Re: Add a SOCK_DESTROY operation to close sockets from userspace

Hello, On Wed, Nov 18, 2015, at 02:43, Lorenzo Colitti wrote: > This patch series adds the ability for a privileged process to > destroy sockets belonging to other userspace processes via the > sock_diag interface, and implements that for TCP sockets. > > This functionality is needed on laptops a

Re: [PATCH net] af_unix: take receive queue lock while appending new skb

Hi Eric, On Tue, Nov 17, 2015, at 15:42, Eric Dumazet wrote: > On Tue, 2015-11-17 at 15:10 +0100, Hannes Frederic Sowa wrote: > > While possibly in future we don't necessarily need to use > > sk_buff_head.lock this is a rather larger change, as it affects the > > af

[PATCH net] af_unix: take receive queue lock while appending new skb

s, so don't use locked skb_queue_tail. Fixes: 869e7c62486e ("net: af_unix: implement stream sendpage support") Cc: Eric Dumazet Signed-off-by: Hannes Frederic Sowa --- I think we don't have a bug report for this and it was found by code inspection by Eric and myself? net/un

[PATCH net v2] rtnetlink: fix frame size warning in rtnl_fill_ifinfo

ones, so we don't have the huge frame allocations at the same time. Cc: Eric Dumazet Signed-off-by: Hannes Frederic Sowa --- net/core/rtnetlink.c | 274 --- 1 file changed, 152 insertions(+), 122 deletions(-) diff --git a/net/core/rtnetlink.c

[PATCH net] rtnetlink: fix frame size warning in rtnl_fill_ifinfo

ones, so we don't have the huge frame allocations at the same time. Cc: Eric Dumazet Signed-off-by: Hannes Frederic Sowa --- net/core/rtnetlink.c | 274 --- 1 file changed, 152 insertions(+), 122 deletions(-) diff --git a/net/core/rtnetlink.c

Re: irq_fpu_usable() is false in ndo_start_xmit() for UDP packets

Hi Jason, On Mon, Nov 16, 2015, at 21:58, Jason A. Donenfeld wrote: > Hi David, > > On Mon, Nov 16, 2015 at 9:32 PM, David Miller > wrote: > > Network device driver transmit executes with software interrupts > > disabled. > > > > Therefore on x86, you cannot use the FPU. > > That is extremely p

Re: Routing loops & TTL tracking with tunnel devices

Hi Jason, On Mon, Nov 16, 2015, at 21:14, Jason A. Donenfeld wrote: > A few tunnel devices, like geneve or vxlan, are using > udp_tunnel_xmit_skb, or related functions for transmitting packets, > and are doing the usual FIB lookup to get the dst entry. I see a lot > of code like this: > >

Re: [PATCH net] rtnetlink: fix frame size warning in rtnl_fill_ifinfo

Hi, On Mon, Nov 16, 2015, at 21:38, David Miller wrote: > From: Hannes Frederic Sowa > Date: Mon, 16 Nov 2015 12:05:03 +0100 > > > By declaring the huge stack allocations as static. We can do so > > because we hold rtnl. > > Look across the tree, this is an idio

[PATCH net] af_unix: don't append consumed skbs to sk_receive_queue

ent stream sendpage support") Reported-by: Dmitry Vyukov Cc: Dmitry Vyukov Cc: Eric Dumazet Signed-off-by: Hannes Frederic Sowa --- net/unix/af_unix.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index aaa0b58..c6eb2e8 100644 --- a/net/unix/af_u

[PATCH net] rtnetlink: fix frame size warning in rtnl_fill_ifinfo

so because we hold rtnl. Signed-off-by: Hannes Frederic Sowa --- net/core/rtnetlink.c | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 504bd17..4bee37e 100644 --- a/net/core/rtnetlink.c +++ b/net/core

Re: [PATCH v2] ip_tunnel: disable preemption when updating per-cpu tstats

isabled+0x19d/0x1c0 > [ 188.435619] [] debug_smp_processor_id+0x17/0x20 > > The solution would be to protect the whole > this_cpu_ptr(dev->tstats)/u64_stats_update_begin/end blocks with > disabling preemption and then reenabling it. > > Signed-off-by: Jason A. Donenfeld Ac

Re: [PATCH] ip_tunnel: disable preemption when updating per-cpu tstats

On Thu, Nov 12, 2015, at 16:30, Jason A. Donenfeld wrote: > if (err > 0) { > - struct pcpu_sw_netstats *tstats = this_cpu_ptr(stats); > - > + struct pcpu_sw_netstats *tstats; > + preempt_disable(); > + tstats = this_cpu_ptr(stats); The

Re: [PATCH net v3] af-unix: fix use-after-free with concurrent readers while splicing

On Wed, Nov 11, 2015, at 21:09, Eric Dumazet wrote: > On Wed, 2015-11-11 at 20:58 +0100, Hannes Frederic Sowa wrote: > > > > On Wed, Nov 11, 2015, at 20:42, Eric Dumazet wrote: > > > On Wed, 2015-11-11 at 20:35 +0100, Hannes Frederic Sowa wrote: > > > > &g

Re: [PATCH net v3] af-unix: fix use-after-free with concurrent readers while splicing

