<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/net/ipv6, branch v3.16.6</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>ip6_gre: fix flowi6_proto value in xmit path</title>
<updated>2014-10-15T10:05:29+00:00</updated>
<author>
<name>Nicolas Dichtel</name>
<email>nicolas.dichtel@6wind.com</email>
</author>
<published>2014-10-02T16:26:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c02b2427c2ec0ff8fe8cc85de08db0a70c632b03'/>
<id>c02b2427c2ec0ff8fe8cc85de08db0a70c632b03</id>
<content type='text'>
[ Upstream commit 3be07244b7337760a3269d56b2f4a63e72218648 ]

In xmit path, we build a flowi6 which will be used for the output route lookup.
We are sending a GRE packet, neither IPv4 nor IPv6 encapsulated packet, thus the
protocol should be IPPROTO_GRE.

Fixes: c12b395a4664 ("gre: Support GRE over IPv6")
Reported-by: Matthieu Ternisien d'Ouville &lt;matthieu.tdo@6wind.com&gt;
Signed-off-by: Nicolas Dichtel &lt;nicolas.dichtel@6wind.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 3be07244b7337760a3269d56b2f4a63e72218648 ]

In xmit path, we build a flowi6 which will be used for the output route lookup.
We are sending a GRE packet, neither IPv4 nor IPv6 encapsulated packet, thus the
protocol should be IPPROTO_GRE.

Fixes: c12b395a4664 ("gre: Support GRE over IPv6")
Reported-by: Matthieu Ternisien d'Ouville &lt;matthieu.tdo@6wind.com&gt;
Signed-off-by: Nicolas Dichtel &lt;nicolas.dichtel@6wind.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ipv6: remove rt6i_genid</title>
<updated>2014-10-15T10:05:29+00:00</updated>
<author>
<name>Hannes Frederic Sowa</name>
<email>hannes@stressinduktion.org</email>
</author>
<published>2014-09-27T22:46:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=46e9e43eeef323df23a45d577ea2a360617068ed'/>
<id>46e9e43eeef323df23a45d577ea2a360617068ed</id>
<content type='text'>
[ Upstream commit 705f1c869d577c8055736dd02501f26a2507dd5b ]

Eric Dumazet noticed that all no-nonexthop or no-gateway routes which
are already marked DST_HOST (e.g. input routes routes) will always be
invalidated during sk_dst_check. Thus per-socket dst caching absolutely
had no effect and early demuxing had no effect.

Thus this patch removes rt6i_genid: fn_sernum already gets modified during
add operations, so we only must ensure we mutate fn_sernum during ipv6
address remove operations. This is a fairly cost extensive operations,
but address removal should not happen that often. Also our mtu update
functions do the same and we heard no complains so far. xfrm policy
changes also cause a call into fib6_flush_trees. Also plug a hole in
rt6_info (no cacheline changes).

I verified via tracing that this change has effect.

Cc: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
Cc: YOSHIFUJI Hideaki &lt;hideaki@yoshifuji.org&gt;
Cc: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Cc: Nicolas Dichtel &lt;nicolas.dichtel@6wind.com&gt;
Cc: Martin Lau &lt;kafai@fb.com&gt;
Signed-off-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 705f1c869d577c8055736dd02501f26a2507dd5b ]

Eric Dumazet noticed that all no-nonexthop or no-gateway routes which
are already marked DST_HOST (e.g. input routes routes) will always be
invalidated during sk_dst_check. Thus per-socket dst caching absolutely
had no effect and early demuxing had no effect.

Thus this patch removes rt6i_genid: fn_sernum already gets modified during
add operations, so we only must ensure we mutate fn_sernum during ipv6
address remove operations. This is a fairly cost extensive operations,
but address removal should not happen that often. Also our mtu update
functions do the same and we heard no complains so far. xfrm policy
changes also cause a call into fib6_flush_trees. Also plug a hole in
rt6_info (no cacheline changes).

I verified via tracing that this change has effect.

