<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/net/core, branch v4.9-rc5</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net</title>
<updated>2016-10-30T03:33:20+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2016-10-30T03:33:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=2a26d99b251b8625d27aed14e97fc10707a3a81f'/>
<id>2a26d99b251b8625d27aed14e97fc10707a3a81f</id>
<content type='text'>
Pull networking fixes from David Miller:
 "Lots of fixes, mostly drivers as is usually the case.

   1) Don't treat zero DMA address as invalid in vmxnet3, from Alexey
      Khoroshilov.

   2) Fix element timeouts in netfilter's nft_dynset, from Anders K.
      Pedersen.

   3) Don't put aead_req crypto struct on the stack in mac80211, from
      Ard Biesheuvel.

   4) Several uninitialized variable warning fixes from Arnd Bergmann.

   5) Fix memory leak in cxgb4, from Colin Ian King.

   6) Fix bpf handling of VLAN header push/pop, from Daniel Borkmann.

   7) Several VRF semantic fixes from David Ahern.

   8) Set skb-&gt;protocol properly in ip6_tnl_xmit(), from Eli Cooper.

   9) Socket needs to be locked in udp_disconnect(), from Eric Dumazet.

  10) Div-by-zero on 32-bit fix in mlx4 driver, from Eugenia Emantayev.

  11) Fix stale link state during failover in NCSCI driver, from Gavin
      Shan.

  12) Fix netdev lower adjacency list traversal, from Ido Schimmel.

  13) Propvide proper handle when emitting notifications of filter
      deletes, from Jamal Hadi Salim.

  14) Memory leaks and big-endian issues in rtl8xxxu, from Jes Sorensen.

  15) Fix DESYNC_FACTOR handling in ipv6, from Jiri Bohac.

  16) Several routing offload fixes in mlxsw driver, from Jiri Pirko.

  17) Fix broadcast sync problem in TIPC, from Jon Paul Maloy.

  18) Validate chunk len before using it in SCTP, from Marcelo Ricardo
      Leitner.

  19) Revert a netns locking change that causes regressions, from Paul
      Moore.

  20) Add recursion limit to GRO handling, from Sabrina Dubroca.

  21) GFP_KERNEL in irq context fix in ibmvnic, from Thomas Falcon.

  22) Avoid accessing stale vxlan/geneve socket in data path, from
      Pravin Shelar"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (189 commits)
  geneve: avoid using stale geneve socket.
  vxlan: avoid using stale vxlan socket.
  qede: Fix out-of-bound fastpath memory access
  net: phy: dp83848: add dp83822 PHY support
  enic: fix rq disable
  tipc: fix broadcast link synchronization problem
  ibmvnic: Fix missing brackets in init_sub_crq_irqs
  ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context
  Revert "ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context"
  arch/powerpc: Update parameters for csum_tcpudp_magic &amp; csum_tcpudp_nofold
  net/mlx4_en: Save slave ethtool stats command
  net/mlx4_en: Fix potential deadlock in port statistics flow
  net/mlx4: Fix firmware command timeout during interrupt test
  net/mlx4_core: Do not access comm channel if it has not yet been initialized
  net/mlx4_en: Fix panic during reboot
  net/mlx4_en: Process all completions in RX rings after port goes up
  net/mlx4_en: Resolve dividing by zero in 32-bit system
  net/mlx4_core: Change the default value of enable_qos
  net/mlx4_core: Avoid setting ports to auto when only one port type is supported
  net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull networking fixes from David Miller:
 "Lots of fixes, mostly drivers as is usually the case.

   1) Don't treat zero DMA address as invalid in vmxnet3, from Alexey
      Khoroshilov.

   2) Fix element timeouts in netfilter's nft_dynset, from Anders K.
      Pedersen.

   3) Don't put aead_req crypto struct on the stack in mac80211, from
      Ard Biesheuvel.

   4) Several uninitialized variable warning fixes from Arnd Bergmann.

   5) Fix memory leak in cxgb4, from Colin Ian King.

   6) Fix bpf handling of VLAN header push/pop, from Daniel Borkmann.

   7) Several VRF semantic fixes from David Ahern.

   8) Set skb-&gt;protocol properly in ip6_tnl_xmit(), from Eli Cooper.

   9) Socket needs to be locked in udp_disconnect(), from Eric Dumazet.

  10) Div-by-zero on 32-bit fix in mlx4 driver, from Eugenia Emantayev.

