tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking fixes from David Miller:
"Several small fixes here:

1) Don't crash in tg3 driver when the number of tx queues has been
configured to be different from the number of rx queues. From
Thadeu Lima de Souza Cascardo.

2) VLAN filter not disabled properly in promisc mode in ixgbe driver,
from Vlad Yasevich.

3) Fix OOPS on dellink op in VTI tunnel driver, from Xin Long.

4) IPV6 GRE driver WCCP code checks skb->protocol for ETH_P_IP
instead of ETH_P_IPV6, whoops. From Yuri Chislov.

5) Socket matching in ping driver is buggy when packet AF does not
match socket's AF. Fix from Jane Zhou.

6) Fix checksum calculation errors in VXLAN due to where the
udp_tunnel6_xmit_skb() helper gets it's saddr/daddr from. From
Alexander Duyck.

7) Fix 5G detection problem in rtlwifi driver, from Larry Finger.

8) Fix NULL deref in tcp_v{4,6}_send_reset, from Eric Dumazet.

9) Various missing netlink attribute verifications in bridging code,
from Thomas Graf.

10) tcp_recvmsg() unconditionally calls ipv4 ip_recv_error even for
ipv6 sockets, whoops. Fix from Willem de Bruijn"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (29 commits)
net-timestamp: make tcp_recvmsg call ipv6_recv_error for AF_INET6 socks
bridge: Sanitize IFLA_EXT_MASK for AF_BRIDGE:RTM_GETLINK
bridge: Add missing policy entry for IFLA_BRPORT_FAST_LEAVE
net: Check for presence of IFLA_AF_SPEC
net: Validate IFLA_BRIDGE_MODE attribute length
bridge: Validate IFLA_BRIDGE_FLAGS attribute length
stmmac: platform: fix default values of the filter bins setting
net/mlx4_core: Limit count field to 24 bits in qp_alloc_res
net: dsa: bcm_sf2: reset switch prior to initialization
net: dsa: bcm_sf2: fix unmapping registers in case of errors
tg3: fix ring init when there are more TX than RX channels
tcp: fix possible NULL dereference in tcp_vX_send_reset()
rtlwifi: Change order in device startup
rtlwifi: rtl8821ae: Fix 5G detection problem
Revert "netfilter: conntrack: fix race in __nf_conntrack_confirm against get_next_corpse"
vxlan: Fix boolean flip in VXLAN_F_UDP_ZERO_CSUM6_[TX|RX]
ip6_udp_tunnel: Fix checksum calculation
net-timestamp: Fix a documentation typo
net/ping: handle protocol mismatching scenario
af_packet: fix sparse warning
...

Linus Torvalds 8e845971 190fc9d9

+184 -101
+1 -1
Documentation/networking/timestamping.txt
··· 136 136 137 137 This option is implemented only for transmit timestamps. There, the 138 138 timestamp is always looped along with a struct sock_extended_err. 139 - The option modifies field ee_info to pass an id that is unique 139 + The option modifies field ee_data to pass an id that is unique 140 140 among all possibly concurrently outstanding timestamp requests for 141 141 that socket. In practice, it is a monotonically increasing u32 142 142 (that wraps).
