Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'net-5.17-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Pull networking fixes from Jakub Kicinski:
"Including fixes from can, xfrm, wifi, bluetooth, and netfilter.

Lots of various size fixes, the length of the tag speaks for itself.
Most of the 5.17-relevant stuff comes from xfrm, wifi and bt trees
which had been lagging as you pointed out previously. But there's also
a larger than we'd like portion of fixes for bugs from previous
releases.

Three more fixes still under discussion, including and xfrm revert for
uAPI error.

Current release - regressions:

- iwlwifi: don't advertise TWT support, prevent FW crash

- xfrm: fix the if_id check in changelink

- xen/netfront: destroy queues before real_num_tx_queues is zeroed

- bluetooth: fix not checking MGMT cmd pending queue, make scanning
work again

Current release - new code bugs:

- mptcp: make SIOCOUTQ accurate for fallback socket

- bluetooth: access skb->len after null check

- bluetooth: hci_sync: fix not using conn_timeout

- smc: fix cleanup when register ULP fails

- dsa: restore error path of dsa_tree_change_tag_proto

- iwlwifi: fix build error for IWLMEI

- iwlwifi: mvm: propagate error from request_ownership to the user

Previous releases - regressions:

- xfrm: fix pMTU regression when reported pMTU is too small

- xfrm: fix TCP MSS calculation when pMTU is close to 1280

- bluetooth: fix bt_skb_sendmmsg not allocating partial chunks

- ipv6: ensure we call ipv6_mc_down() at most once, prevent leaks

- ipv6: prevent leaks in igmp6 when input queues get full

- fix up skbs delta_truesize in UDP GRO frag_list

- eth: e1000e: fix possible HW unit hang after an s0ix exit

- eth: e1000e: correct NVM checksum verification flow

- ptp: ocp: fix large time adjustments

Previous releases - always broken:

- tcp: make tcp_read_sock() more robust in presence of urgent data

- xfrm: distinguishing SAs and SPs by if_id in xfrm_migrate

- xfrm: fix xfrm_migrate issues when address family changes

- dcb: flush lingering app table entries for unregistered devices

- smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error

- mac80211: fix EAPoL rekey fail in 802.3 rx path

- mac80211: fix forwarded mesh frames AC & queue selection

- netfilter: nf_queue: fix socket access races and bugs

- batman-adv: fix ToCToU iflink problems and check the result belongs
to the expected net namespace

- can: gs_usb, etas_es58x: fix opened_channel_cnt's accounting

- can: rcar_canfd: register the CAN device when fully ready

- eth: igb, igc: phy: drop premature return leaking HW semaphore

- eth: ixgbe: xsk: change !netif_carrier_ok() handling in
ixgbe_xmit_zc(), prevent live lock when link goes down

- eth: stmmac: only enable DMA interrupts when ready

- eth: sparx5: move vlan checks before any changes are made

- eth: iavf: fix races around init, removal, resets and vlan ops

- ibmvnic: more reset flow fixes

Misc:

- eth: fix return value of __setup handlers"

* tag 'net-5.17-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (92 commits)
ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()
net: dsa: make dsa_tree_change_tag_proto actually unwind the tag proto change
ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc()
selftests: mlxsw: resource_scale: Fix return value
selftests: mlxsw: tc_police_scale: Make test more robust
net: dcb: disable softirqs in dcbnl_flush_dev()
bnx2: Fix an error message
sfc: extend the locking on mcdi->seqno
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server
net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client
net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
tcp: make tcp_read_sock() more robust
bpf, sockmap: Do not ignore orig_len parameter
net: ipa: add an interconnect dependency
net: fix up skbs delta_truesize in UDP GRO frag_list
iwlwifi: mvm: return value for request_ownership
nl80211: Update bss channel on channel switch for P2P_CLIENT
iwlwifi: fix build error for IWLMEI
ptp: ocp: Add ptp_ocp_adjtime_coarse for large adjustments
batman-adv: Don't expect inter-netns unique iflink indices
...

