Add new uld driver for Inline TLS support. Register ULP for chtls.
Setsockopt to program key on chip. support AES GCM key size 128.
Signed-off-by: Atul Gupta
---
drivers/crypto/chelsio/chtls/chtls_main.c | 619 ++
include/uapi/linux/tls.h
CPL handlers for TLS session, record transmit and receive.
Signed-off-by: Atul Gupta
---
drivers/crypto/chelsio/chtls/chtls_cm.c | 2045 +++
net/ipv4/tcp_minisocks.c|1 +
2 files changed, 2046 insertions(+)
create mode
On 8.02.2018 13:43, Tetsuo Handa wrote:
>>From 361d37a7d36978020dfb4c11ec1f4800937ccb68 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa
> Date: Thu, 8 Feb 2018 10:35:35 +0900
> Subject: [PATCH v2] lockdep: Fix fs_reclaim warning.
>
> Dave Jones reported
Entry for Inline TLS as another driver dependent on cxgb4 and chcr
Signed-off-by: Atul Gupta
---
drivers/crypto/chelsio/Kconfig| 11 +++
drivers/crypto/chelsio/Makefile | 1 +
drivers/crypto/chelsio/chtls/Makefile | 4
3 files changed, 16
On 10/02/18 03:18, Alexei Starovoitov wrote:
> On Thu, Feb 08, 2018 at 07:31:55PM +, Edward Cree wrote:
>> By storing subprog boundaries as a subprogno mark on each insn, rather than
>> a start (and implicit end) for each subprog, we collect a number of gains:
>> * More efficient
Remove the 'if (chunk)' check in sctp_renege_events for idata process,
as all renege commands are generated in sctp_eat_data and it can't be
NULL.
The same thing we already did for common data in sctp_ulpq_renege.
Fixes: 94014e8d871a ("sctp: implement renege_events for sctp_stream_interleave")
This patch is to fix the file comments in stream.c and
stream_interleave.c
Fixes: a83863174a61 ("sctp: prepare asoc stream for stream reconf")
Fixes: 0c3f6f655487 ("sctp: implement make_datafrag for sctp_stream_interleave")
Signed-off-by: Xin Long
---
net/sctp/stream.c
added tls_device structure to register Inline TLS
drivers with net/tls
Signed-off-by: Atul Gupta
---
include/net/tls.h | 21 +
1 file changed, 21 insertions(+)
diff --git a/include/net/tls.h b/include/net/tls.h
index 936cfc5..2a9f392 100644
---
RFC series for Chelsio Inline TLS driver (chtls.ko)
Driver use the ULP infrastructure to register chtls as Inline TLS ULP.
Chtls use TCP Sockets to transmit and receive TLS record. TCP proto_ops
is extended to offload TLS record.
T6 adapter provides the following features:
-TLS record
Signed-off-by: Atul Gupta
---
include/linux/netdev_features.h | 2 ++
net/core/ethtool.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/include/linux/netdev_features.h b/include/linux/netdev_features.h
index b1b0ca7..e1a33b7 100644
---
Hi, Ying,
On 12.02.2018 11:56, Ying Xue wrote:
> Currently when user changes link properties, TIPC first checks if
> user's command message contains media name or bearer name through
> tipc_media_find() or tipc_bearer_find() which is protected by RTNL
> lock. But when tipc_nl_compat_link_set()
Ensure that the tunnel's socket is always extant while the tunnel
object exists. Hold a ref on the socket until the tunnel is destroyed
and ensure that all tunnel destroy paths go through a common function
(l2tp_tunnel_delete).
Since the tunnel's socket is now guaranteed to exist if the tunnel
---
net/l2tp/l2tp_ppp.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index ff95a4d4eac5..947066b3d6d8 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -172,8 +172,16 @@ static inline struct l2tp_session
Replace the dead flag in the session context with a closing flag and
spinlock. Check it in session lookup functions such that we don't try
to access session data while it is being destroyed.
---
net/l2tp/l2tp_core.c | 34 +-
net/l2tp/l2tp_core.h | 2 ++
2 files
If when creating a new tunnel, the indicated fd is closed by another
thread, we emit an error message about it. e.g.
l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9
It's not useful so remove it.
