From 872689d431febb0eecaca2dd123ddf4d12968100 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Sat, 20 Mar 2021 09:36:07 -0700 Subject: [PATCH 01/17] uapi: minor header update for l2tp Signed-off-by: Stephen Hemminger --- include/uapi/linux/bpf.h | 1 - include/uapi/linux/l2tp.h | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 9c135426..1840da8d 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -3850,7 +3850,6 @@ union bpf_attr { * * long bpf_check_mtu(void *ctx, u32 ifindex, u32 *mtu_len, s32 len_diff, u64 flags) * Description - * Check ctx packet size against exceeding MTU of net device (based * on *ifindex*). This helper will likely be used in combination * with helpers that adjust/change the packet size. diff --git a/include/uapi/linux/l2tp.h b/include/uapi/linux/l2tp.h index 65ec4762..0480d2db 100644 --- a/include/uapi/linux/l2tp.h +++ b/include/uapi/linux/l2tp.h @@ -145,6 +145,7 @@ enum { L2TP_ATTR_RX_ERRORS, /* u64 */ L2TP_ATTR_STATS_PAD, L2TP_ATTR_RX_COOKIE_DISCARDS, /* u64 */ + L2TP_ATTR_RX_INVALID, /* u64 */ __L2TP_ATTR_STATS_MAX, }; From 7384c15e0e66f7cc5f8385b341b6a553a60914e5 Mon Sep 17 00:00:00 2001 From: Petr Machata Date: Wed, 17 Mar 2021 13:24:14 +0100 Subject: [PATCH 02/17] ip: Fix batch processing After the comment cited below, batch mode neglects to set the global variable batch_mode to a non-zero value. Netns and VRF commands use this variable, and break in batch mode. Fix by setting the value again. Fixes: 1d9a81b8c9f3 ("Unify batch processing across tools") Reported-by: Tim Rice Signed-off-by: Petr Machata Signed-off-by: Stephen Hemminger --- ip/ip.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ip/ip.c b/ip/ip.c index c561c01f..4cf09fc3 100644 --- a/ip/ip.c +++ b/ip/ip.c @@ -156,6 +156,7 @@ static int batch(const char *name) return EXIT_FAILURE; } + batch_mode = 1; ret = do_batch(name, force, ip_batch_cmd, &orig_family); rtnl_close(&rth); From e77a0d3dc99e17cd615c0ddf9ec4a2cf7f64fe94 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 30 Mar 2021 16:38:05 -0700 Subject: [PATCH 03/17] uapi: bpf.h update from upstream Signed-off-by: Stephen Hemminger --- include/uapi/linux/bpf.h | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 1840da8d..b1aba6af 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -3850,7 +3850,7 @@ union bpf_attr { * * long bpf_check_mtu(void *ctx, u32 ifindex, u32 *mtu_len, s32 len_diff, u64 flags) * Description - * Check ctx packet size against exceeding MTU of net device (based + * Check packet size against exceeding MTU of net device (based * on *ifindex*). This helper will likely be used in combination * with helpers that adjust/change the packet size. * @@ -3867,6 +3867,14 @@ union bpf_attr { * against the current net device. This is practical if this isn't * used prior to redirect. * + * On input *mtu_len* must be a valid pointer, else verifier will + * reject BPF program. If the value *mtu_len* is initialized to + * zero then the ctx packet size is use. When value *mtu_len* is + * provided as input this specify the L3 length that the MTU check + * is done against. Remember XDP and TC length operate at L2, but + * this value is L3 as this correlate to MTU and IP-header tot_len + * values which are L3 (similar behavior as bpf_fib_lookup). + * * The Linux kernel route table can configure MTUs on a more * specific per route level, which is not provided by this helper. * For route level MTU checks use the **bpf_fib_lookup**\ () @@ -3891,11 +3899,9 @@ union bpf_attr { * * On return *mtu_len* pointer contains the MTU value of the net * device. Remember