Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'net-7.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"With fixes from wireless, bluetooth and netfilter included we're back
to each PR carrying 30%+ more fixes than in previous era.
The good news is that so far none of the "extra" fixes are themselves
causing real regressions. Not sure how much comfort that is.
Current release - fix to a fix:
- netdevsim: fix build if SKB_EXTENSIONS=n
- eth: stmmac: skip VLAN restore when VLAN hash ops are missing
Previous releases - regressions:
- wifi: iwlwifi: mvm: don't send a 6E related command when
not supported
Previous releases - always broken:
- some info leak fixes
- add missing clearing of skb->cb[] on ICMP paths from tunnels
- ipv6:
- flowlabel: defer exclusive option free until RCU teardown
- avoid overflows in ip6_datagram_send_ctl()
- mpls: add seqcount to protect platform_labels from OOB access
- bridge: improve safety of parsing ND options
- bluetooth: fix leaks, overflows and races in hci_sync
- netfilter: add more input validation, some to address bugs directly
some to prevent exploits from cooking up broken configurations
- wifi:
- ath: avoid poor performance due to stopping the wrong
aggregation session
- virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free
- eth:
- fec: fix the PTP periodic output sysfs interface
- enetc: safely reinitialize TX BD ring when it has unsent frames"
* tag 'net-7.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (95 commits)
eth: fbnic: Increase FBNIC_QUEUE_SIZE_MIN to 64
ipv6: avoid overflows in ip6_datagram_send_ctl()
net: hsr: fix VLAN add unwind on slave errors
net: hsr: serialize seq_blocks merge across nodes
vsock: initialize child_ns_mode_locked in vsock_net_init()
selftests/tc-testing: add tests for cls_fw and cls_flow on shared blocks
net/sched: cls_flow: fix NULL pointer dereference on shared blocks
net/sched: cls_fw: fix NULL pointer dereference on shared blocks
net/x25: Fix overflow when accumulating packets
net/x25: Fix potential double free of skb
bnxt_en: Restore default stat ctxs for ULP when resource is available
bnxt_en: Don't assume XDP is never enabled in bnxt_init_dflt_ring_mode()
bnxt_en: Refactor some basic ring setup and adjustment logic
net/mlx5: Fix switchdev mode rollback in case of failure
net/mlx5: Avoid "No data available" when FW version queries fail
net/mlx5: lag: Check for LAG device before creating debugfs
net: macb: properly unregister fixed rate clocks
net: macb: fix clk handling on PCI glue driver removal
virtio_net: clamp rss_max_key_size to NETDEV_RSS_KEY_LEN
net/sched: sch_netem: fix out-of-bounds access in packet corruption
...
+1147
-493
-3
drivers/bluetooth/hci_h4.c
-3
drivers/bluetooth/hci_h4.c
+1
-1
drivers/net/bonding/bond_main.c
+1
-1
drivers/net/bonding/bond_main.c
+19
-1
drivers/net/ethernet/airoha/airoha_eth.c
+19
-1
drivers/net/ethernet/airoha/airoha_eth.c
···
794
794
795
795
static void airoha_qdma_cleanup_rx_queue(struct airoha_queue *q)
796
796
{
797
-
struct airoha_eth *eth = q->qdma->eth;
797
+
struct airoha_qdma *qdma = q->qdma;
798
+
struct airoha_eth *eth = qdma->eth;
799
+
int qid = q - &qdma->q_rx[0];
798
800
799
801
while (q->queued) {
800
802
struct airoha_queue_entry *e = &q->entry[q->tail];
803
+
struct airoha_qdma_desc *desc = &q->desc[q->tail];
801
804
struct page *page = virt_to_head_page(e->buf);
802
805
803
806
dma_sync_single_for_cpu(eth->dev, e->dma_addr, e->dma_len,
804
807
page_pool_get_dma_dir(q->page_pool));
805
808
page_pool_put_full_page(q->page_pool, page, false);
809
+
/* Reset DMA descriptor */
810
+
WRITE_ONCE(desc->ctrl, 0);
811
+
WRITE_ONCE(desc->addr, 0);
812
+
WRITE_ONCE(desc->data, 0);
813
+
WRITE_ONCE(desc->msg0, 0);
814
+
WRITE_ONCE(desc->msg1, 0);
815
+
WRITE_ONCE(desc->msg2, 0);
816
+
WRITE_ONCE(desc->msg3, 0);
817
+
806
818
q->tail = (q->tail + 1) % q->ndesc;
807
819
q->queued--;
808
820
}
821
+
822
+
q->head = q->tail;
823
+
airoha_qdma_rmw(qdma, REG_RX_DMA_IDX(qid), RX_RING_DMA_IDX_MASK,
824
+
FIELD_PREP(RX_RING_DMA_IDX_MASK, q->tail));
809
825
}
810
826
811
827
static int airoha_qdma_init_rx(struct airoha_qdma *qdma)
···
2961
2945
if (err)
2962
2946
return err;
2963
2947
}
2948
+
2949
+
set_bit(DEV_STATE_REGISTERED, ð->state);
2964
2950
2965
2951
return 0;
2966
2952
}
+1
drivers/net/ethernet/airoha/airoha_eth.h
+1
drivers/net/ethernet/airoha/airoha_eth.h
+7
drivers/net/ethernet/airoha/airoha_ppe.c
+7
drivers/net/ethernet/airoha/airoha_ppe.c
···
1368
1368
struct airoha_eth *eth = ppe->eth;
1369
1369
int err = 0;
1370
1370
1371
+
/* Netfilter flowtable can try to offload flower rules while not all
1372
+
* the net_devices are registered or initialized. Delay offloading
1373
+
* until all net_devices are registered in the system.
1374
+
*/
1375
+
if (!test_bit(DEV_STATE_REGISTERED, ð->state))
1376
+
return -EBUSY;
1377
+
1371
1378
mutex_lock(&flow_offload_mutex);
1372
1379
1373
1380
if (!eth->npu)
+52
-24
drivers/net/ethernet/broadcom/bnxt/bnxt.c
+52
-24
drivers/net/ethernet/broadcom/bnxt/bnxt.c
···
8045
8045
ulp_msix = bnxt_get_avail_msix(bp, bp->ulp_num_msix_want);
8046
8046
if (!ulp_msix)
8047
8047
bnxt_set_ulp_stat_ctxs(bp, 0);
8048
+
else
8049
+
bnxt_set_dflt_ulp_stat_ctxs(bp);
8048
8050
8049
8051
if (ulp_msix > bp->ulp_num_msix_want)
8050
8052
ulp_msix = bp->ulp_num_msix_want;
···
8673
8671
struct hwrm_func_backing_store_qcaps_v2_output *resp;
8674
8672
struct hwrm_func_backing_store_qcaps_v2_input *req;
8675
8673
struct bnxt_ctx_mem_info *ctx = bp->ctx;
8676
-
u16 type;
8674
+
u16 type, next_type = 0;
8677
8675
int rc;
8678
8676
8679
8677
rc = hwrm_req_init(bp, req, HWRM_FUNC_BACKING_STORE_QCAPS_V2);
···
8689
8687
8690
8688
resp = hwrm_req_hold(bp, req);
8691
8689
8692
-
for (type = 0; type < BNXT_CTX_V2_MAX; ) {
8690
+
for (type = 0; type < BNXT_CTX_V2_MAX; type = next_type) {
8693
8691
struct bnxt_ctx_mem_type *ctxm = &ctx->ctx_arr[type];
8694
8692
u8 init_val, init_off, i;
8695
8693
u32 max_entries;
···
8702
8700
if (rc)
8703
8701
goto ctx_done;
8704
8702
flags = le32_to_cpu(resp->flags);
8705
-
type = le16_to_cpu(resp->next_valid_type);
8703
+
next_type = le16_to_cpu(resp->next_valid_type);
8706
8704
if (!(flags & BNXT_CTX_MEM_TYPE_VALID)) {
8707
8705
bnxt_free_one_ctx_mem(bp, ctxm, true);
8708
8706
continue;
···
8717
8715
else
8718
8716
continue;
8719
8717
}
8720
-
ctxm->type = le16_to_cpu(resp->type);
8718
+
ctxm->type = type;
8721
8719
ctxm->entry_size = entry_size;
8722
8720
ctxm->flags = flags;
8723
8721
ctxm->instance_bmap = le32_to_cpu(resp->instance_bit_map);
···
12994
12992
return bp->num_tc ? bp->tx_nr_rings / bp->num_tc : bp->tx_nr_rings;
12995
12993
}
12996
12994
12995
+
static void bnxt_set_xdp_tx_rings(struct bnxt *bp)
12996
+
{
12997
+
bp->tx_nr_rings_xdp = bp->tx_nr_rings_per_tc;
12998
+
bp->tx_nr_rings += bp->tx_nr_rings_xdp;
12999
+
}
13000
+
13001
+
static void bnxt_adj_tx_rings(struct bnxt *bp)
13002
+
{
13003
+
/* Make adjustments if reserved TX rings are less than requested */
13004
+
bp->tx_nr_rings -= bp->tx_nr_rings_xdp;
13005
+
bp->tx_nr_rings_per_tc = bnxt_tx_nr_rings_per_tc(bp);
13006
+
if (bp->tx_nr_rings_xdp)
13007
+
bnxt_set_xdp_tx_rings(bp);
13008
+
}
13009
+
12997
13010
static int __bnxt_open_nic(struct bnxt *bp, bool irq_re_init, bool link_re_init)
12998
13011
{
12999
13012
int rc = 0;
···
13026
13009
if (rc)
13027
13010
return rc;
13028
13011
13029
-
/* Make adjustments if reserved TX rings are less than requested */
13030
-
bp->tx_nr_rings -= bp->tx_nr_rings_xdp;
13031
-
bp->tx_nr_rings_per_tc = bnxt_tx_nr_rings_per_tc(bp);
13032
-
if (bp->tx_nr_rings_xdp) {
13033
-
bp->tx_nr_rings_xdp = bp->tx_nr_rings_per_tc;
13034
-
bp->tx_nr_rings += bp->tx_nr_rings_xdp;
13035
-
}
13012
+
bnxt_adj_tx_rings(bp);
13036
13013
rc = bnxt_alloc_mem(bp, irq_re_init);
13037
13014
if (rc) {
13038
13015
netdev_err(bp->dev, "bnxt_alloc_mem err: %x\n", rc);
···
15447
15436
return 0;
15448
15437
}
15449
15438
15439
+
void bnxt_set_cp_rings(struct bnxt *bp, bool sh)
15440
+
{
15441
+
int tx_cp = bnxt_num_tx_to_cp(bp, bp->tx_nr_rings);
15442
+
15443
+
bp->cp_nr_rings = sh ? max_t(int, tx_cp, bp->rx_nr_rings) :
15444
+
tx_cp + bp->rx_nr_rings;
15445
+
}
15446
+
15450
15447
int bnxt_setup_mq_tc(struct net_device *dev, u8 tc)
15451
15448
{
15452
15449
struct bnxt *bp = netdev_priv(dev);
15453
15450
bool sh = false;
15454
-
int rc, tx_cp;
15451
+
int rc;
15455
15452
15456
15453
if (tc > bp->max_tc) {
15457
15454
netdev_err(dev, "Too many traffic classes requested: %d. Max supported is %d.\n",
···
15492
15473
bp->num_tc = 0;
15493
15474
}
15494
15475
bp->tx_nr_rings += bp->tx_nr_rings_xdp;
15495
-
tx_cp = bnxt_num_tx_to_cp(bp, bp->tx_nr_rings);
15496
-
bp->cp_nr_rings = sh ? max_t(int, tx_cp, bp->rx_nr_rings) :
15497
-
tx_cp + bp->rx_nr_rings;
15476
+
bnxt_set_cp_rings(bp, sh);
15498
15477
15499
15478
if (netif_running(bp->dev))
15500
15479
return bnxt_open_nic(bp, true, false);
···
16542
16525
bp->tx_nr_rings = bnxt_tx_nr_rings(bp);
16543
16526
}
16544
16527
16528
+
static void bnxt_adj_dflt_rings(struct bnxt *bp, bool sh)
16529
+
{
16530
+
if (sh)
16531
+
bnxt_trim_dflt_sh_rings(bp);
16532
+
else
16533
+
bp->cp_nr_rings = bp->tx_nr_rings_per_tc + bp->rx_nr_rings;
16534
+
bp->tx_nr_rings = bnxt_tx_nr_rings(bp);
16535
+
if (sh && READ_ONCE(bp->xdp_prog)) {
16536
+
bnxt_set_xdp_tx_rings(bp);
16537
+
bnxt_set_cp_rings(bp, true);
16538
+
}
16539
+
}
16540
+
16545
16541
static int bnxt_set_dflt_rings(struct bnxt *bp, bool sh)
16546
16542
{
16547
16543
int dflt_rings, max_rx_rings, max_tx_rings, rc;
···
16580
16550
return rc;
16581
16551
bp->rx_nr_rings = min_t(int, dflt_rings, max_rx_rings);
16582
16552
bp->tx_nr_rings_per_tc = min_t(int, dflt_rings, max_tx_rings);
16583
-
if (sh)
16584
-
bnxt_trim_dflt_sh_rings(bp);
16585
-
else
16586
-
bp->cp_nr_rings = bp->tx_nr_rings_per_tc + bp->rx_nr_rings;
16587
-
bp->tx_nr_rings = bnxt_tx_nr_rings(bp);
16553
+
16554
+
bnxt_adj_dflt_rings(bp, sh);
16588
16555
16589
16556
avail_msix = bnxt_get_max_func_irqs(bp) - bp->cp_nr_rings;
16590
16557
if (avail_msix >= BNXT_MIN_ROCE_CP_RINGS) {
···
16594
16567
rc = __bnxt_reserve_rings(bp);
16595
16568
if (rc && rc != -ENODEV)
16596
16569
netdev_warn(bp->dev, "Unable to reserve tx rings\n");
16597
-
bp->tx_nr_rings_per_tc = bnxt_tx_nr_rings_per_tc(bp);
16570
+
16571
+
bnxt_adj_tx_rings(bp);
16598
16572
if (sh)
16599
-
bnxt_trim_dflt_sh_rings(bp);
16573
+
bnxt_adj_dflt_rings(bp, true);
16600
16574
16601
16575
/* Rings may have been trimmed, re-reserve the trimmed rings. */
16602
16576
if (bnxt_need_reserve_rings(bp)) {
16603
16577
rc = __bnxt_reserve_rings(bp);
16604
16578
if (rc && rc != -ENODEV)
16605
16579
netdev_warn(bp->dev, "2nd rings reservation failed.\n");
16606
-
bp->tx_nr_rings_per_tc = bnxt_tx_nr_rings_per_tc(bp);
16580
+
bnxt_adj_tx_rings(bp);
16607
16581
}
16608
16582
if (BNXT_CHIP_TYPE_NITRO_A0(bp)) {
16609
16583
bp->rx_nr_rings++;
···
16638
16610
if (rc)
16639
16611
goto init_dflt_ring_err;
16640
16612
16641
-
bp->tx_nr_rings_per_tc = bnxt_tx_nr_rings_per_tc(bp);
16613
+
bnxt_adj_tx_rings(bp);
16642
16614
16643
16615
bnxt_set_dflt_rfs(bp);
16644
16616
+1
drivers/net/ethernet/broadcom/bnxt/bnxt.h
+1
drivers/net/ethernet/broadcom/bnxt/bnxt.h
···
2985
2985
int tx_xdp);
2986
2986
int bnxt_fw_init_one(struct bnxt *bp);
2987
2987
bool bnxt_hwrm_reset_permitted(struct bnxt *bp);
2988
+
void bnxt_set_cp_rings(struct bnxt *bp, bool sh);
2988
2989
int bnxt_setup_mq_tc(struct net_device *dev, u8 tc);
2989
2990
struct bnxt_ntuple_filter *bnxt_lookup_ntp_filter_from_idx(struct bnxt *bp,
2990
2991
struct bnxt_ntuple_filter *fltr, u32 idx);
+1
-4
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+1
-4
drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
···
945
945
bool sh = false;
946
946
int tx_xdp = 0;
947
947
int rc = 0;
948
-
int tx_cp;
949
948
950
949
if (channel->other_count)
951
950
return -EINVAL;
···
1012
1013
if (tcs > 1)
1013
1014
bp->tx_nr_rings = bp->tx_nr_rings_per_tc * tcs + tx_xdp;
1014
1015
1015
-
tx_cp = bnxt_num_tx_to_cp(bp, bp->tx_nr_rings);
1016
-
bp->cp_nr_rings = sh ? max_t(int, tx_cp, bp->rx_nr_rings) :
1017
-
tx_cp + bp->rx_nr_rings;
1016
+
bnxt_set_cp_rings(bp, sh);
1018
1017
1019
1018
/* After changing number of rx channels, update NTUPLE feature. */
1020
1019
netdev_update_features(dev);
+2
-3
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c
+2
-3
drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c
···
384
384
static int bnxt_xdp_set(struct bnxt *bp, struct bpf_prog *prog)
385
385
{
386
386
struct net_device *dev = bp->dev;
387
-
int tx_xdp = 0, tx_cp, rc, tc;
387
+
int tx_xdp = 0, rc, tc;
388
388
struct bpf_prog *old;
389
389
390
390
netdev_assert_locked(dev);
···
431
431
}
432
432
bp->tx_nr_rings_xdp = tx_xdp;
433
433
bp->tx_nr_rings = bp->tx_nr_rings_per_tc * tc + tx_xdp;
434
-
tx_cp = bnxt_num_tx_to_cp(bp, bp->tx_nr_rings);
435
-
bp->cp_nr_rings = max_t(int, tx_cp, bp->rx_nr_rings);
434
+
bnxt_set_cp_rings(bp, true);
436
435
bnxt_set_tpa_flags(bp);
437
436
bnxt_set_ring_params(bp);
438
437
+1
-1
drivers/net/ethernet/broadcom/tg3.c
+1
-1
drivers/net/ethernet/broadcom/tg3.c
···
12299
12299
ethtool_convert_legacy_u32_to_link_mode(cmd->link_modes.advertising,
12300
12300
advertising);
12301
12301
12302
-
if (netif_running(dev) && tp->link_up) {
12302
+
if (netif_running(dev) && netif_carrier_ok(dev)) {
12303
12303
cmd->base.speed = tp->link_config.active_speed;
12304
12304
cmd->base.duplex = tp->link_config.active_duplex;
12305
12305
ethtool_convert_legacy_u32_to_link_mode(
+6
-4
drivers/net/ethernet/cadence/macb_pci.c
+6
-4
drivers/net/ethernet/cadence/macb_pci.c
···
96
96
return 0;
97
97
98
98
err_plat_dev_register:
99
-
clk_unregister(plat_data.hclk);
99
+
clk_unregister_fixed_rate(plat_data.hclk);
100
100
101
101
err_hclk_register:
102
-
clk_unregister(plat_data.pclk);
102
+
clk_unregister_fixed_rate(plat_data.pclk);
103
103
104
104
err_pclk_register:
105
105
return err;
···
109
109
{
110
110
struct platform_device *plat_dev = pci_get_drvdata(pdev);
111
111
struct macb_platform_data *plat_data = dev_get_platdata(&plat_dev->dev);
112
+
struct clk *pclk = plat_data->pclk;
113
+
struct clk *hclk = plat_data->hclk;
112
114
113
-
clk_unregister(plat_data->pclk);
114
-
clk_unregister(plat_data->hclk);
115
115
platform_device_unregister(plat_dev);
116
+
clk_unregister_fixed_rate(pclk);
117
+
clk_unregister_fixed_rate(hclk);
116
118
}
117
119
118
120
static const struct pci_device_id dev_id_table[] = {
+24
-4
drivers/net/ethernet/faraday/ftgmac100.c
+24
-4
drivers/net/ethernet/faraday/ftgmac100.c
···
977
977
priv->tx_skbs = kcalloc(MAX_TX_QUEUE_ENTRIES, sizeof(void *),
978
978
GFP_KERNEL);
979
979
if (!priv->tx_skbs)
980
-
return -ENOMEM;
980
+
goto err_free_rx_skbs;
981
981
982
982
/* Allocate descriptors */
983
983
priv->rxdes = dma_alloc_coherent(priv->dev,
984
984
MAX_RX_QUEUE_ENTRIES * sizeof(struct ftgmac100_rxdes),
985
985
&priv->rxdes_dma, GFP_KERNEL);
986
986
if (!priv->rxdes)
987
-
return -ENOMEM;
987
+
goto err_free_tx_skbs;
988
988
priv->txdes = dma_alloc_coherent(priv->dev,
989
989
MAX_TX_QUEUE_ENTRIES * sizeof(struct ftgmac100_txdes),
990
990
&priv->txdes_dma, GFP_KERNEL);
991
991
if (!priv->txdes)
992
-
return -ENOMEM;
992
+
goto err_free_rxdes;
993
993
994
994
/* Allocate scratch packet buffer */
995
995
priv->rx_scratch = dma_alloc_coherent(priv->dev,