+2
drivers/atm/solos-pci.c
··· 1225 1225 card->config_regs = pci_iomap(dev, 0, CONFIG_RAM_SIZE); 1226 1226 if (!card->config_regs) { 1227 1227 dev_warn(&dev->dev, "Failed to ioremap config registers\n"); 1228 + err = -ENOMEM; 1228 1229 goto out_release_regions; 1229 1230 } 1230 1231 card->buffers = pci_iomap(dev, 1, DATA_RAM_SIZE); 1231 1232 if (!card->buffers) { 1232 1233 dev_warn(&dev->dev, "Failed to ioremap data buffers\n"); 1234 + err = -ENOMEM; 1233 1235 goto out_unmap_config; 1234 1236 } 1235 1237
+33 -25
drivers/net/dsa/bcm_sf2.c
··· 377 377 return IRQ_HANDLED; 378 378 } 379 379 380 + static int bcm_sf2_sw_rst(struct bcm_sf2_priv *priv) 381 + { 382 + unsigned int timeout = 1000; 383 + u32 reg; 384 + 385 + reg = core_readl(priv, CORE_WATCHDOG_CTRL); 386 + reg |= SOFTWARE_RESET | EN_CHIP_RST | EN_SW_RESET; 387 + core_writel(priv, reg, CORE_WATCHDOG_CTRL); 388 + 389 + do { 390 + reg = core_readl(priv, CORE_WATCHDOG_CTRL); 391 + if (!(reg & SOFTWARE_RESET)) 392 + break; 393 + 394 + usleep_range(1000, 2000); 395 + } while (timeout-- > 0); 396 + 397 + if (timeout == 0) 398 + return -ETIMEDOUT; 399 + 400 + return 0; 401 + } 402 + 380 403 static int bcm_sf2_sw_setup(struct dsa_switch *ds) 381 404 { 382 405 const char *reg_names[BCM_SF2_REGS_NUM] = BCM_SF2_REGS_NAME; ··· 427 404 *base = of_iomap(dn, i); 428 405 if (*base == NULL) { 429 406 pr_err("unable to find register: %s\n", reg_names[i]); 430 - return -ENODEV; 407 + ret = -ENOMEM; 408 + goto out_unmap; 431 409 } 432 410 base++; 411 + } 412 + 413 + ret = bcm_sf2_sw_rst(priv); 414 + if (ret) { 415 + pr_err("unable to software reset switch: %d\n", ret); 416 + goto out_unmap; 433 417 } 434 418 435 419 /* Disable all interrupts and request them */ ··· 514 484 out_unmap: 515 485 base = &priv->core; 516 486 for (i = 0; i < BCM_SF2_REGS_NUM; i++) { 517 - iounmap(*base); 487 + if (*base) 488 + iounmap(*base); 518 489 base++; 519 490 } 520 491 return ret; ··· 760 729 dsa_is_cpu_port(ds, port)) 761 730 bcm_sf2_port_disable(ds, port, NULL); 762 731 } 763 - 764 - return 0; 765 - } 766 - 767 - static int bcm_sf2_sw_rst(struct bcm_sf2_priv *priv) 768 - { 769 - unsigned int timeout = 1000; 770 - u32 reg; 771 - 772 - reg = core_readl(priv, CORE_WATCHDOG_CTRL); 773 - reg |= SOFTWARE_RESET | EN_CHIP_RST | EN_SW_RESET; 774 - core_writel(priv, reg, CORE_WATCHDOG_CTRL); 775 - 776 - do { 777 - reg = core_readl(priv, CORE_WATCHDOG_CTRL); 778 - if (!(reg & SOFTWARE_RESET)) 779 - break; 780 - 781 - usleep_range(1000, 2000); 782 - } while (timeout-- > 0); 783 - 784 - if (timeout == 0) 785 - return -ETIMEDOUT; 786 732 787 733 return 0; 788 734 }
+2 -1
drivers/net/ethernet/broadcom/tg3.c
··· 8563 8563 if (tnapi->rx_rcb) 8564 8564 memset(tnapi->rx_rcb, 0, TG3_RX_RCB_RING_BYTES(tp)); 8565 8565 8566 - if (tg3_rx_prodring_alloc(tp, &tnapi->prodring)) { 8566 + if (tnapi->prodring.rx_std && 8567 + tg3_rx_prodring_alloc(tp, &tnapi->prodring)) { 8567 8568 tg3_free_rings(tp); 8568 8569 return -ENOMEM; 8569 8570 }
+5
drivers/net/ethernet/emulex/benet/be_main.c
··· 4309 4309 return -EOPNOTSUPP; 4310 4310 4311 4311 br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC); 4312 + if (!br_spec) 4313 + return -EINVAL; 4312 4314 4313 4315 nla_for_each_nested(attr, br_spec, rem) { 4314 4316 if (nla_type(attr) != IFLA_BRIDGE_MODE) 4315 4317 continue; 4318 + 4319 + if (nla_len(attr) < sizeof(mode)) 4320 + return -EINVAL; 4316 4321 4317 4322 mode = nla_get_u16(attr); 4318 4323 if (mode != BRIDGE_MODE_VEPA && mode != BRIDGE_MODE_VEB)
