openwrt/staging/blogic.git
7 years agobpf: Fix map-in-map checking in the verifier
Martin KaFai Lau [Fri, 18 Aug 2017 01:14:43 +0000 (18:14 -0700)]
bpf: Fix map-in-map checking in the verifier

In check_map_func_compatibility(), a 'break' has been accidentally
removed for the BPF_MAP_TYPE_ARRAY_OF_MAPS and BPF_MAP_TYPE_HASH_OF_MAPS
cases.  This patch adds it back.

Fixes: 174a79ff9515 ("bpf: sockmap with sk redirect support")
Cc: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'xdp-adjust-xdp-redirect-tracepoint'
David S. Miller [Fri, 18 Aug 2017 23:18:47 +0000 (16:18 -0700)]
Merge branch 'xdp-adjust-xdp-redirect-tracepoint'

Jesper Dangaard Brouer says:

====================
xdp: adjust xdp redirect tracepoint

Working on streamlining the tracepoints for XDP.  The eBPF programs
and XDP have no flow-control or queueing.  Investigating using
tracepoint to provide a feedback on XDP_REDIRECT xmit overflow events.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoxdp: adjust xdp redirect tracepoint to include return error code
Jesper Dangaard Brouer [Thu, 17 Aug 2017 16:22:37 +0000 (18:22 +0200)]
xdp: adjust xdp redirect tracepoint to include return error code

The return error code need to be included in the tracepoint
xdp:xdp_redirect, else its not possible to distinguish successful or
failed XDP_REDIRECT transmits.

XDP have no queuing mechanism. Thus, it is fairly easily to overrun a
NIC transmit queue.  The eBPF program invoking helpers (bpf_redirect
or bpf_redirect_map) to redirect a packet doesn't get any feedback
whether the packet was actually transmitted.

Info on failed transmits in the tracepoint xdp:xdp_redirect, is
interesting as this opens for providing a feedback-loop to the
receiving XDP program.

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoixgbe: change ndo_xdp_xmit return code on xmit errors
Jesper Dangaard Brouer [Thu, 17 Aug 2017 16:22:32 +0000 (18:22 +0200)]
ixgbe: change ndo_xdp_xmit return code on xmit errors

Use errno -ENOSPC ("No space left on device") when the XDP xmit
have no space left on the TX ring buffer, instead of -ENOMEM.

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoliquidio: remove support for deprecated f/w cmd OCTNET_CMD_RESET_PF
Rick Farrington [Thu, 17 Aug 2017 01:30:13 +0000 (18:30 -0700)]
liquidio: remove support for deprecated f/w cmd OCTNET_CMD_RESET_PF

Signed-off-by: Rick Farrington <ricardo.farrington@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: inet: diag: expose sockets cgroup classid
Levin, Alexander (Sasha Levin) [Thu, 17 Aug 2017 00:35:11 +0000 (00:35 +0000)]
net: inet: diag: expose sockets cgroup classid

This is useful for directly looking up a task based on class id rather than
having to scan through all open file descriptors.

Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agomacvlan: add offload features for encapsulation
Dimitris Michailidis [Wed, 16 Aug 2017 21:34:46 +0000 (14:34 -0700)]
macvlan: add offload features for encapsulation

Currently macvlan devices do not set their hw_enc_features making
encapsulated Tx packets resort to SW fallbacks. Add encapsulation GSO
offloads to ->features as is done for the other GSOs and set
->hw_enc_features.

Signed-off-by: Dimitris Michailidis <dmichail@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoliquidio: fix Smatch error
Intiyaz Basha [Fri, 18 Aug 2017 20:07:19 +0000 (13:07 -0700)]
liquidio: fix Smatch error

Fix Smatch error by not dereferencing iq pointer if it's NULL.

See http://marc.info/?l=kernel-janitors&m=150296723301129&w=2

Also, remove unnecessary parentheses.

Fixes: d314ac222829 ("liquidio: moved liquidio_napi_poll to lio_core.c")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoipv4: convert dst_metrics.refcnt from atomic_t to refcount_t
Eric Dumazet [Fri, 18 Aug 2017 19:08:07 +0000 (12:08 -0700)]
ipv4: convert dst_metrics.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetoot...
David S. Miller [Fri, 18 Aug 2017 18:07:46 +0000 (11:07 -0700)]
Merge branch 'for-upstream' of git://git./linux/kernel/git/bluetooth/bluetooth-next

Johan Hedberg says:

====================
pull request: bluetooth-next 2017-08-18

Here's one more bluetooth-next pull request for the 4.14 kernel:

 - Multiple fixes for Broadcom controllers
 - Fixes to the bluecard HCI driver
 - New USB ID for Realtek RTL8723BE controller
 - Fix static analyzer warning with kfree

Please let me know if there are any issues pulling. Thanks.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoipv6: fix false-postive maybe-uninitialized warning
Arnd Bergmann [Fri, 18 Aug 2017 11:34:22 +0000 (13:34 +0200)]
ipv6: fix false-postive maybe-uninitialized warning

Adding a lock around one of the assignments prevents gcc from
tracking the state of the local 'fibmatch' variable, so it can no
longer prove that 'dst' is always initialized, leading to a bogus
warning:

net/ipv6/route.c: In function 'inet6_rtm_getroute':
net/ipv6/route.c:3659:2: error: 'dst' may be used uninitialized in this function [-Werror=maybe-uninitialized]

This moves the other assignment into the same lock to shut up the
warning.

Fixes: 121622dba8da ("ipv6: route: make rtm_getroute not assume rtnl is locked")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'hns3-bug-fixes'
David S. Miller [Fri, 18 Aug 2017 17:31:56 +0000 (10:31 -0700)]
Merge branch 'hns3-bug-fixes'

Salil Mehta says:

====================
Misc. Bug fixes for HNS3 Ethernet Driver

This patch-set fixes various bugs reported by community.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: hns3: Fixes the static check warning due to missing unsupp L3 proto check
Salil [Fri, 18 Aug 2017 11:31:39 +0000 (12:31 +0100)]
net: hns3: Fixes the static check warning due to missing unsupp L3 proto check

This patch fixes the static check warning due to missing handling leg of
unsupported L3 protocol type in the hns3_get_l4_protocol() function.

Fixes: 76ad4f0ee747 ("net: hns3: Add support of HNS3 Ethernet Driver for
hip08 SoC")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: hns3: Fixes the static checker error warning in hns3_get_link_ksettings()
Salil [Fri, 18 Aug 2017 11:31:38 +0000 (12:31 +0100)]
net: hns3: Fixes the static checker error warning in hns3_get_link_ksettings()

This patch fixes the static check error warning in hns3_get_link_ksettings()
function by re-arranging the code.

Fixes: 496d03e960ae ("net: hns3: Add Ethtool support to HNS3 Driver")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: hns3: Fixes the missing u64_stats_fetch_begin_irq in 64-bit stats fetch
Salil [Fri, 18 Aug 2017 11:31:37 +0000 (12:31 +0100)]
net: hns3: Fixes the missing u64_stats_fetch_begin_irq in 64-bit stats fetch

This patch fixes the missing u64_stats_fetch_begin_irq() while trying to
atomically do 64-bit RX/TX fetch. We did not get any error during test
as our SoC is 64-bit so all of these seq/lock operations results in NOOP.