the net device configured MTU is the L3 size, - * which is returned here and XDP and TX length operate at L2. + * which is returned here and XDP and TC length operate at L2. * Helper take this into account for you, but remember when using - * MTU value in your BPF-code. On input *mtu_len* must be a valid - * pointer and be initialized (to zero), else verifier will reject - * BPF program. + * MTU value in your BPF-code. * * Return * * 0 on success, and populate MTU value in *mtu_len* pointer. From 06d0bbf1ee083ea875e24622db362e68ec611985 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 6 Apr 2021 09:24:20 -0700 Subject: [PATCH 04/17] erspan: fix JSON output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The format for erspan/erspan6 output is not valid JSON, as on version 2 a valueless key was presented. The direction should be value and erspan_dir should be the key. Fixes: 289763626721 ("erspan: add erspan version II support") Cc: u9012063@gmail.com Reported-by: Christian Pössinger Signed-off-by: Christian Pössinger Signed-off-by: Stephen Hemminger --- ip/link_gre.c | 4 ++-- ip/link_gre6.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ip/link_gre.c b/ip/link_gre.c index 0461e5d0..6d4a8be8 100644 --- a/ip/link_gre.c +++ b/ip/link_gre.c @@ -536,10 +536,10 @@ static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) if (erspan_dir == 0) print_string(PRINT_ANY, "erspan_dir", - "erspan_dir ingress ", NULL); + "erspan_dir %s ", "ingress"); else print_string(PRINT_ANY, "erspan_dir", - "erspan_dir egress ", NULL); + "erspan_dir %s ", "egress"); } if (tb[IFLA_GRE_ERSPAN_HWID]) { diff --git a/ip/link_gre6.c b/ip/link_gre6.c index 9d270f4b..f33598af 100644 --- a/ip/link_gre6.c +++ b/ip/link_gre6.c @@ -594,10 +594,10 @@ static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) if (erspan_dir == 0) print_string(PRINT_ANY, "erspan_dir", - "erspan_dir ingress ", NULL); + "erspan_dir %s ", "ingress"); else print_string(PRINT_ANY, "erspan_dir", - "erspan_dir egress ", NULL); + "erspan_dir %s ", "egress"); } if (tb[IFLA_GRE_ERSPAN_HWID]) { From cc718c191b66389e192d9e243152664fa7dd2752 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 13 Apr 2021 19:14:34 -0700 Subject: [PATCH 05/17] uapi: update can.h Upstream commit to force packing on ARM OABI Signed-off-by: Stephen Hemminger --- include/uapi/linux/can.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/uapi/linux/can.h b/include/uapi/linux/can.h index d7d56e40..5e1d3838 100644 --- a/include/uapi/linux/can.h +++ b/include/uapi/linux/can.h @@ -113,7 +113,7 @@ struct can_frame { */ __u8 len; __u8 can_dlc; /* deprecated */ - }; + } __attribute__((packed)); /* disable padding added in some ABIs */ __u8 __pad; /* padding */ __u8 __res0; /* reserved / padding */ __u8 len8_dlc; /* optional DLC for 8 byte payload length (9 .. 15) */ From 6b8fa2ea2d5024345277240acc2252c049e561b3 Mon Sep 17 00:00:00 2001 From: Andrea Claudi Date: Wed, 14 Apr 2021 00:48:37 +0200 Subject: [PATCH 06/17] devlink: always check strslashrsplit() return value strslashrsplit() return value is not checked in __dl_argv_handle(), despite the fact that it can return EINVAL. This commit fix it and make __dl_argv_handle() return error if strslashrsplit() return an error code. Fixes: 2f85a9c53587 ("devlink: allow to parse both devlink and port handle in the same time") Signed-off-by: Andrea Claudi Signed-off-by: Stephen Hemminger --- devlink/devlink.