i->offload, offload); 6224 + WRITE_ONCE(f6i->trap, trap); 6224 6225 6225 6226 /* 2 means send notifications only if offload_failed was changed. */ 6226 6227 if (net->ipv6.sysctl.fib_notify_on_flag_change == 2 && 6227 - f6i->offload_failed == offload_failed) 6228 + READ_ONCE(f6i->offload_failed) == offload_failed) 6228 6229 return; 6229 6230 6230 - f6i->offload_failed = offload_failed; 6231 + WRITE_ONCE(f6i->offload_failed, offload_failed); 6231 6232 6232 6233 if (!rcu_access_pointer(f6i->fib6_node)) 6233 6234 /* The route was removed from the tree, do not send
+21 -8
net/mac80211/mlme.c
··· 666 666 ieee80211_ie_build_he_6ghz_cap(sdata, skb); 667 667 } 668 668 669 - static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 669 + static int ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata) 670 670 { 671 671 struct ieee80211_local *local = sdata->local; 672 672 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; ··· 686 686 enum nl80211_iftype iftype = ieee80211_vif_type_p2p(&sdata->vif); 687 687 const struct ieee80211_sband_iftype_data *iftd; 688 688 struct ieee80211_prep_tx_info info = {}; 689 + int ret; 689 690 690 691 /* we know it's writable, cast away the const */ 691 692 if (assoc_data->ie_len) ··· 700 699 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 701 700 if (WARN_ON(!chanctx_conf)) { 702 701 rcu_read_unlock(); 703 - return; 702 + return -EINVAL; 704 703 } 705 704 chan = chanctx_conf->def.chan; 706 705 rcu_read_unlock(); ··· 751 750 (iftd ? iftd->vendor_elems.len : 0), 752 751 GFP_KERNEL); 753 752 if (!skb) 754 - return; 753 + return -ENOMEM; 755 754 756 755 skb_reserve(skb, local->hw.extra_tx_headroom); 757 756 ··· 1032 1031 skb_put_data(skb, assoc_data->ie + offset, noffset - offset); 1033 1032 } 1034 1033 1035 - if (assoc_data->fils_kek_len && 1036 - fils_encrypt_assoc_req(skb, assoc_data) < 0) { 1037 - dev_kfree_skb(skb); 1038 - return; 1034 + if (assoc_data->fils_kek_len) { 1035 + ret = fils_encrypt_assoc_req(skb, assoc_data); 1036 + if (ret < 0) { 1037 + dev_kfree_skb(skb); 1038 + return ret; 1039 + } 1039 1040 } 1040 1041 1041 1042 pos = skb_tail_pointer(skb); 1042 1043 kfree(ifmgd->assoc_req_ies); 1043 1044 ifmgd->assoc_req_ies = kmemdup(ie_start, pos - ie_start, GFP_ATOMIC); 1045 + if (!ifmgd->assoc_req_ies) { 1046 + dev_kfree_skb(skb); 1047 + return -ENOMEM; 1048 + } 1049 + 1044 1050 ifmgd->assoc_req_ies_len = pos - ie_start; 1045 1051 1046 1052 drv_mgd_prepare_tx(local, sdata, &info); ··· 1057 1049 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS | 1058 1050 IEEE80211_TX_INTFL_MLME_CONN_TX; 1059 1051 ieee80211_tx_skb(sdata, skb); 1052 + 1053 + return 0; 1060 1054 } 1061 1055 1062 1056 void ieee80211_send_pspoll(struct ieee80211_local *local, ··· 4507 4497 { 4508 4498 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data; 4509 4499 struct ieee80211_local *local = sdata->local; 4500 + int ret; 4510 4501 4511 4502 sdata_assert_lock(sdata); 4512 4503 ··· 4528 4517 sdata_info(sdata, "associate with %pM (try %d/%d)\n", 4529 4518 assoc_data->bss->bssid, assoc_data->tries, 4530 4519 IEEE80211_ASSOC_MAX_TRIES); 4531 - ieee80211_send_assoc(sdata); 4520 + ret = ieee80211_send_assoc(sdata); 4521 + if (ret) 4522 + return ret; 4532 4523 4533 4524 if (!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) { 4534 4525 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
