1) More jumbo frame fixes in r8169, from Heiner Kallweit.
2) Fix bpf build in minimal configuration, from Alexei Starovoitov.
3) Use after free in slcan driver, from Jouni Hogander.
4) Flower classifier port ranges don't work properly in the HW
offload case, from Yoshiki Komachi.
5) Use after free in hns3_nic_maybe_stop_tx(), from Yunsheng Lin.
6) Out of bounds access in mqprio_dump(), from Vladyslav Tarasiuk.
7) Fix flow dissection in dsa TX path, from Alexander Lobakin.
8) Stale syncookie timestampe fixes from Guillaume Nault.
Please pull, thanks a lot!
The following changes since commit 596cf45cbf6e4fa7bcb0df33e373a7d062b644b5:
Merge branch 'akpm' (patches from Andrew) (2019-12-01 20:36:41 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git
for you to fetch changes up to 0fc75219fe9a3c90631453e9870e4f6d956f0ebc:
r8169: fix rtl_hw_jumbo_disable for RTL8168evl (2019-12-07 14:23:06 -0800)
----------------------------------------------------------------
Aaron Conole (2):
openvswitch: support asymmetric conntrack
act_ct: support asymmetric conntrack
Aditya Pakki (1):
pppoe: remove redundant BUG_ON() check in pppoe_pernet
Alexander Lobakin (1):
net: dsa: fix flow dissection on Tx path
Alexandru Ardelean (1):
NFC: NCI: use new `delay` structure for SPI transfer delays
Alexei Starovoitov (3):
bpf: Fix static checker warning
libbpf: Fix sym->st_value print on 32-bit arches
bpf: Fix build in minimal configurations
Andrii Nakryiko (2):
libbpf: Fix Makefile' libbpf symbol mismatch diagnostic
libbpf: Fix global variable relocation
Appana Durga Kedareswara rao (1):
MAINTAINERS: add fragment for xilinx CAN driver
Arnaldo Carvalho de Melo (1):
libbpf: Fix up generation of bpf_helper_defs.h
Aurelien Jarno (1):
libbpf: Fix readelf output parsing on powerpc with recent binutils
Aya Levin (2):
net/mlx5e: Fix translation of link mode into speed
net/mlx5e: ethtool, Fix analysis of speed setting
Bruno Carneiro da Cunha (1):
lpc_eth: kernel BUG on remove
Chuhong Yuan (1):
phy: mdio-thunder: add missed pci_release_regions in remove
Cong Wang (1):
gre: refetch erspan header from skb->data after pskb_may_pull()
Dan Carpenter (1):
net: fix a leak in register_netdevice()
Daniel Borkmann (1):
bpf: Avoid setting bpf insns pages read-only when prog is jited
Danit Goldberg (1):
net/core: Populate VF index in struct ifla_vf_guid
David S. Miller (9):
Merge git://git.kernel.org/.../bpf/bpf
Merge tag 'linux-can-fixes-for-5.5-20191203' of git://git.kernel.org/.../mkl/linux-can
Merge branch 'net-convert-ipv6_stub-to-ip6_dst_lookup_flow'
Merge branch 's390-fixes'
Merge branch 'hns3-fixes'
Merge git://git.kernel.org/.../bpf/bpf
Merge branch 'net-tc-indirect-block-relay'
Merge tag 'mlx5-fixes-2019-12-05' of git://git.kernel.org/.../saeed/linux
Merge branch 'tcp-fix-handling-of-stale-syncookies-timestamps'
Dust Li (1):
net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues
Eran Ben Elisha (2):
net/mlx5e: Fix TXQ indices to be sequential
net/mlx5e: Fix SFF 8472 eeprom length
Eric Biggers (1):
ppp: fix out-of-bounds access in bpf_prog_create()
Eric Dumazet (5):
tcp: refactor tcp_retransmit_timer()
net: avoid an indirect call in ____sys_recvmsg()
tcp: md5: fix potential overestimation of TCP option space
inet: protect against too small mtu values.