···
997
997
&priv->rx_scratch_dma,
998
998
GFP_KERNEL);
999
999
if (!priv->rx_scratch)
1000
-
return -ENOMEM;
1000
+
goto err_free_txdes;
1001
1001
1002
1002
return 0;
1003
+
1004
+
err_free_txdes:
1005
+
dma_free_coherent(priv->dev,
1006
+
MAX_TX_QUEUE_ENTRIES *
1007
+
sizeof(struct ftgmac100_txdes),
1008
+
priv->txdes, priv->txdes_dma);
1009
+
priv->txdes = NULL;
1010
+
err_free_rxdes:
1011
+
dma_free_coherent(priv->dev,
1012
+
MAX_RX_QUEUE_ENTRIES *
1013
+
sizeof(struct ftgmac100_rxdes),
1014
+
priv->rxdes, priv->rxdes_dma);
1015
+
priv->rxdes = NULL;
1016
+
err_free_tx_skbs:
1017
+
kfree(priv->tx_skbs);
1018
+
priv->tx_skbs = NULL;
1019
+
err_free_rx_skbs:
1020
+
kfree(priv->rx_skbs);
1021
+
priv->rx_skbs = NULL;
1022
+
return -ENOMEM;
1003
1023
}
1004
1024
1005
1025
static void ftgmac100_init_rings(struct ftgmac100 *priv)
+12
-1
drivers/net/ethernet/freescale/enetc/enetc.c
+12
-1
drivers/net/ethernet/freescale/enetc/enetc.c
···
2578
2578
2579
2579
static void enetc_setup_txbdr(struct enetc_hw *hw, struct enetc_bdr *tx_ring)
2580
2580
{
2581
+
struct enetc_si *si = container_of(hw, struct enetc_si, hw);
2581
2582
int idx = tx_ring->index;
2582
2583
u32 tbmr;
2583
2584
···
2592
2591
enetc_txbdr_wr(hw, idx, ENETC_TBLENR,
2593
2592
ENETC_RTBLENR_LEN(tx_ring->bd_count));
2594
2593
2595
-
/* clearing PI/CI registers for Tx not supported, adjust sw indexes */
2594
+
/* For ENETC v1, clearing PI/CI registers for Tx not supported,
2595
+
* adjust sw indexes
2596
+
*/
2596
2597
tx_ring->next_to_use = enetc_txbdr_rd(hw, idx, ENETC_TBPIR);
2597
2598
tx_ring->next_to_clean = enetc_txbdr_rd(hw, idx, ENETC_TBCIR);
2599
+
2600
+
if (tx_ring->next_to_use != tx_ring->next_to_clean &&
2601
+
!is_enetc_rev1(si)) {
2602
+
tx_ring->next_to_use = 0;
2603
+
tx_ring->next_to_clean = 0;
2604
+
enetc_txbdr_wr(hw, idx, ENETC_TBPIR, 0);
2605
+
enetc_txbdr_wr(hw, idx, ENETC_TBCIR, 0);
2606
+
}
2598
2607
2599
2608
/* enable Tx ints by setting pkt thr to 1 */
2600
2609
enetc_txbdr_wr(hw, idx, ENETC_TBICR0, ENETC_TBICR0_ICEN | 0x1);
+11
drivers/net/ethernet/freescale/enetc/enetc4_hw.h
+11
drivers/net/ethernet/freescale/enetc/enetc4_hw.h
···
134
134
135
135
/* Port operational register */
136
136
#define ENETC4_POR 0x4100
137
+
#define POR_TXDIS BIT(0)
138
+
#define POR_RXDIS BIT(1)
139
+
140
+
/* Port status register */
141
+
#define ENETC4_PSR 0x4104
142
+
#define PSR_RX_BUSY BIT(1)
137
143
138
144
/* Port traffic class a transmit maximum SDU register */
139
145
#define ENETC4_PTCTMSDUR(a) ((a) * 0x20 + 0x4208)
···
178
172
179
173
/* Port internal MDIO base address, use to access PCS */
180
174
#define ENETC4_PM_IMDIO_BASE 0x5030
175
+
176
+
/* Port MAC 0/1 Interrupt Event Register */
177
+
#define ENETC4_PM_IEVENT(mac) (0x5040 + (mac) * 0x400)
178
+
#define PM_IEVENT_TX_EMPTY BIT(5)
179
+
#define PM_IEVENT_RX_EMPTY BIT(6)
181
180
182
181
/* Port MAC 0/1 Pause Quanta Register */
183
182
#define ENETC4_PM_PAUSE_QUANTA(mac) (0x5054 + (mac) * 0x400)
+104
-14
drivers/net/ethernet/freescale/enetc/enetc4_pf.c
+104
-14
drivers/net/ethernet/freescale/enetc/enetc4_pf.c
···
444
444
enetc4_pf_reset_tc_msdu(&si->hw);
445
445
}
446
446
447
-
static void enetc4_enable_trx(struct enetc_pf *pf)
448
-
{
449
-
struct enetc_hw *hw = &pf->si->hw;
450
-
451
-
/* Enable port transmit/receive */
452
-
enetc_port_wr(hw, ENETC4_POR, 0);
453
-
}
454
-
455
447
static void enetc4_configure_port(struct enetc_pf *pf)
456
448
{
457
449
enetc4_configure_port_si(pf);
458
450
enetc4_set_trx_frame_size(pf);
459
451
enetc_set_default_rss_key(pf);
460
-
enetc4_enable_trx(pf);
461
452
}
462
453
463
454
static int enetc4_init_ntmp_user(struct enetc_si *si)
···
792
801
enetc_port_wr(hw, ENETC4_PPAUOFFTR, pause_off_thresh);
793
802
}
794
803
795
-
static void enetc4_enable_mac(struct enetc_pf *pf, bool en)
804
+
static void enetc4_mac_wait_tx_empty(struct enetc_si *si, int mac)
796
805
{
806
+
u32 val;
807
+
808
+
if (read_poll_timeout(enetc_port_rd, val,
809
+
val & PM_IEVENT_TX_EMPTY,
810
+
100, 10000, false, &si->hw,
811
+
ENETC4_PM_IEVENT(mac)))
812
+
dev_warn(&si->pdev->dev,
813
+
"MAC %d TX is not empty\n", mac);
814
+
}
815
+
816
+
static void enetc4_mac_tx_graceful_stop(struct enetc_pf *pf)
817
+
{
818
+
struct enetc_hw *hw = &pf->si->hw;
819
+
struct enetc_si *si = pf->si;
820
+
u32 val;
821
+
822
+
val = enetc_port_rd(hw, ENETC4_POR);
823
+
val |= POR_TXDIS;
824
+
enetc_port_wr(hw, ENETC4_POR, val);
825
+
826
+
if (enetc_is_pseudo_mac(si))
827
+
return;
828
+
829
+
enetc4_mac_wait_tx_empty(si, 0);
830
+
if (si->hw_features & ENETC_SI_F_QBU)
831
+
enetc4_mac_wait_tx_empty(si, 1);
832
+
833
+
val = enetc_port_mac_rd(si, ENETC4_PM_CMD_CFG(0));
834
+
val &= ~PM_CMD_CFG_TX_EN;
835
+
enetc_port_mac_wr(si, ENETC4_PM_CMD_CFG(0), val);
836
+
}
837
+
838
+
static void enetc4_mac_tx_enable(struct enetc_pf *pf)
839
+
{
840
+
struct enetc_hw *hw = &pf->si->hw;
797
841
struct enetc_si *si = pf->si;
798
842
u32 val;
799
843
800
844
val = enetc_port_mac_rd(si, ENETC4_PM_CMD_CFG(0));
801
-
val &= ~(PM_CMD_CFG_TX_EN | PM_CMD_CFG_RX_EN);
802
-
val |= en ? (PM_CMD_CFG_TX_EN | PM_CMD_CFG_RX_EN) : 0;
845
+
val |= PM_CMD_CFG_TX_EN;
846
+
enetc_port_mac_wr(si, ENETC4_PM_CMD_CFG(0), val);
803
847
848
+
val = enetc_port_rd(hw, ENETC4_POR);
849
+
val &= ~POR_TXDIS;
850
+
enetc_port_wr(hw, ENETC4_POR, val);
851
+
}
852
+
853
+
static void enetc4_mac_wait_rx_empty(struct enetc_si *si, int mac)
854
+
{
855
+
u32 val;
856
+
857
+
if (read_poll_timeout(enetc_port_rd, val,
858
+
val & PM_IEVENT_RX_EMPTY,
859
+
100, 10000, false, &si->hw,
860
+
ENETC4_PM_IEVENT(mac)))
861
+
dev_warn(&si->pdev->dev,
862
+
"MAC %d RX is not empty\n", mac);
863
+
}
864
+
865
+
static void enetc4_mac_rx_graceful_stop(struct enetc_pf *pf)
866
+
{
867
+
struct enetc_hw *hw = &pf->si->hw;
868
+
struct enetc_si *si = pf->si;
869
+
u32 val;
870
+
871
+
if (enetc_is_pseudo_mac(si))
872
+
goto check_rx_busy;
873
+
874
+
if (si->hw_features & ENETC_SI_F_QBU) {
875
+
val = enetc_port_rd(hw, ENETC4_PM_CMD_CFG(1));
876
+
val &= ~PM_CMD_CFG_RX_EN;
877
+
enetc_port_wr(hw, ENETC4_PM_CMD_CFG(1), val);
878
+
enetc4_mac_wait_rx_empty(si, 1);
879
+
}
880
+
881
+
val = enetc_port_rd(hw, ENETC4_PM_CMD_CFG(0));
882
+
val &= ~PM_CMD_CFG_RX_EN;
883
+
enetc_port_wr(hw, ENETC4_PM_CMD_CFG(0), val);
884
+
enetc4_mac_wait_rx_empty(si, 0);
885
+
886
+
check_rx_busy:
887
+
if (read_poll_timeout(enetc_port_rd, val,
888
+
!(val & PSR_RX_BUSY),
889
+
100, 10000, false, hw,
890
+
ENETC4_PSR))
891
+
dev_warn(&si->pdev->dev, "Port RX busy\n");
892
+
893
+
val = enetc_port_rd(hw, ENETC4_POR);
894
+
val |= POR_RXDIS;
895
+
enetc_port_wr(hw, ENETC4_POR, val);
896
+
}
897
+
898
+
static void enetc4_mac_rx_enable(struct enetc_pf *pf)
899
+
{
900
+
struct enetc_hw *hw = &pf->si->hw;
901
+
struct enetc_si *si = pf->si;
902
+
u32 val;
903
+
904
+
val = enetc_port_rd(hw, ENETC4_POR);
905
+
val &= ~POR_RXDIS;
906
+
enetc_port_wr(hw, ENETC4_POR, val);
907
+
908
+
val = enetc_port_mac_rd(si, ENETC4_PM_CMD_CFG(0));
909
+
val |= PM_CMD_CFG_RX_EN;
804
910
enetc_port_mac_wr(si, ENETC4_PM_CMD_CFG(0), val);
805
911
}
806
912
···
941
853
enetc4_set_hd_flow_control(pf, hd_fc);
942
854
enetc4_set_tx_pause(pf, priv->num_rx_rings, tx_pause);
943
855
enetc4_set_rx_pause(pf, rx_pause);
944
-
enetc4_enable_mac(pf, true);
856
+
enetc4_mac_tx_enable(pf);
857
+
enetc4_mac_rx_enable(pf);
945
858
}
946
859
947
860
static void enetc4_pl_mac_link_down(struct phylink_config *config,
···
951
862
{
952
863
struct enetc_pf *pf = phylink_to_enetc_pf(config);
953
864
954
-
enetc4_enable_mac(pf, false);
865
+
enetc4_mac_rx_graceful_stop(pf);
866
+
enetc4_mac_tx_graceful_stop(pf);
955
867
}
956
868
957
869
static const struct phylink_mac_ops enetc_pl_mac_ops = {
+9
-1
drivers/net/ethernet/freescale/enetc/enetc_ethtool.c
+9
-1
drivers/net/ethernet/freescale/enetc/enetc_ethtool.c
···
795
795
struct enetc_si *si = priv->si;
796
796
int err = 0;
797
797
798
+
if (rxfh->hfunc != ETH_RSS_HASH_NO_CHANGE &&
799
+
rxfh->hfunc != ETH_RSS_HASH_TOP)
800
+
return -EOPNOTSUPP;
801
+
798
802
/* set hash key, if PF */
799
-
if (rxfh->key && enetc_si_is_pf(si))
803
+
if (rxfh->key) {
804
+
if (!enetc_si_is_pf(si))
805
+
return -EOPNOTSUPP;
806
+
800
807
enetc_set_rss_key(si, rxfh->key);
808
+
}
801
809
802
810
/* set RSS table */
803
811
if (rxfh->indir)
-3
drivers/net/ethernet/freescale/fec_ptp.c
-3
drivers/net/ethernet/freescale/fec_ptp.c
+20
-1
drivers/net/ethernet/mediatek/mtk_ppe_offload.c
+20
-1
drivers/net/ethernet/mediatek/mtk_ppe_offload.c
···
244
244
return 0;
245
245
}
246
246
247
+
static bool
248
+
mtk_flow_is_valid_idev(const struct mtk_eth *eth, const struct net_device *idev)
249
+
{
250
+
size_t i;
251
+
252
+
if (!idev)
253
+
return false;
254
+
255
+
for (i = 0; i < ARRAY_SIZE(eth->netdev); i++) {
256
+
if (!eth->netdev[i])
257
+
continue;
258
+
259
+
if (idev->netdev_ops == eth->netdev[i]->netdev_ops)
260
+
return true;
261
+
}
262
+
263
+
return false;
264
+
}
265
+
247
266
static int
248
267
mtk_flow_offload_replace(struct mtk_eth *eth, struct flow_cls_offload *f,
249
268
int ppe_index)
···
289
270
flow_rule_match_meta(rule, &match);
290
271
if (mtk_is_netsys_v2_or_greater(eth)) {
291
272
idev = __dev_get_by_index(&init_net, match.key->ingress_ifindex);
292
-
if (idev && idev->netdev_ops == eth->netdev[0]->netdev_ops) {
273
+
if (mtk_flow_is_valid_idev(eth, idev)) {
293
274
struct mtk_mac *mac = netdev_priv(idev);
294
275
295
276
if (WARN_ON(mac->ppe_idx >= eth->soc->ppe_num))
+1
-3
drivers/net/ethernet/mellanox/mlx5/core/devlink.c
+1
-3
drivers/net/ethernet/mellanox/mlx5/core/devlink.c
···
107
107
if (err)
108
108
return err;
109
109
110
-
err = mlx5_fw_version_query(dev, &running_fw, &stored_fw);
111
-
if (err)
112
-
return err;
110
+
mlx5_fw_version_query(dev, &running_fw, &stored_fw);
113
111
114
112
snprintf(version_str, sizeof(version_str), "%d.%d.%04d",
115
113
mlx5_fw_ver_major(running_fw), mlx5_fw_ver_minor(running_fw),
+2
drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
+2
drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
···
3761
3761
return 0;
3762
3762
3763
3763
err_vports:
3764
+
/* rollback to legacy, indicates don't unregister the uplink netdev */
3765
+
esw->dev->priv.flags |= MLX5_PRIV_FLAGS_SWITCH_LEGACY;
3764
3766
mlx5_esw_offloads_rep_unload(esw, MLX5_VPORT_UPLINK);
3765
3767
err_uplink:
3766
3768
esw_offloads_steering_cleanup(esw);
+32
-17
drivers/net/ethernet/mellanox/mlx5/core/fw.c
+32
-17
drivers/net/ethernet/mellanox/mlx5/core/fw.c
···
822
822
return 0;
823
823
}
824
824
825
-
int mlx5_fw_version_query(struct mlx5_core_dev *dev,
826
-
u32 *running_ver, u32 *pending_ver)
825
+
void mlx5_fw_version_query(struct mlx5_core_dev *dev,
826
+
u32 *running_ver, u32 *pending_ver)
827
827
{
828
828
u32 reg_mcqi_version[MLX5_ST_SZ_DW(mcqi_version)] = {};
829
829
bool pending_version_exists;
830
830
int component_index;
831
831
int err;
832
832
833
+
*running_ver = 0;
834
+
*pending_ver = 0;
835
+
833
836
if (!MLX5_CAP_GEN(dev, mcam_reg) || !MLX5_CAP_MCAM_REG(dev, mcqi) ||
834
837
!MLX5_CAP_MCAM_REG(dev, mcqs)) {
835
838
mlx5_core_warn(dev, "fw query isn't supported by the FW\n");
836
-
return -EOPNOTSUPP;
839
+
return;
837
840
}
838
841
839
842
component_index = mlx5_get_boot_img_component_index(dev);
840
-
if (component_index < 0)
841
-
return component_index;
843
+
if (component_index < 0) {
844
+
mlx5_core_warn(dev, "fw query failed to find boot img component index, err %d\n",
845
+
component_index);
846
+
return;
847
+
}
842
848
849
+
*running_ver = U32_MAX; /* indicate failure */
843
850
err = mlx5_reg_mcqi_version_query(dev, component_index,
844
851
MCQI_FW_RUNNING_VERSION,
845
852
reg_mcqi_version);
846
-
if (err)
847
-
return err;
853
+
if (!err)
854
+
*running_ver = MLX5_GET(mcqi_version, reg_mcqi_version,
855
+
version);
856
+
else
857
+
mlx5_core_warn(dev, "failed to query running version, err %d\n",
858
+
err);
848
859
849
-
*running_ver = MLX5_GET(mcqi_version, reg_mcqi_version, version);
850
-
860
+
*pending_ver = U32_MAX; /* indicate failure */
851
861
err = mlx5_fw_image_pending(dev, component_index, &pending_version_exists);
852
-
if (err)
853
-
return err;
862
+
if (err) {
863
+
mlx5_core_warn(dev, "failed to query pending image, err %d\n",
864
+
err);
865
+
return;
866
+
}
854
867
855
868
if (!pending_version_exists) {
856
869
*pending_ver = 0;
857
-
return 0;
870
+
return;
858
871
}
859
872
860
873
err = mlx5_reg_mcqi_version_query(dev, component_index,
861
874
MCQI_FW_STORED_VERSION,
862
875
reg_mcqi_version);
863
-
if (err)
864
-
return err;
876
+
if (!err)
877
+
*pending_ver = MLX5_GET(mcqi_version, reg_mcqi_version,
878
+
version);
879
+
else
880
+
mlx5_core_warn(dev, "failed to query pending version, err %d\n",
881
+
err);
865
882
866
-
*pending_ver = MLX5_GET(mcqi_version, reg_mcqi_version, version);
867
-
868
-
return 0;
883
+
return;
869
884
}
+3
drivers/net/ethernet/mellanox/mlx5/core/lag/debugfs.c
+3
drivers/net/ethernet/mellanox/mlx5/core/lag/debugfs.c
···
160
160
161
161
void mlx5_ldev_add_debugfs(struct mlx5_core_dev *dev)
162
162
{
163
+
struct mlx5_lag *ldev = mlx5_lag_dev(dev);
163
164
struct dentry *dbg;
164
165
166
+
if (!ldev)
167
+
return;
165
168
dbg = debugfs_create_dir("lag", mlx5_debugfs_get_dev_root(dev));
166
169
dev->priv.dbg.lag_debugfs = dbg;
167
170
+2
-2
drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
+2
-2
drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
···
393
393
394
394
int mlx5_firmware_flash(struct mlx5_core_dev *dev, const struct firmware *fw,
395
395
struct netlink_ext_ack *extack);
396
-
int mlx5_fw_version_query(struct mlx5_core_dev *dev,
397
-
u32 *running_ver, u32 *stored_ver);
396
+
void mlx5_fw_version_query(struct mlx5_core_dev *dev, u32 *running_ver,
397
+
u32 *stored_ver);
398
398
399
399
#ifdef CONFIG_MLX5_CORE_EN
400
400
int mlx5e_init(void);
+1
-1
drivers/net/ethernet/meta/fbnic/fbnic_debugfs.c
+1
-1
drivers/net/ethernet/meta/fbnic/fbnic_debugfs.c
+3
-3
drivers/net/ethernet/meta/fbnic/fbnic_txrx.c
+3
-3
drivers/net/ethernet/meta/fbnic/fbnic_txrx.c
···
927
927
/* Force DMA writes to flush before writing to tail */
928
928
dma_wmb();
929
929
930
-
writel(i, bdq->doorbell);
930
+
writel(i * FBNIC_BD_FRAG_COUNT, bdq->doorbell);
931
931
}
932
932
}
933
933
···
2564
2564
hpq->tail = 0;
2565
2565
hpq->head = 0;
2566
2566
2567
-
log_size = fls(hpq->size_mask);
2567
+
log_size = fls(hpq->size_mask) + ilog2(FBNIC_BD_FRAG_COUNT);
2568
2568
2569
2569
/* Store descriptor ring address and size */
2570
2570
fbnic_ring_wr32(hpq, FBNIC_QUEUE_BDQ_HPQ_BAL, lower_32_bits(hpq->dma));
···
2576
2576
if (!ppq->size_mask)
2577
2577
goto write_ctl;
2578
2578
2579
-
log_size = fls(ppq->size_mask);
2579
+
log_size = fls(ppq->size_mask) + ilog2(FBNIC_BD_FRAG_COUNT);
2580
2580
2581
2581
/* Add enabling of PPQ to BDQ control */
2582
2582
bdq_ctl |= FBNIC_QUEUE_BDQ_CTL_PPQ_ENABLE;
+1
-1
drivers/net/ethernet/meta/fbnic/fbnic_txrx.h
+1
-1
drivers/net/ethernet/meta/fbnic/fbnic_txrx.h
+7
drivers/net/ethernet/microsoft/mana/mana_en.c
+7
drivers/net/ethernet/microsoft/mana/mana_en.c
···
766
766
}
767
767
768
768
*frag_count = 1;
769
+
770
+
/* In the single-buffer path, napi_build_skb() must see the
771
+
* actual backing allocation size so skb->truesize reflects
772
+
* the full page (or higher-order page), not just the usable
773
+
* packet area.