+6 -5
net/mctp/route.c
··· 412 412 * this function. 413 413 */ 414 414 rc = mctp_key_add(key, msk); 415 - if (rc) 415 + if (rc) { 416 416 kfree(key); 417 + } else { 418 + trace_mctp_key_acquire(key); 417 419 418 - trace_mctp_key_acquire(key); 419 - 420 - /* we don't need to release key->lock on exit */ 421 - mctp_key_unref(key); 420 + /* we don't need to release key->lock on exit */ 421 + mctp_key_unref(key); 422 + } 422 423 key = NULL; 423 424 424 425 } else {
+3 -1
net/netfilter/nft_synproxy.c
··· 191 191 if (err) 192 192 goto nf_ct_failure; 193 193 err = nf_synproxy_ipv6_init(snet, ctx->net); 194 - if (err) 194 + if (err) { 195 + nf_synproxy_ipv4_fini(snet, ctx->net); 195 196 goto nf_ct_failure; 197 + } 196 198 break; 197 199 } 198 200
+1 -1
net/netfilter/xt_socket.c
··· 221 221 if (par->family == NFPROTO_IPV4) 222 222 nf_defrag_ipv4_disable(par->net); 223 223 else if (par->family == NFPROTO_IPV6) 224 - nf_defrag_ipv4_disable(par->net); 224 + nf_defrag_ipv6_disable(par->net); 225 225 } 226 226 227 227 static struct xt_match socket_mt_reg[] __read_mostly = {
+10 -3
net/sched/act_api.c
··· 1037 1037 restart_act_graph: 1038 1038 for (i = 0; i < nr_actions; i++) { 1039 1039 const struct tc_action *a = actions[i]; 1040 + int repeat_ttl; 1040 1041 1041 1042 if (jmp_prgcnt > 0) { 1042 1043 jmp_prgcnt -= 1; ··· 1046 1045 1047 1046 if (tc_act_skip_sw(a->tcfa_flags)) 1048 1047 continue; 1048 + 1049 + repeat_ttl = 32; 1049 1050 repeat: 1050 1051 ret = a->ops->act(skb, a, res); 1051 - if (ret == TC_ACT_REPEAT) 1052 - goto repeat; /* we need a ttl - JHS */ 1053 - 1052 + if (unlikely(ret == TC_ACT_REPEAT)) { 1053 + if (--repeat_ttl != 0) 1054 + goto repeat; 1055 + /* suspicious opcode, stop pipeline */ 1056 + net_warn_ratelimited("TC_ACT_REPEAT abuse ?\n"); 1057 + return TC_ACT_OK; 1058 + } 1054 1059 if (TC_ACT_EXT_CMP(ret, TC_ACT_JUMP)) { 1055 1060 jmp_prgcnt = ret & TCA_ACT_MAX_PRIO_MASK; 1056 1061 if (!jmp_prgcnt || (jmp_prgcnt > nr_actions)) {
+3 -3
net/sched/cls_api.c
··· 1044 1044 1045 1045 /* Find qdisc */ 1046 1046 if (!*parent) { 1047 - *q = dev->qdisc; 1047 + *q = rcu_dereference(dev->qdisc); 1048 1048 *parent = (*q)->handle; 1049 1049 } else { 1050 1050 *q = qdisc_lookup_rcu(dev, TC_H_MAJ(*parent)); ··· 2587 2587 2588 2588 parent = tcm->tcm_parent; 2589 2589 if (!parent) 2590 - q = dev->qdisc; 2590 + q = rtnl_dereference(dev->qdisc); 2591 2591 else 2592 2592 q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent)); 2593 2593 if (!q) ··· 2962 2962 return skb->len; 2963 2963 2964 2964 if (!tcm->tcm_parent) 2965 - q = dev->qdisc; 2965 + q = rtnl_dereference(dev->qdisc); 2966 2966 else 2967 2967 q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent)); 2968 2968