---
net/l2tp/l2tp_core.c | 2 --
1 file changed, 2 deletions(-)
diff --git
The tunnel's closing flag is set when the tunnel is being
destroyed. Use it to reject new sessions and remove acpt_newsess which
was doing the same thing. Also prevent the tunnel being seen in
l2tp_tunnel_get lookups.
---
net/l2tp/l2tp_core.c | 27 +--
net/l2tp/l2tp_core.h
Use l2tp core's session_free callback to drive the ppp session
cleanup. PPP sessions are cleaned up by RCU. The PPP session socket is
allowed to close only when the session is freed.
With this patch, the following syzbot bug reports are finally fixed.
Reported-by:
When a session refcount hits 0, the session is freed via
l2tp_session_free. Some pseudowires (ppp, eth) may have additional
resources to free when this happens. Add a session_free callback that
can be used by pseudowires to override the default kfree. The callback
is responsible for freeing the
This patch series addresses several races with L2TP APIs discovered by
syzbot. While working on this, it became clear that the L2TP code
needed some work to address object lifetime issues. There are no
functional changes.
The set of patches 1-13 in combination fix the following syzbot reports.
Inline TLS state, connection management. Supporting macros definition.
Signed-off-by: Atul Gupta
---
drivers/crypto/chelsio/chtls/chtls.h| 487
drivers/crypto/chelsio/chtls/chtls_cm.h | 203 +
2 files changed, 690
Key area size in hw-config file. CPL struct for TLS request
and response. Work request for Inline TLS.
Signed-off-by: Atul Gupta
---
drivers/net/ethernet/chelsio/cxgb4/t4_msg.h | 121 ++-
drivers/net/ethernet/chelsio/cxgb4/t4_regs.h | 2 +
Signed-off-by: Atul Gupta
---
net/tls/tls_main.c | 113 +
1 file changed, 113 insertions(+)
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index e07ee3a..10a6d5d 100644
--- a/net/tls/tls_main.c
+++
On Mon, Feb 12, 2018 at 06:31:24PM +0800, Xin Long wrote:
> Remove the 'if (chunk)' check in sctp_renege_events for idata process,
> as all renege commands are generated in sctp_eat_data and it can't be
> NULL.
>
> The same thing we already did for common data in sctp_ulpq_renege.
>
> Fixes:
When forcing a specific link mode, the PHY driver must clear the
existing speed and duplex bits in BMCR while preserving some other
control bits. This logic was accidentally inverted with the introduction
of phy_modify().
Signed-off-by: Ingo van Lil
---
On Mon, Feb 12, 2018 at 06:29:06PM +0800, Xin Long wrote:
> The pr_err in sctp_hash_transport was supposed to report a sctp bug
> for using rhashtable/rhlist.
>
> The err '-EEXIST' introduced in Commit cd2b70875058 ("sctp: check
> duplicate node before inserting a new transport") doesn't belong
>
Randy Dunlap writes:
> From: Randy Dunlap
>
> Currently #includes for no obvious
> reason. It looks like it's only a convenience, so remove kmemleak.h
> from slab.h and add to any users of kmemleak_*
> that don't already #include it.
> Also
It's hard to understand pppol2tp_connect so split it up into separate
functions and document it better.
Fixes: fd558d186d ("l2tp: Split pppol2tp patch into separate l2tp and ppp
parts")
---
net/l2tp/l2tp_ppp.c | 307 +++-
1 file changed, 185
If an L2TPIP socket is closed, add RCU protection when we deref
sk_user_data to prevent races with another thread closing the same
tunnel.
Fixes: 0d76751fad ("l2tp: Add L2TPv3 IP encapsulation (no UDP) support")
refcount_t: increment on 0; use-after-free.
WARNING: CPU: 2 PID: 2892 at
Since L2TP hooks on sockets opened by userspace using sk_user_data, we
may race with other socket families that attempt to use the same
socket.
This problem was discovered by syzbot using AF_KCM. KCM has since been
modified to use only TCP sockets to avoid hitting this issue but we
should prevent
Previously, if a tunnel was closed, we called inet_shutdown to mark
the socket as unconnected such that userspace would get errors and
then close the socket. This could race with userspace closing the
socket. Instead, leave userspace to close the socket in its own time
(our tunnel will be detached
Handle session destroy in the same way as we handle tunnel destroy -
through a workqueue. Sessions can be destroyed either because its
socket is closed (if it has a socket) or by netlink request. A
workqueue synchronises these.
