linux-toradex.git/drivers/net/macvlan.c, branch v4.4.93 Linux kernel for Apalis and Colibri modules macvlan: Fix device ref leak when purging bc_queue 2017-05-03T04:19:54+00:00 Herbert Xu herbert@gondor.apana.org.au 2017-04-20T12:55:12+00:00 114f0c66dab46ab5d26585d6f1a63e517098a0a7 [ Upstream commit f6478218e6edc2a587b8f132f66373baa7b2497c ] When a parent macvlan device is destroyed we end up purging its broadcast queue without dropping the device reference count on the packet source device. This causes the source device to linger. This patch drops that reference count. Fixes: 260916dfb48c ("macvlan: Fix potential use-after free for...") Reported-by: Joe Ghalam <Joe.Ghalam@dell.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
[ Upstream commit f6478218e6edc2a587b8f132f66373baa7b2497c ]

When a parent macvlan device is destroyed we end up purging its
broadcast queue without dropping the device reference count on
the packet source device.  This causes the source device to linger.

This patch drops that reference count.

Fixes: 260916dfb48c ("macvlan: Fix potential use-after free for...")
Reported-by: Joe Ghalam <Joe.Ghalam@dell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
macvlan: fix leak in macvlan_handle_frame 2015-11-17T19:39:29+00:00 Sabrina Dubroca sd@queasysnail.net 2015-11-16T21:54:20+00:00 e639b8d8a7a728f0b05ef2df6cb6b45dc3d4e556 Reset pskb in macvlan_handle_frame in case skb_share_check returned a clone. Fixes: 8a4eb5734e8d ("net: introduce rx_handler results and logic around that") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Reset pskb in macvlan_handle_frame in case skb_share_check returned a
clone.

Fixes: 8a4eb5734e8d ("net: introduce rx_handler results and logic around that")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
ipv4: Pass struct net into ip_defrag and ip_check_defrag 2015-10-13T02:44:16+00:00 Eric W. Biederman ebiederm@xmission.com 2015-10-09T18:44:54+00:00 19bcf9f203c82c2028f5a0881b1f0690e3207190 The function ip_defrag is called on both the input and the output paths of the networking stack. In particular conntrack when it is tracking outbound packets from the local machine calls ip_defrag. So add a struct net parameter and stop making ip_defrag guess which network namespace it needs to defragment packets in. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
The function ip_defrag is called on both the input and the output
paths of the networking stack.  In particular conntrack when it is
tracking outbound packets from the local machine calls ip_defrag.

So add a struct net parameter and stop making ip_defrag guess which
network namespace it needs to defragment packets in.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
macvlan: Don't segment multiple tagged packets on macvlan device 2015-08-03T21:24:49+00:00 Toshiaki Makita makita.toshiaki@lab.ntt.co.jp 2015-07-31T06:03:24+00:00 f56e67b5154561dea2bac649085ee1fcb51006f8 Macvlan/macvtap devices don't need to segment multiple tagged packets since the lower devices can segment them. Signed-off-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net> 
Macvlan/macvtap devices don't need to segment multiple tagged packets
since the lower devices can segment them.

Signed-off-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
macvlan: Propagate promiscuity setting to lower devices. 2015-05-04T04:14:13+00:00 Vlad Yasevich vyasevich@gmail.com 2015-05-01T21:36:37+00:00 efdbd2b30caa65dd9e687853afa4d7ce8b39447e When a macvlan device is placed in promiscuous mode, it currently just sets it's multicast mask to permissive, but doesn't change the state of the lower device. As a result, not all multicast traffic can be received on such device. Additionally, none of a vlan traffic can be received on such device as well. This patch propagates the promiscuous mode setting to lower device so that lower device may receive all packets that macvlan may be interested in. Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
When a macvlan device is placed in promiscuous mode, it currently
just sets it's multicast mask to permissive, but doesn't change
the state of the lower device.  As a result, not all multicast
traffic can be received on such device.  Additionally, none of
a vlan traffic can be received on such device as well.
This patch propagates the promiscuous mode setting to lower device
so that lower device may receive all packets that macvlan may
be interested in.

Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
macvlan: implement ndo_get_iflink 2015-04-02T18:05:00+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-04-02T15:07:05+00:00 ef5fa6bc46ee516f732d1171323cf3b8524bb8c2 Don't use dev->iflink anymore. CC: Patrick McHardy <kaber@trash.net> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Don't use dev->iflink anymore.

CC: Patrick McHardy <kaber@trash.net>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net: Kill dev_rebuild_header 2015-03-02T21:43:41+00:00 Eric W. Biederman ebiederm@xmission.com 2015-03-02T06:11:09+00:00 d476059e77d1af48453a58f9de1e36f2eaff6450 Now that there are no more users kill dev_rebuild_header and all of it's implementations. This is long overdue. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Now that there are no more users kill dev_rebuild_header and all of it's
implementations.

This is long overdue.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
macvlan: advertise link netns via netlink 2015-01-24T01:51:15+00:00 Nicolas Dichtel nicolas.dichtel@6wind.com 2015-01-20T14:15:45+00:00 eaca400f1d14eec98561ab9dad0da03d65c5e8d0 Assign rtnl_link_ops->get_link_net() callback so that IFLA_LINK_NETNSID is added to rtnetlink messages. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
Assign rtnl_link_ops->get_link_net() callback so that IFLA_LINK_NETNSID is
added to rtnetlink messages.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
macvlan: play well with ipvlan device 2014-12-09T21:10:06+00:00 Mahesh Bandewar maheshb@google.com 2014-12-06T23:53:46+00:00 d6b00fec5dbbe976904b4d77e7d4f9493df5c2ec If device is already used as an ipvlan port then refuse to use it as a macvlan port at early stage of port creation. thost1:~# ip link add link eth0 ipvl0 type ipvlan thost1:~# echo $? 0 thost1:~# ip link add link eth0 mvl0 type macvlan RTNETLINK answers: Device or resource busy thost1:~# echo $? 2 thost1:~# Signed-off-by: Mahesh Bandewar <maheshb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
If device is already used as an ipvlan port then refuse to
use it as a macvlan port at early stage of port creation.

	thost1:~# ip link add link eth0 ipvl0 type ipvlan
	thost1:~# echo $?
	0
	thost1:~# ip link add link eth0 mvl0 type macvlan
	RTNETLINK answers: Device or resource busy
	thost1:~# echo $?
	2
	thost1:~#

Signed-off-by: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
macvlan: allow setting LRO independently of lower device 2014-12-09T21:00:22+00:00 Michal Kubeček mkubecek@suse.cz 2014-12-05T16:05:49+00:00 62dbe83015ed15b307eb22b89568dd41091dda76 Since commit fbe168ba91f7 ("net: generic dev_disable_lro() stacked device handling"), dev_disable_lro() zeroes NETIF_F_LRO feature flag first for a macvlan device and then for its lower device. As an attempt to set NETIF_F_LRO to zero is ignored, dev_disable_lro() issues a warning and taints kernel. Allowing NETIF_F_LRO to be set independently of the lower device consists of three parts: - add the flag to hw_features to allow toggling it - allow setting it to 0 even if lower device has the flag set - add the flag to MACVLAN_FEATURES to restore copying from lower device on macvlan creation Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: David S. Miller <davem@davemloft.net> 
Since commit fbe168ba91f7 ("net: generic dev_disable_lro() stacked
device handling"), dev_disable_lro() zeroes NETIF_F_LRO feature flag
first for a macvlan device and then for its lower device. As an attempt
to set NETIF_F_LRO to zero is ignored, dev_disable_lro() issues a
warning and taints kernel.

Allowing NETIF_F_LRO to be set independently of the lower device
consists of three parts:

  - add the flag to hw_features to allow toggling it
  - allow setting it to 0 even if lower device has the flag set
  - add the flag to MACVLAN_FEATURES to restore copying from lower
    device on macvlan creation

Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>