As such, this seq lock supports has been added for the sake of completion
if this code ever runs on 32-bit platform and we are trying to do 64-bit
stats fetch.

Fixes: 76ad4f0ee747 ("net: hns3: Add support of HNS3 Ethernet Driver for
hip08 SoC")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Salil Mehta <salil.mehta@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet/sched: Fix the logic error to decide the ingress qdisc
Chris Mi [Fri, 18 Aug 2017 11:24:20 +0000 (07:24 -0400)]
net/sched: Fix the logic error to decide the ingress qdisc

The offending commit used a newly added helper function.
But the logic is wrong. Without this fix, the affected NICs
can't do HW offload. Error -EOPNOTSUPP will be returned directly.

Fixes: a2e8da9378cc ("net/sched: use newly added classid identity helpers")
Signed-off-by: Chris Mi <chrism@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 's390-qeth-next'
David S. Miller [Fri, 18 Aug 2017 17:21:31 +0000 (10:21 -0700)]
Merge branch 's390-qeth-next'

Julian Wiedmann says:

====================
s390/net: more updates for 4.14

please apply another batch of qeth patches for net-next.
This reworks the xmit path for L2 OSAs to use skb_cow_head() instead of
skb_realloc_headroom().
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agos390/qeth: use skb_cow_head() for L2 OSA xmit
Julian Wiedmann [Fri, 18 Aug 2017 08:19:10 +0000 (10:19 +0200)]
s390/qeth: use skb_cow_head() for L2 OSA xmit

Taking a full copy via skb_realloc_headroom() on every xmit is overkill
and wastes CPU time; all we actually need is to push on the qeth_hdr.
So rework the L2 OSA TX path to avoid the copy.
Minor complications arise because struct qeth_hdr must not cross a page
boundary. So add a new helper qeth_push_hdr() that catches this, and
falls back to the hdr cache that we already use for IQDs.

This change uncovered that qeth's TX completion takes rather long.
Now that we no longer free the original skb straight away and thus call
skb->destructor later than before, throughput regresses significantly.
For now, restore old behaviour by adding an explicit skb_orphan(),
and a big TODO to improve the TX completion time.

Tested-by: Nils Hoppmann <niho@de.ibm.com>
Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agos390/qeth: unify code to build header elements
Julian Wiedmann [Fri, 18 Aug 2017 08:19:09 +0000 (10:19 +0200)]
s390/qeth: unify code to build header elements

After plenty of refactoring, use hd_len as single indication that
the skb needs a dedicated header element.

This preserves existing behaviour for TSO, as 'hdr' always points
to skb->data.

Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agos390/qeth: pass full IQD header length to fill_buffer()
Julian Wiedmann [Fri, 18 Aug 2017 08:19:08 +0000 (10:19 +0200)]
s390/qeth: pass full IQD header length to fill_buffer()

This is a prerequisite for unifying the code to build header elements.
The TSO header has a different size, so we can no longer rely on implicitly
adding the size of a normal qeth_hdr.

No functional change.

Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agos390/qeth: pass TSO data offset to fill_buffer()
Julian Wiedmann [Fri, 18 Aug 2017 08:19:07 +0000 (10:19 +0200)]
s390/qeth: pass TSO data offset to fill_buffer()

For TSO we need to skip the skb's qeth/IP/TCP headers when mapping
it into buffer elements. Instead of (mis)using skb_pull(), pass a
corresponding offset to fill_buffer() like we already do for IQDs.

No actual change in the resulting TSO buffers.

Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agos390/qeth: pass TSO header length to fill_buffer()
Julian Wiedmann [Fri, 18 Aug 2017 08:19:06 +0000 (10:19 +0200)]
s390/qeth: pass TSO header length to fill_buffer()

The TSO code already calculates the length of its header element,
no need to duplicate this in the low-level code again.

Use this opportunity to make hd_len unsigned, and for TSO match
its calculation to what tso_fill_header() does.

No functional change.

Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agos390/qeth: pass full data length to l2_fill_header()
Julian Wiedmann [Fri, 18 Aug 2017 08:19:05 +0000 (10:19 +0200)]
s390/qeth: pass full data length to l2_fill_header()

For IQD we already need to fix up the qeth_hdr's length field, and
future changes will require more flexibility for OSA as well. The
device-specific path knows best what header length it requires, so just
pass it from there.
While at it, remove the unused qeth_card parameter.

No functional change.

Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agos390/qeth: split L2 xmit paths
Julian Wiedmann [Fri, 18 Aug 2017 08:19:04 +0000 (10:19 +0200)]
s390/qeth: split L2 xmit paths

l2_hard_start_xmit() actually doesn't contain much shared code,
and having device-specific paths makes isolated changes a lot easier.
So split it into three routines for IQD, OSN and OSD/OSM/OSX.

No functional change.

Signed-off-by: Julian Wiedmann <jwi@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: fix a return in sockmap_get_from_fd()
Dan Carpenter [Fri, 18 Aug 2017 07:27:02 +0000 (10:27 +0300)]
bpf: fix a return in sockmap_get_from_fd()

"map" is a valid pointer.  We wanted to return "err" instead.  Also
let's return a zero literal at the end.

Fixes: 174a79ff9515 ("bpf: sockmap with sk redirect support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'liquidio-initialization-fixes-for-embedded-firmware'
David S. Miller [Fri, 18 Aug 2017 17:14:26 +0000 (10:14 -0700)]
Merge branch 'liquidio-initialization-fixes-for-embedded-firmware'

Rick Farrington says:

====================
liquidio: initialization fixes for embedded firmware

Fix problems when using an adapter w/embedded f/w (param "fw_type=none").

1. Add support for PF FLR when exiting.
2. Skip some initialization (don't try to load f/w, activate consoles).
3. Issue credits BEFORE enabling DROQs.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoliquidio: with embedded f/w, issue droq credits before enablement
Rick Farrington [Fri, 18 Aug 2017 06:11:30 +0000 (23:11 -0700)]
liquidio: with embedded f/w, issue droq credits before enablement

1. Issue credits BEFORE enabling DROQ's; this prevents PKTPF_ERR interrupt.

Signed-off-by: Rick Farrington <ricardo.farrington@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoliquidio: with embedded f/w, don't reload f/w, issue pf flr at exit
Rick Farrington [Fri, 18 Aug 2017 06:11:25 +0000 (23:11 -0700)]
liquidio: with embedded f/w, don't reload f/w, issue pf flr at exit

1. Add support for PF FLR when exiting
   (enables CORE_DRV_ACTIVE upon next driver init)
2. Skip some initialization (don't try to load f/w, activate consoles).

Signed-off-by: Rick Farrington <ricardo.farrington@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoBluetooth: hci_bcm: Handle empty packet after firmware loading
Marcel Holtmann [Thu, 17 Aug 2017 19:41:09 +0000 (21:41 +0200)]
Bluetooth: hci_bcm: Handle empty packet after firmware loading

The Broadcom controller on the Raspberry Pi3 sends an empty packet with
packet type 0x00 after launching the firmware. This will cause logging
of errors.

  Bluetooth: hci0: Frame reassembly failed (-84)

Since this seems to be an intented behaviour of the controller, handle
it gracefully by parsing that empty packet with packet type 0x00 and
then just simply report it as diagnostic packet.

With that change no errors are logging and the packet itself is actually
recorded in the Bluetooth monitor traces.

  < HCI Command: Broadcom Launch RAM (0x3f|0x004e) plen 4
         Address: 0xffffffff
  > HCI Event: Command Complete (0x0e) plen 4
       Broadcom Launch RAM (0x3f|0x004e) ncmd 1
         Status: Success (0x00)
  = Vendor Diagnostic (len 0)
  < HCI Command: Broadcom Update UART Baud Rate (0x3f|0x0018) plen 6
         00 00 00 10 0e 00                                ......
  > HCI Event: Command Complete (0x0e) plen 4
       Broadcom Update UART Baud Rate (0x3f|0x0018) ncmd 1
         Status: Success (0x00)
  < HCI Command: Reset (0x03|0x0003) plen 0
  > HCI Event: Command Complete (0x0e) plen 4
       Reset (0x03|0x0003) ncmd 1
         Status: Success (0x00)

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
7 years agodt-bindings: net: bluetooth: Add broadcom-bluetooth
Loic Poulain [Thu, 17 Aug 2017 17:59:48 +0000 (19:59 +0200)]
dt-bindings: net: bluetooth: Add broadcom-bluetooth

Add binding document for serial bluetooth chips using
Broadcom protocol.

Signed-off-by: Loic Poulain <loic.poulain@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
7 years agoBluetooth: hci_bcm: Add serdev support
Loic Poulain [Thu, 17 Aug 2017 17:59:51 +0000 (19:59 +0200)]
Bluetooth: hci_bcm: Add serdev support

Add basic support for Broadcom serial slave devices.
Probe the serial device, retrieve its maximum speed and
register a new hci uart device.

Tested/compatible with bcm43438 (RPi3).

Signed-off-by: Loic Poulain <loic.poulain@gmail.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
7 years agoMerge branch 'bpf-smap-followups'
David S. Miller [Thu, 17 Aug 2017 17:25:19 +0000 (10:25 -0700)]
Merge branch 'bpf-smap-followups'

Daniel Borkmann says:

====================
Two BPF smap related followups

Fixing preemption imbalance and consolidating prologue
generation. Thanks!
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: reuse tc bpf prologue for sk skb progs
Daniel Borkmann [Thu, 17 Aug 2017 15:22:37 +0000 (17:22 +0200)]
bpf: reuse tc bpf prologue for sk skb progs

Given both program types are effecitvely doing the same in the
prologue, just reuse the one that we had for tc and only adapt
to the corresponding drop verdict value. That way, we don't need
to have the duplicate from 8a31db561566 ("bpf: add access to sock
fields and pkt data from sk_skb programs") to maintain.

Reported-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: don't enable preemption twice in smap_do_verdict
Daniel Borkmann [Thu, 17 Aug 2017 15:22:36 +0000 (17:22 +0200)]
bpf: don't enable preemption twice in smap_do_verdict

In smap_do_verdict(), the fall-through branch leads to call
preempt_enable() twice for the SK_REDIRECT, which creates an
imbalance. Only enable it for all remaining cases again.

Fixes: 174a79ff9515 ("bpf: sockmap with sk redirect support")
Reported-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: ibm: ibmvnic: constify vio_device_id
Arvind Yadav [Thu, 17 Aug 2017 13:22:54 +0000 (18:52 +0530)]
net: ibm: ibmvnic: constify vio_device_id

vio_device_id are not supposed to change at runtime. All functions
working with vio_device_id provided by <asm/vio.h> work with
const vio_device_id. So mark the non-const structs as const.

Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: ibm: ibmveth: constify vio_device_id
Arvind Yadav [Thu, 17 Aug 2017 13:22:53 +0000 (18:52 +0530)]
net: ibm: ibmveth: constify vio_device_id

vio_device_id are not supposed to change at runtime. All functions
working with vio_device_id provided by <asm/vio.h> work with
const vio_device_id. So mark the non-const structs as const.

Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: no need to nullify ri->map in xdp_do_redirect
Daniel Borkmann [Thu, 17 Aug 2017 13:07:22 +0000 (15:07 +0200)]
bpf: no need to nullify ri->map in xdp_do_redirect

We are guaranteed to have a NULL ri->map in this branch since
we test for it earlier, so we don't need to reset it here.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: fix liveness propagation to parent in spilled stack slots
Daniel Borkmann [Thu, 17 Aug 2017 12:59:40 +0000 (14:59 +0200)]
bpf: fix liveness propagation to parent in spilled stack slots

Using parent->regs[] when propagating REG_LIVE_READ for spilled regs
doesn't work since parent->regs[] denote the set of normal registers
but not spilled ones. Propagate to the correct regs.

Fixes: dc503a8ad984 ("bpf/verifier: track liveness for pruning")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: hns3: ensure media_type is unitialized
Colin Ian King [Thu, 17 Aug 2017 09:01:07 +0000 (10:01 +0100)]
net: hns3: ensure media_type is unitialized

Media type is only set if h->ae_algo->ops->get_media_type is called
so there is a possibility that media_type is uninitialized when it is
used a switch statement.  Fix this by initializing media_type to
HNAE3_MEDIA_TYPE_UNKNOWN.

Detected by CoverityScan, CID#1452624("Uninitialized scalar variable")

Fixes: 496d03e960ae ("net: hns3: Add Ethtool support to HNS3 driver")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoliquidio: fix spelling mistake: "interuupt" -> "interrupt"
Colin Ian King [Thu, 17 Aug 2017 08:19:30 +0000 (09:19 +0100)]
liquidio: fix spelling mistake: "interuupt" -> "interrupt"

Trivial fix to spelling mistake in dev_info message

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoBluetooth: btbcm: Consolidate the controller information commands
Marcel Holtmann [Thu, 17 Aug 2017 09:02:40 +0000 (11:02 +0200)]
Bluetooth: btbcm: Consolidate the controller information commands

The commands that read the basic vendor information about the Broadcom
controller are duplicated for UART and USB devices. Combine them into a
single function to reduce the code complexity.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
7 years agoMerge branch 'vmbus-sendpacket-cleanups'
David S. Miller [Wed, 16 Aug 2017 23:27:45 +0000 (16:27 -0700)]
Merge branch 'vmbus-sendpacket-cleanups'

Stephen Hemminger says:

====================
vmbus sendpacket cleanups

These patches remove and consolidate vmbus_sendpacket functions.

They should go through the net-next tree since these API's
were only used by the netvsc driver.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agovmbus: remove unused vmbus_sendpacket_ctl
stephen hemminger [Wed, 16 Aug 2017 15:56:26 +0000 (08:56 -0700)]
vmbus: remove unused vmbus_sendpacket_ctl

The only usage of vmbus_sendpacket_ctl was by vmbus_sendpacket.

Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agovmbus: remove unused vmubs_sendpacket_pagebuffer_ctl
stephen hemminger [Wed, 16 Aug 2017 15:56:25 +0000 (08:56 -0700)]
vmbus: remove unused vmubs_sendpacket_pagebuffer_ctl

The function vmbus_sendpacket_pagebuffer_ctl was never used directly.
Just have vmbus_send_pagebuffer

Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agovmbus: remove unused vmbus_sendpacket_multipagebuffer
stephen hemminger [Wed, 16 Aug 2017 15:56:24 +0000 (08:56 -0700)]
vmbus: remove unused vmbus_sendpacket_multipagebuffer

This function is not used anywhere in current code.

Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agotcp: Export tcp_{sendpage,sendmsg}_locked() for ipv6.
David S. Miller [Wed, 16 Aug 2017 22:40:44 +0000 (15:40 -0700)]
tcp: Export tcp_{sendpage,sendmsg}_locked() for ipv6.

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'sockmap-build-fixes'
David S. Miller [Wed, 16 Aug 2017 22:34:13 +0000 (15:34 -0700)]
Merge branch 'sockmap-build-fixes'

John Fastabend says:

====================
bpf: sockmap build fixes

Two build fixes for sockmap, this should resolve the build errors
and warnings that were reported. Thanks everyone.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: sock_map fixes for !CONFIG_BPF_SYSCALL and !STREAM_PARSER
John Fastabend [Wed, 16 Aug 2017 22:02:32 +0000 (15:02 -0700)]
bpf: sock_map fixes for !CONFIG_BPF_SYSCALL and !STREAM_PARSER

Resolve issues with !CONFIG_BPF_SYSCALL and !STREAM_PARSER

net/core/filter.c: In function â€˜do_sk_redirect_map’:
net/core/filter.c:1881:3: error: implicit declaration of function â€˜__sock_map_lookup_elem’ [-Werror=implicit-function-declaration]
   sk = __sock_map_lookup_elem(ri->map, ri->ifindex);
   ^
net/core/filter.c:1881:6: warning: assignment makes pointer from integer without a cast [enabled by default]
   sk = __sock_map_lookup_elem(ri->map, ri->ifindex);

Fixes: 174a79ff9515 ("bpf: sockmap with sk redirect support")
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: sockmap state change warning fix
John Fastabend [Wed, 16 Aug 2017 22:02:12 +0000 (15:02 -0700)]
bpf: sockmap state change warning fix

psock will uninitialized in default case we need to do the same psock lookup
and check as in other branch. Fixes compile warning below.

kernel/bpf/sockmap.c: In function â€˜smap_state_change’:
kernel/bpf/sockmap.c:156:21: warning: â€˜psock’ may be used uninitialized in this function [-Wmaybe-uninitialized]
  struct smap_psock *psock;

Fixes: 174a79ff9515 ("bpf: sockmap with sk redirect support")
Reported-by: David Miller <davem@davemloft.net>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: sched: cls_flower: fix ndo_setup_tc type for stats call
Jiri Pirko [Wed, 16 Aug 2017 15:15:18 +0000 (17:15 +0200)]
net: sched: cls_flower: fix ndo_setup_tc type for stats call

I made a stupid mistake using TC_CLSFLOWER_STATS instead of
TC_SETUP_CLSFLOWER. Funny thing is that both are defined as "2" so it
actually did not cause any harm. Anyway, fixing it now.

Fixes: 2572ac53c46f ("net: sched: make type an argument for ndo_setup_tc")
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agotun: make tun_build_skb() thread safe
Eric Dumazet [Wed, 16 Aug 2017 14:14:33 +0000 (22:14 +0800)]
tun: make tun_build_skb() thread safe

tun_build_skb() is not thread safe since it uses per queue page frag,
this will break things when multiple threads are sending through same
queue. Switch to use per-thread generator (no lock involved).

Fixes: 66ccbc9c87c2 ("tap: use build_skb() for small packet")
Tested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet/mlx4: fix spelling mistake: "availible" -> "available"
Colin Ian King [Wed, 16 Aug 2017 09:05:11 +0000 (10:05 +0100)]
net/mlx4: fix spelling mistake: "availible" -> "available"

Trivial fix to spelling mistakes in the mlx4 driver

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Yuval Shaia <yuval.shaia@oracle.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoqdisc: add tracepoint qdisc:qdisc_dequeue for dequeued SKBs
Jesper Dangaard Brouer [Tue, 15 Aug 2017 19:11:03 +0000 (21:11 +0200)]
qdisc: add tracepoint qdisc:qdisc_dequeue for dequeued SKBs

The main purpose of this tracepoint is to monitor bulk dequeue
in the network qdisc layer, as it cannot be deducted from the
existing qdisc stats.

The txq_state can be used for determining the reason for zero packet
dequeues, see enum netdev_queue_state_t.

Notice all packets doesn't necessary activate this tracepoint. As
qdiscs with flag TCQ_F_CAN_BYPASS, can directly invoke
sch_direct_xmit() when qdisc_qlen is zero.

Remember that perf record supports filters like:

 perf record -e qdisc:qdisc_dequeue \
  --filter 'ifindex == 4 && (packets > 1 || txq_state > 0)'

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'nfp-process-MTU-updates-from-firmware-flower-app'
David S. Miller [Wed, 16 Aug 2017 18:36:45 +0000 (11:36 -0700)]
Merge branch 'nfp-process-MTU-updates-from-firmware-flower-app'

Simon Horman says:

====================
nfp: process MTU updates from firmware flower app

The first patch of this series moves processing of control messages from a
BH handler to a workqueue. That change makes it safe to process MTU
updates from the firmware which is added by the second patch of this
series.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonfp: process MTU updates from firmware flower app
Simon Horman [Wed, 16 Aug 2017 07:37:44 +0000 (09:37 +0200)]
nfp: process MTU updates from firmware flower app

Now that control message processing occurs in a workqueue rather than a BH
handler MTU updates received from the firmware may be safely processed.

Signed-off-by: Simon Horman <simon.horman@netronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonfp: process control messages in workqueue in flower app
Simon Horman [Wed, 16 Aug 2017 07:37:43 +0000 (09:37 +0200)]
nfp: process control messages in workqueue in flower app

Processing of control messages is not time-critical and future processing
of some messages will require taking the RTNL which is not possible
in a BH handler. It seems simplest to move all control message processing
to a workqueue.

Signed-off-by: Simon Horman <simon.horman@netronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: devmap: remove unnecessary value size check
John Fastabend [Wed, 16 Aug 2017 06:35:12 +0000 (23:35 -0700)]
bpf: devmap: remove unnecessary value size check

In the devmap alloc map logic we check to ensure that the sizeof the
values are not greater than KMALLOC_MAX_SIZE. But, in the dev map case
we ensure the value size is 4bytes earlier in the function because all
values should be netdev ifindex values.

The second check is harmless but is not needed so remove it.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'bpf-sockmap'
David S. Miller [Wed, 16 Aug 2017 18:27:53 +0000 (11:27 -0700)]
Merge branch 'bpf-sockmap'

John Fastabend says:

====================
BPF: sockmap and sk redirect support

This series implements a sockmap and socket redirect helper for BPF
using a model similar to XDP netdev redirect. A sockmap is a BPF map
type that holds references to sock structs. Then with a new sk
redirect bpf helper BPF programs can use the map to redirect skbs
between sockets,

      bpf_sk_redirect_map(map, key, flags)

Finally, we need a call site to attach our BPF logic to do socket
redirects. We added hooks to recv_sock using the existing strparser
infrastructure to do this. The call site is added via the BPF attach
map call. To enable users to use this infrastructure a new BPF program
BPF_PROG_TYPE_SK_SKB is created that allows users to reference sock
details, such as port and ip address fields, to build useful socket
layer program. The sockmap datapath is as follows,

     recv -> strparser -> verdict/action

where this series implements the drop and redirect actions.
Additional, actions can be added as needed.

