Re: Relax kern_version constraints on bpf kprobes?

On Sat, Jul 23, 2016 at 09:01:39PM -0700, Sargun Dhillon wrote: > In kernel/bpf/syscall.c we restrict programs loading bpf kprobe programs so > attr.kern_version must be exactly equal to what the user is running at the > moment. This makes a lot of sense because kprobes can touch lots of >

Relax kern_version constraints on bpf kprobes?

In kernel/bpf/syscall.c we restrict programs loading bpf kprobe programs so attr.kern_version must be exactly equal to what the user is running at the moment. This makes a lot of sense because kprobes can touch lots of unstable bits of the kernel ABI. Unfortunately, this makes it really

Re: [PATCH net-next v6 0/2] bpf: add bpf_probe_write_user helper & example

On Sat, Jul 23, 2016 at 08:22:04PM -0700, Sargun Dhillon wrote: > This patch series contains two patches that add support for a probe_write > helper to BPF programs. This allows them to manipulate user memory during > the course of tracing. The second patch in the series has an example that > uses

PROBLEM: network data corruption (bisected to e5a4b0bb803b)

[1.] One line summary of the problem: network data corruption (bisected to e5a4b0bb803b) [2.] Full description of the problem/report: Note: although my bisect ended at a commit from before 3.19, I have the same symptom in all newer kernels I've tried, up to 4.6.4. The commit was: >commit

[PATCH net-next v6 2/2] samples/bpf: Add test/example of using bpf_probe_write_user bpf helper

This example shows using a kprobe to act as a dnat mechanism to divert traffic for arbitrary endpoints. It rewrite the arguments to a syscall while they're still in userspace, and before the syscall has a chance to copy the argument into kernel space. Although this is an example, it also acts as

[PATCH net-next v6 1/2] bpf: Add bpf_probe_write_user BPF helper to be called in tracers

This allows user memory to be written to during the course of a kprobe. It shouldn't be used to implement any kind of security mechanism because of TOC-TOU attacks, but rather to debug, divert, and manipulate execution of semi-cooperative processes. Although it uses probe_kernel_write, we limit

[PATCH net-next v6 0/2] bpf: add bpf_probe_write_user helper & example

This patch series contains two patches that add support for a probe_write helper to BPF programs. This allows them to manipulate user memory during the course of tracing. The second patch in the series has an example that uses it, in one the intended ways to divert execution. Thanks to Alexei

[PATCH] netfilter: x_tables: fix kmemcheck warning.

kmemcheck complains that some of struct nf_hook_ops members allocated at xt_hook_ops_alloc() are not initialized before nf_register_net_hook() is called. Add __GFP_ZERO to initialize explicitly. [ 367.411936] nf_conntrack version 0.5.0 (6144 buckets, 24576 max) [ 367.458540] ip_tables: (C)

Re: [PATCH v4 1/2] bpf: Add bpf_probe_write BPF helper to be called in tracers (kprobes)

On Sat, Jul 23, 2016 at 05:39:42PM -0700, Sargun Dhillon wrote: > The example has been modified to act like a test in the follow up set. It > tests > for the positive case (Did the helper work or not) as opposed to the negative > case (is the helper able to violate the safety constraints we set

Re: [PATCH net-next v5 2/2] samples/bpf: Add test/example of using bpf_probe_write_user bpf helper

On Sat, Jul 23, 2016 at 05:44:11PM -0700, Sargun Dhillon wrote: > This example shows using a kprobe to act as a dnat mechanism to divert > traffic for arbitrary endpoints. It rewrite the arguments to a syscall > while they're still in userspace, and before the syscall has a chance > to copy the

Re: [PATCH net-next v5 1/2] bpf: Add bpf_probe_write_user BPF helper to be called in tracers

On Sat, Jul 23, 2016 at 05:43:48PM -0700, Sargun Dhillon wrote: > This allows user memory to be written to during the course of a kprobe. > It shouldn't be used to implement any kind of security mechanism > because of TOC-TOU attacks, but rather to debug, divert, and > manipulate execution of

[PATCH net-next v5 1/2] bpf: Add bpf_probe_write_user BPF helper to be called in tracers