  11) Fix stale link state during failover in NCSCI driver, from Gavin
      Shan.

  12) Fix netdev lower adjacency list traversal, from Ido Schimmel.

  13) Propvide proper handle when emitting notifications of filter
      deletes, from Jamal Hadi Salim.

  14) Memory leaks and big-endian issues in rtl8xxxu, from Jes Sorensen.

  15) Fix DESYNC_FACTOR handling in ipv6, from Jiri Bohac.

  16) Several routing offload fixes in mlxsw driver, from Jiri Pirko.

  17) Fix broadcast sync problem in TIPC, from Jon Paul Maloy.

  18) Validate chunk len before using it in SCTP, from Marcelo Ricardo
      Leitner.

  19) Revert a netns locking change that causes regressions, from Paul
      Moore.

  20) Add recursion limit to GRO handling, from Sabrina Dubroca.

  21) GFP_KERNEL in irq context fix in ibmvnic, from Thomas Falcon.

  22) Avoid accessing stale vxlan/geneve socket in data path, from
      Pravin Shelar"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (189 commits)
  geneve: avoid using stale geneve socket.
  vxlan: avoid using stale vxlan socket.
  qede: Fix out-of-bound fastpath memory access
  net: phy: dp83848: add dp83822 PHY support
  enic: fix rq disable
  tipc: fix broadcast link synchronization problem
  ibmvnic: Fix missing brackets in init_sub_crq_irqs
  ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context
  Revert "ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context"
  arch/powerpc: Update parameters for csum_tcpudp_magic &amp; csum_tcpudp_nofold
  net/mlx4_en: Save slave ethtool stats command
  net/mlx4_en: Fix potential deadlock in port statistics flow
  net/mlx4: Fix firmware command timeout during interrupt test
  net/mlx4_core: Do not access comm channel if it has not yet been initialized
  net/mlx4_en: Fix panic during reboot
  net/mlx4_en: Process all completions in RX rings after port goes up
  net/mlx4_en: Resolve dividing by zero in 32-bit system
  net/mlx4_core: Change the default value of enable_qos
  net/mlx4_core: Avoid setting ports to auto when only one port type is supported
  net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>packet: on direct_xmit, limit tso and csum to supported devices</title>
<updated>2016-10-29T19:02:15+00:00</updated>
<author>
<name>Willem de Bruijn</name>
<email>willemb@google.com</email>
</author>
<published>2016-10-26T15:23:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=104ba78c98808ae837d1f63aae58c183db5505df'/>
<id>104ba78c98808ae837d1f63aae58c183db5505df</id>
<content type='text'>
When transmitting on a packet socket with PACKET_VNET_HDR and
PACKET_QDISC_BYPASS, validate device support for features requested
in vnet_hdr.

Drop TSO packets sent to devices that do not support TSO or have the
feature disabled. Note that the latter currently do process those
packets correctly, regardless of not advertising the feature.

Because of SKB_GSO_DODGY, it is not sufficient to test device features
with netif_needs_gso. Full validate_xmit_skb is needed.

Switch to software checksum for non-TSO packets that request checksum
offload if that device feature is unsupported or disabled. Note that
similar to the TSO case, device drivers may perform checksum offload
correctly even when not advertising it.

When switching to software checksum, packets hit skb_checksum_help,
which has two BUG_ON checksum not in linear segment. Packet sockets
always allocate at least up to csum_start + csum_off + 2 as linear.

Tested by running github.com/wdebruij/kerneltools/psock_txring_vnet.c

  ethtool -K eth0 tso off tx on
  psock_txring_vnet -d $dst -s $src -i eth0 -l 2000 -n 1 -q -v
  psock_txring_vnet -d $dst -s $src -i eth0 -l 2000 -n 1 -q -v -N

  ethtool -K eth0 tx off
  psock_txring_vnet -d $dst -s $src -i eth0 -l 1000 -n 1 -q -v -G
  psock_txring_vnet -d $dst -s $src -i eth0 -l 1000 -n 1 -q -v -G -N

v2:
  - add EXPORT_SYMBOL_GPL(validate_xmit_skb_list)

Fixes: d346a3fae3ff ("packet: introduce PACKET_QDISC_BYPASS socket option")
Signed-off-by: Willem de Bruijn &lt;willemb@google.com&gt;
Acked-by: Eric Dumazet &lt;edumazet@google.com&gt;
Acked-by: Daniel Borkmann &lt;daniel@iogearbox.net&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When transmitting on a packet socket with PACKET_VNET_HDR and
PACKET_QDISC_BYPASS, validate device support for features requested
in vnet_hdr.

