Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9f51ae62 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 

Pull networking fixes from David Miller:

 1) GRO overflow entries are not unlinked properly, resulting in list
    poison pointers being dereferenced.

 2) Fix bridge build with ipv6 disabled, from Nikolay Aleksandrov.

 3) Direct packet access and other fixes in BPF from Daniel Borkmann.

 4) gred_change_table_def() gets passed the wrong pointer, a pointer to
    a set of unparsed attributes instead of the attribute itself. From
    Jakub Kicinski.

 5) Allow macsec device to be brought up even if it's lowerdev is down,
    from Sabrina Dubroca.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  net: diag: document swapped src/dst in udp_dump_one.
  macsec: let the administrator set UP state even if lowerdev is down
  macsec: update operstate when lower device changes
  net: sched: gred: pass the right attribute to gred_change_table_def()
  ptp: drop redundant kasprintf() to create worker name
  net: bridge: remove ipv6 zero address check in mcast queries
  net: Properly unlink GRO packets on overflow.
  bpf: fix wrong helper enablement in cgroup local storage
  bpf: add bpf_jit_limit knob to restrict unpriv allocations
  bpf: make direct packet write unclone more robust
  bpf: fix leaking uninitialized memory on pop/peek helpers
  bpf: fix direct packet write into pop/peek helpers
  bpf: fix cg_skb types to hint access type in may_access_direct_pkt_data
  bpf: fix direct packet access for flow dissector progs
  bpf: disallow direct packet access for unpriv in cg_skb
  bpf: fix test suite to enable all unpriv program types
  bpf, btf: fix a missing check bug in btf_parse
  selftests/bpf: add config fragments BPF_STREAM_PARSER and XDP_SOCKETS
  bpf: devmap: fix wrong interface selection in notifier_call
parents 53b3b6bb 747569b0

Documentation/sysctl/net.txt

+8 −0
Original line number Diff line number Diff line
@@ -92,6 +92,14 @@ Values : 
	0 - disable JIT kallsyms export (default value)

	1 - enable JIT kallsyms export for privileged users only



bpf_jit_limit

-------------



This enforces a global limit for memory allocations to the BPF JIT

compiler in order to reject unprivileged JIT requests once it has

been surpassed. bpf_jit_limit contains the value of the global limit

in bytes.



dev_weight

--------------

drivers/net/macsec.c

+17 −3
Original line number Diff line number Diff line
@@ -2812,9 +2812,6 @@ static int macsec_dev_open(struct net_device *dev) 
	struct net_device *real_dev = macsec->real_dev;

	int err;



	if (!(real_dev->flags & IFF_UP))

		return -ENETDOWN;



	err = dev_uc_add(real_dev, dev->dev_addr);

	if (err < 0)

		return err;
@@ -3306,6 +3303,9 @@ static int macsec_newlink(struct net *net, struct net_device *dev, 
	if (err < 0)

		goto del_dev;



	netif_stacked_transfer_operstate(real_dev, dev);

	linkwatch_fire_event(dev);



	macsec_generation++;



	return 0;
@@ -3490,6 +3490,20 @@ static int macsec_notify(struct notifier_block *this, unsigned long event, 
		return NOTIFY_DONE;



	switch (event) {

	case NETDEV_DOWN:

	case NETDEV_UP:

	case NETDEV_CHANGE: {

		struct macsec_dev *m, *n;

		struct macsec_rxh_data *rxd;



		rxd = macsec_data_rtnl(real_dev);

		list_for_each_entry_safe(m, n, &rxd->secys, secys) {

			struct net_device *dev = m->secy.netdev;



			netif_stacked_transfer_operstate(real_dev, dev);

		}

		break;

	}

	case NETDEV_UNREGISTER: {

		struct macsec_dev *m, *n;

		struct macsec_rxh_data *rxd;

drivers/ptp/ptp_clock.c

+1 −5
Original line number Diff line number Diff line
@@ -232,12 +232,8 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info, 
	init_waitqueue_head(&ptp->tsev_wq);



	if (ptp->info->do_aux_work) {

		char *worker_name = kasprintf(GFP_KERNEL, "ptp%d", ptp->index);



		kthread_init_delayed_work(&ptp->aux_work, ptp_aux_kworker);

		ptp->kworker = kthread_create_worker(0, worker_name ?

						     worker_name : info->name);

		kfree(worker_name);

		ptp->kworker = kthread_create_worker(0, "ptp%d", ptp->index);

		if (IS_ERR(ptp->kworker)) {

			err = PTR_ERR(ptp->kworker);

			pr_err("failed to create ptp aux_worker %d\n", err);

include/linux/filter.h

+1 −0
Original line number Diff line number Diff line
@@ -854,6 +854,7 @@ bpf_run_sk_reuseport(struct sock_reuseport *reuse, struct sock *sk, 
extern int bpf_jit_enable;

extern int bpf_jit_harden;

extern int bpf_jit_kallsyms;

extern int bpf_jit_limit;



typedef void (*bpf_jit_fill_hole_t)(void *area, unsigned int size);

kernel/bpf/btf.c

+25 −33
Original line number Diff line number Diff line
@@ -2067,56 +2067,47 @@ static int btf_check_sec_info(struct btf_verifier_env *env, 
	return 0;

}



static int btf_parse_hdr(struct btf_verifier_env *env, void __user *btf_data,

			 u32 btf_data_size)

static int btf_parse_hdr(struct btf_verifier_env *env)

{

	u32 hdr_len, hdr_copy, btf_data_size;

	const struct btf_header *hdr;

	u32 hdr_len, hdr_copy;

	/*

	 * Minimal part of the "struct btf_header" that

	 * contains the hdr_len.

	 */

	struct btf_min_header {

		u16	magic;

		u8	version;

		u8	flags;

		u32	hdr_len;

	} __user *min_hdr;

	struct btf *btf;

	int err;



	btf = env->btf;

	min_hdr = btf_data;

	btf_data_size = btf->data_size;



	if (btf_data_size < sizeof(*min_hdr)) {

	if (btf_data_size <

	    offsetof(struct btf_header, hdr_len) + sizeof(hdr->hdr_len)) {

		btf_verifier_log(env, "hdr_len not found");

		return -EINVAL;

	}



	if (get_user(hdr_len, &min_hdr->hdr_len))

		return -EFAULT;



	hdr = btf->data;

	hdr_len = hdr->hdr_len;

	if (btf_data_size < hdr_len) {

		btf_verifier_log(env, "btf_header not found");

		return -EINVAL;

	}



	err = bpf_check_uarg_tail_zero(btf_data, sizeof(btf->hdr), hdr_len);

	if (err) {

		if (err == -E2BIG)

	/* Ensure the unsupported header fields are zero */

	if (hdr_len > sizeof(btf->hdr)) {

		u8 *expected_zero = btf->data + sizeof(btf->hdr);

		u8 *end = btf->data + hdr_len;



		for (; expected_zero < end; expected_zero++) {

			if (*expected_zero) {

				btf_verifier_log(env, "Unsupported btf_header");

		return err;

				return -E2BIG;

			}

		}

	}



	hdr_copy = min_t(u32, hdr_len, sizeof(btf->hdr));

	if (copy_from_user(&btf->hdr, btf_data, hdr_copy))

		return -EFAULT;

	memcpy(&btf->hdr, btf->data, hdr_copy);



	hdr = &btf->hdr;



	if (hdr->hdr_len != hdr_len)

		return -EINVAL;



	btf_verifier_log_hdr(env, btf_data_size);



	if (hdr->magic != BTF_MAGIC) {
@@ -2186,10 +2177,6 @@ static struct btf *btf_parse(void __user *btf_data, u32 btf_data_size, 
	}

	env->btf = btf;



	err = btf_parse_hdr(env, btf_data, btf_data_size);

	if (err)

		goto errout;



	data = kvmalloc(btf_data_size, GFP_KERNEL | __GFP_NOWARN);

	if (!data) {

		err = -ENOMEM;
@@ -2198,13 +2185,18 @@ static struct btf *btf_parse(void __user *btf_data, u32 btf_data_size, 


	btf->data = data;

	btf->data_size = btf_data_size;

	btf->nohdr_data = btf->data + btf->hdr.hdr_len;



	if (copy_from_user(data, btf_data, btf_data_size)) {

		err = -EFAULT;

		goto errout;

	}



	err = btf_parse_hdr(env);

	if (err)

		goto errout;



	btf->nohdr_data = btf->data + btf->hdr.hdr_len;



	err = btf_parse_str_sec(env);

	if (err)

		goto errout;