+988 -343
+2
drivers/atm/firestream.c
··· 1676 1676 dev->hw_base = pci_resource_start(pci_dev, 0); 1677 1677 1678 1678 dev->base = ioremap(dev->hw_base, 0x1000); 1679 + if (!dev->base) 1680 + return 1; 1679 1681 1680 1682 reset_chip (dev); 1681 1683
+3
drivers/net/arcnet/com20020-pci.c
··· 138 138 return -ENOMEM; 139 139 140 140 ci = (struct com20020_pci_card_info *)id->driver_data; 141 + if (!ci) 142 + return -EINVAL; 143 + 141 144 priv->ci = ci; 142 145 mm = &ci->misc_map; 143 146
+3 -3
drivers/net/can/rcar/rcar_canfd.c
··· 1715 1715 1716 1716 netif_napi_add(ndev, &priv->napi, rcar_canfd_rx_poll, 1717 1717 RCANFD_NAPI_WEIGHT); 1718 + spin_lock_init(&priv->tx_lock); 1719 + devm_can_led_init(ndev); 1720 + gpriv->ch[priv->channel] = priv; 1718 1721 err = register_candev(ndev); 1719 1722 if (err) { 1720 1723 dev_err(&pdev->dev, 1721 1724 "register_candev() failed, error %d\n", err); 1722 1725 goto fail_candev; 1723 1726 } 1724 - spin_lock_init(&priv->tx_lock); 1725 - devm_can_led_init(ndev); 1726 - gpriv->ch[priv->channel] = priv; 1727 1727 dev_info(&pdev->dev, "device registered (channel %u)\n", priv->channel); 1728 1728 return 0; 1729 1729
+5 -4
drivers/net/can/usb/etas_es58x/es58x_core.c
··· 1787 1787 struct es58x_device *es58x_dev = es58x_priv(netdev)->es58x_dev; 1788 1788 int ret; 1789 1789 1790 - if (atomic_inc_return(&es58x_dev->opened_channel_cnt) == 1) { 1790 + if (!es58x_dev->opened_channel_cnt) { 1791 1791 ret = es58x_alloc_rx_urbs(es58x_dev); 1792 1792 if (ret) 1793 1793 return ret; ··· 1805 1805 if (ret) 1806 1806 goto free_urbs; 1807 1807 1808 + es58x_dev->opened_channel_cnt++; 1808 1809 netif_start_queue(netdev); 1809 1810 1810 1811 return ret; 1811 1812 1812 1813 free_urbs: 1813 - if (atomic_dec_and_test(&es58x_dev->opened_channel_cnt)) 1814 + if (!es58x_dev->opened_channel_cnt) 1814 1815 es58x_free_urbs(es58x_dev); 1815 1816 netdev_err(netdev, "%s: Could not open the network device: %pe\n", 1816 1817 __func__, ERR_PTR(ret)); ··· 1846 1845 1847 1846 es58x_flush_pending_tx_msg(netdev); 1848 1847 1849 - if (atomic_dec_and_test(&es58x_dev->opened_channel_cnt)) 1848 + es58x_dev->opened_channel_cnt--; 1849 + if (!es58x_dev->opened_channel_cnt) 1850 1850 es58x_free_urbs(es58x_dev); 1851 1851 1852 1852 return 0; ··· 2217 2215 init_usb_anchor(&es58x_dev->tx_urbs_idle); 2218 2216 init_usb_anchor(&es58x_dev->tx_urbs_busy); 2219 2217 atomic_set(&es58x_dev->tx_urbs_idle_cnt, 0); 2220 - atomic_set(&es58x_dev->opened_channel_cnt, 0); 2221 2218 usb_set_intfdata(intf, es58x_dev); 2222 2219 2223 2220 es58x_dev->rx_pipe = usb_rcvbulkpipe(es58x_dev->udev,
+5 -3
drivers/net/can/usb/etas_es58x/es58x_core.h
··· 373 373 * queue wake/stop logic should prevent this URB from getting 374 374 * empty. Please refer to es58x_get_tx_urb() for more details. 375 375 * @tx_urbs_idle_cnt: number of urbs in @tx_urbs_idle. 376 - * @opened_channel_cnt: number of channels opened (c.f. es58x_open() 377 - * and es58x_stop()). 378 376 * @ktime_req_ns: kernel timestamp when es58x_set_realtime_diff_ns() 379 377 * was called. 380 378 * @realtime_diff_ns: difference in nanoseconds between the clocks of ··· 382 384 * in RX branches. 383 385 * @rx_max_packet_size: Maximum length of bulk-in URB. 384 386 * @num_can_ch: Number of CAN channel (i.e. number of elements of @netdev). 387 + * @opened_channel_cnt: number of channels opened. Free of race 388 + * conditions because its two users (net_device_ops:ndo_open() 389 + * and net_device_ops:ndo_close()) guarantee that the network 390 + * stack big kernel lock (a.k.a. rtnl_mutex) is being hold. 385 391 * @rx_cmd_buf_len: Length of @rx_cmd_buf. 386 392 * @rx_cmd_buf: The device might split the URB commands in an 387 393 * arbitrary amount of pieces. This buffer is used to concatenate ··· 408 406 struct usb_anchor tx_urbs_busy; 409 407 struct usb_anchor tx_urbs_idle; 410 408 atomic_t tx_urbs_idle_cnt; 411 - atomic_t opened_channel_cnt; 412 409 413 410 u64 ktime_req_ns; 414 411 s64 realtime_diff_ns; ··· 416 415 417 416 u16 rx_max_packet_size; 418 417 u8 num_can_ch; 418 + u8 opened_channel_cnt; 419 419 420 420 u16 rx_cmd_buf_len; 421 421 union es58x_urb_cmd rx_cmd_buf;
+5 -5
drivers/net/can/usb/gs_usb.c
··· 191 191 struct gs_usb { 192 192 struct gs_can *canch[GS_MAX_INTF]; 193 193 struct usb_anchor rx_submitted; 194 - atomic_t active_channels; 195 194 struct usb_device *udev; 195 + u8 active_channels; 196 196 }; 197 197 198 198 /* 'allocate' a tx context. ··· 589 589 if (rc) 590 590 return rc; 591 591 592 - if (atomic_add_return(1, &parent->active_channels) == 1) { 592 + if (!parent->active_channels) { 593 593 for (i = 0; i < GS_MAX_RX_URBS; i++) { 594 594 struct urb *urb; 595 595 u8 *buf; ··· 690 690 691 691 dev->can.state = CAN_STATE_ERROR_ACTIVE; 692 692 693 + parent->active_channels++; 693 694 if (!(dev->can.ctrlmode & CAN_CTRLMODE_LISTENONLY)) 694 695 netif_start_queue(netdev); 695 696 ··· 706 705 netif_stop_queue(netdev); 707 706 708 707 /* Stop polling */ 709 - if (atomic_dec_and_test(&parent->active_channels)) 708 + parent->active_channels--; 709 + if (!parent->active_channels) 710 710 usb_kill_anchored_urbs(&parent->rx_submitted); 711 711 712 712 /* Stop sending URBs */ ··· 985 983 } 986 984 987 985 init_usb_anchor(&dev->rx_submitted); 988 - 989 - atomic_set(&dev->active_channels, 0); 990 986 991 987 usb_set_intfdata(intf, dev); 992 988 dev->udev = interface_to_usbdev(intf);
+1 -1
drivers/net/ethernet/broadcom/bnx2.c
··· 8216 8216 rc = dma_set_coherent_mask(&pdev->dev, persist_dma_mask); 8217 8217 if (rc) { 8218 8218 dev_err(&pdev->dev, 8219 - "pci_set_consistent_dma_mask failed, aborting\n"); 8219 + "dma_set_coherent_mask failed, aborting\n"); 8220 8220 goto err_out_unmap; 8221 8221 } 8222 8222 } else if ((rc = dma_set_mask(&pdev->dev, DMA_BIT_MASK(32))) != 0) {
+2
drivers/net/ethernet/chelsio/cxgb3/t3_hw.c
··· 3613 3613 MAC_STATS_ACCUM_SECS : (MAC_STATS_ACCUM_SECS * 10); 3614 3614 adapter->params.pci.vpd_cap_addr = 3615 3615 pci_find_capability(adapter->pdev, PCI_CAP_ID_VPD); 3616 + if (!adapter->params.pci.vpd_cap_addr) 3617 + return -ENODEV; 3616 3618 ret = get_vpd_params(adapter, &adapter->params.vpd); 3617 3619 if (ret < 0) 3618 3620 return ret;
+155 -28
drivers/net/ethernet/ibm/ibmvnic.c
··· 2213 2213 } 2214 2214 2215 2215 /* 2216 + * Initialize the init_done completion and return code values. We 2217 + * can get a transport event just after registering the CRQ and the 2218 + * tasklet will use this to communicate the transport event. To ensure 2219 + * we don't miss the notification/error, initialize these _before_ 2220 + * regisering the CRQ. 2221 + */ 2222 + static inline void reinit_init_done(struct ibmvnic_adapter *adapter) 2223 + { 2224 + reinit_completion(&adapter->init_done); 2225 + adapter->init_done_rc = 0; 2226 + } 2227 + 2228 + /* 2216 2229 * do_reset returns zero if we are able to keep processing reset events, or 2217 2230 * non-zero if we hit a fatal error and must halt. 2218 2231 */ ··· 2330 2317 * we are coming from the probed state. 2331 2318 */ 2332 2319 adapter->state = VNIC_PROBED; 2320 + 2321 + reinit_init_done(adapter); 2333 2322 2334 2323 if (adapter->reset_reason == VNIC_RESET_CHANGE_PARAM) { 2335 2324 rc = init_crq_queue(adapter); ··· 2476 2461 */ 2477 2462 adapter->state = VNIC_PROBED; 2478 2463 2479 - reinit_completion(&adapter->init_done); 2464 + reinit_init_done(adapter); 2465 + 2480 2466 rc = init_crq_queue(adapter); 2481 2467 if (rc) { 2482 2468 netdev_err(adapter->netdev, ··· 2618 2602 static void __ibmvnic_reset(struct work_struct *work) 2619 2603 { 2620 2604 struct ibmvnic_adapter *adapter; 2621 - bool saved_state = false; 2605 + unsigned int timeout = 5000; 2622 2606 struct ibmvnic_rwi *tmprwi; 2607 + bool saved_state = false; 2623 2608 struct ibmvnic_rwi *rwi; 2624 2609 unsigned long flags; 2625 - u32 reset_state; 2610 + struct device *dev; 2611 + bool need_reset; 2626 2612 int num_fails = 0; 2613 + u32 reset_state; 2627 2614 int rc = 0; 2628 2615 2629 2616 adapter = container_of(work, struct ibmvnic_adapter, ibmvnic_reset); 2617 + dev = &adapter->vdev->dev; 2630 2618 2631 - if (test_and_set_bit_lock(0, &adapter->resetting)) { 2619 + /* Wait for ibmvnic_probe() to complete. If probe is taking too long 2620 + * or if another reset is in progress, defer work for now. If probe 2621 + * eventually fails it will flush and terminate our work. 2622 + * 2623 + * Three possibilities here: 2624 + * 1. Adpater being removed - just return 2625 + * 2. Timed out on probe or another reset in progress - delay the work 2626 + * 3. Completed probe - perform any resets in queue 2627 + */ 2628 + if (adapter->state == VNIC_PROBING && 2629 + !wait_for_completion_timeout(&adapter->probe_done, timeout)) { 2630 + dev_err(dev, "Reset thread timed out on probe"); 2632 2631 queue_delayed_work(system_long_wq, 2633 2632 &adapter->ibmvnic_delayed_reset, 2634 2633 IBMVNIC_RESET_DELAY); 2635 2634 return; 2636 2635 } 2636 + 2637 + /* adapter is done with probe (i.e state is never VNIC_PROBING now) */ 2638 + if (adapter->state == VNIC_REMOVING) 2639 + return; 2640 + 2641 + /* ->rwi_list is stable now (no one else is removing entries) */ 2642 + 2643 + /* ibmvnic_probe() may have purged the reset queue after we were 2644 + * scheduled to process a reset so there maybe no resets to process. 2645 + * Before setting the ->resetting bit though, we have to make sure 2646 + * that there is infact a reset to process. Otherwise we may race 2647 + * with ibmvnic_open() and end up leaving the vnic down: 2648 + * 2649 + * __ibmvnic_reset() ibmvnic_open() 2650 + * ----------------- -------------- 2651 + * 2652 + * set ->resetting bit 2653 + * find ->resetting bit is set 2654 + * set ->state to IBMVNIC_OPEN (i.e 2655 + * assume reset will open device) 2656 + * return 2657 + * find reset queue empty 2658 + * return 2659 + * 2660 + * Neither performed vnic login/open and vnic stays down 2661 + * 2662 + * If we hold the lock and conditionally set the bit, either we 2663 + * or ibmvnic_open() will complete the open. 2664 + */ 2665 + need_reset = false; 2666 + spin_lock(&adapter->rwi_lock); 2667 + if (!list_empty(&adapter->rwi_list)) { 2668 + if (test_and_set_bit_lock(0, &adapter->resetting)) { 2669 + queue_delayed_work(system_long_wq, 2670 + &adapter->ibmvnic_delayed_reset, 2671 + IBMVNIC_RESET_DELAY); 2672 + } else { 2673 + need_reset = true; 2674 + } 2675 + } 2676 + spin_unlock(&adapter->rwi_lock); 2677 + 2678 + if (!need_reset) 2679 + return; 2637 2680 2638 2681 rwi = get_next_rwi(adapter); 2639 2682 while (rwi) { ··· 2810 2735 __ibmvnic_reset(&adapter->ibmvnic_reset); 2811 2736 } 2812 2737 2738 + static void flush_reset_queue(struct ibmvnic_adapter *adapter) 2739 + { 2740 + struct list_head *entry, *tmp_entry; 2741 + 2742 + if (!list_empty(&adapter->rwi_list)) { 2743 + list_for_each_safe(entry, tmp_entry, &adapter->rwi_list) { 2744 + list_del(entry); 2745 + kfree(list_entry(entry, struct ibmvnic_rwi, list)); 2746 + } 2747 + } 2748 + } 2749 + 2813 2750 static int ibmvnic_reset(struct ibmvnic_adapter *adapter, 2814 2751 enum ibmvnic_reset_reason reason) 2815 2752 { 2816 - struct list_head *entry, *tmp_entry; 2817 - struct ibmvnic_rwi *rwi, *tmp; 2818 2753 struct net_device *netdev = adapter->netdev; 2754 + struct ibmvnic_rwi *rwi, *tmp; 2819 2755 unsigned long flags; 2820 2756 int ret; 2821 2757 ··· 2842 2756 (adapter->failover_pending && reason != VNIC_RESET_FAILOVER)) { 2843 2757 ret = EBUSY; 2844 2758 netdev_dbg(netdev, "Adapter removing or pending failover, skipping reset\n"); 2845 - goto err; 2846 - } 2847 - 2848 - if (adapter->state == VNIC_PROBING) { 2849 - netdev_warn(netdev, "Adapter reset during probe\n"); 2850 - adapter->init_done_rc = -EAGAIN; 2851 - ret = EAGAIN; 2852 2759 goto err; 2853 2760 } 2854 2761 ··· 2862 2783 /* if we just received a transport event, 2863 2784 * flush reset queue and process this reset 2864 2785 */ 2865 - if (adapter->force_reset_recovery && !list_empty(&adapter->rwi_list)) { 2866 - list_for_each_safe(entry, tmp_entry, &adapter->rwi_list) 2867 - list_del(entry); 2868 - } 2786 + if (adapter->force_reset_recovery) 2787 + flush_reset_queue(adapter); 2788 + 2869 2789 rwi->reset_reason = reason; 2870 2790 list_add_tail(&rwi->list, &adapter->rwi_list); 2871 2791 netdev_dbg(adapter->netdev, "Scheduling reset (reason %s)\n", ··· 5399 5321 } 5400 5322 5401 5323 if (!completion_done(&adapter->init_done)) { 5402 - complete(&adapter->init_done); 5403 5324 if (!adapter->init_done_rc) 5404 5325 adapter->init_done_rc = -EAGAIN; 5326 + complete(&adapter->init_done); 5405 5327 } 5406 5328 5407 5329 break; ··· 5424 5346 adapter->fw_done_rc = -EIO; 5425 5347 complete(&adapter->fw_done); 5426 5348 } 5349 + 5350 + /* if we got here during crq-init, retry crq-init */ 5351 + if (!completion_done(&adapter->init_done)) { 5352 + adapter->init_done_rc = -EAGAIN; 5353 + complete(&adapter->init_done); 5354 + } 5355 + 5427 5356 if (!completion_done(&adapter->stats_done)) 5428 5357 complete(&adapter->stats_done); 5429 5358 if (test_bit(0, &adapter->resetting)) ··· 5747 5662 5748 5663 adapter->from_passive_init = false; 5749 5664 5750 - if (reset) 5751 - reinit_completion(&adapter->init_done); 5752 - 5753 - adapter->init_done_rc = 0; 5754 5665 rc = ibmvnic_send_crq_init(adapter); 5755 5666 if (rc) { 5756 5667 dev_err(dev, "Send crq init failed with error %d\n", rc); ··· 5760 5679 5761 5680 if (adapter->init_done_rc) { 5762 5681 release_crq_queue(adapter); 5682 + dev_err(dev, "CRQ-init failed, %d\n", adapter->init_done_rc); 5763 5683 return adapter->init_done_rc; 5764 5684 } 5765 5685 5766 5686 if (adapter->from_passive_init) { 5767 5687 adapter->state = VNIC_OPEN; 5768 5688 adapter->from_passive_init = false; 5689 + dev_err(dev, "CRQ-init failed, passive-init\n"); 5769 5690 return -EINVAL; 5770 5691 } 5771 5692 ··· 5807 5724 struct ibmvnic_adapter *adapter; 5808 5725 struct net_device *netdev; 5809 5726 unsigned char *mac_addr_p; 5727 + unsigned long flags; 5810 5728 bool init_success; 5811 5729 int rc; 5812 5730 ··· 5852 5768 spin_lock_init(&adapter->rwi_lock); 5853 5769 spin_lock_init(&adapter->state_lock); 5854 5770 mutex_init(&adapter->fw_lock); 5771 + init_completion(&adapter->probe_done); 5855 5772 init_completion(&adapter->init_done); 5856 5773 init_completion(&adapter->fw_done); 5857 5774 init_completion(&adapter->reset_done); ··· 5863 5778 5864 5779 init_success = false; 5865 5780 do { 5781 + reinit_init_done(adapter); 5782 + 5783 + /* clear any failovers we got in the previous pass 5784 + * since we are reinitializing the CRQ 5785 + */ 5786 + adapter->failover_pending = false; 5787 + 5788 + /* If we had already initialized CRQ, we may have one or 5789 + * more resets queued already. Discard those and release 5790 + * the CRQ before initializing the CRQ again. 