This allows user memory to be written to during the course of a kprobe. It shouldn't be used to implement any kind of security mechanism because of TOC-TOU attacks, but rather to debug, divert, and manipulate execution of semi-cooperative processes. Although it uses probe_kernel_write, we limit

[PATCH net-next v5 2/2] samples/bpf: Add test/example of using bpf_probe_write_user bpf helper

This example shows using a kprobe to act as a dnat mechanism to divert traffic for arbitrary endpoints. It rewrite the arguments to a syscall while they're still in userspace, and before the syscall has a chance to copy the argument into kernel space. Although this is an example, it also acts as

[PATCH net-next v5 0/2] bpf: add bpf_probe_write helper & example

This patch series contains two patches that add support for a probe_write helper to BPF programs. This allows them to manipulate user memory during the course of tracing. The second patch in the series has an example that uses it, in one the intended ways to divert execution. Thanks to Alexei

Re: [PATCH v4 1/2] bpf: Add bpf_probe_write BPF helper to be called in tracers (kprobes)

On Sat, Jul 23, 2016 at 12:35:12PM -0700, Alexei Starovoitov wrote: > On Fri, Jul 22, 2016 at 05:05:27PM -0700, Sargun Dhillon wrote: > > It was tested with the tracex7 program on x86-64. > > it's my fault to start tracexN tradition that turned out to be > cumbersome, let's not continue it.

[iproute PATCH 1/1] man/man8/tc-flow.8: minor corrections

- baseclass: major handle must match that of class's, Y defaults to 1 - flow map example: maps to 1-256, not 1-257 Signed-off-by: Michal Soltys --- man/man8/tc-flow.8 | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/man/man8/tc-flow.8

Re: iproute2 mpls max labels

On 7/21/16, 12:43 PM, Magnus Bergroth wrote: > >> Roopa Prabhu >> 21 juli 2016 20:53 >> I did not realize it is hardcoded to 8 in iproute2. Because kernel has >> a hard coded limit of >> 2. >> I think we need to fix it in a few places: >> a) we should move the

Re: iproute2 mpls max labels

On 7/22/16, 12:20 PM, Eric W. Biederman wrote: > Roopa Prabhu writes: > >> On 7/21/16, 1:00 PM, Eric W. Biederman wrote: >>> Roopa Prabhu writes: >>> >>> [snip] >>> I did not realize it is hardcoded to 8 in iproute2. Because kernel has a

Re: [PATCH v4 1/2] bpf: Add bpf_probe_write BPF helper to be called in tracers (kprobes)

On Fri, Jul 22, 2016 at 05:05:27PM -0700, Sargun Dhillon wrote: > It was tested with the tracex7 program on x86-64. it's my fault to start tracexN tradition that turned out to be cumbersome, let's not continue it. Instead could you rename it to something meaningful? Like test_probe_write_user ?

Re: [PATCH] net: neigh: disallow state transition DELAY->STALE in neigh_update()

Hello, On Sat, 23 Jul 2016, Chunhui He wrote: > The neigh system is to reduce ARP traffic, that is good. The problem is it > fails > to handle some coner cases. > > The coner case is (let's forget my case above): > In NUD_DELAY, the neigh system is waiting for a proof of reachablity.

[v3] UCC_GETH/UCC_FAST: Use IS_ERR_VALUE_U32 API to avoid IS_ERR_VALUE abuses.

IS_ERR_VALUE() assumes that its parameter is an unsigned long. It can not be used to check if an 'unsigned int' reflects an error. As they pass an 'unsigned int' into a function that takes an 'unsigned long' argument. This happens to work because the type is sign-extended on 64-bit architectures

Re: [net-next 14/14] ixgbe: cleanup crosstalk fix

On Fri, 2016-07-22 at 23:49 -0700, Jeff Kirsher wrote: > From: Don Skidmore > > This patch address a few issues with the initial crosstalk fix.  Most > important of which is the SDP that indicates the presents of a SFP+ > module changes between HW types.  With this

Re: [PATCH] net: neigh: disallow state transition DELAY->STALE in neigh_update()

Hello, Julian. My case is special, so I think the detail(provided below, if you are intresting) is not very important. *It only trigers the real problem*. The neigh system is to reduce ARP traffic, that is good. The problem is it fails to handle some coner cases. The coner case is (let's

Re: [patch iproute2 1/2] devlink: write usage help messages to stderr

On Fri, 22 Jul 2016 18:34:29 +0200 Jiri Pirko wrote: > From: Jiri Pirko > > In order to not confuse reader, write help messages into stderr. > > Signed-off-by: Jiri Pirko This does make devlink consistent with other parts of iproute2.