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/devlink/devlink.c b/devlink/devlink.c index c6e85ff9..faa87b3d 100644 --- a/devlink/devlink.c +++ b/devlink/devlink.c @@ -965,7 +965,13 @@ static int strtobool(const char *str, bool *p_val) static int __dl_argv_handle(char *str, char **p_bus_name, char **p_dev_name) { - strslashrsplit(str, p_bus_name, p_dev_name); + int err; + + err = strslashrsplit(str, p_bus_name, p_dev_name); + if (err) { + pr_err("Devlink identification (\"bus_name/dev_name\") \"%s\" is invalid\n", str); + return err; + } return 0; } From 6801ae8273ffcf781223246dd038a78f71c19e95 Mon Sep 17 00:00:00 2001 From: Andrea Claudi Date: Wed, 14 Apr 2021 00:50:20 +0200 Subject: [PATCH 07/17] q_cake: remove useless check on argv In cake_parse_opt(), *argv is checked not to be null when parsing for overhead and mpu parameters. However this is useless, since *argv matches right before for "overhead" or "mpu". Signed-off-by: Andrea Claudi Signed-off-by: Stephen Hemminger --- tc/q_cake.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tc/q_cake.c b/tc/q_cake.c index 4ff6056a..4cfc1c00 100644 --- a/tc/q_cake.c +++ b/tc/q_cake.c @@ -299,8 +299,7 @@ static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv, NEXT_ARG(); overhead = strtol(*argv, &p, 10); - if (!p || *p || !*argv || - overhead < -64 || overhead > 256) { + if (!p || *p || overhead < -64 || overhead > 256) { fprintf(stderr, "Illegal \"overhead\", valid range is -64 to 256\\n"); return -1; @@ -312,7 +311,7 @@ static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv, NEXT_ARG(); mpu = strtol(*argv, &p, 10); - if (!p || *p || !*argv || mpu < 0 || mpu > 256) { + if (!p || *p || mpu < 0 || mpu > 256) { fprintf(stderr, "Illegal \"mpu\", valid range is 0 to 256\\n"); return -1; From 6a2c51da993ab9f8b385ee2bf13814f8e8000ce5 Mon Sep 17 00:00:00 2001 From: Andrea Claudi Date: Wed, 14 Apr 2021 00:50:45 +0200 Subject: [PATCH 08/17] nexthop: fix memory leak in add_nh_group_attr() grps is dinamically allocated with a calloc, and not freed in a return path in the for cycle. This commit fix it. While at it, make the function use a single return point. Fixes: 63df8e8543b0 ("Add support for nexthop objects") Signed-off-by: Andrea Claudi Signed-off-by: Stephen Hemminger --- ip/ipnexthop.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/ip/ipnexthop.c b/ip/ipnexthop.c index 20cde586..f0658a9c 100644 --- a/ip/ipnexthop.c +++ b/ip/ipnexthop.c @@ -277,8 +277,9 @@ int print_nexthop(struct nlmsghdr *n, void *arg) static int add_nh_group_attr(struct nlmsghdr *n, int maxlen, char *argv) { - struct nexthop_grp *grps; + struct nexthop_grp *grps = NULL; int count = 0, i; + int err = -1; char *sep, *wsep; if (*argv != '\0') @@ -292,11 +293,11 @@ static int add_nh_group_attr(struct nlmsghdr *n, int maxlen, char *argv) } if (count == 0) - return -1; + goto out; grps = calloc(count, sizeof(*grps)); if (!grps) - return -1; + goto out; for (i = 0; i < count; ++i) { sep = strchr(argv, '/'); @@ -308,7 +309,7 @@ static int add_nh_group_attr(struct nlmsghdr *n, int maxlen, char *argv) *wsep = '\0'; if (get_unsigned(&grps[i].id, argv, 0)) - return -1; + goto out; if (wsep) { unsigned int w; @@ -324,7 +325,10 @@ static int add_nh_group_attr(struct nlmsghdr *n, int maxlen, char *argv) argv = sep + 1; } - return addattr_l(n, maxlen, NHA_GROUP, grps, count * sizeof(*grps)); + err = addattr_l(n, maxlen, NHA_GROUP, grps, count * sizeof(*grps)); +out: + free(grps); + return err; } static int ipnh_modify(int cmd, unsigned int flags, int argc, char **argv) From 16ce4d23661aee6cecfea0a8ded0ce11ef3a3ecd Mon Sep 17 00:00:00 2001 From: Andrea Claudi Date: Wed, 14 Apr 2021 00:50:57 +0200 Subject: [PATCH 09/17] rdma: stat: initialize