On Wed, Nov 11, 2015, at 20:42, Eric Dumazet wrote: > On Wed, 2015-11-11 at 20:35 +0100, Hannes Frederic Sowa wrote: > > > > On Wed, Nov 11, 2015, at 20:28, Eric Dumazet wrote: > > > On Wed, 2015-11-11 at 20:14 +0100, Hannes Frederic Sowa wrote: > > > >

Re: [PATCH net v3] af-unix: fix use-after-free with concurrent readers while splicing

On Wed, Nov 11, 2015, at 20:28, Eric Dumazet wrote: > On Wed, 2015-11-11 at 20:14 +0100, Hannes Frederic Sowa wrote: > > On Wed, Nov 11, 2015, at 19:58, Eric Dumazet wrote: > > > Can you elaborate? > > > > I use tail as a cookie and check if we already tried to a

Re: [PATCH net v3] af-unix: fix use-after-free with concurrent readers while splicing

On Wed, Nov 11, 2015, at 20:14, Hannes Frederic Sowa wrote: > On Wed, Nov 11, 2015, at 19:58, Eric Dumazet wrote: > > On Tue, 2015-11-10 at 16:23 +0100, Hannes Frederic Sowa wrote: > > > During splicing an af-unix socket to a pipe we have to drop all > > > af-unix sock

Re: [PATCH net v3] af-unix: fix use-after-free with concurrent readers while splicing

On Wed, Nov 11, 2015, at 19:58, Eric Dumazet wrote: > On Tue, 2015-11-10 at 16:23 +0100, Hannes Frederic Sowa wrote: > > During splicing an af-unix socket to a pipe we have to drop all > > af-unix socket locks. While doing so we allow another reader to enter > > unix_stream_r

Re: [PATCH] unix: avoid use-after-free in ep_remove_wait_queue

Hi, On Wed, Nov 11, 2015, at 17:12, Rainer Weikusat wrote: > Hannes Frederic Sowa writes: > > On Tue, Nov 10, 2015, at 22:55, Rainer Weikusat wrote: > >> An AF_UNIX datagram socket being the client in an n:1 association with > >> some server socket is only allowed to

Re: [PATCH] unix: avoid use-after-free in ep_remove_wait_queue

Hello, On Tue, Nov 10, 2015, at 22:55, Rainer Weikusat wrote: > An AF_UNIX datagram socket being the client in an n:1 association with > some server socket is only allowed to send messages to the server if the > receive queue of this socket contains at most sk_max_ack_backlog > datagrams. This imp

Re: [PATCH net v2] af-unix: fix use-after-free with concurrent readers while splicing

On Tue, Nov 10, 2015, at 16:18, Eric Dumazet wrote: > Please Hannes include the Fixes: tag. Yep, sorry, is done in v3. > As you might already know, patchwork does not catch it later > > Fixes: 2b514574f7e8 ("net: af_unix: implement splice for stream af_unix > sockets") > Acked-by: Eric Dumazet

[PATCH net v3] af-unix: fix use-after-free with concurrent readers while splicing

t Acked-by: Eric Dumazet Signed-off-by: Hannes Frederic Sowa --- v2: add missing consume_skb in error path of recv_actor v3: move skb_get to separate line as proposed by Eric Dumazet (thanks!) net/unix/af_unix.c | 18 ++ 1 file changed, 18 insertions(+) diff --git a/net/

[PATCH net v2] af-unix: fix use-after-free with concurrent readers while splicing

user space and abort the current splice operation. This bug has been found with syzkaller (http://github.com/google/syzkaller) by Dmitry Vyukov. Reported-by: Dmitry Vyukov Cc: Dmitry Vyukov Cc: Eric Dumazet Signed-off-by: Hannes Frederic Sowa --- net/unix/af_unix.c | 19 ++- 1 f

Re: [PATCH net] af-unix: fix use-after-free with concurrent readers while splicing

On Tue, Nov 10, 2015, at 15:26, Hannes Frederic Sowa wrote: > net/unix/af_unix.c | 18 +- > 1 file changed, 17 insertions(+), 1 deletion(-) > > diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c > index aaa0b58..b2c4131 100644 > --- a/net/unix/af_unix.

[PATCH net] af-unix: fix use-after-free with concurrent readers while splicing

user space and abort the current splice operation. This bug has been found with syzkaller (http://github.com/google/syzkaller) by Dmitry Vyukov. Reported-by: Dmitry Vyukov Cc: Dmitry Vyukov Cc: Eric Dumazet Signed-off-by: Hannes Frederic Sowa --- net/unix/af_unix.c | 18 +- 1 f

Re: [PATCH v3 net-next 4/4] net: af_unix: implement splice for stream af_unix sockets

Hallo, On Tue, Nov 10, 2015, at 02:11, Eric Dumazet wrote: > On Thu, 2015-05-21 at 17:00 +0200, Hannes Frederic Sowa wrote: > > > + > > +static ssize_t skb_unix_socket_splice(struct sock *sk, > > + stru

Re: [GIT] Networking

Hi, On Wed, Oct 28, 2015, at 15:27, Rasmus Villemoes wrote: > On Wed, Oct 28 2015, Hannes Frederic Sowa > wrote: > > > Hi Linus, > > > > On Wed, Oct 28, 2015, at 10:39, Linus Torvalds wrote: > >> Get rid of it. And I don't *ever* want to see that shit