[PATCH v2 net-next 0/2] e1000e: fix PTP on e1000_pch_variants

This little series factors out the systim sanitization code first, then adds e1000_pch_lpt as a new case in the switch that calls the sanitize function, fixing PTP clock issues I've had reported against an Intel I-218V NIC in an Intel NUC5ik5RYH system. Jarod Wilson (2): e1000e: factor out

[PATCH net-next 2/2] e1000e: fix PTP on e1000_pch_lpt variants

I've got reports that the Intel I-218V NIC in Intel NUC5i5RYH systems used as a PTP slave experiences random ~10 hour clock jumps, which are resolved if the same workaround for the 82574 and 82583 is employed. Reported-by: Rupesh Patel CC: Jeff Kirsher

[PATCH net-next 1/2] e1000e: factor out systim sanitization

This is prepatory work for an expanding list of adapter families that have occasional ~10 hour clock jumps when being used for PTP. Factor out the sanitization function and convert to a switch statement, rather than using an if. CC: Jeff Kirsher CC:

Re: [PATCH] net/sctp: always initialise sctp_ht_iter::start_fail

On Sat, Jul 23, 2016 at 04:00:39PM +0200, Vegard Nossum wrote: > On 07/23/2016 03:39 PM, Marcelo Ricardo Leitner wrote: > > On Sat, Jul 23, 2016 at 11:52:23AM +0200, Vegard Nossum wrote: > > > seq_read() can call ->start() twice on the same iterator more than once > > > (e.g. once through

Re: [PATCH] net: neigh: disallow state transition DELAY->STALE in neigh_update()

Hello, On Sat, 23 Jul 2016, Chunhui He wrote: > On Sat, 23 Jul 2016 09:17:59 +0300 (EEST), Julian Anastasov > wrote: > > > > What kind of problem is this? Remote host wants to > > see a recent probe from us, otherwise it refuses to resolve > > our address before its

Re: [PATCH] net/sctp: always initialise sctp_ht_iter::start_fail

On 07/23/2016 03:39 PM, Marcelo Ricardo Leitner wrote: On Sat, Jul 23, 2016 at 11:52:23AM +0200, Vegard Nossum wrote: seq_read() can call ->start() twice on the same iterator more than once (e.g. once through traverse() and once in seq_read() itself). But when traverse() returns the error, it

Re: [PATCH] net/sctp: always initialise sctp_ht_iter::start_fail

On Sat, Jul 23, 2016 at 11:52:23AM +0200, Vegard Nossum wrote: > seq_read() can call ->start() twice on the same iterator more than once > (e.g. once through traverse() and once in seq_read() itself). But when traverse() returns the error, it goes to Done label, skipping the call to ->start()

Re: [PATCH] net/sctp: terminate rhashtable walk correctly

On Sat, Jul 23, 2016 at 09:42:35AM +0200, Vegard Nossum wrote: > I was seeing a lot of these: > > BUG: sleeping function called from invalid context at mm/slab.h:388 > in_atomic(): 0, irqs_disabled(): 0, pid: 14971, name: trinity-c2 > Preemption disabled at:[] >

Re: [PATCH] ieee802154: check device type

Hi, On 07/20/2016 10:43 AM, Vegard Nossum wrote: > I've observed a NULL pointer dereference in ieee802154_del_iface() during > netlink fuzzing. It's the ->wpan_phy dereference here: > > phy = dev->ieee802154_ptr->wpan_phy; > > My bet is that we're not checking that this is an

[iproute PATCH 4/4] tc: util: No need for action_n2a() to be reentrant

This allows to remove some buffers here and there. While at it, make it return a const value. Signed-off-by: Phil Sutter --- tc/m_bpf.c| 5 + tc/m_csum.c | 4 +--- tc/m_gact.c | 7 +++ tc/m_ife.c| 3 +-- tc/m_mirred.c | 5 ++--- tc/m_nat.c| 3 +--