Drop TSO packets sent to devices that do not support TSO or have the
feature disabled. Note that the latter currently do process those
packets correctly, regardless of not advertising the feature.

Because of SKB_GSO_DODGY, it is not sufficient to test device features
with netif_needs_gso. Full validate_xmit_skb is needed.

Switch to software checksum for non-TSO packets that request checksum
offload if that device feature is unsupported or disabled. Note that
similar to the TSO case, device drivers may perform checksum offload
correctly even when not advertising it.

When switching to software checksum, packets hit skb_checksum_help,
which has two BUG_ON checksum not in linear segment. Packet sockets
always allocate at least up to csum_start + csum_off + 2 as linear.

Tested by running github.com/wdebruij/kerneltools/psock_txring_vnet.c

  ethtool -K eth0 tso off tx on
  psock_txring_vnet -d $dst -s $src -i eth0 -l 2000 -n 1 -q -v
  psock_txring_vnet -d $dst -s $src -i eth0 -l 2000 -n 1 -q -v -N

  ethtool -K eth0 tx off
  psock_txring_vnet -d $dst -s $src -i eth0 -l 1000 -n 1 -q -v -G
  psock_txring_vnet -d $dst -s $src -i eth0 -l 1000 -n 1 -q -v -G -N

v2:
  - add EXPORT_SYMBOL_GPL(validate_xmit_skb_list)

Fixes: d346a3fae3ff ("packet: introduce PACKET_QDISC_BYPASS socket option")
Signed-off-by: Willem de Bruijn &lt;willemb@google.com&gt;
Acked-by: Eric Dumazet &lt;edumazet@google.com&gt;
Acked-by: Daniel Borkmann &lt;daniel@iogearbox.net&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>flow_dissector: fix vlan tag handling</title>
<updated>2016-10-27T20:36:03+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2016-10-24T21:40:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=bc72f3dd89e087e33afe8c490fbe132e3dcd9afe'/>
<id>bc72f3dd89e087e33afe8c490fbe132e3dcd9afe</id>
<content type='text'>
gcc warns about an uninitialized pointer dereference in the vlan
priority handling:

net/core/flow_dissector.c: In function '__skb_flow_dissect':
net/core/flow_dissector.c:281:61: error: 'vlan' may be used uninitialized in this function [-Werror=maybe-uninitialized]

As pointed out by Jiri Pirko, the variable is never actually used
without being initialized first as the only way it end up uninitialized
is with skb_vlan_tag_present(skb)==true, and that means it does not
get accessed.

However, the warning hints at some related issues that I'm addressing
here:

- the second check for the vlan tag is different from the first one
  that tests the skb for being NULL first, causing both the warning
  and a possible NULL pointer dereference that was not entirely fixed.
- The same patch that introduced the NULL pointer check dropped an
  earlier optimization that skipped the repeated check of the
  protocol type
- The local '_vlan' variable is referenced through the 'vlan' pointer
  but the variable has gone out of scope by the time that it is
  accessed, causing undefined behavior

Caching the result of the 'skb &amp;&amp; skb_vlan_tag_present(skb)' check
in a local variable allows the compiler to further optimize the
later check. With those changes, the warning also disappears.

Fixes: 3805a938a6c2 ("flow_dissector: Check skb for VLAN only if skb specified.")
Fixes: d5709f7ab776 ("flow_dissector: For stripped vlan, get vlan info from skb-&gt;vlan_tci")
Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Acked-by: Jiri Pirko &lt;jiri@mellanox.com&gt;
Acked-by: Eric Garver &lt;e@erig.me&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
gcc warns about an uninitialized pointer dereference in the vlan
priority handling:

net/core/flow_dissector.c: In function '__skb_flow_dissect':
net/core/flow_dissector.c:281:61: error: 'vlan' may be used uninitialized in this function [-Werror=maybe-uninitialized]

As pointed out by Jiri Pirko, the variable is never actually used
without being initialized first as the only way it end up uninitialized
is with skb_vlan_tag_present(skb)==true, and that means it does not
get accessed.