+12 -10
net/sched/sch_api.c
··· 301 301 302 302 if (!handle) 303 303 return NULL; 304 - q = qdisc_match_from_root(dev->qdisc, handle); 304 + q = qdisc_match_from_root(rtnl_dereference(dev->qdisc), handle); 305 305 if (q) 306 306 goto out; 307 307 ··· 320 320 321 321 if (!handle) 322 322 return NULL; 323 - q = qdisc_match_from_root(dev->qdisc, handle); 323 + q = qdisc_match_from_root(rcu_dereference(dev->qdisc), handle); 324 324 if (q) 325 325 goto out; 326 326 ··· 1082 1082 skip: 1083 1083 if (!ingress) { 1084 1084 notify_and_destroy(net, skb, n, classid, 1085 - dev->qdisc, new); 1085 + rtnl_dereference(dev->qdisc), new); 1086 1086 if (new && !new->ops->attach) 1087 1087 qdisc_refcount_inc(new); 1088 - dev->qdisc = new ? : &noop_qdisc; 1088 + rcu_assign_pointer(dev->qdisc, new ? : &noop_qdisc); 1089 1089 1090 1090 if (new && new->ops->attach) 1091 1091 new->ops->attach(new); ··· 1451 1451 q = dev_ingress_queue(dev)->qdisc_sleeping; 1452 1452 } 1453 1453 } else { 1454 - q = dev->qdisc; 1454 + q = rtnl_dereference(dev->qdisc); 1455 1455 } 1456 1456 if (!q) { 1457 1457 NL_SET_ERR_MSG(extack, "Cannot find specified qdisc on specified device"); ··· 1540 1540 q = dev_ingress_queue(dev)->qdisc_sleeping; 1541 1541 } 1542 1542 } else { 1543 - q = dev->qdisc; 1543 + q = rtnl_dereference(dev->qdisc); 1544 1544 } 1545 1545 1546 1546 /* It may be default qdisc, ignore it */ ··· 1762 1762 s_q_idx = 0; 1763 1763 q_idx = 0; 1764 1764 1765 - if (tc_dump_qdisc_root(dev->qdisc, skb, cb, &q_idx, s_q_idx, 1765 + if (tc_dump_qdisc_root(rtnl_dereference(dev->qdisc), 1766 + skb, cb, &q_idx, s_q_idx, 1766 1767 true, tca[TCA_DUMP_INVISIBLE]) < 0) 1767 1768 goto done; 1768 1769 ··· 2034 2033 } else if (qid1) { 2035 2034 qid = qid1; 2036 2035 } else if (qid == 0) 2037 - qid = dev->qdisc->handle; 2036 + qid = rtnl_dereference(dev->qdisc)->handle; 2038 2037 2039 2038 /* Now qid is genuine qdisc handle consistent 2040 2039 * both with parent and child. ··· 2045 2044 portid = TC_H_MAKE(qid, portid); 2046 2045 } else { 2047 2046 if (qid == 0) 2048 - qid = dev->qdisc->handle; 2047 + qid = rtnl_dereference(dev->qdisc)->handle; 2049 2048 } 2050 2049 2051 2050 /* OK. Locate qdisc */ ··· 2206 2205 s_t = cb->args[0]; 2207 2206 t = 0; 2208 2207 2209 - if (tc_dump_tclass_root(dev->qdisc, skb, tcm, cb, &t, s_t, true) < 0) 2208 + if (tc_dump_tclass_root(rtnl_dereference(dev->qdisc), 2209 + skb, tcm, cb, &t, s_t, true) < 0) 2210 2210 goto done; 2211 2211 2212 2212 dev_queue = dev_ingress_queue(dev);
+16 -13
net/sched/sch_generic.c