[iproute PATCH 1/4] tc: Reformat tc_util.h

* Drop 'extern' keyword before function declarations. * Add parameter names where they were missing for matters of consistency. * Drop fancy indenting (e.g. tab between type and name). * Break long lines to not exceed 80 columns. Signed-off-by: Phil Sutter --- tc/tc_util.h | 149

[iproute PATCH 2/4] tc: util: bore up action_a2n()

It's a pitty this function is used nowhere, so let's polish it for use: * Loop over branch names, makes it clear that every former conditional was exactly identical. * Support 'pipe' branch name, too. * Make number parsing optional. Signed-off-by: Phil Sutter --- tc/tc_util.c |

[iproute PATCH 0/4] tc: Minor action utility improvements

When asked by Jamal to unify the various code duplications he had to adjust in commit 43726b750a398 ("tc: don't ignore ok as an action branch") I created patches 2 and 3, the rest is fallout. Phil Sutter (4): tc: Reformat tc_util.h tc: util: bore up action_a2n() tc: use action_a2n()

[iproute PATCH 3/4] tc: use action_a2n() everywhere

Signed-off-by: Phil Sutter --- tc/m_bpf.c | 22 ++ tc/m_connmark.c | 27 ++- tc/m_csum.c | 27 ++- tc/m_gact.c | 17 - tc/m_ife.c | 27 ++- tc/m_mirred.c |

Re: [PATCH] net: neigh: disallow state transition DELAY->STALE in neigh_update()

On Sat, 23 Jul 2016 09:17:59 +0300 (EEST), Julian Anastasov wrote: > > In my case, the gateway refuses to send unicast packets to me, before it sees > my ARP request. So it's critical to enter REACHABLE state by sending ARP > request, but not by external confirmation. > > >

[PATCH 12/25] netfilter: nf_conntrack_h323: fix off-by-one in DecodeQ931

From: Toby DiPasquale This patch corrects an off-by-one error in the DecodeQ931 function in the nf_conntrack_h323 module. This error could result in reading off the end of a Q.931 frame. Signed-off-by: Toby DiPasquale Signed-off-by: Pablo Neira Ayuso

[PATCH 04/25] netfilter: nf_ct_helper: unlink helper again when hash resize happen

From: Liping Zhang From: Liping Zhang Similar to ctnl_untimeout, when hash resize happened, we should try to do unhelp from the 0# bucket again. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso

[PATCH 20/25] netfilter: nf_tables: allow to filter out rules by table and chain

If the table and/or chain attributes are set in a rule dump request, we filter out the rules based on this selection. Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_tables_api.c | 38 ++ 1 file changed, 38 insertions(+) diff --git

[PATCH 21/25] netfilter: conntrack: support a fixed size of 128 distinct labels

From: Florian Westphal The conntrack label extension is currently variable-sized, e.g. if only 2 labels are used by iptables rules then the labels->bits[] array will only contain one element. We track size of each label storage area in the 'words' member. But in nftables and

[PATCH 24/25] netfilter: nft_compat: put back match/target module if init fail

From: Liping Zhang If the user specify the invalid NFTA_MATCH_INFO/NFTA_TARGET_INFO attr or memory alloc fail, we should call module_put to the related match or target. Otherwise, we cannot remove the module even nobody use it. Signed-off-by: Liping Zhang

[PATCH 15/25] netfilter: nft_ct: fix unpaired nf_connlabels_get/put call

From: Liping Zhang We only get nf_connlabels if the user add ct label set expr successfully, but we will also put nf_connlabels if the user delete ct lable get expr. This is mismathced, and will cause ct label expr cannot work properly. Also, if we init something

[PATCH 11/25] netfilter: nf_tables: get rid of possible_net_t from set and basechain

We can pass the netns pointer as parameter to the functions that need to gain access to it. From basechains, I didn't find any client for this field anymore so let's remove this too. Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nf_tables.h | 21

[PATCH 05/25] netfilter: conntrack: simplify early_drop

From: Florian Westphal We don't need to acquire the bucket lock during early drop, we can use lockless traveral just like nf_conntrack_find. The timer deletion serves as synchronization point, if another cpu attempts to evict same entry, only one will succeed with timer