A sample program is provided to illustrate how a sockmap can
be integrated with cgroups and used to add/delete sockets in
a sockmap. The program is simple but should show many of the
key ideas.

To test this work test_maps in selftests/bpf was leveraged.
We added a set of tests to add sockets and do send/recv ops
on the sockets to ensure correct behavior. Additionally, the
selftests tests a series of negative test cases. We can expand
on this in the future.

I also have a basic test program I use with iperf/netperf
clients that could be sent as an additional sample if folks
want this. It needs a bit of cleanup to send to the list and
wasn't included in this series.

For people who prefer git over pulling patches out of their mail
editor I've posted the code here,

https://github.com/jrfastab/linux-kernel-xdp/tree/sockmap

For some background information on the genesis of this work
it might be helpful to review these slides from netconf 2017
by Thomas Graf,

http://vger.kernel.org/netconf2017.html
https://docs.google.com/a/covalent.io/presentation/d/1dwSKSBGpUHD3WO5xxzZWj8awV_-xL-oYhvqQMOBhhtk/edit?usp=sharing

Thanks to Daniel Borkmann for reviewing and providing initial
feedback.
====================

Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: selftests add sockmap tests
John Fastabend [Wed, 16 Aug 2017 05:34:22 +0000 (22:34 -0700)]
bpf: selftests add sockmap tests

This generates a set of sockets, attaches BPF programs, and sends some
simple traffic using basic send/recv pattern. Additionally, we do a bunch
of negative tests to ensure adding/removing socks out of the sockmap fail
correctly.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: selftests: add tests for new __sk_buff members
John Fastabend [Wed, 16 Aug 2017 05:33:56 +0000 (22:33 -0700)]
bpf: selftests: add tests for new __sk_buff members

This adds tests to access new __sk_buff members from sk skb program
type.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: sockmap sample program
John Fastabend [Wed, 16 Aug 2017 05:33:32 +0000 (22:33 -0700)]
bpf: sockmap sample program

This program binds a program to a cgroup and then matches hard
coded IP addresses and adds these to a sockmap.

This will receive messages from the backend and send them to
the client.

     client:X <---> frontend:10000 client:X <---> backend:10001

To keep things simple this is only designed for 1:1 connections
using hard coded values. A more complete example would allow many
backends and clients.

To run,

 # sockmap <cgroup2_dir>

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: add access to sock fields and pkt data from sk_skb programs
John Fastabend [Wed, 16 Aug 2017 05:33:09 +0000 (22:33 -0700)]
bpf: add access to sock fields and pkt data from sk_skb programs

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: sockmap with sk redirect support
John Fastabend [Wed, 16 Aug 2017 05:32:47 +0000 (22:32 -0700)]
bpf: sockmap with sk redirect support

Recently we added a new map type called dev map used to forward XDP
packets between ports (6093ec2dc313). This patches introduces a
similar notion for sockets.

A sockmap allows users to add participating sockets to a map. When
sockets are added to the map enough context is stored with the
map entry to use the entry with a new helper

  bpf_sk_redirect_map(map, key, flags)

This helper (analogous to bpf_redirect_map in XDP) is given the map
and an entry in the map. When called from a sockmap program, discussed
below, the skb will be sent on the socket using skb_send_sock().

With the above we need a bpf program to call the helper from that will
then implement the send logic. The initial site implemented in this
series is the recv_sock hook. For this to work we implemented a map
attach command to add attributes to a map. In sockmap we add two
programs a parse program and a verdict program. The parse program
uses strparser to build messages and pass them to the verdict program.
The parse programs use the normal strparser semantics. The verdict
program is of type SK_SKB.

The verdict program returns a verdict SK_DROP, or  SK_REDIRECT for
now. Additional actions may be added later. When SK_REDIRECT is
returned, expected when bpf program uses bpf_sk_redirect_map(), the
sockmap logic will consult per cpu variables set by the helper routine
and pull the sock entry out of the sock map. This pattern follows the
existing redirect logic in cls and xdp programs.

This gives the flow,

 recv_sock -> str_parser (parse_prog) -> verdict_prog -> skb_send_sock
                                                     \
                                                      -> kfree_skb

As an example use case a message based load balancer may use specific
logic in the verdict program to select the sock to send on.

Sample programs are provided in future patches that hopefully illustrate
the user interfaces. Also selftests are in follow-on patches.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: export bpf_prog_inc_not_zero
John Fastabend [Wed, 16 Aug 2017 05:32:22 +0000 (22:32 -0700)]
bpf: export bpf_prog_inc_not_zero

bpf_prog_inc_not_zero will be used by upcoming sockmap patches this
patch simply exports it so we can pull it in.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: introduce new program type for skbs on sockets
John Fastabend [Wed, 16 Aug 2017 05:31:58 +0000 (22:31 -0700)]
bpf: introduce new program type for skbs on sockets

A class of programs, run from strparser and soon from a new map type
called sock map, are used with skb as the context but on established
sockets. By creating a specific program type for these we can use
bpf helpers that expect full sockets and get the verifier to ensure
these helpers are not used out of context.

The new type is BPF_PROG_TYPE_SK_SKB. This patch introduces the
infrastructure and type.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: fixes for skb_send_sock
John Fastabend [Wed, 16 Aug 2017 05:31:34 +0000 (22:31 -0700)]
net: fixes for skb_send_sock

A couple fixes to new skb_send_sock infrastructure. However, no users
currently exist for this code (adding user in next handful of patches)
so it should not be possible to trigger a panic with existing in-kernel
code.

Fixes: 306b13eb3cf9 ("proto_ops: Add locked held versions of sendmsg and sendpage")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: add sendmsg_locked and sendpage_locked to af_inet6
John Fastabend [Wed, 16 Aug 2017 05:31:10 +0000 (22:31 -0700)]
net: add sendmsg_locked and sendpage_locked to af_inet6

To complete the sendmsg_locked and sendpage_locked implementation add
the hooks for af_inet6 as well.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: early init support for strparser
John Fastabend [Wed, 16 Aug 2017 05:30:47 +0000 (22:30 -0700)]
net: early init support for strparser

It is useful to allow strparser to init sockets before the read_sock
callback has been established.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: 3c509: constify pnp_device_id
Arvind Yadav [Wed, 16 Aug 2017 04:55:59 +0000 (10:25 +0530)]
net: 3c509: constify pnp_device_id

pnp_device_id are not supposed to change at runtime. All functions
working with pnp_device_id provided by <linux/pnp.h> work with
const pnp_device_id. So mark the non-const structs as const.

Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoliquidio: update VF's netdev->max_mtu if there's a change in PF's MTU
Veerasenareddy Burru [Tue, 15 Aug 2017 23:26:22 +0000 (16:26 -0700)]
liquidio: update VF's netdev->max_mtu if there's a change in PF's MTU

A VF's MTU is capped at the parent PF's MTU.  So if there's a change in the
PF's MTU, then update the VF's netdev->max_mtu.

Also remove duplicate log messages for MTU change.