However, the warning hints at some related issues that I'm addressing
here:

- the second check for the vlan tag is different from the first one
  that tests the skb for being NULL first, causing both the warning
  and a possible NULL pointer dereference that was not entirely fixed.
- The same patch that introduced the NULL pointer check dropped an
  earlier optimization that skipped the repeated check of the
  protocol type
- The local '_vlan' variable is referenced through the 'vlan' pointer
  but the variable has gone out of scope by the time that it is
  accessed, causing undefined behavior

Caching the result of the 'skb &amp;&amp; skb_vlan_tag_present(skb)' check
in a local variable allows the compiler to further optimize the
later check. With those changes, the warning also disappears.

Fixes: 3805a938a6c2 ("flow_dissector: Check skb for VLAN only if skb specified.")
Fixes: d5709f7ab776 ("flow_dissector: For stripped vlan, get vlan info from skb-&gt;vlan_tci")
Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Acked-by: Jiri Pirko &lt;jiri@mellanox.com&gt;
Acked-by: Eric Garver &lt;e@erig.me&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>netns: revert "netns: avoid disabling irq for netns id"</title>
<updated>2016-10-22T20:16:29+00:00</updated>
<author>
<name>Paul Moore</name>
<email>paul@paul-moore.com</email>
</author>
<published>2016-10-22T01:49:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=2a73306b6096fafd5c2ae06ded1f92bbacb39df2'/>
<id>2a73306b6096fafd5c2ae06ded1f92bbacb39df2</id>
<content type='text'>
This reverts commit bc51dddf98c9 ("netns: avoid disabling irq for
netns id") as it was found to cause problems with systems running
SELinux/audit, see the mailing list thread below:

 * http://marc.info/?t=147694653900002&amp;r=1&amp;w=2

Eventually we should be able to reintroduce this code once we have
rewritten the audit multicast code to queue messages much the same
way we do for unicast messages.  A tracking issue for this can be
found below:

 * https://github.com/linux-audit/audit-kernel/issues/23

Reported-by: Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Reported-by: Elad Raz &lt;e@eladraz.com&gt;
Cc: Cong Wang &lt;xiyou.wangcong@gmail.com&gt;
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This reverts commit bc51dddf98c9 ("netns: avoid disabling irq for
netns id") as it was found to cause problems with systems running
SELinux/audit, see the mailing list thread below:

 * http://marc.info/?t=147694653900002&amp;r=1&amp;w=2

Eventually we should be able to reintroduce this code once we have
rewritten the audit multicast code to queue messages much the same
way we do for unicast messages.  A tracking issue for this can be
found below:

 * https://github.com/linux-audit/audit-kernel/issues/23

Reported-by: Stephen Smalley &lt;sds@tycho.nsa.gov&gt;
Reported-by: Elad Raz &lt;e@eladraz.com&gt;
Cc: Cong Wang &lt;xiyou.wangcong@gmail.com&gt;
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: add recursion limit to GRO</title>
<updated>2016-10-20T18:32:22+00:00</updated>
<author>
<name>Sabrina Dubroca</name>
<email>sd@queasysnail.net</email>
</author>
<published>2016-10-20T13:58:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=fcd91dd449867c6bfe56a81cabba76b829fd05cd'/>
<id>fcd91dd449867c6bfe56a81cabba76b829fd05cd</id>
<content type='text'>
Currently, GRO can do unlimited recursion through the gro_receive
handlers.  This was fixed for tunneling protocols by limiting tunnel GRO
to one level with encap_mark, but both VLAN and TEB still have this
problem.  Thus, the kernel is vulnerable to a stack overflow, if we
receive a packet composed entirely of VLAN headers.

This patch adds a recursion counter to the GRO layer to prevent stack
overflow.  When a gro_receive function hits the recursion limit, GRO is
aborted for this skb and it is processed normally.  This recursion
counter is put in the GRO CB, but could be turned into a percpu counter
if we run out of space in the CB.

Thanks to Vladimír Beneš &lt;vbenes@redhat.com&gt; for the initial bug report.

Fixes: CVE-2016-7039
Fixes: 9b174d88c257 ("net: Add Transparent Ethernet Bridging GRO support.")
Fixes: 66e5133f19e9 ("vlan: Add GRO support for non hardware accelerated vlan")
Signed-off-by: Sabrina Dubroca &lt;sd@queasysnail.net&gt;
Reviewed-by: Jiri Benc &lt;jbenc@redhat.com&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Acked-by: Tom Herbert &lt;tom@herbertland.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Currently, GRO can do unlimited recursion through the gro_receive
handlers.  This was fixed for tunneling protocols by limiting tunnel GRO
to one level with encap_mark, but both VLAN and TEB still have this
problem.  Thus, the kernel is vulnerable to a stack overflow, if we
receive a packet composed entirely of VLAN headers.

