Re: [PATCH 1/2] net: rds: drop VLA in rds_for_each_conn_info()

On 3/11/18 2:07 PM, Salvatore Mesoraca wrote: Avoid VLA[1] by using an already allocated buffer passed by the caller. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- Thanks for both VLA fixes Salvatore. FWIW, Acked-by: Santosh Shilimkar

Re: [PATCH 2/2] net: rds: drop VLA in rds_walk_conn_path_info()

On 3/11/18 2:07 PM, Salvatore Mesoraca wrote: Avoid VLA[1] by using an already allocated buffer passed by the caller. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- Acked-by: Santosh Shilimkar

Re: [PATCH] net/mlx4_en: Fix a memory leak in case of error in 'mlx4_en_init_netdev()'

On 12/03/2018 12:45 AM, Christophe JAILLET wrote: If 'kzalloc' fails, we must free some memory before returning. Fixes: 67f8b1dcb9ee ("net/mlx4_en: Refactor the XDP forwarding rings scheme") Signed-off-by: Christophe JAILLET ---

Re: [bpf-next V3 PATCH 13/15] mlx5: use page_pool for xdp_return_frame call

On 09/03/2018 10:56 PM, Jesper Dangaard Brouer wrote: This patch shows how it is possible to have both the driver local page cache, which uses elevated refcnt for "catching"/avoiding SKB put_page. And at the same time, have pages getting returned to the page_pool from ndp_xdp_xmit DMA

Re: [PATCH][rds-next] rds: make functions rds_info_from_znotifier and rds_message_zcopy_from_user static

On 3/11/18 10:03 AM, Colin King wrote: From: Colin Ian King Functions rds_info_from_znotifier and rds_message_zcopy_from_user are local to the source and do not need to be in global scope, so make them static. Cleans up sparse warnins: net/rds/message.c:70:27:

Re: [PATCH][rds-next] rds: remove redundant variable 'sg_off'

On 3/11/18 9:27 AM, Colin King wrote: From: Colin Ian King Variable sg_off is assigned a value but it is never read, hence it is redundant and can be removed. Cleans up clang warning: net/rds/message.c:373:2: warning: Value stored to 'sg_off' is never read

Re: [PATCH][rds-next] rds: make functions rds_info_from_znotifier and rds_message_zcopy_from_user static

On 3/11/18 11:54 PM, santosh.shilim...@oracle.com wrote: On 3/11/18 10:03 AM, Colin King wrote: From: Colin Ian King Functions rds_info_from_znotifier and rds_message_zcopy_from_user are local to the source and do not need to be in global scope, so make them static.

Re: [pci PATCH v4 1/4] pci-iov: Add support for unmanaged SR-IOV

On Sun, Mar 11, 2018 at 09:59:09PM -0600, Alex Williamson wrote: > I still struggle to understand why we need this "unmanaged" > complication and how a user of the sysfs API is expected to have any > idea whether a PF is managed or unmanaged and why they should care. > Can't we just have a

[PATCH v4 2/6] staging: fsl-dpaa2/ethsw: Add Freescale DPAA2 Ethernet Switch driver

Introduce the DPAA2 Ethernet Switch driver, which manages Datapath Switch (DPSW) objects discovered on the MC bus. Suggested-by: Alexandru Marginean Signed-off-by: Razvan Stefanescu --- Changelog: v2: - fix PVID cleanup in

Re: [PATCH net v2 2/2] l2tp: fix races with ipv4-mapped ipv6 addresses

On Fri, 2018-03-09 at 19:26 +0100, Guillaume Nault wrote: > On Fri, Mar 09, 2018 at 06:58:00PM +0100, Paolo Abeni wrote: > > The single threaded reproducer does not trigger anymore after 1/2, > > _but_ if ask syzbot to test 1/2 that will trigger another splat, > > because syzbot will do also multi

[PATCH v4 0/6] staging: Introduce DPAA2 Ethernet Switch driver

This patchset introduces the Ethernet Switch Driver for Freescale/NXP SoCs with DPAA2 (DataPath Acceleration Architecture v2). The driver manages switch objects discovered on the fsl-mc bus. A description of the driver can be found in the associated README file. The patchset consists of: * A set

[PATCH] can: m_can: select pinctrl state in each suspend/resume function

Make sure to apply the correct pin state in suspend/resume callbacks. Putting pins in sleep state saves power. Signed-off-by: Bich Hemon --- drivers/net/can/m_can/m_can.c | 4 1 file changed, 4 insertions(+) diff --git a/drivers/net/can/m_can/m_can.c