---
net/l2tp/l2tp_core.c | 30 +++---
Simplify relationship with tunnel such that the session holds a ref on
the tunnel, not its socket. This guarantees that the tunnel is always
extant if one or more sessions exists on the tunnel. If the session
has a socket (ppp), have it hold a ref on the socket until the session
is destroyed.
Since session destroy now uses a workqueue, let l2tp_session_delete
handle all the work of destroying a session. Don't remove the session
from the tunnel's list immediately. The tunnel will remain extant
until all of its sessions are gone anyway.
The session's dead flag is now unused so is
__l2tp_session_unhash is now only used internally so there is no
reason to expose it to other l2tp modules. Rename it
l2tp_session_unhash while we're at it.
---
net/l2tp/l2tp_core.c | 5 ++---
net/l2tp/l2tp_core.h | 1 -
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git
l2tp_tunnel_create now checks sk_user_data so this check is redundant
---
net/l2tp/l2tp_core.c | 8
1 file changed, 8 deletions(-)
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index c909fe9273c9..a91cd384e397 100644
--- a/net/l2tp/l2tp_core.c
+++ b/net/l2tp/l2tp_core.c
@@
The pr_err in sctp_hash_transport was supposed to report a sctp bug
for using rhashtable/rhlist.
The err '-EEXIST' introduced in Commit cd2b70875058 ("sctp: check
duplicate node before inserting a new transport") doesn't belong
to that case.
So just return -EEXIST back without pr_err any kmsg.
On Sun, 11 Feb 2018 16:46:48 +0100
Florian Westphal wrote:
> Eyal Birger wrote:
>
> Sorry for taking so long to respond.
>
> > On Tue, 6 Feb 2018 14:15:09 +0100
> > Florian Westphal wrote:
> >
> > > Steffen Klassert
On Mon, Feb 12, 2018 at 06:29:51PM +0800, Xin Long wrote:
> After the support for SCTP_CID_I_DATA and SCTP_CID_I_FWD_TSN chunks,
> the corresp conversion in sctp_cname should also be added. Otherwise,
> in some places, pr_debug will print them as "unknown chunk".
>
> Signed-off-by: Xin Long
Avoid SKB coalescing if eor bit is set in one of the relevant
SKBs.
Change-Id: I64d4f9874f2e23b3fd03daddccbefed53e098028
Fixes: c134ecb87817 ("tcp: Make use of MSG_EOR in tcp_sendmsg")
Signed-off-by: Ilya Lesokhin
---
net/ipv4/tcp_output.c | 25 +
1
Hello,
Got this and then server rebooted with panic (second message).
Workload: pppoe BRAS, lost of shapers, ppp interfaces
Please let me know if i need to provide more information
Feb 12 06:00:58 [13750.606169] WARNING: CPU: 6 PID: 0 at
./include/net/dst.h:256 nf_xfrm_me_harder+0x52/0xd9
Read FW capability. Read key area size. Dump the TLS record count.
Signed-off-by: Atul Gupta
---
drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c | 18 +++-
drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c| 32 +--
drivers/net/ethernet/chelsio/cxgb4/cxgb4_uld.h
TLS handler for record transmit and receive.
Create Inline TLS work request and post to FW.
Signed-off-by: Atul Gupta
---
drivers/crypto/chelsio/chtls/chtls_io.c | 1867 +++
1 file changed, 1867 insertions(+)
create mode 100644
Program the tx and rx key on chip.
Signed-off-by: Atul Gupta
---
drivers/crypto/chelsio/chtls/chtls_hw.c | 394
1 file changed, 394 insertions(+)
create mode 100644 drivers/crypto/chelsio/chtls/chtls_hw.c
diff --git
Define macro for TLS Key context
Signed-off-by: Atul Gupta
---
drivers/crypto/chelsio/chcr_algo.h | 42 +
drivers/crypto/chelsio/chcr_core.h | 55 +-
2 files changed, 96 insertions(+), 1 deletion(-)
diff
Now br_sysfs_if file flush doesn't have attr show. To read it will
cause kernel panic after users chmod u+r this file.
Xiong found this issue when running the commands:
ip link add br0 type bridge
ip link add type veth
ip link set veth0 master br0
chmod u+r
On Wed, Feb 7, 2018 at 4:02 PM, syzbot
wrote:
> Hello,
>
> syzbot hit the following crash on net-next commit
> 617aebe6a97efa539cc4b8a52adccd89596e6be0 (Sun Feb 4 00:25:42 2018 +)
> Merge tag 'usercopy-v4.16-rc1' of
>
After the support for SCTP_CID_I_DATA and SCTP_CID_I_FWD_TSN chunks,
the corresp conversion in sctp_cname should also be added. Otherwise,
in some places, pr_debug will print them as "unknown chunk".
Signed-off-by: Xin Long
---
net/sctp/debug.c | 6 ++
1 file changed,
Remove sctp_ prefix for diag file, to keep consistent with other
files' names, while at it, also to add file comments for diag.c.
Signed-off-by: Xin Long
---
net/sctp/Makefile| 2 +
net/sctp/diag.c | 557 +++
Avoid SKB coalescing if eor bit is set in one of the relevant
SKBs.
Fixes: c134ecb87817 ("tcp: Make use of MSG_EOR in tcp_sendmsg")
Signed-off-by: Ilya Lesokhin
---
Changes from v4:
- Remove Gerrit Change-Id
Changes from v3:
- Fix coding style
Changes from v2:
On Mon, Feb 12, 2018 at 06:32:30PM +0800, Xin Long wrote:
> Remove sctp_ prefix for diag file, to keep consistent with other
> files' names, while at it, also to add file comments for diag.c.
Okay but this should be a two-patches series then. The changes made
with the rename are hard to
From: Finn Thain
Date: Sun, 11 Feb 2018 22:08:43 -0500 (EST)
> The lib8390 module parameter 'msg_enable' doesn't do anything useful:
> it causes an ancient version string to be logged.
Not true.
You need to look at the various netif_*() et al. message logging
The sanity test added in ecd7918745234 can be bypassed, validation
only occurs if XFRM_STATE_ESN flag is set, but rest of code doesn't care
and just checks if the attribute itself is present.
So always validate. Alternative is to reject if we have the attribute
without the flag but that would
From: Marcelo Ricardo Leitner
Date: Mon, 12 Feb 2018 10:37:04 -0200
> On Mon, Feb 12, 2018 at 06:32:30PM +0800, Xin Long wrote:
>> Remove sctp_ prefix for diag file, to keep consistent with other
>> files' names, while at it, also to add file comments for diag.c.
>
>
> rcu_scheduler_active = 2, debug_locks = 1
> 1 lock held by syzkaller563791/4086:
> #0: (rcu_read_lock){}, at: []
> __rds_conn_create+0xe46/0x1b50 net/rds/connection.c:218
>
the rcu_read_lock() was added by ebeeb1ad9b. After we add that,
everything in the rcu read
Nikolay Borisov wrote:
> I think I've hit another incarnation of that one. The call stack is:
> http://paste.opensuse.org/3f22d013
>
> The cleaned up callstack of all the ? entries look like:
>
> __lock_acquire+0x2d8a/0x4b70
> lock_acquire+0x110/0x330
> kmem_cache_alloc+0x29/0x2c0
>
On Mon, Feb 12, 2018 at 06:29:06PM +0800, Xin Long wrote:
> The pr_err in sctp_hash_transport was supposed to report a sctp bug
> for using rhashtable/rhlist.
>
> The err '-EEXIST' introduced in Commit cd2b70875058 ("sctp: check
> duplicate node before inserting a new transport") doesn't belong
>
Before:
All these functions either return a negative error indicator,
or store length of sockaddr into "int *socklen" parameter
and return zero on success.