··· 1164 1164 if (!netif_is_multiqueue(dev) || 1165 1165 dev->priv_flags & IFF_NO_QUEUE) { 1166 1166 netdev_for_each_tx_queue(dev, attach_one_default_qdisc, NULL); 1167 - dev->qdisc = txq->qdisc_sleeping; 1168 - qdisc_refcount_inc(dev->qdisc); 1167 + qdisc = txq->qdisc_sleeping; 1168 + rcu_assign_pointer(dev->qdisc, qdisc); 1169 + qdisc_refcount_inc(qdisc); 1169 1170 } else { 1170 1171 qdisc = qdisc_create_dflt(txq, &mq_qdisc_ops, TC_H_ROOT, NULL); 1171 1172 if (qdisc) { 1172 - dev->qdisc = qdisc; 1173 + rcu_assign_pointer(dev->qdisc, qdisc); 1173 1174 qdisc->ops->attach(qdisc); 1174 1175 } 1175 1176 } 1177 + qdisc = rtnl_dereference(dev->qdisc); 1176 1178 1177 1179 /* Detect default qdisc setup/init failed and fallback to "noqueue" */ 1178 - if (dev->qdisc == &noop_qdisc) { 1180 + if (qdisc == &noop_qdisc) { 1179 1181 netdev_warn(dev, "default qdisc (%s) fail, fallback to %s\n", 1180 1182 default_qdisc_ops->id, noqueue_qdisc_ops.id); 1181 1183 dev->priv_flags |= IFF_NO_QUEUE; 1182 1184 netdev_for_each_tx_queue(dev, attach_one_default_qdisc, NULL); 1183 - dev->qdisc = txq->qdisc_sleeping; 1184 - qdisc_refcount_inc(dev->qdisc); 1185 + qdisc = txq->qdisc_sleeping; 1186 + rcu_assign_pointer(dev->qdisc, qdisc); 1187 + qdisc_refcount_inc(qdisc); 1185 1188 dev->priv_flags ^= IFF_NO_QUEUE; 1186 1189 } 1187 1190 1188 1191 #ifdef CONFIG_NET_SCHED 1189 - if (dev->qdisc != &noop_qdisc) 1190 - qdisc_hash_add(dev->qdisc, false); 1192 + if (qdisc != &noop_qdisc) 1193 + qdisc_hash_add(qdisc, false); 1191 1194 #endif 1192 1195 } 1193 1196 ··· 1220 1217 * and noqueue_qdisc for virtual interfaces 1221 1218 */ 1222 1219 1223 - if (dev->qdisc == &noop_qdisc) 1220 + if (rtnl_dereference(dev->qdisc) == &noop_qdisc) 1224 1221 attach_default_qdiscs(dev); 1225 1222 1226 1223 if (!netif_carrier_ok(dev)) ··· 1386 1383 void dev_qdisc_change_real_num_tx(struct net_device *dev, 1387 1384 unsigned int new_real_tx) 1388 1385 { 1389 - struct Qdisc *qdisc = dev->qdisc; 1386 + struct Qdisc *qdisc = rtnl_dereference(dev->qdisc); 1390 1387 1391 1388 if (qdisc->ops->change_real_num_tx) 1392 1389 qdisc->ops->change_real_num_tx(qdisc, new_real_tx); ··· 1450 1447 1451 1448 void dev_init_scheduler(struct net_device *dev) 1452 1449 { 1453 - dev->qdisc = &noop_qdisc; 1450 + rcu_assign_pointer(dev->qdisc, &noop_qdisc); 1454 1451 netdev_for_each_tx_queue(dev, dev_init_scheduler_queue, &noop_qdisc); 1455 1452 if (dev_ingress_queue(dev)) 1456 1453 dev_init_scheduler_queue(dev, dev_ingress_queue(dev), &noop_qdisc); ··· 1478 1475 netdev_for_each_tx_queue(dev, shutdown_scheduler_queue, &noop_qdisc); 1479 1476 if (dev_ingress_queue(dev)) 1480 1477 shutdown_scheduler_queue(dev, dev_ingress_queue(dev), &noop_qdisc); 1481 - qdisc_put(dev->qdisc); 1482 - dev->qdisc = &noop_qdisc; 1478 + qdisc_put(rtnl_dereference(dev->qdisc)); 1479 + rcu_assign_pointer(dev->qdisc, &noop_qdisc); 1483 1480 1484 1481 WARN_ON(timer_pending(&dev->watchdog_timer)); 1485 1482 }
+7 -3
net/smc/af_smc.c