[BUGFIX PATCH bpf-next] error-injection: Fix to prohibit jump optimization

Since the kprobe which was optimized by jump can not change the execution path, the kprobe for error-injection must not be optimized. To prohibit it, set a dummy post-handler as officially stated in Documentation/kprobes.txt. Fixes: 4b1a29a7f542 ("error-injection: Support fault injection

Re: [PATCH net v4 0/2] rhashtable: Fix rhltable duplicates insertion

On 3/12/2018 4:48 AM, David Miller wrote: > Ok, queued up. thank you

Re: KASAN: use-after-free Read in sctp_association_free (2)

On Sun, Mar 11, 2018 at 3:04 AM, Neil Horman wrote: > On Sun, Mar 11, 2018 at 12:22:32AM +0800, Xin Long wrote: >> On Sat, Mar 10, 2018 at 9:13 PM, Neil Horman wrote: >> > On Sat, Mar 10, 2018 at 03:58:04PM +0800, Xin Long wrote: >> >> On Sat, Mar

Re: Problem with bridge (mcast-to-ucast + hairpin) and Broadcom's 802.11f in their FullMAC fw

On 28 February 2018 at 12:31, Arend van Spriel wrote: > On 2/27/2018 11:14 AM, Rafał Miłecki wrote: >> >> Sending with a fixed linux-wireless ML address. Please kindly send your >> replies using linux-wireless@ >> >> On 02/27/2018 11:08 AM, Rafał Miłecki wrote: >>>

[PATCH net-next] net: Make RX-FCS and HW GRO mutually exclusive

Same as LRO, hardware GRO cannot be enabled with RX-FCS. When both are requested, hardware GRO will be dropped. Suggested-by: David Miller Signed-off-by: Gal Pressman --- net/core/dev.c | 15 +++ 1 file changed, 11 insertions(+), 4

Re: [PATCH 1/2] net: rds: drop VLA in rds_for_each_conn_info()

2018-03-12 8:06 GMT+01:00 santosh.shilim...@oracle.com : > On 3/11/18 2:07 PM, Salvatore Mesoraca wrote: >> >> Avoid VLA[1] by using an already allocated buffer passed >> by the caller. >> >> [1] https://lkml.org/lkml/2018/3/7/621 >> >> Signed-off-by: Salvatore

Re: [PATCH net-next] net: stmmac: remove superfluous wmb() memory barriers

On Fri, Mar 09, 2018 at 10:15:20AM -0500, David Miller wrote: > From: Jose Abreu > Date: Fri, 9 Mar 2018 10:26:11 + > > > Sorry but I know at least two architectures which don't do a > > wmb() upon an writel [1] [2]. This can be critical if if we are > > accessing

Re: [PATCH 2/2] net/usb/ax88179_178a: Delete three unnecessary variables in ax88179_chk_eee()

Am Samstag, den 10.03.2018, 19:26 +0100 schrieb SF Markus Elfring: > From: Markus Elfring > Date: Sat, 10 Mar 2018 18:53:28 +0100 > > Use three values directly for a condition check without assigning them > to intermediate variables. Hi, what is the benefit of

Re: [PATCH] can: m_can: select pinctrl state in each suspend/resume function

On 03/12/2018 09:52 AM, Bich HEMON wrote: > Make sure to apply the correct pin state in suspend/resume callbacks. > Putting pins in sleep state saves power. > > Signed-off-by: Bich Hemon > --- Doesn't compile: > CHECK

[PATCH 4/6] can: peak/pcie_fd: fix echo_skb is occupied! bug

From: Stephane Grosjean This patch makes atomic the handling of the linux-can echo_skb array and the network tx queue. This prevents from the "BUG! echo_skb is occupied!" message to be printed by the linux-can core, in SMP environments. Reported-by: Diana Burgess

[PATCH 6/6] can: m_can: select pinctrl state in each suspend/resume function

From: Bich HEMON Make sure to apply the correct pin state in suspend/resume callbacks. Putting pins in sleep state saves power. Signed-off-by: Bich Hemon Signed-off-by: Marc Kleine-Budde --- drivers/net/can/m_can/m_can.c | 5 + 1

[PATCH 2/6] can: ifi: Check core revision upon probe

From: Marek Vasut Older versions of the core are not compatible with the driver due to various intrusive fixes of the core. Read out the VER register, check the core revision bitfield and verify if the core in use is new enough (rev 2.1 or newer) to work correctly with this