+16 -7
drivers/net/ethernet/intel/igb/igb_main.c
··· 1012 1012 /* igb_get_stats64() might access the rings on this vector, 1013 1013 * we must wait a grace period before freeing it. 1014 1014 */ 1015 - kfree_rcu(q_vector, rcu); 1015 + if (q_vector) 1016 + kfree_rcu(q_vector, rcu); 1016 1017 } 1017 1018 1018 1019 /** ··· 1793 1792 adapter->flags &= ~IGB_FLAG_NEED_LINK_UPDATE; 1794 1793 1795 1794 for (i = 0; i < adapter->num_q_vectors; i++) { 1796 - napi_synchronize(&(adapter->q_vector[i]->napi)); 1797 - napi_disable(&(adapter->q_vector[i]->napi)); 1795 + if (adapter->q_vector[i]) { 1796 + napi_synchronize(&adapter->q_vector[i]->napi); 1797 + napi_disable(&adapter->q_vector[i]->napi); 1798 + } 1798 1799 } 1799 1800 1800 1801 ··· 3720 3717 int i; 3721 3718 3722 3719 for (i = 0; i < adapter->num_tx_queues; i++) 3723 - igb_free_tx_resources(adapter->tx_ring[i]); 3720 + if (adapter->tx_ring[i]) 3721 + igb_free_tx_resources(adapter->tx_ring[i]); 3724 3722 } 3725 3723 3726 3724 void igb_unmap_and_free_tx_resource(struct igb_ring *ring, ··· 3786 3782 int i; 3787 3783 3788 3784 for (i = 0; i < adapter->num_tx_queues; i++) 3789 - igb_clean_tx_ring(adapter->tx_ring[i]); 3785 + if (adapter->tx_ring[i]) 3786 + igb_clean_tx_ring(adapter->tx_ring[i]); 3790 3787 } 3791 3788 3792 3789 /** ··· 3824 3819 int i; 3825 3820 3826 3821 for (i = 0; i < adapter->num_rx_queues; i++) 3827 - igb_free_rx_resources(adapter->rx_ring[i]); 3822 + if (adapter->rx_ring[i]) 3823 + igb_free_rx_resources(adapter->rx_ring[i]); 3828 3824 } 3829 3825 3830 3826 /** ··· 3880 3874 int i; 3881 3875 3882 3876 for (i = 0; i < adapter->num_rx_queues; i++) 3883 - igb_clean_rx_ring(adapter->rx_ring[i]); 3877 + if (adapter->rx_ring[i]) 3878 + igb_clean_rx_ring(adapter->rx_ring[i]); 3884 3879 } 3885 3880 3886 3881 /** ··· 7411 7404 pci_restore_state(pdev); 7412 7405 pci_save_state(pdev); 7413 7406 7407 + if (!pci_device_is_present(pdev)) 7408 + return -ENODEV; 7414 7409 err = pci_enable_device_mem(pdev); 7415 7410 if (err) { 7416 7411 dev_err(&pdev->dev,
+13 -4
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
··· 3936 3936 * if SR-IOV and VMDQ are disabled - otherwise ensure 3937 3937 * that hardware VLAN filters remain enabled. 3938 3938 */ 3939 - if (!(adapter->flags & (IXGBE_FLAG_VMDQ_ENABLED | 3940 - IXGBE_FLAG_SRIOV_ENABLED))) 3939 + if (adapter->flags & (IXGBE_FLAG_VMDQ_ENABLED | 3940 + IXGBE_FLAG_SRIOV_ENABLED)) 3941 3941 vlnctrl |= (IXGBE_VLNCTRL_VFE | IXGBE_VLNCTRL_CFIEN); 3942 3942 } else { 3943 3943 if (netdev->flags & IFF_ALLMULTI) { ··· 7669 7669 return -EOPNOTSUPP; 7670 7670 7671 7671 br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC); 7672 + if (!br_spec) 7673 + return -EINVAL; 7672 7674 7673 7675 nla_for_each_nested(attr, br_spec, rem) { 7674 7676 __u16 mode; ··· 7678 7676 7679 7677 if (nla_type(attr) != IFLA_BRIDGE_MODE) 7680 7678 continue; 7679 + 7680 + if (nla_len(attr) < sizeof(mode)) 7681 + return -EINVAL; 7681 7682 7682 7683 mode = nla_get_u16(attr); 7683 7684 if (mode == BRIDGE_MODE_VEPA) { ··· 7984 7979 int