Cc: Eric Dumazet &lt;eric.dumazet@gmail.com&gt;
Cc: YOSHIFUJI Hideaki &lt;hideaki@yoshifuji.org&gt;
Cc: Vlad Yasevich &lt;vyasevich@gmail.com&gt;
Cc: Nicolas Dichtel &lt;nicolas.dichtel@6wind.com&gt;
Cc: Martin Lau &lt;kafai@fb.com&gt;
Signed-off-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>xfrm: Generate blackhole routes only from route lookup functions</title>
<updated>2014-10-15T10:05:29+00:00</updated>
<author>
<name>Steffen Klassert</name>
<email>steffen.klassert@secunet.com</email>
</author>
<published>2014-09-16T08:08:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=de541d0ce196bc1bf04caefc5b8a55f25b165517'/>
<id>de541d0ce196bc1bf04caefc5b8a55f25b165517</id>
<content type='text'>
[ Upstream commit f92ee61982d6da15a9e49664ecd6405a15a2ee56 ]

Currently we genarate a blackhole route route whenever we have
matching policies but can not resolve the states. Here we assume
that dst_output() is called to kill the balckholed packets.
Unfortunately this assumption is not true in all cases, so
it is possible that these packets leave the system unwanted.

We fix this by generating blackhole routes only from the
route lookup functions, here we can guarantee a call to
dst_output() afterwards.

Fixes: 2774c131b1d ("xfrm: Handle blackhole route creation via afinfo.")
Reported-by: Konstantinos Kolelis &lt;k.kolelis@sirrix.com&gt;
Signed-off-by: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit f92ee61982d6da15a9e49664ecd6405a15a2ee56 ]

Currently we genarate a blackhole route route whenever we have
matching policies but can not resolve the states. Here we assume
that dst_output() is called to kill the balckholed packets.
Unfortunately this assumption is not true in all cases, so
it is possible that these packets leave the system unwanted.

We fix this by generating blackhole routes only from the
route lookup functions, here we can guarantee a call to
dst_output() afterwards.

Fixes: 2774c131b1d ("xfrm: Handle blackhole route creation via afinfo.")
Reported-by: Konstantinos Kolelis &lt;k.kolelis@sirrix.com&gt;
Signed-off-by: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ipv6: restore the behavior of ipv6_sock_ac_drop()</title>
<updated>2014-10-15T10:05:28+00:00</updated>
<author>
<name>WANG Cong</name>
<email>xiyou.wangcong@gmail.com</email>
</author>
<published>2014-09-05T21:33:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2022f408695b5b090cca9c76804e44e84215bfda'/>
<id>2022f408695b5b090cca9c76804e44e84215bfda</id>
<content type='text'>
[ Upstream commit de185ab46cb02df9738b0d898b0c3a89181c5526 ]

It is possible that the interface is already gone after joining
the list of anycast on this interface as we don't hold a refcount
for the device, in this case we are safe to ignore the error.

What's more important, for API compatibility we should not
change this behavior for applications even if it were correct.

Fixes: commit a9ed4a2986e13011 ("ipv6: fix rtnl locking in setsockopt for anycast and multicast")
Cc: Sabrina Dubroca &lt;sd@queasysnail.net&gt;
Cc: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Cong Wang &lt;xiyou.wangcong@gmail.com&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit de185ab46cb02df9738b0d898b0c3a89181c5526 ]

It is possible that the interface is already gone after joining
the list of anycast on this interface as we don't hold a refcount
for the device, in this case we are safe to ignore the error.

What's more important, for API compatibility we should not
change this behavior for applications even if it were correct.