net_sched: validate TCA_KIND attribute in tc_chain_tmplt_add()
Grygorii Strashko (3):
net: ethernet: ti: cpsw_switchdev: fix unmet direct dependencies detected for NET_SWITCHDEV
net: ethernet: ti: cpsw: fix extra rx interrupt
net: phy: dp83867: fix hfs boot in rgmii mode
Guillaume Nault (3):
tcp: fix rejected syncookies due to stale timestamps
tcp: tighten acceptance of ACKs not matching a child socket
tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
Heiner Kallweit (2):
r8169: add missing RX enabling for WoL on RTL8125
r8169: fix rtl_hw_jumbo_disable for RTL8168evl
Huy Nguyen (1):
net/mlx5e: Query global pause state before setting prio2buffer
Jesper Dangaard Brouer (1):
samples/bpf: Fix broken xdp_rxq_info due to map order assumptions
Jian Shen (1):
net: hns3: fix VF ID issue for setting VF VLAN
Johan Hovold (1):
can: ucan: fix non-atomic allocation in completion handler
John Hurley (2):
net: core: rename indirect block ingress cb function
net: sched: allow indirect blocks to bind to clsact in TC
Jonathan Lemon (1):
xdp: obtain the mem_id mutex before trying to remove an entry.
Jongsung Kim (1):
net: stmmac: reset Tx desc base address before restarting Tx
Jouni Hogander (2):
can: slcan: Fix use-after-free Read in slcan_open
net-sysfs: Call dev_hold always in netdev_queue_add_kobject
Julian Wiedmann (3):
s390/qeth: guard against runt packets
s390/qeth: ensure linear access to packet headers
s390/qeth: fix dangling IO buffers after halt/clear
Martin Varghese (2):
Fixed updating of ethertype in function skb_mpls_pop
net: Fixed updating of ethertype in skb_mpls_push()
Mian Yousaf Kaukab (1):
net: thunderx: start phy before starting autonegotiation
Nikolay Aleksandrov (1):
net: bridge: deny dev_set_mac_address() when unregistering
Parav Pandit (1):
net/mlx5e: E-switch, Fix Ingress ACL groups in switchdev mode for prio tag
Roi Dayan (2):
net/mlx5e: Fix freeing flow with kfree() and not kvfree()
net/mlx5e: Fix free peer_flow when refcount is 0
Russell King (2):
net: sfp: fix unbind
net: sfp: fix hwmon
Sabrina Dubroca (2):
net: ipv6: add net argument to ip6_dst_lookup_flow
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
Shannon Nelson (1):
ionic: keep users rss hash across lif reset
Srinivas Neeli (1):
can: xilinx_can: Fix usage of skb memory
Sriram Dash (1):
MAINTAINERS: add myself as maintainer of MCAN MMIO device driver
Stanislav Fomichev (5):
bpf: Support pre-2.25-binutils objcopy for vmlinux BTF
bpf: Force .BTF section start to zero when dumping from vmlinux
selftests/bpf: Don't hard-code root cgroup id
selftests/bpf: Bring back c++ include/link test
selftests/bpf: De-flake test_tcpbpf
Stefano Garzarella (1):
vhost/vsock: accept only packets with the right dst_cid
Taehee Yoo (2):
hsr: fix a NULL pointer dereference in hsr_dev_xmit()
tipc: fix ordering of tipc module init and exit routine
Valentin Vidic (1):
net/tls: Fix return values to avoid ENOTSUPP
Venkatesh Yadav Abbarapu (1):
can: xilinx_can: skip error message on deferred probe
Victorien Molle (1):
sch_cake: Add missing NLA policy entry TCA_CAKE_SPLIT_GSO
Vladimir Oltean (1):
net: mscc: ocelot: unregister the PTP clock on deinit
Vladyslav Tarasiuk (1):
mqprio: Fix out-of-bounds access in mqprio_dump
Yangbo Lu (1):
enetc: disable EEE autoneg by default
Yonghong Song (2):