Signed-off-by: Veerasenareddy Burru <veerasenareddy.burru@cavium.com>
Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'net-sizeof-cleanups'
David S. Miller [Wed, 16 Aug 2017 18:01:58 +0000 (11:01 -0700)]
Merge branch 'net-sizeof-cleanups'

Stephen Hemminger says:

====================
net: various sizeof cleanups

Noticed some places that were using sizeof as an operator.
This is legal C but is not the convention used in the kernel.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agomlx4: sizeof style usage
stephen hemminger [Tue, 15 Aug 2017 17:29:19 +0000 (10:29 -0700)]
mlx4: sizeof style usage

The kernel coding style is to treat sizeof as a function
(ie. with parenthesis) not as an operator.

Also use kcalloc and kmalloc_array

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoskge: add paren around sizeof arg
stephen hemminger [Tue, 15 Aug 2017 17:29:18 +0000 (10:29 -0700)]
skge: add paren around sizeof arg

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agovirtio: put paren around sizeof
stephen hemminger [Tue, 15 Aug 2017 17:29:17 +0000 (10:29 -0700)]
virtio: put paren around sizeof

Kernel coding style is to put paren around operand of sizeof.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agotun/tap: use paren's with sizeof
stephen hemminger [Tue, 15 Aug 2017 17:29:16 +0000 (10:29 -0700)]
tun/tap: use paren's with sizeof

Although sizeof is an operator in C. The kernel coding style convention
is to always use it like a function and add parenthesis.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet_sched/hfsc: opencode trivial set_active() and set_passive()
Konstantin Khlebnikov [Tue, 15 Aug 2017 13:40:03 +0000 (16:40 +0300)]
net_sched/hfsc: opencode trivial set_active() and set_passive()

Any move comment abount update_vf() into right place.

Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet_sched: call qlen_notify only if child qdisc is empty
Konstantin Khlebnikov [Tue, 15 Aug 2017 13:39:59 +0000 (16:39 +0300)]
net_sched: call qlen_notify only if child qdisc is empty

This callback is used for deactivating class in parent qdisc.
This is cheaper to test queue length right here.

Also this allows to catch draining screwed backlog and prevent
second deactivation of already inactive parent class which will
crash kernel for sure. Kernel with print warning at destruction
of child qdisc where no packets but backlog is not zero.

Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoBluetooth: hci_bcm: Use operation speed of 4Mbps only for ACPI devices
Marcel Holtmann [Wed, 16 Aug 2017 07:53:30 +0000 (09:53 +0200)]
Bluetooth: hci_bcm: Use operation speed of 4Mbps only for ACPI devices

Not all Broadcom controller support the 4Mbps operational speed on UART
devices. This is because the UART clock setting changes might not be
supported.

  < HCI Command: Broadcom Write UART Clock Setting (0x3f|0x0045) plen 1
         01                                               .
  > HCI Event: Command Complete (0x0e) plen 4
       Broadcom Write UART Clock Setting (0x3f|0x0045) ncmd 1
         Status: Unknown HCI Command (0x01)

To support any operational speed higher than 3Mbps, support for this
command is required. With that respect it is better to not enforce any
operational speed by default. Only when its support is known, then allow
for higher operational speed.

This patch assigns the 4Mbps opertional speed only for devices
discovered through ACPI and leave all others at the default 115200.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
7 years agoBluetooth: btusb: driver to enable the usb-wakeup feature
Sukumar Ghorai [Wed, 16 Aug 2017 21:46:55 +0000 (14:46 -0700)]
Bluetooth: btusb: driver to enable the usb-wakeup feature

BT-Controller connected as platform non-root-hub device and
usb-driver initialize such device with wakeup disabled,
Ref. usb_new_device().

At present wakeup-capability get enabled by hid-input device from usb
function driver(e.g. BT HID device) at runtime. Again some functional
driver does not set usb-wakeup capability(e.g LE HID device implement
as HID-over-GATT), and can't wakeup the host on USB.

Most of the device operation (such as mass storage) initiated from host
(except HID) and USB wakeup aligned with host resume procedure. For BT
device, usb-wakeup capability need to enable form btusc driver as a
generic solution for multiple profile use case and required for USB remote
wakeup (in-bus wakeup) while host is suspended. Also usb-wakeup feature
need to enable/disable with HCI interface up and down.

Signed-off-by: Sukumar Ghorai <sukumar.ghorai@intel.com>
Signed-off-by: Amit K Bag <amit.k.bag@intel.com>
Acked-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
7 years agoMerge branch 'liquidio-adding-support-for-ethtool-set-channels-feature'
David S. Miller [Wed, 16 Aug 2017 04:05:31 +0000 (21:05 -0700)]
Merge branch 'liquidio-adding-support-for-ethtool-set-channels-feature'

Intiyaz Basha says:

====================
liquidio: adding support for ethtool --set-channels feature

Code reorganization is required for adding ethtool --set-channels feature.
First three patches are for code reorganization.  The last patch is for
adding this feature.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoliquidio: added support for ethtool --set-channels feature
Intiyaz Basha [Tue, 15 Aug 2017 19:46:18 +0000 (12:46 -0700)]
liquidio: added support for ethtool --set-channels feature

adding support for ethtool --set-channels feature

Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoliquidio: moved octeon_setup_interrupt to lio_core.c
Intiyaz Basha [Tue, 15 Aug 2017 19:46:15 +0000 (12:46 -0700)]
liquidio: moved octeon_setup_interrupt to lio_core.c

Moving common octeon_setup_interrupt to lio_core.c

Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoliquidio: moved liquidio_legacy_intr_handler to lio_core.c
Intiyaz Basha [Tue, 15 Aug 2017 19:46:11 +0000 (12:46 -0700)]
liquidio: moved liquidio_legacy_intr_handler to lio_core.c

Moving liquidio_legacy_intr_handler to lio_core.c

Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoliquidio: moved liquidio_msix_intr_handler to lio_core.c
Intiyaz Basha [Tue, 15 Aug 2017 19:46:05 +0000 (12:46 -0700)]
liquidio: moved liquidio_msix_intr_handler to lio_core.c

Moving common liquidio_msix_intr_handler to lio_core.c

Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
David S. Miller [Wed, 16 Aug 2017 03:23:23 +0000 (20:23 -0700)]
Merge git://git./linux/kernel/git/davem/net

7 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Wed, 16 Aug 2017 01:52:28 +0000 (18:52 -0700)]
Merge git://git./linux/kernel/git/davem/net

Pull networking fixes from David Miller:

 1) Fix TCP checksum offload handling in iwlwifi driver, from Emmanuel
    Grumbach.

 2) In ksz DSA tagging code, free SKB if skb_put_padto() fails. From
    Vivien Didelot.

 3) Fix two regressions with bonding on wireless, from Andreas Born.

 4) Fix build when busypoll is disabled, from Daniel Borkmann.

 5) Fix copy_linear_skb() wrt. SO_PEEK_OFF, from Eric Dumazet.

 6) Set SKB cached route properly in inet_rtm_getroute(), from Florian
    Westphal.

 7) Fix PCI-E relaxed ordering handling in cxgb4 driver, from Ding
    Tianhong.

 8) Fix module refcnt leak in ULP code, from Sabrina Dubroca.

 9) Fix use of GFP_KERNEL in atomic contexts in AF_KEY code, from Eric
    Dumazet.

10) Need to purge socket write queue in dccp_destroy_sock(), also from
    Eric Dumazet.

11) Make bpf_trace_printk() work properly on 32-bit architectures, from
    Daniel Borkmann.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (47 commits)
  bpf: fix bpf_trace_printk on 32 bit archs
  PCI: fix oops when try to find Root Port for a PCI device
  sfc: don't try and read ef10 data on non-ef10 NIC
  net_sched: remove warning from qdisc_hash_add
  net_sched/sfq: update hierarchical backlog when drop packet
  net_sched: reset pointers to tcf blocks in classful qdiscs' destructors
  ipv4: fix NULL dereference in free_fib_info_rcu()
  net: Fix a typo in comment about sock flags.
  ipv6: fix NULL dereference in ip6_route_dev_notify()
  tcp: fix possible deadlock in TCP stack vs BPF filter
  dccp: purge write queue in dccp_destroy_sock()
  udp: fix linear skb reception with PEEK_OFF
  ipv6: release rt6->rt6i_idev properly during ifdown
  af_key: do not use GFP_KERNEL in atomic contexts
  tcp: ulp: avoid module refcnt leak in tcp_set_ulp
  net/cxgb4vf: Use new PCI_DEV_FLAGS_NO_RELAXED_ORDERING flag
  net/cxgb4: Use new PCI_DEV_FLAGS_NO_RELAXED_ORDERING flag
  PCI: Disable Relaxed Ordering Attributes for AMD A1100
  PCI: Disable Relaxed Ordering for some Intel processors
  PCI: Disable PCIe Relaxed Ordering if unsupported
  ...

7 years agobpf: fix bpf_trace_printk on 32 bit archs
Daniel Borkmann [Tue, 15 Aug 2017 23:45:33 +0000 (01:45 +0200)]
bpf: fix bpf_trace_printk on 32 bit archs

James reported that on MIPS32 bpf_trace_printk() is currently
broken while MIPS64 works fine:

  bpf_trace_printk() uses conditional operators to attempt to
  pass different types to __trace_printk() depending on the
  format operators. This doesn't work as intended on 32-bit
  architectures where u32 and long are passed differently to
  u64, since the result of C conditional operators follows the
  "usual arithmetic conversions" rules, such that the values
  passed to __trace_printk() will always be u64 [causing issues
  later in the va_list handling for vscnprintf()].

  For example the samples/bpf/tracex5 test printed lines like
  below on MIPS32, where the fd and buf have come from the u64
  fd argument, and the size from the buf argument:

    [...] 1180.941542: 0x00000001: write(fd=1, buf=  (null), size=6258688)

  Instead of this:

    [...] 1625.616026: 0x00000001: write(fd=1, buf=009e4000, size=512)

One way to get it working is to expand various combinations
of argument types into 8 different combinations for 32 bit
and 64 bit kernels. Fix tested by James on MIPS32 and MIPS64
as well that it resolves the issue.

Fixes: 9c959c863f82 ("tracing: Allow BPF programs to call bpf_trace_printk()")
Reported-by: James Hogan <james.hogan@imgtec.com>
Tested-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoPCI: fix oops when try to find Root Port for a PCI device
dingtianhong [Tue, 15 Aug 2017 15:24:48 +0000 (23:24 +0800)]
PCI: fix oops when try to find Root Port for a PCI device

Eric report a oops when booting the system after applying
the commit a99b646afa8a ("PCI: Disable PCIe Relaxed..."):

[    4.241029] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
[    4.247001] IP: pci_find_pcie_root_port+0x62/0x80
[    4.253011] PGD 0
[    4.253011] P4D 0
[    4.253011]
[    4.258013] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[    4.262015] Modules linked in:
[    4.265005] CPU: 31 PID: 1 Comm: swapper/0 Not tainted 4.13.0-dbx-DEV #316
[    4.271002] Hardware name: Intel RML,PCH/Iota_QC_19, BIOS 2.40.0 06/22/2016
[    4.279002] task: ffffa2ee38cfa040 task.stack: ffffa51ec0004000
[    4.285001] RIP: 0010:pci_find_pcie_root_port+0x62/0x80
[    4.290012] RSP: 0000:ffffa51ec0007ab8 EFLAGS: 00010246
[    4.295003] RAX: 0000000000000000 RBX: ffffa2ee36bae000 RCX: 0000000000000006
[    4.303002] RDX: 000000000000081c RSI: ffffa2ee38cfa8c8 RDI: ffffa2ee36bae000
[    4.310013] RBP: ffffa51ec0007b58 R08: 0000000000000001 R09: 0000000000000000
[    4.317001] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa51ec0007ad0
[    4.324005] R13: ffffa2ee36bae098 R14: 0000000000000002 R15: ffffa2ee37204818
[    4.331002] FS:  0000000000000000(0000) GS:ffffa2ee3fcc0000(0000) knlGS:0000000000000000
[    4.339002] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    4.345001] CR2: 0000000000000050 CR3: 000000401000f000 CR4: 00000000001406e0
[    4.351002] Call Trace:
[    4.354012]  ? pci_configure_device+0x19f/0x570
[    4.359002]  ? pci_conf1_read+0xb8/0xf0
[    4.363002]  ? raw_pci_read+0x23/0x40
[    4.366011]  ? pci_read+0x2c/0x30
[    4.370014]  ? pci_read_config_word+0x67/0x70
[    4.374012]  pci_device_add+0x28/0x230
[    4.378012]  ? pci_vpd_f0_read+0x50/0x80
[    4.382014]  pci_scan_single_device+0x96/0xc0
[    4.386012]  pci_scan_slot+0x79/0xf0
[    4.389001]  pci_scan_child_bus+0x31/0x180
[    4.394014]  acpi_pci_root_create+0x1c6/0x240
[    4.398013]  pci_acpi_scan_root+0x15f/0x1b0
[    4.402012]  acpi_pci_root_add+0x2e6/0x400
[    4.406012]  ? acpi_evaluate_integer+0x37/0x60
[    4.411002]  acpi_bus_attach+0xdf/0x200
[    4.415002]  acpi_bus_attach+0x6a/0x200
[    4.418014]  acpi_bus_attach+0x6a/0x200
[    4.422013]  acpi_bus_scan+0x38/0x70
[    4.426011]  acpi_scan_init+0x10c/0x271
[    4.429001]  acpi_init+0x2fa/0x348
[    4.433004]  ? acpi_sleep_proc_init+0x2d/0x2d
[    4.437001]  do_one_initcall+0x43/0x169
[    4.441001]  kernel_init_freeable+0x1d0/0x258
[    4.445003]  ? rest_init+0xe0/0xe0
[    4.449001]  kernel_init+0xe/0x150

====================== cut here =============================

It looks like the pci_find_pcie_root_port() was trying to
find the Root Port for the PCI device which is the Root
Port already, it will return NULL and trigger the problem,
so check the highest_pcie_bridge to fix thie problem.

Fixes: a99b646afa8a ("PCI: Disable PCIe Relaxed Ordering if unsupported")
Fixes: c56d4450eb68 ("PCI: Turn off Request Attributes to avoid Chelsio T5 Completion erratum")
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Ding Tianhong <dingtianhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agodt-bindings: net: ravb : Add support for r8a7745 SoC
Biju Das [Tue, 15 Aug 2017 14:40:20 +0000 (15:40 +0100)]
dt-bindings: net: ravb : Add support for r8a7745 SoC

Add a new compatible string for the RZ/G1E (R8A7745) SoC.

Signed-off-by: Biju Das <biju.das@bp.renesas.com>
Acked-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'getroute-no-rtnl'
David S. Miller [Wed, 16 Aug 2017 00:20:55 +0000 (17:20 -0700)]
Merge branch 'getroute-no-rtnl'

Florian Westphal says:

====================
ipv4 getroute doesn't assume rtnl lock is held anymore, also make
this true for ipv6, then switch both to DOIT_UNLOCKED.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoipv4: route: set ipv4 RTM_GETROUTE to not use rtnl
Florian Westphal [Tue, 15 Aug 2017 14:34:44 +0000 (16:34 +0200)]
ipv4: route: set ipv4 RTM_GETROUTE to not use rtnl

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoipv6: route: set ipv6 RTM_GETROUTE to not use rtnl
Florian Westphal [Tue, 15 Aug 2017 14:34:43 +0000 (16:34 +0200)]
ipv6: route: set ipv6 RTM_GETROUTE to not use rtnl

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoipv6: route: make rtm_getroute not assume rtnl is locked
Florian Westphal [Tue, 15 Aug 2017 14:34:42 +0000 (16:34 +0200)]
ipv6: route: make rtm_getroute not assume rtnl is locked

__dev_get_by_index assumes RTNL is held, use _rcu version instead.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoselftests: add 'ip get' to rtnetlink.sh
Florian Westphal [Tue, 15 Aug 2017 14:34:41 +0000 (16:34 +0200)]
selftests: add 'ip get' to rtnetlink.sh

exercise ip/ip6 RTM_GETROUTE doit() callpath.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agosfc: don't try and read ef10 data on non-ef10 NIC
Bert Kenward [Tue, 15 Aug 2017 13:55:32 +0000 (14:55 +0100)]
sfc: don't try and read ef10 data on non-ef10 NIC

The MAC stats command takes a port ID, which doesn't exist on
pre-ef10 NICs (5000- and 6000- series). This is extracted from the
NIC specific data; we misinterpret this as the ef10 data structure,
causing us to read potentially unallocated data. With a KASAN kernel
this can cause errors with:
   BUG: KASAN: slab-out-of-bounds in efx_mcdi_mac_stats

Fixes: 0a2ab4d988d7 ("sfc: set the port-id when calling MC_CMD_MAC_STATS")
Reported-by: Stefano Brivio <sbrivio@redhat.com>
Tested-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Bert Kenward <bkenward@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agodsa: fix flow disector null pointer
Craig Gallek [Tue, 15 Aug 2017 13:43:40 +0000 (09:43 -0400)]
dsa: fix flow disector null pointer

A recent change to fix up DSA device behavior made the assumption that
all skbs passing through the flow disector will be associated with a
device. This does not appear to be a safe assumption.  Syzkaller found
the crash below by attaching a BPF socket filter that tries to find the
payload offset of a packet passing between two unix sockets.

kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 2940 Comm: syzkaller872007 Not tainted 4.13.0-rc4-next-20170811 #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d1b425c0 task.stack: ffff8801d0bc0000
RIP: 0010:__skb_flow_dissect+0xdcd/0x3ae0 net/core/flow_dissector.c:445
RSP: 0018:ffff8801d0bc7340 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000060 RSI: ffffffff856dc080 RDI: 0000000000000300
RBP: ffff8801d0bc7870 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000008 R11: ffffed003a178f1e R12: 0000000000000000
R13: 0000000000000000 R14: ffffffff856dc080 R15: ffff8801ce223140
FS:  00000000016ed880(0000) GS:ffff8801dc000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020008000 CR3: 00000001ce22d000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 skb_flow_dissect_flow_keys include/linux/skbuff.h:1176 [inline]
 skb_get_poff+0x9a/0x1a0 net/core/flow_dissector.c:1079
 ______skb_get_pay_offset net/core/filter.c:114 [inline]
 __skb_get_pay_offset+0x15/0x20 net/core/filter.c:112
Code: 80 3c 02 00 44 89 6d 10 0f 85 44 2b 00 00 4d 8b 67 20 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 00 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 13 2b 00 00 4d 8b a4 24 00 03 00 00 4d 85 e4
RIP: __skb_flow_dissect+0xdcd/0x3ae0 net/core/flow_dissector.c:445 RSP: ffff8801d0bc7340

Fixes: 43e665287f93 ("net-next: dsa: fix flow dissection")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Craig Gallek <kraig@google.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet_sched: remove warning from qdisc_hash_add
Konstantin Khlebnikov [Tue, 15 Aug 2017 13:39:05 +0000 (16:39 +0300)]
net_sched: remove warning from qdisc_hash_add

It was added in commit e57a784d8cae ("pkt_sched: set root qdisc
before change() in attach_default_qdiscs()") to hide duplicates
from "tc qdisc show" for incative deivices.

After 59cc1f61f ("net: sched: convert qdisc linked list to hashtable")
it triggered when classful qdisc is added to inactive device because
default qdiscs are added before switching root qdisc.

Anyway after commit ea3274695353 ("net: sched: avoid duplicates in
qdisc dump") duplicates are filtered right in dumper.

Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet_sched/sfq: update hierarchical backlog when drop packet
Konstantin Khlebnikov [Tue, 15 Aug 2017 13:37:04 +0000 (16:37 +0300)]
net_sched/sfq: update hierarchical backlog when drop packet

When sfq_enqueue() drops head packet or packet from another queue it
have to update backlog at upper qdiscs too.

Fixes: 2ccccf5fb43f ("net_sched: update hierarchical backlog too")
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet_sched: reset pointers to tcf blocks in classful qdiscs' destructors
Konstantin Khlebnikov [Tue, 15 Aug 2017 13:35:21 +0000 (16:35 +0300)]
net_sched: reset pointers to tcf blocks in classful qdiscs' destructors

Traffic filters could keep direct pointers to classes in classful qdisc,
thus qdisc destruction first removes all filters before freeing classes.
Class destruction methods also tries to free attached filters but now
this isn't safe because tcf_block_put() unlike to tcf_destroy_chain()
cannot be called second time.

This patch set class->block to NULL after first tcf_block_put() and
turn second call into no-op.

Fixes: 6529eaba33f0 ("net: sched: introduce tcf block infractructure")
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoipv4: fix NULL dereference in free_fib_info_rcu()
Eric Dumazet [Tue, 15 Aug 2017 12:26:17 +0000 (05:26 -0700)]
ipv4: fix NULL dereference in free_fib_info_rcu()

If fi->fib_metrics could not be allocated in fib_create_info()
we attempt to dereference a NULL pointer in free_fib_info_rcu() :

    m = fi->fib_metrics;
    if (m != &dst_default_metrics && atomic_dec_and_test(&m->refcnt))
            kfree(m);

Before my recent patch, we used to call kfree(NULL) and nothing wrong
happened.

Instead of using RCU to defer freeing while we are under memory stress,
it seems better to take immediate action.

This was reported by syzkaller team.

Fixes: 3fb07daff8e9 ("ipv4: add reference counting to metrics")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>