Fixes: commit a9ed4a2986e13011 ("ipv6: fix rtnl locking in setsockopt for anycast and multicast")
Cc: Sabrina Dubroca &lt;sd@queasysnail.net&gt;
Cc: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Cong Wang &lt;xiyou.wangcong@gmail.com&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ipv6: fix rtnl locking in setsockopt for anycast and multicast</title>
<updated>2014-10-15T10:05:28+00:00</updated>
<author>
<name>Sabrina Dubroca</name>
<email>sd@queasysnail.net</email>
</author>
<published>2014-09-02T08:29:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e06d2bcb5b9918e3674198c32fce1a4524d11d40'/>
<id>e06d2bcb5b9918e3674198c32fce1a4524d11d40</id>
<content type='text'>
[ Upstream commit a9ed4a2986e13011fcf4ed2d1a1647c53112f55b ]

Calling setsockopt with IPV6_JOIN_ANYCAST or IPV6_LEAVE_ANYCAST
triggers the assertion in addrconf_join_solict()/addrconf_leave_solict()

ipv6_sock_ac_join(), ipv6_sock_ac_drop(), ipv6_sock_ac_close() need to
take RTNL before calling ipv6_dev_ac_inc/dec. Same thing with
ipv6_sock_mc_join(), ipv6_sock_mc_drop(), ipv6_sock_mc_close() before
calling ipv6_dev_mc_inc/dec.

This patch moves ASSERT_RTNL() up a level in the call stack.

Signed-off-by: Cong Wang &lt;xiyou.wangcong@gmail.com&gt;
Signed-off-by: Sabrina Dubroca &lt;sd@queasysnail.net&gt;
Reported-by: Tommi Rantala &lt;tt.rantala@gmail.com&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit a9ed4a2986e13011fcf4ed2d1a1647c53112f55b ]

Calling setsockopt with IPV6_JOIN_ANYCAST or IPV6_LEAVE_ANYCAST
triggers the assertion in addrconf_join_solict()/addrconf_leave_solict()

ipv6_sock_ac_join(), ipv6_sock_ac_drop(), ipv6_sock_ac_close() need to
take RTNL before calling ipv6_dev_ac_inc/dec. Same thing with
ipv6_sock_mc_join(), ipv6_sock_mc_drop(), ipv6_sock_mc_close() before
calling ipv6_dev_mc_inc/dec.

This patch moves ASSERT_RTNL() up a level in the call stack.

Signed-off-by: Cong Wang &lt;xiyou.wangcong@gmail.com&gt;
Signed-off-by: Sabrina Dubroca &lt;sd@queasysnail.net&gt;
Reported-by: Tommi Rantala &lt;tt.rantala@gmail.com&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: ipv6: fib: don't sleep inside atomic lock</title>
<updated>2014-10-15T10:05:27+00:00</updated>
<author>
<name>Benjamin Block</name>
<email>bebl@mageta.org</email>
</author>
<published>2014-08-21T17:37:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3f719b11a33f06ace77cb0ef6e0b637968c81683'/>
<id>3f719b11a33f06ace77cb0ef6e0b637968c81683</id>
<content type='text'>
[ Upstream commit 793c3b4000a1ef611ae7e5c89bd2a9c6b776cb5e ]

The function fib6_commit_metrics() allocates a piece of memory in mode
GFP_KERNEL while holding an atomic lock from higher up in the stack, in
the function __ip6_ins_rt(). This produces the following BUG:

&gt; BUG: sleeping function called from invalid context at mm/slub.c:1250
&gt; in_atomic(): 1, irqs_disabled(): 0, pid: 2909, name: dhcpcd
&gt; 2 locks held by dhcpcd/2909:
&gt;  #0:  (rtnl_mutex){+.+.+.}, at: [&lt;ffffffff81978e67&gt;] rtnl_lock+0x17/0x20
&gt;  #1:  (&amp;tb-&gt;tb6_lock){++--+.}, at: [&lt;ffffffff81a6951a&gt;] ip6_route_add+0x65a/0x800
&gt; CPU: 1 PID: 2909 Comm: dhcpcd Not tainted 3.17.0-rc1 #1
&gt; Hardware name: ASUS All Series/Q87T, BIOS 0216 10/16/2013
&gt;  0000000000000008 ffff8800c8f13858 ffffffff81af135a 0000000000000000
&gt;  ffff880212202430 ffff8800c8f13878 ffffffff810f8d3a ffff880212202c98
&gt;  0000000000000010 ffff8800c8f138c8 ffffffff8121ad0e 0000000000000001
&gt; Call Trace:
&gt;  [&lt;ffffffff81af135a&gt;] dump_stack+0x4e/0x68
&gt;  [&lt;ffffffff810f8d3a&gt;] __might_sleep+0x10a/0x120
&gt;  [&lt;ffffffff8121ad0e&gt;] kmem_cache_alloc_trace+0x4e/0x190
&gt;  [&lt;ffffffff81a6bcd6&gt;] ? fib6_commit_metrics+0x66/0x110
&gt;  [&lt;ffffffff81a6bcd6&gt;] fib6_commit_metrics+0x66/0x110
&gt;  [&lt;ffffffff81a6cbf3&gt;] fib6_add+0x883/0xa80
&gt;  [&lt;ffffffff81a6951a&gt;] ? ip6_route_add+0x65a/0x800
&gt;  [&lt;ffffffff81a69535&gt;] ip6_route_add+0x675/0x800
&gt;  [&lt;ffffffff81a68f2a&gt;] ? ip6_route_add+0x6a/0x800
&gt;  [&lt;ffffffff81a6990c&gt;] inet6_rtm_newroute+0x5c/0x80
&gt;  [&lt;ffffffff8197cf01&gt;] rtnetlink_rcv_msg+0x211/0x260
&gt;  [&lt;ffffffff81978e67&gt;] ? rtnl_lock+0x17/0x20
&gt;  [&lt;ffffffff81119708&gt;] ? lock_release_holdtime+0x28/0x180
&gt;  [&lt;ffffffff81978e67&gt;] ? rtnl_lock+0x17/0x20
&gt;  [&lt;ffffffff8197ccf0&gt;] ? __rtnl_unlock+0x20/0x20
&gt;  [&lt;ffffffff819a989e&gt;] netlink_rcv_skb+0x6e/0xd0
&gt;  [&lt;ffffffff81978ee5&gt;] rtnetlink_rcv+0x25/0x40
&gt;  [&lt;ffffffff819a8e59&gt;] netlink_unicast+0xd9/0x180
&gt;  [&lt;ffffffff819a9600&gt;] netlink_sendmsg+0x700/0x770
&gt;  [&lt;ffffffff81103735&gt;] ? local_clock+0x25/0x30
&gt;  [&lt;ffffffff8194e83c&gt;] sock_sendmsg+0x6c/0x90
&gt;  [&lt;ffffffff811f98e3&gt;] ? might_fault+0xa3/0xb0
&gt;  [&lt;ffffffff8195ca6d&gt;] ? verify_iovec+0x7d/0xf0
&gt;  [&lt;ffffffff8194ec3e&gt;] ___sys_sendmsg+0x37e/0x3b0
&gt;  [&lt;ffffffff8111ef15&gt;] ? trace_hardirqs_on_caller+0x185/0x220
&gt;  [&lt;ffffffff81af979e&gt;] ? mutex_unlock+0xe/0x10
&gt;  [&lt;ffffffff819a55ec&gt;] ? netlink_insert+0xbc/0xe0
&gt;  [&lt;ffffffff819a65e5&gt;] ? netlink_autobind.isra.30+0x125/0x150
&gt;  [&lt;ffffffff819a6520&gt;] ? netlink_autobind.isra.30+0x60/0x150
&gt;  [&lt;ffffffff819a84f9&gt;] ? netlink_bind+0x159/0x230
&gt;  [&lt;ffffffff811f989a&gt;] ? might_fault+0x5a/0xb0
&gt;  [&lt;ffffffff8194f25e&gt;] ? SYSC_bind+0x7e/0xd0
&gt;  [&lt;ffffffff8194f8cd&gt;] __sys_sendmsg+0x4d/0x80
&gt;  [&lt;ffffffff8194f912&gt;] SyS_sendmsg+0x12/0x20
&gt;  [&lt;ffffffff81afc692&gt;] system_call_fastpath+0x16/0x1b

Fixing this by replacing the mode GFP_KERNEL with GFP_ATOMIC.