[PATCH 14/25] netfilter: x_tables: speed up jump target validation

From: Florian Westphal The dummy ruleset I used to test the original validation change was broken, most rules were unreachable and were not tested by mark_source_chains(). In some cases rulesets that used to load in a few seconds now require several minutes. sample ruleset that

[PATCH 02/25] netfilter: conntrack: fix race between nf_conntrack proc read and hash resize

From: Liping Zhang When we do "cat /proc/net/nf_conntrack", and meanwhile resize the conntrack hash table via /sys/module/nf_conntrack/parameters/hashsize, race will happen, because reader can observe a newly allocated hash but the old size (or vice versa). So oops

[PATCH 01/25] ipvs: count pre-established TCP states as active

From: Michal Kubecek Some users observed that "least connection" distribution algorithm doesn't handle well bursts of TCP connections from reconnecting clients after a node or network failure. This is because the algorithm counts active connection as worth 256 inactive ones

[PATCH 07/25] netfilter: nat: convert nat bysrc hash to rhashtable

From: Florian Westphal It did use a fixed-size bucket list plus single lock to protect add/del. Unlike the main conntrack table we only need to add and remove keys. Convert it to rhashtable to get table autosizing and per-bucket locking. The maximum number of entries is -- as

[PATCH 13/25] netfilter: conntrack: protect early_drop by rcu read lock

From: Liping Zhang User can add ct entry via nfnetlink(IPCTNL_MSG_CT_NEW), and if the total number reach the nf_conntrack_max, we will try to drop some ct entries. But in this case(the main function call path is ctnetlink_create_conntrack -> nf_conntrack_alloc ->

[PATCH 17/25] netfilter: nft_log: fix possible memory leak if log expr init fail

From: Liping Zhang Suppose that we specify the NFTA_LOG_PREFIX, then NFTA_LOG_LEVEL and NFTA_LOG_GROUP are specified together or nf_logger_find_get call returns fail, i.e. expr init fail, memory leak will happen. Signed-off-by: Liping Zhang

[PATCH 06/25] netfilter: move nat hlist_head to nf_conn

From: Florian Westphal The nat extension structure is 32bytes in size on x86_64: struct nf_conn_nat { struct hlist_node bysource; /* 016 */ struct nf_conn * ct; /*16 8 */ union

[PATCH 09/25] netfilter: nft_ct: make byte/packet expr more friendly

From: Liping Zhang If we want to use ct packets expr, and add a rule like follows: # nft add rule filter input ct packets gt 1 counter We will find that no packets will hit it, because nf_conntrack_acct is disabled by default. So It will not work until we enable

[PATCH 19/25] netfilter: nft_log: fix snaplen does not truncate packets

From: Liping Zhang There's a similar problem in xt_NFLOG, and was fixed by commit 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets"). Only set copy_len here does not work, so we should enable NF_LOG_F_COPY_LEN also. Signed-off-by: Liping

[PATCH 23/25] netfilter: h323: Use mod_timer instead of set_expect_timeout

From: Gao Feng Simplify the code without any side effect. The set_expect_timeout is used to modify the timer expired time. It tries to delete timer, and add it again. So we could use mod_timer directly. Signed-off-by: Gao Feng Signed-off-by: Pablo Neira

[PATCH 18/25] netfilter: nft_log: check the validity of log level

From: Liping Zhang User can specify the log level larger than 7(debug level) via nfnetlink, this is invalid. So in this case, we should report EINVAL to the userspace. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso

[PATCH 08/25] netfilter: physdev: physdev-is-out should not work with OUTPUT chain

From: Hangbin Liu physdev_mt() will check skb->nf_bridge first, which was alloced in br_nf_pre_routing. So if we want to use --physdev-out and physdev-is-out, we need to match it in FORWARD or POSTROUTING chain. physdev_mt_check() only checked physdev-out and missed

[PATCH 25/25] netfilter: nft_compat: fix crash when related match/target module is removed

From: Liping Zhang We "cache" the loaded match/target modules and reuse them, but when the modules are removed, we still point to them. Then we may end up with invalid memory references when using iptables-compat to add rules later. Input the following commands will

[PATCH 16/25] netfilter: Add helper array register/unregister functions

From: Gao Feng Add nf_ct_helper_init(), nf_conntrack_helpers_register() and nf_conntrack_helpers_unregister() functions to avoid repetitive opencoded initialization in helpers. This patch keeps an id parameter for nf_ct_helper_init() not to break helper matching by name that