5791 + */ 5792 + release_crq_queue(adapter); 5793 + 5794 + /* Since we are still in PROBING state, __ibmvnic_reset() 5795 + * will not access the ->rwi_list and since we released CRQ, 5796 + * we won't get _new_ transport events. But there maybe an 5797 + * ongoing ibmvnic_reset() call. So serialize access to 5798 + * rwi_list. If we win the race, ibvmnic_reset() could add 5799 + * a reset after we purged but thats ok - we just may end 5800 + * up with an extra reset (i.e similar to having two or more 5801 + * resets in the queue at once). 5802 + * CHECK. 5803 + */ 5804 + spin_lock_irqsave(&adapter->rwi_lock, flags); 5805 + flush_reset_queue(adapter); 5806 + spin_unlock_irqrestore(&adapter->rwi_lock, flags); 5807 + 5866 5808 rc = init_crq_queue(adapter); 5867 5809 if (rc) { 5868 5810 dev_err(&dev->dev, "Couldn't initialize crq. rc=%d\n", ··· 5921 5809 goto ibmvnic_dev_file_err; 5922 5810 5923 5811 netif_carrier_off(netdev); 5924 - rc = register_netdev(netdev); 5925 - if (rc) { 5926 - dev_err(&dev->dev, "failed to register netdev rc=%d\n", rc); 5927 - goto ibmvnic_register_fail; 5928 - } 5929 - dev_info(&dev->dev, "ibmvnic registered\n"); 5930 5812 5931 5813 if (init_success) { 5932 5814 adapter->state = VNIC_PROBED; ··· 5933 5827 5934 5828 adapter->wait_for_reset = false; 5935 5829 adapter->last_reset_time = jiffies; 5830 + 5831 + rc = register_netdev(netdev); 5832 + if (rc) { 5833 + dev_err(&dev->dev, "failed to register netdev rc=%d\n", rc); 5834 + goto ibmvnic_register_fail; 5835 + } 5836 + dev_info(&dev->dev, "ibmvnic registered\n"); 5837 + 5838 + complete(&adapter->probe_done); 5839 + 5936 5840 return 0; 5937 5841 5938 5842 ibmvnic_register_fail: ··· 5957 5841 ibmvnic_init_fail: 5958 5842 release_sub_crqs(adapter, 1); 5959 5843 release_crq_queue(adapter); 5844 + 5845 + /* cleanup worker thread after releasing CRQ so we don't get 5846 + * transport events (i.e new work items for the worker thread). 5847 + */ 5848 + adapter->state = VNIC_REMOVING; 5849 + complete(&adapter->probe_done); 5850 + flush_work(&adapter->ibmvnic_reset); 5851 + flush_delayed_work(&adapter->ibmvnic_delayed_reset); 5852 + 5853 + flush_reset_queue(adapter); 5854 + 5960 5855 mutex_destroy(&adapter->fw_lock); 5961 5856 free_netdev(netdev); 5962 5857
+1
drivers/net/ethernet/ibm/ibmvnic.h
··· 930 930 931 931 struct ibmvnic_tx_pool *tx_pool; 932 932 struct ibmvnic_tx_pool *tso_pool; 933 + struct completion probe_done; 933 934 struct completion init_done; 934 935 int init_done_rc; 935 936
+1
drivers/net/ethernet/intel/e1000e/hw.h
··· 630 630 bool disable_polarity_correction; 631 631 bool is_mdix; 632 632 bool polarity_correction; 633 + bool reset_disable; 633 634 bool speed_downgraded; 634 635 bool autoneg_wait_to_complete; 635 636 };
+6 -2
drivers/net/ethernet/intel/e1000e/ich8lan.c
··· 2050 2050 bool blocked = false; 2051 2051 int i = 0; 2052 2052 2053 + /* Check the PHY (LCD) reset flag */ 2054 + if (hw->phy.reset_disable) 2055 + return true; 2056 + 2053 2057 while ((blocked = !(er32(FWSM) & E1000_ICH_FWSM_RSPCIPHY)) && 2054 2058 (i++ < 30)) 2055 2059 usleep_range(10000, 11000); ··· 4140 4136 return ret_val; 4141 4137 4142 4138 if (!(data & valid_csum_mask)) { 4143 - e_dbg("NVM Checksum Invalid\n"); 4139 + e_dbg("NVM Checksum valid bit not set\n"); 4144 4140 4145 - if (hw->mac.type < e1000_pch_cnp) { 4141 + if (hw->mac.type < e1000_pch_tgp) { 4146 4142 data |= valid_csum_mask; 4147 4143 ret_val = e1000_write_nvm(hw, word, 1, &data); 4148 4144 if (ret_val)
+1
drivers/net/ethernet/intel/e1000e/ich8lan.h
··· 271 271 #define I217_CGFREG_ENABLE_MTA_RESET 0x0002 272 272 #define I217_MEMPWR PHY_REG(772, 26) 273 273 #define I217_MEMPWR_DISABLE_SMB_RELEASE 0x0010 274 + #define I217_MEMPWR_MOEM 0x1000 274 275 275 276 /* Receive Address Initial CRC Calculation */ 276 277 #define E1000_PCH_RAICC(_n) (0x05F50 + ((_n) * 4))
+26
drivers/net/ethernet/intel/e1000e/netdev.c
··· 6987 6987 struct net_device *netdev = pci_get_drvdata(to_pci_dev(dev)); 6988 6988 struct e1000_adapter *adapter = netdev_priv(netdev); 6989 6989 struct pci_dev *pdev = to_pci_dev(dev); 6990 + struct e1000_hw *hw = &adapter->hw; 6991 + u16 phy_data; 6990 6992 int rc; 6993 + 6994 + if (er32(FWSM) & E1000_ICH_FWSM_FW_VALID && 6995 + hw->mac.type >= e1000_pch_adp) { 6996 + /* Mask OEM Bits / Gig Disable / Restart AN (772_26[12] = 1) */ 6997 + e1e_rphy(hw, I217_MEMPWR, &phy_data); 6998 + phy_data |= I217_MEMPWR_MOEM; 6999 + e1e_wphy(hw, I217_MEMPWR, phy_data); 7000 + 7001 + /* Disable LCD reset */ 7002 + hw->phy.reset_disable = true; 7003 + } 6991 7004 6992 7005 e1000e_flush_lpic(pdev); 6993 7006 ··· 7023 7010 struct net_device *netdev = pci_get_drvdata(to_pci_dev(dev)); 7024 7011 struct e1000_adapter *adapter = netdev_priv(netdev); 7025 7012 struct pci_dev *pdev = to_pci_dev(dev); 7013 + struct e1000_hw *hw = &adapter->hw; 7014 + u16 phy_data; 7026 7015 int rc; 7027 7016 7028 7017 /* Introduce S0ix implementation */ ··· 7034 7019 rc = __e1000_resume(pdev); 7035 7020 if (rc) 7036 7021 return rc; 7022 + 7023 + if (er32(FWSM) & E1000_ICH_FWSM_FW_VALID && 7024 + hw->mac.type >= e1000_pch_adp) { 7025 + /* Unmask OEM Bits / Gig Disable / Restart AN 772_26[12] = 0 */ 7026 + e1e_rphy(hw, I217_MEMPWR, &phy_data); 7027 + phy_data &= ~I217_MEMPWR_MOEM; 7028 + e1e_wphy(hw, I217_MEMPWR, phy_data); 7029 + 7030 + /* Enable LCD reset */ 7031 + hw->phy.reset_disable = false; 7032 + } 7037 7033 7038 7034 return e1000e_pm_thaw(dev); 7039 7035 }
+5 -1
drivers/net/ethernet/intel/iavf/iavf.h
··· 201 201 __IAVF_RUNNING, /* opened, working */ 202 202 }; 203 203 204 + enum iavf_critical_section_t { 205 + __IAVF_IN_REMOVE_TASK, /* device being removed */ 206 + }; 207 + 204 208 #define IAVF_CLOUD_FIELD_OMAC 0x01 205 209 #define IAVF_CLOUD_FIELD_IMAC 0x02 206 210 #define IAVF_CLOUD_FIELD_IVLAN 0x04 ··· 250 246 struct list_head mac_filter_list; 251 247 struct mutex crit_lock; 252 248 struct mutex client_lock; 253 - struct mutex remove_lock; 254 249 /* Lock to protect accesses to MAC and VLAN lists */ 255 250 spinlock_t mac_vlan_list_lock; 256 251 char misc_vector_name[IFNAMSIZ + 9]; ··· 287 284 #define IAVF_FLAG_LEGACY_RX BIT(15) 288 285 #define IAVF_FLAG_REINIT_ITR_NEEDED BIT(16) 289 286 #define IAVF_FLAG_QUEUES_DISABLED BIT(17) 287 + #define IAVF_FLAG_SETUP_NETDEV_FEATURES BIT(18) 290 288 /* duplicates for common code */ 291 289 #define IAVF_FLAG_DCB_ENABLED 0 292 290 /* flags for admin queue service task */
+108 -51
drivers/net/ethernet/intel/iavf/iavf_main.c
··· 302 302 rd32(hw, IAVF_VFINT_ICR01); 303 303 rd32(hw, IAVF_VFINT_ICR0_ENA1); 304 304 305 - /* schedule work on the private workqueue */ 306 - queue_work(iavf_wq, &adapter->adminq_task); 305 + if (adapter->state != __IAVF_REMOVE) 306 + /* schedule work on the private workqueue */ 307 + queue_work(iavf_wq, &adapter->adminq_task); 307 308 308 309 return IRQ_HANDLED; 309 310 } ··· 1137 1136 rss->state = IAVF_ADV_RSS_DEL_REQUEST; 1138 1137 spin_unlock_bh(&adapter->adv_rss_lock); 1139 1138 1140 - if (!(adapter->flags & IAVF_FLAG_PF_COMMS_FAILED) && 1141 - adapter->state != __IAVF_RESETTING) { 1139 + if (!(adapter->flags & IAVF_FLAG_PF_COMMS_FAILED)) { 1142 1140 /* cancel any current operation */ 1143 1141 adapter->current_op = VIRTCHNL_OP_UNKNOWN; 1144 1142 /* Schedule operations to close down the HW. Don't wait ··· 2374 2374 struct iavf_hw *hw = &adapter->hw; 2375 2375 u32 reg_val; 2376 2376 2377 - if (!mutex_trylock(&adapter->crit_lock)) 2377 + if (!mutex_trylock(&adapter->crit_lock)) { 2378 + if (adapter->state == __IAVF_REMOVE) 2379 + return; 2380 + 2378 2381 goto restart_watchdog; 2382 + } 2379 2383 2380 2384 if (adapter->flags & IAVF_FLAG_PF_COMMS_FAILED) 2381 2385 iavf_change_state(adapter, __IAVF_COMM_FAILED); 2382 2386 2383 - if (adapter->flags & IAVF_FLAG_RESET_NEEDED && 2384 - adapter->state != __IAVF_RESETTING) { 2385 - iavf_change_state(adapter, __IAVF_RESETTING); 2387 + if (adapter->flags & IAVF_FLAG_RESET_NEEDED) { 2386 2388 adapter->aq_required = 0; 2387 2389 adapter->current_op = VIRTCHNL_OP_UNKNOWN; 2390 + mutex_unlock(&adapter->crit_lock); 2391 + queue_work(iavf_wq, &adapter->reset_task); 2392 + return; 2388 2393 } 2389 2394 2390 2395 switch (adapter->state) { ··· 2424 2419 msecs_to_jiffies(1)); 2425 2420 return; 2426 2421 case __IAVF_INIT_FAILED: 2422 + if (test_bit(__IAVF_IN_REMOVE_TASK, 2423 + &adapter->crit_section)) { 2424 + /* Do not update the state and do not reschedule 2425 + * watchdog task, iavf_remove should handle this state 2426 + * as it can loop forever 2427 + */ 2428 + mutex_unlock(&adapter->crit_lock); 2429 + return; 2430 + } 2427 2431 if (++adapter->aq_wait_count > IAVF_AQ_MAX_ERR) { 2428 2432 dev_err(&adapter->pdev->dev, 2429 2433 "Failed to communicate with PF; waiting before retry\n"); ··· 2449 2435 queue_delayed_work(iavf_wq, &adapter->watchdog_task, HZ); 2450 2436 return; 2451 2437 case __IAVF_COMM_FAILED: 2438 + if (test_bit(__IAVF_IN_REMOVE_TASK, 2439 + &adapter->crit_section)) { 2440 + /* Set state to __IAVF_INIT_FAILED and perform remove 2441 + * steps. Remove IAVF_FLAG_PF_COMMS_FAILED so the task 2442 + * doesn't bring the state back to __IAVF_COMM_FAILED. 2443 + */ 2444 + iavf_change_state(adapter, __IAVF_INIT_FAILED); 2445 + adapter->flags &= ~IAVF_FLAG_PF_COMMS_FAILED; 2446 + mutex_unlock(&adapter->crit_lock); 2447 + return; 2448 + } 2452 2449 reg_val = rd32(hw, IAVF_VFGEN_RSTAT) & 2453 2450 IAVF_VFGEN_RSTAT_VFR_STATE_MASK; 2454 2451 if (reg_val == VIRTCHNL_VFR_VFACTIVE || ··· 2532 2507 schedule_delayed_work(&adapter->client_task, msecs_to_jiffies(5)); 2533 2508 mutex_unlock(&adapter->crit_lock); 2534 2509 restart_watchdog: 2535 - queue_work(iavf_wq, &adapter->adminq_task); 2510 + if (adapter->state >= __IAVF_DOWN) 2511 + queue_work(iavf_wq, &adapter->adminq_task); 2536 2512 if (adapter->aq_required) 2537 2513 queue_delayed_work(iavf_wq, &adapter->watchdog_task, 2538 2514 msecs_to_jiffies(20)); ··· 2627 2601 /* When device is being removed it doesn't make sense to run the reset 2628 2602 * task, just return in such a case. 2629 2603 */ 2630 - if (mutex_is_locked(&adapter->remove_lock)) 2631 - return; 2604 + if (!mutex_trylock(&adapter->crit_lock)) { 2605 + if (adapter->state != __IAVF_REMOVE) 2606 + queue_work(iavf_wq, &adapter->reset_task); 2632 2607 2633 - if (iavf_lock_timeout(&adapter->crit_lock, 200)) { 2634 - schedule_work(&adapter->reset_task); 2635 2608 return; 2636 2609 } 2610 + 2637 2611 while (!mutex_trylock(&adapter->client_lock)) 2638 2612 usleep_range(500, 1000); 2639 2613 if (CLIENT_ENABLED(adapter)) { ··· 2688 2662 reg_val); 2689 2663 iavf_disable_vf(adapter); 2690 2664 mutex_unlock(&adapter->client_lock); 2665 + mutex_unlock(&adapter->crit_lock); 2691 2666 return; /* Do not attempt to reinit. It's dead, Jim. */ 2692 2667 } 2693 2668 ··· 2697 2670 * ndo_open() returning, so we can't assume it means all our open 2698 2671 * tasks have finished, since we're not holding the rtnl_lock here. 2699 2672 */ 2700 - running = ((adapter->state == __IAVF_RUNNING) || 2701 - (adapter->state == __IAVF_RESETTING)); 2673 + running = adapter->state == __IAVF_RUNNING; 2702 2674 2703 2675 if (running) { 2704 2676 netdev->flags &= ~IFF_UP; ··· 2852 2826 if (adapter->flags & IAVF_FLAG_PF_COMMS_FAILED) 2853 2827 goto out; 2854 2828 2829 + if (!mutex_trylock(&adapter->crit_lock)) { 2830 + if (adapter->state == __IAVF_REMOVE) 2831 + return; 2832 + 2833 + queue_work(iavf_wq, &adapter->adminq_task); 2834 + goto out; 2835 + } 2836 + 2855 2837 event.buf_len = IAVF_MAX_AQ_BUF_SIZE; 2856 2838 event.msg_buf = kzalloc(event.buf_len, GFP_KERNEL); 2857 2839 if (!event.msg_buf) 2858 2840 goto out; 2859 2841 2860 - if (iavf_lock_timeout(&adapter->crit_lock, 200)) 2861 - goto freedom; 2862 2842 do { 2863 2843 ret = iavf_clean_arq_element(hw, &event, &pending); 2864 2844 v_op = (enum virtchnl_ops)le32_to_cpu(event.desc.cookie_high); ··· 2880 2848 } while (pending); 2881 2849 mutex_unlock(&adapter->crit_lock); 2882 2850 2851 + if ((adapter->flags & IAVF_FLAG_SETUP_NETDEV_FEATURES)) { 2852 + if (adapter->netdev_registered || 2853 + !test_bit(__IAVF_IN_REMOVE_TASK, &adapter->crit_section)) { 2854 + struct net_device *netdev = adapter->netdev; 2855 + 2856 + rtnl_lock(); 2857 + netdev_update_features(netdev); 2858 + rtnl_unlock(); 2859 + /* Request VLAN offload settings */ 2860 + if (VLAN_V2_ALLOWED(adapter)) 2861 + iavf_set_vlan_offload_features 2862 + (adapter, 0, netdev->features); 2863 + 2864 + iavf_set_queue_vlan_tag_loc(adapter); 2865 + } 2866 + 2867 + adapter->flags &= ~IAVF_FLAG_SETUP_NETDEV_FEATURES; 2868 + } 2883 2869 if ((adapter->flags & 2884 2870 (IAVF_FLAG_RESET_PENDING | IAVF_FLAG_RESET_NEEDED)) || 2885 2871 adapter->state == __IAVF_RESETTING) ··· 3850 3800 struct iavf_adapter *adapter = netdev_priv(netdev); 3851 3801 int status; 3852 3802 3853 - if (adapter->state <= __IAVF_DOWN_PENDING) 3854 - return 0; 3803 + mutex_lock(&adapter->crit_lock); 3855 3804 3856 - while (!mutex_trylock(&adapter->crit_lock)) 3857 - usleep_range(500, 1000); 3805 + if (adapter->state <= __IAVF_DOWN_PENDING) { 3806 + mutex_unlock(&adapter->crit_lock); 3807 + return 0; 3808 + } 3858 3809 3859 3810 set_bit(__IAVF_VSI_DOWN, adapter->vsi.state); 3860 3811 if (CLIENT_ENABLED(adapter)) ··· 3904 3853 iavf_notify_client_l2_params(&adapter->vsi); 3905 3854 adapter->flags |= IAVF_FLAG_SERVICE_CLIENT_REQUESTED; 3906 3855 } 3907 - adapter->flags |= IAVF_FLAG_RESET_NEEDED; 3908 - queue_work(iavf_wq, &adapter->reset_task); 3856 + 3857 + if (netif_running(netdev)) { 3858 + adapter->flags |= IAVF_FLAG_RESET_NEEDED; 3859 + queue_work(iavf_wq, &adapter->reset_task); 3860 + } 3909 3861 3910 3862 return 0; 3911 3863 } ··· 4485 4431 */ 4486 4432 mutex_init(&adapter->crit_lock); 4487 4433 mutex_init(&adapter->client_lock); 4488 - mutex_init(&adapter->remove_lock); 4489 4434 mutex_init(&hw->aq.asq_mutex); 4490 4435 mutex_init(&hw->aq.arq_mutex); 4491 4436 ··· 4600 4547 static void iavf_remove(struct pci_dev *pdev) 4601 4548 { 4602 4549 struct iavf_adapter *adapter = iavf_pdev_to_adapter(pdev); 4603 - enum iavf_state_t prev_state = adapter->last_state; 4604 4550 struct net_device *netdev = adapter->netdev; 4605 4551 struct iavf_fdir_fltr *fdir, *fdirtmp; 4606 4552 struct iavf_vlan_filter *vlf, *vlftmp; ··· 4608 4556 struct iavf_cloud_filter *cf, *cftmp; 4609 4557 struct iavf_hw *hw = &adapter->hw; 4610 4558 int err; 4611 - /* Indicate we are in remove and not to run reset_task */ 4612 - mutex_lock(&adapter->remove_lock); 4613 - cancel_work_sync(&adapter->reset_task); 4559 + 4560 + set_bit(__IAVF_IN_REMOVE_TASK, &adapter->crit_section); 4561 + /* Wait until port initialization is complete. 