i, err, pci_using_dac, expected_gts; 7985 7980 unsigned int indices = MAX_TX_QUEUES; 7986 7981 u8 part_str[IXGBE_PBANUM_LENGTH]; 7982 + bool disable_dev = false; 7987 7983 #ifdef IXGBE_FCOE 7988 7984 u16 device_caps; 7989 7985 #endif ··· 8375 8369 iounmap(adapter->io_addr); 8376 8370 kfree(adapter->mac_table); 8377 8371 err_ioremap: 8372 + disable_dev = !test_and_set_bit(__IXGBE_DISABLED, &adapter->state); 8378 8373 free_netdev(netdev); 8379 8374 err_alloc_etherdev: 8380 8375 pci_release_selected_regions(pdev, 8381 8376 pci_select_bars(pdev, IORESOURCE_MEM)); 8382 8377 err_pci_reg: 8383 8378 err_dma: 8384 - if (!adapter || !test_and_set_bit(__IXGBE_DISABLED, &adapter->state)) 8379 + if (!adapter || disable_dev) 8385 8380 pci_disable_device(pdev); 8386 8381 return err; 8387 8382 } ··· 8400 8393 { 8401 8394 struct ixgbe_adapter *adapter = pci_get_drvdata(pdev); 8402 8395 struct net_device *netdev = adapter->netdev; 8396 + bool disable_dev; 8403 8397 8404 8398 ixgbe_dbg_adapter_exit(adapter); 8405 8399 ··· 8450 8442 e_dev_info("complete\n"); 8451 8443 8452 8444 kfree(adapter->mac_table); 8445 + disable_dev = !test_and_set_bit(__IXGBE_DISABLED, &adapter->state); 8453 8446 free_netdev(netdev); 8454 8447 8455 8448 pci_disable_pcie_error_reporting(pdev); 8456 8449 8457 - if (!test_and_set_bit(__IXGBE_DISABLED, &adapter->state)) 8450 + if (disable_dev) 8458 8451 pci_disable_device(pdev); 8459 8452 } 8460 8453
+1 -1
drivers/net/ethernet/mellanox/mlx4/resource_tracker.c
··· 1546 1546 1547 1547 switch (op) { 1548 1548 case RES_OP_RESERVE: 1549 - count = get_param_l(&in_param); 1549 + count = get_param_l(&in_param) & 0xffffff; 1550 1550 align = get_param_h(&in_param); 1551 1551 err = mlx4_grant_resource(dev, slave, RES_QP, count, 0); 1552 1552 if (err)
+7 -6
drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c
··· 177 177 */ 178 178 plat->maxmtu = JUMBO_LEN; 179 179 180 - /* Set default value for multicast hash bins */ 181 - plat->multicast_filter_bins = HASH_TABLE_SIZE; 182 - 183 - /* Set default value for unicast filter entries */ 184 - plat->unicast_filter_entries = 1; 185 - 186 180 /* 187 181 * Currently only the properties needed on SPEAr600 188 182 * are provided. All other properties should be added ··· 264 270 return PTR_ERR(addr); 265 271 266 272 plat_dat = dev_get_platdata(&pdev->dev); 273 + 274 + /* Set default value for multicast hash bins */ 275 + plat_dat->multicast_filter_bins = HASH_TABLE_SIZE; 276 + 277 + /* Set default value for unicast filter entries */ 278 + plat_dat->unicast_filter_entries = 1; 279 + 267 280 if (pdev->dev.of_node) { 268 281 if (!plat_dat) 269 282 plat_dat = devm_kzalloc(&pdev->dev,
+2 -2
drivers/net/vxlan.c
··· 2306 2306 if (ipv6) { 2307 2307 udp_conf.family = AF_INET6; 2308 2308 udp_conf.use_udp6_tx_checksums = 2309 - !!(flags & VXLAN_F_UDP_ZERO_CSUM6_TX); 2309 + !(flags & VXLAN_F_UDP_ZERO_CSUM6_TX); 2310 2310 udp_conf.use_udp6_rx_checksums = 2311 - !!(flags & VXLAN_F_UDP_ZERO_CSUM6_RX); 2311 + !(flags & VXLAN_F_UDP_ZERO_CSUM6_RX); 2312 2312 } else { 2313 2313 udp_conf.family = AF_INET; 2314 2314 udp_conf.local_ip.s_addr = INADDR_ANY;
+2
drivers/net/wireless/iwlwifi/iwl-fw.h
··· 155 155 * @IWL_UCODE_TLV_CAPA_QUIET_PERIOD_SUPPORT: supports Quiet Period requests 156 156 * @IWL_UCODE_TLV_CAPA_DQA_SUPPORT: supports dynamic queue allocation (DQA), 157 157 * which also implies support for the scheduler configuration command 158 + * @IWL_UCODE_TLV_CAPA_HOTSPOT_SUPPORT: supports Hot Spot Command 158 159 */ 159 160 enum iwl_ucode_tlv_capa { 160 161 IWL_UCODE_TLV_CAPA_D0I3_SUPPORT = BIT(0), ··· 164 163 IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT = BIT(10), 165 164 IWL_UCODE_TLV_CAPA_QUIET_PERIOD_SUPPORT = BIT(11), 166 165 IWL_UCODE_TLV_CAPA_DQA_SUPPORT = BIT(12), 166 + IWL_UCODE_TLV_CAPA_HOTSPOT_SUPPORT = BIT(18), 167 167 }; 168 168 169 169 /* The default calibrate table size if not specified by firmware file */
+9 -3
drivers/net/wireless/iwlwifi/mvm/mac80211.c
··· 2448 2448 2449 2449 switch (vif->type) { 2450 2450 case NL80211_IFTYPE_STATION: 2451 - /* Use aux roc framework (HS20) */ 2452 - ret = iwl_mvm_send_aux_roc_cmd(mvm, channel, 2453 - vif, duration); 2451 + if (mvm->fw->ucode_capa.capa[0] & 2452 + IWL_UCODE_TLV_CAPA_HOTSPOT_SUPPORT) { 2453 + /* Use aux roc framework (HS20) */ 2454 + ret = iwl_mvm_send_aux_roc_cmd(mvm, channel, 2455 + vif, duration); 2456 + goto out_unlock; 2457 + } 2458 + IWL_ERR(mvm, "hotspot not supported\n"); 2459 + ret = -EINVAL; 2454 2460 goto out_unlock; 2455 2461 case NL80211_IFTYPE_P2P_DEVICE: 2456 2462 /* handle below */
+10 -10
drivers/net/wireless/rtlwifi/pci.c
··· 2249 2249 /*like read eeprom and so on */ 2250 2250 rtlpriv->cfg->ops->read_eeprom_info(hw); 2251 2251 2252 + if (rtlpriv->cfg->ops->init_sw_vars(hw)) { 2253 + RT_TRACE(rtlpriv, COMP_ERR, DBG_EMERG, "Can't init_sw_vars\n"); 2254 + err = -ENODEV; 2255 + goto fail3; 2256 + } 2257 + rtlpriv->cfg->ops->init_sw_leds(hw); 2258 + 2259 + /*aspm */ 2260 + rtl_pci_init_aspm(hw); 2261 + 2252 2262 /* Init mac80211 sw */ 2253 2263 err = rtl_init_core(hw); 2254 2264 if (err) { ··· 2273 2263 RT_TRACE(rtlpriv, COMP_ERR, DBG_EMERG, "Failed to init PCI\n"); 2274 2264 goto fail3; 2275 2265 } 2276 - 2277 - if (rtlpriv->cfg->ops->init_sw_vars(hw)) { 2278 - RT_TRACE(rtlpriv, COMP_ERR, DBG_EMERG, "Can't init_sw_vars\n"); 2279 - err = -ENODEV; 2280 - goto fail3; 2281 - } 2282 - rtlpriv->cfg->ops->init_sw_leds(hw); 2283 - 2284 - /*aspm */ 2285 - rtl_pci_init_aspm(hw); 2286 2266 2287 2267 err = ieee80211_register_hw(hw); 2288 2268 if (err) {
+3 -2
drivers/net/wireless/rtlwifi/rtl8821ae/hw.c
··· 3672 3672 mac->opmode == NL80211_IFTYPE_ADHOC) 3673 3673 macid = sta->aid + 1; 3674 3674 if (wirelessmode == WIRELESS_MODE_N_5G || 3675 - wirelessmode == WIRELESS_MODE_AC_5G) 3676 - ratr_bitmap = sta->supp_rates[NL80211_BAND_5GHZ]; 3675 + wirelessmode == WIRELESS_MODE_AC_5G || 3676 + wirelessmode == WIRELESS_MODE_A) 3677 + ratr_bitmap = sta->supp_rates[NL80211_BAND_5GHZ] << 4; 3677 3678 else 3678 3679 ratr_bitmap = sta->supp_rates[NL80211_BAND_2GHZ]; 3679 3680
+9 -6
drivers/net/xen-netback/xenbus.c