Re: [GIT] Networking

Hello, Ingo Molnar writes: > * Linus Torvalds wrote: > >> Does anybody have any particular other "uhhuh, overflow in multiplication" >> issues in mind? Because the interface for a saturating multiplication (or >> addition, for that matter) would actually be much easier. And would be >> trivi

Re: [GIT] Networking

Hello, Ingo Molnar writes: > * Linus Torvalds wrote: > >> Does anybody have any particular other "uhhuh, overflow in multiplication" >> issues in mind? Because the interface for a saturating multiplication (or >> addition, for that matter) would actually be much easier. And would be >> trivi

Re: [PATCH net-next ] net: ipv4: memset addr before calling copy_to_user()

Hello, On Mon, Nov 9, 2015, at 07:52, Loganaden Velvindron wrote: > zero addr before calling copy_to_user() > > Signed-off-by: Loganaden Velvindron > --- > net/ipv4/ip_sockglue.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c > index c

Re: [PATCH] glibc: Terminate process on invalid netlink response from kernel [BZ #12926]

Hello, On Tue, Nov 3, 2015, at 15:00, Florian Weimer wrote: > On 11/03/2015 02:48 PM, Hannes Frederic Sowa wrote: > > Hello, > > > > On Fri, Oct 23, 2015, at 21:07, Florian Weimer wrote: > >> (By the way, we'd also love to have a better kernel interface to ful

Re: [PATCH] glibc: Terminate process on invalid netlink response from kernel [BZ #12926]

Hello, On Fri, Oct 23, 2015, at 21:07, Florian Weimer wrote: > (By the way, we'd also love to have a better kernel interface to fulfill > the needs for getaddrinfo address sorting. The netlink requests we > currently use are much too slow if the host has many addresses > configured.) One solutio

Re: [GIT] Networking

Hello, On Tue, Nov 3, 2015, at 03:38, Linus Torvalds wrote: > On Mon, Nov 2, 2015 at 5:58 PM, Andy Lutomirski > wrote: > > > > Based in part on an old patch by Sasha, what if we relied on CSE: > > > > if (mul_would_overflow(size, n)) > > return NULL; > > do_something_with(size * n); > > I susp

Re: [GIT] Networking

Hello, On Mon, Nov 2, 2015, at 22:30, Andy Lutomirski wrote: > On Mon, Nov 2, 2015 at 1:19 PM, Linus Torvalds > wrote: > > On Mon, Nov 2, 2015 at 1:16 PM, Linus Torvalds > > wrote: > >> On Mon, Nov 2, 2015 at 12:34 PM, Andy Lutomirski wrote: > >>> > >>> Getting overflow checking right in more c

Re: [PATCH net-next] net: fix percpu memory leaks

detected by KASAN and syzkaller tool > (http://github.com/google/syzkaller) > > Fixes: 6d7b857d541e ("net: use lib/percpu_counter API for fragmentation > mem accounting") > Signed-off-by: Eric Dumazet > Reported-by: Dmitry Vyukov > Cc: Hannes Frederic Sowa > Cc: Jesper

Re: [PATCH net] net: avoid NULL deref in inet_ctl_sock_destroy()

On Mon, Nov 2, 2015, at 16:50, Eric Dumazet wrote: > From: Eric Dumazet > > Under low memory conditions, tcp_sk_init() and icmp_sk_init() > can both iterate on all possible cpus and call inet_ctl_sock_destroy(), > with eventual NULL pointer. > > Signed-off-by: Eric Dumazet > Reported-by: Dmitry

Re: [PATCH net-next v3 0/4] net: clean up interactions of CHECKSUM_PARTIAL and fragmentation

On Fri, Oct 30, 2015, at 11:37, David Miller wrote: > From: Hannes Frederic Sowa > Date: Wed, 28 Oct 2015 10:33:28 +0100 > > > Those patches are actually for net and not for net-next, > > sorry. Guess I messed it up with Ctrl-R foo. > > Ok, in that case since: &g

Re: kernel BUG in ipmr_queue_xmit()

On Fri, Oct 30, 2015, at 11:36, Florian Westphal wrote: > Eric Dumazet wrote: > > > Signed-off-by: Ani Sinha > > > --- > > > net/ipv4/ipmr.c | 2 ++ > > > 1 file changed, 2 insertions(+) > > > > > > diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c > > > index 866ee89..48df3cc 100644 > > > --- a/n

Re: [BUG] Any-IP IPv6 support broken

On Thu, Oct 29, 2015, at 19:58, Gilberto Bertin wrote: > > > On 29 Oct 2015, at 18:39, Hannes Frederic Sowa > > wrote: > > > > Try the loopback interface: > > > > ip -6 route add local abcd:abcd:abcd:abcd::/64 dev *lo* > > > > Otherwise

Re: [BUG] Any-IP IPv6 support broken

Hello, On Thu, Oct 29, 2015, at 16:00, Gilberto Bertin wrote: > 2- note that it's not actually working with IPv6 addresses: > > # ip -6 route add local abcd:abcd:abcd:abcd::/64 dev eth0 Try the loopback interface: ip -6 route add local abcd:abcd:abcd:abcd::/64 dev *lo* Otherwise packets shoul

