Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
40 hoursvt: fix broken display when running aptitude (bnc#1114836).stableJiri Slaby
suse-commit: 5bec309dbcefd9d86be13d86066d0d12d1318ecc
5 daysMerge remote-tracking branch 'origin/packaging' into stableJiri Slaby
suse-commit: 0f31a13932d8c55a0ad94fe58eb537f13e960e5a
6 daysRemove Cell/PS3 support from ppc64 kernel (boo#1114846)Alexander Graf
suse-commit: c336d64bb17272c0b916f0ecaa1b605d252f617b
8 daysMerge branch 'scripts' into stableJiri Slaby
suse-commit: 91bc4a91ab2486ee7a4c4cfc4205415ebd7a7c9e
8 daysMerge commit 'ece5aa0ebea9bdd2cf886dc9d02f9db178939543' into stableJiri Slaby
I.e. master up to, but without 20-rc1. suse-commit: ddf2739f1cf755b2e88fee6e93c96938a8d355b1
8 daysLinux 4.19.1 (bnc#1012628).Jiri Slaby
suse-commit: 57135d788288f7d7c5c1cb3fef694b001ab6bf9b
8 daysnet: bridge: remove ipv6 zero address check in mcast queriesJiri Slaby
(bnc#1012628). suse-commit: 8483ec626c4a4935621e67a341f65d8d535e8a02
8 dayssparc64: Wire up compat getpeername and getsocknameJiri Slaby
(bnc#1012628). suse-commit: 6d0ed81e42dbabae012e945b2da3a487ee12648a
8 dayssparc64: Make corrupted user stacks more debuggableJiri Slaby
(bnc#1012628). suse-commit: 1f520660a7df7e34953a7d426c1751afa5773096
8 dayssparc64: Export __node_distance (bnc#1012628).Jiri Slaby
suse-commit: c4e4b01261f8c4cb6d30de218eb6087a1bce28d7
8 dayssctp: check policy more carefully when getting pr statusJiri Slaby
(bnc#1012628). suse-commit: 1641d5bc9551054cde729600b4a23c30488fc702
8 daysRevert "be2net: remove desc field from be_eq_obj" (bnc#1012628).Jiri Slaby
suse-commit: 019ffdb7a2ed7719e0d3fef24b55f0361a3d29af
8 daysr8169: fix broken Wake-on-LAN from S5 (poweroff) (bnc#1012628).Jiri Slaby
suse-commit: 8298a905cbc95d1f364972683d713dd78de2dbc3
8 daysnet: Properly unlink GRO packets on overflow (bnc#1012628).Jiri Slaby
suse-commit: 2863b4071c87566065fabd82c7fcd3b5aeb8160b
8 daysnet: drop skb on failure in ip_check_defrag() (bnc#1012628).Jiri Slaby
suse-commit: efc6691a3ce91b455573dace7cc6222203ab6c2e
8 daysmlxsw: core: Fix devlink unregister flow (bnc#1012628).Jiri Slaby
suse-commit: 0c88629c735dd5a55592ba8291cb6a2853bc5081
8 daysmlxsw: spectrum_switchdev: Don't ignore deletions of learnedJiri Slaby
MACs (bnc#1012628). suse-commit: 8a7fbf6c31b0c3ad32e50695ebc34ef3483972f1
8 daysnet/smc: fix smc_buf_unuse to use the lgr pointer (bnc#1012628).Jiri Slaby
suse-commit: fe45040b84f3633e4a06a21d5dda705bd1d6c3e8
8 daysnet/ipv6: Allow onlink routes to have a device mismatch if itJiri Slaby
is the default route (bnc#1012628). suse-commit: fb7d25575d76cb99f0c44adbe44565789c6777dd
8 daysopenvswitch: Fix push/pop ethernet validation (bnc#1012628).Jiri Slaby
suse-commit: 2827d1c98498e8c8714c0a2f582a5ce08f359555
8 daysbonding: fix length of actor system (bnc#1012628).Jiri Slaby
suse-commit: ae45db56f17705f4cc052a4ce264405c10a8624f
8 daysvhost: Fix Spectre V1 vulnerability (bnc#1012628).Jiri Slaby
suse-commit: d2b8984b027ee4d8a46022e253d1a3757259d4be
8 daysrtnetlink: Disallow FDB configuration for non-Ethernet deviceJiri Slaby
(bnc#1012628). suse-commit: 3a33f657fe0cebfa7e9be55506010d55b5f6ff38
8 daysRevert "net: simplify sock_poll_wait" (bnc#1012628).Jiri Slaby
suse-commit: 5fdcee9e5f37851c30cd6f60b72b9bc8d4f9ae95
8 daysnet: udp: fix handling of CHECKSUM_COMPLETE packetsJiri Slaby
(bnc#1012628). suse-commit: b1249d6d20d8b844493bf6bdbc0bea495b7d7fb4
8 daysnet: stmmac: Fix stmmac_mdio_reset() when building stmmac asJiri Slaby
modules (bnc#1012628). suse-commit: 5fbcf63f1dc4357ab3ea6ff9ca9e9ad7a453888c
8 daysnet: sched: gred: pass the right attribute toJiri Slaby
gred_change_table_def() (bnc#1012628). suse-commit: 4be0f39ee528a7993a8dc51efd365d97648f2619
8 daysnet/mlx5e: fix csum adjustments caused by RXFCS (bnc#1012628).Jiri Slaby
suse-commit: 0d4c50d41c7958feee4923c24799804efcd42f32
8 daysipv6/ndisc: Preserve IPv6 control buffer if protocol errorJiri Slaby
handlers are called (bnc#1012628). suse-commit: 62ac9c1d7afaf6b41746977341186045959d4ce7
8 daysbridge: do not add port to router list when receives queryJiri Slaby
with source 0.0.0.0 (bnc#1012628). suse-commit: 96d75004c0dc4eb57bb99451f72037e892884098
8 daysLinux 4.19.1v4.19.1Greg Kroah-Hartman
8 daysnet: bridge: remove ipv6 zero address check in mcast queriesNikolay Aleksandrov