ret in stat_qp_show_parse_cb() In the unlikely case in which the mnl_attr_for_each_nested() cycle is not executed, this function return an uninitialized value. Fix this initializing ret to 0. Fixes: 5937552b42e4 ("rdma: Add "stat qp show" support") Signed-off-by: Andrea Claudi Signed-off-by: Stephen Hemminger --- rdma/stat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rdma/stat.c b/rdma/stat.c index 75d45288..3abedae7 100644 --- a/rdma/stat.c +++ b/rdma/stat.c @@ -307,7 +307,7 @@ static int stat_qp_show_parse_cb(const struct nlmsghdr *nlh, void *data) struct rd *rd = data; const char *name; uint32_t idx; - int ret; + int ret = 0; mnl_attr_parse(nlh, 0, rd_attr_cb, tb); if (!tb[RDMA_NLDEV_ATTR_DEV_INDEX] || !tb[RDMA_NLDEV_ATTR_DEV_NAME] || From c8216fabe8d9df3db38283cca1b6caeca033f9b9 Mon Sep 17 00:00:00 2001 From: Andrea Claudi Date: Sun, 18 Apr 2021 14:56:30 +0200 Subject: [PATCH 10/17] rdma: stat: fix return code libmnl defines MNL_CB_OK as 1 and MNL_CB_ERROR as -1. rdma uses these return codes, and stat_qp_show_parse_cb() should do the same. Fixes: 16ce4d23661a ("rdma: stat: initialize ret in stat_qp_show_parse_cb()") Reported-by: Leon Romanovsky Signed-off-by: Andrea Claudi Acked-by: Leon Romanovsky Signed-off-by: Stephen Hemminger --- rdma/stat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rdma/stat.c b/rdma/stat.c index 3abedae7..8edf7bf1 100644 --- a/rdma/stat.c +++ b/rdma/stat.c @@ -307,7 +307,7 @@ static int stat_qp_show_parse_cb(const struct nlmsghdr *nlh, void *data) struct rd *rd = data; const char *name; uint32_t idx; - int ret = 0; + int ret = MNL_CB_OK; mnl_attr_parse(nlh, 0, rd_attr_cb, tb); if (!tb[RDMA_NLDEV_ATTR_DEV_INDEX] || !tb[RDMA_NLDEV_ATTR_DEV_NAME] || From b5a6ed9cc9fc15df13d07fe6b2dcc58942d89a2a Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 23 Apr 2021 10:36:17 -0700 Subject: [PATCH 11/17] uapi: add missing virtio related headers The build of iproute2 relies on having correct copy of santized kernel headers. The vdpa utility introduced a dependency on the vdpa related headers, but these headers were not present in iproute2 repo. Fixes: c2ecc82b9d4c ("vdpa: Add vdpa tool") Signed-off-by: Stephen Hemminger --- include/uapi/linux/vdpa.h | 40 +++++++++++++++++++++++ include/uapi/linux/virtio_ids.h | 58 +++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+) create mode 100644 include/uapi/linux/vdpa.h create mode 100644 include/uapi/linux/virtio_ids.h diff --git a/include/uapi/linux/vdpa.h b/include/uapi/linux/vdpa.h new file mode 100644 index 00000000..37ae26b6 --- /dev/null +++ b/include/uapi/linux/vdpa.h @@ -0,0 +1,40 @@ +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +/* + * vdpa device management interface + * Copyright (c) 2020 Mellanox Technologies Ltd. All rights reserved. + */ + +#ifndef _LINUX_VDPA_H_ +#define _LINUX_VDPA_H_ + +#define VDPA_GENL_NAME "vdpa" +#define VDPA_GENL_VERSION 0x1 + +enum vdpa_command { + VDPA_CMD_UNSPEC, + VDPA_CMD_MGMTDEV_NEW, + VDPA_CMD_MGMTDEV_GET, /* can dump */ + VDPA_CMD_DEV_NEW, + VDPA_CMD_DEV_DEL, + VDPA_CMD_DEV_GET, /* can dump */ +}; + +enum vdpa_attr { + VDPA_ATTR_UNSPEC, + + /* bus name (optional) + dev name together make the parent device handle */ + VDPA_ATTR_MGMTDEV_BUS_NAME, /* string */ + VDPA_ATTR_MGMTDEV_DEV_NAME, /* string */ + VDPA_ATTR_MGMTDEV_SUPPORTED_CLASSES, /* u64 */ + + VDPA_ATTR_DEV_NAME, /* string */ + VDPA_ATTR_DEV_ID, /* u32 */ + VDPA_ATTR_DEV_VENDOR_ID, /* u32 */ + VDPA_ATTR_DEV_MAX_VQS, /* u32 */ + VDPA_ATTR_DEV_MAX_VQ_SIZE, /* u16 */ + + /* new attributes must be added above here */ + VDPA_ATTR_MAX, +}; + +#endif diff --git a/include/uapi/linux/virtio_ids.h b/include/uapi/linux/virtio_ids.h new file mode 100644 index 00000000..bc1c0621 --- /dev/null +++ b/include/uapi/linux/virtio_ids.h @@ -0,0 +1,58 @@ +#ifndef _LINUX_VIRTIO_IDS_H +#define _LINUX_VIRTIO_IDS_H +/* + * Virtio IDs + * + * This header is BSD licensed so anyone can use the definitions to implement + * compatible drivers/servers. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of IBM nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL IBM OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ + +#define VIRTIO_ID_NET 1 /* virtio net */ +#define VIRTIO_ID_BLOCK 2 /* virtio block */ +#define VIRTIO_ID_CONSOLE 3 /* virtio console */ +#define VIRTIO_ID_RNG 4 /* virtio rng */ +#define VIRTIO_ID_BALLOON 5 /* virtio balloon */ +#define VIRTIO_ID_IOMEM 6 /* virtio ioMemory */ +#define VIRTIO_ID_RPMSG 7 /* virtio remote processor messaging */ +#define VIRTIO_ID_SCSI 8 /* virtio scsi */ +#define VIRTIO_ID_9P 9 /* 9p virtio console */ +#define VIRTIO_ID_MAC80211_WLAN 10 /* virtio WLAN MAC */ +#define VIRTIO_ID_RPROC_SERIAL 11 /* virtio remoteproc serial link */ +#define VIRTIO_ID_CAIF 12 /* Virtio caif */ +#define VIRTIO_ID_MEMORY_BALLOON 13 /* virtio memory balloon */ +#define VIRTIO_ID_GPU 16 /* virtio GPU */ +#define VIRTIO_ID_CLOCK 17 /* virtio clock/timer */ +#define VIRTIO_ID_INPUT 18 /* virtio input */ +#define VIRTIO_ID_VSOCK 19 /* virtio vsock transport */ +#define VIRTIO_ID_CRYPTO 20 /* virtio crypto */ +#define VIRTIO_ID_SIGNAL_DIST 21 /* virtio signal distribution device */ +#define VIRTIO_ID_PSTORE 22 /* virtio pstore device */ +#define VIRTIO_ID_IOMMU 23 /* virtio IOMMU */ +#define VIRTIO_ID_MEM 24 /* virtio mem */ +#define VIRTIO_ID_FS 26 /* virtio filesystem */ +#define VIRTIO_ID_PMEM 27 /* virtio pmem */ +#define VIRTIO_ID_MAC80211_HWSIM 29 /* virtio mac80211-hwsim */ + +#endif /* _LINUX_VIRTIO_IDS_H */ From 38ef5bb7b4a7e8b191f4087c140a07a0779fa903 Mon Sep 17 00:00:00 2001 From: Andrea Claudi Date: Mon, 19 Apr 2021 15:37:25 +0200 Subject: [PATCH 12/17] ip: netns: fix missing netns close on some error paths In functions netns_pids() and netns_identify_pid(), the netns file is not closed on some error paths. Fix this using a conditional close and a single return point on both functions. Fixes: 44b563269ea1 ("ip-nexthop: support flush by id") Signed-off-by: Andrea Claudi Signed-off-by: Stephen Hemminger --- ip/ipnetns.c | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/ip/ipnetns.c b/ip/ipnetns.c index 3e96d267..12035349 100644 --- a/ip/ipnetns.c +++ b/ip/ipnetns.c @@ -579,18 +579,18 @@ static int netns_pids(int argc, char **argv) { const char *name; char net_path[PATH_MAX]; - int netns; + int netns = -1, ret = -1; struct stat netst; DIR *dir; struct dirent *entry; if (argc < 1) { fprintf(stderr, "No netns name specified\n"); - return -1; + goto out; } if (argc > 1) { fprintf(stderr, "extra arguments specified\n"); - return -1; + goto out; } name = argv[0]; @@ -599,18 +599,18 @@ static int netns_pids(int argc, char **argv) if (netns < 0) { fprintf(stderr, "Cannot open network namespace: %s\n", strerror(errno)); - return -1; + goto out; } if (fstat(netns, &netst) < 0) { fprintf(stderr, "Stat of netns failed: %s\n", strerror(errno)); - return -1; + goto out; } dir = opendir("/proc/"); if (!dir) { fprintf(stderr, "Open of /proc failed: %s\n", strerror(errno)); - return -1; + goto out; } while ((entry = readdir(dir))) { char pid_net_path[PATH_MAX]; @@ -627,15 +627,19 @@ static int netns_pids(int argc, char **argv) printf("%s\n", entry->d_name); } } + ret = 0; closedir(dir); - return 0; +out: + if (netns >= 0) + close(netns); + return ret; } int netns_identify_pid(const char *pidstr, char *name, int len) { char net_path[PATH_MAX]; - int netns; + int netns = -1, ret = -1; struct stat netst; DIR *dir; struct dirent *entry; @@ -647,22 +651,24 @@ int netns_identify_pid(const char *pidstr, char *name, int len) if (netns < 0) { fprintf(stderr, "Cannot open network namespace: %s\n", strerror(errno)); - return -1; + goto out; } if (fstat(netns, &netst) < 0) { fprintf(stderr, "Stat of netns failed: %s\n", strerror(errno)); - return -1; + goto out; } dir = opendir(NETNS_RUN_DIR); if (!dir) { /* Succeed treat a missing directory as an empty directory */ - if (errno == ENOENT) - return 0; + if (errno == ENOENT) { + ret = 0; + goto out; + } fprintf(stderr, "Failed to open directory %s:%s\n", NETNS_RUN_DIR, strerror(errno)); - return -1; + goto out; } while ((entry = readdir(dir))) { @@ -685,8 +691,12 @@ int netns_identify_pid(const char *pidstr, char *name, int len) strlcpy(name, entry->d_name, len); } } + ret = 0; closedir(dir); - return 0; +out: + if (netns >= 0) + close(netns); + return ret; } From 932fe3453f39503b5689912d7e0b01ac2b03e7a0 Mon Sep 17 00:00:00 2001 From: Andrea Claudi Date: Mon, 19 Apr 2021 15:36:57 +0200 Subject: [PATCH 13/17] tc: e_bpf: fix memory leak in parse_bpf() envp_run is dinamically allocated with a malloc, and not freed in the out: return path. This commit fix it. Signed-off-by: Andrea Claudi Signed-off-by: Stephen Hemminger --- tc/e_bpf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tc/e_bpf.c b/tc/e_bpf.c index a48393b7..517ee5b3 100644 --- a/tc/e_bpf.c +++ b/tc/e_bpf.c @@ -159,7 +159,9 @@ static int parse_bpf(struct exec_util *eu, int argc, char **argv) envp_run[env_num - 1] = NULL; out: - return execvpe(argv_run[0], argv_run, envp_run); + ret = execvpe(argv_run[0], argv_run, envp_run); + free(envp_run); + return ret; err_free_env: for (--i; i >= env_old; i--) From 92af24c9078e0c3f3d3c191d78db91fe10df6bc1 Mon Sep 17 00:00:00 2001 From: Andrea Claudi Date: Mon, 19 Apr 2021 15:49:56 +0200 Subject: [PATCH 14/17] lib: bpf_legacy: treat 0 as a valid file descriptor As stated in the man page(), open returns a non-negative integer as a file descriptor. Hence, when checking for its return value to be ok, we should include 0 as a valid value. This fixes a covscan warning about a missing close() in this function. Fixes: ecb05c0f997d ("bpf: improve error reporting around tail calls") Signed-off-by: Andrea Claudi Signed-off-by: Stephen Hemminger --- lib/bpf_legacy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/bpf_legacy.c b/lib/bpf_legacy.c index 8a03b9c2..7ff10e4f 100644 --- a/lib/bpf_legacy.c +++ b/lib/bpf_legacy.c @@ -2832,7 +2832,7 @@ static void bpf_get_cfg(struct bpf_elf_ctx *ctx) int fd; fd = open(path_jit, O_RDONLY); - if (fd > 0) { + if (fd >= 0) { char tmp[16] = {}; if (read(fd, tmp, sizeof(tmp)) > 0) From e1ad689545a0a2a798869cb95de7dbe4b138bdae Mon Sep 17 00:00:00 2001 From: Andrea Claudi Date: Mon, 19 Apr 2021 15:49:57 +0200 Subject: [PATCH 15/17] lib: bpf_legacy: fix missing socket close when connect() fails In functions bpf_{send,recv}_map_fds(), when connect fails after a socket is successfully opened, we return with error missing a close on the socket. Fix this closing the socket if opened and using a single return point for both the functions. Fixes: 6256f8c9e45f ("tc, bpf: finalize eBPF support for cls and act front-end") Signed-off-by: Andrea Claudi Signed-off-by: Stephen Hemminger --- lib/bpf_legacy.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/lib/bpf_legacy.c b/lib/bpf_legacy.c index 7ff10e4f..7ec9ce9d 100644 --- a/lib/bpf_legacy.c +++ b/lib/bpf_legacy.c @@ -3092,13 +3092,13 @@ int bpf_send_map_fds(const char *path, const char *obj) .st = &ctx->stat, .obj = obj, }; - int fd, ret; + int fd, ret = -1; fd = socket(AF_UNIX, SOCK_DGRAM, 0); if (fd < 0) { fprintf(stderr, "Cannot open socket: %s\n", strerror(errno)); - return -1; + goto out; } strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); @@ -3107,7 +3107,7 @@ int bpf_send_map_fds(const char *path, const char *obj) if (ret < 0) { fprintf(stderr, "Cannot connect to %s: %s\n", path, strerror(errno)); - return -1; + goto out; } ret = bpf_map_set_send(fd, &addr, sizeof(addr), &bpf_aux, @@ -3117,7 +3117,9 @@ int bpf_send_map_fds(const char *path, const char *obj) path, strerror(errno)); bpf_maps_teardown(ctx); - close(fd); +out: + if (fd >= 0) + close(fd); return ret; } @@ -3125,13 +3127,13 @@ int bpf_recv_map_fds(const char *path, int *fds, struct bpf_map_aux *aux, unsigned int entries) { struct sockaddr_un addr = { .sun_family = AF_UNIX }; - int fd, ret; + int fd, ret = -1; fd = socket(AF_UNIX, SOCK_DGRAM, 0); if (fd < 0) { fprintf(stderr, "Cannot open socket: %s\n", strerror(errno)); - return -1; + goto out; } strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); @@ -3140,7 +3142,7 @@ int bpf_recv_map_fds(const char *path, int *fds, struct bpf_map_aux *aux, if (ret < 0) { fprintf(stderr, "Cannot bind to socket: %s\n", strerror(errno)); - return -1; + goto out; } ret = bpf_map_set_recv(fd, fds, aux, entries); @@ -3149,7 +3151,10 @@ int bpf_recv_map_fds(const char *path, int *fds, struct bpf_map_aux *aux, path, strerror(errno)); unlink(addr.sun_path); - close(fd); + +out: + if (fd >= 0) + close(fd); return ret; } From a3fb3fcb7d361059880661d9f68e25fb0e4b8248 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 27 Apr 2021 11:55:53 -0700 Subject: [PATCH 16/17] remove trailing whitespace Signed-off-by: Stephen Hemminger --- include/iptables.h | 2 +- ip/iplink_macvlan.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/iptables.h b/include/iptables.h index 78bc378e..eb91f291 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -12,7 +12,7 @@ extern int do_command4(int argc, char *argv[], char **table, struct xtc_handle **handle, bool restore); extern int delete_chain4(const xt_chainlabel chain, int verbose, struct xtc_handle *handle); -extern int flush_entries4(const xt_chainlabel chain, int verbose, +extern int flush_entries4(const xt_chainlabel chain, int verbose, struct xtc_handle *handle); extern int for_each_chain4(int (*fn)(const xt_chainlabel, int, struct xtc_handle *), int verbose, int builtinstoo, struct xtc_handle *handle); diff --git a/ip/iplink_macvlan.c b/ip/iplink_macvlan.c index 302a3748..79df17ea 100644 --- a/ip/iplink_macvlan.c +++ b/ip/iplink_macvlan.c @@ -162,7 +162,7 @@ static int macvlan_parse_opt(struct link_util *lu, int argc, char **argv, } else if (matches(*argv, "bcqueuelen") == 0) { __u32 bc_queue_len; NEXT_ARG(); - + if (get_u32(&bc_queue_len, *argv, 0)) { return bc_queue_len_arg(*argv); } From 1fdea280517b9951e43bc4544210024d0346b27e Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 27 Apr 2021 11:59:09 -0700 Subject: [PATCH 17/17] v5.12.0 --- include/version.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/version.h b/include/version.h index 1a1f4f83..b5113411 100644 --- a/include/version.h +++ b/include/version.h @@ -1 +1 @@ -static const char version[] = "5.11.0"; +static const char version[] = "5.12.0";