4562 + * There are flows where register/unregister netdev may race. 4563 + */ 4564 + while (1) { 4565 + mutex_lock(&adapter->crit_lock); 4566 + if (adapter->state == __IAVF_RUNNING || 4567 + adapter->state == __IAVF_DOWN || 4568 + adapter->state == __IAVF_INIT_FAILED) { 4569 + mutex_unlock(&adapter->crit_lock); 4570 + break; 4571 + } 4572 + 4573 + mutex_unlock(&adapter->crit_lock); 4574 + usleep_range(500, 1000); 4575 + } 4614 4576 cancel_delayed_work_sync(&adapter->watchdog_task); 4615 - cancel_delayed_work_sync(&adapter->client_task); 4577 + 4616 4578 if (adapter->netdev_registered) { 4617 - unregister_netdev(netdev); 4579 + rtnl_lock(); 4580 + unregister_netdevice(netdev); 4618 4581 adapter->netdev_registered = false; 4582 + rtnl_unlock(); 4619 4583 } 4620 4584 if (CLIENT_ALLOWED(adapter)) { 4621 4585 err = iavf_lan_del_device(adapter); ··· 4640 4572 err); 4641 4573 } 4642 4574 4575 + mutex_lock(&adapter->crit_lock); 4576 + dev_info(&adapter->pdev->dev, "Remove device\n"); 4577 + iavf_change_state(adapter, __IAVF_REMOVE); 4578 + 4643 4579 iavf_request_reset(adapter); 4644 4580 msleep(50); 4645 4581 /* If the FW isn't responding, kick it once, but only once. */ ··· 4651 4579 iavf_request_reset(adapter); 4652 4580 msleep(50); 4653 4581 } 4654 - if (iavf_lock_timeout(&adapter->crit_lock, 5000)) 4655 - dev_warn(&adapter->pdev->dev, "failed to acquire crit_lock in %s\n", __FUNCTION__); 4656 4582 4657 - dev_info(&adapter->pdev->dev, "Removing device\n"); 4583 + iavf_misc_irq_disable(adapter); 4658 4584 /* Shut down all the garbage mashers on the detention level */ 4659 - iavf_change_state(adapter, __IAVF_REMOVE); 4585 + cancel_work_sync(&adapter->reset_task); 4586 + cancel_delayed_work_sync(&adapter->watchdog_task); 4587 + cancel_work_sync(&adapter->adminq_task); 4588 + cancel_delayed_work_sync(&adapter->client_task); 4589 + 4660 4590 adapter->aq_required = 0; 4661 4591 adapter->flags &= ~IAVF_FLAG_REINIT_ITR_NEEDED; 4662 4592 4663 4593 iavf_free_all_tx_resources(adapter); 4664 4594 iavf_free_all_rx_resources(adapter); 4665 - iavf_misc_irq_disable(adapter); 4666 4595 iavf_free_misc_irq(adapter); 4667 - 4668 - /* In case we enter iavf_remove from erroneous state, free traffic irqs 4669 - * here, so as to not cause a kernel crash, when calling 4670 - * iavf_reset_interrupt_capability. 4671 - */ 4672 - if ((adapter->last_state == __IAVF_RESETTING && 4673 - prev_state != __IAVF_DOWN) || 4674 - (adapter->last_state == __IAVF_RUNNING && 4675 - !(netdev->flags & IFF_UP))) 4676 - iavf_free_traffic_irqs(adapter); 4677 4596 4678 4597 iavf_reset_interrupt_capability(adapter); 4679 4598 iavf_free_q_vectors(adapter); 4680 - 4681 - cancel_delayed_work_sync(&adapter->watchdog_task); 4682 - 4683 - cancel_work_sync(&adapter->adminq_task); 4684 4599 4685 4600 iavf_free_rss(adapter); 4686 4601 ··· 4680 4621 mutex_destroy(&adapter->client_lock); 4681 4622 mutex_unlock(&adapter->crit_lock); 4682 4623 mutex_destroy(&adapter->crit_lock); 4683 - mutex_unlock(&adapter->remove_lock); 4684 - mutex_destroy(&adapter->remove_lock); 4685 4624 4686 4625 iounmap(hw->hw_addr); 4687 4626 pci_release_regions(pdev);
+1 -23
drivers/net/ethernet/intel/iavf/iavf_virtchnl.c
··· 2146 2146 sizeof(adapter->vlan_v2_caps))); 2147 2147 2148 2148 iavf_process_config(adapter); 2149 - 2150 - /* unlock crit_lock before acquiring rtnl_lock as other 2151 - * processes holding rtnl_lock could be waiting for the same 2152 - * crit_lock 2153 - */ 2154 - mutex_unlock(&adapter->crit_lock); 2155 - /* VLAN capabilities can change during VFR, so make sure to 2156 - * update the netdev features with the new capabilities 2157 - */ 2158 - rtnl_lock(); 2159 - netdev_update_features(netdev); 2160 - rtnl_unlock(); 2161 - if (iavf_lock_timeout(&adapter->crit_lock, 10000)) 2162 - dev_warn(&adapter->pdev->dev, "failed to acquire crit_lock in %s\n", 2163 - __FUNCTION__); 2164 - 2165 - /* Request VLAN offload settings */ 2166 - if (VLAN_V2_ALLOWED(adapter)) 2167 - iavf_set_vlan_offload_features(adapter, 0, 2168 - netdev->features); 2169 - 2170 - iavf_set_queue_vlan_tag_loc(adapter); 2171 - 2149 + adapter->flags |= IAVF_FLAG_SETUP_NETDEV_FEATURES; 2172 2150 } 2173 2151 break; 2174 2152 case VIRTCHNL_OP_ENABLE_QUEUES:
-4
drivers/net/ethernet/intel/igc/igc_phy.c
··· 746 746 if (ret_val) 747 747 return ret_val; 748 748 ret_val = igc_write_phy_reg_mdic(hw, offset, data); 749 - if (ret_val) 750 - return ret_val; 751 749 hw->phy.ops.release(hw); 752 750 } else { 753 751 ret_val = igc_write_xmdio_reg(hw, (u16)offset, dev_addr, ··· 777 779 if (ret_val) 778 780 return ret_val; 779 781 ret_val = igc_read_phy_reg_mdic(hw, offset, data); 780 - if (ret_val) 781 - return ret_val; 782 782 hw->phy.ops.release(hw); 783 783 } else { 784 784 ret_val = igc_read_xmdio_reg(hw, (u16)offset, dev_addr,
+4 -2
drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c
··· 390 390 u32 cmd_type; 391 391 392 392 while (budget-- > 0) { 393 - if (unlikely(!ixgbe_desc_unused(xdp_ring)) || 394 - !netif_carrier_ok(xdp_ring->netdev)) { 393 + if (unlikely(!ixgbe_desc_unused(xdp_ring))) { 395 394 work_done = false; 396 395 break; 397 396 } 397 + 398 + if (!netif_carrier_ok(xdp_ring->netdev)) 399 + break; 398 400 399 401 if (!xsk_tx_peek_desc(pool, &desc)) 400 402 break;
+2
drivers/net/ethernet/microchip/sparx5/sparx5_main.h
··· 16 16 #include <linux/phylink.h> 17 17 #include <linux/hrtimer.h> 18 18 19 + #include "sparx5_main_regs.h" 20 + 19 21 /* Target chip type */ 20 22 enum spx5_target_chiptype { 21 23 SPX5_TARGET_CT_7546 = 0x7546, /* SparX-5-64 Enterprise */
+10 -10
drivers/net/ethernet/microchip/sparx5/sparx5_vlan.c
··· 58 58 struct sparx5 *sparx5 = port->sparx5; 59 59 int ret; 60 60 61 - /* Make the port a member of the VLAN */ 62 - set_bit(port->portno, sparx5->vlan_mask[vid]); 63 - ret = sparx5_vlant_set_mask(sparx5, vid); 64 - if (ret) 65 - return ret; 66 - 67 - /* Default ingress vlan classification */ 68 - if (pvid) 69 - port->pvid = vid; 70 - 71 61 /* Untagged egress vlan classification */ 72 62 if (untagged && port->vid != vid) { 73 63 if (port->vid) { ··· 68 78 } 69 79 port->vid = vid; 70 80 } 81 + 82 + /* Make the port a member of the VLAN */ 83 + set_bit(port->portno, sparx5->vlan_mask[vid]); 84 + ret = sparx5_vlant_set_mask(sparx5, vid); 85 + if (ret) 86 + return ret; 87 + 88 + /* Default ingress vlan classification */ 89 + if (pvid) 90 + port->pvid = vid; 71 91 72 92 sparx5_vlan_port_apply(sparx5, port); 73 93
+3 -3
drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c
··· 2285 2285 char *opt; 2286 2286 2287 2287 if (!str || !*str) 2288 - return -EINVAL; 2288 + return 1; 2289 2289 while ((opt = strsep(&str, ",")) != NULL) { 2290 2290 if (!strncmp(opt, "eee_timer:", 10)) { 2291 2291 if (kstrtoint(opt + 10, 0, &eee_timer)) 2292 2292 goto err; 2293 2293 } 2294 2294 } 2295 - return 0; 2295 + return 1; 2296 2296 2297 2297 err: 2298 2298 pr_err("%s: ERROR broken module parameter conversion\n", __func__); 2299 - return -EINVAL; 2299 + return 1; 2300 2300 } 2301 2301 2302 2302 __setup("sxgbeeth=", sxgbe_cmdline_opt);
+1 -1
drivers/net/ethernet/sfc/mcdi.c
··· 163 163 /* Serialise with efx_mcdi_ev_cpl() and efx_mcdi_ev_death() */ 164 164 spin_lock_bh(&mcdi->iface_lock); 165 165 ++mcdi->seqno; 166 + seqno = mcdi->seqno & SEQ_MASK; 166 167 spin_unlock_bh(&mcdi->iface_lock); 167 168 168 - seqno = mcdi->seqno & SEQ_MASK; 169 169 xflags = 0; 170 170 if (mcdi->mode == MCDI_MODE_EVENTS) 171 171 xflags |= MCDI_HEADER_XFLAGS_EVREQ;
+29 -5
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
··· 2262 2262 stmmac_stop_tx(priv, priv->ioaddr, chan); 2263 2263 } 2264 2264 2265 + static void stmmac_enable_all_dma_irq(struct stmmac_priv *priv) 2266 + { 2267 + u32 rx_channels_count = priv->plat->rx_queues_to_use; 2268 + u32 tx_channels_count = priv->plat->tx_queues_to_use; 2269 + u32 dma_csr_ch = max(rx_channels_count, tx_channels_count); 2270 + u32 chan; 2271 + 2272 + for (chan = 0; chan < dma_csr_ch; chan++) { 2273 + struct stmmac_channel *ch = &priv->channel[chan]; 2274 + unsigned long flags; 2275 + 2276 + spin_lock_irqsave(&ch->lock, flags); 2277 + stmmac_enable_dma_irq(priv, priv->ioaddr, chan, 1, 1); 2278 + spin_unlock_irqrestore(&ch->lock, flags); 2279 + } 2280 + } 2281 + 2265 2282 /** 2266 2283 * stmmac_start_all_dma - start all RX and TX DMA channels 2267 2284 * @priv: driver private structure ··· 2921 2904 stmmac_axi(priv, priv->ioaddr, priv->plat->axi); 2922 2905 2923 2906 /* DMA CSR Channel configuration */ 2924 - for (chan = 0; chan < dma_csr_ch; chan++) 2907 + for (chan = 0; chan < dma_csr_ch; chan++) { 2925 2908 stmmac_init_chan(priv, priv->ioaddr, priv->plat->dma_cfg, chan); 2909 + stmmac_disable_dma_irq(priv, priv->ioaddr, chan, 1, 1); 2910 + } 2926 2911 2927 2912 /* DMA RX Channel Configuration */ 2928 2913 for (chan = 0; chan < rx_channels_count; chan++) { ··· 3780 3761 3781 3762 stmmac_enable_all_queues(priv); 3782 3763 netif_tx_start_all_queues(priv->dev); 3764 + stmmac_enable_all_dma_irq(priv); 3783 3765 3784 3766 return 0; 3785 3767 ··· 6530 6510 } 6531 6511 6532 6512 /* DMA CSR Channel configuration */ 6533 - for (chan = 0; chan < dma_csr_ch; chan++) 6513 + for (chan = 0; chan < dma_csr_ch; chan++) { 6534 6514 stmmac_init_chan(priv, priv->ioaddr, priv->plat->dma_cfg, chan); 6515 + stmmac_disable_dma_irq(priv, priv->ioaddr, chan, 1, 1); 6516 + } 6535 6517 6536 6518 /* Adjust Split header */ 6537 6519 sph_en = (priv->hw->rx_csum > 0) && priv->sph; ··· 6594 6572 stmmac_enable_all_queues(priv); 6595 6573 netif_carrier_on(dev); 6596 6574 netif_tx_start_all_queues(dev); 6575 + stmmac_enable_all_dma_irq(priv); 6597 6576 6598 6577 return 0; 6599 6578 ··· 7474 7451 stmmac_restore_hw_vlan_rx_fltr(priv, ndev, priv->hw); 7475 7452 7476 7453 stmmac_enable_all_queues(priv); 7454 + stmmac_enable_all_dma_irq(priv); 7477 7455 7478 7456 mutex_unlock(&priv->lock); 7479 7457 rtnl_unlock(); ··· 7491 7467 char *opt; 7492 7468 7493 7469 if (!str || !*str) 7494 - return -EINVAL; 7470 + return 1; 7495 7471 while ((opt = strsep(&str, ",")) != NULL) { 7496 7472 if (!strncmp(opt, "debug:", 6)) { 7497 7473 if (kstrtoint(opt + 6, 0, &debug)) ··· 7522 7498 goto err; 7523 7499 } 7524 7500 } 7525 - return 0; 7501 + return 1; 7526 7502 7527 7503 err: 7528 7504 pr_err("%s: ERROR broken module parameter conversion", __func__); 7529 - return -EINVAL; 7505 + return 1; 7530 7506 } 7531 7507 7532 7508 __setup("stmmaceth=", stmmac_cmdline_opt);
+2
drivers/net/ipa/Kconfig
··· 2 2 tristate "Qualcomm IPA support" 3 3 depends on NET && QCOM_SMEM 4 4 depends on ARCH_QCOM || COMPILE_TEST 5 + depends on INTERCONNECT 5 6 depends on QCOM_RPROC_COMMON || (QCOM_RPROC_COMMON=n && COMPILE_TEST) 7 + depends on QCOM_AOSS_QMP || QCOM_AOSS_QMP=n 6 8 select QCOM_MDT_LOADER if ARCH_QCOM 7 9 select QCOM_SCM 8 10 select QCOM_QMI_HELPERS
+1
drivers/net/wireless/intel/Makefile
··· 5 5 obj-$(CONFIG_IWLEGACY) += iwlegacy/ 6 6 7 7 obj-$(CONFIG_IWLWIFI) += iwlwifi/ 8 + obj-$(CONFIG_IWLMEI) += iwlwifi/
+1 -2
drivers/net/wireless/intel/iwlwifi/iwl-nvm-parse.c
··· 553 553 .has_he = true, 554 554 .he_cap_elem = { 555 555 .mac_cap_info[0] = 556 - IEEE80211_HE_MAC_CAP0_HTC_HE | 557 - IEEE80211_HE_MAC_CAP0_TWT_REQ, 556 + IEEE80211_HE_MAC_CAP0_HTC_HE, 558 557 .mac_cap_info[1] = 559 558 IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_16US | 560 559 IEEE80211_HE_MAC_CAP1_MULTI_TID_AGG_RX_QOS_8,
+8 -3
drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c
··· 5 5 * Copyright (C) 2016-2017 Intel Deutschland GmbH 6 6 */ 7 7 #include <linux/vmalloc.h> 8 + #include <linux/err.h> 8 9 #include <linux/ieee80211.h> 9 10 #include <linux/netdevice.h> 10 11 ··· 1858 1857 void iwl_mvm_dbgfs_register(struct iwl_mvm *mvm) 1859 1858 { 1860 1859 struct dentry *bcast_dir __maybe_unused; 1861 - char buf[100]; 1862 1860 1863 1861 spin_lock_init(&mvm->drv_stats_lock); 1864 1862 ··· 1939 1939 * Create a symlink with mac80211. It will be removed when mac80211 1940 1940 * exists (before the opmode exists which removes the target.) 1941 1941 */ 1942 - snprintf(buf, 100, "../../%pd2", mvm->debugfs_dir->d_parent); 1943 - debugfs_create_symlink("iwlwifi", mvm->hw->wiphy->debugfsdir, buf); 1942 + if (!IS_ERR(mvm->debugfs_dir)) { 1943 + char buf[100]; 1944 + 1945 + snprintf(buf, 100, "../../%pd2", mvm->debugfs_dir->d_parent); 1946 + debugfs_create_symlink("iwlwifi", mvm->hw->wiphy->debugfsdir, 1947 + buf); 1948 + } 1944 1949 }