··· 667 667 static int smc_switch_to_fallback(struct smc_sock *smc, int reason_code) 668 668 { 669 669 struct sock *clcsk; 670 + int rc = 0; 670 671 671 672 mutex_lock(&smc->clcsock_release_lock); 672 673 if (!smc->clcsock) { 673 - mutex_unlock(&smc->clcsock_release_lock); 674 - return -EBADF; 674 + rc = -EBADF; 675 + goto out; 675 676 } 676 677 clcsk = smc->clcsock->sk; 677 678 679 + if (smc->use_fallback) 680 + goto out; 678 681 smc->use_fallback = true; 679 682 smc->fallback_rsn = reason_code; 680 683 smc_stat_fallback(smc); ··· 705 702 smc->clcsock->sk->sk_user_data = 706 703 (void *)((uintptr_t)smc | SK_USER_DATA_NOCOPY); 707 704 } 705 + out: 708 706 mutex_unlock(&smc->clcsock_release_lock); 709 - return 0; 707 + return rc; 710 708 } 711 709 712 710 /* fall back during connect */
+2 -2
net/socket.c
··· 3448 3448 * @addr: address holder 3449 3449 * 3450 3450 * Fills the @addr pointer with the address which the socket is bound. 3451 - * Returns 0 or an error code. 3451 + * Returns the length of the address in bytes or an error code. 3452 3452 */ 3453 3453 3454 3454 int kernel_getsockname(struct socket *sock, struct sockaddr *addr) ··· 3463 3463 * @addr: address holder 3464 3464 * 3465 3465 * Fills the @addr pointer with the address which the socket is connected. 3466 - * Returns 0 or an error code. 3466 + * Returns the length of the address in bytes or an error code. 3467 3467 */ 3468 3468 3469 3469 int kernel_getpeername(struct socket *sock, struct sockaddr *addr)
+1 -1
net/tipc/crypto.c
··· 2276 2276 struct tipc_crypto *tx = tipc_net(rx->net)->crypto_tx; 2277 2277 struct tipc_aead_key *skey = NULL; 2278 2278 u16 key_gen = msg_key_gen(hdr); 2279 - u16 size = msg_data_sz(hdr); 2279 + u32 size = msg_data_sz(hdr); 2280 2280 u8 *data = msg_data(hdr); 2281 2281 unsigned int keylen; 2282 2282
+7 -6
net/tipc/node.c
··· 403 403 u32 flags = n->action_flags; 404 404 struct list_head *publ_list; 405 405 struct tipc_uaddr ua; 406 - u32 bearer_id; 406 + u32 bearer_id, node; 407 407 408 408 if (likely(!flags)) { 409 409 write_unlock_bh(&n->lock); ··· 413 413 tipc_uaddr(&ua, TIPC_SERVICE_RANGE, TIPC_NODE_SCOPE, 414 414 TIPC_LINK_STATE, n->addr, n->addr); 415 415 sk.ref = n->link_id; 416 - sk.node = n->addr; 416 + sk.node = tipc_own_addr(net); 417 + node = n->addr; 417 418 bearer_id = n->link_id & 0xffff; 418 419 publ_list = &n->publ_list; 419 420 ··· 424 423 write_unlock_bh(&n->lock); 425 424 426 425 if (flags & TIPC_NOTIFY_NODE_DOWN) 427 - tipc_publ_notify(net, publ_list, sk.node, n->capabilities); 426 + tipc_publ_notify(net, publ_list, node, n->capabilities); 428 427 429 428 if (flags & TIPC_NOTIFY_NODE_UP) 430 - tipc_named_node_up(net, sk.node, n->capabilities); 429 + tipc_named_node_up(net, node, n->capabilities); 431 430 432 431 if (flags & TIPC_NOTIFY_LINK_UP) { 433 - tipc_mon_peer_up(net, sk.node, bearer_id); 432 + tipc_mon_peer_up(net, node, bearer_id); 434 433 tipc_nametbl_publish(net, &ua, &sk, sk.ref); 435 434 } 436 435 if (flags & TIPC_NOTIFY_LINK_DOWN) { 437 - tipc_mon_peer_down(net, sk.node, bearer_id); 436 + tipc_mon_peer_down(net, node, bearer_id); 438 437 tipc_nametbl_withdraw(net, &ua, &sk, sk.ref); 439 438 } 440 439 }
+1
net/vmw_vsock/af_vsock.c