Re: [PATCH] xfrm: dst_entries_init() per-net dst_ops

Hello, On Wed, Oct 28, 2015, at 14:32, Dan Streetman wrote: > On Tue, Oct 27, 2015 at 12:15 PM, wrote: > > From: Dan Streetman > > > > The ipv4 and ipv6 xfrms each create a template dst_ops object, and > > perform dst_entries_init() on the template objects. Then each net > > namespace has its

[PATCH net 1/2] Revert "Merge branch 'ipv6-overflow-arith'"

annes Frederic Sowa --- Sorry for delaying the net pull request! include/linux/compiler-gcc.h | 4 include/linux/overflow-arith.h | 18 -- net/ipv6/ip6_output.c | 6 +- 3 files changed, 1 insertion(+), 27 deletions(-) delete mode 100644 include/linux/overflow-ar

[PATCH net 2/2] ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues

b function, which got reverted for now. Suggested-by: Linus Torvalds Cc: Linus Torvalds Reported-by: Dmitry Vyukov Cc: Dmitry Vyukov Signed-off-by: Hannes Frederic Sowa --- net/ipv6/ip6_output.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_outp

Re: [GIT] Networking

Hi Linus, On Wed, Oct 28, 2015, at 10:39, Linus Torvalds wrote: > On Wed, Oct 28, 2015 at 3:32 PM, David Miller > wrote: > > > > This may look a bit scary this late in the release cycle, but as is > > typically > > the case it's predominantly small driver fixes all over the place. > > Christ pe

Re: [PATCH net-next v3 0/4] net: clean up interactions of CHECKSUM_PARTIAL and fragmentation

Hi David, Hannes Frederic Sowa writes: > This series fixes wrong checksums on the wire for IPv4 and IPv6. Large > send buffers and especially NFS lead to wrong checksums in both IPv4 > and IPv6. > > CHECKSUM_PARTIAL skbs should not receive the respective fragmentations > fu

Re: new coverity defect in ipv6 route

Hi Stephen, On Wed, Oct 28, 2015, at 01:43, Stephen Hemminger wrote: > *** CID 1328821: Memory - corruptions (ARRAY_VS_SINGLETON) > /net/ipv6/route.c: 320 in rt6_info_init() > 314 #endif

Re: [PATCH net v2 3/4] ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets

On Tue, Oct 27, 2015, at 23:03, Tom Herbert wrote: > On Tue, Oct 27, 2015 at 2:42 PM, Hannes Frederic Sowa > wrote: > > I posted v3 just now. I would like to let David consider it for net > > inclusion. We can work on how to lift this limitation then in net-next, > > okay?

Re: [PATCH net-next v3 1/4] ipv4: no CHECKSUM_PARTIAL on MSG_MORE corked sockets

On Tue, Oct 27, 2015, at 23:22, Tom Herbert wrote: > On Tue, Oct 27, 2015 at 2:40 PM, Hannes Frederic Sowa > wrote: > > We cannot reliable calculate packet size on MSG_MORE corked sockets > > and thus cannot decide if they are going to be fragmented later on, >

Re: [PATCH net v2 3/4] ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets

Hi Tom, On Tue, Oct 27, 2015, at 20:19, Hannes Frederic Sowa wrote: > On Tue, Oct 27, 2015, at 19:37, Tom Herbert wrote: > > On Tue, Oct 27, 2015 at 11:29 AM, Hannes Frederic Sowa > > wrote: > > > On Tue, Oct 27, 2015, at 18:32, Tom Herbert wrote: > > >> On

[PATCH net-next v3 4/4] ipv6: add defensive check for CHECKSUM_PARTIAL skbs in ip_fragment

6: ip6_fragment() should check CHECKSUM_PARTIAL") Cc: Eric Dumazet Cc: Vlad Yasevich Cc: Benjamin Coddington Cc: Tom Herbert Signed-off-by: Hannes Frederic Sowa --- net/ipv6/ip6_output.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/ipv6/ip6_output.c b/n

[PATCH net-next v3 0/4] net: clean up interactions of CHECKSUM_PARTIAL and fragmentation

as they get reported. Thanks! Changelog: v2: added v4 checks v3: removed WARN_ON_ONCES (advice by Tom Herbert) Hannes Frederic Sowa (4): ipv4: no CHECKSUM_PARTIAL on MSG_MORE corked sockets ipv4: add defensive check for CHECKSUM_PARTIAL skbs in ip_fragment ipv6: no CHECKSUM_PARTIAL on

[PATCH net-next v3 3/4] ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets

6: ip6_fragment() should check CHECKSUM_PARTIAL") Cc: Eric Dumazet Cc: Vlad Yasevich Cc: Benjamin Coddington Cc: Tom Herbert Signed-off-by: Hannes Frederic Sowa --- net/ipv6/ip6_output.c | 70 --- 1 file changed, 33 insertions(+), 37 deletions(

[PATCH net-next v3 1/4] ipv4: no CHECKSUM_PARTIAL on MSG_MORE corked sockets

Frederic Sowa --- net/ipv4/ip_output.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 50e2973..0b02417 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -911,6 +911,7 @@ static int __ip_append_data(struct sock *sk, if