bpf: Fix a bug when getting subprog 0 jited image in check_attach_btf_id
selftests/bpf: Add a fexit/bpf2bpf test with target bpf prog no callees
Yoshiki Komachi (1):
cls_flower: Fix the behavior using port ranges with hw-offload
Yunsheng Lin (2):
net: hns3: fix for TX queue not restarted problem
net: hns3: fix a use after free problem in hns3_nic_maybe_stop_tx()
MAINTAINERS | 17 +++
drivers/infiniband/core/addr.c | 7 +-
drivers/infiniband/sw/rxe/rxe_net.c | 8 +-
drivers/net/can/slcan.c | 1 +
drivers/net/can/usb/ucan.c | 2 +-
drivers/net/can/xilinx_can.c | 28 ++--
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 2 +-
drivers/net/ethernet/freescale/enetc/enetc.c | 5 +
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 50 +++----
.../net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 18 +--
drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en/port.c | 1 +
.../ethernet/mellanox/mlx5/core/en/port_buffer.c | 27 +++-
drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun.c | 8 +-
.../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 15 +-
drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 31 ++--
drivers/net/ethernet/mellanox/mlx5/core/en_stats.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 7 +-
drivers/net/ethernet/mellanox/mlx5/core/en_tx.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 9 +-
.../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 122 +++++++++++-----
drivers/net/ethernet/mscc/ocelot.c | 14 +-
drivers/net/ethernet/nxp/lpc_eth.c | 2 -
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 16 ++-
drivers/net/ethernet/realtek/r8169_main.c | 4 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +
drivers/net/ethernet/ti/Kconfig | 2 +-
drivers/net/ethernet/ti/cpsw_priv.c | 2 +-
drivers/net/geneve.c | 4 +-
drivers/net/phy/dp83867.c | 119 +++++++++-------
drivers/net/phy/mdio-thunder.c | 1 +
drivers/net/phy/sfp.c | 17 ++-
drivers/net/ppp/ppp_generic.c | 5 +-
drivers/net/ppp/pppoe.c | 2 -
drivers/net/vxlan.c | 8 +-
drivers/s390/net/qeth_core.h | 4 +
drivers/s390/net/qeth_core_main.c | 158 +++++++++++++--------
drivers/s390/net/qeth_core_mpc.h | 14 --
drivers/s390/net/qeth_ethtool.c | 1 +
drivers/s390/net/qeth_l2_main.c | 12 +-
drivers/s390/net/qeth_l3_main.c | 13 +-
drivers/vhost/vsock.c | 4 +-
include/linux/filter.h | 8 +-
include/linux/netdevice.h | 5 +
include/linux/skbuff.h | 5 +-
include/linux/time.h | 13 ++
include/net/flow_dissector.h | 1 +
include/net/flow_offload.h | 15 +-
include/net/ip.h | 5 +
include/net/ipv6.h | 2 +-
include/net/ipv6_stubs.h | 6 +-
include/net/tcp.h | 27 ++--
kernel/bpf/btf.c | 5 +-
kernel/bpf/verifier.c | 5 +-
net/bridge/br_device.c | 6 +
net/core/dev.c | 9 +-
net/core/flow_dissector.c | 42 ++++--
net/core/flow_offload.c | 45 +++---
net/core/lwt_bpf.c | 4 +-
net/core/net-sysfs.c | 7 +-
net/core/rtnetlink.c | 4 +-
net/core/skbuff.c | 10 +-
net/core/xdp.c | 8 +-
net/dccp/ipv6.c | 6 +-
net/hsr/hsr_device.c | 9 +-
net/ipv4/devinet.c | 5 -
net/ipv4/gre_demux.c | 2 +-
net/ipv4/ip_output.c | 13 +-
net/ipv4/tcp_output.c | 5 +-
net/ipv4/tcp_timer.c | 10 +-
net/ipv6/addrconf_core.c | 11 +-
net/ipv6/af_inet6.c | 4 +-
net/ipv6/datagram.c | 2 +-
net/ipv6/inet6_connection_sock.c | 4 +-
net/ipv6/ip6_output.c | 8 +-
net/ipv6/raw.c | 2 +-
net/ipv6/syncookies.c | 2 +-
net/ipv6/tcp_ipv6.c | 4 +-
net/l2tp/l2tp_ip6.c | 2 +-