774
+
*/
775
+
*alloc_size = PAGE_SIZE << get_order(*alloc_size);
769
776
return;
770
777
}
771
778
+4
-10
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+4
-10
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
···
156
156
static void stmmac_flush_tx_descriptors(struct stmmac_priv *priv, int queue);
157
157
static void stmmac_set_dma_operation_mode(struct stmmac_priv *priv, u32 txmode,
158
158
u32 rxmode, u32 chan);
159
-
static int stmmac_vlan_restore(struct stmmac_priv *priv);
159
+
static void stmmac_vlan_restore(struct stmmac_priv *priv);
160
160
161
161
#ifdef CONFIG_DEBUG_FS
162
162
static const struct net_device_ops stmmac_netdev_ops;
···
6859
6859
return ret;
6860
6860
}
6861
6861
6862
-
static int stmmac_vlan_restore(struct stmmac_priv *priv)
6862
+
static void stmmac_vlan_restore(struct stmmac_priv *priv)
6863
6863
{
6864
-
int ret;
6865
-
6866
6864
if (!(priv->dev->features & NETIF_F_VLAN_FEATURES))
6867
-
return 0;
6865
+
return;
6868
6866
6869
6867
if (priv->hw->num_vlan)
6870
6868
stmmac_restore_hw_vlan_rx_fltr(priv, priv->dev, priv->hw);
6871
6869
6872
-
ret = stmmac_vlan_update(priv, priv->num_double_vlans);
6873
-
if (ret)
6874
-
netdev_err(priv->dev, "Failed to restore VLANs\n");
6875
-
6876
-
return ret;
6870
+
stmmac_vlan_update(priv, priv->num_double_vlans);
6877
6871
}
6878
6872
6879
6873
static int stmmac_bpf(struct net_device *dev, struct netdev_bpf *bpf)
+1
-1
drivers/net/ethernet/ti/icssg/icssg_common.c
+1
-1
drivers/net/ethernet/ti/icssg/icssg_common.c
···
902
902
903
903
skb_reserve(skb, headroom);
904
904
skb_put(skb, pkt_len);
905
+
skb_copy_to_linear_data(skb, xdp->data, pkt_len);
905
906
skb->dev = ndev;
906
907
907
908
/* RX HW timestamp */
···
913
912
skb->offload_fwd_mark = emac->offload_fwd_mark;
914
913
skb->protocol = eth_type_trans(skb, ndev);
915
914
916
-
skb_mark_for_recycle(skb);
917
915
napi_gro_receive(&emac->napi_rx, skb);
918
916
ndev->stats.rx_bytes += pkt_len;
919
917
ndev->stats.rx_packets++;
+2
-2
drivers/net/ethernet/xilinx/xilinx_axienet.h
+2
-2
drivers/net/ethernet/xilinx/xilinx_axienet.h
···
105
105
#define XAXIDMA_BD_HAS_DRE_MASK 0xF00 /* Whether has DRE mask */
106
106
#define XAXIDMA_BD_WORDLEN_MASK 0xFF /* Whether has DRE mask */
107
107
108
-
#define XAXIDMA_BD_CTRL_LENGTH_MASK 0x007FFFFF /* Requested len */
108
+
#define XAXIDMA_BD_CTRL_LENGTH_MASK GENMASK(25, 0) /* Requested len */
109
109
#define XAXIDMA_BD_CTRL_TXSOF_MASK 0x08000000 /* First tx packet */
110
110
#define XAXIDMA_BD_CTRL_TXEOF_MASK 0x04000000 /* Last tx packet */
111
111
#define XAXIDMA_BD_CTRL_ALL_MASK 0x0C000000 /* All control bits */
···
130
130
#define XAXIDMA_BD_CTRL_TXEOF_MASK 0x04000000 /* Last tx packet */
131
131
#define XAXIDMA_BD_CTRL_ALL_MASK 0x0C000000 /* All control bits */
132
132
133
-
#define XAXIDMA_BD_STS_ACTUAL_LEN_MASK 0x007FFFFF /* Actual len */
133
+
#define XAXIDMA_BD_STS_ACTUAL_LEN_MASK GENMASK(25, 0) /* Actual len */
134
134
#define XAXIDMA_BD_STS_COMPLETE_MASK 0x80000000 /* Completed */
135
135
#define XAXIDMA_BD_STS_DEC_ERR_MASK 0x40000000 /* Decode error */
136
136
#define XAXIDMA_BD_STS_SLV_ERR_MASK 0x20000000 /* Slave error */
+4
-5
drivers/net/ethernet/xilinx/xilinx_axienet_main.c
+4
-5
drivers/net/ethernet/xilinx/xilinx_axienet_main.c
···
770
770
* @first_bd: Index of first descriptor to clean up
771
771
* @nr_bds: Max number of descriptors to clean up
772
772
* @force: Whether to clean descriptors even if not complete
773
-
* @sizep: Pointer to a u32 filled with the total sum of all bytes
774
-
* in all cleaned-up descriptors. Ignored if NULL.
773
+
* @sizep: Pointer to a u32 accumulating the total byte count of
774
+
* completed packets (using skb->len). Ignored if NULL.
775
775
* @budget: NAPI budget (use 0 when not called from NAPI poll)
776
776
*
777
777
* Would either be called after a successful transmit operation, or after
···
805
805
DMA_TO_DEVICE);
806
806
807
807
if (cur_p->skb && (status & XAXIDMA_BD_STS_COMPLETE_MASK)) {
808
+
if (sizep)
809
+
*sizep += cur_p->skb->len;
808
810
napi_consume_skb(cur_p->skb, budget);
809
811
packets++;
810
812
}
···
820
818
wmb();
821
819
cur_p->cntrl = 0;
822
820
cur_p->status = 0;
823
-
824
-
if (sizep)
825
-
*sizep += status & XAXIDMA_BD_STS_ACTUAL_LEN_MASK;
826
821
}
827
822
828
823
if (!force) {
+6
-1
drivers/net/phy/sfp.c
+6
-1
drivers/net/phy/sfp.c
···
480
480
{
481
481
/* Ubiquiti U-Fiber Instant module claims that support all transceiver
482
482
* types including 10G Ethernet which is not truth. So clear all claimed
483
-
* modes and set only one mode which module supports: 1000baseX_Full.
483
+
* modes and set only one mode which module supports: 1000baseX_Full,
484
+
* along with the Autoneg and pause bits.
484
485
*/
485
486
linkmode_zero(caps->link_modes);
486
487
linkmode_set_bit(ETHTOOL_LINK_MODE_1000baseX_Full_BIT,
487
488
caps->link_modes);
489
+
linkmode_set_bit(ETHTOOL_LINK_MODE_Autoneg_BIT, caps->link_modes);
490
+
linkmode_set_bit(ETHTOOL_LINK_MODE_Pause_BIT, caps->link_modes);
491
+
linkmode_set_bit(ETHTOOL_LINK_MODE_Asym_Pause_BIT, caps->link_modes);
492
+
488
493
phy_interface_zero(caps->interfaces);
489
494
__set_bit(PHY_INTERFACE_MODE_1000BASEX, caps->interfaces);
490
495
}
+9
-11
drivers/net/virtio_net.c
+9
-11
drivers/net/virtio_net.c
···
381
381
struct xdp_buff **xsk_buffs;
382
382
};
383
383
384
-
#define VIRTIO_NET_RSS_MAX_KEY_SIZE 40
385
-
386
384
/* Control VQ buffers: protected by the rtnl lock */
387
385
struct control_buf {
388
386
struct virtio_net_ctrl_hdr hdr;
···
484
486
485
487
/* Must be last as it ends in a flexible-array member. */
486
488
TRAILING_OVERLAP(struct virtio_net_rss_config_trailer, rss_trailer, hash_key_data,
487
-
u8 rss_hash_key_data[VIRTIO_NET_RSS_MAX_KEY_SIZE];
489
+
u8 rss_hash_key_data[NETDEV_RSS_KEY_LEN];
488
490
);
489
491
};
490
492
static_assert(offsetof(struct virtnet_info, rss_trailer.hash_key_data) ==
···
6706
6708
struct virtnet_info *vi;
6707
6709
u16 max_queue_pairs;
6708
6710
int mtu = 0;
6711
+
u16 key_sz;
6709
6712
6710
6713
/* Find if host supports multiqueue/rss virtio_net device */
6711
6714
max_queue_pairs = 1;
···
6841
6842
}
6842
6843
6843
6844
if (vi->has_rss || vi->has_rss_hash_report) {
6844
-
vi->rss_key_size =
6845
-
virtio_cread8(vdev, offsetof(struct virtio_net_config, rss_max_key_size));
6846
-
if (vi->rss_key_size > VIRTIO_NET_RSS_MAX_KEY_SIZE) {
6847
-
dev_err(&vdev->dev, "rss_max_key_size=%u exceeds the limit %u.\n",
6848
-
vi->rss_key_size, VIRTIO_NET_RSS_MAX_KEY_SIZE);
6849
-
err = -EINVAL;
6850
-
goto free;
6851
-
}
6845
+
key_sz = virtio_cread8(vdev, offsetof(struct virtio_net_config, rss_max_key_size));
6846
+
6847
+
vi->rss_key_size = min_t(u16, key_sz, NETDEV_RSS_KEY_LEN);
6848
+
if (key_sz > vi->rss_key_size)
6849
+
dev_warn(&vdev->dev,
6850
+
"rss_max_key_size=%u exceeds driver limit %u, clamping\n",
6851
+
key_sz, vi->rss_key_size);
6852
6852
6853
6853
vi->rss_hash_types_supported =
6854
6854
virtio_cread32(vdev, offsetof(struct virtio_net_config, supported_hash_types));
+4
-2
drivers/net/vxlan/vxlan_core.c
+4
-2
drivers/net/vxlan/vxlan_core.c
···
1965
1965
ns_olen = request->len - skb_network_offset(request) -
1966
1966
sizeof(struct ipv6hdr) - sizeof(*ns);
1967
1967
for (i = 0; i < ns_olen-1; i += (ns->opt[i+1]<<3)) {
1968
-
if (!ns->opt[i + 1]) {
1968
+
if (!ns->opt[i + 1] || i + (ns->opt[i + 1] << 3) > ns_olen) {
1969
1969
kfree_skb(reply);
1970
1970
return NULL;
1971
1971
}
1972
1972
if (ns->opt[i] == ND_OPT_SOURCE_LL_ADDR) {
1973
-
daddr = ns->opt + i + sizeof(struct nd_opt_hdr);
1973
+
if ((ns->opt[i + 1] << 3) >=
1974
+
sizeof(struct nd_opt_hdr) + ETH_ALEN)
1975
+
daddr = ns->opt + i + sizeof(struct nd_opt_hdr);
1974
1976
break;
1975
1977
}
1976
1978
}
+7
-8
drivers/net/wireless/ath/ath11k/dp_rx.c
+7
-8
drivers/net/wireless/ath/ath11k/dp_rx.c
···
1
1
// SPDX-License-Identifier: BSD-3-Clause-Clear
2
2
/*
3
3
* Copyright (c) 2018-2019 The Linux Foundation. All rights reserved.
4
-
* Copyright (c) 2021-2025 Qualcomm Innovation Center, Inc. All rights reserved.
4
+
* Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
5
5
*/
6
6
7
7
#include <linux/ieee80211.h>
···
1110
1110
struct ath11k_base *ab = ar->ab;
1111
1111
struct ath11k_peer *peer;
1112
1112
struct ath11k_sta *arsta = ath11k_sta_to_arsta(params->sta);
1113
+
struct dp_rx_tid *rx_tid;
1113
1114
int vdev_id = arsta->arvif->vdev_id;
1114
-
dma_addr_t paddr;
1115
-
bool active;
1116
1115
int ret;
1117
1116
1118
1117
spin_lock_bh(&ab->base_lock);
···
1123
1124
return -ENOENT;
1124
1125
}
1125
1126
1126
-
paddr = peer->rx_tid[params->tid].paddr;
1127
-
active = peer->rx_tid[params->tid].active;
1127
+
rx_tid = &peer->rx_tid[params->tid];
1128
1128
1129
-
if (!active) {
1129
+
if (!rx_tid->active) {
1130
1130
spin_unlock_bh(&ab->base_lock);
1131
1131
return 0;
1132
1132
}
1133
1133
1134
-
ret = ath11k_peer_rx_tid_reo_update(ar, peer, peer->rx_tid, 1, 0, false);
1134
+
ret = ath11k_peer_rx_tid_reo_update(ar, peer, rx_tid, 1, 0, false);
1135
1135
spin_unlock_bh(&ab->base_lock);
1136
1136
if (ret) {
1137
1137
ath11k_warn(ab, "failed to update reo for rx tid %d: %d\n",
···
1139
1141
}
1140
1142
1141
1143
ret = ath11k_wmi_peer_rx_reorder_queue_setup(ar, vdev_id,
1142
-
params->sta->addr, paddr,
1144
+
params->sta->addr,
1145
+
rx_tid->paddr,
1143
1146
params->tid, 1, 1);
1144
1147
if (ret)
1145
1148
ath11k_warn(ab, "failed to send wmi to delete rx tid %d\n",
+3
-1
drivers/net/wireless/ath/ath12k/dp_rx.c
+3
-1
drivers/net/wireless/ath/ath12k/dp_rx.c
···
735
735
struct ath12k_dp *dp = ath12k_ab_to_dp(ab);
736
736
struct ath12k_dp_link_peer *peer;
737
737
struct ath12k_sta *ahsta = ath12k_sta_to_ahsta(params->sta);
738
+
struct ath12k_dp_rx_tid *rx_tid;
738
739
struct ath12k_link_sta *arsta;
739
740
int vdev_id;
740
741
bool active;
···
771
770
return 0;
772
771
}
773
772
774
-
ret = ath12k_dp_arch_peer_rx_tid_reo_update(dp, peer, peer->dp_peer->rx_tid,
773
+
rx_tid = &peer->dp_peer->rx_tid[params->tid];
774
+
ret = ath12k_dp_arch_peer_rx_tid_reo_update(dp, peer, rx_tid,
775
775
1, 0, false);
776
776
spin_unlock_bh(&dp->dp_lock);
777
777
if (ret) {
+5
drivers/net/wireless/intel/iwlwifi/fw/api/commands.h
+5
drivers/net/wireless/intel/iwlwifi/fw/api/commands.h
···
297
297
SCAN_OFFLOAD_UPDATE_PROFILES_CMD = 0x6E,
298
298
299
299
/**
300
+
* @SCAN_START_NOTIFICATION_UMAC: uses &struct iwl_umac_scan_start
301
+
*/
302
+
SCAN_START_NOTIFICATION_UMAC = 0xb2,
303
+
304
+
/**
300
305
* @MATCH_FOUND_NOTIFICATION: scan match found
301
306
*/
302
307
MATCH_FOUND_NOTIFICATION = 0xd9,
+10
drivers/net/wireless/intel/iwlwifi/fw/api/scan.h
+10
drivers/net/wireless/intel/iwlwifi/fw/api/scan.h
···
1157
1157
};
1158
1158
1159
1159
/**
1160
+
* struct iwl_umac_scan_start - scan start notification
1161
+
* @uid: scan id, &enum iwl_umac_scan_uid_offsets
1162
+
* @reserved: for future use
1163
+
*/
1164
+
struct iwl_umac_scan_start {
1165
+
__le32 uid;
1166
+
__le32 reserved;
1167
+
} __packed; /* SCAN_START_UMAC_API_S_VER_1 */
1168
+
1169
+
/**
1160
1170
* struct iwl_umac_scan_complete - scan complete notification
1161
1171
* @uid: scan id, &enum iwl_umac_scan_uid_offsets
1162
1172
* @last_schedule: last scheduling line
+69
-32
drivers/net/wireless/intel/iwlwifi/mld/iface.c
+69
-32
drivers/net/wireless/intel/iwlwifi/mld/iface.c
···
111
111
IEEE80211_HE_MAC_CAP2_ACK_EN);
112
112
}
113
113
114
-
static void iwl_mld_set_he_support(struct iwl_mld *mld,
115
-
struct ieee80211_vif *vif,
116
-
struct iwl_mac_config_cmd *cmd)
114
+
struct iwl_mld_mac_wifi_gen_sta_iter_data {
115
+
struct ieee80211_vif *vif;
116
+
struct iwl_mac_wifi_gen_support *support;
117
+
};
118
+
119
+
static void iwl_mld_mac_wifi_gen_sta_iter(void *_data,
120
+
struct ieee80211_sta *sta)
117
121
{
118
-
if (vif->type == NL80211_IFTYPE_AP)
119
-
cmd->wifi_gen.he_ap_support = 1;
120
-
else
121
-
cmd->wifi_gen.he_support = 1;
122
+
struct iwl_mld_sta *mld_sta = iwl_mld_sta_from_mac80211(sta);
123
+
struct iwl_mld_mac_wifi_gen_sta_iter_data *data = _data;
124
+
struct ieee80211_link_sta *link_sta;
125
+
unsigned int link_id;
126
+
127
+
if (mld_sta->vif != data->vif)
128
+
return;
129
+
130
+
for_each_sta_active_link(data->vif, sta, link_sta, link_id) {
131
+
if (link_sta->he_cap.has_he)
132
+
data->support->he_support = 1;
133
+
if (link_sta->eht_cap.has_eht)
134
+
data->support->eht_support = 1;
135
+
}
136
+
}
137
+
138
+
static void iwl_mld_set_wifi_gen(struct iwl_mld *mld,
139
+
struct ieee80211_vif *vif,
140
+
struct iwl_mac_wifi_gen_support *support)
141
+
{
142
+
struct iwl_mld_mac_wifi_gen_sta_iter_data sta_iter_data = {
143
+
.vif = vif,
144
+
.support = support,
145
+
};
146
+
struct ieee80211_bss_conf *link_conf;
147
+
unsigned int link_id;
148
+
149
+
switch (vif->type) {
150
+
case NL80211_IFTYPE_MONITOR:
151
+
/* for sniffer, set to HW capabilities */
152
+
support->he_support = 1;
153
+
support->eht_support = mld->trans->cfg->eht_supported;
154
+
break;
155
+
case NL80211_IFTYPE_AP:
156
+
/* for AP set according to the link configs */
157
+
for_each_vif_active_link(vif, link_conf, link_id) {
158
+
support->he_ap_support |= link_conf->he_support;
159
+
support->eht_support |= link_conf->eht_support;
160
+
}
161
+
break;
162
+
default:
163
+
/*
164
+
* If we have MLO enabled, then the firmware needs to enable
165
+
* address translation for the station(s) we add. That depends
166
+
* on having EHT enabled in firmware, which in turn depends on
167
+
* mac80211 in the iteration below.
168
+
* However, mac80211 doesn't enable capabilities on the AP STA
169
+
* until it has parsed the association response successfully,
170
+
* so set EHT (and HE as a pre-requisite for EHT) when the vif
171
+
* is an MLD.
172
+
*/
173
+
if (ieee80211_vif_is_mld(vif)) {
174
+
support->he_support = 1;
175
+
support->eht_support = 1;
176
+
}
177
+
178
+
ieee80211_iterate_stations_mtx(mld->hw,
179
+
iwl_mld_mac_wifi_gen_sta_iter,
180
+
&sta_iter_data);
181
+
break;
182
+
}
122
183
}
123
184
124
185
/* fill the common part for all interface types */
···
189
128
u32 action)
190
129
{
191
130
struct iwl_mld_vif *mld_vif = iwl_mld_vif_from_mac80211(vif);
192
-
struct ieee80211_bss_conf *link_conf;
193
-
unsigned int link_id;
194
131
195
132
lockdep_assert_wiphy(mld->wiphy);
196
133
···
206
147
cmd->nic_not_ack_enabled =
207
148
cpu_to_le32(!iwl_mld_is_nic_ack_enabled(mld, vif));
208
149
209
-
/* If we have MLO enabled, then the firmware needs to enable
210
-
* address translation for the station(s) we add. That depends
211
-
* on having EHT enabled in firmware, which in turn depends on
212
-
* mac80211 in the code below.