[PATCH 5/6] can: peak/pcie_fd: remove useless code when interface starts

From: Stephane Grosjean When an interface starts, the echo_skb array is empty and the network queue should be started only. This patch replaces useless code and locks when the internal RX_BARRIER message is received from the IP core, telling the driver that tx may

[PATCH v4 4/6] staging: fsl-dpaa2/ethsw: Add maintainer for Ethernet Switch driver

Signed-off-by: Razvan Stefanescu --- Changelog: v2: - no changes v3: - no changes v4: - no changes MAINTAINERS | 6 ++ 1 file changed, 6 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index c3c2b75..20d7bf2 100644 --- a/MAINTAINERS +++

[PATCH v4 1/6] staging: fsl-dpaa2/ethsw: Add APIs for DPSW object

Add the command build/parse APIs for operating on DPSW objects through the DPAA2 Management Complex. Signed-off-by: Razvan Stefanescu --- Changelog: v2: - use u8 for en parameter of dpsw_if_set_flooding/broadcast() v3: - no changes v4: - adjust to moving

[PATCH v4 3/6] staging: fsl-dpaa2/ethsw: Add ethtool support

Add driver information, link details and hardware statistics to be reported via ethtool -S. Signed-off-by: Razvan Stefanescu --- Changelog: v2: - no changes v3: - removed driver version v4: - no changes drivers/staging/fsl-dpaa2/ethsw/Makefile|

[PATCH v4 6/6] staging: fsl-dpaa2/ethsw: Add TODO

Add a TODO file describing what needs to be added/changed before the driver can be moved out of staging. Signed-off-by: Razvan Stefanescu --- Changelog: v2: - no changes v3: - no changes v4: - remove fsl-mc bus driver dependency as it is out of staging

Re: [RESEND] rsi: Remove stack VLA usage

tcharding wrote: > The kernel would like to have all stack VLA usage removed[1]. rsi uses > a VLA based on 'blksize'. Elsewhere in the SDIO code maximum block size > is defined using a magic number. We can use a pre-processor defined > constant and declare the array to maximum

Re: Problem with bridge (mcast-to-ucast + hairpin) and Broadcom's 802.11f in their FullMAC fw

On 27 February 2018 at 18:05, Stephen Hemminger wrote: > On Tue, 27 Feb 2018 11:08:20 +0100 > Rafał Miłecki wrote: > >> I've problem when using OpenWrt/LEDE on a home router with Broadcom's >> FullMAC WiFi chipset. >> >> >> First of all OpenWrt/LEDE

[PATCH v4 5/6] staging: fsl-dpaa2/ethsw: Add README

Add a README file describing the driver architecture, components and interfaces. Signed-off-by: Razvan Stefanescu --- Changelog: v2: - no changes v3: - no changes v4: - no changes drivers/staging/fsl-dpaa2/ethsw/README | 106

[PATCH 3/6] can: ifi: Repair the error handling

From: Marek Vasut The new version of the IFI CANFD core has significantly less complex error state indication logic. In particular, the warning/error state bits are no longer all over the place, but are all present in the STATUS register. Moreover, there is a new IRQ register bit

[PATCH 1/6] can: m_can: change comparison to bitshift when dealing with a mask

From: Wolfram Sang Due to a typo, the mask was destroyed by a comparison instead of a bit shift. Reported-by: Geert Uytterhoeven Signed-off-by: Wolfram Sang Signed-off-by: Marc Kleine-Budde

pull-request: can 2018-03-12

incorrect calculation of max delta_t (2018-03-11 22:48:59 -0400) are available in the Git repository at: ssh://g...@gitolite.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can.git tags/linux-can-fixes-for-4.16-20180312 for you to fetch changes up to c9b3bce18da4a0aebc27853052dea39aa64b7d

Re: [PATCH v2] net: ipv6: xfrm6_state: remove VLA usage

On Sat, Mar 10, 2018 at 07:26:44PM +0100, Stefano Brivio wrote: > On Sat, 10 Mar 2018 09:18:46 -0800 > Kees Cook wrote: > > > On Sat, Mar 10, 2018 at 12:43 AM, Stefano Brivio wrote: > > > On Sat, 10 Mar 2018 09:40:44 +0200 > > > Andreas Christoforou

[PATCH net-next] sctp: fix error return code in sctp_sendmsg_new_asoc()