This patch adds a recursion counter to the GRO layer to prevent stack
overflow.  When a gro_receive function hits the recursion limit, GRO is
aborted for this skb and it is processed normally.  This recursion
counter is put in the GRO CB, but could be turned into a percpu counter
if we run out of space in the CB.

Thanks to Vladimír Beneš &lt;vbenes@redhat.com&gt; for the initial bug report.

Fixes: CVE-2016-7039
Fixes: 9b174d88c257 ("net: Add Transparent Ethernet Bridging GRO support.")
Fixes: 66e5133f19e9 ("vlan: Add GRO support for non hardware accelerated vlan")
Signed-off-by: Sabrina Dubroca &lt;sd@queasysnail.net&gt;
Reviewed-by: Jiri Benc &lt;jbenc@redhat.com&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Acked-by: Tom Herbert &lt;tom@herbertland.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: core: Correctly iterate over lower adjacency list</title>
<updated>2016-10-19T14:38:08+00:00</updated>
<author>
<name>Ido Schimmel</name>
<email>idosch@mellanox.com</email>
</author>
<published>2016-10-19T13:57:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=e4961b0768852d9eb7383e1a5df178eacb714656'/>
<id>e4961b0768852d9eb7383e1a5df178eacb714656</id>
<content type='text'>
Tamir reported the following trace when processing ARP requests received
via a vlan device on top of a VLAN-aware bridge:

 NMI watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [swapper/1:0]
[...]
 CPU: 1 PID: 0 Comm: swapper/1 Tainted: G        W       4.8.0-rc7 #1
 Hardware name: Mellanox Technologies Ltd. "MSN2100-CB2F"/"SA001017", BIOS 5.6.5 06/07/2016
 task: ffff88017edfea40 task.stack: ffff88017ee10000
 RIP: 0010:[&lt;ffffffff815dcc73&gt;]  [&lt;ffffffff815dcc73&gt;] netdev_all_lower_get_next_rcu+0x33/0x60
[...]
 Call Trace:
  &lt;IRQ&gt;
  [&lt;ffffffffa015de0a&gt;] mlxsw_sp_port_lower_dev_hold+0x5a/0xa0 [mlxsw_spectrum]
  [&lt;ffffffffa016f1b0&gt;] mlxsw_sp_router_netevent_event+0x80/0x150 [mlxsw_spectrum]
  [&lt;ffffffff810ad07a&gt;] notifier_call_chain+0x4a/0x70
  [&lt;ffffffff810ad13a&gt;] atomic_notifier_call_chain+0x1a/0x20
  [&lt;ffffffff815ee77b&gt;] call_netevent_notifiers+0x1b/0x20
  [&lt;ffffffff815f2eb6&gt;] neigh_update+0x306/0x740
  [&lt;ffffffff815f38ce&gt;] neigh_event_ns+0x4e/0xb0
  [&lt;ffffffff8165ea3f&gt;] arp_process+0x66f/0x700
  [&lt;ffffffff8170214c&gt;] ? common_interrupt+0x8c/0x8c
  [&lt;ffffffff8165ec29&gt;] arp_rcv+0x139/0x1d0
  [&lt;ffffffff816e505a&gt;] ? vlan_do_receive+0xda/0x320
  [&lt;ffffffff815e3794&gt;] __netif_receive_skb_core+0x524/0xab0
  [&lt;ffffffff815e6830&gt;] ? dev_queue_xmit+0x10/0x20
  [&lt;ffffffffa06d612d&gt;] ? br_forward_finish+0x3d/0xc0 [bridge]
  [&lt;ffffffffa06e5796&gt;] ? br_handle_vlan+0xf6/0x1b0 [bridge]
  [&lt;ffffffff815e3d38&gt;] __netif_receive_skb+0x18/0x60
  [&lt;ffffffff815e3dc0&gt;] netif_receive_skb_internal+0x40/0xb0
  [&lt;ffffffff815e3e4c&gt;] netif_receive_skb+0x1c/0x70
  [&lt;ffffffffa06d7856&gt;] br_pass_frame_up+0xc6/0x160 [bridge]
  [&lt;ffffffffa06d63d7&gt;] ? deliver_clone+0x37/0x50 [bridge]
  [&lt;ffffffffa06d656c&gt;] ? br_flood+0xcc/0x160 [bridge]
  [&lt;ffffffffa06d7b14&gt;] br_handle_frame_finish+0x224/0x4f0 [bridge]
  [&lt;ffffffffa06d7f94&gt;] br_handle_frame+0x174/0x300 [bridge]
  [&lt;ffffffff815e3599&gt;] __netif_receive_skb_core+0x329/0xab0
  [&lt;ffffffff81374815&gt;] ? find_next_bit+0x15/0x20
  [&lt;ffffffff8135e802&gt;] ? cpumask_next_and+0x32/0x50
  [&lt;ffffffff810c9968&gt;] ? load_balance+0x178/0x9b0
  [&lt;ffffffff815e3d38&gt;] __netif_receive_skb+0x18/0x60
  [&lt;ffffffff815e3dc0&gt;] netif_receive_skb_internal+0x40/0xb0
  [&lt;ffffffff815e3e4c&gt;] netif_receive_skb+0x1c/0x70
  [&lt;ffffffffa01544a1&gt;] mlxsw_sp_rx_listener_func+0x61/0xb0 [mlxsw_spectrum]
  [&lt;ffffffffa005c9f7&gt;] mlxsw_core_skb_receive+0x187/0x200 [mlxsw_core]
  [&lt;ffffffffa007332a&gt;] mlxsw_pci_cq_tasklet+0x63a/0x9b0 [mlxsw_pci]
  [&lt;ffffffff81091986&gt;] tasklet_action+0xf6/0x110
  [&lt;ffffffff81704556&gt;] __do_softirq+0xf6/0x280
  [&lt;ffffffff8109213f&gt;] irq_exit+0xdf/0xf0
  [&lt;ffffffff817042b4&gt;] do_IRQ+0x54/0xd0
  [&lt;ffffffff8170214c&gt;] common_interrupt+0x8c/0x8c