"int *socklen" parameter is awkward. For example, if caller does not
care, it still needs to provide on-stack storage for the value
it does
On Fri, Feb 09, 2018 at 05:59:12PM +, Jon Maloy wrote:
> Command for TCP:
> "netperf TCP_STREAM (netperf -n 4 -f m -c 4 -C 4 -P 1 -H 10.0.0.1 -t
> TCP_STREAM -l 10 -- -O THROUGHPUT)"
> Command for TIPC:
> "netperf TIPC_STREAM (netperf -n 4 -f m -c 4 -C 4 -P 1 -H 10.0.0.1 -t
> TCP_STREAM -l
On Mon, Feb 12, 2018 at 06:30:34PM +0800, Xin Long wrote:
> This patch is to fix the file comments in stream.c and
> stream_interleave.c
>
> Fixes: a83863174a61 ("sctp: prepare asoc stream for stream reconf")
> Fixes: 0c3f6f655487 ("sctp: implement make_datafrag for
> sctp_stream_interleave")
>
On Mon, Feb 12, 2018 at 4:23 PM, syzbot
wrote:
> Hello,
>
> syzbot hit the following crash on net-next commit
> 9515a2e082f91457db0ecff4b65371d0fb5d9aad (Thu Jan 25 03:37:38 2018 +)
> net/ipv4: Allow send to local broadcast from a socket
On Mon, Feb 12, 2018 at 4:22 PM, syzbot
wrote:
> Hello,
>
> syzbot hit the following crash on net-next commit
> d0adb51edb73c94a595bfa9d9bd8b35977e74fbf
>
> Unfortunately, I don't have any reproducer for this crash yet.
> Raw console output
On Mon, Feb 12, 2018 at 4:23 PM, syzbot
wrote:
> Hello,
>
> syzbot hit the following crash on net-next commit
> d0adb51edb73c94a595bfa9d9bd8b35977e74fbf
>
> Unfortunately, I don't have any reproducer for this crash yet.
> Raw console output
Currently, if Wake-on-LAN is enabled, the EtherAVB device's module clock
is manually kept running during system suspend, to make sure the device
stays active.
Since commit 91c719f5ec6671f7 ("soc: renesas: rcar-sysc: Keep wakeup
sources active during system suspend") , this workaround is no longer
Currently, if Wake-on-LAN is enabled, the EtherAVB device's module clock
is manually kept running during system suspend, to make sure the device
stays active.
Since commit 91c719f5ec6671f7 ("soc: renesas: rcar-sysc: Keep wakeup
sources active during system suspend") , this workaround is no longer
The control channel calls registered callbacks when control messages
such as XDomain protocol messages are received. The control channel
handling is done in a worker running on system workqueue which means the
networking driver can't run tear down flow which includes sending
disconnect request and
When suspending to mem or disk the Thunderbolt controller typically goes
down as well tearing down the connection automatically. However, when
suspend to idle is used this does not happen so we need to make sure the
connection is properly disconnected before it can be re-established
during resume.
Mon, Feb 12, 2018 at 04:32:16PM CET, j...@resnulli.us wrote:
>Sat, Feb 10, 2018 at 09:41:57PM CET, xiyou.wangc...@gmail.com wrote:
>
>[...]
>
@@ -348,7 +340,7 @@ static struct tc_u_common *tc_u_common_find(const
struct tcf_proto *tp)
h = tc_u_hash(tp);
On Mon, Feb 12, 2018 at 06:32:30PM +0800, Xin Long wrote:
> Remove sctp_ prefix for diag file, to keep consistent with other
> files' names, while at it, also to add file comments for diag.c.
>
> Signed-off-by: Xin Long
I'm fine with this as a single patch
Acked-by: Neil
Sat, Feb 10, 2018 at 09:41:57PM CET, xiyou.wangc...@gmail.com wrote:
[...]
>>>@@ -348,7 +340,7 @@ static struct tc_u_common *tc_u_common_find(const
>>>struct tcf_proto *tp)
>>>
>>>h = tc_u_hash(tp);
>>>hlist_for_each_entry(tc, _u_common_hash[h], hnode) {
>>>- if
On Fri, Jan 5, 2018 at 11:06 PM, syzbot
wrote:
> Hello,
>
> syzkaller hit the following crash on
> bcecb4bbf88aa03171c30652bca761cf27755a6b
> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
> compiler: gcc (GCC) 7.1.1
Currently, if Wake-on-LAN is enabled, the SH-ETH device's module clock
is manually kept running during system suspend, to make sure the device
stays active.