··· 39 39 static int connect_rings(struct backend_info *be, struct xenvif_queue *queue); 40 40 static void connect(struct backend_info *be); 41 41 static int read_xenbus_vif_flags(struct backend_info *be); 42 - static void backend_create_xenvif(struct backend_info *be); 42 + static int backend_create_xenvif(struct backend_info *be); 43 43 static void unregister_hotplug_status_watch(struct backend_info *be); 44 44 static void set_backend_state(struct backend_info *be, 45 45 enum xenbus_state state); ··· 352 352 be->state = XenbusStateInitWait; 353 353 354 354 /* This kicks hotplug scripts, so do it immediately. */ 355 - backend_create_xenvif(be); 355 + err = backend_create_xenvif(be); 356 + if (err) 357 + goto fail; 356 358 357 359 return 0; 358 360 ··· 399 397 } 400 398 401 399 402 - static void backend_create_xenvif(struct backend_info *be) 400 + static int backend_create_xenvif(struct backend_info *be) 403 401 { 404 402 int err; 405 403 long handle; 406 404 struct xenbus_device *dev = be->dev; 407 405 408 406 if (be->vif != NULL) 409 - return; 407 + return 0; 410 408 411 409 err = xenbus_scanf(XBT_NIL, dev->nodename, "handle", "%li", &handle); 412 410 if (err != 1) { 413 411 xenbus_dev_fatal(dev, err, "reading handle"); 414 - return; 412 + return (err < 0) ? err : -EINVAL; 415 413 } 416 414 417 415 be->vif = xenvif_alloc(&dev->dev, dev->otherend_id, handle); ··· 419 417 err = PTR_ERR(be->vif); 420 418 be->vif = NULL; 421 419 xenbus_dev_fatal(dev, err, "creating interface"); 422 - return; 420 + return err; 423 421 } 424 422 425 423 kobject_uevent(&dev->dev.kobj, KOBJ_ONLINE); 424 + return 0; 426 425 } 427 426 428 427 static void backend_disconnect(struct backend_info *be)
+2
include/net/inet_common.h
··· 37 37 int inet_ctl_sock_create(struct sock **sk, unsigned short family, 38 38 unsigned short type, unsigned char protocol, 39 39 struct net *net); 40 + int inet_recv_error(struct sock *sk, struct msghdr *msg, int len, 41 + int *addr_len); 40 42 41 43 static inline void inet_ctl_sock_destroy(struct sock *sk) 42 44 {
+1
net/bridge/br_netlink.c
··· 280 280 [IFLA_BRPORT_MODE] = { .type = NLA_U8 }, 281 281 [IFLA_BRPORT_GUARD] = { .type = NLA_U8 }, 282 282 [IFLA_BRPORT_PROTECT] = { .type = NLA_U8 }, 283 + [IFLA_BRPORT_FAST_LEAVE]= { .type = NLA_U8 }, 283 284 [IFLA_BRPORT_LEARNING] = { .type = NLA_U8 }, 284 285 [IFLA_BRPORT_UNICAST_FLOOD] = { .type = NLA_U8 }, 285 286 };
+18 -5
net/core/rtnetlink.c
··· 2685 2685 int idx = 0; 2686 2686 u32 portid = NETLINK_CB(cb->skb).portid; 2687 2687 u32 seq = cb->nlh->nlmsg_seq; 2688 - struct nlattr *extfilt; 2689 2688 u32 filter_mask = 0; 2690 2689 2691 - extfilt = nlmsg_find_attr(cb->nlh, sizeof(struct ifinfomsg), 2692 - IFLA_EXT_MASK); 2693 - if (extfilt) 2694 - filter_mask = nla_get_u32(extfilt); 2690 + if (nlmsg_len(cb->nlh) > sizeof(struct ifinfomsg)) { 2691 + struct nlattr *extfilt; 2692 + 2693 + extfilt = nlmsg_find_attr(cb->nlh, sizeof(struct ifinfomsg), 2694 + IFLA_EXT_MASK); 2695 + if (extfilt) { 2696 + if (nla_len(extfilt) < sizeof(filter_mask)) 2697 + return -EINVAL; 2698 + 2699 + filter_mask = nla_get_u32(extfilt); 2700 + } 2701 + } 2695 2702 2696 2703 rcu_read_lock(); 2697 2704 for_each_netdev_rcu(net, dev) { ··· 2805 2798 if (br_spec) { 2806 2799 nla_for_each_nested(attr, br_spec, rem) { 2807 2800 if (nla_type(attr) == IFLA_BRIDGE_FLAGS) { 2801 + if (nla_len(attr) < sizeof(flags)) 2802 + return -EINVAL; 2803 + 2808 2804 have_flags = true; 2809 2805 flags = nla_get_u16(attr); 2810 2806 break; ··· 2878 2868 if (br_spec) { 2879 2869 nla_for_each_nested(attr, br_spec, rem) { 2880 2870 if (nla_type(attr) == IFLA_BRIDGE_FLAGS) { 2871 + if (nla_len(attr) < sizeof(flags)) 2872 + return -EINVAL; 2873 + 2881 2874 have_flags = true; 2882 2875 flags = nla_get_u16(attr); 2883 2876 break;