-1
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
··· 226 226 [0] = WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING, 227 227 [2] = WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT, 228 228 [7] = WLAN_EXT_CAPA8_OPMODE_NOTIF, 229 - [9] = WLAN_EXT_CAPA10_TWT_REQUESTER_SUPPORT, 230 229 }; 231 230 232 231 static const struct wiphy_iftype_ext_capab he_iftypes_ext_capa[] = {
+3 -2
drivers/net/wireless/intel/iwlwifi/mvm/vendor-cmd.c
··· 71 71 { 72 72 struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy); 73 73 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw); 74 + int ret; 74 75 75 76 mutex_lock(&mvm->mutex); 76 - iwl_mvm_mei_get_ownership(mvm); 77 + ret = iwl_mvm_mei_get_ownership(mvm); 77 78 mutex_unlock(&mvm->mutex); 78 79 79 - return 0; 80 + return ret; 80 81 } 81 82 82 83 static const struct wiphy_vendor_command iwl_mvm_vendor_commands[] = {
+23 -16
drivers/net/xen-netfront.c
··· 842 842 return 0; 843 843 } 844 844 845 + static void xennet_destroy_queues(struct netfront_info *info) 846 + { 847 + unsigned int i; 848 + 849 + for (i = 0; i < info->netdev->real_num_tx_queues; i++) { 850 + struct netfront_queue *queue = &info->queues[i]; 851 + 852 + if (netif_running(info->netdev)) 853 + napi_disable(&queue->napi); 854 + netif_napi_del(&queue->napi); 855 + } 856 + 857 + kfree(info->queues); 858 + info->queues = NULL; 859 + } 860 + 861 + static void xennet_uninit(struct net_device *dev) 862 + { 863 + struct netfront_info *np = netdev_priv(dev); 864 + xennet_destroy_queues(np); 865 + } 866 + 845 867 static void xennet_set_rx_rsp_cons(struct netfront_queue *queue, RING_IDX val) 846 868 { 847 869 unsigned long flags; ··· 1633 1611 } 1634 1612 1635 1613 static const struct net_device_ops xennet_netdev_ops = { 1614 + .ndo_uninit = xennet_uninit, 1636 1615 .ndo_open = xennet_open, 1637 1616 .ndo_stop = xennet_close, 1638 1617 .ndo_start_xmit = xennet_start_xmit, ··· 2124 2101 kfree(path); 2125 2102 xenbus_dev_fatal(dev, err, "%s", message); 2126 2103 return err; 2127 - } 2128 - 2129 - static void xennet_destroy_queues(struct netfront_info *info) 2130 - { 2131 - unsigned int i; 2132 - 2133 - for (i = 0; i < info->netdev->real_num_tx_queues; i++) { 2134 - struct netfront_queue *queue = &info->queues[i]; 2135 - 2136 - if (netif_running(info->netdev)) 2137 - napi_disable(&queue->napi); 2138 - netif_napi_del(&queue->napi); 2139 - } 2140 - 2141 - kfree(info->queues); 2142 - info->queues = NULL; 2143 2104 } 2144 2105 2145 2106
+23 -2
drivers/ptp/ptp_ocp.c
··· 607 607 } 608 608 609 609 static void 610 - __ptp_ocp_adjtime_locked(struct ptp_ocp *bp, u64 adj_val) 610 + __ptp_ocp_adjtime_locked(struct ptp_ocp *bp, u32 adj_val) 611 611 { 612 612 u32 select, ctrl; 613 613 ··· 615 615 iowrite32(OCP_SELECT_CLK_REG, &bp->reg->select); 616 616 617 617 iowrite32(adj_val, &bp->reg->offset_ns); 618 - iowrite32(adj_val & 0x7f, &bp->reg->offset_window_ns); 618 + iowrite32(NSEC_PER_SEC, &bp->reg->offset_window_ns); 619 619 620 620 ctrl = OCP_CTRL_ADJUST_OFFSET | OCP_CTRL_ENABLE; 621 621 iowrite32(ctrl, &bp->reg->ctrl); ··· 624 624 iowrite32(select >> 16, &bp->reg->select); 625 625 } 626 626 627 + static void 628 + ptp_ocp_adjtime_coarse(struct ptp_ocp *bp, u64 delta_ns) 629 + { 630 + struct timespec64 ts; 631 + unsigned long flags; 632 + int err; 633 + 634 + spin_lock_irqsave(&bp->lock, flags); 635 + err = __ptp_ocp_gettime_locked(bp, &ts, NULL); 636 + if (likely(!err)) { 637 + timespec64_add_ns(&ts, delta_ns); 638 + __ptp_ocp_settime_locked(bp, &ts); 639 + } 640 + spin_unlock_irqrestore(&bp->lock, flags); 641 + } 642 + 627 643 static int 628 644 ptp_ocp_adjtime(struct ptp_clock_info *ptp_info, s64 delta_ns) 629 645 { 630 646 struct ptp_ocp *bp = container_of(ptp_info, struct ptp_ocp, ptp_info); 631 647 unsigned long flags; 632 648 u32 adj_ns, sign; 649 + 650 + if (delta_ns > NSEC_PER_SEC || -delta_ns > NSEC_PER_SEC) { 651 + ptp_ocp_adjtime_coarse(bp, delta_ns); 652 + return 0; 653 + } 633 654 634 655 sign = delta_ns < 0 ? BIT(31) : 0; 635 656 adj_ns = sign ? -delta_ns : delta_ns;
+4
include/linux/netfilter_netdev.h
··· 101 101 nf_hook_state_init(&state, NF_NETDEV_EGRESS, 102 102 NFPROTO_NETDEV, dev, NULL, NULL, 103 103 dev_net(dev), NULL); 104 + 105 + /* nf assumes rcu_read_lock, not just read_lock_bh */ 106 + rcu_read_lock(); 104 107 ret = nf_hook_slow(skb, &state, e, 0); 108 + rcu_read_unlock(); 105 109 106 110 if (ret == 1) { 107 111 return skb;
+5
include/linux/rfkill.h
··· 308 308 return false; 309 309 } 310 310 311 + static inline bool rfkill_soft_blocked(struct rfkill *rfkill) 312 + { 313 + return false; 314 + } 315 + 311 316 static inline enum rfkill_type rfkill_find_type(const char *name) 312 317 { 313 318 return RFKILL_TYPE_ALL;
+1 -2
include/net/bluetooth/bluetooth.h
··· 506 506 507 507 tmp = bt_skb_sendmsg(sk, msg, len, mtu, headroom, tailroom); 508 508 if (IS_ERR(tmp)) { 509 - kfree_skb(skb); 510 - return tmp; 509 + return skb; 511 510 } 512 511 513 512 len -= tmp->len;
+8
include/net/bluetooth/hci_core.h
··· 1489 1489 /* Extended advertising support */ 1490 1490 #define ext_adv_capable(dev) (((dev)->le_features[1] & HCI_LE_EXT_ADV)) 1491 1491 1492 + /* BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E page 1789: 1493 + * 1494 + * C24: Mandatory if the LE Controller supports Connection State and either 1495 + * LE Feature (LL Privacy) or LE Feature (Extended Advertising) is supported 1496 + */ 1497 + #define use_enhanced_conn_complete(dev) (ll_privacy_capable(dev) || \ 1498 + ext_adv_capable(dev)) 1499 + 1492 1500 /* ----- HCI protocols ----- */ 1493 1501 #define HCI_PROTO_DEFER 0x01 1494 1502
+2 -2
include/net/ndisc.h
··· 475 475 void igmp6_cleanup(void); 476 476 void igmp6_late_cleanup(void); 477 477 478 - int igmp6_event_query(struct sk_buff *skb); 478 + void igmp6_event_query(struct sk_buff *skb); 479 479 480 - int igmp6_event_report(struct sk_buff *skb); 480 + void igmp6_event_report(struct sk_buff *skb); 481 481 482 482 483 483 #ifdef CONFIG_SYSCTL
+5 -1
include/net/netfilter/nf_flow_table.h
··· 96 96 FLOW_OFFLOAD_XMIT_NEIGH, 97 97 FLOW_OFFLOAD_XMIT_XFRM, 98 98 FLOW_OFFLOAD_XMIT_DIRECT, 99 + FLOW_OFFLOAD_XMIT_TC, 99 100 }; 100 101 101 102 #define NF_FLOW_TABLE_ENCAP_MAX 2 ··· 128 127 struct { } __hash; 129 128 130 129 u8 dir:2, 131 - xmit_type:2, 130 + xmit_type:3, 132 131 encap_num:2, 133 132 in_vlan_ingress:2; 134 133 u16 mtu; ··· 143 142 u8 h_source[ETH_ALEN]; 144 143 u8 h_dest[ETH_ALEN]; 145 144 } out; 145 + struct { 146 + u32 iifidx; 147 + } tc; 146 148 }; 147 149 }; 148 150
+1 -1
include/net/netfilter/nf_queue.h
··· 37 37 void nf_unregister_queue_handler(void); 38 38 void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); 39 39 40 - void nf_queue_entry_get_refs(struct nf_queue_entry *entry); 40 + bool nf_queue_entry_get_refs(struct nf_queue_entry *entry); 41 41 void nf_queue_entry_free(struct nf_queue_entry *entry); 42 42 43 43 static inline void init_hashrandom(u32 *jhash_initval)
+3 -3
include/net/xfrm.h
··· 1568 1568 void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si); 1569 1569 u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq); 1570 1570 int xfrm_init_replay(struct xfrm_state *x); 1571 - u32 __xfrm_state_mtu(struct xfrm_state *x, int mtu); 1572 1571 u32 xfrm_state_mtu(struct xfrm_state *x, int mtu); 1573 1572 int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload); 1574 1573 int xfrm_init_state(struct xfrm_state *x); ··· 1680 1681 const struct xfrm_migrate *m, int num_bundles, 1681 1682 const struct xfrm_kmaddress *k, 1682 1683 const struct xfrm_encap_tmpl *encap); 1683 - struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net); 1684 + struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net, 1685 + u32 if_id); 1684 1686 struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, 1685 1687 struct xfrm_migrate *m, 1686 1688 struct xfrm_encap_tmpl *encap); 1687 1689 int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, 1688 1690 struct xfrm_migrate *m, int num_bundles, 1689 1691 struct xfrm_kmaddress *k, struct net *net, 1690 - struct xfrm_encap_tmpl *encap); 1692 + struct xfrm_encap_tmpl *encap, u32 if_id); 1691 1693 #endif 1692 1694 1693 1695 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
+6
include/uapi/linux/xfrm.h
··· 511 511 int ifindex; 512 512 __u8 flags; 513 513 }; 514 + /* This flag was exposed without any kernel code that supporting it. 515 + * Unfortunately, strongswan has the code that uses sets this flag, 516 + * which makes impossible to reuse this bit. 517 + * 518 + * So leave it here to make sure that it won't be reused by mistake. 519 + */ 514 520 #define XFRM_OFFLOAD_IPV6 1 515 521 #define XFRM_OFFLOAD_INBOUND 2 516 522
+20 -9
net/batman-adv/hard-interface.c
··· 149 149 struct net *net = dev_net(net_dev); 150 150 struct net_device *parent_dev; 151 151 struct net *parent_net; 152 + int iflink; 152 153 bool ret; 153 154 154 155 /* check if this is a batman-adv mesh interface */ 155 156 if (batadv_softif_is_valid(net_dev)) 156 157 return true; 157 158 158 - /* no more parents..stop recursion */ 159 - if (dev_get_iflink(net_dev) == 0 || 160 - dev_get_iflink(net_dev) == net_dev->ifindex) 159 + iflink = dev_get_iflink(net_dev); 160 + if (iflink == 0) 161 161 return false; 162 162 163 163 parent_net = batadv_getlink_net(net_dev, net); 164 164 165 + /* iflink to itself, most likely physical device */ 166 + if (net == parent_net && iflink == net_dev->ifindex) 167 + return false; 168 + 165 169 /* recurse over the parent device */ 166 - parent_dev = __dev_get_by_index((struct net *)parent_net, 167 - dev_get_iflink(net_dev)); 170 + parent_dev = __dev_get_by_index((struct net *)parent_net, iflink); 168 171 /* if we got a NULL parent_dev there is something broken.. */ 169 172 if (!parent_dev) { 170 173 pr_err("Cannot find parent device\n"); ··· 217 214 struct net_device *real_netdev = NULL; 218 215 struct net *real_net; 219 216 struct net *net; 220 - int ifindex; 217 + int iflink; 221 218 222 219 ASSERT_RTNL(); 223 220 224 221 if (!netdev) 225 222 return NULL; 226 223 227 - if (netdev->ifindex == dev_get_iflink(netdev)) { 224 + iflink = dev_get_iflink(netdev); 225 + if (iflink == 0) { 228 226 dev_hold(netdev); 229 227 return netdev; 230 228 } ··· 235 231 goto out; 236 232 237 233 net = dev_net(hard_iface->soft_iface); 238 - ifindex = dev_get_iflink(netdev); 239 234 real_net = batadv_getlink_net(netdev, net); 240 - real_netdev = dev_get_by_index(real_net, ifindex); 235 + 236 + /* iflink to itself, most likely physical device */ 237 + if (net == real_net && netdev->ifindex == iflink) { 238 + real_netdev = netdev; 239 + dev_hold(real_netdev); 240 + goto out; 241 + } 242 + 243 + real_netdev = dev_get_by_index(real_net, iflink); 241 244 242 245 out: 243 246 batadv_hardif_put(hard_iface);
+1
net/bluetooth/hci_core.c
··· 2738 2738 hci_dev_unlock(hdev); 2739 2739 2740 2740 ida_simple_remove(&hci_index_ida, hdev->id); 2741 + kfree_skb(hdev->sent_cmd); 2741 2742 kfree(hdev); 2742 2743 } 2743 2744 EXPORT_SYMBOL(hci_release_dev);
+21 -9
net/bluetooth/hci_sync.c
··· 1841 1841 struct bdaddr_list *b, *t; 1842 1842 u8 num_entries = 0; 1843 1843 bool pend_conn, pend_report; 1844 + u8 filter_policy; 1844 1845 int err; 1845 1846 1846 1847 /* Pause advertising if resolving list can be used as controllers are ··· 1928 1927 err = -EINVAL; 1929 1928 1930 1929 done: 1930 + filter_policy = err ? 0x00 : 0x01; 1931 + 1931 1932 /* Enable address resolution when LL Privacy is enabled. */ 1932 1933 err = hci_le_set_addr_resolution_enable_sync(hdev, 0x01); 1933 1934 if (err) ··· 1940 1937 hci_resume_advertising_sync(hdev); 1941 1938 1942 1939 /* Select filter policy to use accept list */ 1943 - return err ? 0x00 : 0x01; 1940 + return filter_policy; 1944 1941 } 1945 1942 1946 1943 /* Returns true if an le connection is in the scanning state */ ··· 3265 3262 if (hdev->le_features[0] & HCI_LE_DATA_LEN_EXT) 3266 3263 events[0] |= 0x40; /* LE Data Length Change */ 3267 3264 3268 - /* If the controller supports LL Privacy feature, enable 3269 - * the corresponding event. 3265 + /* If the controller supports LL Privacy feature or LE Extended Adv, 3266 + * enable the corresponding event. 3270 3267 */ 3271 - if (hdev->le_features[0] & HCI_LE_LL_PRIVACY) 3268 + if (use_enhanced_conn_complete(hdev)) 3272 3269 events[1] |= 0x02; /* LE Enhanced Connection Complete */ 3273 3270 3274 3271 /* If the controller supports Extended Scanner Filter ··· 4109 4106 hci_inquiry_cache_flush(hdev); 4110 4107 hci_pend_le_actions_clear(hdev); 4111 4108 hci_conn_hash_flush(hdev); 4112 - hci_dev_unlock(hdev); 4113 - 4109 + /* Prevent data races on hdev->smp_data or hdev->smp_bredr_data */ 4114 4110 smp_unregister(hdev); 4111 + hci_dev_unlock(hdev); 4115 4112 4116 4113 hci_sock_dev_event(hdev, HCI_DEV_DOWN); 4117 4114 ··· 5188 5185 return __hci_cmd_sync_status_sk(hdev, HCI_OP_LE_EXT_CREATE_CONN, 5189 5186 plen, data, 5190 5187 HCI_EV_LE_ENHANCED_CONN_COMPLETE, 5191 - HCI_CMD_TIMEOUT, NULL); 5188 + conn->conn_timeout, NULL); 5192 5189 } 5193 5190 5194 5191 int hci_le_create_conn_sync(struct hci_dev *hdev, struct hci_conn *conn) ··· 5273 5270 cp.min_ce_len = cpu_to_le16(0x0000); 5274 5271 cp.max_ce_len = cpu_to_le16(0x0000); 5275 5272 5273 + /* BLUETOOTH CORE SPECIFICATION Version 5.3 | Vol 4, Part E page 2261: 5274 + * 5275 + * If this event is unmasked and the HCI_LE_Connection_Complete event 5276 + * is unmasked, only the HCI_LE_Enhanced_Connection_Complete event is 5277 + * sent when a new connection has been created. 5278 + */ 5276 5279 err = __hci_cmd_sync_status_sk(hdev, HCI_OP_LE_CREATE_CONN, 5277 - sizeof(cp), &cp, HCI_EV_LE_CONN_COMPLETE, 5278 - HCI_CMD_TIMEOUT, NULL); 5280 + sizeof(cp), &cp, 5281 + use_enhanced_conn_complete(hdev) ? 5282 + HCI_EV_LE_ENHANCED_CONN_COMPLETE : 5283 + HCI_EV_LE_CONN_COMPLETE, 5284 + conn->conn_timeout, NULL); 5279 5285 5280 5286 done: 5281 5287 /* Re-enable advertising after the connection attempt is finished. */