Since commits 91c719f5ec6671f7 ("soc: renesas: rcar-sysc: Keep wakeup
sources active during system suspend") and 744dddcae84441b1 ("clk:
On Mon, Feb 12, 2018 at 5:00 PM, syzbot
wrote:
> Hello,
>
> syzbot hit the following crash on bpf-next commit
> 617aebe6a97efa539cc4b8a52adccd89596e6be0 (Sun Feb 4 00:25:42 2018 +)
> Merge tag 'usercopy-v4.16-rc1' of
>
Sat, Feb 10, 2018 at 09:41:57PM CET, xiyou.wangc...@gmail.com wrote:
>On Wed, Feb 7, 2018 at 11:38 PM, Jiri Pirko wrote:
>> Thu, Feb 08, 2018 at 12:08:36AM CET, xiyou.wangc...@gmail.com wrote:
>>>On Tue, Feb 6, 2018 at 11:01 PM, Jiri Pirko wrote:
Wed, Feb
On Mon, Feb 12, 2018 at 12:02:52PM +0100, Ingo van Lil wrote:
> When forcing a specific link mode, the PHY driver must clear the
> existing speed and duplex bits in BMCR while preserving some other
> control bits. This logic was accidentally inverted with the introduction
> of phy_modify().
>
>
On Mon, Feb 12, 2018 at 06:29:51PM +0800, Xin Long wrote:
> After the support for SCTP_CID_I_DATA and SCTP_CID_I_FWD_TSN chunks,
> the corresp conversion in sctp_cname should also be added. Otherwise,
> in some places, pr_debug will print them as "unknown chunk".
>
> Signed-off-by: Xin Long
On Mon, Feb 12, 2018 at 06:31:24PM +0800, Xin Long wrote:
> Remove the 'if (chunk)' check in sctp_renege_events for idata process,
> as all renege commands are generated in sctp_eat_data and it can't be
> NULL.
>
> The same thing we already did for common data in sctp_ulpq_renege.
>
> Fixes:
From: Kirill Tkhai
Date: Mon, 12 Feb 2018 13:10:34 +0300
> This err branch looks excess. It was before your patch, but in case of you
> change this place,
> can't we stop having it? it looks like we can simply do the below here:
>
> err = tipc_enable_bearer(net,
On Mon, Feb 12, 2018 at 10:11:07AM +, James Chapman wrote:
> Previously, if a tunnel was closed, we called inet_shutdown to mark
> the socket as unconnected such that userspace would get errors and
> then close the socket. This could race with userspace closing the
> socket. Instead, leave
On 02/12/2018 04:28 AM, Michael Ellerman wrote:
> Randy Dunlap writes:
>
>> From: Randy Dunlap
>>
>> Currently #includes for no obvious
>> reason. It looks like it's only a convenience, so remove kmemleak.h
>> from slab.h and add to any users of
From: Ingo van Lil
Date: Mon, 12 Feb 2018 12:02:52 +0100
> When forcing a specific link mode, the PHY driver must clear the
> existing speed and duplex bits in BMCR while preserving some other
> control bits. This logic was accidentally inverted with the introduction
> of
From: Geert Uytterhoeven
Date: Mon, 12 Feb 2018 14:42:36 +0100
> Currently, if Wake-on-LAN is enabled, the SH-ETH device's module clock
> is manually kept running during system suspend, to make sure the device
> stays active.
>
> Since commits 91c719f5ec6671f7 ("soc:
Since L2TP hooks on sockets opened by userspace using sk_user_data, we
may race with other socket families that attempt to use the same
socket.
This problem was discovered by syzbot using AF_KCM. KCM has since been
modified to use only TCP sockets to avoid hitting this issue but we
should prevent
Simplify relationship with tunnel such that the session holds a ref on
the tunnel, not its socket. This guarantees that the tunnel is always
extant if one or more sessions exists on the tunnel. If the session
has a socket (ppp), have it hold a ref on the socket until the session
is destroyed.
Signed-off-by: James Chapman
---
net/l2tp/l2tp_ppp.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index ff95a4d4eac5..947066b3d6d8 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -172,8
This patch series addresses several races with L2TP APIs discovered by
syzbot. While working on this, it became clear that the L2TP code
needed some work to address object lifetime issues. There are no
functional changes.