[PATCH net-next v3 2/4] ipv4: add defensive check for CHECKSUM_PARTIAL skbs in ip_fragment

CHECKSUM_PARTIAL skbs should never arrive in ip_fragment. If we get one of those warn about them once and handle them gracefully by recalculating the checksum. Cc: Eric Dumazet Cc: Vlad Yasevich Cc: Benjamin Coddington Cc: Tom Herbert Signed-off-by: Hannes Frederic Sowa --- net/ipv4

Re: [PATCH net v2 3/4] ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets

On Tue, Oct 27, 2015, at 19:37, Tom Herbert wrote: > On Tue, Oct 27, 2015 at 11:29 AM, Hannes Frederic Sowa > wrote: > > On Tue, Oct 27, 2015, at 18:32, Tom Herbert wrote: > >> On Tue, Oct 27, 2015 at 9:44 AM, Hannes Frederic Sowa > >> wrote: > >> > &g

Re: [PATCH net v2 2/4] ipv4: add defensive check for CHECKSUM_PARTIAL skbs in ip_fragment

Hi Sergei, On Tue, Oct 27, 2015, at 20:01, Sergei Shtylyov wrote: > On 10/27/2015 06:02 PM, Hannes Frederic Sowa wrote: > > > CHECKSUM_PARTIAL skbs should never arrive in ip_fragment. If we get one > > of those warn about them once and handle them gracefully by recalculatin

Re: [PATCH net v2 2/4] ipv4: add defensive check for CHECKSUM_PARTIAL skbs in ip_fragment

On Tue, Oct 27, 2015, at 17:06, Tom Herbert wrote: > On Tue, Oct 27, 2015 at 8:02 AM, Hannes Frederic Sowa > wrote: > > CHECKSUM_PARTIAL skbs should never arrive in ip_fragment. If we get one > > of those warn about them once and handle them gracefully by recalculatin

Re: [PATCH net v2 3/4] ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets

On Tue, Oct 27, 2015, at 18:32, Tom Herbert wrote: > On Tue, Oct 27, 2015 at 9:44 AM, Hannes Frederic Sowa > wrote: > > > > > > On Tue, Oct 27, 2015, at 17:36, Tom Herbert wrote:> > - if > > (cork->length + length > maxnonfragsize - hea

Re: [PATCH net v2 3/4] ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets

On Tue, Oct 27, 2015, at 17:36, Tom Herbert wrote:> > - if (cork->length + length > maxnonfragsize - headersize) { > > + if (cork->length + length > maxnonfragsize - headersize) { > > emsgsize: > > - ipv6_local_error(sk, EMSGSIZE, fl6, > > -

Re: [PATCH net v2 1/4] ipv4: no CHECKSUM_PARTIAL on MSG_MORE corked sockets

On Tue, Oct 27, 2015, at 17:04, Tom Herbert wrote: > On Tue, Oct 27, 2015 at 8:02 AM, Hannes Frederic Sowa > wrote: > > We cannot reliable calculate packet size on MSG_MORE corked sockets > > and thus cannot decide if they are going to be fragmented later on, >

[PATCH net v2 2/4] ipv4: add defensive check for CHECKSUM_PARTIAL skbs in ip_fragment

CHECKSUM_PARTIAL skbs should never arrive in ip_fragment. If we get one of those warn about them once and handle them gracefully by recalculating the checksum. Cc: Eric Dumazet Cc: Vlad Yasevich Cc: Benjamin Coddington Cc: Tom Herbert Signed-off-by: Hannes Frederic Sowa --- net/ipv4

[PATCH net v2 1/4] ipv4: no CHECKSUM_PARTIAL on MSG_MORE corked sockets

Frederic Sowa --- net/ipv4/ip_output.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 50e2973..0b02417 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -911,6 +911,7 @@ static int __ip_append_data(struct sock *sk, if

[PATCH net v2 4/4] ipv6: add defensive check for CHECKSUM_PARTIAL skbs in ip_fragment

6: ip6_fragment() should check CHECKSUM_PARTIAL") Cc: Eric Dumazet Cc: Vlad Yasevich Cc: Benjamin Coddington Cc: Tom Herbert Signed-off-by: Hannes Frederic Sowa --- net/ipv6/ip6_output.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/ipv6/ip6_output.c b/n

[PATCH net v2 0/4] net: clean up interactions of CHECKSUM_PARTIAL and fragmentation

as they get reported. Thanks! Hannes Frederic Sowa (4): ipv4: no CHECKSUM_PARTIAL on MSG_MORE corked sockets ipv4: add defensive check for CHECKSUM_PARTIAL skbs in ip_fragment ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets ipv6: add defensive check for CHECKSUM_PARTIAL skbs in

[PATCH net v2 3/4] ipv6: no CHECKSUM_PARTIAL on MSG_MORE corked sockets

6: ip6_fragment() should check CHECKSUM_PARTIAL") Cc: Eric Dumazet Cc: Vlad Yasevich Cc: Benjamin Coddington Cc: Tom Herbert Signed-off-by: Hannes Frederic Sowa --- net/ipv6/ip6_output.c | 70 --- 1 file changed, 33 insertions(+), 37 deletions(

Re: [PATCH net-next] sock: don't enable netstamp for af_unix sockets

On Tue, Oct 27, 2015, at 14:19, Eric Dumazet wrote: > On Tue, 2015-10-27 at 12:15 +0100, Hannes Frederic Sowa wrote: > > > Also counter question: why is the netstamp code protected by a > > static_key otherwise if not for trying to suppress the code path as > > often

Re: [PATCH net-next] sock: don't enable netstamp for af_unix sockets

On Tue, Oct 27, 2015, at 12:09, Hannes Frederic Sowa wrote: > Hi Richard, > > On Tue, Oct 27, 2015, at 11:11, Richard Cochran wrote: > > On Mon, Oct 26, 2015 at 02:32:59PM +0100, Hannes Frederic Sowa wrote: > > > On Mon, Oct 26, 2015, at 14:19, Richard Cochran wrote

Re: [PATCH net-next] sock: don't enable netstamp for af_unix sockets

Hi Richard, On Tue, Oct 27, 2015, at 11:11, Richard Cochran wrote: > On Mon, Oct 26, 2015 at 02:32:59PM +0100, Hannes Frederic Sowa wrote: > > On Mon, Oct 26, 2015, at 14:19, Richard Cochran wrote: > > > On Mon, Oct 26, 2015 at 01:51:37PM +0100, Hannes Frederic Sowa wrote: >

Re: ip_no_pmtu_disc and UDP

On Mon, Oct 26, 2015, at 23:53, Vincent Li wrote: > ok, I observed if i increase the UDP client packet size > local > interface MTU 1500, the client will fragment the packet first and > then send it out, if the UDP client packet size < local interface MTU > 1500, the DF bit will be set when ip_no

Re: ip_no_pmtu_disc and UDP

Hello, On Mon, Oct 26, 2015, at 23:00, Vincent Li wrote: > the UDP packet size is about 768, here is how packet path like: > > client > server > (eth0 mtu 1500 ip 10.3.72.69) (eth0 mtu 1500 ip

Re: [PATCH net] ipv6: no CHECKSUM_PARTIAL on skbs with extension headers and recalc checksum during fragmentation

On Mon, Oct 26, 2015, at 20:39, Tom Herbert wrote: > On Mon, Oct 26, 2015 at 11:44 AM, Hannes Frederic Sowa > wrote: > > > > > > On Mon, Oct 26, 2015, at 15:19, Tom Herbert wrote: > >> > We already concluded that drivers do have this problem and not the stack &

Re: [PATCH net-next] ipv6: recreate ipv6 link-local addresses when increasing MTU over IPV6_MIN_MTU

Hi, On Mon, Oct 26, 2015, at 20:16, Jay Vosburgh wrote: > Hannes Frederic Sowa wrote: > > >Hello Alex, > > > >On Mon, Oct 26, 2015, at 16:52, Alexander Duyck wrote: > >> Seems like this code isn't quite correct. You are calling ipv6_add_dev > >>

Re: [PATCH net-next] ipv6: recreate ipv6 link-local addresses when increasing MTU over IPV6_MIN_MTU

Hi Alex, On Mon, Oct 26, 2015, at 18:07, Alexander Duyck wrote: > Might be a bit longer. I just realized that I think there is another > bug here where you are going through the NETDEV_UP path even though the > interface isn't up. I'll run through some testing this morning to work > out the k

Re: [PATCH net] ipv6: no CHECKSUM_PARTIAL on skbs with extension headers and recalc checksum during fragmentation

On Mon, Oct 26, 2015, at 15:19, Tom Herbert wrote: > > We already concluded that drivers do have this problem and not the stack > > above ip6_fragment. The places I am aware of I fixed in this patch. Also > > IPv4 to me seems unaffected, albeit one can certainly clean up the logic > > in net-next

Re: [PATCH net-next] ipv6: recreate ipv6 link-local addresses when increasing MTU over IPV6_MIN_MTU

Hi Alex, On Mon, Oct 26, 2015, at 18:07, Alexander Duyck wrote: > >> Seems like this code isn't quite correct. You are calling ipv6_add_dev > >> for slave devices, and if I understand things correctly I don't believe > >> that was happening before and may be an unintended side effect. > > Hmm, co

Re: [PATCH net-next] ipv6: recreate ipv6 link-local addresses when increasing MTU over IPV6_MIN_MTU

Hello Alex, On Mon, Oct 26, 2015, at 16:52, Alexander Duyck wrote: > Seems like this code isn't quite correct. You are calling ipv6_add_dev > for slave devices, and if I understand things correctly I don't believe > that was happening before and may be an unintended side effect. Ah, btw., auto

Re: [PATCH net-next] ipv6: recreate ipv6 link-local addresses when increasing MTU over IPV6_MIN_MTU

Hi Alex, On Mon, Oct 26, 2015, at 16:52, Alexander Duyck wrote: > On 10/26/2015 07:36 AM, Hannes Frederic Sowa wrote: > > Take into consideration that the interface might be disabled for IPv6, > > thus switch event type. > > > > Signed-off-by: Hannes Frederic S

[PATCH net-next] ipv6: recreate ipv6 link-local addresses when increasing MTU over IPV6_MIN_MTU