commit 0fe5119e267f3e3d8ac206895f5922195ec55a8a upstream. Recently a check was added which prevents marking of routers with zero source address, but for IPv6 that cannot happen as the relevant RFCs actually forbid such packets: RFC 2710 (MLDv1): "To be valid, the Query message MUST come from a link-local IPv6 Source Address, be at least 24 octets long, and have a correct MLD checksum." Same goes for RFC 3810. And also it can be seen as a requirement in ipv6_mc_check_mld_query() which is used by the bridge to validate the message before processing it. Thus any queries with :: source address won't be processed anyway. So just remove the check for zero IPv6 source address from the query processing function. Fixes: 5a2de63fd1a5 ("bridge: do not add port to router list when receives query with source 0.0.0.0") Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 dayssparc64: Wire up compat getpeername and getsockname.David S. Miller
[ Upstream commit 1f2b5b8e2df4591fbca430aff9c5a072dcc0f408 ] Fixes: 8b30ca73b7cc ("sparc: Add all necessary direct socket system calls.") Reported-by: Joseph Myers <joseph@codesourcery.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 dayssparc64: Make corrupted user stacks more debuggable.David Miller
[ Upstream commit 5b4fc3882a649c9411dd0dcad2ddb78e911d340e ] Right now if we get a corrupted user stack frame we do a do_exit(SIGILL) which is not helpful. If under a debugger, this behavior causes the inferior process to exit. So the register and other state cannot be examined at the time of the event. Instead, conditionally log a rate limited kernel log message and then force a SIGSEGV. With bits and ideas borrowed (as usual) from powerpc. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 dayssparc64: Export __node_distance.David S. Miller
[ Upstream commit 2b4792eaa9f553764047d157365ed8b7787751a3 ] Some drivers reference it via node_distance(), for example the NVME host driver core. ERROR: "__node_distance" [drivers/nvme/host/nvme-core.ko] undefined! make[1]: *** [scripts/Makefile.modpost:92: __modpost] Error 1 Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 dayssctp: check policy more carefully when getting pr statusXin Long
[ Upstream commit 713358369382cebf92f6e98ce2005f94e7344931 ] When getting pr_assocstatus and pr_streamstatus by sctp_getsockopt, it doesn't correctly process the case when policy is set with SCTP_PR_SCTP_ALL | SCTP_PR_SCTP_MASK. It even causes a slab-out-of-bounds in sctp_getsockopt_pr_streamstatus(). This patch fixes it by return -EINVAL for this case. Fixes: 0ac1077e3a54 ("sctp: get pr_assoc and pr_stream all status with SCTP_PR_SCTP_ALL") Reported-by: syzbot+5da0d0a72a9e7d791748@syzkaller.appspotmail.com Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysRevert "be2net: remove desc field from be_eq_obj"Ivan Vecera
[ Upstream commit 5ef79151c2fbc401cf38325e9a32e77b9fc593ae ] The mentioned commit needs to be reverted because we cannot pass string allocated on stack to request_irq(). This function stores uses this pointer for later use (e.g. /proc/interrupts) so we need to keep this string persistently. Fixes: d6d9704af8f4 ("be2net: remove desc field from be_eq_obj") Signed-off-by: Ivan Vecera <ivecera@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysr8169: fix broken Wake-on-LAN from S5 (poweroff)Heiner Kallweit
[ Upstream commit 649f0837a8cc2b39329f2de00fa0d04b029291c5 ] It was reported that WoL from S5 is broken (WoL from S3 works) and the analysis showed that during system shutdown the network interface was brought down already when the actual kernel shutdown started. Therefore netif_running() returned false and as a consequence the PHY was suspended. Obviously WoL wasn't working then. To fix this the original patch needs to be effectively reverted. A side effect is that when normally bringing down the interface and WoL is enabled the PHY will remain powered on (like it was before the original patch). Fixes: fe87bef01f9b ("r8169: don't check WoL when powering down PHY and interface is down") Reported-by: Neil MacLeod <neil@nmacleod.com> Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysnet: Properly unlink GRO packets on overflow.David S. Miller
[ Upstream commti ece23711dd956cd5053c9cb03e9fe0668f9c8894 ] Just like with normal GRO processing, we have to initialize skb->next to NULL when we unlink overflow packets from the GRO hash lists. Fixes: d4546c2509b1 ("net: Convert GRO SKB handling to list_head.") Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name> Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysnet: drop skb on failure in ip_check_defrag()Cong Wang
[ Upstream commit 7de414a9dd91426318df7b63da024b2b07e53df5 ] Most callers of pskb_trim_rcsum() simply drop the skb when it fails, however, ip_check_defrag() still continues to pass the skb up to stack. This is suspicious. In ip_check_defrag(), after we learn the skb is an IP fragment, passing the skb to callers makes no sense, because callers expect fragments are defrag'ed on success. So, dropping the skb when we can't defrag it is reasonable. Note, prior to commit 88078d98d1bb, this is not a big problem as checksum will be fixed up anyway. After it, the checksum is not correct on failure. Found this during code review. Fixes: 88078d98d1bb ("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends") Cc: Eric Dumazet <edumazet@google.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysmlxsw: core: Fix devlink unregister flowShalom Toledo
[ Upstream commit a22712a962912faf257e857ab6857f56a93cfb34 ] After a failed reload, the driver is still registered to devlink, its devlink instance is still allocated and the 'reload_fail' flag is set. Then, in the next reload try, the driver's allocated devlink instance will be freed without unregistering from devlink and its components (e.g, resources). This scenario can cause a use-after-free if the user tries to execute command via devlink user-space tool. Fix by not freeing the devlink instance during reload (failed or not). Fixes: 24cc68ad6c46 ("mlxsw: core: Add support for reload") Signed-off-by: Shalom Toledo <shalomt@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysmlxsw: spectrum_switchdev: Don't ignore deletions of learned MACsPetr Machata
[ Upstream commit ad0b9d94182be8356978d220c82f9837cffeb7a9 ] Demands to remove FDB entries should be honored even if the FDB entry in question was originally learned, and not added by the user. Therefore ignore the added_by_user datum for SWITCHDEV_FDB_DEL_TO_DEVICE. Fixes: 816a3bed9549 ("switchdev: Add fdb.added_by_user to switchdev notifications") Signed-off-by: Petr Machata <petrm@mellanox.com> Suggested-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysnet/smc: fix smc_buf_unuse to use the lgr pointerKarsten Graul
[ Upstream commit fb692ec4117f6fd25044cfb5720d6b79d400dc65 ] The pointer to the link group is unset in the smc connection structure right before the call to smc_buf_unuse. Provide the lgr pointer to smc_buf_unuse explicitly. And move the call to smc_lgr_schedule_free_work to the end of smc_conn_free. Fixes: a6920d1d130c ("net/smc: handle unregistered buffers") Signed-off-by: Karsten Graul <kgraul@linux.ibm.com> Signed-off-by: Ursula Braun <ubraun@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysnet/ipv6: Allow onlink routes to have a device mismatch if it is the default ↵David Ahern
route [ Upstream commit 4ed591c8ab44e711e56b8e021ffaf4f407c045f5 ] The intent of ip6_route_check_nh_onlink is to make sure the gateway given for an onlink route is not actually on a connected route for a different interface (e.g., 2001:db8:1::/64 is on dev eth1 and then an onlink route has a via 2001:db8:1::1 dev eth2). If the gateway lookup hits the default route then it most likely will be a different interface than the onlink route which is ok. Update ip6_route_check_nh_onlink to disregard the device mismatch if the gateway lookup hits the default route. Turns out the existing onlink tests are passing because there is no default route or it is an unreachable default, so update the onlink tests to have a default route other than unreachable. Fixes: fc1e64e1092f6 ("net/ipv6: Add support for onlink flag") Signed-off-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysopenvswitch: Fix push/pop ethernet validationJaime Caamaño Ruiz
[ Upstream commit 46ebe2834ba5b541f28ee72e556a3fed42c47570 ] When there are both pop and push ethernet header actions among the actions to be applied to a packet, an unexpected EINVAL (Invalid argument) error is obtained. This is due to mac_proto not being reset correctly when those actions are validated. Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2018-October/047554.html Fixes: 91820da6ae85 ("openvswitch: add Ethernet push and pop actions") Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com> Tested-by: Greg Rose <gvrose8192@gmail.com> Reviewed-by: Greg Rose <gvrose8192@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysbonding: fix length of actor systemTobias Jungel
[ Upstream commit 414dd6fb9a1a1b59983aea7bf0f79f0085ecc5b8 ] The attribute IFLA_BOND_AD_ACTOR_SYSTEM is sent to user space having the length of sizeof(bond->params.ad_actor_system) which is 8 byte. This patch aligns the length to ETH_ALEN to have the same MAC address exposed as using sysfs. Fixes: f87fda00b6ed2 ("bonding: prevent out of bound accesses") Signed-off-by: Tobias Jungel <tobias.jungel@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysvhost: Fix Spectre V1 vulnerabilityJason Wang
[ Upstream commit ff002269a4ee9c769dbf9365acef633ebcbd6cbe ] The idx in vhost_vring_ioctl() was controlled by userspace, hence a potential exploitation of the Spectre variant 1 vulnerability. Fixing this by sanitizing idx before using it to index d->vqs. Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysrtnetlink: Disallow FDB configuration for non-Ethernet deviceIdo Schimmel
[ Upstream commit da71577545a52be3e0e9225a946e5fd79cfab015 ] When an FDB entry is configured, the address is validated to have the length of an Ethernet address, but the device for which the address is configured can be of any type. The above can result in the use of uninitialized memory when the address is later compared against existing addresses since 'dev->addr_len' is used and it may be greater than ETH_ALEN, as with ip6tnl devices. Fix this by making sure that FDB entries are only configured for Ethernet devices. BUG: KMSAN: uninit-value in memcmp+0x11d/0x180 lib/string.c:863 CPU: 1 PID: 4318 Comm: syz-executor998 Not tainted 4.19.0-rc3+ #49 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x14b/0x190 lib/dump_stack.c:113 kmsan_report+0x183/0x2b0 mm/kmsan/kmsan.c:956 __msan_warning+0x70/0xc0 mm/kmsan/kmsan_instr.c:645 memcmp+0x11d/0x180 lib/string.c:863 dev_uc_add_excl+0x165/0x7b0 net/core/dev_addr_lists.c:464 ndo_dflt_fdb_add net/core/rtnetlink.c:3463 [inline] rtnl_fdb_add+0x1081/0x1270 net/core/rtnetlink.c:3558 rtnetlink_rcv_msg+0xa0b/0x1530 net/core/rtnetlink.c:4715 netlink_rcv_skb+0x36e/0x5f0 net/netlink/af_netlink.c:2454 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4733 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x1638/0x1720 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x1205/0x1290 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] ___sys_sendmsg+0xe70/0x1290 net/socket.c:2114 __sys_sendmsg net/socket.c:2152 [inline] __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg+0x2a3/0x3d0 net/socket.c:2159 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2159 do_syscall_64+0xb8/0x100 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x440ee9 Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fff6a93b518 EFLAGS: 00000213 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440ee9 RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8 R10: 00000000004002c8 R11: 0000000000000213 R12: 000000000000b4b0 R13: 0000000000401ec0 R14: 0000000000000000 R15: 0000000000000000 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:256 [inline] kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:181 kmsan_kmalloc+0x98/0x100 mm/kmsan/kmsan_hooks.c:91 kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan_hooks.c:100 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2718 [inline] __kmalloc_node_track_caller+0x9e7/0x1160 mm/slub.c:4351 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x2f5/0x9e0 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:996 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1189 [inline] netlink_sendmsg+0xb49/0x1290 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg net/socket.c:631 [inline] ___sys_sendmsg+0xe70/0x1290 net/socket.c:2114 __sys_sendmsg net/socket.c:2152 [inline] __do_sys_sendmsg net/socket.c:2161 [inline] __se_sys_sendmsg+0x2a3/0x3d0 net/socket.c:2159 __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2159 do_syscall_64+0xb8/0x100 arch/x86/entry/common.c:291 entry_SYSCALL_64_after_hwframe+0x63/0xe7 v2: * Make error message more specific (David) Fixes: 090096bf3db1 ("net: generic fdb support for drivers without ndo_fdb_<op>") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Reported-and-tested-by: syzbot+3a288d5f5530b901310e@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+d53ab4e92a1db04110ff@syzkaller.appspotmail.com Cc: Vlad Yasevich <vyasevich@gmail.com> Cc: David Ahern <dsahern@gmail.com> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysRevert "net: simplify sock_poll_wait"Karsten Graul
[ Upstream commit 89ab066d4229acd32e323f1569833302544a4186 ] This reverts commit dd979b4df817e9976f18fb6f9d134d6bc4a3c317. This broke tcp_poll for SMC fallback: An AF_SMC socket establishes an internal TCP socket for the initial handshake with the remote peer. Whenever the SMC connection can not be established this TCP socket is used as a fallback. All socket operations on the SMC socket are then forwarded to the TCP socket. In case of poll, the file->private_data pointer references the SMC socket because the TCP socket has no file assigned. This causes tcp_poll to wait on the wrong socket. Signed-off-by: Karsten Graul <kgraul@linux.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
8 daysnet: udp: fix handling of CHECKSUM_COMPLETE packetsSean Tranchetti
[ Upstream commit db4f1be3ca9b0ef7330763d07bf4ace83ad6f913 ] Current handling of CHECKSUM_COMPLETE packets by the UDP stack is incorrect for any packet that has an incorrect checksum value. udp4/6_csum_init() will both make a call to __skb_checksum_validate_complete() to initialize/validate the csum field when receiving a CHECKSUM_COMPLETE packet. When this packet fails validation, skb->csum will be overwritten with the pseudoheader checksum so the packet can be fully validated by software, but the skb->ip_summed value will be left as CHECKSUM_COMPLETE so that way the stack can later warn the user about their hardware spewing bad checksums. Unfortunately, leaving the SKB in this state can cause problems later on in the checksum calculation. Since the the packet is still marked as CHECKSUM_COMPLETE, udp_csum_pull_header() will SUBTRACT the checksum of the UDP header from skb->csum instead of adding it, leaving us with a garbage value in that field. Once we try to copy the packet to userspace in the udp4/6_recvmsg(), we'll make a call to skb_copy_and_csum_datagram_msg() to checksum the packet data and add it in the garbage skb->csum value to perform our final validation check. Since the value we're validating is not the proper checksum, it's possible that the folded value could come out to 0, causing us not to drop the packet. Instead, we believe that the packet was checksummed incorrectly by hardware since skb->ip_summed is still CHECKSUM_COMPLETE, and we attempt to warn the user with netdev_rx_csum_fault(skb->dev); Unfortunately, since this is the UDP path, skb->dev has been overwritten by skb->dev_scratch and is no longer a valid pointer, so we end up reading invalid memory. This patch addresses this problem in two ways: 1) Do not use the dev pointer when calling netdev_rx_csum_fault() from skb_copy_and_csum_datagram_msg(). Since this gets called from the UDP path where skb->dev has been overwritten, we have no way of knowing if the pointer is still valid. Also for the sake of consistency with the other uses of netdev_rx_csum_fault(), don't attempt to call it if the packet was checksummed by software. 2) Add better CHECKSUM_COMPLETE handling to udp4/6_csum_init(). If we receive a packet that's CHECKSUM_COMPLETE that fails verification (i.e. skb->csum_valid == 0), check who performed the calculation. It's possible that the checksum was done in software by the network stack earlier (such as Netfilter's CONNTRACK module), and if that says the checksum is bad, we can drop the packet immediately instead of waiting until we try and copy it to userspace. Otherwise, we need to mark the SKB as CHECKSUM_NONE, since the skb->csum field no longer contains the full packet checksum after the call to __skb_checksum_validate_complete(). Fixes: e6afc8ace6dd ("udp: remove headers from UDP packets before queueing") Fixes: c84d949057ca ("udp: copy skb->truesize in the first cache line") Cc: Sam Kumar <samanthakumar@google.com> Cc: Eric Dumazet <edumazet@google.com> Signed-off-by: Sean Tranchetti <stranche@codeaurora.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>