The problem is that netdev_all_lower_get_next_rcu() never advances the
iterator, thereby causing the loop over the lower adjacency list to run
forever.

Fix this by advancing the iterator and avoid the infinite loop.

Fixes: 7ce856aaaf13 ("mlxsw: spectrum: Add couple of lower device helper functions")
Signed-off-by: Ido Schimmel &lt;idosch@mellanox.com&gt;
Reported-by: Tamir Winetroub &lt;tamirw@mellanox.com&gt;
Reviewed-by: Jiri Pirko &lt;jiri@mellanox.com&gt;
Acked-by: David Ahern &lt;dsa@cumulusnetworks.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Tamir reported the following trace when processing ARP requests received
via a vlan device on top of a VLAN-aware bridge:

 NMI watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [swapper/1:0]
[...]
 CPU: 1 PID: 0 Comm: swapper/1 Tainted: G        W       4.8.0-rc7 #1
 Hardware name: Mellanox Technologies Ltd. "MSN2100-CB2F"/"SA001017", BIOS 5.6.5 06/07/2016
 task: ffff88017edfea40 task.stack: ffff88017ee10000
 RIP: 0010:[&lt;ffffffff815dcc73&gt;]  [&lt;ffffffff815dcc73&gt;] netdev_all_lower_get_next_rcu+0x33/0x60
[...]
 Call Trace:
  &lt;IRQ&gt;
  [&lt;ffffffffa015de0a&gt;] mlxsw_sp_port_lower_dev_hold+0x5a/0xa0 [mlxsw_spectrum]
  [&lt;ffffffffa016f1b0&gt;] mlxsw_sp_router_netevent_event+0x80/0x150 [mlxsw_spectrum]
  [&lt;ffffffff810ad07a&gt;] notifier_call_chain+0x4a/0x70
  [&lt;ffffffff810ad13a&gt;] atomic_notifier_call_chain+0x1a/0x20
  [&lt;ffffffff815ee77b&gt;] call_netevent_notifiers+0x1b/0x20
  [&lt;ffffffff815f2eb6&gt;] neigh_update+0x306/0x740
  [&lt;ffffffff815f38ce&gt;] neigh_event_ns+0x4e/0xb0
  [&lt;ffffffff8165ea3f&gt;] arp_process+0x66f/0x700
  [&lt;ffffffff8170214c&gt;] ? common_interrupt+0x8c/0x8c
  [&lt;ffffffff8165ec29&gt;] arp_rcv+0x139/0x1d0
  [&lt;ffffffff816e505a&gt;] ? vlan_do_receive+0xda/0x320
  [&lt;ffffffff815e3794&gt;] __netif_receive_skb_core+0x524/0xab0
  [&lt;ffffffff815e6830&gt;] ? dev_queue_xmit+0x10/0x20
  [&lt;ffffffffa06d612d&gt;] ? br_forward_finish+0x3d/0xc0 [bridge]
  [&lt;ffffffffa06e5796&gt;] ? br_handle_vlan+0xf6/0x1b0 [bridge]
  [&lt;ffffffff815e3d38&gt;] __netif_receive_skb+0x18/0x60
  [&lt;ffffffff815e3dc0&gt;] netif_receive_skb_internal+0x40/0xb0
  [&lt;ffffffff815e3e4c&gt;] netif_receive_skb+0x1c/0x70
  [&lt;ffffffffa06d7856&gt;] br_pass_frame_up+0xc6/0x160 [bridge]
  [&lt;ffffffffa06d63d7&gt;] ? deliver_clone+0x37/0x50 [bridge]
  [&lt;ffffffffa06d656c&gt;] ? br_flood+0xcc/0x160 [bridge]