+11
net/ipv4/af_inet.c
··· 1386 1386 return pp; 1387 1387 } 1388 1388 1389 + int inet_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len) 1390 + { 1391 + if (sk->sk_family == AF_INET) 1392 + return ip_recv_error(sk, msg, len, addr_len); 1393 + #if IS_ENABLED(CONFIG_IPV6) 1394 + if (sk->sk_family == AF_INET6) 1395 + return pingv6_ops.ipv6_recv_error(sk, msg, len, addr_len); 1396 + #endif 1397 + return -EINVAL; 1398 + } 1399 + 1389 1400 static int inet_gro_complete(struct sk_buff *skb, int nhoff) 1390 1401 { 1391 1402 __be16 newlen = htons(skb->len - nhoff);
+1
net/ipv4/ip_vti.c
··· 528 528 .validate = vti_tunnel_validate, 529 529 .newlink = vti_newlink, 530 530 .changelink = vti_changelink, 531 + .dellink = ip_tunnel_dellink, 531 532 .get_size = vti_get_size, 532 533 .fill_info = vti_fill_info, 533 534 };
+4 -10
net/ipv4/ping.c
··· 217 217 &ipv6_hdr(skb)->daddr)) 218 218 continue; 219 219 #endif 220 + } else { 221 + continue; 220 222 } 221 223 222 224 if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif) ··· 855 853 if (flags & MSG_OOB) 856 854 goto out; 857 855 858 - if (flags & MSG_ERRQUEUE) { 859 - if (family == AF_INET) { 860 - return ip_recv_error(sk, msg, len, addr_len); 861 - #if IS_ENABLED(CONFIG_IPV6) 862 - } else if (family == AF_INET6) { 863 - return pingv6_ops.ipv6_recv_error(sk, msg, len, 864 - addr_len); 865 - #endif 866 - } 867 - } 856 + if (flags & MSG_ERRQUEUE) 857 + return inet_recv_error(sk, msg, len, addr_len); 868 858 869 859 skb = skb_recv_datagram(sk, flags, noblock, &err); 870 860 if (!skb)
+1 -1
net/ipv4/tcp.c
··· 1598 1598 u32 urg_hole = 0; 1599 1599 1600 1600 if (unlikely(flags & MSG_ERRQUEUE)) 1601 - return ip_recv_error(sk, msg, len, addr_len); 1601 + return inet_recv_error(sk, msg, len, addr_len); 1602 1602 1603 1603 if (sk_can_busy_loop(sk) && skb_queue_empty(&sk->sk_receive_queue) && 1604 1604 (sk->sk_state == TCP_ESTABLISHED))
+4 -1
net/ipv4/tcp_ipv4.c
··· 598 598 if (th->rst) 599 599 return; 600 600 601 - if (skb_rtable(skb)->rt_type != RTN_LOCAL) 601 + /* If sk not NULL, it means we did a successful lookup and incoming 602 + * route had to be correct. prequeue might have dropped our dst. 603 + */ 604 + if (!sk && skb_rtable(skb)->rt_type != RTN_LOCAL) 602 605 return; 603 606 604 607 /* Swap the send and the receive. */
+2 -2
net/ipv6/ip6_gre.c
··· 502 502 503 503 skb->protocol = gre_proto; 504 504 /* WCCP version 1 and 2 protocol decoding. 505 - * - Change protocol to IP 505 + * - Change protocol to IPv6 506 506 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header 507 507 */ 508 508 if (flags == 0 && gre_proto == htons(ETH_P_WCCP)) { 509 - skb->protocol = htons(ETH_P_IP); 509 + skb->protocol = htons(ETH_P_IPV6); 510 510 if ((*(h + offset) & 0xF0) != 0x40) 511 511 offset += 4; 512 512 }
+2 -1
net/ipv6/ip6_offload.c
··· 69 69 int nhoff; 70 70 71 71 if (unlikely(skb_shinfo(skb)->gso_type & 72 - ~(SKB_GSO_UDP | 72 + ~(SKB_GSO_TCPV4 | 73 + SKB_GSO_UDP | 73 74 SKB_GSO_DODGY | 74 75 SKB_GSO_TCP_ECN | 75 76 SKB_GSO_GRE |
+1 -3
net/ipv6/ip6_udp_tunnel.c