213
-
* However, mac80211 doesn't enable HE/EHT until it has parsed
214
-
* the association response successfully, so just skip all that
215
-
* and enable both when we have MLO.
216
-
*/
217
-
if (ieee80211_vif_is_mld(vif)) {
218
-
iwl_mld_set_he_support(mld, vif, cmd);
219
-
cmd->wifi_gen.eht_support = 1;
220
-
return;
221
-
}
222
-
223
-
for_each_vif_active_link(vif, link_conf, link_id) {
224
-
if (!link_conf->he_support)
225
-
continue;
226
-
227
-
iwl_mld_set_he_support(mld, vif, cmd);
228
-
229
-
/* EHT, if supported, was already set above */
230
-
break;
231
-
}
150
+
iwl_mld_set_wifi_gen(mld, vif, &cmd->wifi_gen);
232
151
}
233
152
234
153
static void iwl_mld_fill_mac_cmd_sta(struct iwl_mld *mld,
+19
drivers/net/wireless/intel/iwlwifi/mld/mac80211.c
+19
drivers/net/wireless/intel/iwlwifi/mld/mac80211.c
···
1761
1761
1762
1762
if (vif->type == NL80211_IFTYPE_STATION)
1763
1763
iwl_mld_link_set_2mhz_block(mld, vif, sta);
1764
+
1765
+
if (sta->tdls) {
1766
+
/*
1767
+
* update MAC since wifi generation flags may change,
1768
+
* we also update MAC on association to the AP via the
1769
+
* vif assoc change
1770
+
*/
1771
+
iwl_mld_mac_fw_action(mld, vif, FW_CTXT_ACTION_MODIFY);
1772
+
}
1773
+
1764
1774
/* Now the link_sta's capabilities are set, update the FW */
1765
1775
iwl_mld_config_tlc(mld, vif, sta);
1766
1776
···
1882
1872
if (sta->tdls && iwl_mld_tdls_sta_count(mld) == 0) {
1883
1873
/* just removed last TDLS STA, so enable PM */
1884
1874
iwl_mld_update_mac_power(mld, vif, false);
1875
+
}
1876
+
1877
+
if (sta->tdls) {
1878
+
/*
1879
+
* update MAC since wifi generation flags may change,
1880
+
* we also update MAC on disassociation to the AP via
1881
+
* the vif assoc change
1882
+
*/
1883
+
iwl_mld_mac_fw_action(mld, vif, FW_CTXT_ACTION_MODIFY);
1885
1884
}
1886
1885
} else {
1887
1886
return -EINVAL;
+1
drivers/net/wireless/intel/iwlwifi/mld/mld.c
+1
drivers/net/wireless/intel/iwlwifi/mld/mld.c
···
171
171
HCMD_NAME(MISSED_BEACONS_NOTIFICATION),
172
172
HCMD_NAME(MAC_PM_POWER_TABLE),
173
173
HCMD_NAME(MFUART_LOAD_NOTIFICATION),
174
+
HCMD_NAME(SCAN_START_NOTIFICATION_UMAC),
174
175
HCMD_NAME(RSS_CONFIG_CMD),
175
176
HCMD_NAME(SCAN_ITERATION_COMPLETE_UMAC),
176
177
HCMD_NAME(REPLY_RX_MPDU_CMD),
+2
-2
drivers/net/wireless/intel/iwlwifi/mld/mlo.c
+2
-2
drivers/net/wireless/intel/iwlwifi/mld/mlo.c
···
739
739
740
740
/* Ignore any BSS that was not seen in the last MLO scan */
741
741
if (ktime_before(link_conf->bss->ts_boottime,
742
-
mld->scan.last_mlo_scan_time))
742
+
mld->scan.last_mlo_scan_start_time))
743
743
continue;
744
744
745
745
data[n_data].link_id = link_id;
···
945
945
if (!mld_vif->authorized || hweight16(usable_links) <= 1)
946
946
return;
947
947
948
-
if (WARN(ktime_before(mld->scan.last_mlo_scan_time,
948
+
if (WARN(ktime_before(mld->scan.last_mlo_scan_start_time,
949
949
ktime_sub_ns(ktime_get_boottime_ns(),
950
950
5ULL * NSEC_PER_SEC)),
951
951
"Last MLO scan was too long ago, can't select links\n"))
+5
drivers/net/wireless/intel/iwlwifi/mld/notif.c
+5
drivers/net/wireless/intel/iwlwifi/mld/notif.c
···
287
287
* at least enough bytes to cover the structure listed in the CMD_VER_ENTRY.
288
288
*/
289
289
290
+
CMD_VERSIONS(scan_start_notif,
291
+
CMD_VER_ENTRY(1, iwl_umac_scan_start))
290
292
CMD_VERSIONS(scan_complete_notif,
291
293
CMD_VER_ENTRY(1, iwl_umac_scan_complete))
292
294
CMD_VERSIONS(scan_iter_complete_notif,
···
362
360
link_id)
363
361
DEFINE_SIMPLE_CANCELLATION(roc, iwl_roc_notif, activity)
364
362
DEFINE_SIMPLE_CANCELLATION(scan_complete, iwl_umac_scan_complete, uid)
363
+
DEFINE_SIMPLE_CANCELLATION(scan_start, iwl_umac_scan_start, uid)
365
364
DEFINE_SIMPLE_CANCELLATION(probe_resp_data, iwl_probe_resp_data_notif,
366
365
mac_id)
367
366
DEFINE_SIMPLE_CANCELLATION(uapsd_misbehaving_ap, iwl_uapsd_misbehaving_ap_notif,
···
405
402
RX_HANDLER_SYNC)
406
403
RX_HANDLER_NO_OBJECT(LEGACY_GROUP, BA_NOTIF, compressed_ba_notif,
407
404
RX_HANDLER_SYNC)
405
+
RX_HANDLER_OF_SCAN(LEGACY_GROUP, SCAN_START_NOTIFICATION_UMAC,
406
+
scan_start_notif)
408
407
RX_HANDLER_OF_SCAN(LEGACY_GROUP, SCAN_COMPLETE_UMAC,
409
408
scan_complete_notif)
410
409
RX_HANDLER_NO_OBJECT(LEGACY_GROUP, SCAN_ITERATION_COMPLETE_UMAC,
+27
-3
drivers/net/wireless/intel/iwlwifi/mld/scan.c
+27
-3
drivers/net/wireless/intel/iwlwifi/mld/scan.c
···
473
473
params->flags & NL80211_SCAN_FLAG_COLOCATED_6GHZ)
474
474
flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_TRIGGER_UHB_SCAN;
475
475
476
+
if (scan_status == IWL_MLD_SCAN_INT_MLO)
477
+
flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_NTF_START;
478
+
476
479
if (params->enable_6ghz_passive)
477
480
flags |= IWL_UMAC_SCAN_GEN_FLAGS_V2_6GHZ_PASSIVE_SCAN;
478
481
···
1820
1817
ret = _iwl_mld_single_scan_start(mld, vif, req, &ies,
1821
1818
IWL_MLD_SCAN_INT_MLO);
1822
1819
1823
-
if (!ret)
1824
-
mld->scan.last_mlo_scan_time = ktime_get_boottime_ns();
1825
-
1826
1820
IWL_DEBUG_SCAN(mld, "Internal MLO scan: ret=%d\n", ret);
1827
1821
}
1828
1822
···
1902
1902
{
1903
1903
IWL_DEBUG_SCAN(mld, "Scheduled scan results\n");
1904
1904
ieee80211_sched_scan_results(mld->hw);
1905
+
}
1906
+
1907
+
void iwl_mld_handle_scan_start_notif(struct iwl_mld *mld,
1908
+
struct iwl_rx_packet *pkt)
1909
+
{
1910
+
struct iwl_umac_scan_complete *notif = (void *)pkt->data;
1911
+
u32 uid = le32_to_cpu(notif->uid);
1912
+
1913
+
if (IWL_FW_CHECK(mld, uid >= ARRAY_SIZE(mld->scan.uid_status),
1914
+
"FW reports out-of-range scan UID %d\n", uid))
1915
+
return;
1916
+
1917
+
if (IWL_FW_CHECK(mld, !(mld->scan.uid_status[uid] & mld->scan.status),
1918
+
"FW reports scan UID %d we didn't trigger\n", uid))
1919
+
return;
1920
+
1921
+
IWL_DEBUG_SCAN(mld, "Scan started: uid=%u type=%u\n", uid,
1922
+
mld->scan.uid_status[uid]);
1923
+
if (IWL_FW_CHECK(mld, mld->scan.uid_status[uid] != IWL_MLD_SCAN_INT_MLO,
1924
+
"FW reports scan start notification %d we didn't trigger\n",
1925
+
mld->scan.uid_status[uid]))
1926
+
return;
1927
+
1928
+
mld->scan.last_mlo_scan_start_time = ktime_get_boottime_ns();
1905
1929
}
1906
1930
1907
1931
void iwl_mld_handle_scan_complete_notif(struct iwl_mld *mld,
+6
-3
drivers/net/wireless/intel/iwlwifi/mld/scan.h
+6
-3
drivers/net/wireless/intel/iwlwifi/mld/scan.h
···
27
27
void iwl_mld_handle_match_found_notif(struct iwl_mld *mld,
28
28
struct iwl_rx_packet *pkt);
29
29
30
+
void iwl_mld_handle_scan_start_notif(struct iwl_mld *mld,
31
+
struct iwl_rx_packet *pkt);
32
+
30
33
void iwl_mld_handle_scan_complete_notif(struct iwl_mld *mld,
31
34
struct iwl_rx_packet *pkt);
32
35
···
117
114
* in jiffies.
118
115
* @last_start_time_jiffies: stores the last start time in jiffies
119
116
* (interface up/reset/resume).
120
-
* @last_mlo_scan_time: start time of the last MLO scan in nanoseconds since
121
-
* boot.
117
+
* @last_mlo_scan_start_time: start time of the last MLO scan in nanoseconds
118
+
* since boot.
122
119
*/
123
120
struct iwl_mld_scan {
124
121
/* Add here fields that need clean up on restart */
···
139
136
void *cmd;
140
137
unsigned long last_6ghz_passive_jiffies;
141
138
unsigned long last_start_time_jiffies;
142
-
u64 last_mlo_scan_time;
139
+
u64 last_mlo_scan_start_time;
143
140
};
144
141
145
142
/**
+1
-1
drivers/net/wireless/intel/iwlwifi/mvm/d3.c
+1
-1
drivers/net/wireless/intel/iwlwifi/mvm/d3.c
···
2807
2807
if (IS_ERR_OR_NULL(vif))
2808
2808
return;
2809
2809
2810
-
if (len < sizeof(struct iwl_scan_offload_match_info)) {
2810
+
if (len < sizeof(struct iwl_scan_offload_match_info) + matches_len) {
2811
2811
IWL_ERR(mvm, "Invalid scan match info notification\n");
2812
2812
return;
2813
2813
}
+2
-1
drivers/net/wireless/intel/iwlwifi/mvm/fw.c
+2
-1
drivers/net/wireless/intel/iwlwifi/mvm/fw.c
···
470
470
.dataflags[0] = IWL_HCMD_DFL_NOCOPY,
471
471
};
472
472
473
-
if (mvm->trans->mac_cfg->device_family < IWL_DEVICE_FAMILY_AX210) {
473
+
if (mvm->trans->mac_cfg->device_family < IWL_DEVICE_FAMILY_AX210 ||
474
+
!mvm->trans->cfg->uhb_supported) {
474
475
IWL_DEBUG_RADIO(mvm, "UATS feature is not supported\n");
475
476
return;
476
477
}
+1
-1
drivers/net/wireless/microchip/wilc1000/hif.c
+1
-1
drivers/net/wireless/microchip/wilc1000/hif.c
+5
-3
drivers/net/wireless/ti/wl1251/tx.c
+5
-3
drivers/net/wireless/ti/wl1251/tx.c
···
402
402
int hdrlen;
403
403
u8 *frame;
404
404
405
-
skb = wl->tx_frames[result->id];
406
-
if (skb == NULL) {
407
-
wl1251_error("SKB for packet %d is NULL", result->id);
405
+
if (unlikely(result->id >= ARRAY_SIZE(wl->tx_frames) ||
406
+
wl->tx_frames[result->id] == NULL)) {
407
+
wl1251_error("invalid packet id %u", result->id);
408
408
return;
409
409
}
410
+
411
+
skb = wl->tx_frames[result->id];
410
412
411
413
info = IEEE80211_SKB_CB(skb);
412
414
-1
drivers/net/wireless/virtual/virt_wifi.c
-1
drivers/net/wireless/virtual/virt_wifi.c
+3
drivers/nfc/pn533/uart.c
+3
drivers/nfc/pn533/uart.c
+1
-1
include/linux/netfilter/ipset/ip_set.h
+1
-1
include/linux/netfilter/ipset/ip_set.h
···
309
309
310
310
/* register and unregister set references */
311
311
extern ip_set_id_t ip_set_get_byname(struct net *net,
312
-
const char *name, struct ip_set **set);
312
+
const struct nlattr *name, struct ip_set **set);
313
313
extern void ip_set_put_byindex(struct net *net, ip_set_id_t index);
314
314
extern void ip_set_name_byindex(struct net *net, ip_set_id_t index, char *name);
315
315
extern ip_set_id_t ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index);
+1
include/linux/skbuff.h
+1
include/linux/skbuff.h
···
5097
5097
return unlikely(skb->active_extensions);
5098
5098
}
5099
5099
#else
5100
+
static inline void __skb_ext_put(struct skb_ext *ext) {}
5100
5101
static inline void skb_ext_put(struct sk_buff *skb) {}
5101
5102
static inline void skb_ext_reset(struct sk_buff *skb) {}
5102
5103
static inline void skb_ext_del(struct sk_buff *skb, int unused) {}
+1
include/net/netns/mpls.h
+1
include/net/netns/mpls.h
+7
-1
net/bluetooth/hci_conn.c
+7
-1
net/bluetooth/hci_conn.c
···
1843
1843
u8 aux_num_cis = 0;
1844
1844
u8 cis_id;
1845
1845
1846
+
hci_dev_lock(hdev);
1847
+
1846
1848
conn = hci_conn_hash_lookup_cig(hdev, cig_id);
1847
-
if (!conn)
1849
+
if (!conn) {
1850
+
hci_dev_unlock(hdev);
1848
1851
return 0;
1852
+
}
1849
1853
1850
1854
qos = &conn->iso_qos;
1851
1855
pdu->cig_id = cig_id;
···
1887
1883
cis->p_rtn = qos->ucast.in.rtn;
1888
1884
}
1889
1885
pdu->num_cis = aux_num_cis;
1886
+
1887
+
hci_dev_unlock(hdev);
1890
1888
1891
1889
if (!pdu->num_cis)
1892
1890
return 0;
+55
-72
net/bluetooth/hci_event.c
+55
-72
net/bluetooth/hci_event.c
···
80
80
return data;
81
81
}
82
82
83
+
static void hci_store_wake_reason(struct hci_dev *hdev,
84
+
const bdaddr_t *bdaddr, u8 addr_type)
85
+
__must_hold(&hdev->lock);
86
+
83
87
static u8 hci_cc_inquiry_cancel(struct hci_dev *hdev, void *data,
84
88
struct sk_buff *skb)
85
89
{
···
3115
3111
bt_dev_dbg(hdev, "status 0x%2.2x", status);
3116
3112
3117
3113
hci_dev_lock(hdev);
3114
+
hci_store_wake_reason(hdev, &ev->bdaddr, BDADDR_BREDR);
3118
3115
3119
3116
/* Check for existing connection:
3120
3117
*
···
3278
3273
__u8 flags = 0;
3279
3274
3280
3275
bt_dev_dbg(hdev, "bdaddr %pMR type 0x%x", &ev->bdaddr, ev->link_type);
3276
+
3277
+
hci_dev_lock(hdev);
3278
+
hci_store_wake_reason(hdev, &ev->bdaddr, BDADDR_BREDR);
3279
+
hci_dev_unlock(hdev);
3281
3280
3282
3281
/* Reject incoming connection from device with same BD ADDR against
3283
3282
* CVE-2020-26555
···
5030
5021
bt_dev_dbg(hdev, "status 0x%2.2x", status);
5031
5022
5032
5023
hci_dev_lock(hdev);
5024
+
hci_store_wake_reason(hdev, &ev->bdaddr, BDADDR_BREDR);
5033
5025
5034
5026
conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
5035
5027
if (!conn) {
···
5723
5713
int err;
5724
5714
5725
5715
hci_dev_lock(hdev);
5716
+
hci_store_wake_reason(hdev, bdaddr, bdaddr_type);
5726
5717
5727
5718
/* All controllers implicitly stop advertising in the event of a
5728
5719
* connection, so ensure that the state bit is cleared.
···
6016
6005
bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
6017
6006
6018
6007
hci_dev_lock(hdev);
6008
+
hci_store_wake_reason(hdev, &ev->bdaddr, ev->bdaddr_type);
6019
6009
6020
6010
hci_dev_clear_flag(hdev, HCI_PA_SYNC);
6021
6011
···
6415
6403
info->length + 1))
6416
6404
break;
6417
6405
6406
+
hci_store_wake_reason(hdev, &info->bdaddr, info->bdaddr_type);
6407
+
6418
6408
if (info->length <= max_adv_len(hdev)) {
6419
6409
rssi = info->data[info->length];
6420
6410
process_adv_report(hdev, info->type, &info->bdaddr,
···
6505
6491
info->length))
6506
6492
break;
6507
6493
6494
+
hci_store_wake_reason(hdev, &info->bdaddr, info->bdaddr_type);
6495
+
6508
6496
evt_type = __le16_to_cpu(info->type) & LE_EXT_ADV_EVT_TYPE_MASK;
6509
6497
legacy_evt_type = ext_evt_type_to_legacy(hdev, evt_type);
6510
6498
···
6552
6536
bt_dev_dbg(hdev, "status 0x%2.2x", ev->status);
6553
6537
6554
6538
hci_dev_lock(hdev);
6539
+
hci_store_wake_reason(hdev, &ev->bdaddr, ev->bdaddr_type);
6555
6540
6556
6541
hci_dev_clear_flag(hdev, HCI_PA_SYNC);
6557
6542
···
6784
6767
latency = le16_to_cpu(ev->latency);
6785
6768
timeout = le16_to_cpu(ev->timeout);
6786
6769
6770
+
hci_dev_lock(hdev);
6771
+
6787
6772
hcon = hci_conn_hash_lookup_handle(hdev, handle);
6788
-
if (!hcon || hcon->state != BT_CONNECTED)
6789
-
return send_conn_param_neg_reply(hdev, handle,
6790
-
HCI_ERROR_UNKNOWN_CONN_ID);
6773
+
if (!hcon || hcon->state != BT_CONNECTED) {
6774
+
send_conn_param_neg_reply(hdev, handle,
6775
+
HCI_ERROR_UNKNOWN_CONN_ID);
6776
+
goto unlock;
6777
+
}
6791
6778
6792
-
if (max > hcon->le_conn_max_interval)
6793
-
return send_conn_param_neg_reply(hdev, handle,
6794
-
HCI_ERROR_INVALID_LL_PARAMS);
6779
+
if (max > hcon->le_conn_max_interval) {
6780
+
send_conn_param_neg_reply(hdev, handle,
6781
+
HCI_ERROR_INVALID_LL_PARAMS);
6782
+
goto unlock;
6783
+
}
6795
6784
6796
-
if (hci_check_conn_params(min, max, latency, timeout))
6797
-
return send_conn_param_neg_reply(hdev, handle,
6798
-
HCI_ERROR_INVALID_LL_PARAMS);
6785
+
if (hci_check_conn_params(min, max, latency, timeout)) {
6786
+
send_conn_param_neg_reply(hdev, handle,
6787
+
HCI_ERROR_INVALID_LL_PARAMS);
6788
+
goto unlock;
6789
+
}
6799
6790
6800
6791
if (hcon->role == HCI_ROLE_MASTER) {
6801
6792
struct hci_conn_params *params;
6802
6793
u8 store_hint;
6803
-
6804
-
hci_dev_lock(hdev);
6805
6794
6806
6795
params = hci_conn_params_lookup(hdev, &hcon->dst,
6807
6796
hcon->dst_type);
···
6820
6797
} else {
6821
6798
store_hint = 0x00;
6822
6799
}
6823
-
6824
-
hci_dev_unlock(hdev);
6825
6800
6826
6801
mgmt_new_conn_param(hdev, &hcon->dst, hcon->dst_type,
6827
6802
store_hint, min, max, latency, timeout);
···
6834
6813
cp.max_ce_len = 0;
6835
6814
6836
6815
hci_send_cmd(hdev, HCI_OP_LE_CONN_PARAM_REQ_REPLY, sizeof(cp), &cp);
6816
+
6817
+
unlock:
6818
+
hci_dev_unlock(hdev);
6837
6819
}
6838
6820
6839
6821
static void hci_le_direct_adv_report_evt(struct hci_dev *hdev, void *data,
···
6857
6833
6858
6834
for (i = 0; i < ev->num; i++) {
6859
6835
struct hci_ev_le_direct_adv_info *info = &ev->info[i];
6836
+
6837
+
hci_store_wake_reason(hdev, &info->bdaddr, info->bdaddr_type);
6860
6838
6861
6839
process_adv_report(hdev, info->type, &info->bdaddr,
6862
6840
info->bdaddr_type, &info->direct_addr,
···
7543
7517
return true;
7544
7518
}
7545
7519
7546
-
static void hci_store_wake_reason(struct hci_dev *hdev, u8 event,
7547
-
struct sk_buff *skb)
7520
+
static void hci_store_wake_reason(struct hci_dev *hdev,
7521
+
const bdaddr_t *bdaddr, u8 addr_type)
7522
+
__must_hold(&hdev->lock)
7548
7523
{
7549
-
struct hci_ev_le_advertising_info *adv;
7550
-
struct hci_ev_le_direct_adv_info *direct_adv;
7551
-
struct hci_ev_le_ext_adv_info *ext_adv;
7552
-
const struct hci_ev_conn_complete *conn_complete = (void *)skb->data;
7553
-
const struct hci_ev_conn_request *conn_request = (void *)skb->data;
7554
-
7555
-
hci_dev_lock(hdev);
7524
+
lockdep_assert_held(&hdev->lock);
7556
7525
7557
7526
/* If we are currently suspended and this is the first BT event seen,
7558
7527
* save the wake reason associated with the event.