[PATCH 03/25] netfilter: cttimeout: unlink timeout obj again when hash resize happen

From: Liping Zhang Imagine such situation, nf_conntrack_htable_size now is 4096, we are doing ctnl_untimeout, and iterate on 3000# bucket. Meanwhile, another user try to reduce hash size to 2048, then all nf_conn are removed to the new hashtable. When this hash

[PATCH 10/25] netfilter: constify arg to is_dying/confirmed

From: Florian Westphal Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nf_conntrack.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/net/netfilter/nf_conntrack.h

[PATCH 22/25] netfilter: connlabels: move set helper to xt_connlabel

From: Florian Westphal xt_connlabel is the only user so move it. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nf_conntrack_labels.h | 2 -- net/netfilter/nf_conntrack_labels.c | 17

[PATCH 00/25] Netfilter/IPVS updates for net-next

Sorry, resending this pull request, I modified my robot and it was not including explicit Cc to netdev. -o- Hi David, The following patchset contains Netfilter/IPVS updates for net-next, they are: 1) Count pre-established connections as active in "least connection" schedulers such that

Re: [PATCH 1/1] netfilter: h323: Use mod_timer instead of set_expect_timeout

On Fri, Jul 22, 2016 at 12:59:15PM +0800, f...@ikuai8.com wrote: > From: Gao Feng > > It could simplify the codes without any side effect. > The set_expect_timeout is used to modify the timer expired time. > It tries to delete timer, and add it again. > So we could use mod_timer

[PATCH] net/sctp: always initialise sctp_ht_iter::start_fail

seq_read() can call ->start() twice on the same iterator more than once (e.g. once through traverse() and once in seq_read() itself). We should initialize sctp_ht_iter::start_fail to zero if ->start() succeeds, otherwise it's possible that we leave an old value of 1 there, which will cause

RE: [PATCH] tipc: fix NULL pointer dereference in shutdown()

Acked-by: Ying Xue -Original Message- From: Vegard Nossum [mailto:vegard.nos...@oracle.com] Sent: Saturday, July 23, 2016 2:15 PM To: Jon Maloy; Xue, Ying Cc: netdev@vger.kernel.org; David S. Miller; Michael Kerrisk; linux-ker...@vger.kernel.org; Vegard Nossum;

[PATCH] net/sctp: terminate rhashtable walk correctly

I was seeing a lot of these: BUG: sleeping function called from invalid context at mm/slab.h:388 in_atomic(): 0, irqs_disabled(): 0, pid: 14971, name: trinity-c2 Preemption disabled at:[] rhashtable_walk_start+0x46/0x150 [] preempt_count_add+0x1fb/0x280 []

[net-next 03/14] ixgbevf: bump version number

From: Don Skidmore Bump the version number to more closely match the function included in the driver. Signed-off-by: Don Skidmore Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher

[net-next 02/14] ixgbevf: Correct parameter sent to LED function

From: Don Skidmore The second parameter of these functions is the index to the led we are interested in affecting. However we were mistakenly passing the offset in the register. This patch corrects that and adds some bonds checking which would hopefully make bugs

[net-next 06/14] ixgbevf: add VF support for new hardware

From: Don Skidmore This patch add VF support for the new X553 hardware. Signed-off-by: Don Skidmore Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher ---

[net-next 12/14] ixgbevf: Commonize mailbox write/read

From: Tony Nguyen With changes to ixgbevf_write_msg_read_ack(), other functions are performing the same operations done here; change those functions to utilize ixgbevf_write_msg_read_ack(). Signed-off-by: Tony Nguyen Tested-by: Andrew

[net-next 07/14] ixgbe: fix setup_fc for x550em

From: Emil Tantilov mac->ops.setup_fc can be null for backplanes which can cause the driver to crash on load. Reported-by: Patrick McLean Signed-off-by: Emil Tantilov Tested-by: Andrew Bowers

[net-next 13/14] ixgbe: remove redundant check on ret_val

From: Colin Ian King The last check on ret_val is redundant since ret_val has not changed since the previous check, so remove it as it is extraneous. Signed-off-by: Colin Ian King Tested-by: Andrew Bowers

