--- /dev/null
+From foo@baz Wed 15 May 2019 09:45:15 AM CEST
+From: Jarod Wilson <jarod@redhat.com>
+Date: Fri, 10 May 2019 17:57:09 -0400
+Subject: bonding: fix arp_validate toggling in active-backup mode
+
+From: Jarod Wilson <jarod@redhat.com>
+
+[ Upstream commit a9b8a2b39ce65df45687cf9ef648885c2a99fe75 ]
+
+There's currently a problem with toggling arp_validate on and off with an
+active-backup bond. At the moment, you can start up a bond, like so:
+
+modprobe bonding mode=1 arp_interval=100 arp_validate=0 arp_ip_targets=192.168.1.1
+ip link set bond0 down
+echo "ens4f0" > /sys/class/net/bond0/bonding/slaves
+echo "ens4f1" > /sys/class/net/bond0/bonding/slaves
+ip link set bond0 up
+ip addr add 192.168.1.2/24 dev bond0
+
+Pings to 192.168.1.1 work just fine. Now turn on arp_validate:
+
+echo 1 > /sys/class/net/bond0/bonding/arp_validate
+
+Pings to 192.168.1.1 continue to work just fine. Now when you go to turn
+arp_validate off again, the link falls flat on it's face:
+
+echo 0 > /sys/class/net/bond0/bonding/arp_validate
+dmesg
+...
+[133191.911987] bond0: Setting arp_validate to none (0)
+[133194.257793] bond0: bond_should_notify_peers: slave ens4f0
+[133194.258031] bond0: link status definitely down for interface ens4f0, disabling it
+[133194.259000] bond0: making interface ens4f1 the new active one
+[133197.330130] bond0: link status definitely down for interface ens4f1, disabling it
+[133197.331191] bond0: now running without any active interface!
+
+The problem lies in bond_options.c, where passing in arp_validate=0
+results in bond->recv_probe getting set to NULL. This flies directly in
+the face of commit 3fe68df97c7f, which says we need to set recv_probe =
+bond_arp_recv, even if we're not using arp_validate. Said commit fixed
+this in bond_option_arp_interval_set, but missed that we can get to that
+same state in bond_option_arp_validate_set as well.
+
+One solution would be to universally set recv_probe = bond_arp_recv here
+as well, but I don't think bond_option_arp_validate_set has any business
+touching recv_probe at all, and that should be left to the arp_interval
+code, so we can just make things much tidier here.
+
+Fixes: 3fe68df97c7f ("bonding: always set recv_probe to bond_arp_rcv in arp monitor")
+CC: Jay Vosburgh <j.vosburgh@gmail.com>
+CC: Veaceslav Falico <vfalico@gmail.com>
+CC: Andy Gospodarek <andy@greyhouse.net>
+CC: "David S. Miller" <davem@davemloft.net>
+CC: netdev@vger.kernel.org
+Signed-off-by: Jarod Wilson <jarod@redhat.com>
+Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/bonding/bond_options.c | 7 -------
+ 1 file changed, 7 deletions(-)
+
+--- a/drivers/net/bonding/bond_options.c
++++ b/drivers/net/bonding/bond_options.c
+@@ -1066,13 +1066,6 @@ static int bond_option_arp_validate_set(
+ {
+ netdev_info(bond->dev, "Setting arp_validate to %s (%llu)\n",
+ newval->string, newval->value);
+-
+- if (bond->dev->flags & IFF_UP) {
+- if (!newval->value)
+- bond->recv_probe = NULL;
+- else if (bond->params.arp_interval)
+- bond->recv_probe = bond_arp_rcv;
+- }
+ bond->params.arp_validate = newval->value;
+
+ return 0;
--- /dev/null
+From foo@baz Wed 15 May 2019 09:52:47 AM CEST
+From: "Tobin C. Harding" <tobin@kernel.org>
+Date: Fri, 10 May 2019 12:52:12 +1000
+Subject: bridge: Fix error path for kobject_init_and_add()
+
+From: "Tobin C. Harding" <tobin@kernel.org>
+
+[ Upstream commit bdfad5aec1392b93495b77b864d58d7f101dc1c1 ]
+
+Currently error return from kobject_init_and_add() is not followed by a
+call to kobject_put(). This means there is a memory leak. We currently
+set p to NULL so that kfree() may be called on it as a noop, the code is
+arguably clearer if we move the kfree() up closer to where it is
+called (instead of after goto jump).
+
+Remove a goto label 'err1' and jump to call to kobject_put() in error
+return from kobject_init_and_add() fixing the memory leak. Re-name goto
+label 'put_back' to 'err1' now that we don't use err1, following current
+nomenclature (err1, err2 ...). Move call to kfree out of the error
+code at bottom of function up to closer to where memory was allocated.
+Add comment to clarify call to kfree().
+
+Signed-off-by: Tobin C. Harding <tobin@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/bridge/br_if.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+--- a/net/bridge/br_if.c
++++ b/net/bridge/br_if.c
+@@ -471,13 +471,15 @@ int br_add_if(struct net_bridge *br, str
+ call_netdevice_notifiers(NETDEV_JOIN, dev);
+
+ err = dev_set_allmulti(dev, 1);
+- if (err)
+- goto put_back;
++ if (err) {
++ kfree(p); /* kobject not yet init'd, manually free */
++ goto err1;
++ }
+
+ err = kobject_init_and_add(&p->kobj, &brport_ktype, &(dev->dev.kobj),
+ SYSFS_BRIDGE_PORT_ATTR);
+ if (err)
+- goto err1;
++ goto err2;
+
+ err = br_sysfs_addif(p);
+ if (err)
+@@ -551,12 +553,9 @@ err3:
+ sysfs_remove_link(br->ifobj, p->dev->name);
+ err2:
+ kobject_put(&p->kobj);
+- p = NULL; /* kobject_put frees */
+-err1:
+ dev_set_allmulti(dev, -1);
+-put_back:
++err1:
+ dev_put(dev);
+- kfree(p);
+ return err;
+ }
+
--- /dev/null
+From foo@baz Wed 15 May 2019 09:45:15 AM CEST
+From: David Ahern <dsahern@gmail.com>
+Date: Tue, 7 May 2019 20:44:59 -0700
+Subject: ipv4: Fix raw socket lookup for local traffic
+
+From: David Ahern <dsahern@gmail.com>
+
+[ Upstream commit 19e4e768064a87b073a4b4c138b55db70e0cfb9f ]
+
+inet_iif should be used for the raw socket lookup. inet_iif considers
+rt_iif which handles the case of local traffic.
+
+As it stands, ping to a local address with the '-I <dev>' option fails
+ever since ping was changed to use SO_BINDTODEVICE instead of
+cmsg + IP_PKTINFO.
+
+IPv6 works fine.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: David Ahern <dsahern@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/raw.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/ipv4/raw.c
++++ b/net/ipv4/raw.c
+@@ -167,6 +167,7 @@ static int icmp_filter(const struct sock
+ */
+ static int raw_v4_input(struct sk_buff *skb, const struct iphdr *iph, int hash)
+ {
++ int dif = inet_iif(skb);
+ struct sock *sk;
+ struct hlist_head *head;
+ int delivered = 0;
+@@ -179,8 +180,7 @@ static int raw_v4_input(struct sk_buff *
+
+ net = dev_net(skb->dev);
+ sk = __raw_v4_lookup(net, __sk_head(head), iph->protocol,
+- iph->saddr, iph->daddr,
+- skb->dev->ifindex);
++ iph->saddr, iph->daddr, dif);
+
+ while (sk) {
+ delivered = 1;
--- /dev/null
+From foo@baz Wed 15 May 2019 09:52:47 AM CEST
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Fri, 3 May 2019 13:33:23 +0000
+Subject: net: ucc_geth - fix Oops when changing number of buffers in the ring
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+[ Upstream commit ee0df19305d9fabd9479b785918966f6e25b733b ]
+
+When changing the number of buffers in the RX ring while the interface
+is running, the following Oops is encountered due to the new number
+of buffers being taken into account immediately while their allocation
+is done when opening the device only.
+
+[ 69.882706] Unable to handle kernel paging request for data at address 0xf0000100
+[ 69.890172] Faulting instruction address: 0xc033e164
+[ 69.895122] Oops: Kernel access of bad area, sig: 11 [#1]
+[ 69.900494] BE PREEMPT CMPCPRO
+[ 69.907120] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.115-00006-g179ade8ce3-dirty #269
+[ 69.915956] task: c0684310 task.stack: c06da000
+[ 69.920470] NIP: c033e164 LR: c02e44d0 CTR: c02e41fc
+[ 69.925504] REGS: dfff1e20 TRAP: 0300 Not tainted (4.14.115-00006-g179ade8ce3-dirty)
+[ 69.934161] MSR: 00009032 <EE,ME,IR,DR,RI> CR: 22004428 XER: 20000000
+[ 69.940869] DAR: f0000100 DSISR: 20000000
+[ 69.940869] GPR00: c0352d70 dfff1ed0 c0684310 f00000a4 00000040 dfff1f68 00000000 0000001f
+[ 69.940869] GPR08: df53f410 1cc00040 00000021 c0781640 42004424 100c82b6 f00000a4 df53f5b0
+[ 69.940869] GPR16: df53f6c0 c05daf84 00000040 00000000 00000040 c0782be4 00000000 00000001
+[ 69.940869] GPR24: 00000000 df53f400 000001b0 df53f410 df53f000 0000003f df708220 1cc00044
+[ 69.978348] NIP [c033e164] skb_put+0x0/0x5c
+[ 69.982528] LR [c02e44d0] ucc_geth_poll+0x2d4/0x3f8
+[ 69.987384] Call Trace:
+[ 69.989830] [dfff1ed0] [c02e4554] ucc_geth_poll+0x358/0x3f8 (unreliable)
+[ 69.996522] [dfff1f20] [c0352d70] net_rx_action+0x248/0x30c
+[ 70.002099] [dfff1f80] [c04e93e4] __do_softirq+0xfc/0x310
+[ 70.007492] [dfff1fe0] [c0021124] irq_exit+0xd0/0xd4
+[ 70.012458] [dfff1ff0] [c000e7e0] call_do_irq+0x24/0x3c
+[ 70.017683] [c06dbe80] [c0006bac] do_IRQ+0x64/0xc4
+[ 70.022474] [c06dbea0] [c001097c] ret_from_except+0x0/0x14
+[ 70.027964] --- interrupt: 501 at rcu_idle_exit+0x84/0x90
+[ 70.027964] LR = rcu_idle_exit+0x74/0x90
+[ 70.037585] [c06dbf60] [20000000] 0x20000000 (unreliable)
+[ 70.042984] [c06dbf80] [c004bb0c] do_idle+0xb4/0x11c
+[ 70.047945] [c06dbfa0] [c004bd14] cpu_startup_entry+0x18/0x1c
+[ 70.053682] [c06dbfb0] [c05fb034] start_kernel+0x370/0x384
+[ 70.059153] [c06dbff0] [00003438] 0x3438
+[ 70.063062] Instruction dump:
+[ 70.066023] 38a00000 38800000 90010014 4bfff015 80010014 7c0803a6 3123ffff 7c691910
+[ 70.073767] 38210010 4e800020 38600000 4e800020 <80e3005c> 80c30098 3107ffff 7d083910
+[ 70.081690] ---[ end trace be7ccd9c1e1a9f12 ]---
+
+This patch forbids the modification of the number of buffers in the
+ring while the interface is running.
+
+Fixes: ac421852b3a0 ("ucc_geth: add ethtool support")
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/freescale/ucc_geth_ethtool.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+--- a/drivers/net/ethernet/freescale/ucc_geth_ethtool.c
++++ b/drivers/net/ethernet/freescale/ucc_geth_ethtool.c
+@@ -253,14 +253,12 @@ uec_set_ringparam(struct net_device *net
+ return -EINVAL;
+ }
+
++ if (netif_running(netdev))
++ return -EBUSY;
++
+ ug_info->bdRingLenRx[queue] = ring->rx_pending;
+ ug_info->bdRingLenTx[queue] = ring->tx_pending;
+
+- if (netif_running(netdev)) {
+- /* FIXME: restart automatically */
+- netdev_info(netdev, "Please re-open the interface\n");
+- }
+-
+ return ret;
+ }
+
--- /dev/null
+From foo@baz Wed 15 May 2019 09:52:47 AM CEST
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Thu, 9 May 2019 22:52:20 +0800
+Subject: packet: Fix error path in packet_init
+
+From: YueHaibing <yuehaibing@huawei.com>
+
+[ Upstream commit 36096f2f4fa05f7678bc87397665491700bae757 ]
+
+kernel BUG at lib/list_debug.c:47!
+invalid opcode: 0000 [#1
+CPU: 0 PID: 12914 Comm: rmmod Tainted: G W 5.1.0+ #47
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
+RIP: 0010:__list_del_entry_valid+0x53/0x90
+Code: 48 8b 32 48 39 fe 75 35 48 8b 50 08 48 39 f2 75 40 b8 01 00 00 00 5d c3 48
+89 fe 48 89 c2 48 c7 c7 18 75 fe 82 e8 cb 34 78 ff <0f> 0b 48 89 fe 48 c7 c7 50 75 fe 82 e8 ba 34 78 ff 0f 0b 48 89 f2
+RSP: 0018:ffffc90001c2fe40 EFLAGS: 00010286
+RAX: 000000000000004e RBX: ffffffffa0184000 RCX: 0000000000000000
+RDX: 0000000000000000 RSI: ffff888237a17788 RDI: 00000000ffffffff
+RBP: ffffc90001c2fe40 R08: 0000000000000000 R09: 0000000000000000
+R10: ffffc90001c2fe10 R11: 0000000000000000 R12: 0000000000000000
+R13: ffffc90001c2fe50 R14: ffffffffa0184000 R15: 0000000000000000
+FS: 00007f3d83634540(0000) GS:ffff888237a00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000555c350ea818 CR3: 0000000231677000 CR4: 00000000000006f0
+Call Trace:
+ unregister_pernet_operations+0x34/0x120
+ unregister_pernet_subsys+0x1c/0x30
+ packet_exit+0x1c/0x369 [af_packet
+ __x64_sys_delete_module+0x156/0x260
+ ? lockdep_hardirqs_on+0x133/0x1b0
+ ? do_syscall_64+0x12/0x1f0
+ do_syscall_64+0x6e/0x1f0
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+When modprobe af_packet, register_pernet_subsys
+fails and does a cleanup, ops->list is set to LIST_POISON1,
+but the module init is considered to success, then while rmmod it,
+BUG() is triggered in __list_del_entry_valid which is called from
+unregister_pernet_subsys. This patch fix error handing path in
+packet_init to avoid possilbe issue if some error occur.
+
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/packet/af_packet.c | 25 ++++++++++++++++++++-----
+ 1 file changed, 20 insertions(+), 5 deletions(-)
+
+--- a/net/packet/af_packet.c
++++ b/net/packet/af_packet.c
+@@ -4523,14 +4523,29 @@ static void __exit packet_exit(void)
+
+ static int __init packet_init(void)
+ {
+- int rc = proto_register(&packet_proto, 0);
++ int rc;
+
+- if (rc != 0)
++ rc = proto_register(&packet_proto, 0);
++ if (rc)
+ goto out;
++ rc = sock_register(&packet_family_ops);
++ if (rc)
++ goto out_proto;
++ rc = register_pernet_subsys(&packet_net_ops);
++ if (rc)
++ goto out_sock;
++ rc = register_netdevice_notifier(&packet_netdev_notifier);
++ if (rc)
++ goto out_pernet;
+
+- sock_register(&packet_family_ops);
+- register_pernet_subsys(&packet_net_ops);
+- register_netdevice_notifier(&packet_netdev_notifier);
++ return 0;
++
++out_pernet:
++ unregister_pernet_subsys(&packet_net_ops);
++out_sock:
++ sock_unregister(PF_PACKET);
++out_proto:
++ proto_unregister(&packet_proto);
+ out:
+ return rc;
+ }
usb-serial-use-variable-for-status.patch
usb-serial-fix-unthrottle-races.patch
powerpc-64s-include-cpu-header.patch
+bridge-fix-error-path-for-kobject_init_and_add.patch
+net-ucc_geth-fix-oops-when-changing-number-of-buffers-in-the-ring.patch
+packet-fix-error-path-in-packet_init.patch
+vlan-disable-siocshwtstamp-in-container.patch
+vrf-sit-mtu-should-not-be-updated-when-vrf-netdev-is-the-link.patch
+ipv4-fix-raw-socket-lookup-for-local-traffic.patch
+bonding-fix-arp_validate-toggling-in-active-backup-mode.patch
--- /dev/null
+From foo@baz Wed 15 May 2019 09:52:47 AM CEST
+From: Hangbin Liu <liuhangbin@gmail.com>
+Date: Thu, 9 May 2019 14:55:07 +0800
+Subject: vlan: disable SIOCSHWTSTAMP in container
+
+From: Hangbin Liu <liuhangbin@gmail.com>
+
+[ Upstream commit 873017af778439f2f8e3d87f28ddb1fcaf244a76 ]
+
+With NET_ADMIN enabled in container, a normal user could be mapped to
+root and is able to change the real device's rx filter via ioctl on
+vlan, which would affect the other ptp process on host. Fix it by
+disabling SIOCSHWTSTAMP in container.
+
+Fixes: a6111d3c93d0 ("vlan: Pass SIOC[SG]HWTSTAMP ioctls to real device")
+Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
+Acked-by: Richard Cochran <richardcochran@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/8021q/vlan_dev.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/8021q/vlan_dev.c
++++ b/net/8021q/vlan_dev.c
+@@ -363,10 +363,12 @@ static int vlan_dev_ioctl(struct net_dev
+ ifrr.ifr_ifru = ifr->ifr_ifru;
+
+ switch (cmd) {
++ case SIOCSHWTSTAMP:
++ if (!net_eq(dev_net(dev), &init_net))
++ break;
+ case SIOCGMIIPHY:
+ case SIOCGMIIREG:
+ case SIOCSMIIREG:
+- case SIOCSHWTSTAMP:
+ case SIOCGHWTSTAMP:
+ if (netif_device_present(real_dev) && ops->ndo_do_ioctl)
+ err = ops->ndo_do_ioctl(real_dev, &ifrr, cmd);
--- /dev/null
+From foo@baz Wed 15 May 2019 09:52:47 AM CEST
+From: Stephen Suryaputra <ssuryaextr@gmail.com>
+Date: Mon, 6 May 2019 15:00:01 -0400
+Subject: vrf: sit mtu should not be updated when vrf netdev is the link
+
+From: Stephen Suryaputra <ssuryaextr@gmail.com>
+
+[ Upstream commit ff6ab32bd4e073976e4d8797b4d514a172cfe6cb ]
+
+VRF netdev mtu isn't typically set and have an mtu of 65536. When the
+link of a tunnel is set, the tunnel mtu is changed from 1480 to the link
+mtu minus tunnel header. In the case of VRF netdev is the link, then the
+tunnel mtu becomes 65516. So, fix it by not setting the tunnel mtu in
+this case.
+
+Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
+Reviewed-by: David Ahern <dsahern@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/sit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -1076,7 +1076,7 @@ static void ipip6_tunnel_bind_dev(struct
+ if (!tdev && tunnel->parms.link)
+ tdev = __dev_get_by_index(tunnel->net, tunnel->parms.link);
+
+- if (tdev) {
++ if (tdev && !netif_is_l3_master(tdev)) {
+ int t_hlen = tunnel->hlen + sizeof(struct iphdr);
+
+ dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
projects / thirdparty / kernel / stable-queue.git / commitdiff