Return error code -EINVAL in the address len check error handling case since 'err' can be overwrite to 0 by 'err = sctp_verify_addr()' in the for loop. Fixes: 2c0dbaa0c43d ("sctp: add support for SCTP_DSTADDRV4/6 Information for sendmsg") Signed-off-by: Wei Yongjun ---

[PATCH net-next] mlxsw: spectrum_kvdl: Make some functions static

Fixes the following sparse warnings: drivers/net/ethernet/mellanox/mlxsw/spectrum_kvdl.c:371:5: warning: symbol 'mlxsw_sp_kvdl_single_occ_get' was not declared. Should it be static? drivers/net/ethernet/mellanox/mlxsw/spectrum_kvdl.c:384:5: warning: symbol 'mlxsw_sp_kvdl_chunks_occ_get' was not

Re: [PATCH 6/6] can: m_can: select pinctrl state in each suspend/resume function

Hi Mark, Thanks for the fix. On 03/12/2018 11:04 AM, Marc Kleine-Budde wrote: > From: Bich HEMON > > Make sure to apply the correct pin state in suspend/resume callbacks. > Putting pins in sleep state saves power. > > Signed-off-by: Bich Hemon >

Re: [PATCH net-next] mlxsw: spectrum_kvdl: Make some functions static

Mon, Mar 12, 2018 at 01:25:24PM CET, weiyongj...@huawei.com wrote: >Fixes the following sparse warnings: > >drivers/net/ethernet/mellanox/mlxsw/spectrum_kvdl.c:371:5: warning: > symbol 'mlxsw_sp_kvdl_single_occ_get' was not declared. Should it be static?

Re: [bpf-next V3 PATCH 13/15] mlx5: use page_pool for xdp_return_frame call

On 12/03/2018 12:08 PM, Tariq Toukan wrote: On 09/03/2018 10:56 PM, Jesper Dangaard Brouer wrote: This patch shows how it is possible to have both the driver local page cache, which uses elevated refcnt for "catching"/avoiding SKB put_page.  And at the same time, have pages getting returned

Re: [BUGFIX PATCH bpf-next] error-injection: Fix to prohibit jump optimization

Hi Masami, On 03/12/2018 11:27 AM, Masami Hiramatsu wrote: > On Mon, 12 Mar 2018 19:00:49 +0900 > Masami Hiramatsu wrote: > >> Since the kprobe which was optimized by jump can not change >> the execution path, the kprobe for error-injection must not >> be optimized. To

Re: Problem with bridge (mcast-to-ucast + hairpin) and Broadcom's 802.11f in their FullMAC fw

On Tue, Feb 27, 2018 at 11:08:20AM +0100, Rafał Miłecki wrote: > I've problem when using OpenWrt/LEDE on a home router with Broadcom's > FullMAC WiFi chipset. Hi Rafał, Thanks for reporting this issue! > Can you see any solution for this problem? Is that an option to stop > multicast-to-unicast

Re: KASAN: use-after-free Read in sctp_association_free (2)

On Mon, Mar 12, 2018 at 04:16:27PM +0800, Xin Long wrote: > On Sun, Mar 11, 2018 at 3:04 AM, Neil Horman wrote: > > On Sun, Mar 11, 2018 at 12:22:32AM +0800, Xin Long wrote: > >> On Sat, Mar 10, 2018 at 9:13 PM, Neil Horman wrote: > >> > On Sat, Mar

Re: Problem with bridge (mcast-to-ucast + hairpin) and Broadcom's 802.11f in their FullMAC fw

On Mon, Mar 12, 2018 at 10:46:45AM +0100, Rafał Miłecki wrote: > On 27 February 2018 at 18:05, Stephen Hemminger [...] > > ebtables is your friend in dealing with weird and broken devices. > > It may be weird, not sure if actually broken. Anyway I'd like to have > some generic solution instead of

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

On 09/03/18 18:58, Alexei Starovoitov wrote: > It's not waiting for the whole thing, because once bpfilter starts it > stays running/sleeping because it's stateful. So, this has been bugging me a bit. If bpfilter takes a signal and crashes, all that state goes away. Does that mean your

Re: [PATCH][next] lan743x: make functions lan743x_csr_read and lan743x_csr_read static

From: Colin King Date: Sun, 11 Mar 2018 17:55:47 +0100 > From: Colin Ian King > > Functions lan743x_csr_read and lan743x_csr_read are local to the source > and do not need to be in global scope, so make them static. > > Cleans up sparse