  [&lt;ffffffffa06d7b14&gt;] br_handle_frame_finish+0x224/0x4f0 [bridge]
  [&lt;ffffffffa06d7f94&gt;] br_handle_frame+0x174/0x300 [bridge]
  [&lt;ffffffff815e3599&gt;] __netif_receive_skb_core+0x329/0xab0
  [&lt;ffffffff81374815&gt;] ? find_next_bit+0x15/0x20
  [&lt;ffffffff8135e802&gt;] ? cpumask_next_and+0x32/0x50
  [&lt;ffffffff810c9968&gt;] ? load_balance+0x178/0x9b0
  [&lt;ffffffff815e3d38&gt;] __netif_receive_skb+0x18/0x60
  [&lt;ffffffff815e3dc0&gt;] netif_receive_skb_internal+0x40/0xb0
  [&lt;ffffffff815e3e4c&gt;] netif_receive_skb+0x1c/0x70
  [&lt;ffffffffa01544a1&gt;] mlxsw_sp_rx_listener_func+0x61/0xb0 [mlxsw_spectrum]
  [&lt;ffffffffa005c9f7&gt;] mlxsw_core_skb_receive+0x187/0x200 [mlxsw_core]
  [&lt;ffffffffa007332a&gt;] mlxsw_pci_cq_tasklet+0x63a/0x9b0 [mlxsw_pci]
  [&lt;ffffffff81091986&gt;] tasklet_action+0xf6/0x110
  [&lt;ffffffff81704556&gt;] __do_softirq+0xf6/0x280
  [&lt;ffffffff8109213f&gt;] irq_exit+0xdf/0xf0
  [&lt;ffffffff817042b4&gt;] do_IRQ+0x54/0xd0
  [&lt;ffffffff8170214c&gt;] common_interrupt+0x8c/0x8c

The problem is that netdev_all_lower_get_next_rcu() never advances the
iterator, thereby causing the loop over the lower adjacency list to run
forever.

Fix this by advancing the iterator and avoid the infinite loop.

Fixes: 7ce856aaaf13 ("mlxsw: spectrum: Add couple of lower device helper functions")
Signed-off-by: Ido Schimmel &lt;idosch@mellanox.com&gt;
Reported-by: Tamir Winetroub &lt;tamirw@mellanox.com&gt;
Reviewed-by: Jiri Pirko &lt;jiri@mellanox.com&gt;
Acked-by: David Ahern &lt;dsa@cumulusnetworks.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>flow_dissector: Check skb for VLAN only if skb specified.</title>
<updated>2016-10-19T14:35:46+00:00</updated>
<author>
<name>Eric Garver</name>
<email>e@erig.me</email>
</author>
<published>2016-10-17T20:30:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=3805a938a6c24284863732fd45cec5a04609a224'/>
<id>3805a938a6c24284863732fd45cec5a04609a224</id>
<content type='text'>
Fixes a panic when calling eth_get_headlen(). Noticed on i40e driver.

Fixes: d5709f7ab776 ("flow_dissector: For stripped vlan, get vlan info from skb-&gt;vlan_tci")
Signed-off-by: Eric Garver &lt;e@erig.me&gt;
Reviewed-by: Jakub Sitnicki &lt;jkbs@redhat.com&gt;
Acked-by: Amir Vadai &lt;amir@vadai.me&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fixes a panic when calling eth_get_headlen(). Noticed on i40e driver.