The set of patches 1-13 in combination fix the following syzbot reports.
syzbot reported that xt_LED may try to use the ledinternal->timer
without previously initializing it:
[ cut here ]
kernel BUG at kernel/time/timer.c:958!
invalid opcode: [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID:
On Mon, Feb 12, 2018 at 10:11:04AM +, James Chapman wrote:
> This patch series addresses several races with L2TP APIs discovered by
> syzbot. While working on this, it became clear that the L2TP code
> needed some work to address object lifetime issues. There are no
> functional changes.
>
>
In setups like the following:
Host A --Host B
tun0 -- ipsec -- eth0 -- eth0 -- ipsec -- tun0
where tun0 are tunnel devices using dst_cache (ipip, ipip6, etc...).
Unregistration of an underlying eth0 device leads to the following log
messages:
unregister_netdevice:
Changes since v1:
Added changes in these files:
drivers/infiniband/hw/usnic/usnic_transport.c
drivers/staging/lustre/lnet/lnet/lib-socket.c
drivers/target/iscsi/iscsi_target_login.c
drivers/vhost/net.c
fs/dlm/lowcomms.c
fs/ocfs2/cluster/tcp.c
security/tomoyo/network.c
From: James Chapman
Date: Mon, 12 Feb 2018 17:33:23 +
> This patch series addresses several races with L2TP APIs discovered by
> syzbot. While working on this, it became clear that the L2TP code
> needed some work to address object lifetime issues. There are no
>
From: Denys Vlasenko
Date: Mon, 12 Feb 2018 20:00:20 +0100
> Changes since v1:
> Added changes in these files:
> drivers/infiniband/hw/usnic/usnic_transport.c
> drivers/staging/lustre/lnet/lnet/lib-socket.c
> drivers/target/iscsi/iscsi_target_login.c
>
From: Atul Gupta
Date: Mon, 12 Feb 2018 17:33:48 +0530
> + /* When calling get_netdev, the HW vendor's driver should return the
> + * net device of device @device at port @port_num or NULL if such
> + * a net device doesn't exist
> + */
> + struct
From: Atul Gupta
Date: Mon, 12 Feb 2018 17:34:28 +0530
> +static int get_tls_prot(struct sock *sk)
> +{
> + struct tls_context *ctx = tls_get_ctx(sk);
> + struct net_device *netdev;
> + struct tls_device *dev;
> +
> + /* Device bound to specific IP */
> +
Hello, Daniel.
On Mon, Feb 12, 2018 at 06:00:13PM +0100, Daniel Borkmann wrote:
> [ +Dennis, +Tejun ]
>
> Looks like we're stuck in percpu allocator with key/value size of 4 bytes
> each and large number of entries (max_entries) in the reproducer in above
> link.
>
> Could we have some
In setups like the following:
Host A --Host B
tun0 -- ipsec -- eth0 -- eth0 -- ipsec -- tun0
where tun0 are tunnel devices using dst_cache (ipip, ipip6, etc...).
Unregistration of an underlying eth0 device leads to the following log
messages:
unregister_netdevice:
l2tp_tunnel_create now checks sk_user_data so this check is redundant
Signed-off-by: James Chapman
---
net/l2tp/l2tp_core.c | 8
1 file changed, 8 deletions(-)
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index c909fe9273c9..a91cd384e397 100644
---
When a session refcount hits 0, the session is freed via
l2tp_session_free. Some pseudowires (ppp, eth) may have additional
resources to free when this happens. Add a session_free callback that
can be used by pseudowires to override the default kfree. The callback
is responsible for freeing the
Use l2tp core's session_free callback to drive the ppp session
cleanup. PPP sessions are cleaned up by RCU. The PPP session socket is
allowed to close only when the session is freed.
With this patch, the following syzbot bug reports are finally fixed.
Reported-by:
__l2tp_session_unhash is now only used internally so there is no
reason to expose it to other l2tp modules. Rename it
l2tp_session_unhash while we're at it.
Signed-off-by: James Chapman
---
net/l2tp/l2tp_core.c | 5 ++---
net/l2tp/l2tp_core.h | 1 -
2 files changed, 2
Since session destroy now uses a workqueue, let l2tp_session_delete
handle all the work of destroying a session. Don't remove the session
from the tunnel's list immediately. The tunnel will remain extant
until all of its sessions are gone anyway.
The session's dead flag is now unused so is
1 - 100 of 230 matches
Mail list logo