RE: [PATCH v2 iproute2-next 0/6] cm_id, cq, mr, and pd resource tracking

Hey all, The kernel side of this series has been merged for rdma-next [1]. Let me know if this iproute2 series can be merged, of if it needs more changes. Thanks, Steve. [1] https://www.spinics.net/lists/linux-rdma/msg61720.html > -Original Message- > From:

Re: [PATCH 3/4 net-next] ibmvnic: Pad small packets to minimum MTU size

On 03/11/2018 09:56 PM, David Miller wrote: > From: Thomas Falcon > Date: Fri, 9 Mar 2018 13:23:56 -0600 > >> +/* For some backing devices, mishandling of small packets >> + * can result in a loss of connection or TX stall. Device >> + * architects

Re: [PATCH net-next] sctp: fix error return code in sctp_sendmsg_new_asoc()

On Mon, Mar 12, 2018 at 12:16:04PM +, Wei Yongjun wrote: > Return error code -EINVAL in the address len check error handling > case since 'err' can be overwrite to 0 by 'err = sctp_verify_addr()' > in the for loop. > > Fixes: 2c0dbaa0c43d ("sctp: add support for SCTP_DSTADDRV4/6 Information

Re: [PATCH net-next] modules: allow modprobe load regular elf binaries

On 3/12/18 5:02 AM, Edward Cree wrote: On 09/03/18 18:58, Alexei Starovoitov wrote: It's not waiting for the whole thing, because once bpfilter starts it stays running/sleeping because it's stateful. So, this has been bugging me a bit. If bpfilter takes a signal and crashes, all that state

Re: [PATCH v2 iproute2-next 0/6] cm_id, cq, mr, and pd resource tracking

On 3/12/18 8:16 AM, Steve Wise wrote: > Hey all, > > The kernel side of this series has been merged for rdma-next [1]. Let me > know if this iproute2 series can be merged, of if it needs more changes. > The problem is that iproute2 headers are synced to kernel headers from DaveM's tree

Re: [PATCH v2] KEYS: DNS: limit the length of option strings

On Wed, Mar 07, 2018 at 03:54:37PM +, David Howells wrote: > Eric Biggers wrote: > > > Fix it by limiting option strings (combined name + value) to a much more > > reasonable 128 bytes. The exact limit is arbitrary, but currently the > > only recognized option is

[PATCH 21/30] netfilter: nf_flow_table: clean up flow_offload_alloc

From: Felix Fietkau Reduce code duplication and make it much easier to read Signed-off-by: Felix Fietkau Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_flow_table.c | 93 --- 1 file changed, 34

[PATCH 01/30] netfilter: nf_tables: nf_tables_obj_lookup_byhandle() can be static

From: kbuild test robot Fixes: 3ecbfd65f50e ("netfilter: nf_tables: allocate handle and delete objects via handle") Signed-off-by: Fengguang Wu Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_tables_api.c | 8

[PATCH 24/30] netfilter: nf_flow_table: rename nf_flow_table.c to nf_flow_table_core.c

From: Felix Fietkau Preparation for adding more code to the same module Signed-off-by: Felix Fietkau Signed-off-by: Pablo Neira Ayuso --- net/netfilter/Makefile | 2 ++ net/netfilter/{nf_flow_table.c =>

[PATCH 30/30] netfilter: nft_ct: add NFT_CT_{SRC,DST}_{IP,IP6}

All existing keys, except the NFT_CT_SRC and NFT_CT_DST are assumed to have strict datatypes. This is causing problems with sets and concatenations given the specific length of these keys is not known. Signed-off-by: Pablo Neira Ayuso Acked-by: Florian Westphal

[PATCH 28/30] netfilter: Refactor nf_conncount

From: Yi-Hung Wei Remove parameter 'family' in nf_conncount_count() and count_tree(). It is because the parameter is not useful after commit 625c556118f3 ("netfilter: connlimit: split xt_connlimit into front and backend"). Signed-off-by: Yi-Hung Wei

[PATCH 29/30] netfilter: conncount: Support count only use case

From: Yi-Hung Wei Currently, nf_conncount_count() counts the number of connections that matches key and inserts a conntrack 'tuple' with the same key into the accounting data structure. This patch supports another use case that only counts the number of connections where