7559
7528
*/
7560
7529
if (!hdev->suspended || hdev->wake_reason)
7561
-
goto unlock;
7530
+
return;
7531
+
7532
+
if (!bdaddr) {
7533
+
hdev->wake_reason = MGMT_WAKE_REASON_UNEXPECTED;
7534
+
return;
7535
+
}
7562
7536
7563
7537
/* Default to remote wake. Values for wake_reason are documented in the
7564
7538
* Bluez mgmt api docs.
7565
7539
*/
7566
7540
hdev->wake_reason = MGMT_WAKE_REASON_REMOTE_WAKE;
7567
-
7568
-
/* Once configured for remote wakeup, we should only wake up for
7569
-
* reconnections. It's useful to see which device is waking us up so
7570
-
* keep track of the bdaddr of the connection event that woke us up.
7571
-
*/
7572
-
if (event == HCI_EV_CONN_REQUEST) {
7573
-
bacpy(&hdev->wake_addr, &conn_request->bdaddr);
7574
-
hdev->wake_addr_type = BDADDR_BREDR;
7575
-
} else if (event == HCI_EV_CONN_COMPLETE) {
7576
-
bacpy(&hdev->wake_addr, &conn_complete->bdaddr);
7577
-
hdev->wake_addr_type = BDADDR_BREDR;
7578
-
} else if (event == HCI_EV_LE_META) {
7579
-
struct hci_ev_le_meta *le_ev = (void *)skb->data;
7580
-
u8 subevent = le_ev->subevent;
7581
-
u8 *ptr = &skb->data[sizeof(*le_ev)];
7582
-
u8 num_reports = *ptr;
7583
-
7584
-
if ((subevent == HCI_EV_LE_ADVERTISING_REPORT ||
7585
-
subevent == HCI_EV_LE_DIRECT_ADV_REPORT ||
7586
-
subevent == HCI_EV_LE_EXT_ADV_REPORT) &&
7587
-
num_reports) {
7588
-
adv = (void *)(ptr + 1);
7589
-
direct_adv = (void *)(ptr + 1);
7590
-
ext_adv = (void *)(ptr + 1);
7591
-
7592
-
switch (subevent) {
7593
-
case HCI_EV_LE_ADVERTISING_REPORT:
7594
-
bacpy(&hdev->wake_addr, &adv->bdaddr);
7595
-
hdev->wake_addr_type = adv->bdaddr_type;
7596
-
break;
7597
-
case HCI_EV_LE_DIRECT_ADV_REPORT:
7598
-
bacpy(&hdev->wake_addr, &direct_adv->bdaddr);
7599
-
hdev->wake_addr_type = direct_adv->bdaddr_type;
7600
-
break;
7601
-
case HCI_EV_LE_EXT_ADV_REPORT:
7602
-
bacpy(&hdev->wake_addr, &ext_adv->bdaddr);
7603
-
hdev->wake_addr_type = ext_adv->bdaddr_type;
7604
-
break;
7605
-
}
7606
-
}
7607
-
} else {
7608
-
hdev->wake_reason = MGMT_WAKE_REASON_UNEXPECTED;
7609
-
}
7610
-
7611
-
unlock:
7612
-
hci_dev_unlock(hdev);
7541
+
bacpy(&hdev->wake_addr, bdaddr);
7542
+
hdev->wake_addr_type = addr_type;
7613
7543
}
7614
7544
7615
7545
#define HCI_EV_VL(_op, _func, _min_len, _max_len) \
···
7812
7830
7813
7831
skb_pull(skb, HCI_EVENT_HDR_SIZE);
7814
7832
7815
-
/* Store wake reason if we're suspended */
7816
-
hci_store_wake_reason(hdev, event, skb);
7817
-
7818
7833
bt_dev_dbg(hdev, "event 0x%2.2x", event);
7819
7834
7820
7835
hci_event_func(hdev, event, skb, &opcode, &status, &req_complete,
7821
7836
&req_complete_skb);
7837
+
7838
+
hci_dev_lock(hdev);
7839
+
hci_store_wake_reason(hdev, NULL, 0);
7840
+
hci_dev_unlock(hdev);
7822
7841
7823
7842
if (req_complete) {
7824
7843
req_complete(hdev, status, opcode);
+62
-26
net/bluetooth/hci_sync.c
+62
-26
net/bluetooth/hci_sync.c
···
780
780
void *data, hci_cmd_sync_work_destroy_t destroy)
781
781
{
782
782
if (hci_cmd_sync_lookup_entry(hdev, func, data, destroy))
783
-
return 0;
783
+
return -EEXIST;
784
784
785
785
return hci_cmd_sync_queue(hdev, func, data, destroy);
786
786
}
···
801
801
return -ENETDOWN;
802
802
803
803
/* If on cmd_sync_work then run immediately otherwise queue */
804
-
if (current_work() == &hdev->cmd_sync_work)
805
-
return func(hdev, data);
804
+
if (current_work() == &hdev->cmd_sync_work) {
805
+
int err;
806
+
807
+
err = func(hdev, data);
808
+
if (destroy)
809
+
destroy(hdev, data, err);
810
+
811
+
return 0;
812
+
}
806
813
807
814
return hci_cmd_sync_submit(hdev, func, data, destroy);
808
815
}
···
3262
3255
3263
3256
int hci_update_passive_scan(struct hci_dev *hdev)
3264
3257
{
3258
+
int err;
3259
+
3265
3260
/* Only queue if it would have any effect */
3266
3261
if (!test_bit(HCI_UP, &hdev->flags) ||
3267
3262
test_bit(HCI_INIT, &hdev->flags) ||
···
3273
3264
hci_dev_test_flag(hdev, HCI_UNREGISTER))
3274
3265
return 0;
3275
3266
3276
-
return hci_cmd_sync_queue_once(hdev, update_passive_scan_sync, NULL,
3277
-
NULL);
3267
+
err = hci_cmd_sync_queue_once(hdev, update_passive_scan_sync, NULL,
3268
+
NULL);
3269
+
return (err == -EEXIST) ? 0 : err;
3278
3270
}
3279
3271
3280
3272
int hci_write_sc_support_sync(struct hci_dev *hdev, u8 val)
···
6968
6958
6969
6959
int hci_connect_acl_sync(struct hci_dev *hdev, struct hci_conn *conn)
6970
6960
{
6971
-
return hci_cmd_sync_queue_once(hdev, hci_acl_create_conn_sync, conn,
6972
-
NULL);
6961
+
int err;
6962
+
6963
+
err = hci_cmd_sync_queue_once(hdev, hci_acl_create_conn_sync, conn,
6964
+
NULL);
6965
+
return (err == -EEXIST) ? 0 : err;
6973
6966
}
6974
6967
6975
6968
static void create_le_conn_complete(struct hci_dev *hdev, void *data, int err)
···
7008
6995
7009
6996
int hci_connect_le_sync(struct hci_dev *hdev, struct hci_conn *conn)
7010
6997
{
7011
-
return hci_cmd_sync_queue_once(hdev, hci_le_create_conn_sync, conn,
7012
-
create_le_conn_complete);
6998
+
int err;
6999
+
7000
+
err = hci_cmd_sync_queue_once(hdev, hci_le_create_conn_sync, conn,
7001
+
create_le_conn_complete);
7002
+
return (err == -EEXIST) ? 0 : err;
7013
7003
}
7014
7004
7015
7005
int hci_cancel_connect_sync(struct hci_dev *hdev, struct hci_conn *conn)
···
7219
7203
7220
7204
int hci_connect_pa_sync(struct hci_dev *hdev, struct hci_conn *conn)
7221
7205
{
7222
-
return hci_cmd_sync_queue_once(hdev, hci_le_pa_create_sync, conn,
7223
-
create_pa_complete);
7206
+
int err;
7207
+
7208
+
err = hci_cmd_sync_queue_once(hdev, hci_le_pa_create_sync, conn,
7209
+
create_pa_complete);
7210
+
return (err == -EEXIST) ? 0 : err;
7224
7211
}
7225
7212
7226
7213
static void create_big_complete(struct hci_dev *hdev, void *data, int err)
···
7241
7222
7242
7223
static int hci_le_big_create_sync(struct hci_dev *hdev, void *data)
7243
7224
{
7244
-
DEFINE_FLEX(struct hci_cp_le_big_create_sync, cp, bis, num_bis, 0x11);
7225
+
DEFINE_FLEX(struct hci_cp_le_big_create_sync, cp, bis, num_bis,
7226
+
HCI_MAX_ISO_BIS);
7245
7227
struct hci_conn *conn = data;
7246
7228
struct bt_iso_qos *qos = &conn->iso_qos;
7247
7229
int err;
···
7286
7266
7287
7267
int hci_connect_big_sync(struct hci_dev *hdev, struct hci_conn *conn)
7288
7268
{
7289
-
return hci_cmd_sync_queue_once(hdev, hci_le_big_create_sync, conn,
7290
-
create_big_complete);
7269
+
int err;
7270
+
7271
+
err = hci_cmd_sync_queue_once(hdev, hci_le_big_create_sync, conn,
7272
+
create_big_complete);
7273
+
return (err == -EEXIST) ? 0 : err;
7291
7274
}
7292
7275
7293
7276
struct past_data {
···
7382
7359
if (err)
7383
7360
kfree(data);
7384
7361
7385
-
return err;
7362
+
return (err == -EEXIST) ? 0 : err;
7386
7363
}
7387
7364
7388
7365
static void le_read_features_complete(struct hci_dev *hdev, void *data, int err)
···
7391
7368
7392
7369
bt_dev_dbg(hdev, "err %d", err);
7393
7370
7394
-
if (err == -ECANCELED)
7395
-
return;
7396
-
7397
7371
hci_conn_drop(conn);
7372
+
hci_conn_put(conn);
7398
7373
}
7399
7374
7400
7375
static int hci_le_read_all_remote_features_sync(struct hci_dev *hdev,
···
7459
7438
* role is possible. Otherwise just transition into the
7460
7439
* connected state without requesting the remote features.
7461
7440
*/
7462
-
if (conn->out || (hdev->le_features[0] & HCI_LE_PERIPHERAL_FEATURES))
7441
+
if (conn->out || (hdev->le_features[0] & HCI_LE_PERIPHERAL_FEATURES)) {
7463
7442
err = hci_cmd_sync_queue_once(hdev,
7464
7443
hci_le_read_remote_features_sync,
7465
-
hci_conn_hold(conn),
7444
+
hci_conn_hold(hci_conn_get(conn)),
7466
7445
le_read_features_complete);
7467
-
else
7446
+
if (err) {
7447
+
hci_conn_drop(conn);
7448
+
hci_conn_put(conn);
7449
+
}
7450
+
} else {
7468
7451
err = -EOPNOTSUPP;
7452
+
}
7469
7453
7470
-
return err;
7454
+
return (err == -EEXIST) ? 0 : err;
7471
7455
}
7472
7456
7473
7457
static void pkt_type_changed(struct hci_dev *hdev, void *data, int err)
···
7498
7472
{
7499
7473
struct hci_dev *hdev = conn->hdev;
7500
7474
struct hci_cp_change_conn_ptype *cp;
7475
+
int err;
7501
7476
7502
7477
cp = kmalloc_obj(*cp);
7503
7478
if (!cp)
···
7507
7480
cp->handle = cpu_to_le16(conn->handle);
7508
7481
cp->pkt_type = cpu_to_le16(pkt_type);
7509
7482
7510
-
return hci_cmd_sync_queue_once(hdev, hci_change_conn_ptype_sync, cp,
7511
-
pkt_type_changed);
7483
+
err = hci_cmd_sync_queue_once(hdev, hci_change_conn_ptype_sync, cp,
7484
+
pkt_type_changed);
7485
+
if (err)
7486
+
kfree(cp);
7487
+
7488
+
return (err == -EEXIST) ? 0 : err;
7512
7489
}
7513
7490
7514
7491
static void le_phy_update_complete(struct hci_dev *hdev, void *data, int err)
···
7538
7507
{
7539
7508
struct hci_dev *hdev = conn->hdev;
7540
7509
struct hci_cp_le_set_phy *cp;
7510
+
int err;
7541
7511
7542
7512
cp = kmalloc_obj(*cp);
7543
7513
if (!cp)
···
7549
7517
cp->tx_phys = tx_phys;
7550
7518
cp->rx_phys = rx_phys;
7551
7519
7552
-
return hci_cmd_sync_queue_once(hdev, hci_le_set_phy_sync, cp,
7553
-
le_phy_update_complete);
7520
+
err = hci_cmd_sync_queue_once(hdev, hci_le_set_phy_sync, cp,
7521
+
le_phy_update_complete);
7522
+
if (err)
7523
+
kfree(cp);
7524
+
7525
+
return (err == -EEXIST) ? 0 : err;
7554
7526
}
+14
-3
net/bluetooth/mgmt.c
+14
-3
net/bluetooth/mgmt.c
···
2478
2478
struct mgmt_mesh_tx *mesh_tx;
2479
2479
struct mgmt_cp_mesh_send *send = data;
2480
2480
struct mgmt_rp_mesh_read_features rp;
2481
+
u16 expected_len;
2481
2482
bool sending;
2482
2483
int err = 0;
2483
2484
···
2486
2485
!hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2487
2486
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2488
2487
MGMT_STATUS_NOT_SUPPORTED);
2489
-
if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) ||
2490
-
len <= MGMT_MESH_SEND_SIZE ||
2491
-
len > (MGMT_MESH_SEND_SIZE + 31))
2488
+
if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2492
2489
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2493
2490
MGMT_STATUS_REJECTED);
2491
+
2492
+
if (!send->adv_data_len || send->adv_data_len > 31)
2493
+
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2494
+
MGMT_STATUS_REJECTED);
2495
+
2496
+
expected_len = struct_size(send, adv_data, send->adv_data_len);
2497
+
if (expected_len != len)
2498
+
return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2499
+
MGMT_STATUS_INVALID_PARAMS);
2494
2500
2495
2501
hci_dev_lock(hdev);
2496
2502
···
7254
7246
static bool ltk_is_valid(struct mgmt_ltk_info *key)
7255
7247
{
7256
7248
if (key->initiator != 0x00 && key->initiator != 0x01)
7249
+
return false;
7250
+
7251
+
if (key->enc_size > sizeof(key->val))
7257
7252
return false;
7258
7253
7259
7254
switch (key->addr.type) {
+23
-7
net/bluetooth/sco.c
+23
-7
net/bluetooth/sco.c
···
298
298
int err = 0;
299
299
300
300
sco_conn_lock(conn);
301
-
if (conn->sk)
301
+
if (conn->sk || sco_pi(sk)->conn)
302
302
err = -EBUSY;
303
303
else
304
304
__sco_chan_add(conn, sk, parent);
···
353
353
354
354
lock_sock(sk);
355
355
356
+
/* Recheck state after reacquiring the socket lock, as another
357
+
* thread may have changed it (e.g., closed the socket).
358
+
*/
359
+
if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
360
+
release_sock(sk);
361
+
hci_conn_drop(hcon);
362
+
err = -EBADFD;
363
+
goto unlock;
364
+
}
365
+
356
366
err = sco_chan_add(conn, sk, NULL);
357
367
if (err) {
358
368
release_sock(sk);
369
+
hci_conn_drop(hcon);
359
370
goto unlock;
360
371
}
361
372
···
667
656
addr->sa_family != AF_BLUETOOTH)
668
657
return -EINVAL;
669
658
670
-
if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND)
671
-
return -EBADFD;
672
-
673
-
if (sk->sk_type != SOCK_SEQPACKET)
674
-
err = -EINVAL;
675
-
676
659
lock_sock(sk);
660
+
661
+
if (sk->sk_state != BT_OPEN && sk->sk_state != BT_BOUND) {
662
+
release_sock(sk);
663
+
return -EBADFD;
664
+
}
665
+
666
+
if (sk->sk_type != SOCK_SEQPACKET) {
667
+
release_sock(sk);
668
+
return -EINVAL;
669
+
}
670
+
677
671
/* Set destination address and psm */
678
672
bacpy(&sco_pi(sk)->dst, &sa->sco_bdaddr);
679
673
release_sock(sk);
+6
-5
net/bluetooth/smp.c
+6
-5
net/bluetooth/smp.c
···
1018
1018
1019
1019
smp_s1(smp->tk, smp->prnd, smp->rrnd, stk);
1020
1020
1021
-
if (hcon->pending_sec_level == BT_SECURITY_HIGH)
1022
-
auth = 1;
1023
-
else
1024
-
auth = 0;
1021
+
auth = test_bit(SMP_FLAG_MITM_AUTH, &smp->flags) ? 1 : 0;
1025
1022
1026
1023
/* Even though there's no _RESPONDER suffix this is the
1027
1024
* responder STK we're adding for later lookup (the initiator
···
1823
1826
if (sec_level > conn->hcon->pending_sec_level)
1824
1827
conn->hcon->pending_sec_level = sec_level;
1825
1828
1826
-
/* If we need MITM check that it can be achieved */
1829
+
/* If we need MITM check that it can be achieved. */
1827
1830
if (conn->hcon->pending_sec_level >= BT_SECURITY_HIGH) {
1828
1831
u8 method;
1829
1832
···
1831
1834
req->io_capability);
1832
1835
if (method == JUST_WORKS || method == JUST_CFM)
1833
1836
return SMP_AUTH_REQUIREMENTS;
1837
+
1838
+
/* Force MITM bit if it isn't set by the initiator. */
1839
+
auth |= SMP_AUTH_MITM;
1840
+
rsp.auth_req |= SMP_AUTH_MITM;
1834
1841
}
1835
1842
1836
1843
key_size = min(req->max_key_size, rsp.max_key_size);
+11
-7
net/bridge/br_arp_nd_proxy.c
+11
-7
net/bridge/br_arp_nd_proxy.c
···
251
251
252
252
static void br_nd_send(struct net_bridge *br, struct net_bridge_port *p,
253
253
struct sk_buff *request, struct neighbour *n,
254
-
__be16 vlan_proto, u16 vlan_tci, struct nd_msg *ns)
254
+
__be16 vlan_proto, u16 vlan_tci)
255
255
{
256
256
struct net_device *dev = request->dev;
257
257
struct net_bridge_vlan_group *vg;
258
+
struct nd_msg *na, *ns;
258
259
struct sk_buff *reply;
259
-
struct nd_msg *na;
260
260
struct ipv6hdr *pip6;
261
261
int na_olen = 8; /* opt hdr + ETH_ALEN for target */
262
262
int ns_olen;
···
264
264
u8 *daddr;
265
265
u16 pvid;
266
266
267
-
if (!dev)
267
+
if (!dev || skb_linearize(request))
268
268
return;
269
269
270
270
len = LL_RESERVED_SPACE(dev) + sizeof(struct ipv6hdr) +
···
281
281
skb_set_mac_header(reply, 0);
282
282
283
283
daddr = eth_hdr(request)->h_source;
284
+
ns = (struct nd_msg *)(skb_network_header(request) +
285
+
sizeof(struct ipv6hdr));
284
286
285
287
/* Do we need option processing ? */
286
288
ns_olen = request->len - (skb_network_offset(request) +
287
289
sizeof(struct ipv6hdr)) - sizeof(*ns);
288
290
for (i = 0; i < ns_olen - 1; i += (ns->opt[i + 1] << 3)) {
289
-
if (!ns->opt[i + 1]) {
291
+
if (!ns->opt[i + 1] || i + (ns->opt[i + 1] << 3) > ns_olen) {
290
292
kfree_skb(reply);
291
293
return;
292
294
}
293
295
if (ns->opt[i] == ND_OPT_SOURCE_LL_ADDR) {
294
-
daddr = ns->opt + i + sizeof(struct nd_opt_hdr);
296
+
if ((ns->opt[i + 1] << 3) >=
297
+
sizeof(struct nd_opt_hdr) + ETH_ALEN)
298
+
daddr = ns->opt + i + sizeof(struct nd_opt_hdr);
295
299
break;
296
300
}
297
301
}
···
476
472
if (vid != 0)
477
473
br_nd_send(br, p, skb, n,
478
474
skb->vlan_proto,
479
-
skb_vlan_tag_get(skb), msg);
475
+
skb_vlan_tag_get(skb));
480
476
else
481
-
br_nd_send(br, p, skb, n, 0, 0, msg);
477
+
br_nd_send(br, p, skb, n, 0, 0);
482
478
replied = true;
483
479
}
484
480
+2
-2
net/bridge/br_mrp_netlink.c
+2
-2
net/bridge/br_mrp_netlink.c
···
196
196
br_mrp_start_test_policy[IFLA_BRIDGE_MRP_START_TEST_MAX + 1] = {
197
197
[IFLA_BRIDGE_MRP_START_TEST_UNSPEC] = { .type = NLA_REJECT },
198
198
[IFLA_BRIDGE_MRP_START_TEST_RING_ID] = { .type = NLA_U32 },
199
-
[IFLA_BRIDGE_MRP_START_TEST_INTERVAL] = { .type = NLA_U32 },
199
+
[IFLA_BRIDGE_MRP_START_TEST_INTERVAL] = NLA_POLICY_MIN(NLA_U32, 1),
200
200
[IFLA_BRIDGE_MRP_START_TEST_MAX_MISS] = { .type = NLA_U32 },
201
201
[IFLA_BRIDGE_MRP_START_TEST_PERIOD] = { .type = NLA_U32 },
202
202
[IFLA_BRIDGE_MRP_START_TEST_MONITOR] = { .type = NLA_U32 },
···
316
316
br_mrp_start_in_test_policy[IFLA_BRIDGE_MRP_START_IN_TEST_MAX + 1] = {
317
317
[IFLA_BRIDGE_MRP_START_IN_TEST_UNSPEC] = { .type = NLA_REJECT },
318
318
[IFLA_BRIDGE_MRP_START_IN_TEST_IN_ID] = { .type = NLA_U32 },
319
-
[IFLA_BRIDGE_MRP_START_IN_TEST_INTERVAL] = { .type = NLA_U32 },
319
+
[IFLA_BRIDGE_MRP_START_IN_TEST_INTERVAL] = NLA_POLICY_MIN(NLA_U32, 1),
320
320
[IFLA_BRIDGE_MRP_START_IN_TEST_MAX_MISS] = { .type = NLA_U32 },
321
321
[IFLA_BRIDGE_MRP_START_IN_TEST_PERIOD] = { .type = NLA_U32 },
322
322
};
+8
-3
net/core/dev.c
+8
-3
net/core/dev.c
···
3821
3821
* segmentation-offloads.rst).
3822
3822
*/
3823
3823
if (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4) {
3824
-
struct iphdr *iph = skb->encapsulation ?
3825
-
inner_ip_hdr(skb) : ip_hdr(skb);
3824
+
const struct iphdr *iph;
3825
+
struct iphdr _iph;
3826
+
int nhoff = skb->encapsulation ?
3827
+
skb_inner_network_offset(skb) :
3828
+
skb_network_offset(skb);
3826
3829
3827
-
if (!(iph->frag_off & htons(IP_DF)))
3830
+
iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
3831
+
3832
+
if (!iph || !(iph->frag_off & htons(IP_DF)))
3828
3833
features &= ~dev->mangleid_features;
3829
3834
}
3830
3835
+17
-15
net/hsr/hsr_device.c
+17
-15
net/hsr/hsr_device.c
···
532
532
static int hsr_ndo_vlan_rx_add_vid(struct net_device *dev,
533
533
__be16 proto, u16 vid)
534
534
{
535
-
bool is_slave_a_added = false;
536
-
bool is_slave_b_added = false;
535
+
struct net_device *slave_a_dev = NULL;
536
+
struct net_device *slave_b_dev = NULL;
537
537
struct hsr_port *port;
538
538
struct hsr_priv *hsr;
539
539
int ret = 0;
···
549
549
switch (port->type) {
550
550
case HSR_PT_SLAVE_A:
551
551
if (ret) {
552
-
/* clean up Slave-B */
553
552
netdev_err(dev, "add vid failed for Slave-A\n");
554
-
if (is_slave_b_added)
555
-
vlan_vid_del(port->dev, proto, vid);
556
-
return ret;
553
+
goto unwind;
557
554
}
558
-
559
-
is_slave_a_added = true;
555
+
slave_a_dev = port->dev;
560
556
break;
561
-
562
557
case HSR_PT_SLAVE_B:
563
558
if (ret) {
564
-
/* clean up Slave-A */
565
559
netdev_err(dev, "add vid failed for Slave-B\n");
566
-
if (is_slave_a_added)
567
-
vlan_vid_del(port->dev, proto, vid);
568
-
return ret;
560
+
goto unwind;
569
561
}
570
-
571
-
is_slave_b_added = true;
562
+
slave_b_dev = port->dev;
572
563
break;
573
564
default:
565
+
if (ret)
566
+
goto unwind;
574
567
break;
575
568
}
576
569
}
577
570
578
571
return 0;
572
+
573
+
unwind:
574
+
if (slave_a_dev)
575
+
vlan_vid_del(slave_a_dev, proto, vid);
576
+
577
+
if (slave_b_dev)
578
+
vlan_vid_del(slave_b_dev, proto, vid);
579
+
580
+
return ret;
579
581
}
580
582
581
583
static int hsr_ndo_vlan_rx_kill_vid(struct net_device *dev,
+36
-2
net/hsr/hsr_framereg.c
+36
-2
net/hsr/hsr_framereg.c
···
123
123
hsr_free_node(node);
124
124
}
125
125
126
+
static void hsr_lock_seq_out_pair(struct hsr_node *node_a,
127
+
struct hsr_node *node_b)
128
+
{
129
+
if (node_a == node_b) {
130
+
spin_lock_bh(&node_a->seq_out_lock);
131
+
return;
132
+
}
133
+
134
+
if (node_a < node_b) {
135
+
spin_lock_bh(&node_a->seq_out_lock);
136
+
spin_lock_nested(&node_b->seq_out_lock, SINGLE_DEPTH_NESTING);
137
+
} else {
138
+
spin_lock_bh(&node_b->seq_out_lock);
139
+
spin_lock_nested(&node_a->seq_out_lock, SINGLE_DEPTH_NESTING);
140
+
}
141
+
}
142
+
143
+
static void hsr_unlock_seq_out_pair(struct hsr_node *node_a,
144
+
struct hsr_node *node_b)
145
+
{
146
+
if (node_a == node_b) {
147
+
spin_unlock_bh(&node_a->seq_out_lock);
148
+
return;
149
+
}
150
+
151
+
if (node_a < node_b) {
152
+
spin_unlock(&node_b->seq_out_lock);
153
+
spin_unlock_bh(&node_a->seq_out_lock);
154
+
} else {
155
+
spin_unlock(&node_a->seq_out_lock);
156
+
spin_unlock_bh(&node_b->seq_out_lock);
157
+
}
158
+
}
159
+
126
160
void hsr_del_nodes(struct list_head *node_db)
127
161
{
128
162
struct hsr_node *node;
···
466
432
}
467
433
468
434
ether_addr_copy(node_real->macaddress_B, ethhdr->h_source);
469
-
spin_lock_bh(&node_real->seq_out_lock);
435
+
hsr_lock_seq_out_pair(node_real, node_curr);
470
436
for (i = 0; i < HSR_PT_PORTS; i++) {
471
437
if (!node_curr->time_in_stale[i] &&
472
438
time_after(node_curr->time_in[i], node_real->time_in[i])) {
···
489
455
src_blk->seq_nrs[i], HSR_SEQ_BLOCK_SIZE);
490
456
}
491
457
}
492
-
spin_unlock_bh(&node_real->seq_out_lock);
458
+
hsr_unlock_seq_out_pair(node_real, node_curr);
493
459
node_real->addr_B_port = port_rcv->type;
494
460
495
461
spin_lock_bh(&hsr->list_lock);
+3
-3
net/ipv6/addrconf.c
+3
-3
net/ipv6/addrconf.c
···
3625
3625
if ((ifp->flags & IFA_F_PERMANENT) &&
3626
3626
fixup_permanent_addr(net, idev, ifp) < 0) {
3627
3627
write_unlock_bh(&idev->lock);
3628
-
in6_ifa_hold(ifp);
3629
-
ipv6_del_addr(ifp);
3630
-
write_lock_bh(&idev->lock);
3631
3628
3632
3629
net_info_ratelimited("%s: Failed to add prefix route for address %pI6c; dropping\n",
3633
3630
idev->dev->name, &ifp->addr);
3631
+
in6_ifa_hold(ifp);
3632
+
ipv6_del_addr(ifp);
3633
+
write_lock_bh(&idev->lock);
3634
3634
}
3635
3635
}
3636
3636
+10
net/ipv6/datagram.c
+10
net/ipv6/datagram.c
···
763
763
{
764
764
struct in6_pktinfo *src_info;
765
765
struct cmsghdr *cmsg;
766
+
struct ipv6_rt_hdr *orthdr;
766
767
struct ipv6_rt_hdr *rthdr;
767
768
struct ipv6_opt_hdr *hdr;
768
769
struct ipv6_txoptions *opt = ipc6->opt;
···
925
924
goto exit_f;
926
925
}
927
926
if (cmsg->cmsg_type == IPV6_DSTOPTS) {
927
+
if (opt->dst1opt)
928
+
opt->opt_flen -= ipv6_optlen(opt->dst1opt);
928
929
opt->opt_flen += len;
929
930
opt->dst1opt = hdr;
930
931
} else {
932
+
if (opt->dst0opt)
933
+
opt->opt_nflen -= ipv6_optlen(opt->dst0opt);
931
934
opt->opt_nflen += len;
932
935
opt->dst0opt = hdr;
933
936
}
···
974
969
goto exit_f;
975
970
}
976
971
972
+
orthdr = opt->srcrt;
973
+
if (orthdr)
974
+
opt->opt_nflen -= ((orthdr->hdrlen + 1) << 3);
977
975
opt->opt_nflen += len;
978
976
opt->srcrt = rthdr;
979
977
980
978
if (cmsg->cmsg_type == IPV6_2292RTHDR && opt->dst1opt) {
981
979
int dsthdrlen = ((opt->dst1opt->hdrlen+1)<<3);
982
980
981
+
if (opt->dst0opt)
982
+
opt->opt_nflen -= ipv6_optlen(opt->dst0opt);
983
983
opt->opt_nflen += dsthdrlen;
984
984
opt->dst0opt = opt->dst1opt;
985
985
opt->dst1opt = NULL;
+3
net/ipv6/icmp.c
+3
net/ipv6/icmp.c
+2
-2
net/ipv6/ioam6.c
+2
-2
net/ipv6/ioam6.c
···
708
708
struct ioam6_namespace *ns,
709
709
struct ioam6_trace_hdr *trace,
710
710
struct ioam6_schema *sc,
711
-
u8 sclen, bool is_input)
711
+
unsigned int sclen, bool is_input)
712
712
{
713
713
struct net_device *dev = skb_dst_dev(skb);
714
714
struct timespec64 ts;
···
939
939
bool is_input)
940
940
{
941
941
struct ioam6_schema *sc;
942
-
u8 sclen = 0;
942
+
unsigned int sclen = 0;
943
943
944
944
/* Skip if Overflow flag is set
945
945
*/
+11
-3
net/ipv6/ip6_fib.c
+11
-3
net/ipv6/ip6_fib.c
···
727
727
728
728
void fib6_metric_set(struct fib6_info *f6i, int metric, u32 val)
729
729
{
730
+
struct dst_metrics *m;
731
+
730
732
if (!f6i)
731
733
return;
732
734
733
-
if (f6i->fib6_metrics == &dst_default_metrics) {
735
+
if (READ_ONCE(f6i->fib6_metrics) == &dst_default_metrics) {
736
+
struct dst_metrics *dflt = (struct dst_metrics *)&dst_default_metrics;
734
737
struct dst_metrics *p = kzalloc_obj(*p, GFP_ATOMIC);
735
738
736
739
if (!p)
737
740
return;
738
741
742
+
p->metrics[metric - 1] = val;
739
743
refcount_set(&p->refcnt, 1);
740
-
f6i->fib6_metrics = p;
744
+
if (cmpxchg(&f6i->fib6_metrics, dflt, p) != dflt)
745
+
kfree(p);
746
+
else
747
+
return;
741
748
}
742
749
743
-
f6i->fib6_metrics->metrics[metric - 1] = val;
750
+
m = READ_ONCE(f6i->fib6_metrics);
751
+
WRITE_ONCE(m->metrics[metric - 1], val);
744
752
}
745
753
746
754
/*
-5
net/ipv6/ip6_flowlabel.c
-5
net/ipv6/ip6_flowlabel.c
···
133
133
if (time_after(ttd, fl->expires))
134
134
fl->expires = ttd;
135
135
ttd = fl->expires;
136
-
if (fl->opt && fl->share == IPV6_FL_S_EXCL) {
137
-
struct ipv6_txoptions *opt = fl->opt;
138
-
fl->opt = NULL;
139
-
kfree(opt);
140
-
}
141
136
if (!timer_pending(&ip6_fl_gc_timer) ||
142
137
time_after(ip6_fl_gc_timer.expires, ttd))
143
138
mod_timer(&ip6_fl_gc_timer, ttd);
+5
net/ipv6/ip6_tunnel.c
+5
net/ipv6/ip6_tunnel.c
···
601
601
if (!skb2)
602
602
return 0;
603
603
604
+
/* Remove debris left by IPv6 stack. */
605
+
memset(IPCB(skb2), 0, sizeof(*IPCB(skb2)));
606
+
604
607
skb_dst_drop(skb2);
605
608
606
609
skb_pull(skb2, offset);
607
610
skb_reset_network_header(skb2);
608
611
eiph = ip_hdr(skb2);
612
+
if (eiph->version != 4 || eiph->ihl < 5)
613
+
goto out;
609
614
610
615
/* Try to guess incoming interface */
611
616
rt = ip_route_output_ports(dev_net(skb->dev), &fl4, NULL, eiph->saddr,
+3
net/ipv6/ndisc.c
+3
net/ipv6/ndisc.c
···
1209
1209
ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1210
1210
ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1211
1211
ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1212
+
ndmsg->nduseropt_pad1 = 0;
1213
+
ndmsg->nduseropt_pad2 = 0;
1214
+
ndmsg->nduseropt_pad3 = 0;
1212
1215
1213
1216
memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1214
1217
+25
-4
net/mpls/af_mpls.c
+25
-4
net/mpls/af_mpls.c
···
83
83
return mpls_dereference(net, platform_label[index]);
84
84
}
85
85
86
+
static struct mpls_route __rcu **mpls_platform_label_rcu(struct net *net, size_t *platform_labels)
87
+
{
88
+
struct mpls_route __rcu **platform_label;
89
+
unsigned int sequence;
90
+
91
+
do {
92
+
sequence = read_seqcount_begin(&net->mpls.platform_label_seq);
93
+
platform_label = rcu_dereference(net->mpls.platform_label);
94
+
*platform_labels = net->mpls.platform_labels;
95
+
} while (read_seqcount_retry(&net->mpls.platform_label_seq, sequence));
96
+
97
+
return platform_label;
98
+
}
99
+
86
100
static struct mpls_route *mpls_route_input_rcu(struct net *net, unsigned int index)
87
101
{
88
102
struct mpls_route __rcu **platform_label;
103
+
size_t platform_labels;
89
104
90
-
if (index >= net->mpls.platform_labels)
105
+
platform_label = mpls_platform_label_rcu(net, &platform_labels);
106
+
107
+
if (index >= platform_labels)
91
108
return NULL;
92
109
93
-
platform_label = rcu_dereference(net->mpls.platform_label);
94
110
return rcu_dereference(platform_label[index]);
95
111
}
96
112
···
2256
2240
if (index < MPLS_LABEL_FIRST_UNRESERVED)
2257
2241
index = MPLS_LABEL_FIRST_UNRESERVED;
2258
2242
2259
-
platform_label = rcu_dereference(net->mpls.platform_label);
2260
-
platform_labels = net->mpls.platform_labels;
2243
+
platform_label = mpls_platform_label_rcu(net, &platform_labels);
2261
2244
2262
2245
if (filter.filter_set)
2263
2246
flags |= NLM_F_DUMP_FILTERED;
···
2660
2645
}
2661
2646
2662
2647
/* Update the global pointers */
2648
+
local_bh_disable();
2649
+
write_seqcount_begin(&net->mpls.platform_label_seq);
2663
2650
net->mpls.platform_labels = limit;
2664
2651
rcu_assign_pointer(net->mpls.platform_label, labels);
2652
+
write_seqcount_end(&net->mpls.platform_label_seq);
2653
+
local_bh_enable();
2665
2654
2666
2655
mutex_unlock(&net->mpls.platform_mutex);
2667
2656
···
2747
2728
int i;
2748
2729
2749
2730
mutex_init(&net->mpls.platform_mutex);
2731
+
seqcount_mutex_init(&net->mpls.platform_label_seq, &net->mpls.platform_mutex);
2732
+
2750
2733
net->mpls.platform_labels = 0;
2751
2734
net->mpls.platform_label = NULL;
2752
2735
net->mpls.ip_ttl_propagate = 1;
+8
-3
net/mptcp/protocol.c
+8
-3
net/mptcp/protocol.c
···
2006
2006
static int __mptcp_recvmsg_mskq(struct sock *sk, struct msghdr *msg,
2007
2007
size_t len, int flags, int copied_total,
2008
2008
struct scm_timestamping_internal *tss,
2009
-
int *cmsg_flags)
2009
+
int *cmsg_flags, struct sk_buff **last)
2010
2010
{
2011
2011
struct mptcp_sock *msk = mptcp_sk(sk);
2012
2012
struct sk_buff *skb, *tmp;
···
2023
2023
/* skip already peeked skbs */
2024
2024
if (total_data_len + data_len <= copied_total) {
2025
2025
total_data_len += data_len;
2026
+
*last = skb;
2026
2027
continue;
2027
2028
}
2028
2029
···
2059
2058
}
2060
2059
2061
2060
mptcp_eat_recv_skb(sk, skb);
2061
+
} else {
2062
+
*last = skb;
2062
2063
}
2063
2064
2064
2065
if (copied >= len)
···
2291
2288
cmsg_flags = MPTCP_CMSG_INQ;
2292
2289
2293
2290
while (copied < len) {
2291
+
struct sk_buff *last = NULL;
2294
2292
int err, bytes_read;
2295
2293
2296
2294
bytes_read = __mptcp_recvmsg_mskq(sk, msg, len - copied, flags,
2297
-
copied, &tss, &cmsg_flags);
2295
+
copied, &tss, &cmsg_flags,
2296
+
&last);
2298
2297
if (unlikely(bytes_read < 0)) {
2299
2298
if (!copied)
2300
2299
copied = bytes_read;
···
2348
2343
2349
2344
pr_debug("block timeout %ld\n", timeo);
2350
2345
mptcp_cleanup_rbuf(msk, copied);
2351
-
err = sk_wait_data(sk, &timeo, NULL);
2346
+
err = sk_wait_data(sk, &timeo, last);
2352
2347
if (err < 0) {
2353
2348
err = copied ? : err;
2354
2349
goto out_err;
+2
-2
net/netfilter/ipset/ip_set_core.c
+2
-2
net/netfilter/ipset/ip_set_core.c
···
821
821
*
822
822
*/
823
823
ip_set_id_t
824
-
ip_set_get_byname(struct net *net, const char *name, struct ip_set **set)
824
+
ip_set_get_byname(struct net *net, const struct nlattr *name, struct ip_set **set)
825
825
{
826
826
ip_set_id_t i, index = IPSET_INVALID_ID;
827
827
struct ip_set *s;
···
830
830
rcu_read_lock();
831
831
for (i = 0; i < inst->ip_set_max; i++) {
832
832
s = rcu_dereference(inst->ip_set_list)[i];
833
-
if (s && STRNCMP(s->name, name)) {
833
+
if (s && nla_strcmp(name, s->name) == 0) {
834
834
__ip_set_get(s);
835
835
index = i;
836
836
*set = s;
+1
-1
net/netfilter/ipset/ip_set_hash_gen.h
+1
-1
net/netfilter/ipset/ip_set_hash_gen.h
+2
-2
net/netfilter/ipset/ip_set_list_set.c
+2
-2
net/netfilter/ipset/ip_set_list_set.c
···
367
367
ret = ip_set_get_extensions(set, tb, &ext);
368
368
if (ret)
369
369
return ret;
370
-
e.id = ip_set_get_byname(map->net, nla_data(tb[IPSET_ATTR_NAME]), &s);
370
+
e.id = ip_set_get_byname(map->net, tb[IPSET_ATTR_NAME], &s);
371
371
if (e.id == IPSET_INVALID_ID)
372
372
return -IPSET_ERR_NAME;
373
373
/* "Loop detection" */
···
389
389
390
390
if (tb[IPSET_ATTR_NAMEREF]) {
391
391
e.refid = ip_set_get_byname(map->net,
392
-
nla_data(tb[IPSET_ATTR_NAMEREF]),
392
+
tb[IPSET_ATTR_NAMEREF],
393
393
&s);
394
394
if (e.refid == IPSET_INVALID_ID) {
395
395
ret = -IPSET_ERR_NAMEREF;
+1
-1
net/netfilter/nf_conntrack_helper.c
+1
-1
net/netfilter/nf_conntrack_helper.c
+15
-45
net/netfilter/nf_conntrack_netlink.c
+15
-45
net/netfilter/nf_conntrack_netlink.c
···
2636
2636
2637
2637
static struct nf_conntrack_expect *
2638
2638
ctnetlink_alloc_expect(const struct nlattr *const cda[], struct nf_conn *ct,
2639
-
struct nf_conntrack_helper *helper,
2640
2639
struct nf_conntrack_tuple *tuple,
2641
2640
struct nf_conntrack_tuple *mask);
2642
2641
···
2864
2865
{
2865
2866
struct nlattr *cda[CTA_EXPECT_MAX+1];
2866
2867
struct nf_conntrack_tuple tuple, mask;
2867
-
struct nf_conntrack_helper *helper = NULL;
2868
2868
struct nf_conntrack_expect *exp;
2869
2869
int err;
2870
2870
···
2877
2879
if (err < 0)
2878
2880
return err;
2879
2881
2880
-
if (cda[CTA_EXPECT_HELP_NAME]) {
2881
-
const char *helpname = nla_data(cda[CTA_EXPECT_HELP_NAME]);
2882
-
2883
-
helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
2884
-
nf_ct_protonum(ct));
2885
-
if (helper == NULL)
2886
-
return -EOPNOTSUPP;
2887
-
}
2888
-
2889
2882
exp = ctnetlink_alloc_expect((const struct nlattr * const *)cda, ct,
2890
-
helper, &tuple, &mask);
2883
+
&tuple, &mask);
2891
2884
if (IS_ERR(exp))
2892
2885
return PTR_ERR(exp);
2893
2886
···
3517
3528
3518
3529
static struct nf_conntrack_expect *
3519
3530
ctnetlink_alloc_expect(const struct nlattr * const cda[], struct nf_conn *ct,
3520
-
struct nf_conntrack_helper *helper,
3521
3531
struct nf_conntrack_tuple *tuple,
3522
3532
struct nf_conntrack_tuple *mask)
3523
3533
{
3524
3534
struct net *net = read_pnet(&ct->ct_net);
3535
+
struct nf_conntrack_helper *helper;
3525
3536
struct nf_conntrack_expect *exp;
3526
3537
struct nf_conn_help *help;
3527
3538
u32 class = 0;
···
3531
3542
if (!help)
3532
3543
return ERR_PTR(-EOPNOTSUPP);
3533
3544
3534
-
if (cda[CTA_EXPECT_CLASS] && helper) {
3545
+
helper = rcu_dereference(help->helper);
3546
+
if (!helper)
3547
+
return ERR_PTR(-EOPNOTSUPP);
3548
+
3549
+
if (cda[CTA_EXPECT_CLASS]) {
3535
3550
class = ntohl(nla_get_be32(cda[CTA_EXPECT_CLASS]));
3536
3551
if (class > helper->expect_class_max)
3537
3552
return ERR_PTR(-EINVAL);
···
3569
3576
#ifdef CONFIG_NF_CONNTRACK_ZONES
3570
3577
exp->zone = ct->zone;
3571
3578
#endif
3572
-
if (!helper)
3573
-
helper = rcu_dereference(help->helper);
3574
3579
rcu_assign_pointer(exp->helper, helper);
3575
3580
exp->tuple = *tuple;
3576
3581
exp->mask.src.u3 = mask->src.u3;
···
3579
3588
exp, nf_ct_l3num(ct));
3580
3589
if (err < 0)
3581
3590
goto err_out;
3591
+
#if IS_ENABLED(CONFIG_NF_NAT)
3592
+
} else {
3593
+
memset(&exp->saved_addr, 0, sizeof(exp->saved_addr));
3594
+
memset(&exp->saved_proto, 0, sizeof(exp->saved_proto));
3595
+
exp->dir = 0;
3596
+
#endif
3582
3597
}
3583
3598
return exp;
3584
3599
err_out:
···
3600
3603
{
3601
3604
struct nf_conntrack_tuple tuple, mask, master_tuple;
3602
3605
struct nf_conntrack_tuple_hash *h = NULL;
3603
-
struct nf_conntrack_helper *helper = NULL;
3604
3606
struct nf_conntrack_expect *exp;
3605
3607
struct nf_conn *ct;
3606
3608
int err;
···
3625
3629
ct = nf_ct_tuplehash_to_ctrack(h);
3626
3630
3627
3631
rcu_read_lock();
3628
-
if (cda[CTA_EXPECT_HELP_NAME]) {
3629
-
const char *helpname = nla_data(cda[CTA_EXPECT_HELP_NAME]);
3630
-
3631
-
helper = __nf_conntrack_helper_find(helpname, u3,
3632
-
nf_ct_protonum(ct));
3633
-
if (helper == NULL) {
3634
-
rcu_read_unlock();
3635
-
#ifdef CONFIG_MODULES
3636
-
if (request_module("nfct-helper-%s", helpname) < 0) {
3637
-
err = -EOPNOTSUPP;
3638
-
goto err_ct;
3639
-
}
3640
-
rcu_read_lock();
3641
-
helper = __nf_conntrack_helper_find(helpname, u3,
3642
-
nf_ct_protonum(ct));
3643
-
if (helper) {
3644
-
err = -EAGAIN;
3645
-
goto err_rcu;
3646
-
}
3647
-
rcu_read_unlock();
3648
-
#endif
3649
-
err = -EOPNOTSUPP;
3650
-
goto err_ct;
3651
-
}
3652
-
}
3653
-
3654
-
exp = ctnetlink_alloc_expect(cda, ct, helper, &tuple, &mask);
3632
+
exp = ctnetlink_alloc_expect(cda, ct, &tuple, &mask);
3655
3633
if (IS_ERR(exp)) {
3656
3634
err = PTR_ERR(exp);
3657
3635
goto err_rcu;
···
3635
3665
nf_ct_expect_put(exp);
3636
3666
err_rcu:
3637
3667
rcu_read_unlock();
3638
-
err_ct:
3639
3668
nf_ct_put(ct);
3669
+
3640
3670
return err;
3641
3671
}
3642
3672
+130
-66
net/netfilter/nf_flow_table_offload.c
+130
-66
net/netfilter/nf_flow_table_offload.c
···
14
14
#include <net/netfilter/nf_conntrack_core.h>
15
15
#include <net/netfilter/nf_conntrack_tuple.h>
16
16
17
+
#define NF_FLOW_RULE_ACTION_MAX 24
18
+
17
19
static struct workqueue_struct *nf_flow_offload_add_wq;
18
20
static struct workqueue_struct *nf_flow_offload_del_wq;
19
21
static struct workqueue_struct *nf_flow_offload_stats_wq;
···
218
216
static inline struct flow_action_entry *
219
217
flow_action_entry_next(struct nf_flow_rule *flow_rule)
220
218
{
221
-
int i = flow_rule->rule->action.num_entries++;
219
+
int i;
220
+
221
+
if (unlikely(flow_rule->rule->action.num_entries >= NF_FLOW_RULE_ACTION_MAX))
222
+
return NULL;
223
+
224
+
i = flow_rule->rule->action.num_entries++;
222
225
223
226
return &flow_rule->rule->action.entries[i];
224
227
}
···
240
233
const unsigned char *addr;
241
234
u32 mask, val;
242
235
u16 val16;
236
+
237
+
if (!entry0 || !entry1)
238
+
return -E2BIG;
243
239
244
240
this_tuple = &flow->tuplehash[dir].tuple;
245
241
···
294
284
u8 nud_state;
295
285
u16 val16;
296
286
287
+
if (!entry0 || !entry1)
288
+
return -E2BIG;
289
+
297
290
this_tuple = &flow->tuplehash[dir].tuple;
298
291
299
292
switch (this_tuple->xmit_type) {
···
338
325
return 0;
339
326
}
340
327
341
-
static void flow_offload_ipv4_snat(struct net *net,
342
-
const struct flow_offload *flow,
343
-
enum flow_offload_tuple_dir dir,
344
-
struct nf_flow_rule *flow_rule)
328
+
static int flow_offload_ipv4_snat(struct net *net,
329
+
const struct flow_offload *flow,
330
+
enum flow_offload_tuple_dir dir,
331
+
struct nf_flow_rule *flow_rule)
345
332
{
346
333
struct flow_action_entry *entry = flow_action_entry_next(flow_rule);
347
334
u32 mask = ~htonl(0xffffffff);
348
335
__be32 addr;
349
336
u32 offset;
337
+
338
+
if (!entry)
339
+
return -E2BIG;
350
340
351
341
switch (dir) {
352
342
case FLOW_OFFLOAD_DIR_ORIGINAL:
···
361
345
offset = offsetof(struct iphdr, daddr);
362
346
break;
363
347
default:
364
-
return;
348
+
return -EOPNOTSUPP;
365
349
}
366
350
367
351
flow_offload_mangle(entry, FLOW_ACT_MANGLE_HDR_TYPE_IP4, offset,
368
352
&addr, &mask);
353
+
return 0;
369
354
}
370
355
371
-
static void flow_offload_ipv4_dnat(struct net *net,
372
-
const struct flow_offload *flow,
373
-
enum flow_offload_tuple_dir dir,
374
-
struct nf_flow_rule *flow_rule)
356
+
static int flow_offload_ipv4_dnat(struct net *net,
357
+
const struct flow_offload *flow,
358
+
enum flow_offload_tuple_dir dir,
359
+
struct nf_flow_rule *flow_rule)
375
360
{
376
361
struct flow_action_entry *entry = flow_action_entry_next(flow_rule);
377
362
u32 mask = ~htonl(0xffffffff);
378
363
__be32 addr;
379
364
u32 offset;
365
+
366
+
if (!entry)
367
+
return -E2BIG;
380
368
381
369
switch (dir) {
382
370
case FLOW_OFFLOAD_DIR_ORIGINAL:
···
392
372
offset = offsetof(struct iphdr, saddr);
393
373
break;
394
374
default:
395
-
return;
375
+
return -EOPNOTSUPP;
396
376
}
397
377
398
378
flow_offload_mangle(entry, FLOW_ACT_MANGLE_HDR_TYPE_IP4, offset,
399
379
&addr, &mask);
380
+
return 0;
400
381
}
401
382
402
-
static void flow_offload_ipv6_mangle(struct nf_flow_rule *flow_rule,
383
+
static int flow_offload_ipv6_mangle(struct nf_flow_rule *flow_rule,
403
384
unsigned int offset,
404
385
const __be32 *addr, const __be32 *mask)
405
386
{
···
409
388
410
389
for (i = 0; i < sizeof(struct in6_addr) / sizeof(u32); i++) {
411
390
entry = flow_action_entry_next(flow_rule);
391
+
if (!entry)
392
+
return -E2BIG;
393
+
412
394
flow_offload_mangle(entry, FLOW_ACT_MANGLE_HDR_TYPE_IP6,
413
395
offset + i * sizeof(u32), &addr[i], mask);
414
396
}
397
+
398
+
return 0;
415
399
}
416
400
417
-
static void flow_offload_ipv6_snat(struct net *net,
418
-
const struct flow_offload *flow,
419
-
enum flow_offload_tuple_dir dir,
420
-
struct nf_flow_rule *flow_rule)
401
+
static int flow_offload_ipv6_snat(struct net *net,
402
+
const struct flow_offload *flow,
403
+
enum flow_offload_tuple_dir dir,
404
+
struct nf_flow_rule *flow_rule)
421
405
{
422
406
u32 mask = ~htonl(0xffffffff);
423
407
const __be32 *addr;
···
438
412
offset = offsetof(struct ipv6hdr, daddr);
439
413
break;
440
414
default:
441
-
return;
415
+
return -EOPNOTSUPP;
442
416
}
443
417
444
-
flow_offload_ipv6_mangle(flow_rule, offset, addr, &mask);
418
+
return flow_offload_ipv6_mangle(flow_rule, offset, addr, &mask);
445
419
}
446
420
447
-
static void flow_offload_ipv6_dnat(struct net *net,
448
-
const struct flow_offload *flow,
449
-
enum flow_offload_tuple_dir dir,
450
-
struct nf_flow_rule *flow_rule)
421
+
static int flow_offload_ipv6_dnat(struct net *net,
422
+
const struct flow_offload *flow,
423
+
enum flow_offload_tuple_dir dir,
424
+
struct nf_flow_rule *flow_rule)
451
425
{
452
426
u32 mask = ~htonl(0xffffffff);
453
427
const __be32 *addr;
···
463
437
offset = offsetof(struct ipv6hdr, saddr);
464
438
break;
465
439
default:
466
-
return;
440
+
return -EOPNOTSUPP;
467
441
}
468
442
469
-
flow_offload_ipv6_mangle(flow_rule, offset, addr, &mask);
443
+
return flow_offload_ipv6_mangle(flow_rule, offset, addr, &mask);
470
444
}
471
445
472
446
static int flow_offload_l4proto(const struct flow_offload *flow)
···
488
462
return type;
489
463
}
490
464
491
-
static void flow_offload_port_snat(struct net *net,
492
-
const struct flow_offload *flow,
493
-
enum flow_offload_tuple_dir dir,
494
-
struct nf_flow_rule *flow_rule)
465
+
static int flow_offload_port_snat(struct net *net,
466
+
const struct flow_offload *flow,
467
+
enum flow_offload_tuple_dir dir,
468
+
struct nf_flow_rule *flow_rule)
495
469
{
496
470
struct flow_action_entry *entry = flow_action_entry_next(flow_rule);
497
471
u32 mask, port;
498
472
u32 offset;
473
+
474
+
if (!entry)
475
+
return -E2BIG;
499
476
500
477
switch (dir) {
501
478
case FLOW_OFFLOAD_DIR_ORIGINAL:
···
514
485
mask = ~htonl(0xffff);
515
486
break;
516
487
default:
517
-
return;
488
+
return -EOPNOTSUPP;
518
489
}
519
490
520
491
flow_offload_mangle(entry, flow_offload_l4proto(flow), offset,
521
492
&port, &mask);
493
+
return 0;
522
494
}
523
495
524
-
static void flow_offload_port_dnat(struct net *net,
525
-
const struct flow_offload *flow,
526
-
enum flow_offload_tuple_dir dir,
527
-
struct nf_flow_rule *flow_rule)
496
+
static int flow_offload_port_dnat(struct net *net,
497
+
const struct flow_offload *flow,
498
+
enum flow_offload_tuple_dir dir,
499
+
struct nf_flow_rule *flow_rule)
528
500
{
529
501
struct flow_action_entry *entry = flow_action_entry_next(flow_rule);
530
502
u32 mask, port;
531
503
u32 offset;
504
+
505
+
if (!entry)
506
+
return -E2BIG;
532
507
533
508
switch (dir) {
534
509
case FLOW_OFFLOAD_DIR_ORIGINAL:
···
548
515
mask = ~htonl(0xffff0000);
549
516
break;
550
517
default:
551
-
return;
518
+
return -EOPNOTSUPP;
552
519
}
553
520
554
521
flow_offload_mangle(entry, flow_offload_l4proto(flow), offset,
555
522
&port, &mask);
523
+
return 0;
556
524
}
557
525
558
-
static void flow_offload_ipv4_checksum(struct net *net,
559
-
const struct flow_offload *flow,
560
-
struct nf_flow_rule *flow_rule)
526
+
static int flow_offload_ipv4_checksum(struct net *net,
527
+
const struct flow_offload *flow,
528
+
struct nf_flow_rule *flow_rule)
561
529
{
562
530
u8 protonum = flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple.l4proto;
563
531
struct flow_action_entry *entry = flow_action_entry_next(flow_rule);
532
+
533
+
if (!entry)
534
+
return -E2BIG;
564
535
565
536
entry->id = FLOW_ACTION_CSUM;
566
537
entry->csum_flags = TCA_CSUM_UPDATE_FLAG_IPV4HDR;
···
577
540
entry->csum_flags |= TCA_CSUM_UPDATE_FLAG_UDP;
578
541
break;
579
542
}
543
+
544
+
return 0;
580
545
}
581
546
582
-
static void flow_offload_redirect(struct net *net,
583
-
const struct flow_offload *flow,
584
-
enum flow_offload_tuple_dir dir,
585
-
struct nf_flow_rule *flow_rule)
547
+
static int flow_offload_redirect(struct net *net,
548
+
const struct flow_offload *flow,
549
+
enum flow_offload_tuple_dir dir,
550
+
struct nf_flow_rule *flow_rule)
586
551
{
587
552
const struct flow_offload_tuple *this_tuple, *other_tuple;
588
553
struct flow_action_entry *entry;
···
602
563
ifindex = other_tuple->iifidx;
603
564
break;
604
565
default:
605
-
return;
566
+
return -EOPNOTSUPP;
606
567
}
607
568
608
569
dev = dev_get_by_index(net, ifindex);
609
570
if (!dev)
610
-
return;
571
+
return -ENODEV;
611
572
612
573
entry = flow_action_entry_next(flow_rule);
574
+
if (!entry) {
575
+
dev_put(dev);
576
+
return -E2BIG;
577
+
}
578
+
613
579
entry->id = FLOW_ACTION_REDIRECT;
614
580
entry->dev = dev;
581
+
582
+
return 0;
615
583
}
616
584
617
-
static void flow_offload_encap_tunnel(const struct flow_offload *flow,
618
-
enum flow_offload_tuple_dir dir,
619
-
struct nf_flow_rule *flow_rule)
585
+
static int flow_offload_encap_tunnel(const struct flow_offload *flow,
586
+
enum flow_offload_tuple_dir dir,
587
+
struct nf_flow_rule *flow_rule)
620
588
{
621
589
const struct flow_offload_tuple *this_tuple;
622
590
struct flow_action_entry *entry;
···
631
585
632
586
this_tuple = &flow->tuplehash[dir].tuple;
633
587
if (this_tuple->xmit_type == FLOW_OFFLOAD_XMIT_DIRECT)
634
-
return;
588
+
return 0;
635
589
636
590
dst = this_tuple->dst_cache;
637
591
if (dst && dst->lwtstate) {
···
640
594
tun_info = lwt_tun_info(dst->lwtstate);
641
595
if (tun_info && (tun_info->mode & IP_TUNNEL_INFO_TX)) {
642
596
entry = flow_action_entry_next(flow_rule);
597
+
if (!entry)
598
+
return -E2BIG;
643
599
entry->id = FLOW_ACTION_TUNNEL_ENCAP;
644
600
entry->tunnel = tun_info;
645
601
}
646
602
}
603
+
604
+
return 0;
647
605
}
648
606
649
-
static void flow_offload_decap_tunnel(const struct flow_offload *flow,
650
-
enum flow_offload_tuple_dir dir,
651
-
struct nf_flow_rule *flow_rule)
607
+
static int flow_offload_decap_tunnel(const struct flow_offload *flow,
608
+
enum flow_offload_tuple_dir dir,
609
+
struct nf_flow_rule *flow_rule)
652
610
{
653
611
const struct flow_offload_tuple *other_tuple;
654
612
struct flow_action_entry *entry;
···
660
610
661
611
other_tuple = &flow->tuplehash[!dir].tuple;
662
612
if (other_tuple->xmit_type == FLOW_OFFLOAD_XMIT_DIRECT)
663
-
return;
613
+
return 0;
664
614
665
615
dst = other_tuple->dst_cache;
666
616
if (dst && dst->lwtstate) {
···
669
619
tun_info = lwt_tun_info(dst->lwtstate);
670
620
if (tun_info && (tun_info->mode & IP_TUNNEL_INFO_TX)) {
671
621
entry = flow_action_entry_next(flow_rule);
622
+
if (!entry)
623
+
return -E2BIG;
672
624
entry->id = FLOW_ACTION_TUNNEL_DECAP;
673
625
}
674
626
}
627
+
628
+
return 0;
675
629
}
676
630
677
631
static int
···
687
633
const struct flow_offload_tuple *tuple;
688
634
int i;
689
635
690
-
flow_offload_decap_tunnel(flow, dir, flow_rule);
691
-
flow_offload_encap_tunnel(flow, dir, flow_rule);
636
+
if (flow_offload_decap_tunnel(flow, dir, flow_rule) < 0 ||
637
+
flow_offload_encap_tunnel(flow, dir, flow_rule) < 0)
638
+
return -1;
692
639
693
640
if (flow_offload_eth_src(net, flow, dir, flow_rule) < 0 ||
694
641
flow_offload_eth_dst(net, flow, dir, flow_rule) < 0)
···
705
650
706
651
if (tuple->encap[i].proto == htons(ETH_P_8021Q)) {
707
652
entry = flow_action_entry_next(flow_rule);
653
+
if (!entry)
654
+
return -1;
708
655
entry->id = FLOW_ACTION_VLAN_POP;
709
656
}
710
657
}
···
720
663
continue;
721
664
722
665
entry = flow_action_entry_next(flow_rule);
666
+
if (!entry)
667
+
return -1;
723
668
724
669
switch (other_tuple->encap[i].proto) {
725
670
case htons(ETH_P_PPP_SES):
···
747
688
return -1;
748
689
749
690
if (test_bit(NF_FLOW_SNAT, &flow->flags)) {
750
-
flow_offload_ipv4_snat(net, flow, dir, flow_rule);
751
-
flow_offload_port_snat(net, flow, dir, flow_rule);
691
+
if (flow_offload_ipv4_snat(net, flow, dir, flow_rule) < 0 ||
692
+
flow_offload_port_snat(net, flow, dir, flow_rule) < 0)
693
+
return -1;
752
694
}
753
695
if (test_bit(NF_FLOW_DNAT, &flow->flags)) {
754
-
flow_offload_ipv4_dnat(net, flow, dir, flow_rule);
755
-
flow_offload_port_dnat(net, flow, dir, flow_rule);
696
+
if (flow_offload_ipv4_dnat(net, flow, dir, flow_rule) < 0 ||
697
+
flow_offload_port_dnat(net, flow, dir, flow_rule) < 0)
698
+
return -1;
756
699
}
757
700
if (test_bit(NF_FLOW_SNAT, &flow->flags) ||
758
701
test_bit(NF_FLOW_DNAT, &flow->flags))
759
-
flow_offload_ipv4_checksum(net, flow, flow_rule);
702
+
if (flow_offload_ipv4_checksum(net, flow, flow_rule) < 0)
703
+
return -1;
760
704
761
-
flow_offload_redirect(net, flow, dir, flow_rule);
705
+
if (flow_offload_redirect(net, flow, dir, flow_rule) < 0)
706
+
return -1;
762
707
763
708
return 0;
764
709
}
···
776
713
return -1;
777
714
778
715
if (test_bit(NF_FLOW_SNAT, &flow->flags)) {
779
-
flow_offload_ipv6_snat(net, flow, dir, flow_rule);
780
-
flow_offload_port_snat(net, flow, dir, flow_rule);
716
+
if (flow_offload_ipv6_snat(net, flow, dir, flow_rule) < 0 ||
717
+
flow_offload_port_snat(net, flow, dir, flow_rule) < 0)
718
+
return -1;
781
719
}
782
720
if (test_bit(NF_FLOW_DNAT, &flow->flags)) {
783
-
flow_offload_ipv6_dnat(net, flow, dir, flow_rule);
784
-
flow_offload_port_dnat(net, flow, dir, flow_rule);
721
+
if (flow_offload_ipv6_dnat(net, flow, dir, flow_rule) < 0 ||
722
+
flow_offload_port_dnat(net, flow, dir, flow_rule) < 0)
723
+
return -1;
785
724
}
786
725
787
-
flow_offload_redirect(net, flow, dir, flow_rule);
726
+
if (flow_offload_redirect(net, flow, dir, flow_rule) < 0)
727
+
return -1;
788
728
789
729
return 0;
790
730
}
791
731
EXPORT_SYMBOL_GPL(nf_flow_rule_route_ipv6);
792
-
793
-
#define NF_FLOW_RULE_ACTION_MAX 16
794
732
795
733
static struct nf_flow_rule *
796
734
nf_flow_offload_rule_alloc(struct net *net,
+5
-2
net/netfilter/nf_tables_api.c
+5
-2
net/netfilter/nf_tables_api.c
···
11667
11667
switch (data->verdict.code) {
11668
11668
case NF_ACCEPT:
11669
11669
case NF_DROP:
11670
-
case NF_QUEUE:
11671
-
break;
11672
11670
case NFT_CONTINUE:
11673
11671
case NFT_BREAK:
11674
11672
case NFT_RETURN:
···
11701
11703
11702
11704
data->verdict.chain = chain;
11703
11705
break;
11706
+
case NF_QUEUE:
11707
+
/* The nft_queue expression is used for this purpose, an
11708
+
* immediate NF_QUEUE verdict should not ever be seen here.
11709
+
*/
11710
+
fallthrough;
11704
11711
default:
11705
11712
return -EINVAL;
11706
11713
}
+1
-1
net/netfilter/nfnetlink_log.c
+1
-1
net/netfilter/nfnetlink_log.c
···
726
726
+ nla_total_size(plen) /* prefix */
727
727
+ nla_total_size(sizeof(struct nfulnl_msg_packet_hw))
728
728
+ nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp))
729
-
+ nla_total_size(sizeof(struct nfgenmsg)); /* NLMSG_DONE */
729
+
+ nlmsg_total_size(sizeof(struct nfgenmsg)); /* NLMSG_DONE */
730
730
731
731
if (in && skb_mac_header_was_set(skb)) {
732
732
size += nla_total_size(skb->dev->hard_header_len)
+23
net/netfilter/x_tables.c
+23
net/netfilter/x_tables.c
···
501
501
par->match->table, par->table);
502
502
return -EINVAL;
503
503
}
504
+
505
+
/* NFPROTO_UNSPEC implies NF_INET_* hooks which do not overlap with
506
+
* NF_ARP_IN,OUT,FORWARD, allow explicit extensions with NFPROTO_ARP
507
+
* support.
508
+
*/
509
+
if (par->family == NFPROTO_ARP &&
510
+
par->match->family != NFPROTO_ARP) {
511
+
pr_info_ratelimited("%s_tables: %s match: not valid for this family\n",
512
+
xt_prefix[par->family], par->match->name);
513
+
return -EINVAL;
514
+
}
504
515
if (par->match->hooks && (par->hook_mask & ~par->match->hooks) != 0) {
505
516
char used[64], allow[64];
506
517
···
1027
1016
par->target->table, par->table);
1028
1017
return -EINVAL;
1029
1018
}
1019
+
1020
+
/* NFPROTO_UNSPEC implies NF_INET_* hooks which do not overlap with
1021
+
* NF_ARP_IN,OUT,FORWARD, allow explicit extensions with NFPROTO_ARP
1022
+
* support.
1023
+
*/
1024
+
if (par->family == NFPROTO_ARP &&
1025
+
par->target->family != NFPROTO_ARP) {
1026
+
pr_info_ratelimited("%s_tables: %s target: not valid for this family\n",
1027
+
xt_prefix[par->family], par->target->name);
1028
+
return -EINVAL;
1029
+
}
1030
+
1030
1031
if (par->target->hooks && (par->hook_mask & ~par->target->hooks) != 0) {
1031
1032
char used[64], allow[64];
1032
1033
+6
net/netfilter/xt_cgroup.c
+6
net/netfilter/xt_cgroup.c
···
65
65
66
66
info->priv = NULL;
67
67
if (info->has_path) {
68
+
if (strnlen(info->path, sizeof(info->path)) >= sizeof(info->path))
69
+
return -ENAMETOOLONG;
70
+
68
71
cgrp = cgroup_get_from_path(info->path);
69
72
if (IS_ERR(cgrp)) {
70
73
pr_info_ratelimited("invalid path, errno=%ld\n",
···
105
102
106
103
info->priv = NULL;
107
104
if (info->has_path) {
105
+
if (strnlen(info->path, sizeof(info->path)) >= sizeof(info->path))
106
+
return -ENAMETOOLONG;
107
+
108
108
cgrp = cgroup_get_from_path(info->path);
109
109
if (IS_ERR(cgrp)) {
110
110
pr_info_ratelimited("invalid path, errno=%ld\n",
+5
net/netfilter/xt_rateest.c
+5
net/netfilter/xt_rateest.c
···
91
91
goto err1;
92
92
}
93
93
94
+
if (strnlen(info->name1, sizeof(info->name1)) >= sizeof(info->name1))
95
+
return -ENAMETOOLONG;
96
+
if (strnlen(info->name2, sizeof(info->name2)) >= sizeof(info->name2))
97
+
return -ENAMETOOLONG;
98
+
94
99
ret = -ENOENT;
95
100
est1 = xt_rateest_lookup(par->net, info->name1);
96
101
if (!est1)
+13
-18
net/qrtr/af_qrtr.c
+13
-18
net/qrtr/af_qrtr.c
···
118
118
* @ep: endpoint
119
119
* @ref: reference count for node
120
120
* @nid: node id
121
-
* @qrtr_tx_flow: tree of qrtr_tx_flow, keyed by node << 32 | port
121
+
* @qrtr_tx_flow: xarray of qrtr_tx_flow, keyed by node << 32 | port
122
122
* @qrtr_tx_lock: lock for qrtr_tx_flow inserts
123
123
* @rx_queue: receive queue
124
124
* @item: list item for broadcast list
···
129
129
struct kref ref;
130
130
unsigned int nid;
131
131
132
-
struct radix_tree_root qrtr_tx_flow;
132
+
struct xarray qrtr_tx_flow;
133
133
struct mutex qrtr_tx_lock; /* for qrtr_tx_flow */
134
134
135
135
struct sk_buff_head rx_queue;
···
172
172
struct qrtr_tx_flow *flow;
173
173
unsigned long flags;
174
174
void __rcu **slot;
175
+
unsigned long index;
175
176
176
177
spin_lock_irqsave(&qrtr_nodes_lock, flags);
177
178
/* If the node is a bridge for other nodes, there are possibly
···
190
189
skb_queue_purge(&node->rx_queue);
191
190
192
191
/* Free tx flow counters */
193
-
radix_tree_for_each_slot(slot, &node->qrtr_tx_flow, &iter, 0) {
194
-
flow = *slot;
195
-
radix_tree_iter_delete(&node->qrtr_tx_flow, &iter, slot);
192
+
xa_for_each(&node->qrtr_tx_flow, index, flow)
196
193
kfree(flow);
197
-
}
194
+
xa_destroy(&node->qrtr_tx_flow);
198
195
kfree(node);
199
196
}
200
197
···
227
228
228
229
key = remote_node << 32 | remote_port;
229
230
230
-
rcu_read_lock();
231
-
flow = radix_tree_lookup(&node->qrtr_tx_flow, key);
232
-
rcu_read_unlock();
231
+
flow = xa_load(&node->qrtr_tx_flow, key);
233
232
if (flow) {
234
233
spin_lock(&flow->resume_tx.lock);
235
234
flow->pending = 0;
···
266
269
return 0;
267
270
268
271
mutex_lock(&node->qrtr_tx_lock);
269
-
flow = radix_tree_lookup(&node->qrtr_tx_flow, key);
272
+
flow = xa_load(&node->qrtr_tx_flow, key);
270
273
if (!flow) {
271
274
flow = kzalloc_obj(*flow);
272
275
if (flow) {
273
276
init_waitqueue_head(&flow->resume_tx);
274
-
if (radix_tree_insert(&node->qrtr_tx_flow, key, flow)) {
277
+
if (xa_err(xa_store(&node->qrtr_tx_flow, key, flow,
278
+
GFP_KERNEL))) {
275
279
kfree(flow);
276
280
flow = NULL;
277
281
}
···
324
326
unsigned long key = (u64)dest_node << 32 | dest_port;
325
327
struct qrtr_tx_flow *flow;
326
328
327
-
rcu_read_lock();
328
-
flow = radix_tree_lookup(&node->qrtr_tx_flow, key);
329
-
rcu_read_unlock();
329
+
flow = xa_load(&node->qrtr_tx_flow, key);
330
330
if (flow) {
331
331
spin_lock_irq(&flow->resume_tx.lock);
332
332
flow->tx_failed = 1;
···
595
599
node->nid = QRTR_EP_NID_AUTO;
596
600
node->ep = ep;
597
601
598
-
INIT_RADIX_TREE(&node->qrtr_tx_flow, GFP_KERNEL);
602
+
xa_init(&node->qrtr_tx_flow);
599
603
mutex_init(&node->qrtr_tx_lock);
600
604
601
605
qrtr_node_assign(node, nid);
···
623
627
struct qrtr_tx_flow *flow;
624
628
struct sk_buff *skb;
625
629
unsigned long flags;
630
+
unsigned long index;
626
631
void __rcu **slot;
627
632
628
633
mutex_lock(&node->ep_lock);
···
646
649
647
650
/* Wake up any transmitters waiting for resume-tx from the node */
648
651
mutex_lock(&node->qrtr_tx_lock);
649
-
radix_tree_for_each_slot(slot, &node->qrtr_tx_flow, &iter, 0) {
650
-
flow = *slot;
652
+
xa_for_each(&node->qrtr_tx_flow, index, flow)
651
653
wake_up_interruptible_all(&flow->resume_tx);
652
-
}
653
654
mutex_unlock(&node->qrtr_tx_lock);
654
655
655
656
qrtr_node_release(node);
+6
-1
net/rds/ib_rdma.c
+6
-1
net/rds/ib_rdma.c
···
604
604
return ibmr;
605
605
}
606
606
607
-
if (conn)
607
+
if (conn) {
608
608
ic = conn->c_transport_data;
609
+
if (!ic || !ic->i_cm_id || !ic->i_cm_id->qp) {
610
+
ret = -ENODEV;
611
+
goto out;
612
+
}
613
+
}
609
614
610
615
if (!rds_ibdev->mr_8k_pool || !rds_ibdev->mr_1m_pool) {
611
616
ret = -ENODEV;
+1
net/sched/cls_api.c
+1
net/sched/cls_api.c
+9
-1
net/sched/cls_flow.c
+9
-1
net/sched/cls_flow.c
···
503
503
}
504
504
505
505
if (TC_H_MAJ(baseclass) == 0) {
506
-
struct Qdisc *q = tcf_block_q(tp->chain->block);
506
+
struct tcf_block *block = tp->chain->block;
507
+
struct Qdisc *q;
507
508
509
+
if (tcf_block_shared(block)) {
510
+
NL_SET_ERR_MSG(extack,
511
+
"Must specify baseclass when attaching flow filter to block");
512
+
goto err2;
513
+
}
514
+
515
+
q = tcf_block_q(block);
508
516
baseclass = TC_H_MAKE(q->handle, baseclass);
509
517
}
510
518
if (TC_H_MIN(baseclass) == 0)
+12
-2
net/sched/cls_fw.c
+12
-2
net/sched/cls_fw.c
···
247
247
struct nlattr *tb[TCA_FW_MAX + 1];
248
248
int err;
249
249
250
-
if (!opt)
251
-
return handle ? -EINVAL : 0; /* Succeed if it is old method. */
250
+
if (!opt) {
251
+
if (handle)
252
+
return -EINVAL;
253
+
254
+
if (tcf_block_shared(tp->chain->block)) {
255
+
NL_SET_ERR_MSG(extack,
256
+
"Must specify mark when attaching fw filter to block");
257
+
return -EINVAL;
258
+
}
259
+
260
+
return 0; /* Succeed if it is old method. */
261
+
}
252
262
253
263
err = nla_parse_nested_deprecated(tb, TCA_FW_MAX, opt, fw_policy,
254
264
NULL);
+2
-2
net/sched/sch_hfsc.c
+2
-2
net/sched/sch_hfsc.c
···
555
555
rtsc_min(struct runtime_sc *rtsc, struct internal_sc *isc, u64 x, u64 y)
556
556
{
557
557
u64 y1, y2, dx, dy;
558
-
u32 dsm;
558
+
u64 dsm;
559
559
560
560
if (isc->sm1 <= isc->sm2) {
561
561
/* service curve is convex */
···
598
598
*/
599
599
dx = (y1 - y) << SM_SHIFT;
600
600
dsm = isc->sm1 - isc->sm2;
601
-
do_div(dx, dsm);
601
+
dx = div64_u64(dx, dsm);
602
602
/*
603
603
* check if (x, y1) belongs to the 1st segment of rtsc.
604
604
* if so, add the offset.
+3
-2
net/sched/sch_netem.c
+3
-2
net/sched/sch_netem.c
···
519
519
goto finish_segs;
520
520
}
521
521
522
-
skb->data[get_random_u32_below(skb_headlen(skb))] ^=
523
-
1<<get_random_u32_below(8);
522
+
if (skb_headlen(skb))
523
+
skb->data[get_random_u32_below(skb_headlen(skb))] ^=
524
+
1 << get_random_u32_below(8);
524
525
}
525
526
526
527
if (unlikely(q->t_len >= sch->limit)) {
+1
net/vmw_vsock/af_vsock.c
+1
net/vmw_vsock/af_vsock.c
+6
-3
net/x25/x25_in.c
+6
-3
net/x25/x25_in.c
···
34
34
struct sk_buff *skbo, *skbn = skb;
35
35
struct x25_sock *x25 = x25_sk(sk);
36
36
37
+
/* make sure we don't overflow */
38
+
if (x25->fraglen + skb->len > USHRT_MAX)
39
+
return 1;
40
+
37
41
if (more) {
38
42
x25->fraglen += skb->len;
39
43
skb_queue_tail(&x25->fragment_queue, skb);
···
48
44
if (x25->fraglen > 0) { /* End of fragment */
49
45
int len = x25->fraglen + skb->len;
50
46
51
-
if ((skbn = alloc_skb(len, GFP_ATOMIC)) == NULL){
52
-
kfree_skb(skb);
47
+
skbn = alloc_skb(len, GFP_ATOMIC);
48
+
if (!skbn)
53
49
return 1;
54
-
}
55
50
56
51
skb_queue_tail(&x25->fragment_queue, skb);
57
52
+1
net/x25/x25_subr.c
+1
net/x25/x25_subr.c
+44
tools/testing/selftests/tc-testing/tc-tests/infra/filter.json
+44
tools/testing/selftests/tc-testing/tc-tests/infra/filter.json
···
22
22
"teardown": [
23
23
"$TC qdisc del dev $DUMMY root handle 1: htb default 1"
24
24
]
25
+
},
26
+
{
27
+
"id": "b7e3",
28
+
"name": "Empty fw filter on shared block - rejected at config time",
29
+
"category": [
30
+
"filter",
31
+
"fw"
32
+
],
33
+
"plugins": {
34
+
"requires": "nsPlugin"
35
+
},
36
+
"setup": [
37
+
"$TC qdisc add dev $DEV1 egress_block 1 clsact"
38
+
],
39
+
"cmdUnderTest": "$TC filter add block 1 protocol ip prio 1 fw",
40
+
"expExitCode": "2",
41
+
"verifyCmd": "$TC filter show block 1",
42
+
"matchPattern": "fw",
43
+
"matchCount": "0",
44
+
"teardown": [
45
+
"$TC qdisc del dev $DEV1 clsact"
46
+
]
47
+
},
48
+
{
49
+
"id": "c8f4",
50
+
"name": "Flow filter on shared block without baseclass - rejected at config time",
51
+
"category": [
52
+
"filter",
53
+
"flow"
54
+
],
55
+
"plugins": {
56
+
"requires": "nsPlugin"
57
+
},
58
+
"setup": [
59
+
"$TC qdisc add dev $DEV1 ingress_block 1 clsact"
60
+
],
61
+
"cmdUnderTest": "$TC filter add block 1 protocol ip prio 1 handle 1 flow map key dst",
62
+
"expExitCode": "2",
63
+
"verifyCmd": "$TC filter show block 1",
64
+
"matchPattern": "flow",
65
+
"matchCount": "0",
66
+
"teardown": [
67
+
"$TC qdisc del dev $DEV1 clsact"
68
+
]
25
69
}
26
70
]
+25
tools/testing/selftests/tc-testing/tc-tests/infra/qdiscs.json
+25
tools/testing/selftests/tc-testing/tc-tests/infra/qdiscs.json
···
1111
1111
"teardown": [
1112
1112
"$TC qdisc del dev $DUMMY root handle 1:"
1113
1113
]
1114
+
},
1115
+
{
1116
+
"id": "a3d7",
1117
+
"name": "HFSC with large m1 - no divide-by-zero on class reactivation",
1118
+
"category": [
1119
+
"qdisc",
1120
+
"hfsc"
1121
+
],
1122
+
"plugins": {
1123
+
"requires": "nsPlugin"
1124
+
},
1125
+
"setup": [
1126
+
"$TC qdisc replace dev $DUMMY root handle 1: hfsc default 1",
1127
+
"$TC class replace dev $DUMMY parent 1: classid 1:1 hfsc rt m1 32gbit d 1ms m2 0bit ls m1 32gbit d 1ms m2 0bit",
1128
+
"ping -I$DUMMY -f -c1 -s64 -W1 10.10.10.1 || true",
1129
+
"sleep 1"
1130
+
],
1131
+
"cmdUnderTest": "ping -I$DUMMY -f -c1 -s64 -W1 10.10.10.1 || true",
1132
+
"expExitCode": "0",
1133
+
"verifyCmd": "$TC qdisc show dev $DUMMY",
1134
+
"matchPattern": "qdisc hfsc 1: root",
1135
+
"matchCount": "1",
1136
+
"teardown": [
1137
+
"$TC qdisc del dev $DUMMY handle 1: root"
1138
+
]
1114
1139
}
1115
1140
]