diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-02 13:12:02 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-08-02 13:12:02 -0400 |
| commit | e30cb13c5a09ff5f043a6570c32e49b063bea6a1 (patch) | |
| tree | b63f9f72b6d9d29e8bbdb76c097b47aa91cd871d /net | |
| parent | a3f94cb99a854fa381fe7fadd97c4f61633717a5 (diff) | |
| parent | e6aed040eafb4ce1881bbc59a225f6b27d250396 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
"Fixes keep trickling in:
1) Various IP fragmentation memory limit hardening changes from Eric
Dumazet.
2) Revert ipv6 metrics leak change, it causes more problems than it
fixes for now.
3) Fix WoL regression in stmmac driver, from Jose Abreu.
4) Netlink socket spectre v1 gadget fix, from Jeremy Cline"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
Revert "net/ipv6: fix metrics leak"
rxrpc: Fix user call ID check in rxrpc_service_prealloc_one
net: dsa: Do not suspend/resume closed slave_dev
netlink: Fix spectre v1 gadget in netlink_create()
Documentation: dpaa2: Use correct heading adornment
net: stmmac: Fix WoL for PCI-based setups
bonding: avoid lockdep confusion in bond_get_stats()
enic: do not call enic_change_mtu in enic_probe
ipv4: frags: handle possible skb truesize change
inet: frag: enforce memory limits earlier
net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow
net/mlx5e: Fix null pointer access when setting MTU of vport representor
net/mlx5e: Set port trust mode to PCP as default
net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager
net: dsa: mv88e6xxx: Fix SERDES support on 88E6141/6341
brcmfmac: fix regression in parsing NVRAM for multiple devices
iwlwifi: add more card IDs for 9000 series
Diffstat (limited to 'net')
| -rw-r--r-- | net/dsa/slave.c | 6 | ||||
| -rw-r--r-- | net/ipv4/inet_fragment.c | 6 | ||||
| -rw-r--r-- | net/ipv4/ip_fragment.c | 5 | ||||
| -rw-r--r-- | net/ipv6/ip6_fib.c | 18 | ||||
| -rw-r--r-- | net/netlink/af_netlink.c | 2 | ||||
| -rw-r--r-- | net/rxrpc/call_accept.c | 4 |
6 files changed, 22 insertions, 19 deletions
diff --git a/net/dsa/slave.c b/net/dsa/slave.c index 1e3b6a6d8a40..732369c80644 100644 --- a/net/dsa/slave.c +++ b/net/dsa/slave.c | |||
| @@ -1248,6 +1248,9 @@ int dsa_slave_suspend(struct net_device *slave_dev) | |||
| 1248 | { | 1248 | { |
| 1249 | struct dsa_port *dp = dsa_slave_to_port(slave_dev); | 1249 | struct dsa_port *dp = dsa_slave_to_port(slave_dev); |
| 1250 | 1250 | ||
| 1251 | if (!netif_running(slave_dev)) | ||
| 1252 | return 0; | ||
| 1253 | |||
| 1251 | netif_device_detach(slave_dev); | 1254 | netif_device_detach(slave_dev); |
| 1252 | 1255 | ||
| 1253 | rtnl_lock(); | 1256 | rtnl_lock(); |
| @@ -1261,6 +1264,9 @@ int dsa_slave_resume(struct net_device *slave_dev) | |||
| 1261 | { | 1264 | { |
| 1262 | struct dsa_port *dp = dsa_slave_to_port(slave_dev); | 1265 | struct dsa_port *dp = dsa_slave_to_port(slave_dev); |
| 1263 | 1266 | ||
| 1267 | if (!netif_running(slave_dev)) | ||
| 1268 | return 0; | ||
| 1269 | |||
| 1264 | netif_device_attach(slave_dev); | 1270 | netif_device_attach(slave_dev); |
| 1265 | 1271 | ||
| 1266 | rtnl_lock(); | 1272 | rtnl_lock(); |
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c index 1e4cf3ab560f..0d70608cc2e1 100644 --- a/net/ipv4/inet_fragment.c +++ b/net/ipv4/inet_fragment.c | |||
| @@ -157,9 +157,6 @@ static struct inet_frag_queue *inet_frag_alloc(struct netns_frags *nf, | |||
| 157 | { | 157 | { |
| 158 | struct inet_frag_queue *q; | 158 | struct inet_frag_queue *q; |
| 159 | 159 | ||
| 160 | if (!nf->high_thresh || frag_mem_limit(nf) > nf->high_thresh) | ||
| 161 | return NULL; | ||
| 162 | |||
| 163 | q = kmem_cache_zalloc(f->frags_cachep, GFP_ATOMIC); | 160 | q = kmem_cache_zalloc(f->frags_cachep, GFP_ATOMIC); |
| 164 | if (!q) | 161 | if (!q) |
| 165 | return NULL; | 162 | return NULL; |
| @@ -204,6 +201,9 @@ struct inet_frag_queue *inet_frag_find(struct netns_frags *nf, void *key) | |||
| 204 | { | 201 | { |
| 205 | struct inet_frag_queue *fq; | 202 | struct inet_frag_queue *fq; |
| 206 | 203 | ||
| 204 | if (!nf->high_thresh || frag_mem_limit(nf) > nf->high_thresh) | ||
| 205 | return NULL; | ||
| 206 | |||
| 207 | rcu_read_lock(); | 207 | rcu_read_lock(); |
| 208 | 208 | ||
| 209 | fq = rhashtable_lookup(&nf->rhashtable, key, nf->f->rhash_params); | 209 | fq = rhashtable_lookup(&nf->rhashtable, key, nf->f->rhash_params); |
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index 8e9528ebaa8e..d14d741fb05e 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c | |||
| @@ -383,11 +383,16 @@ found: | |||
| 383 | int i = end - next->ip_defrag_offset; /* overlap is 'i' bytes */ | 383 | int i = end - next->ip_defrag_offset; /* overlap is 'i' bytes */ |
| 384 | 384 | ||
| 385 | if (i < next->len) { | 385 | if (i < next->len) { |
| 386 | int delta = -next->truesize; | ||
| 387 | |||
| 386 | /* Eat head of the next overlapped fragment | 388 | /* Eat head of the next overlapped fragment |
| 387 | * and leave the loop. The next ones cannot overlap. | 389 | * and leave the loop. The next ones cannot overlap. |
| 388 | */ | 390 | */ |
| 389 | if (!pskb_pull(next, i)) | 391 | if (!pskb_pull(next, i)) |
| 390 | goto err; | 392 | goto err; |
| 393 | delta += next->truesize; | ||
| 394 | if (delta) | ||
| 395 | add_frag_mem_limit(qp->q.net, delta); | ||
| 391 | next->ip_defrag_offset += i; | 396 | next->ip_defrag_offset += i; |
| 392 | qp->q.meat -= i; | 397 | qp->q.meat -= i; |
| 393 | if (next->ip_summed != CHECKSUM_UNNECESSARY) | 398 | if (next->ip_summed != CHECKSUM_UNNECESSARY) |
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c index 211a2d437b56..d212738e9d10 100644 --- a/net/ipv6/ip6_fib.c +++ b/net/ipv6/ip6_fib.c | |||
| @@ -167,22 +167,11 @@ struct fib6_info *fib6_info_alloc(gfp_t gfp_flags) | |||
| 167 | return f6i; | 167 | return f6i; |
| 168 | } | 168 | } |
| 169 | 169 | ||
| 170 | static void fib6_metrics_release(struct fib6_info *f6i) | ||
| 171 | { | ||
| 172 | struct dst_metrics *m; | ||
| 173 | |||
| 174 | if (!f6i) | ||
| 175 | return; | ||
| 176 | |||
| 177 | m = f6i->fib6_metrics; | ||
| 178 | if (m != &dst_default_metrics && refcount_dec_and_test(&m->refcnt)) | ||
| 179 | kfree(m); | ||
| 180 | } | ||
| 181 | |||
| 182 | void fib6_info_destroy_rcu(struct rcu_head *head) | 170 | void fib6_info_destroy_rcu(struct rcu_head *head) |
| 183 | { | 171 | { |
| 184 | struct fib6_info *f6i = container_of(head, struct fib6_info, rcu); | 172 | struct fib6_info *f6i = container_of(head, struct fib6_info, rcu); |