Signed-off-by: Benjamin Block &lt;bebl@mageta.org&gt;
Acked-by: David Rientjes &lt;rientjes@google.com&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 793c3b4000a1ef611ae7e5c89bd2a9c6b776cb5e ]

The function fib6_commit_metrics() allocates a piece of memory in mode
GFP_KERNEL while holding an atomic lock from higher up in the stack, in
the function __ip6_ins_rt(). This produces the following BUG:

&gt; BUG: sleeping function called from invalid context at mm/slub.c:1250
&gt; in_atomic(): 1, irqs_disabled(): 0, pid: 2909, name: dhcpcd
&gt; 2 locks held by dhcpcd/2909:
&gt;  #0:  (rtnl_mutex){+.+.+.}, at: [&lt;ffffffff81978e67&gt;] rtnl_lock+0x17/0x20
&gt;  #1:  (&amp;tb-&gt;tb6_lock){++--+.}, at: [&lt;ffffffff81a6951a&gt;] ip6_route_add+0x65a/0x800
&gt; CPU: 1 PID: 2909 Comm: dhcpcd Not tainted 3.17.0-rc1 #1
&gt; Hardware name: ASUS All Series/Q87T, BIOS 0216 10/16/2013
&gt;  0000000000000008 ffff8800c8f13858 ffffffff81af135a 0000000000000000
&gt;  ffff880212202430 ffff8800c8f13878 ffffffff810f8d3a ffff880212202c98
&gt;  0000000000000010 ffff8800c8f138c8 ffffffff8121ad0e 0000000000000001
&gt; Call Trace:
&gt;  [&lt;ffffffff81af135a&gt;] dump_stack+0x4e/0x68
&gt;  [&lt;ffffffff810f8d3a&gt;] __might_sleep+0x10a/0x120
&gt;  [&lt;ffffffff8121ad0e&gt;] kmem_cache_alloc_trace+0x4e/0x190
&gt;  [&lt;ffffffff81a6bcd6&gt;] ? fib6_commit_metrics+0x66/0x110
&gt;  [&lt;ffffffff81a6bcd6&gt;] fib6_commit_metrics+0x66/0x110
&gt;  [&lt;ffffffff81a6cbf3&gt;] fib6_add+0x883/0xa80
&gt;  [&lt;ffffffff81a6951a&gt;] ? ip6_route_add+0x65a/0x800
&gt;  [&lt;ffffffff81a69535&gt;] ip6_route_add+0x675/0x800
&gt;  [&lt;ffffffff81a68f2a&gt;] ? ip6_route_add+0x6a/0x800
&gt;  [&lt;ffffffff81a6990c&gt;] inet6_rtm_newroute+0x5c/0x80
&gt;  [&lt;ffffffff8197cf01&gt;] rtnetlink_rcv_msg+0x211/0x260
&gt;  [&lt;ffffffff81978e67&gt;] ? rtnl_lock+0x17/0x20
&gt;  [&lt;ffffffff81119708&gt;] ? lock_release_holdtime+0x28/0x180
&gt;  [&lt;ffffffff81978e67&gt;] ? rtnl_lock+0x17/0x20
&gt;  [&lt;ffffffff8197ccf0&gt;] ? __rtnl_unlock+0x20/0x20
&gt;  [&lt;ffffffff819a989e&gt;] netlink_rcv_skb+0x6e/0xd0
&gt;  [&lt;ffffffff81978ee5&gt;] rtnetlink_rcv+0x25/0x40
&gt;  [&lt;ffffffff819a8e59&gt;] netlink_unicast+0xd9/0x180
&gt;  [&lt;ffffffff819a9600&gt;] netlink_sendmsg+0x700/0x770
&gt;  [&lt;ffffffff81103735&gt;] ? local_clock+0x25/0x30
&gt;  [&lt;ffffffff8194e83c&gt;] sock_sendmsg+0x6c/0x90
&gt;  [&lt;ffffffff811f98e3&gt;] ? might_fault+0xa3/0xb0
&gt;  [&lt;ffffffff8195ca6d&gt;] ? verify_iovec+0x7d/0xf0
&gt;  [&lt;ffffffff8194ec3e&gt;] ___sys_sendmsg+0x37e/0x3b0
&gt;  [&lt;ffffffff8111ef15&gt;] ? trace_hardirqs_on_caller+0x185/0x220
&gt;  [&lt;ffffffff81af979e&gt;] ? mutex_unlock+0xe/0x10
&gt;  [&lt;ffffffff819a55ec&gt;] ? netlink_insert+0xbc/0xe0
&gt;  [&lt;ffffffff819a65e5&gt;] ? netlink_autobind.isra.30+0x125/0x150
&gt;  [&lt;ffffffff819a6520&gt;] ? netlink_autobind.isra.30+0x60/0x150
&gt;  [&lt;ffffffff819a84f9&gt;] ? netlink_bind+0x159/0x230
&gt;  [&lt;ffffffff811f989a&gt;] ? might_fault+0x5a/0xb0
&gt;  [&lt;ffffffff8194f25e&gt;] ? SYSC_bind+0x7e/0xd0
&gt;  [&lt;ffffffff8194f8cd&gt;] __sys_sendmsg+0x4d/0x80
&gt;  [&lt;ffffffff8194f912&gt;] SyS_sendmsg+0x12/0x20
&gt;  [&lt;ffffffff81afc692&gt;] system_call_fastpath+0x16/0x1b

Fixing this by replacing the mode GFP_KERNEL with GFP_ATOMIC.

Signed-off-by: Benjamin Block &lt;bebl@mageta.org&gt;
Acked-by: David Rientjes &lt;rientjes@google.com&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcp: fix tcp_release_cb() to dispatch via address family for mtu_reduced()</title>
<updated>2014-10-15T10:05:27+00:00</updated>
<author>
<name>Neal Cardwell</name>
<email>ncardwell@google.com</email>
</author>
<published>2014-08-14T16:40:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=72dcbec4fce2c3e60f3a09f042076844386ee1b6'/>
<id>72dcbec4fce2c3e60f3a09f042076844386ee1b6</id>
<content type='text'>
[ Upstream commit 4fab9071950c2021d846e18351e0f46a1cffd67b ]

Make sure we use the correct address-family-specific function for
handling MTU reductions from within tcp_release_cb().

Previously AF_INET6 sockets were incorrectly always using the IPv6
code path when sometimes they were handling IPv4 traffic and thus had
an IPv4 dst.

Signed-off-by: Neal Cardwell &lt;ncardwell@google.com&gt;
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Diagnosed-by: Willem de Bruijn &lt;willemb@google.com&gt;
Fixes: 563d34d057862 ("tcp: dont drop MTU reduction indications")
Reviewed-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 4fab9071950c2021d846e18351e0f46a1cffd67b ]

Make sure we use the correct address-family-specific function for
handling MTU reductions from within tcp_release_cb().

Previously AF_INET6 sockets were incorrectly always using the IPv6
code path when sometimes they were handling IPv4 traffic and thus had
an IPv4 dst.

Signed-off-by: Neal Cardwell &lt;ncardwell@google.com&gt;
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Diagnosed-by: Willem de Bruijn &lt;willemb@google.com&gt;
Fixes: 563d34d057862 ("tcp: dont drop MTU reduction indications")
Reviewed-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>sit: Fix ipip6_tunnel_lookup device matching criteria</title>
<updated>2014-10-15T10:05:27+00:00</updated>
<author>
<name>Shmulik Ladkani</name>
<email>shmulik.ladkani@gmail.com</email>
</author>
<published>2014-08-14T12:27:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e72790ed87c2c9f7b4aaf825b0f33b10e576a374'/>
<id>e72790ed87c2c9f7b4aaf825b0f33b10e576a374</id>
<content type='text'>
[ Upstream commit bc8fc7b8f825ef17a0fb9e68c18ce94fa66ab337 ]

As of 4fddbf5d78 ("sit: strictly restrict incoming traffic to tunnel link device"),
when looking up a tunnel, tunnel's underlying interface (t-&gt;parms.link)
is verified to match incoming traffic's ingress device.

However the comparison was incorrectly based on skb-&gt;dev-&gt;iflink.

Instead, dev-&gt;ifindex should be used, which correctly represents the
interface from which the IP stack hands the ipip6 packets.

This allows setting up sit tunnels bound to vlan interfaces (otherwise
incoming ipip6 traffic on the vlan interface was dropped due to
ipip6_tunnel_lookup match failure).

Signed-off-by: Shmulik Ladkani &lt;shmulik.ladkani@gmail.com&gt;
Acked-by: Nicolas Dichtel &lt;nicolas.dichtel@6wind.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit bc8fc7b8f825ef17a0fb9e68c18ce94fa66ab337 ]

As of 4fddbf5d78 ("sit: strictly restrict incoming traffic to tunnel link device"),
when looking up a tunnel, tunnel's underlying interface (t-&gt;parms.link)
is verified to match incoming traffic's ingress device.

However the comparison was incorrectly based on skb-&gt;dev-&gt;iflink.

Instead, dev-&gt;ifindex should be used, which correctly represents the
interface from which the IP stack hands the ipip6 packets.

This allows setting up sit tunnels bound to vlan interfaces (otherwise
incoming ipip6 traffic on the vlan interface was dropped due to
ipip6_tunnel_lookup match failure).

Signed-off-by: Shmulik Ladkani &lt;shmulik.ladkani@gmail.com&gt;
Acked-by: Nicolas Dichtel &lt;nicolas.dichtel@6wind.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ip: make IP identifiers less predictable</title>
<updated>2014-07-29T01:46:34+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2014-07-26T06:58:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=04ca6973f7c1a0d8537f2d9906a0cf8e69886d75'/>
<id>04ca6973f7c1a0d8537f2d9906a0cf8e69886d75</id>
<content type='text'>
In "Counting Packets Sent Between Arbitrary Internet Hosts", Jeffrey and
Jedidiah describe ways exploiting linux IP identifier generation to
infer whether two machines are exchanging packets.

With commit 73f156a6e8c1 ("inetpeer: get rid of ip_id_count"), we
changed IP id generation, but this does not really prevent this
side-channel technique.

This patch adds a random amount of perturbation so that IP identifiers
for a given destination [1] are no longer monotonically increasing after
an idle period.

Note that prandom_u32_max(1) returns 0, so if generator is used at most
once per jiffy, this patch inserts no hole in the ID suite and do not
increase collision probability.

This is jiffies based, so in the worst case (HZ=1000), the id can
rollover after ~65 seconds of idle time, which should be fine.

We also change the hash used in __ip_select_ident() to not only hash
on daddr, but also saddr and protocol, so that ICMP probes can not be
used to infer information for other protocols.

For IPv6, adds saddr into the hash as well, but not nexthdr.

If I ping the patched target, we can see ID are now hard to predict.

21:57:11.008086 IP (...)
    A &gt; target: ICMP echo request, seq 1, length 64
21:57:11.010752 IP (... id 2081 ...)
    target &gt; A: ICMP echo reply, seq 1, length 64

21:57:12.013133 IP (...)
    A &gt; target: ICMP echo request, seq 2, length 64
21:57:12.015737 IP (... id 3039 ...)
    target &gt; A: ICMP echo reply, seq 2, length 64

21:57:13.016580 IP (...)
    A &gt; target: ICMP echo request, seq 3, length 64
21:57:13.019251 IP (... id 3437 ...)
    target &gt; A: ICMP echo reply, seq 3, length 64