Take into consideration that the interface might be disabled for IPv6, thus switch event type. Signed-off-by: Hannes Frederic Sowa --- net/ipv6/addrconf.c | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index d0c685c..c2dcebe

Re: [PATCH net-next] sock: don't enable netstamp for af_unix sockets

Hello, On Mon, Oct 26, 2015, at 14:19, Richard Cochran wrote: > On Mon, Oct 26, 2015 at 01:51:37PM +0100, Hannes Frederic Sowa wrote: > > netstamp_needed is toggled for all socket families if they request > > timestamping. But some protocols don't need the lower-layer timestam

[PATCH net-next] sock: don't enable netstamp for af_unix sockets

g the system to globally enable timestamping in the lower networking stack. Still, it is very probable that timestamping gets activated, by e.g. dhclient or various NTP implementations. Reported-by: Jesper Dangaard Brouer Signed-off-by: Hannes Frederic Sowa --- net/core/sock.c

Re: [PATCH net] ipv6: no CHECKSUM_PARTIAL on skbs with extension headers and recalc checksum during fragmentation

On Sun, Oct 25, 2015, at 14:32, Tom Herbert wrote: > > Anyway, currently it is easy to generate broken checksums on the wire > > and would like to solve that for net, we certainly can improve that in > > net-next. > > > Hannes, > > The IPv4 fragment code is very similar to IPv6 in that both will >

Re: [PATCH net] ipv6: no CHECKSUM_PARTIAL on skbs with extension headers and recalc checksum during fragmentation

Hi Tom, On Sat, Oct 24, 2015, at 18:46, Tom Herbert wrote: > On Sat, Oct 24, 2015 at 12:28 PM, Hannes Frederic Sowa > wrote: > > Hi Tom, > > > > On Sat, Oct 24, 2015, at 18:21, Tom Herbert wrote: > >> On Fri, Oct 23, 2015 at 9:13 AM, Hannes Frederic Sowa >

Re: [PATCH net] ipv6: no CHECKSUM_PARTIAL on skbs with extension headers and recalc checksum during fragmentation

Hi Tom, On Sat, Oct 24, 2015, at 18:21, Tom Herbert wrote: > On Fri, Oct 23, 2015 at 9:13 AM, Hannes Frederic Sowa > wrote: > > CHECKSUM_PARTIAL should only be used on plain vanilla IPv6 + UDP packets > > in ip6_append_data. Some drivers don't correctly handle extension

Re: [PATCH net] ipv6: no CHECKSUM_PARTIAL on skbs with extension headers and recalc checksum during fragmentation

Hi, On Sat, Oct 24, 2015, at 00:48, Eric Dumazet wrote: > On Fri, 2015-10-23 at 15:13 +0200, Hannes Frederic Sowa wrote: > > CHECKSUM_PARTIAL should only be used on plain vanilla IPv6 + UDP packets > > in ip6_append_data. Some drivers don't correctly handle extension headers

Re: ip_no_pmtu_disc and UDP

Hello, On Fri, Oct 23, 2015, at 18:45, Vincent Li wrote: > It looks ip_no_pmtu_disc setting does not affect UDP IP packet DF bit > setting, is that intended behavior? echo 0, 1, 2, 3 respectively to > ip_no_pmtu_disc, UDP IP packet always have DF bit cleared, unless use > IP_PMTUDISC_DO on IP_MTU_

[PATCH net] ipv6: no CHECKSUM_PARTIAL on skbs with extension headers and recalc checksum during fragmentation

deal with ip6_fragments. Fixes: commit 32dce968dd987 ("ipv6: Allow for partial checksums on non-ufo packets") See-also: commit 72e843bb09d45 ("ipv6: ip6_fragment() should check CHECKSUM_PARTIAL") Cc: Eric Dumazet Cc: Vlad Yasevich Cc: Benjamin Coddington Signed-off-by: Hanne

Re: [PATCH net] net: try harder to not reuse ifindex when moving interfaces

Hi Thomas, On Thu, Oct 22, 2015, at 18:45, Thomas Graf wrote: > On 10/22/15 at 05:00pm, Jiri Benc wrote: > > On Thu, 22 Oct 2015 16:52:13 +0200, Nicolas Dichtel wrote: > > > With the proposed scenario: > > > 1. create netns 'new_netns' > > > 2. in root netns, move the interface with ifindex 2 to n

Re: [PATCH net] net: try harder to not reuse ifindex when moving interfaces

Hello, On Thu, Oct 22, 2015, at 17:00, Jiri Benc wrote: > On Thu, 22 Oct 2015 16:52:13 +0200, Nicolas Dichtel wrote: > > With the proposed scenario: > > 1. create netns 'new_netns' > > 2. in root netns, move the interface with ifindex 2 to new_netns > > 3. in new_netns, delete the interface with i

Re: [PATCH net] net: try harder to not reuse ifindex when moving interfaces

Hello, On Wed, Oct 21, 2015, at 17:56, David Miller wrote: > From: Jiri Benc > Date: Wed, 21 Oct 2015 17:25:02 +0200 > > > On Wed, 21 Oct 2015 08:32:14 -0700 (PDT), David Miller wrote: > >> As you say the apps are broken, so file a bug and have them fixed. > >> > >> The assumption is clearly in