+63 -36
net/bluetooth/mgmt.c
··· 1218 1218 static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err) 1219 1219 { 1220 1220 struct mgmt_pending_cmd *cmd = data; 1221 - struct mgmt_mode *cp = cmd->param; 1221 + struct mgmt_mode *cp; 1222 + 1223 + /* Make sure cmd still outstanding. */ 1224 + if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev)) 1225 + return; 1226 + 1227 + cp = cmd->param; 1222 1228 1223 1229 bt_dev_dbg(hdev, "err %d", err); 1224 1230 ··· 1248 1242 mgmt_status(err)); 1249 1243 } 1250 1244 1251 - mgmt_pending_free(cmd); 1245 + mgmt_pending_remove(cmd); 1252 1246 } 1253 1247 1254 1248 static int set_powered_sync(struct hci_dev *hdev, void *data) ··· 1287 1281 goto failed; 1288 1282 } 1289 1283 1290 - cmd = mgmt_pending_new(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1284 + cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len); 1291 1285 if (!cmd) { 1292 1286 err = -ENOMEM; 1293 1287 goto failed; ··· 1295 1289 1296 1290 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd, 1297 1291 mgmt_set_powered_complete); 1292 + 1293 + if (err < 0) 1294 + mgmt_pending_remove(cmd); 1298 1295 1299 1296 failed: 1300 1297 hci_dev_unlock(hdev); ··· 1392 1383 1393 1384 bt_dev_dbg(hdev, "err %d", err); 1394 1385 1386 + /* Make sure cmd still outstanding. */ 1387 + if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev)) 1388 + return; 1389 + 1395 1390 hci_dev_lock(hdev); 1396 1391 1397 1392 if (err) { ··· 1415 1402 new_settings(hdev, cmd->sk); 1416 1403 1417 1404 done: 1418 - mgmt_pending_free(cmd); 1405 + mgmt_pending_remove(cmd); 1419 1406 hci_dev_unlock(hdev); 1420 1407 } 1421 1408 ··· 1524 1511 goto failed; 1525 1512 } 1526 1513 1527 - cmd = mgmt_pending_new(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1514 + cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len); 1528 1515 if (!cmd) { 1529 1516 err = -ENOMEM; 1530 1517 goto failed; ··· 1551 1538 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd, 1552 1539 mgmt_set_discoverable_complete); 1553 1540 1541 + if (err < 0) 1542 + mgmt_pending_remove(cmd); 1543 + 1554 1544 failed: 1555 1545 hci_dev_unlock(hdev); 1556 1546 return err; ··· 1565 1549 struct mgmt_pending_cmd *cmd = data; 1566 1550 1567 1551 bt_dev_dbg(hdev, "err %d", err); 1552 + 1553 + /* Make sure cmd still outstanding. */ 1554 + if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) 1555 + return; 1568 1556 1569 1557 hci_dev_lock(hdev); 1570 1558 ··· 1582 1562 new_settings(hdev, cmd->sk); 1583 1563 1584 1564 done: 1585 - mgmt_pending_free(cmd); 1565 + if (cmd) 1566 + mgmt_pending_remove(cmd); 1567 + 1586 1568 hci_dev_unlock(hdev); 1587 1569 } 1588 1570 ··· 1656 1634 goto failed; 1657 1635 } 1658 1636 1659 - cmd = mgmt_pending_new(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1637 + cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len); 1660 1638 if (!cmd) { 1661 1639 err = -ENOMEM; 1662 1640 goto failed; ··· 1675 1653 1676 1654 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd, 1677 1655 mgmt_set_connectable_complete); 1656 + 1657 + if (err < 0) 1658 + mgmt_pending_remove(cmd); 1678 1659 1679 1660 failed: 1680 1661 hci_dev_unlock(hdev); ··· 1798 1773 struct mgmt_mode *cp = cmd->param; 1799 1774 u8 enable = cp->val; 1800 1775 bool changed; 1776 + 1777 + /* Make sure cmd still outstanding. */ 1778 + if (cmd != pending_find(MGMT_OP_SET_SSP, hdev)) 1779 + return; 1801 1780 1802 1781 if (err) { 1803 1782 u8 mgmt_err = mgmt_status(err); ··· 3350 3321 3351 3322 bt_dev_dbg(hdev, "err %d", err); 3352 3323 3324 + if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev)) 3325 + return; 3326 + 3353 3327 if (status) { 3354 3328 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 3355 3329 status); ··· 3524 3492 struct mgmt_pending_cmd *cmd = data; 3525 3493 struct sk_buff *skb = cmd->skb; 3526 3494 u8 status = mgmt_status(err); 3495 + 3496 + if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) 3497 + return; 3527 3498 3528 3499 if (!status) { 3529 3500 if (!skb) ··· 3793 3758 MGMT_STATUS_INVALID_PARAMS); 3794 3759 3795 3760 hci_dev_lock(hdev); 3796 - 3797 - if (pending_find(MGMT_OP_SET_WIDEBAND_SPEECH, hdev)) { 3798 - err = mgmt_cmd_status(sk, hdev->id, 3799 - MGMT_OP_SET_WIDEBAND_SPEECH, 3800 - MGMT_STATUS_BUSY); 3801 - goto unlock; 3802 - } 3803 3761 3804 3762 if (hdev_is_powered(hdev) && 3805 3763 !!cp->val != hci_dev_test_flag(hdev, ··· 5064 5036 goto unlock; 5065 5037 } 5066 5038 5067 - if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) { 5068 - err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 5069 - MGMT_STATUS_BUSY); 5070 - goto unlock; 5071 - } 5072 - 5073 5039 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0); 5074 5040 if (!cmd) 5075 5041 err = -ENOMEM; ··· 5283 5261 { 5284 5262 struct mgmt_pending_cmd *cmd = data; 5285 5263 5264 + if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) && 5265 + cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) && 5266 + cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev)) 5267 + return; 5268 + 5286 5269 bt_dev_dbg(hdev, "err %d", err); 5287 5270 5288 5271 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err), 5289 5272 cmd->param, 1); 5290 - mgmt_pending_free(cmd); 5273 + mgmt_pending_remove(cmd); 5291 5274 5292 5275 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED: 5293 5276 DISCOVERY_FINDING); ··· 5354 5327 else 5355 5328 hdev->discovery.limited = false; 5356 5329 5357 - cmd = mgmt_pending_new(sk, op, hdev, data, len); 5330 + cmd = mgmt_pending_add(sk, op, hdev, data, len); 5358 5331 if (!cmd) { 5359 5332 err = -ENOMEM; 5360 5333 goto failed; ··· 5363 5336 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd, 5364 5337 start_discovery_complete); 5365 5338 if (err < 0) { 5366 - mgmt_pending_free(cmd); 5339 + mgmt_pending_remove(cmd); 5367 5340 goto failed; 5368 5341 } 5369 5342 ··· 5457 5430 goto failed; 5458 5431 } 5459 5432 5460 - cmd = mgmt_pending_new(sk, MGMT_OP_START_SERVICE_DISCOVERY, 5433 + cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY, 5461 5434 hdev, data, len); 5462 5435 if (!cmd) { 5463 5436 err = -ENOMEM; ··· 5490 5463 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd, 5491 5464 start_discovery_complete); 5492 5465 if (err < 0) { 5493 - mgmt_pending_free(cmd); 5466 + mgmt_pending_remove(cmd); 5494 5467 goto failed; 5495 5468 } 5496 5469 ··· 5522 5495 { 5523 5496 struct mgmt_pending_cmd *cmd = data; 5524 5497 5498 + if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev)) 5499 + return; 5500 + 5525 5501 bt_dev_dbg(hdev, "err %d", err); 5526 5502 5527 5503 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err), 5528 5504 cmd->param, 1); 5529 - mgmt_pending_free(cmd); 5505 + mgmt_pending_remove(cmd); 5530 5506 5531 5507 if (!err) 5532 5508 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); ··· 5565 5535 goto unlock; 5566 5536 } 5567 5537 5568 - cmd = mgmt_pending_new(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 5538 + cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len); 5569 5539 if (!cmd) { 5570 5540 err = -ENOMEM; 5571 5541 goto unlock; ··· 5574 5544 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd, 5575 5545 stop_discovery_complete); 5576 5546 if (err < 0) { 5577 - mgmt_pending_free(cmd); 5547 + mgmt_pending_remove(cmd); 5578 5548 goto unlock; 5579 5549 } 5580 5550 ··· 7504 7474 u8 status = mgmt_status(err); 7505 7475 u16 eir_len; 7506 7476 7477 + if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev)) 7478 + return; 7479 + 7507 7480 if (!status) { 7508 7481 if (!skb) 7509 7482 status = MGMT_STATUS_FAILED; ··· 8002 7969 8003 7970 static bool adv_busy(struct hci_dev *hdev) 8004 7971 { 8005 - return (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 8006 - pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 8007 - pending_find(MGMT_OP_SET_LE, hdev) || 8008 - pending_find(MGMT_OP_ADD_EXT_ADV_PARAMS, hdev) || 8009 - pending_find(MGMT_OP_ADD_EXT_ADV_DATA, hdev)); 7972 + return pending_find(MGMT_OP_SET_LE, hdev); 8010 7973 } 8011 7974 8012 7975 static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance, ··· 8592 8563 goto unlock; 8593 8564 } 8594 8565 8595 - if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) || 8596 - pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) || 8597 - pending_find(MGMT_OP_SET_LE, hdev)) { 8566 + if (pending_find(MGMT_OP_SET_LE, hdev)) { 8598 8567 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING, 8599 8568 MGMT_STATUS_BUSY); 8600 8569 goto unlock;
+2 -1
net/bluetooth/mgmt_util.c
··· 77 77 { 78 78 struct hci_dev *hdev; 79 79 struct mgmt_hdr *hdr; 80 - int len = skb->len; 80 + int len; 81 81 82 82 if (!skb) 83 83 return -EINVAL; 84 84 85 + len = skb->len; 85 86 hdev = bt_cb(skb)->mgmt.hdev; 86 87 87 88 /* Time stamp */
+1 -1
net/core/skbuff.c
··· 3876 3876 list_skb = list_skb->next; 3877 3877 3878 3878 err = 0; 3879 + delta_truesize += nskb->truesize; 3879 3880 if (skb_shared(nskb)) { 3880 3881 tmp = skb_clone(nskb, GFP_ATOMIC); 3881 3882 if (tmp) { ··· 3901 3900 tail = nskb; 3902 3901 3903 3902 delta_len += nskb->len; 3904 - delta_truesize += nskb->truesize; 3905 3903 3906 3904 skb_push(nskb, -skb_network_offset(nskb) + offset); 3907 3905
+1 -1
net/core/skmsg.c
··· 1153 1153 struct sk_psock *psock; 1154 1154 struct bpf_prog *prog; 1155 1155 int ret = __SK_DROP; 1156 - int len = skb->len; 1156 + int len = orig_len; 1157 1157 1158 1158 /* clone here so sk_eat_skb() in tcp_read_sock does not drop our data */ 1159 1159 skb = skb_clone(skb, GFP_ATOMIC);
+44
net/dcb/dcbnl.c
··· 2073 2073 } 2074 2074 EXPORT_SYMBOL(dcb_ieee_getapp_default_prio_mask); 2075 2075 2076 + static void dcbnl_flush_dev(struct net_device *dev) 2077 + { 2078 + struct dcb_app_type *itr, *tmp; 2079 + 2080 + spin_lock_bh(&dcb_lock); 2081 + 2082 + list_for_each_entry_safe(itr, tmp, &dcb_app_list, list) { 2083 + if (itr->ifindex == dev->ifindex) { 2084 + list_del(&itr->list); 2085 + kfree(itr); 2086 + } 2087 + } 2088 + 2089 + spin_unlock_bh(&dcb_lock); 2090 + } 2091 + 2092 + static int dcbnl_netdevice_event(struct notifier_block *nb, 2093 + unsigned long event, void *ptr) 2094 + { 2095 + struct net_device *dev = netdev_notifier_info_to_dev(ptr); 2096 + 2097 + switch (event) { 2098 + case NETDEV_UNREGISTER: 2099 + if (!dev->dcbnl_ops) 2100 + return NOTIFY_DONE; 2101 + 2102 + dcbnl_flush_dev(dev); 2103 + 2104 + return NOTIFY_OK; 2105 + default: 2106 + return NOTIFY_DONE; 2107 + } 2108 + } 2109 + 2110 + static struct notifier_block dcbnl_nb __read_mostly = { 2111 + .notifier_call = dcbnl_netdevice_event, 2112 + }; 2113 + 2076 2114 static int __init dcbnl_init(void) 2077 2115 { 2116 + int err; 2117 + 2118 + err = register_netdevice_notifier(&dcbnl_nb); 2119 + if (err) 2120 + return err; 2121 + 2078 2122 rtnl_register(PF_UNSPEC, RTM_GETDCB, dcb_doit, NULL, 0); 2079 2123 rtnl_register(PF_UNSPEC, RTM_SETDCB, dcb_doit, NULL, 0); 2080 2124
+1 -1
net/dsa/dsa2.c
··· 1261 1261 info.tag_ops = tag_ops; 1262 1262 err = dsa_tree_notify(dst, DSA_NOTIFIER_TAG_PROTO, &info); 1263 1263 if (err) 1264 - return err; 1264 + goto out_unwind_tagger; 1265 1265 1266 1266 err = dsa_tree_bind_tag_proto(dst, tag_ops); 1267 1267 if (err)
+1 -1
net/ipv4/esp4.c
··· 671 671 struct xfrm_dst *dst = (struct xfrm_dst *)skb_dst(skb); 672 672 u32 padto; 673 673 674 - padto = min(x->tfcpad, __xfrm_state_mtu(x, dst->child_mtu_cached)); 674 + padto = min(x->tfcpad, xfrm_state_mtu(x, dst->child_mtu_cached)); 675 675 if (skb->len < padto) 676 676 esp.tfclen = padto - skb->len; 677 677 }
+6 -4
net/ipv4/tcp.c
··· 1684 1684 if (!copied) 1685 1685 copied = used; 1686 1686 break; 1687 - } else if (used <= len) { 1688 - seq += used; 1689 - copied += used; 1690 - offset += used; 1691 1687 } 1688 + if (WARN_ON_ONCE(used > len)) 1689 + used = len; 1690 + seq += used; 1691 + copied += used; 1692 + offset += used; 1693 + 1692 1694 /* If recv_actor drops the lock (e.g. TCP splice 1693 1695 * receive) the skb pointer might be invalid when 1694 1696 * getting here: tcp_collapse might have deleted it
+6 -2
net/ipv6/addrconf.c
··· 3732 3732 struct inet6_dev *idev; 3733 3733 struct inet6_ifaddr *ifa, *tmp; 3734 3734 bool keep_addr = false; 3735 + bool was_ready; 3735 3736 int state, i; 3736 3737 3737 3738 ASSERT_RTNL(); ··· 3798 3797 3799 3798 addrconf_del_rs_timer(idev); 3800 3799 3801 - /* Step 2: clear flags for stateless addrconf */ 3800 + /* Step 2: clear flags for stateless addrconf, repeated down 3801 + * detection 3802 + */ 3803 + was_ready = idev->if_flags & IF_READY; 3802 3804 if (!unregister) 3803 3805 idev->if_flags &= ~(IF_RS_SENT|IF_RA_RCVD|IF_READY); 3804 3806 ··· 3875 3871 if (unregister) { 3876 3872 ipv6_ac_destroy_dev(idev); 3877 3873 ipv6_mc_destroy_dev(idev); 3878 - } else { 3874 + } else if (was_ready) { 3879 3875 ipv6_mc_down(idev); 3880 3876 } 3881 3877
+1 -1
net/ipv6/esp6.c
··· 707 707 struct xfrm_dst *dst = (struct xfrm_dst *)skb_dst(skb); 708 708 u32 padto; 709 709 710 - padto = min(x->tfcpad, __xfrm_state_mtu(x, dst->child_mtu_cached)); 710 + padto = min(x->tfcpad, xfrm_state_mtu(x, dst->child_mtu_cached)); 711 711 if (skb->len < padto) 712 712 esp.tfclen = padto - skb->len; 713 713 }
+7 -4
net/ipv6/ip6_output.c
··· 1408 1408 if (np->frag_size) 1409 1409 mtu = np->frag_size; 1410 1410 } 1411 - if (mtu < IPV6_MIN_MTU) 1412 - return -EINVAL; 1413 1411 cork->base.fragsize = mtu; 1414 1412 cork->base.gso_size = ipc6->gso_size; 1415 1413 cork->base.tx_flags = 0; ··· 1469 1471 1470 1472 fragheaderlen = sizeof(struct ipv6hdr) + rt->rt6i_nfheader_len + 1471 1473 (opt ? opt->opt_nflen : 0); 1472 - maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - 1473 - sizeof(struct frag_hdr); 1474 1474 1475 1475 headersize = sizeof(struct ipv6hdr) + 1476 1476 (opt ? opt->opt_flen + opt->opt_nflen : 0) + 1477 1477 (dst_allfrag(&rt->dst) ? 1478 1478 sizeof(struct frag_hdr) : 0) + 1479 1479 rt->rt6i_nfheader_len; 1480 + 1481 + if (mtu < fragheaderlen || 1482 + ((mtu - fragheaderlen) & ~7) + fragheaderlen < sizeof(struct frag_hdr)) 1483 + goto emsgsize; 1484 + 1485 + maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen - 1486 + sizeof(struct frag_hdr); 1480 1487 1481 1488 /* as per RFC 7112 section 5, the entire IPv6 Header Chain must fit 1482 1489 * the first fragment
+12 -20
net/ipv6/mcast.c
··· 1371 1371 } 1372 1372 1373 1373 /* called with rcu_read_lock() */ 1374 - int igmp6_event_query(struct sk_buff *skb) 1374 + void igmp6_event_query(struct sk_buff *skb) 1375 1375 { 1376 1376 struct inet6_dev *idev = __in6_dev_get(skb->dev); 1377 1377 1378 - if (!idev) 1379 - return -EINVAL; 1380 - 1381 - if (idev->dead) { 1382 - kfree_skb(skb); 1383 - return -ENODEV; 1384 - } 1378 + if (!idev || idev->dead) 1379 + goto out; 1385 1380 1386 1381 spin_lock_bh(&idev->mc_query_lock); 1387 1382 if (skb_queue_len(&idev->mc_query_queue) < MLD_MAX_SKBS) { 1388 1383 __skb_queue_tail(&idev->mc_query_queue, skb); 1389 1384 if (!mod_delayed_work(mld_wq, &idev->mc_query_work, 0)) 1390 1385 in6_dev_hold(idev); 1386 + skb = NULL; 1391 1387 } 1392 1388 spin_unlock_bh(&idev->mc_query_lock); 1393 - 1394 - return 0; 1389 + out: 1390 + kfree_skb(skb); 1395 1391 } 1396 1392 1397 1393 static void __mld_query_work(struct sk_buff *skb) ··· 1538 1542 } 1539 1543 1540 1544 /* called with rcu_read_lock() */ 1541 - int igmp6_event_report(struct sk_buff *skb) 1545 + void igmp6_event_report(struct sk_buff *skb) 1542 1546 { 1543 1547 struct inet6_dev *idev = __in6_dev_get(skb->dev); 1544 1548 1545 - if (!idev) 1546 - return -EINVAL; 1547 - 1548 - if (idev->dead) { 1549 - kfree_skb(skb); 1550 - return -ENODEV; 1551 - } 1549 + if (!idev || idev->dead) 1550 + goto out; 1552 1551 1553 1552 spin_lock_bh(&idev->mc_report_lock); 1554 1553 if (skb_queue_len(&idev->mc_report_queue) < MLD_MAX_SKBS) { 1555 1554 __skb_queue_tail(&idev->mc_report_queue, skb); 1556 1555 if (!mod_delayed_work(mld_wq, &idev->mc_report_work, 0)) 1557 1556 in6_dev_hold(idev); 1557 + skb = NULL; 1558 1558 } 1559 1559 spin_unlock_bh(&idev->mc_report_lock); 1560 - 1561 - return 0; 1560 + out: 1561 + kfree_skb(skb); 1562 1562 } 1563 1563 1564 1564 static void __mld_report_work(struct sk_buff *skb)
+1 -1
net/key/af_key.c
··· 2623 2623 } 2624 2624 2625 2625 return xfrm_migrate(&sel, dir, XFRM_POLICY_TYPE_MAIN, m, i, 2626 - kma ? &k : NULL, net, NULL); 2626 + kma ? &k : NULL, net, NULL, 0); 2627 2627 2628 2628 out: 2629 2629 return err;
+9 -1
net/mac80211/agg-tx.c
··· 9 9 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 10 10 * Copyright 2007-2010, Intel Corporation 11 11 * Copyright(c) 2015-2017 Intel Deutschland GmbH 12 - * Copyright (C) 2018 - 2021 Intel Corporation 12 + * Copyright (C) 2018 - 2022 Intel Corporation 13 13 */ 14 14 15 15 #include <linux/ieee80211.h> ··· 622 622 if (test_sta_flag(sta, WLAN_STA_BLOCK_BA)) { 623 623 ht_dbg(sdata, 624 624 "BA sessions blocked - Denying BA session request %pM tid %d\n", 625 + sta->sta.addr, tid); 626 + return -EINVAL; 627 + } 628 + 629 + if (test_sta_flag(sta, WLAN_STA_MFP) && 630 + !test_sta_flag(sta, WLAN_STA_AUTHORIZED)) { 631 + ht_dbg(sdata, 632 + "MFP STA not authorized - deny BA session request %pM tid %d\n", 625 633 sta->sta.addr, tid); 626 634 return -EINVAL; 627 635 }
+1 -1
net/mac80211/ieee80211_i.h
··· 376 376 377 377 u8 key[WLAN_KEY_LEN_WEP104]; 378 378 u8 key_len, key_idx; 379 - bool done; 379 + bool done, waiting; 380 380 bool peer_confirmed; 381 381 bool timeout_started; 382 382
+12 -4
net/mac80211/mlme.c
··· 37 37 #define IEEE80211_AUTH_TIMEOUT_SAE (HZ * 2) 38 38 #define IEEE80211_AUTH_MAX_TRIES 3 39 39 #define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5) 40 + #define IEEE80211_AUTH_WAIT_SAE_RETRY (HZ * 2) 40 41 #define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 41 42 #define IEEE80211_ASSOC_TIMEOUT_LONG (HZ / 2) 42 43 #define IEEE80211_ASSOC_TIMEOUT_SHORT (HZ / 10) ··· 3012 3011 (status_code == WLAN_STATUS_ANTI_CLOG_REQUIRED || 3013 3012 (auth_transaction == 1 && 3014 3013 (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT || 3015 - status_code == WLAN_STATUS_SAE_PK)))) 3014 + status_code == WLAN_STATUS_SAE_PK)))) { 3015 + /* waiting for userspace now */ 3016 + ifmgd->auth_data->waiting = true; 3017 + ifmgd->auth_data->timeout = 3018 + jiffies + IEEE80211_AUTH_WAIT_SAE_RETRY; 3019 + ifmgd->auth_data->timeout_started = true; 3020 + run_again(sdata, ifmgd->auth_data->timeout); 3016 3021 goto notify_driver; 3022 + } 3017 3023 3018 3024 sdata_info(sdata, "%pM denied authentication (status %d)\n", 3019 3025 mgmt->sa, status_code); ··· 4611 4603 4612 4604 if (ifmgd->auth_data && ifmgd->auth_data->timeout_started && 4613 4605 time_after(jiffies, ifmgd->auth_data->timeout)) { 4614 - if (ifmgd->auth_data->done) { 4606 + if (ifmgd->auth_data->done || ifmgd->auth_data->waiting) { 4615 4607 /* 4616 - * ok ... we waited for assoc but userspace didn't, 4617 - * so let's just kill the auth data 4608 + * ok ... we waited for assoc or continuation but 4609 + * userspace didn't do it, so kill the auth data 4618 4610 */ 4619 4611 ieee80211_destroy_auth_data(sdata, false); 4620 4612 } else if (ieee80211_auth(sdata)) {
+5 -9
net/mac80211/rx.c
··· 2607 2607 * address, so that the authenticator (e.g. hostapd) will see 2608 2608 * the frame, but bridge won't forward it anywhere else. Note 2609 2609 * that due to earlier filtering, the only other address can 2610 - * be the PAE group address. 2610 + * be the PAE group address, unless the hardware allowed them 2611 + * through in 802.3 offloaded mode. 2611 2612 */ 2612 2613 if (unlikely(skb->protocol == sdata->control_port_protocol && 2613 2614 !ether_addr_equal(ehdr->h_dest, sdata->vif.addr))) ··· 2923 2922 ether_addr_equal(sdata->vif.addr, hdr->addr3)) 2924 2923 return RX_CONTINUE; 2925 2924 2926 - ac = ieee80211_select_queue_80211(sdata, skb, hdr); 2925 + ac = ieee802_1d_to_ac[skb->priority]; 2927 2926 q = sdata->vif.hw_queue[ac]; 2928 2927 if (ieee80211_queue_stopped(&local->hw, q)) { 2929 2928 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_congestion); 2930 2929 return RX_DROP_MONITOR; 2931 2930 } 2932 - skb_set_queue_mapping(skb, q); 2931 + skb_set_queue_mapping(skb, ac); 2933 2932 2934 2933 if (!--mesh_hdr->ttl) { 2935 2934 if (!is_multicast_ether_addr(hdr->addr1)) ··· 4515 4514 4516 4515 /* deliver to local stack */ 4517 4516 skb->protocol = eth_type_trans(skb, fast_rx->dev); 4518 - memset(skb->cb, 0, sizeof(skb->cb)); 4519 - if (rx->list) 4520 - list_add_tail(&skb->list, rx->list); 4521 - else 4522 - netif_receive_skb(skb); 4523 - 4517 + ieee80211_deliver_skb_to_local_stack(skb, rx); 4524 4518 } 4525 4519 4526 4520 static bool ieee80211_invoke_fast_rx(struct ieee80211_rx_data *rx,
+16 -2
net/mptcp/protocol.c
··· 466 466 static void mptcp_set_datafin_timeout(const struct sock *sk) 467 467 { 468 468 struct inet_connection_sock *icsk = inet_csk(sk); 469 + u32 retransmits; 469 470 470 - mptcp_sk(sk)->timer_ival = min(TCP_RTO_MAX, 471 - TCP_RTO_MIN << icsk->icsk_retransmits); 471 + retransmits = min_t(u32, icsk->icsk_retransmits, 472 + ilog2(TCP_RTO_MAX / TCP_RTO_MIN)); 473 + 474 + mptcp_sk(sk)->timer_ival = TCP_RTO_MIN << retransmits; 472 475 } 473 476 474 477 static void __mptcp_set_timeout(struct sock *sk, long tout) ··· 3297 3294 return 0; 3298 3295 3299 3296 delta = msk->write_seq - v; 3297 + if (__mptcp_check_fallback(msk) && msk->first) { 3298 + struct tcp_sock *tp = tcp_sk(msk->first); 3299 + 3300 + /* the first subflow is disconnected after close - see 3301 + * __mptcp_close_ssk(). tcp_disconnect() moves the write_seq 3302 + * so ignore that status, too. 3303 + */ 3304 + if (!((1 << msk->first->sk_state) & 3305 + (TCPF_SYN_SENT | TCPF_SYN_RECV | TCPF_CLOSE))) 3306 + delta += READ_ONCE(tp->write_seq) - tp->snd_una; 3307 + } 3300 3308 if (delta > INT_MAX) 3301 3309 delta = INT_MAX; 3302 3310
+3 -2
net/netfilter/core.c
··· 428 428 p = nf_entry_dereference(*pp); 429 429 new_hooks = nf_hook_entries_grow(p, reg); 430 430 431 - if (!IS_ERR(new_hooks)) 431 + if (!IS_ERR(new_hooks)) { 432 + hooks_validate(new_hooks); 432 433 rcu_assign_pointer(*pp, new_hooks); 434 + } 433 435 434 436 mutex_unlock(&nf_hook_mutex); 435 437 if (IS_ERR(new_hooks)) 436 438 return PTR_ERR(new_hooks); 437 439 438 - hooks_validate(new_hooks); 439 440 #ifdef CONFIG_NETFILTER_INGRESS 440 441 if (nf_ingress_hook(reg, pf)) 441 442 net_inc_ingress_queue();
+5 -1
net/netfilter/nf_flow_table_offload.c
··· 110 110 nf_flow_rule_lwt_match(match, tun_info); 111 111 } 112 112 113 - key->meta.ingress_ifindex = tuple->iifidx; 113 + if (tuple->xmit_type == FLOW_OFFLOAD_XMIT_TC) 114 + key->meta.ingress_ifindex = tuple->tc.iifidx; 115 + else 116 + key->meta.ingress_ifindex = tuple->iifidx; 117 + 114 118 mask->meta.ingress_ifindex = 0xffffffff; 115 119 116 120 if (tuple->encap_num > 0 && !(tuple->in_vlan_ingress & BIT(0)) &&
+31 -5
net/netfilter/nf_queue.c
··· 46 46 } 47 47 EXPORT_SYMBOL(nf_unregister_queue_handler); 48 48 49 + static void nf_queue_sock_put(struct sock *sk) 50 + { 51 + #ifdef CONFIG_INET 52 + sock_gen_put(sk); 53 + #else 54 + sock_put(sk); 55 + #endif 56 + } 57 + 49 58 static void nf_queue_entry_release_refs(struct nf_queue_entry *entry) 50 59 { 51 60 struct nf_hook_state *state = &entry->state; ··· 63 54 dev_put(state->in); 64 55 dev_put(state->out); 65 56 if (state->sk) 66 - sock_put(state->sk); 57 + nf_queue_sock_put(state->sk); 67 58 68 59 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 69 60 dev_put(entry->physin); ··· 96 87 } 97 88 98 89 /* Bump dev refs so they don't vanish while packet is out */ 99 - void nf_queue_entry_get_refs(struct nf_queue_entry *entry) 90 + bool nf_queue_entry_get_refs(struct nf_queue_entry *entry) 100 91 { 101 92 struct nf_hook_state *state = &entry->state; 102 93 94 + if (state->sk && !refcount_inc_not_zero(&state->sk->sk_refcnt)) 95 + return false; 96 + 103 97 dev_hold(state->in); 104 98 dev_hold(state->out); 105 - if (state->sk) 106 - sock_hold(state->sk); 107 99 108 100 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 109 101 dev_hold(entry->physin); 110 102 dev_hold(entry->physout); 111 103 #endif 104 + return true; 112 105 } 113 106 EXPORT_SYMBOL_GPL(nf_queue_entry_get_refs); 114 107 ··· 180 169 break; 181 170 } 182 171 172 + if (skb_sk_is_prefetched(skb)) { 173 + struct sock *sk = skb->sk; 174 + 175 + if (!sk_is_refcounted(sk)) { 176 + if (!refcount_inc_not_zero(&sk->sk_refcnt)) 177 + return -ENOTCONN; 178 + 179 + /* drop refcount on skb_orphan */ 180 + skb->destructor = sock_edemux; 181 + } 182 + } 183 + 183 184 entry = kmalloc(sizeof(*entry) + route_key_size, GFP_ATOMIC); 184 185 if (!entry) 185 186 return -ENOMEM; ··· 210 187 211 188 __nf_queue_entry_init_physdevs(entry); 212 189 213 - nf_queue_entry_get_refs(entry); 190 + if (!nf_queue_entry_get_refs(entry)) { 191 + kfree(entry); 192 + return -ENOTCONN; 193 + } 214 194 215 195 switch (entry->state.pf) { 216 196 case AF_INET:
+2 -2
net/netfilter/nf_tables_api.c
··· 4502 4502 list_for_each_entry_safe(catchall, next, &set->catchall_list, list) { 4503 4503 list_del_rcu(&catchall->list); 4504 4504 nft_set_elem_destroy(set, catchall->elem, true); 4505 - kfree_rcu(catchall); 4505 + kfree_rcu(catchall, rcu); 4506 4506 } 4507 4507 } 4508 4508 ··· 5669 5669 list_for_each_entry_safe(catchall, next, &set->catchall_list, list) { 5670 5670 if (catchall->elem == elem->priv) { 5671 5671 list_del_rcu(&catchall->list); 5672 - kfree_rcu(catchall); 5672 + kfree_rcu(catchall, rcu); 5673 5673 break; 5674 5674 } 5675 5675 }
+9 -4
net/sched/act_ct.c
··· 361 361 } 362 362 } 363 363 364 + static void tcf_ct_flow_tc_ifidx(struct flow_offload *entry, 365 + struct nf_conn_act_ct_ext *act_ct_ext, u8 dir) 366 + { 367 + entry->tuplehash[dir].tuple.xmit_type = FLOW_OFFLOAD_XMIT_TC; 368 + entry->tuplehash[dir].tuple.tc.iifidx = act_ct_ext->ifindex[dir]; 369 + } 370 + 364 371 static void tcf_ct_flow_table_add(struct tcf_ct_flow_table *ct_ft, 365 372 struct nf_conn *ct, 366 373 bool tcp) ··· 392 385 393 386 act_ct_ext = nf_conn_act_ct_ext_find(ct); 394 387 if (act_ct_ext) { 395 - entry->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.iifidx = 396 - act_ct_ext->ifindex[IP_CT_DIR_ORIGINAL]; 397 - entry->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple.iifidx = 398 - act_ct_ext->ifindex[IP_CT_DIR_REPLY]; 388 + tcf_ct_flow_tc_ifidx(entry, act_ct_ext, FLOW_OFFLOAD_DIR_ORIGINAL); 389 + tcf_ct_flow_tc_ifidx(entry, act_ct_ext, FLOW_OFFLOAD_DIR_REPLY); 399 390 } 400 391 401 392 err = flow_offload_add(&ct_ft->nf_ft, entry);
+11 -3
net/smc/af_smc.c
··· 183 183 { 184 184 struct sock *sk = sock->sk; 185 185 struct smc_sock *smc; 186 - int rc = 0; 186 + int old_state, rc = 0; 187 187 188 188 if (!sk) 189 189 goto out; ··· 191 191 sock_hold(sk); /* sock_put below */ 192 192 smc = smc_sk(sk); 193 193 194 + old_state = sk->sk_state; 195 + 194 196 /* cleanup for a dangling non-blocking connect */ 195 - if (smc->connect_nonblock && sk->sk_state == SMC_INIT) 197 + if (smc->connect_nonblock && old_state == SMC_INIT) 196 198 tcp_abort(smc->clcsock->sk, ECONNABORTED); 197 199 198 200 if (cancel_work_sync(&smc->connect_work)) ··· 207 205 lock_sock_nested(sk, SINGLE_DEPTH_NESTING); 208 206 else 209 207 lock_sock(sk); 208 + 209 + if (old_state == SMC_INIT && sk->sk_state == SMC_ACTIVE && 210 + !smc->use_fallback) 211 + smc_close_active_abort(smc); 210 212 211 213 rc = __smc_release(smc); 212 214 ··· 3087 3081 rc = tcp_register_ulp(&smc_ulp_ops); 3088 3082 if (rc) { 3089 3083 pr_err("%s: tcp_ulp_register fails with %d\n", __func__, rc); 3090 - goto out_sock; 3084 + goto out_ib; 3091 3085 } 3092 3086 3093 3087 static_branch_enable(&tcp_have_smc); 3094 3088 return 0; 3095 3089 3090 + out_ib: 3091 + smc_ib_unregister_client(); 3096 3092 out_sock: 3097 3093 sock_unregister(PF_SMC); 3098 3094 out_proto6:
+3 -2
net/smc/smc_core.c
··· 1161 1161 cancel_work_sync(&conn->abort_work); 1162 1162 } 1163 1163 if (!list_empty(&lgr->list)) { 1164 - smc_lgr_unregister_conn(conn); 1165 1164 smc_buf_unuse(conn, lgr); /* allow buffer reuse */ 1165 + smc_lgr_unregister_conn(conn); 1166 1166 } 1167 1167 1168 1168 if (!lgr->conns_num) ··· 1864 1864 (ini->smcd_version == SMC_V2 || 1865 1865 lgr->vlan_id == ini->vlan_id) && 1866 1866 (role == SMC_CLNT || ini->is_smcd || 1867 - lgr->conns_num < SMC_RMBS_PER_LGR_MAX)) { 1867 + (lgr->conns_num < SMC_RMBS_PER_LGR_MAX && 1868 + !bitmap_full(lgr->rtokens_used_mask, SMC_RMBS_PER_LGR_MAX)))) { 1868 1869 /* link group found */ 1869 1870 ini->first_contact_local = 0; 1870 1871 conn->lgr = lgr;
+1 -1
net/wireless/Makefile
··· 33 33 echo 'unsigned int shipped_regdb_certs_len = sizeof(shipped_regdb_certs);'; \ 34 34 ) > $@ 35 35 36 - $(obj)/extra-certs.c: $(CONFIG_CFG80211_EXTRA_REGDB_KEYDI) \ 36 + $(obj)/extra-certs.c: $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR) \ 37 37 $(wildcard $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR)/*.x509) 38 38 @$(kecho) " GEN $@" 39 39 $(Q)(set -e; \
+14 -1
net/wireless/nl80211.c
··· 13411 13411 i = 0; 13412 13412 nla_for_each_nested(attr, attr_filter, rem) { 13413 13413 filter[i].filter = nla_memdup(attr, GFP_KERNEL); 13414 + if (!filter[i].filter) 13415 + goto err; 13416 + 13414 13417 filter[i].len = nla_len(attr); 13415 13418 i++; 13416 13419 } ··· 13426 13423 } 13427 13424 13428 13425 return 0; 13426 + 13427 + err: 13428 + i = 0; 13429 + nla_for_each_nested(attr, attr_filter, rem) { 13430 + kfree(filter[i].filter); 13431 + i++; 13432 + } 13433 + kfree(filter); 13434 + return -ENOMEM; 13429 13435 } 13430 13436 13431 13437 static int nl80211_nan_add_func(struct sk_buff *skb, ··· 17828 17816 wdev->chandef = *chandef; 17829 17817 wdev->preset_chandef = *chandef; 17830 17818 17831 - if (wdev->iftype == NL80211_IFTYPE_STATION && 17819 + if ((wdev->iftype == NL80211_IFTYPE_STATION || 17820 + wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) && 17832 17821 !WARN_ON(!wdev->current_bss)) 17833 17822 cfg80211_update_assoc_bss_entry(wdev, chandef->chan); 17834 17823
+5 -1
net/xfrm/xfrm_device.c
··· 223 223 if (x->encap || x->tfcpad) 224 224 return -EINVAL; 225 225 226 + if (xuo->flags & ~(XFRM_OFFLOAD_IPV6 | XFRM_OFFLOAD_INBOUND)) 227 + return -EINVAL; 228 + 226 229 dev = dev_get_by_index(net, xuo->ifindex); 227 230 if (!dev) { 228 231 if (!(xuo->flags & XFRM_OFFLOAD_INBOUND)) { ··· 265 262 netdev_tracker_alloc(dev, &xso->dev_tracker, GFP_ATOMIC); 266 263 xso->real_dev = dev; 267 264 xso->num_exthdrs = 1; 268 - xso->flags = xuo->flags; 265 + /* Don't forward bit that is not implemented */ 266 + xso->flags = xuo->flags & ~XFRM_OFFLOAD_IPV6; 269 267 270 268 err = dev->xfrmdev_ops->xdo_dev_state_add(x); 271 269 if (err) {
+1 -1
net/xfrm/xfrm_interface.c
··· 673 673 struct net *net = xi->net; 674 674 struct xfrm_if_parms p = {}; 675 675 676 + xfrmi_netlink_parms(data, &p); 676 677 if (!p.if_id) { 677 678 NL_SET_ERR_MSG(extack, "if_id must be non zero"); 678 679 return -EINVAL; 679 680 } 680 681 681 - xfrmi_netlink_parms(data, &p); 682 682 xi = xfrmi_locate(net, &p); 683 683 if (!xi) { 684 684 xi = netdev_priv(dev);
+8 -6
net/xfrm/xfrm_policy.c
··· 4256 4256 } 4257 4257 4258 4258 static struct xfrm_policy *xfrm_migrate_policy_find(const struct xfrm_selector *sel, 4259 - u8 dir, u8 type, struct net *net) 4259 + u8 dir, u8 type, struct net *net, u32 if_id) 4260 4260 { 4261 4261 struct xfrm_policy *pol, *ret = NULL; 4262 4262 struct hlist_head *chain; ··· 4265 4265 spin_lock_bh(&net->xfrm.xfrm_policy_lock); 4266 4266 chain = policy_hash_direct(net, &sel->daddr, &sel->saddr, sel->family, dir); 4267 4267 hlist_for_each_entry(pol, chain, bydst) { 4268 - if (xfrm_migrate_selector_match(sel, &pol->selector) && 4268 + if ((if_id == 0 || pol->if_id == if_id) && 4269 + xfrm_migrate_selector_match(sel, &pol->selector) && 4269 4270 pol->type == type) { 4270 4271 ret = pol; 4271 4272 priority = ret->priority; ··· 4278 4277 if ((pol->priority >= priority) && ret) 4279 4278 break; 4280 4279 4281 - if (xfrm_migrate_selector_match(sel, &pol->selector) && 4280 + if ((if_id == 0 || pol->if_id == if_id) && 4281 + xfrm_migrate_selector_match(sel, &pol->selector) && 4282 4282 pol->type == type) { 4283 4283 ret = pol; 4284 4284 break; ··· 4395 4393 int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, 4396 4394 struct xfrm_migrate *m, int num_migrate, 4397 4395 struct xfrm_kmaddress *k, struct net *net, 4398 - struct xfrm_encap_tmpl *encap) 4396 + struct xfrm_encap_tmpl *encap, u32 if_id) 4399 4397 { 4400 4398 int i, err, nx_cur = 0, nx_new = 0; 4401 4399 struct xfrm_policy *pol = NULL; ··· 4414 4412 } 4415 4413 4416 4414 /* Stage 1 - find policy */ 4417 - if ((pol = xfrm_migrate_policy_find(sel, dir, type, net)) == NULL) { 4415 + if ((pol = xfrm_migrate_policy_find(sel, dir, type, net, if_id)) == NULL) { 4418 4416 err = -ENOENT; 4419 4417 goto out; 4420 4418 } 4421 4419 4422 4420 /* Stage 2 - find and update state(s) */ 4423 4421 for (i = 0, mp = m; i < num_migrate; i++, mp++) { 4424 - if ((x = xfrm_migrate_state_find(mp, net))) { 4422 + if ((x = xfrm_migrate_state_find(mp, net, if_id))) { 4425 4423 x_cur[nx_cur] = x; 4426 4424 nx_cur++; 4427 4425 xc = xfrm_state_migrate(x, mp, encap);
+13 -16
net/xfrm/xfrm_state.c
··· 1579 1579 memcpy(&x->mark, &orig->mark, sizeof(x->mark)); 1580 1580 memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark)); 1581 1581 1582 - if (xfrm_init_state(x) < 0) 1583 - goto error; 1584 - 1585 1582 x->props.flags = orig->props.flags; 1586 1583 x->props.extra_flags = orig->props.extra_flags; 1587 1584 ··· 1603 1606 return NULL; 1604 1607 } 1605 1608 1606 - struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net) 1609 + struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net, 1610 + u32 if_id) 1607 1611 { 1608 1612 unsigned int h; 1609 1613 struct xfrm_state *x = NULL; ··· 1620 1622 continue; 1621 1623 if (m->reqid && x->props.reqid != m->reqid) 1622 1624 continue; 1625 + if (if_id != 0 && x->if_id != if_id) 1626 + continue; 1623 1627 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr, 1624 1628 m->old_family) || 1625 1629 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr, ··· 1636 1636 hlist_for_each_entry(x, net->xfrm.state_bysrc+h, bysrc) { 1637 1637 if (x->props.mode != m->mode || 1638 1638 x->id.proto != m->proto) 1639 + continue; 1640 + if (if_id != 0 && x->if_id != if_id) 1639 1641 continue; 1640 1642 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr, 1641 1643 m->old_family) || ··· 1664 1662 xc = xfrm_state_clone(x, encap); 1665 1663 if (!xc) 1666 1664 return NULL; 1665 + 1666 + xc->props.family = m->new_family; 1667 + 1668 + if (xfrm_init_state(xc) < 0) 1669 + goto error; 1667 1670 1668 1671 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr)); 1669 1672 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr)); ··· 2579 2572 } 2580 2573 EXPORT_SYMBOL(xfrm_state_delete_tunnel); 2581 2574 2582 - u32 __xfrm_state_mtu(struct xfrm_state *x, int mtu) 2575 + u32 xfrm_state_mtu(struct xfrm_state *x, int mtu) 2583 2576 { 2584 2577 const struct xfrm_type *type = READ_ONCE(x->type); 2585 2578 struct crypto_aead *aead; ··· 2610 2603 return ((mtu - x->props.header_len - crypto_aead_authsize(aead) - 2611 2604 net_adj) & ~(blksize - 1)) + net_adj - 2; 2612 2605 } 2613 - EXPORT_SYMBOL_GPL(__xfrm_state_mtu); 2614 - 2615 - u32 xfrm_state_mtu(struct xfrm_state *x, int mtu) 2616 - { 2617 - mtu = __xfrm_state_mtu(x, mtu); 2618 - 2619 - if (x->props.family == AF_INET6 && mtu < IPV6_MIN_MTU) 2620 - return IPV6_MIN_MTU; 2621 - 2622 - return mtu; 2623 - } 2606 + EXPORT_SYMBOL_GPL(xfrm_state_mtu); 2624 2607 2625 2608 int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload) 2626 2609 {
+5 -1
net/xfrm/xfrm_user.c
··· 2608 2608 int n = 0; 2609 2609 struct net *net = sock_net(skb->sk); 2610 2610 struct xfrm_encap_tmpl *encap = NULL; 2611 + u32 if_id = 0; 2611 2612 2612 2613 if (attrs[XFRMA_MIGRATE] == NULL) 2613 2614 return -EINVAL; ··· 2633 2632 return -ENOMEM; 2634 2633 } 2635 2634 2636 - err = xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap); 2635 + if (attrs[XFRMA_IF_ID]) 2636 + if_id = nla_get_u32(attrs[XFRMA_IF_ID]); 2637 + 2638 + err = xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap, if_id); 2637 2639 2638 2640 kfree(encap); 2639 2641
+1 -1
tools/testing/selftests/drivers/net/mlxsw/spectrum/resource_scale.sh
··· 50 50 else 51 51 log_test "'$current_test' [$profile] overflow $target" 52 52 fi 53 + RET_FIN=$(( RET_FIN || RET )) 53 54 done 54 - RET_FIN=$(( RET_FIN || RET )) 55 55 done 56 56 done 57 57 current_test=""
+2 -1
tools/testing/selftests/drivers/net/mlxsw/tc_police_scale.sh
··· 60 60 61 61 tc_police_rules_create $count $should_fail 62 62 63 - offload_count=$(tc filter show dev $swp1 ingress | grep in_hw | wc -l) 63 + offload_count=$(tc -j filter show dev $swp1 ingress | 64 + jq "[.[] | select(.options.in_hw == true)] | length") 64 65 ((offload_count == count)) 65 66 check_err_fail $should_fail $? "tc police offload count" 66 67 }
+2 -2
tools/testing/selftests/net/mptcp/mptcp_connect.sh
··· 763 763 run_tests_lo "$ns1" "$ns1" dead:beef:1::1 1 "-I 3 -i $old_cin" 764 764 765 765 # restore previous status 766 - cout=$old_cout 767 - cout_disconnect="$cout".disconnect 766 + sin=$old_sin 767 + sin_disconnect="$cout".disconnect 768 768 cin=$old_cin 769 769 cin_disconnect="$cin".disconnect 770 770 connect_per_transfer=1
+1
tools/testing/selftests/netfilter/.gitignore
··· 1 1 # SPDX-License-Identifier: GPL-2.0-only 2 2 nf-queue 3 + connect_close
+1 -1
tools/testing/selftests/netfilter/Makefile
··· 9 9 conntrack_vrf.sh nft_synproxy.sh 10 10 11 11 LDLIBS = -lmnl 12 - TEST_GEN_FILES = nf-queue 12 + TEST_GEN_FILES = nf-queue connect_close 13 13 14 14 include ../lib.mk
+136
tools/testing/selftests/netfilter/connect_close.c
··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + 3 + #include <stdio.h> 4 + #include <stdlib.h> 5 + #include <fcntl.h> 6 + #include <string.h> 7 + #include <unistd.h> 8 + #include <signal.h> 9 + 10 + #include <arpa/inet.h> 11 + #include <sys/socket.h> 12 + 13 + #define PORT 12345 14 + #define RUNTIME 10 15 + 16 + static struct { 17 + unsigned int timeout; 18 + unsigned int port; 19 + } opts = { 20 + .timeout = RUNTIME, 21 + .port = PORT, 22 + }; 23 + 24 + static void handler(int sig) 25 + { 26 + _exit(sig == SIGALRM ? 0 : 1); 27 + } 28 + 29 + static void set_timeout(void) 30 + { 31 + struct sigaction action = { 32 + .sa_handler = handler, 33 + }; 34 + 35 + sigaction(SIGALRM, &action, NULL); 36 + 37 + alarm(opts.timeout); 38 + } 39 + 40 + static void do_connect(const struct sockaddr_in *dst) 41 + { 42 + int s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); 43 + 44 + if (s >= 0) 45 + fcntl(s, F_SETFL, O_NONBLOCK); 46 + 47 + connect(s, (struct sockaddr *)dst, sizeof(*dst)); 48 + close(s); 49 + } 50 + 51 + static void do_accept(const struct sockaddr_in *src) 52 + { 53 + int c, one = 1, s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); 54 + 55 + if (s < 0) 56 + return; 57 + 58 + setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); 59 + setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one)); 60 + 61 + bind(s, (struct sockaddr *)src, sizeof(*src)); 62 + 63 + listen(s, 16); 64 + 65 + c = accept(s, NULL, NULL); 66 + if (c >= 0) 67 + close(c); 68 + 69 + close(s); 70 + } 71 + 72 + static int accept_loop(void) 73 + { 74 + struct sockaddr_in src = { 75 + .sin_family = AF_INET, 76 + .sin_port = htons(opts.port), 77 + }; 78 + 79 + inet_pton(AF_INET, "127.0.0.1", &src.sin_addr); 80 + 81 + set_timeout(); 82 + 83 + for (;;) 84 + do_accept(&src); 85 + 86 + return 1; 87 + } 88 + 89 + static int connect_loop(void) 90 + { 91 + struct sockaddr_in dst = { 92 + .sin_family = AF_INET, 93 + .sin_port = htons(opts.port), 94 + }; 95 + 96 + inet_pton(AF_INET, "127.0.0.1", &dst.sin_addr); 97 + 98 + set_timeout(); 99 + 100 + for (;;) 101 + do_connect(&dst); 102 + 103 + return 1; 104 + } 105 + 106 + static void parse_opts(int argc, char **argv) 107 + { 108 + int c; 109 + 110 + while ((c = getopt(argc, argv, "t:p:")) != -1) { 111 + switch (c) { 112 + case 't': 113 + opts.timeout = atoi(optarg); 114 + break; 115 + case 'p': 116 + opts.port = atoi(optarg); 117 + break; 118 + } 119 + } 120 + } 121 + 122 + int main(int argc, char *argv[]) 123 + { 124 + pid_t p; 125 + 126 + parse_opts(argc, argv); 127 + 128 + p = fork(); 129 + if (p < 0) 130 + return 111; 131 + 132 + if (p > 0) 133 + return accept_loop(); 134 + 135 + return connect_loop(); 136 + }
+19
tools/testing/selftests/netfilter/nft_queue.sh
··· 113 113 chain output { 114 114 type filter hook output priority $prio; policy accept; 115 115 tcp dport 12345 queue num 3 116 + tcp sport 23456 queue num 3 116 117 jump nfq 117 118 } 118 119 chain post { ··· 297 296 wait 2>/dev/null 298 297 } 299 298 299 + test_tcp_localhost_connectclose() 300 + { 301 + tmpfile=$(mktemp) || exit 1 302 + 303 + ip netns exec ${nsrouter} ./connect_close -p 23456 -t $timeout & 304 + 305 + ip netns exec ${nsrouter} ./nf-queue -q 3 -t $timeout & 306 + local nfqpid=$! 307 + 308 + sleep 1 309 + rm -f "$tmpfile" 310 + 311 + wait $rpid 312 + [ $? -eq 0 ] && echo "PASS: tcp via loopback with connect/close" 313 + wait 2>/dev/null 314 + } 315 + 300 316 test_tcp_localhost_requeue() 301 317 { 302 318 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF ··· 442 424 443 425 test_tcp_forward 444 426 test_tcp_localhost 427 + test_tcp_localhost_connectclose 445 428 test_tcp_localhost_requeue 446 429 test_icmp_vrf 447 430