··· 79 79 uh->source = src_port; 80 80 81 81 uh->len = htons(skb->len); 82 - uh->check = 0; 83 82 84 83 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); 85 84 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED 86 85 | IPSKB_REROUTED); 87 86 skb_dst_set(skb, dst); 88 87 89 - udp6_set_csum(udp_get_no_check6_tx(sk), skb, &inet6_sk(sk)->saddr, 90 - &sk->sk_v6_daddr, skb->len); 88 + udp6_set_csum(udp_get_no_check6_tx(sk), skb, saddr, daddr, skb->len); 91 89 92 90 __skb_push(skb, sizeof(*ip6h)); 93 91 skb_reset_network_header(skb);
+11
net/ipv6/ip6_vti.c
··· 905 905 return vti6_tnl_create2(dev); 906 906 } 907 907 908 + static void vti6_dellink(struct net_device *dev, struct list_head *head) 909 + { 910 + struct net *net = dev_net(dev); 911 + struct vti6_net *ip6n = net_generic(net, vti6_net_id); 912 + 913 + if (dev != ip6n->fb_tnl_dev) 914 + unregister_netdevice_queue(dev, head); 915 + } 916 + 908 917 static int vti6_changelink(struct net_device *dev, struct nlattr *tb[], 909 918 struct nlattr *data[]) 910 919 { ··· 989 980 .setup = vti6_dev_setup, 990 981 .validate = vti6_validate, 991 982 .newlink = vti6_newlink, 983 + .dellink = vti6_dellink, 992 984 .changelink = vti6_changelink, 993 985 .get_size = vti6_get_size, 994 986 .fill_info = vti6_fill_info, ··· 1030 1020 if (!ip6n->fb_tnl_dev) 1031 1021 goto err_alloc_dev; 1032 1022 dev_net_set(ip6n->fb_tnl_dev, net); 1023 + ip6n->fb_tnl_dev->rtnl_link_ops = &vti6_link_ops; 1033 1024 1034 1025 err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev); 1035 1026 if (err < 0)
+4 -1
net/ipv6/tcp_ipv6.c
··· 903 903 if (th->rst) 904 904 return; 905 905 906 - if (!ipv6_unicast_destination(skb)) 906 + /* If sk not NULL, it means we did a successful lookup and incoming 907 + * route had to be correct. prequeue might have dropped our dst. 908 + */ 909 + if (!sk && !ipv6_unicast_destination(skb)) 907 910 return; 908 911 909 912 #ifdef CONFIG_TCP_MD5SIG
+6 -8
net/netfilter/nf_conntrack_core.c
··· 611 611 */ 612 612 NF_CT_ASSERT(!nf_ct_is_confirmed(ct)); 613 613 pr_debug("Confirming conntrack %p\n", ct); 614 - 615 - /* We have to check the DYING flag after unlink to prevent 616 - * a race against nf_ct_get_next_corpse() possibly called from 617 - * user context, else we insert an already 'dead' hash, blocking 618 - * further use of that particular connection -JM. 619 - */ 620 - nf_ct_del_from_dying_or_unconfirmed_list(ct); 614 + /* We have to check the DYING flag inside the lock to prevent 615 + a race against nf_ct_get_next_corpse() possibly called from 616 + user context, else we insert an already 'dead' hash, blocking 617 + further use of that particular connection -JM */ 621 618 622 619 if (unlikely(nf_ct_is_dying(ct))) { 623 - nf_ct_add_to_dying_list(ct); 624 620 nf_conntrack_double_unlock(hash, reply_hash); 625 621 local_bh_enable(); 626 622 return NF_ACCEPT; ··· 635 639 &h->tuple) && 636 640 zone == nf_ct_zone(nf_ct_tuplehash_to_ctrack(h))) 637 641 goto out; 642 + 643 + nf_ct_del_from_dying_or_unconfirmed_list(ct); 638 644 639 645 /* Timer relative to confirmation time, not original 640 646 setting time, otherwise we'd get timer wrap in
+1 -1
net/packet/af_packet.c
··· 378 378 __unregister_prot_hook(sk, sync); 379 379 } 380 380 381 - static inline __pure struct page *pgv_to_page(void *addr) 381 + static inline struct page * __pure pgv_to_page(void *addr) 382 382 { 383 383 if (is_vmalloc_addr(addr)) 384 384 return vmalloc_to_page(addr);