[net-next 14/14] ixgbe: cleanup crosstalk fix

From: Don Skidmore This patch address a few issues with the initial crosstalk fix. Most important of which is the SDP that indicates the presents of a SFP+ module changes between HW types. With this change that is taken in to consideration It also moves the check

[net-next 04/14] ixgbe: Change register variable to unsigned

From: Don Skidmore I noticed this variable used for register reads wasn't an unsigned so this patch corrects that. I don't believe this was causing any issue as is but this is more consistent with the rest of the driver. Signed-off-by: Don Skidmore

[net-next 08/14] ixgbevf: Add lock around ixgbevf_reinit_locked call

From: Don Skidmore The function ixgbevf_reinit_locked() assumes you have the rtnl lock however we didn't when calling from the service task. This patch corrects that. Signed-off-by: Don Skidmore Tested-by: Andrew Bowers

[net-next 01/14] ixgbevf: fix NACK check in ixgbevf_set_uc_addr_vf()

From: Emil Tantilov Fix the NACK check in ixgbevf_set_uc_addr_vf() for instances where index != 0. Signed-off-by: Emil Tantilov Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher

[net-next 09/14] ixgbe: Add missing destroy_workqueue() on error in ixgbe_init_module()

From: Wei Yongjun Add the missing destroy_workqueue() before return from ixgbe_init_module() in the error handling case. Signed-off-by: Wei Yongjun Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher

[net-next 00/14][pull request] 10GbE Intel Wired LAN Driver Updates 2016-07-22

This series contains updates to ixgbe and ixgbevf only. Emil fixes the NACK check in ixgbevf_set_uc_addr_vf() for instances where the index is not equal to zero. Fixes an issue where mac->ops.setup_fc can be NULL for backplanes which can cause the driver to crash on load. Don fixes the second

[net-next 10/14] ixgbevf: Protect ixgbevf_reset_subtask from remove event

From: Don Skidmore In ixgbevf_reset_subtask We weren't verifying that the port haven't been removed, we are with this patch. Signed-off-by: Don Skidmore Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher

[net-next 11/14] ixgbevf: Add range checking for setting MTU

From: Tony Nguyen Currently when setting the VF's MTU, the PF can return a NACK but this isn't passed on to the VF. Propagate the results from the PF to the VF so errors can be reported. In ixgbevf_change_mtu, return an error and reject the change. For

[net-next 05/14] ixgbe: Fix minor typo while freeing irq

From: Babu Moger The array subscript increments after the execution of the statement. So there is no issue here. However it helps to read the code better. Signed-off-by: Babu Moger Tested-by: Andrew Bowers Signed-off-by:

Re: [PATCH 1/3] net: ethernet: ti: cpdma: fix lockup in cpdma_ctlr_destroy()

On 22.07.16 16:58, Grygorii Strashko wrote: Fix deadlock in cpdma_ctlr_destroy() which is triggered now on cpsw module removal: cpsw_remove() - cpdma_ctlr_destroy() - spin_lock_irqsave(>lock, flags) - cpdma_ctlr_stop() - spin_lock_irqsave(>lock, flags); <- deadlock -

Re: [PATCH] net: neigh: disallow state transition DELAY->STALE in neigh_update()

Hello, On Fri, 22 Jul 2016, Chunhui He wrote: > The origin code allows NUD_DELAY -> NUD_STALE and NUD_PROBE -> NUD_STALE. > This part was imported to kernel since v2.1.79, I don't know clearly why it > allows that. > > My analysis: > (1) As shown in my previous mail, NUD_DELAY ->

[PATCH] tipc: fix NULL pointer dereference in shutdown()

tipc_msg_create() can return a NULL skb and if so, we shouldn't try to call tipc_node_xmit_skb() on it. general protection fault: [#1] PREEMPT SMP KASAN CPU: 3 PID: 30298 Comm: trinity-c0 Not tainted 4.7.0-rc7+ #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS

[GIT] Networking

1) Fix memory leak in nftables, from Liping Zhang. 2) Need to check result of vlan_insert_tag() in batman-adv otherwise we risk NULL skb derefs, from Sven Eckelmann. 3) Check for dev_alloc_skb() failures in cfg80211, from Gregory Greenman. 4) Handle properly when we have