| 185 | struct rt6_exception_bucket *bucket; | 173 | struct rt6_exception_bucket *bucket; |
| 174 | struct dst_metrics *m; | ||
| 186 | 175 | ||
| 187 | WARN_ON(f6i->fib6_node); | 176 | WARN_ON(f6i->fib6_node); |
| 188 | 177 | ||
| @@ -212,7 +201,9 @@ void fib6_info_destroy_rcu(struct rcu_head *head) | |||
| 212 | if (f6i->fib6_nh.nh_dev) | 201 | if (f6i->fib6_nh.nh_dev) |
| 213 | dev_put(f6i->fib6_nh.nh_dev); | 202 | dev_put(f6i->fib6_nh.nh_dev); |
| 214 | 203 | ||
| 215 | fib6_metrics_release(f6i); | 204 | m = f6i->fib6_metrics; |
| 205 | if (m != &dst_default_metrics && refcount_dec_and_test(&m->refcnt)) | ||
| 206 | kfree(m); | ||
| 216 | 207 | ||
| 217 | kfree(f6i); | 208 | kfree(f6i); |
| 218 | } | 209 | } |
| @@ -896,7 +887,6 @@ static void fib6_drop_pcpu_from(struct fib6_info *f6i, | |||
| 896 | 887 | ||
| 897 | from = rcu_dereference_protected(pcpu_rt->from, | 888 | from = rcu_dereference_protected(pcpu_rt->from, |
| 898 | lockdep_is_held(&table->tb6_lock)); | 889 | lockdep_is_held(&table->tb6_lock)); |
| 899 | fib6_metrics_release(from); | ||
| 900 | rcu_assign_pointer(pcpu_rt->from, NULL); | 890 | rcu_assign_pointer(pcpu_rt->from, NULL); |
| 901 | fib6_info_release(from); | 891 | fib6_info_release(from); |
| 902 | } | 892 | } |
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 7d860a22e5fb..c09d16870f74 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c | |||
| @@ -63,6 +63,7 @@ | |||
| 63 | #include <linux/hash.h> | 63 | #include <linux/hash.h> |
| 64 | #include <linux/genetlink.h> | 64 | #include <linux/genetlink.h> |
| 65 | #include <linux/net_namespace.h> | 65 | #include <linux/net_namespace.h> |
| 66 | #include <linux/nospec.h> | ||
| 66 | 67 | ||
| 67 | #include <net/net_namespace.h> | 68 | #include <net/net_namespace.h> |
| 68 | #include <net/netns/generic.h> | 69 | #include <net/netns/generic.h> |
| @@ -679,6 +680,7 @@ static int netlink_create(struct net *net, struct socket *sock, int protocol, | |||
| 679 | 680 | ||
| 680 | if (protocol < 0 || protocol >= MAX_LINKS) | 681 | if (protocol < 0 || protocol >= MAX_LINKS) |
| 681 | return -EPROTONOSUPPORT; | 682 | return -EPROTONOSUPPORT; |
| 683 | protocol = array_index_nospec(protocol, MAX_LINKS); | ||
| 682 | 684 | ||
| 683 | netlink_lock_table(); | 685 | netlink_lock_table(); |
| 684 | #ifdef CONFIG_MODULES | 686 | #ifdef CONFIG_MODULES |
diff --git a/net/rxrpc/call_accept.c b/net/rxrpc/call_accept.c index a9a9be5519b9..9d1e298b784c 100644 --- a/net/rxrpc/call_accept.c +++ b/net/rxrpc/call_accept.c | |||
| @@ -116,9 +116,9 @@ static int rxrpc_service_prealloc_one(struct rxrpc_sock *rx, | |||
| 116 | while (*pp) { | 116 | while (*pp) { |
| 117 | parent = *pp; | 117 | parent = *pp; |
| 118 | xcall = rb_entry(parent, struct rxrpc_call, sock_node); | 118 | xcall = rb_entry(parent, struct rxrpc_call, sock_node); |
| 119 | if (user_call_ID < call->user_call_ID) | 119 | if (user_call_ID < xcall->user_call_ID) |
| 120 | pp = &(*pp)->rb_left; | 120 | pp = &(*pp)->rb_left; |
| 121 | else if (user_call_ID > call->user_call_ID) | 121 | else if (user_call_ID > xcall->user_call_ID) |
| 122 | pp = &(*pp)->rb_right; | 122 | pp = &(*pp)->rb_right; |
| 123 | else | 123 | else |
| 124 | goto id_in_use; | 124 | goto id_in_use; |