[PATCH 22/30] ipv6: make ip6_dst_mtu_forward inline

From: Felix Fietkau Needed to remove a direct dependency on ipv6.ko from flowtable infrastructure. Make it inline like ip_dst_mtu_maybe_forward(). Signed-off-by: Felix Fietkau Signed-off-by: Pablo Neira Ayuso --- include/net/ip6_route.h | 21

[PATCH 14/30] netfilter: compat: prepare xt_compat_init_offsets to return errors

From: Florian Westphal should have no impact, function still always returns 0. This patch is only to ease review. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter/x_tables.h | 2 +-

[PATCH 26/30] ipvs: use true and false for boolean values

From: "Gustavo A. R. Silva" Assign true or false to boolean variables instead of an integer value. This issue was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Simon Horman

[PATCH 23/30] netfilter: nf_flow_table: cache mtu in struct flow_offload_tuple

From: Felix Fietkau Reduces the number of cache lines touched in the offload forwarding path. This is safe because PMTU limits are bypassed for the forwarding path (see commit f87c10a8aa1e for more details). Signed-off-by: Felix Fietkau Signed-off-by: Pablo Neira

[PATCH 25/30] netfilter: x_tables: fix build with CONFIG_COMPAT=n

From: Florian Westphal I placed the helpers within CONFIG_COMPAT section, move them outside. Fixes: 472ebdcd15ebdb ("netfilter: x_tables: check error target size too") Fixes: 07a9da51b4b6ae ("netfilter: x_tables: check standard verdicts in core") Signed-off-by: Florian Westphal

[PATCH 20/30] netfilter: nf_flow_table: use IP_CT_DIR_* values for FLOW_OFFLOAD_DIR_*

From: Felix Fietkau Simplifies further code cleanups Signed-off-by: Felix Fietkau Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nf_flow_table.h | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git

Re: [PATCH v3 net-next 3/4] net: macb: Add phy-handle DT support

> @@ -488,6 +488,9 @@ static int macb_mii_probe(struct net_device *dev) > } > bp->phy_node = of_node_get(np); > } else { > + /* attempt to find a phy-handle */ > + bp->phy_node = of_parse_phandle(np,

[PATCH 27/30] netfilter: nf_tables: handle rt0 and rt2 properly

From: Ahmed Abdelsalam This fixes Netfilter's bugzilla #1219. Type 0 and 2 of the IPv6 Routing extension header are not handled properlyby exthdr_init_raw() in src/exthdr.c In order to fix the bug, we extended the "enum nft_exthdr_op" to differentiate between rt, rt0, and

[PATCH 16/30] netfilter: x_tables: make sure compat af mutex is held

From: Florian Westphal Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- net/netfilter/x_tables.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index

[PATCH 15/30] netfilter: compat: reject huge allocation requests

From: Florian Westphal no need to bother even trying to allocating huge compat offset arrays, such ruleset is rejected later on anyway becaus we refuse to allocate overly large rule blobs. However, compat translation happens before blob allocation, so we should add a check there

[PATCH 17/30] netfilter: x_tables: ensure last rule in base chain matches underflow/policy

From: Florian Westphal Harmless from kernel point of view, but again iptables assumes that this is true when decoding ruleset coming from kernel. If a (syzkaller generated) ruleset doesn't have the underflow/policy stored as the last rule in the base chain, then iptables will

[PATCH 09/30] netfilter: x_tables: move hook entry checks into core

From: Florian Westphal Allow followup patch to change on location instead of three. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter/x_tables.h | 2 ++ net/ipv4/netfilter/arp_tables.c| 13

[PATCH 19/30] netfilter: xt_limit: Spelling s/maxmum/maximum/

From: Geert Uytterhoeven Signed-off-by: Geert Uytterhoeven Signed-off-by: Pablo Neira Ayuso --- net/netfilter/xt_limit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/xt_limit.c

[PATCH 11/30] netfilter: x_tables: cap allocations at 512 mbyte

From: Florian Westphal Arbitrary limit, however, this still allows huge rulesets (> 1 million rules). This helps with automated fuzzer as it prevents oom-killer invocation. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso

[PATCH 18/30] netfilter: make xt_rateest hash table per net

From: Cong Wang As suggested by Eric, we need to make the xt_rateest hash table and its lock per netns to reduce lock contentions. Cc: Florian Westphal Cc: Eric Dumazet Cc: Pablo Neira Ayuso Signed-off-by:

[PATCH 06/30] netfilter: unlock xt_table earlier in __do_replace

From: Xin Long Now it's doing cleanup_entry for oldinfo under the xt_table lock, but it's not really necessary. After the replacement job is done in xt_replace_table, oldinfo is not used elsewhere any more, and it can be freed without xt_table lock safely. The important