net/mpls/af_mpls.c | 7 +-
net/netfilter/nf_tables_offload.c | 6 +-
net/nfc/nci/spi.c | 6 +-
net/openvswitch/actions.c | 6 +-
net/openvswitch/conntrack.c | 11 ++
net/sched/act_ct.c | 13 +-
net/sched/act_mpls.c | 7 +-
net/sched/cls_api.c | 60 +++++---
net/sched/cls_flower.c | 118 ++++++++-------
net/sched/sch_cake.c | 1 +
net/sched/sch_mq.c | 1 +
net/sched/sch_mqprio.c | 3 +-
net/sctp/ipv6.c | 4 +-
net/socket.c | 7 +-
net/tipc/core.c | 29 ++--
net/tipc/udp_media.c | 9 +-
net/tls/tls_device.c | 8 +-
net/tls/tls_main.c | 4 +-
net/tls/tls_sw.c | 8 +-
samples/bpf/xdp_rxq_info_user.c | 6 +-
scripts/link-vmlinux.sh | 8 +-
tools/lib/bpf/.gitignore | 1 -
tools/lib/bpf/Makefile | 15 +-
tools/lib/bpf/libbpf.c | 45 +++---
tools/perf/MANIFEST | 1 +
tools/testing/selftests/bpf/.gitignore | 1 +
tools/testing/selftests/bpf/Makefile | 6 +-
.../selftests/bpf/prog_tests/fexit_bpf2bpf.c | 70 ++++++---
tools/testing/selftests/bpf/progs/fentry_test.c | 12 +-
tools/testing/selftests/bpf/progs/fexit_bpf2bpf.c | 6 +-
.../selftests/bpf/progs/fexit_bpf2bpf_simple.c | 26 ++++
tools/testing/selftests/bpf/progs/fexit_test.c | 12 +-
tools/testing/selftests/bpf/progs/test_mmap.c | 4 +-
.../selftests/bpf/progs/test_pkt_md_access.c | 4 +-
.../testing/selftests/bpf/progs/test_tcpbpf_kern.c | 1 +
.../selftests/bpf/test_cpp.cpp} | 0
.../testing/selftests/bpf/test_skb_cgroup_id_user.c | 2 +-
tools/testing/selftests/bpf/test_tcpbpf.h | 1 +
tools/testing/selftests/bpf/test_tcpbpf_user.c | 25 +++-
tools/testing/selftests/net/tls.c | 8 +-
119 files changed, 1024 insertions(+), 627 deletions(-)
create mode 100644 tools/testing/selftests/bpf/progs/fexit_bpf2bpf_simple.c
rename tools/{lib/bpf/test_libbpf.c => testing/selftests/bpf/test_cpp.cpp} (100%)
On Sun, Dec 8, 2019 at 1:20 AM David Miller <[email protected]> wrote:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git
Grr,
This introduces a new warning for me:
drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun.c: In function
‘mlx5e_tc_tun_create_header_ipv6’:
drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun.c:332:20:
warning: ‘n’ may be used uninitialized in this function
[-Wmaybe-uninitialized]
332 | struct neighbour *n;
| ^
which is very annoying.
The cause is commit 6c8991f41546 ("net: ipv6_stub: use
ip6_dst_lookup_flow instead of ip6_dst_lookup") which changed
mlx5e_route_lookup_ipv6() to use ipv6_dst_lookup_flow() which returns
an error pointer, so it then does
if (IS_ERR(dst))
return PTR_ERR(dst);
instead of
if (ret < 0)
return ret;
in the old code.
And that then means that the caller, which does
err = mlx5e_route_lookup_ipv6(priv, mirred_dev, &out_dev, &route_dev,
&fl6, &n, &ttl);
if (err)
return err;
and now gcc no longer sees that 'n' is always initialized when 'err'
is zero. Because gcc apparently thinks that the
if (IS_ERR(dst))
return PTR_ERR(dst);
thing can result in a zero return value (I guess the cast from a
64-bit pointer to an 'int' is where it thinks "ok, that cast might
lose high bits and become zero even when the original was tested to
have a range where that will not happen).
Anyway - the code is not buggy, but the new warning is simply not
acceptable. We keep the build warning free even if it's gcc not being
clever enough to see that "if it's uninitialized, we never get to the
location where it's used".