··· 1401 1401 sk->sk_state = sk->sk_state == TCP_ESTABLISHED ? TCP_CLOSING : TCP_CLOSE; 1402 1402 sock->state = SS_UNCONNECTED; 1403 1403 vsock_transport_cancel_pkt(vsk); 1404 + vsock_remove_connected(vsk); 1404 1405 goto out_wait; 1405 1406 } else if (timeout == 0) { 1406 1407 err = -ETIMEDOUT;
+4 -13
net/wireless/core.c
··· 5 5 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 6 6 * Copyright 2013-2014 Intel Mobile Communications GmbH 7 7 * Copyright 2015-2017 Intel Deutschland GmbH 8 - * Copyright (C) 2018-2021 Intel Corporation 8 + * Copyright (C) 2018-2022 Intel Corporation 9 9 */ 10 10 11 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt ··· 332 332 void cfg80211_destroy_ifaces(struct cfg80211_registered_device *rdev) 333 333 { 334 334 struct wireless_dev *wdev, *tmp; 335 - bool found = false; 336 335 337 336 ASSERT_RTNL(); 338 337 339 - list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) { 338 + list_for_each_entry_safe(wdev, tmp, &rdev->wiphy.wdev_list, list) { 340 339 if (wdev->nl_owner_dead) { 341 340 if (wdev->netdev) 342 341 dev_close(wdev->netdev); 343 - found = true; 344 - } 345 - } 346 342 347 - if (!found) 348 - return; 349 - 350 - wiphy_lock(&rdev->wiphy); 351 - list_for_each_entry_safe(wdev, tmp, &rdev->wiphy.wdev_list, list) { 352 - if (wdev->nl_owner_dead) { 343 + wiphy_lock(&rdev->wiphy); 353 344 cfg80211_leave(rdev, wdev); 354 345 rdev_del_virtual_intf(rdev, wdev); 346 + wiphy_unlock(&rdev->wiphy); 355 347 } 356 348 } 357 - wiphy_unlock(&rdev->wiphy); 358 349 } 359 350 360 351 static void cfg80211_destroy_iface_wk(struct work_struct *work)
+1 -1
tools/testing/selftests/netfilter/Makefile
··· 6 6 nft_concat_range.sh nft_conntrack_helper.sh \ 7 7 nft_queue.sh nft_meta.sh nf_nat_edemux.sh \ 8 8 ipip-conntrack-mtu.sh conntrack_tcp_unreplied.sh \ 9 - conntrack_vrf.sh 9 + conntrack_vrf.sh nft_synproxy.sh 10 10 11 11 LDLIBS = -lmnl 12 12 TEST_GEN_FILES = nf-queue
+1 -1
tools/testing/selftests/netfilter/nft_concat_range.sh
··· 1601 1601 done 1602 1602 done 1603 1603 1604 - [ ${passed} -eq 0 ] && exit ${KSELFTEST_SKIP} 1604 + [ ${passed} -eq 0 ] && exit ${KSELFTEST_SKIP} || exit 0
+1
tools/testing/selftests/netfilter/nft_fib.sh
··· 174 174 ip netns exec ${nsrouter} sysctl net.ipv6.conf.all.forwarding=1 > /dev/null 175 175 ip netns exec ${nsrouter} sysctl net.ipv4.conf.veth0.forwarding=1 > /dev/null 176 176 ip netns exec ${nsrouter} sysctl net.ipv4.conf.veth1.forwarding=1 > /dev/null 177 + ip netns exec ${nsrouter} sysctl net.ipv4.conf.veth0.rp_filter=0 > /dev/null 177 178 178 179 sleep 3 179 180
+117
tools/testing/selftests/netfilter/nft_synproxy.sh
··· 1 + #!/bin/bash 2 + # SPDX-License-Identifier: GPL-2.0 3 + # 4 + 5 + # Kselftest framework requirement - SKIP code is 4. 6 + ksft_skip=4 7 + ret=0 8 + 9 + rnd=$(mktemp -u XXXXXXXX) 10 + nsr="nsr-$rnd" # synproxy machine 11 + ns1="ns1-$rnd" # iperf client 12 + ns2="ns2-$rnd" # iperf server 13 + 14 + checktool (){ 15 + if ! $1 > /dev/null 2>&1; then 16 + echo "SKIP: Could not $2" 17 + exit $ksft_skip 18 + fi 19 + } 20 + 21 + checktool "nft --version" "run test without nft tool" 22 + checktool "ip -Version" "run test without ip tool" 23 + checktool "iperf3 --version" "run test without iperf3" 24 + checktool "ip netns add $nsr" "create net namespace" 25 + 26 + modprobe -q nf_conntrack 27 + 28 + ip netns add $ns1 29 + ip netns add $ns2 30 + 31 + cleanup() { 32 + ip netns pids $ns1 | xargs kill 2>/dev/null 33 + ip netns pids $ns2 | xargs kill 2>/dev/null 34 + ip netns del $ns1 35 + ip netns del $ns2 36 + 37 + ip netns del $nsr 38 + } 39 + 40 + trap cleanup EXIT 41 + 42 + ip link add veth0 netns $nsr type veth peer name eth0 netns $ns1 43 + ip link add veth1 netns $nsr type veth peer name eth0 netns $ns2 44 + 45 + for dev in lo veth0 veth1; do 46 + ip -net $nsr link set $dev up 47 + done 48 + 49 + ip -net $nsr addr add 10.0.1.1/24 dev veth0 50 + ip -net $nsr addr add 10.0.2.1/24 dev veth1 51 + 52 + ip netns exec $nsr sysctl -q net.ipv4.conf.veth0.forwarding=1 53 + ip netns exec $nsr sysctl -q net.ipv4.conf.veth1.forwarding=1 54 + ip netns exec $nsr sysctl -q net.netfilter.nf_conntrack_tcp_loose=0 55 + 56 + for n in $ns1 $ns2; do 57 + ip -net $n link set lo up 58 + ip -net $n link set eth0 up 59 + done 60 + ip -net $ns1 addr add 10.0.1.99/24 dev eth0 61 + ip -net $ns2 addr add 10.0.2.99/24 dev eth0 62 + ip -net $ns1 route add default via 10.0.1.1 63 + ip -net $ns2 route add default via 10.0.2.1 64 + 65 + # test basic connectivity 66 + if ! ip netns exec $ns1 ping -c 1 -q 10.0.2.99 > /dev/null; then 67 + echo "ERROR: $ns1 cannot reach $ns2" 1>&2 68 + exit 1 69 + fi 70 + 71 + if ! ip netns exec $ns2 ping -c 1 -q 10.0.1.99 > /dev/null; then 72 + echo "ERROR: $ns2 cannot reach $ns1" 1>&2 73 + exit 1 74 + fi 75 + 76 + ip netns exec $ns2 iperf3 -s > /dev/null 2>&1 & 77 + # ip netns exec $nsr tcpdump -vvv -n -i veth1 tcp | head -n 10 & 78 + 79 + sleep 1 80 + 81 + ip netns exec $nsr nft -f - <<EOF 82 + table inet filter { 83 + chain prerouting { 84 + type filter hook prerouting priority -300; policy accept; 85 + meta iif veth0 tcp flags syn counter notrack 86 + } 87 + 88 + chain forward { 89 + type filter hook forward priority 0; policy accept; 90 + 91 + ct state new,established counter accept 92 + 93 + meta iif veth0 meta l4proto tcp ct state untracked,invalid synproxy mss 1460 sack-perm timestamp 94 + 95 + ct state invalid counter drop 96 + 97 + # make ns2 unreachable w.o. tcp synproxy 98 + tcp flags syn counter drop 99 + } 100 + } 101 + EOF 102 + if [ $? -ne 0 ]; then 103 + echo "SKIP: Cannot add nft synproxy" 104 + exit $ksft_skip 105 + fi 106 + 107 + ip netns exec $ns1 timeout 5 iperf3 -c 10.0.2.99 -n $((1 * 1024 * 1024)) > /dev/null 108 + 109 + if [ $? -ne 0 ]; then 110 + echo "FAIL: iperf3 returned an error" 1>&2 111 + ret=$? 112 + ip netns exec $nsr nft list ruleset 113 + else 114 + echo "PASS: synproxy connection successful" 115 + fi 116 + 117 + exit $ret