[PATCH 13/30] netfilter: x_tables: add counters allocation wrapper

From: Florian Westphal allows to have size checks in a single spot. This is supposed to reduce oom situations when fuzz-testing xtables. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso ---

[PATCH 05/30] netfilter: ipt_ah: return boolean instead of integer

From: "Gustavo A. R. Silva" Return statements in functions returning bool should use true/false instead of 1/0. This issue was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Pablo Neira Ayuso

[PATCH 08/30] netfilter: x_tables: check error target size too

From: Florian Westphal Check that userspace ERROR target (custom user-defined chains) match expected format, and the chain name is null terminated. This is irrelevant for kernel, but iptables itself relies on sane input when it dumps rules from kernel. Signed-off-by: Florian

[PATCH 04/30] netfilter: nf_conntrack_broadcast: remove useless parameter

From: Taehee Yoo parameter protoff in nf_conntrack_broadcast_help is not used anywhere. Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nf_conntrack_helper.h | 3 +--

[PATCH 07/30] netfilter: x_tables: check standard verdicts in core

From: Florian Westphal Userspace must provide a valid verdict to the standard target. The verdict can be either a jump (signed int > 0), or a return code. Allowed return codes are either RETURN (pop from stack), NF_ACCEPT, DROP and QUEUE (latter is allowed for legacy reasons).

[PATCH 12/30] netfilter: x_tables: limit allocation requests for blob rule heads

From: Florian Westphal This is a very conservative limit (134217728 rules), but good enough to not trigger frequent oom from syzkaller. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- net/netfilter/x_tables.c | 3 +++

[PATCH 10/30] netfilter: x_tables: enforce unique and ascending entry points

From: Florian Westphal Harmless from kernel point of view, but iptables assumes that this is true when decoding a ruleset. iptables walks the dumped blob from kernel, and, for each entry that creates a new chain it prints out rule/chain information. Base chains (hook entry

[PATCH 00/30] Netfilter/IPVS updates for net-next

Hi David, The following patchset contains Netfilter/IPVS updates for your net-next tree. This batch comes with more input sanitization for xtables to address bug reports from fuzzers, preparation works to the flowtable infrastructure and assorted updates. In no particular order, they are: 1)

[PATCH 02/30] netfilter: nfnetlink_acct: remove useless parameter

From: Taehee Yoo parameter skb in nfnl_acct_overquota is not used anywhere. Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter/nfnetlink_acct.h | 3 +-- net/netfilter/nfnetlink_acct.c |

[PATCH 03/30] netfilter: xt_cluster: get rid of xt_cluster_ipv6_is_multicast

From: Taehee Yoo If use the ipv6_addr_is_multicast instead of xt_cluster_ipv6_is_multicast, then we can reduce code size. Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso --- net/netfilter/xt_cluster.c | 10 +- 1

Re: [pci PATCH v5 1/4] pci: Add pci_sriov_configure_simple for PFs that don't manage VF resources

On Mon, Mar 12, 2018 at 10:40 AM, Keith Busch wrote: > On Mon, Mar 12, 2018 at 10:21:29AM -0700, Alexander Duyck wrote: >> diff --git a/include/linux/pci.h b/include/linux/pci.h >> index 024a1beda008..9cab9d0d51dc 100644 >> --- a/include/linux/pci.h >> +++

Re: [PATCH] ipv6: Use ip6_multipath_hash_policy() in rt6_multipath_hash().

On 3/12/18 8:10 AM, David Miller wrote: > > Make use of the new helper. > > Suggested-by: David Ahern > Signed-off-by: David S. Miller > --- > net/ipv6/route.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/ipv6/route.c

[PATCH v2] sctp: Fix double free in sctp_sendmsg_to_asoc

syzbot/kasan detected a double free in sctp_sendmsg_to_asoc: BUG: KASAN: use-after-free in sctp_association_free+0x7b7/0x930 net/sctp/associola.c:332 Read of size 8 at addr 8801d8006ae0 by task syzkaller914861/4202 CPU: 1 PID: 4202 Comm: syzkaller914861 Not tainted 4.16.0-rc4+ #258 Hardware

Re: [bpf-next V3 PATCH 13/15] mlx5: use page_pool for xdp_return_frame call

On 12/03/2018 12:16 PM, Tariq Toukan wrote: On 12/03/2018 12:08 PM, Tariq Toukan wrote: On 09/03/2018 10:56 PM, Jesper Dangaard Brouer wrote: This patch shows how it is possible to have both the driver local page cache, which uses elevated refcnt for "catching"/avoiding SKB put_page. 