Re: [PATCH net] ipv6: don't use CHECKSUM_PARTIAL on MSG_MORE/UDP_CORK sockets

On Tue, Oct 20, 2015, at 23:39, Vlad Yasevich wrote: > I am now wondering if this might be UFO related instead and looking for a > nic that > has UFO support. I doubt that. We overallocate memory first time in ip6_append_data because we are in MSG_MORE mode. Then, in my case the second write only

Re: [PATCH net] ipv6: don't use CHECKSUM_PARTIAL on MSG_MORE/UDP_CORK sockets

Hi Vlad, On Tue, Oct 20, 2015, at 23:39, Vlad Yasevich wrote: > On 10/20/2015 10:38 AM, Hannes Frederic Sowa wrote: > > MSG_MORE might cause the packet to get fragmented in the end when > > passed down to the flush function and the transhdrlen check alone is > > not sufficie

[PATCH net] ipv6: don't use CHECKSUM_PARTIAL on MSG_MORE/UDP_CORK sockets

calculation for UDPv6 for NFS protocols. Fixes: 32dce968dd987 ("ipv6: Allow for partial checksums on non-ufo packets") Cc: Vlad Yasevich Tested-by: Sabrina Dubroca Tested-by: Benjamin Coddington Signed-off-by: Hannes Frederic Sowa --- net/ipv6/ip6_output.c | 1 + 1 file changed, 1

Re: [PATCH net-next 3/4] bpf: add support for persistent maps/progs

Hello Alexei, On Tue, Oct 20, 2015, at 03:09, Alexei Starovoitov wrote: > On 10/19/15 4:02 PM, Hannes Frederic Sowa wrote: > > I bet commercial software will make use of this ebpf framework, too. And > > the kernel always helped me and gave me a way to see what is going on, >

Re: [PATCH net-next 3/4] bpf: add support for persistent maps/progs

Hey Alexei, On Tue, Oct 20, 2015, at 02:30, Alexei Starovoitov wrote: > On 10/19/15 3:17 PM, Daniel Borkmann wrote: > > On 10/19/2015 10:48 PM, Alexei Starovoitov wrote: > >> On 10/19/15 1:03 PM, Hannes Frederic Sowa wrote: > >>> > >>> I doubt it will s

Re: [PATCH net-next 3/4] bpf: add support for persistent maps/progs

Hi Alexei, On Mon, Oct 19, 2015, at 21:34, Alexei Starovoitov wrote: > On 10/19/15 11:46 AM, Hannes Frederic Sowa wrote: > > Hi, > > > > On Mon, Oct 19, 2015, at 20:15, Alexei Starovoitov wrote: > >> On 10/19/15 10:37 AM, Daniel Borkmann wrote: > >>> An

Re: [PATCH net-next 3/4] bpf: add support for persistent maps/progs

Hi, On Mon, Oct 19, 2015, at 20:15, Alexei Starovoitov wrote: > On 10/19/15 10:37 AM, Daniel Borkmann wrote: > > An eBPF program or map loading/destruction is *not* by any means to be > > considered fast-path. We currently hold a global mutex during loading. > > So, how can that be considered fast

Re: [PATCH net-next 3/4] bpf: add support for persistent maps/progs

Hi, On Sun, Oct 18, 2015, at 22:59, Alexei Starovoitov wrote: > On 10/18/15 9:49 AM, Daniel Borkmann wrote: > > Okay, I have pushed some rough working proof of concept here: > > > > https://git.breakpoint.cc/cgit/dborkman/net-next.git/log/?h=ebpf-fds-final5 > > > > So the idea eventually had to be

Re: [PATCH net-next 3/4] bpf: add support for persistent maps/progs

On Fri, Oct 16, 2015, at 03:09, Daniel Borkmann wrote: > This eventually leads us to this patch, which implements a minimal > eBPF file system. The idea is a bit similar, but to the point that > these inodes reside at one or multiple mount points. A directory > hierarchy can be tailored to a specif

Re: [PATCH net-next 3/4] bpf: add support for persistent maps/progs

Hi Alexei, On Fri, Oct 16, 2015, at 18:18, Alexei Starovoitov wrote: > On 10/16/15 3:25 AM, Hannes Frederic Sowa wrote: > > Namespaces at some point dealt with the same problem, they nowadays use > > bind mounts of/proc/$$/ns/* to some place in the file hierarchy to keep > >

Re: [PATCH net-next 3/4] bpf: add support for persistent maps/progs

On Fri, Oct 16, 2015, at 15:36, Daniel Borkmann wrote: > On 10/16/2015 12:25 PM, Hannes Frederic Sowa wrote: > > On Fri, Oct 16, 2015, at 03:09, Daniel Borkmann wrote: > >> This eventually leads us to this patch, which implements a minimal > >> eBPF file system. The id

Re: [PATCH] ipv6: no addrconf for slave devices

On Fri, Oct 16, 2015, at 13:54, Jiri Pirko wrote: > Fri, Oct 16, 2015 at 12:21:51PM CEST, jblu...@infradead.org wrote: > >If a device without the IFF_SLAVE flag set (e.g. team, bridge, openvswitch > >vport, batman) is enslaved and IPv6 is active then addrconf will be > >initiated and a link-local a

<    3   4   5   6   7   8   9   10   >