[1] TCP sessions uses a per flow ID generator not changed by this patch.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Reported-by: Jeffrey Knockel &lt;jeffk@cs.unm.edu&gt;
Reported-by: Jedidiah R. Crandall &lt;crandall@cs.unm.edu&gt;
Cc: Willy Tarreau &lt;w@1wt.eu&gt;
Cc: Hannes Frederic Sowa &lt;hannes@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In "Counting Packets Sent Between Arbitrary Internet Hosts", Jeffrey and
Jedidiah describe ways exploiting linux IP identifier generation to
infer whether two machines are exchanging packets.

With commit 73f156a6e8c1 ("inetpeer: get rid of ip_id_count"), we
changed IP id generation, but this does not really prevent this
side-channel technique.

This patch adds a random amount of perturbation so that IP identifiers
for a given destination [1] are no longer monotonically increasing after
an idle period.

Note that prandom_u32_max(1) returns 0, so if generator is used at most
once per jiffy, this patch inserts no hole in the ID suite and do not
increase collision probability.

This is jiffies based, so in the worst case (HZ=1000), the id can
rollover after ~65 seconds of idle time, which should be fine.

We also change the hash used in __ip_select_ident() to not only hash
on daddr, but also saddr and protocol, so that ICMP probes can not be
used to infer information for other protocols.

For IPv6, adds saddr into the hash as well, but not nexthdr.

If I ping the patched target, we can see ID are now hard to predict.

21:57:11.008086 IP (...)
    A &gt; target: ICMP echo request, seq 1, length 64
21:57:11.010752 IP (... id 2081 ...)
    target &gt; A: ICMP echo reply, seq 1, length 64

21:57:12.013133 IP (...)
    A &gt; target: ICMP echo request, seq 2, length 64
21:57:12.015737 IP (... id 3039 ...)
    target &gt; A: ICMP echo reply, seq 2, length 64

21:57:13.016580 IP (...)
    A &gt; target: ICMP echo request, seq 3, length 64
21:57:13.019251 IP (... id 3437 ...)
    target &gt; A: ICMP echo reply, seq 3, length 64

[1] TCP sessions uses a per flow ID generator not changed by this patch.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Reported-by: Jeffrey Knockel &lt;jeffk@cs.unm.edu&gt;
Reported-by: Jedidiah R. Crandall &lt;crandall@cs.unm.edu&gt;
Cc: Willy Tarreau &lt;w@1wt.eu&gt;
Cc: Hannes Frederic Sowa &lt;hannes@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net-gre-gro: Fix a bug that breaks the forwarding path</title>
<updated>2014-07-16T21:45:26+00:00</updated>
<author>
<name>Jerry Chu</name>
<email>hkchu@google.com</email>
</author>
<published>2014-07-14T22:54:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c3caf1192f904de2f1381211f564537235d50de3'/>
<id>c3caf1192f904de2f1381211f564537235d50de3</id>
<content type='text'>
Fixed a bug that was introduced by my GRE-GRO patch
(bf5a755f5e9186406bbf50f4087100af5bd68e40 net-gre-gro: Add GRE
support to the GRO stack) that breaks the forwarding path
because various GSO related fields were not set. The bug will
cause on the egress path either the GSO code to fail, or a
GRE-TSO capable (NETIF_F_GSO_GRE) NICs to choke. The following
fix has been tested for both cases.

Signed-off-by: H.K. Jerry Chu &lt;hkchu@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fixed a bug that was introduced by my GRE-GRO patch
(bf5a755f5e9186406bbf50f4087100af5bd68e40 net-gre-gro: Add GRE
support to the GRO stack) that breaks the forwarding path
because various GSO related fields were not set. The bug will
cause on the egress path either the GSO code to fail, or a
GRE-TSO capable (NETIF_F_GSO_GRE) NICs to choke. The following
fix has been tested for both cases.

Signed-off-by: H.K. Jerry Chu &lt;hkchu@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
</feed>