Re: [BUGFIX PATCH bpf-next] error-injection: Fix to prohibit jump optimization

On Mon, 12 Mar 2018 11:44:21 +0100 Daniel Borkmann wrote: > Hi Masami, > > On 03/12/2018 11:27 AM, Masami Hiramatsu wrote: > > On Mon, 12 Mar 2018 19:00:49 +0900 > > Masami Hiramatsu wrote: > > > >> Since the kprobe which was optimized by jump can

Re: [PATCH linux-firmware] Mellanox: Add new mlxsw_spectrum firmware 13.1620.192

On Tue, Feb 27, 2018 at 3:51 AM, Tal Bar wrote: > This new firmware contains: > - Support for auto-neg disable mode > > Signed-off-by: Tal Bar > --- > WHENCE | 1 + > mellanox/mlxsw_spectrum-13.1620.192.mfa2 | Bin

Re: [PATCH V2 net-next] liquidio: fix ndo_change_mtu to always return correct status to the caller

From: Felix Manlunas Date: Sat, 10 Mar 2018 00:17:35 -0800 > From: Veerasenareddy Burru > > In a scenario where the command queued to firmware get dropped or times > out, MTU change from host will not propagate to firmware. So, it is

Re: [PATCH v10 crypto 07/11] chtls: Program the TLS Key

On Sat, 10 Mar 2018 00:40:12 +0530 Atul Gupta wrote: > Initialize the space reserved for storing the TLS keys > get and free the location where key is stored for the TLS > connection > Program the tx and rx key as received from user in > struct

Re: [PATCH v4 2/6] staging: fsl-dpaa2/ethsw: Add Freescale DPAA2 Ethernet Switch driver

On Mon, Mar 12, 2018 at 03:49:51AM -0500, Razvan Stefanescu wrote: > +static irqreturn_t ethsw_irq0_handler(int irq_num, void *arg) > +{ > + return IRQ_WAKE_THREAD; > +} > + > +static int ethsw_setup_irqs(struct fsl_mc_device *sw_dev) > +{ > + struct device *dev = _dev->dev; > +

Re: [PATCH] net: hns: use put_device() if device_register fail

From: Arvind Yadav Date: Fri, 9 Mar 2018 16:11:17 +0530 > if device_register() returned an error! Always use put_device() > to give up the reference initialized. > > Signed-off-by: Arvind Yadav I do not see anything giving cls_dev an

chelsio inline tls patches

Atul, starting with patch #5 there are functions which need to be adjusted to order function local variables from longest to shortest line (reverse christmas tree order). Please fix this up for all of those patches and resubmit your series. Thank you.

[PATCH] net: drivers/net: Remove unnecessary skb_copy_expand OOM messages

skb_copy_expand without __GFP_NOWARN already does a dump_stack on OOM so these messages are redundant. Signed-off-by: Joe Perches --- drivers/net/ethernet/qualcomm/qca_spi.c | 1 - drivers/net/usb/lg-vl600.c | 6 +- drivers/net/wimax/i2400m/usb-rx.c | 3

Re: [PATCH v10 crypto 09/11] chtls: Inline TLS request Tx/Rx

On Sat, 10 Mar 2018 00:40:14 +0530 Atul Gupta wrote: > TLS handler for record transmit and receive. > Create Inline TLS work request and post to FW. > Create Inline TLS record CPLs for hardware > > Signed-off-by: Atul Gupta > --- >

Re: [PATCH v10 crypto 08/11] chtls: CPL handler definition

On Sat, 10 Mar 2018 00:40:13 +0530 Atul Gupta wrote: > Exchange CPL messages with hardware to program the TLS session > CPL handlers defined to process messages received from chip. > > Signed-off-by: Atul Gupta > --- >

Re: [PATCH net-next] sctp: fix error return code in sctp_sendmsg_new_asoc()

On Mon, Mar 12, 2018 at 8:16 PM, Wei Yongjun wrote: > Return error code -EINVAL in the address len check error handling > case since 'err' can be overwrite to 0 by 'err = sctp_verify_addr()' > in the for loop. > > Fixes: 2c0dbaa0c43d ("sctp: add support for

  1   2   3   4   >