Fixes: d5709f7ab776 ("flow_dissector: For stripped vlan, get vlan info from skb-&gt;vlan_tci")
Signed-off-by: Eric Garver &lt;e@erig.me&gt;
Reviewed-by: Jakub Sitnicki &lt;jkbs@redhat.com&gt;
Acked-by: Amir Vadai &lt;amir@vadai.me&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>soreuseport: do not export reuseport_add_sock()</title>
<updated>2016-10-18T18:18:23+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2016-10-17T21:22:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=41ee9c557ef5de992843b6dac35a199e651525cf'/>
<id>41ee9c557ef5de992843b6dac35a199e651525cf</id>
<content type='text'>
reuseport_add_sock() is not used from a module,
no need to export it.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
reuseport_add_sock() is not used from a module,
no need to export it.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: pktgen: remove rcu locking in pktgen_change_name()</title>
<updated>2016-10-17T14:52:59+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2016-10-15T15:50:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=9a0b1e8ba4061778897b544afc898de2163382f7'/>
<id>9a0b1e8ba4061778897b544afc898de2163382f7</id>
<content type='text'>
After Jesper commit back in linux-3.18, we trigger a lockdep
splat in proc_create_data() while allocating memory from
pktgen_change_name().

This patch converts t-&gt;if_lock to a mutex, since it is now only
used from control path, and adds proper locking to pktgen_change_name()

1) pktgen_thread_lock to protect the outer loop (iterating threads)
2) t-&gt;if_lock to protect the inner loop (iterating devices)

Note that before Jesper patch, pktgen_change_name() was lacking proper
protection, but lockdep was not able to detect the problem.

Fixes: 8788370a1d4b ("pktgen: RCU-ify "if_list" to remove lock in next_to_run()")
Reported-by: John Sperbeck &lt;jsperbeck@google.com&gt;
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Cc: Jesper Dangaard Brouer &lt;brouer@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
After Jesper commit back in linux-3.18, we trigger a lockdep
splat in proc_create_data() while allocating memory from
pktgen_change_name().

This patch converts t-&gt;if_lock to a mutex, since it is now only
used from control path, and adds proper locking to pktgen_change_name()

1) pktgen_thread_lock to protect the outer loop (iterating threads)
2) t-&gt;if_lock to protect the inner loop (iterating devices)

Note that before Jesper patch, pktgen_change_name() was lacking proper
protection, but lockdep was not able to detect the problem.

Fixes: 8788370a1d4b ("pktgen: RCU-ify "if_list" to remove lock in next_to_run()")
Reported-by: John Sperbeck &lt;jsperbeck@google.com&gt;
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Cc: Jesper Dangaard Brouer &lt;brouer@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'gcc-plugins-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux</title>
<updated>2016-10-15T17:03:15+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2016-10-15T17:03:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=9ffc66941df278c9f4df979b6bcf6c6ddafedd16'/>
<id>9ffc66941df278c9f4df979b6bcf6c6ddafedd16</id>
<content type='text'>
Pull gcc plugins update from Kees Cook:
 "This adds a new gcc plugin named "latent_entropy". It is designed to
  extract as much possible uncertainty from a running system at boot
  time as possible, hoping to capitalize on any possible variation in
  CPU operation (due to runtime data differences, hardware differences,
  SMP ordering, thermal timing variation, cache behavior, etc).

  At the very least, this plugin is a much more comprehensive example
  for how to manipulate kernel code using the gcc plugin internals"

* tag 'gcc-plugins-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  latent_entropy: Mark functions with __latent_entropy
  gcc-plugins: Add latent_entropy plugin
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull gcc plugins update from Kees Cook:
 "This adds a new gcc plugin named "latent_entropy". It is designed to
  extract as much possible uncertainty from a running system at boot
  time as possible, hoping to capitalize on any possible variation in
  CPU operation (due to runtime data differences, hardware differences,
  SMP ordering, thermal timing variation, cache behavior, etc).

  At the very least, this plugin is a much more comprehensive example
  for how to manipulate kernel code using the gcc plugin internals"

* tag 'gcc-plugins-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  latent_entropy: Mark functions with __latent_entropy
  gcc-plugins: Add latent_entropy plugin
</pre>
</div>
</content>
</entry>
</feed>