I don't know what the networking pattern for this is, but I did this
in the merge
-- struct neighbour *n;
++ struct neighbour *n = NULL;
and I'm not happy about having gotten a pull request that has this
kind of shit in it, especially since it was _known_ shit.
It could have been that people had compilers that didn't see this
problem. But no.
I see that Stephen Rothwell reported it four days ago, and David seems
to have even answered it.
And yet that warning was still there in the pull request.
WTF?
David, this is not acceptable. You don't introduce new warnings in the tree.
It doesn't matter one whit whether the warning is a false positive. A
false positive warning will then be the cause of ignoring subsequent
real warnings, which makes false positive warnings completely
unacceptable.
Fix your mindset, and stop sending me garbage.
Linus
The pull request you sent on Sun, 08 Dec 2019 01:20:32 -0800 (PST):
> git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git refs/heads/master
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/95e6ba5133163f8241c9ea2439369cec0452fec6
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.wiki.kernel.org/userdoc/prtracker
From: Linus Torvalds <[email protected]>
Date: Sun, 8 Dec 2019 13:35:08 -0800
> Fix your mindset, and stop sending me garbage.
Sorry.
I was still brainstorming how to fix this properly.
Hi David, Komachi-san,
On Sun, Dec 8, 2019 at 10:25 AM David Miller <[email protected]> wrote:
> Yoshiki Komachi (1):
> cls_flower: Fix the behavior using port ranges with hw-offload
I have bisected the below boot warning on m68k/ARAnyM to commit
8ffb055beae58574 ("cls_flower: Fix the behavior using port ranges with
hw-offload"). Reverting the commit on top of v5.5-rc1 fixes the issue.
WARNING: CPU: 0 PID: 7 at lib/refcount.c:28 refcount_warn_saturate+0x54/0x100
refcount_t: underflow; use-after-free.
Modules linked in:
CPU: 0 PID: 7 Comm: ksoftirqd/0 Not tainted
5.4.0-atari-10298-g8ffb055beae58574 #223
Stack from 00c31e88:
00c31e88 0038237c 00023d0a 00395a16 0000001c 00000009 00a67c80 00023d4e
00395a16 0000001c 001a7c30 00000009 00000000 00c31ed0 00000001 00000000
04208040 0000000a 00395a51 00c31ef0 00c30000 001a7c30 00395a16 0000001c
00000009 00395a51 0026b1bc 0032253c 00000003 003224f8 0026c2be 00000001
0032253c 00000000 00a67c80 00241d8c 00a67c80 00000000 00000200 000ab192
0004859e 00a67c80 0000000a 003facd8 003f5b90 002f2b46 003facd8 002f2dfe
Call Trace: [<00023d0a>] __warn+0xb2/0xb4
[<00023d4e>] warn_slowpath_fmt+0x42/0x64
[<001a7c30>] refcount_warn_saturate+0x54/0x100
[<001a7c30>] refcount_warn_saturate+0x54/0x100
[<0026b1bc>] refcount_sub_and_test.constprop.73+0x38/0x3e
[<0026c2be>] ipv4_dst_destroy+0x24/0x42
[<00241d8c>] dst_destroy+0x40/0xae
[<000ab192>] kfree+0x0/0x3e
[<0004859e>] rcu_process_callbacks+0x9a/0x9c
[<002f2b46>] __do_softirq+0x146/0x182
[<002f2dfe>] schedule+0x0/0xb4
[<00035e76>] kthread_parkme+0x0/0x10
[<000359be>] __init_completion+0x0/0x20
[<00038308>] smpboot_thread_fn+0x0/0x100
[<00035fda>] kthread_should_stop+0x0/0x12
[<00035fce>] kthread_should_park+0x0/0xc
[<00025b9c>] run_ksoftirqd+0x12/0x20
[<00038402>] smpboot_thread_fn+0xfa/0x100
[<00024888>] do_exit+0x0/0x6d4
[<0003f590>] complete+0x0/0x34
[<00036594>] kthread+0xb2/0xbc
[<000359be>] __init_completion+0x0/0x20
[<000364e2>] kthread+0x0/0xbc
[<00002a1c>] ret_from_kernel_thread+0xc/0x14
---[ end trace 126b6dd25f47053b ]---
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds