Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0-rc7 2026-02-18T01:13:07+00:00 2026-02-18T01:13:07+00:00 Jakub Kicinski kuba@kernel.org 2026-02-14T03:51:59+00:00 urn:sha1:32b70e62034aa72f8414ad4e9122cce7ad418c48 Since we started running selftests in NIPA we have been seeing tc_actions.sh generate a soft lockup warning on ~20% of the runs. On the pre-netdev foundation setup it was actually a missed irq splat from the console. Now it's either that or a lockup. I initially suspected a socket locking issue since the test is exercising local loopback with act_mirred. After hours of staring at this I noticed in strace that ncat when -o $file is specified _both_ saves the output to the file and still prints it to stdout. Because the file being sent is constructed with: dd conv=sparse status=none if=/dev/zero bs=1M count=2 of=$mirred ^^^^^^^^^ the data printed is all \0. Most terminals don't display nul characters (and neither does vng output capture save them). But QEMU's serial console still has to poke them thru which is very slow and causes the lockup (if the file is >600kB). Replace the '-o $file' with '> $file'. This speeds the test up from 2m20s to 18s on debug kernels, and prevents the warnings. Fixes: ca22da2fbd69 ("act_mirred: use the backlog for nested calls to mirred ingress") Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20260214035159.2119699-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2026-02-17T12:34:18+00:00 Aleksei Oladko aleksey.oladko@virtuozzo.com 2026-02-13T13:19:07+00:00 urn:sha1:a8c198d16c64cdf57f481a4cd3e769502802369e The tests use the tc pedit action to modify the IPv4 source address ("pedit ex munge ip src set"), but the IP header checksum is not recalculated after the modification. As a result, the modified packet fails sanity checks in br_netfilter after bridging and is dropped, which causes the test to fail. Fix this by ensuring net.bridge.bridge-nf-call-iptables is set to 0 during the test execution. This prevents the bridge from passing L2 traffic to netfilter, bypassing the checksum validation that causes the test failure. Fixes: 92ad3828944e ("selftests: forwarding: Add a test for pedit munge SIP and DIP") Fixes: 226657ba2389 ("selftests: forwarding: Add a forwarding test for pedit munge dsfield") Signed-off-by: Aleksei Oladko <aleksey.oladko@virtuozzo.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Link: https://patch.msgid.link/20260213131907.43351-4-aleksey.oladko@virtuozzo.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> 2026-02-17T12:34:11+00:00 Aleksei Oladko aleksey.oladko@virtuozzo.com 2026-02-13T13:19:06+00:00 urn:sha1:ce9f6aec0fb780dafc1dfc5f47c688422aff464a The test generates VXLAN traffic using mausezahn, where the encapsulated inner IPv6 packet has an incorrect payload length set in the IPv6 header. After VXLAN decapsulation, such packets do not pass sanity checks in br_netfilter and are dropped, which causes the test to fail. Fix this by setting the correct IPv6 payload length for the encapsulated packet generated by mausezahn, so that the packet is accepted by br_netfilter. tools/testing/selftests/net/forwarding/vxlan_bridge_1d_ipv6.sh lines 698-706 )"00:03:"$( : Payload length )"3a:"$( : Next header )"04:"$( : Hop limit )"$saddr:"$( : IP saddr )"$daddr:"$( : IP daddr )"80:"$( : ICMPv6.type )"00:"$( : ICMPv6.code )"00:"$( : ICMPv6.checksum ) Data after IPv6 header: • 80: — 1 byte (ICMPv6 type) • 00: — 1 byte (ICMPv6 code) • 00: — 1 byte (ICMPv6 checksum, truncated) Total: 3 bytes → 00:03 is correct. The old value 00:08 did not match the actual payload size. Fixes: b07e9957f220 ("selftests: forwarding: Add VxLAN tests with a VLAN-unaware bridge for IPv6") Signed-off-by: Aleksei Oladko <aleksey.oladko@virtuozzo.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Link: https://patch.msgid.link/20260213131907.43351-3-aleksey.oladko@virtuozzo.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> 2026-02-17T12:34:11+00:00 Aleksei Oladko aleksey.oladko@virtuozzo.com 2026-02-13T13:19:05+00:00 urn:sha1:02cb2e6bacbb08ebf6acb61be816efd11e1f4a21 The test generates VXLAN traffic using mausezahn, where the encapsulated inner IPv4 packet contains a zero IP header checksum. After VXLAN decapsulation, such packets do not pass sanity checks in br_netfilter and are dropped, which causes the test to fail. Fix this by calculating and setting a valid IPv4 header checksum for the encapsulated packet generated by mausezahn, so that the packet is accepted by br_netfilter. Fixed by using the payload_template_calc_checksum() / payload_template_expand_checksum() helpers that are only available in v6.3 and newer kernels. Fixes: a0b61f3d8ebf ("selftests: forwarding: vxlan_bridge_1d: Add an ECN decap test") Signed-off-by: Aleksei Oladko <aleksey.oladko@virtuozzo.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Link: https://patch.msgid.link/20260213131907.43351-2-aleksey.oladko@virtuozzo.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> 2026-02-17T12:00:14+00:00 Nikolay Aleksandrov nikolay@nvidia.com 2026-02-13T07:00:31+00:00 urn:sha1:a8470953b4caf52b32d27e2a23797824b312a325 Recently we were able to trigger a warning in the mdb_n_entries counting code. Add tests that exercise different ways which used to trigger that warning. Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Link: https://patch.msgid.link/20260213070031.1400003-3-nikolay@nvidia.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> 2026-01-10T01:35:23+00:00 Jakub Kicinski kuba@kernel.org 2026-01-07T14:53:19+00:00 urn:sha1:68ec2b9fc59e8053f17ee1d1a5b1959c43a19202 Recent version of tcpdump (tcpdump-4.99.6-1.fc43.x86_64) seems to have removed the spurious space after msg type in PTP info, e.g.: before: PTPv2, majorSdoId: 0x0, msg type : sync msg, length: 44 after: PTPv2, majorSdoId: 0x0, msg type: sync msg, length: 44 Update our patterns to match both. Reviewed-by: Alexander Sverdlin <alexander.sverdlin@gmail.com> Link: https://patch.msgid.link/20260107145320.1837464-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2025-12-11T08:53:16+00:00 Petr Machata petrm@nvidia.com 2025-12-09T15:29:03+00:00 urn:sha1:514520b34ba7d0eb36890f9f9c5c874a7e41544e After fixing traffic matching in the previous patch, the test does not need to use the sleep anymore. So drop vx_wait() altogether, migrate all callers of vx{10,20}_create_wait() to the corresponding _create(), and drop the now unused _create_wait() helpers. Signed-off-by: Petr Machata <petrm@nvidia.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Link: https://patch.msgid.link/eabfe4fa12ae788cf3b8c5c876a989de81dfc3d3.1765289566.git.petrm@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2025-12-11T08:53:15+00:00 Petr Machata petrm@nvidia.com 2025-12-09T15:29:02+00:00 urn:sha1:0c8b9a68b344ba2aa327278688d66c31f5f04275 This test runs an overlay traffic, forwarded over a multicast-routed VXLAN underlay. In order to determine whether packets reach their intended destination, it uses a TC match. For convenience, it uses a flower match, which however does not allow matching on the encapsulated packet. So various service traffic ends up being indistinguishable from the test packets, and ends up confusing the test. To alleviate the problem, the test uses sleep to allow the necessary service traffic to run and clear the channel, before running the test traffic. This worked for a while, but lately we have nevertheless seen flakiness of the test in the CI. Fix the issue by using u32 to match the encapsulated packet as well. The confusing packets seem to always be IPv6 multicast listener reports. Realistically they could be ARP or other ICMP6 traffic as well. Therefore look for ethertype IPv4 in the IPv4 traffic test, and for IPv6 / UDP combination in the IPv6 traffic test. Signed-off-by: Petr Machata <petrm@nvidia.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Link: https://patch.msgid.link/6438cb1613a2a667d3ff64089eb5994778f247af.1765289566.git.petrm@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2025-11-20T17:13:26+00:00 Jakub Kicinski kuba@kernel.org 2025-11-20T17:12:41+00:00 urn:sha1:9e203721ec6117b2f4436a26662413764fd669f0 Cross-merge networking fixes after downstream PR (net-6.18-rc7). No conflicts, adjacent changes: tools/testing/selftests/net/af_unix/Makefile e1bb28bf13f4 ("selftest: af_unix: Add test for SO_PEEK_OFF.") 45a1cd8346ca ("selftests: af_unix: Add tests for ECONNRESET and EOF semantics") Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2025-11-18T03:32:12+00:00 Ido Schimmel idosch@nvidia.com 2025-11-16T08:10:29+00:00 urn:sha1:bed22c7b90af732978715a1789bca1c3cfa245a6 ret_set_ksft_status() calls ksft_status_merge() with the current return status and the last one. It treats a non-zero return code from ksft_status_merge() as an indication that the return status was overwritten by the last one and therefore overwrites the return message with the last one. Currently, ksft_status_merge() returns a non-zero return code even if the current return status and the last one are equal. This results in return messages being overwritten which is counter-productive since we are more interested in the first failure message and not the last one. Fix by changing ksft_status_merge() to only return a non-zero return code if the current return status was actually changed. Add a test case which checks that the first error message is not overwritten. Before: # ./lib_sh_test.sh [...] TEST: RET tfail2 tfail -> fail [FAIL] retmsg=tfail expected tfail2 [...] # echo $? 1 After: # ./lib_sh_test.sh [...] TEST: RET tfail2 tfail -> fail [ OK ] [...] # echo $? 0 Fixes: 596c8819cb78 ("selftests: forwarding: Have RET track kselftest framework constants") Reviewed-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Ido Schimmel <idosch@nvidia.com> Link: https://patch.msgid.link/20251116081029.69112-1-idosch@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>