]> git.baikalelectronics.ru Git - kernel.git/log
kernel.git
2 years agoMerge branch 'docs-update-and-move-the-netdev-faq'
Paolo Abeni [Thu, 31 Mar 2022 08:49:42 +0000 (10:49 +0200)]
Merge branch 'docs-update-and-move-the-netdev-faq'

Jakub Kicinski says:

====================
docs: update and move the netdev-FAQ

A section of documentation for tree-specific process quirks had
been created a while back. There's only one tree in it, so far,
the tip tree, but the contents seem to answer similar questions
as we answer in the netdev-FAQ. Move the netdev-FAQ.

Take this opportunity to touch up and update a few sections.

v3: remove some confrontational? language from patch 7
v2: remove non-git in patch 3
    add patch 5
====================

Link: https://lore.kernel.org/r/20220330042505.2902770-1-kuba@kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: move the netdev-FAQ to the process pages
Jakub Kicinski [Wed, 30 Mar 2022 04:25:05 +0000 (21:25 -0700)]
docs: netdev: move the netdev-FAQ to the process pages

The documentation for the tip tree is really in quite a similar
spirit to the netdev-FAQ. Move the netdev-FAQ to the process docs
as well.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: broaden the new vs old code formatting guidelines
Jakub Kicinski [Wed, 30 Mar 2022 04:25:04 +0000 (21:25 -0700)]
docs: netdev: broaden the new vs old code formatting guidelines

Convert the "should I use new or old comment formatting" to cover
all formatting. This makes the question itself shorter.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: call out the merge window in tag checking
Jakub Kicinski [Wed, 30 Mar 2022 04:25:03 +0000 (21:25 -0700)]
docs: netdev: call out the merge window in tag checking

Add the most important case to the question about "where are we
in the cycle" - the case of net-next being closed.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: add missing back ticks
Jakub Kicinski [Wed, 30 Mar 2022 04:25:02 +0000 (21:25 -0700)]
docs: netdev: add missing back ticks

I think double back ticks are more correct. Add where they are missing.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: make the testing requirement more stringent
Jakub Kicinski [Wed, 30 Mar 2022 04:25:01 +0000 (21:25 -0700)]
docs: netdev: make the testing requirement more stringent

These days we often ask for selftests so let's update our
testing requirements.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: add a question about re-posting frequency
Jakub Kicinski [Wed, 30 Mar 2022 04:25:00 +0000 (21:25 -0700)]
docs: netdev: add a question about re-posting frequency

We have to tell people to stop reposting to often lately,
or not to repost while the discussion is ongoing.
Document this.

Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: rephrase the 'should I update patchwork' question
Jakub Kicinski [Wed, 30 Mar 2022 04:24:59 +0000 (21:24 -0700)]
docs: netdev: rephrase the 'should I update patchwork' question

Make the question shorter and adjust the start of the answer accordingly.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: rephrase the 'Under review' question
Jakub Kicinski [Wed, 30 Mar 2022 04:24:58 +0000 (21:24 -0700)]
docs: netdev: rephrase the 'Under review' question

The semantics of "Under review" have shifted. Reword the question
about it a bit and focus it on the response time.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: shorten the name and mention msgid for patch status
Jakub Kicinski [Wed, 30 Mar 2022 04:24:57 +0000 (21:24 -0700)]
docs: netdev: shorten the name and mention msgid for patch status

Cut down the length of the question so it renders better in docs.
Mention that Message-ID can be used to search patchwork.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: note that RFC postings are allowed any time
Jakub Kicinski [Wed, 30 Mar 2022 04:24:56 +0000 (21:24 -0700)]
docs: netdev: note that RFC postings are allowed any time

Document that RFCs are allowed during the merge window.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: turn the net-next closed into a Warning
Jakub Kicinski [Wed, 30 Mar 2022 04:24:55 +0000 (21:24 -0700)]
docs: netdev: turn the net-next closed into a Warning

Use the sphinx Warning box to make the net-next being closed
stand out more.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: move the patch marking section up
Jakub Kicinski [Wed, 30 Mar 2022 04:24:54 +0000 (21:24 -0700)]
docs: netdev: move the patch marking section up

We want people to mark their patches with net and net-next in the subject.
Many miss doing that. Move the FAQ section which points that out up, and
place it after the section which enumerates the trees, that seems like
a pretty logical place for it. Since the two sections are together we
can remove a little bit (not too much) of the repetition.

v2: also remove the text for non-git setups, we want people to use git.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: minor reword
Jakub Kicinski [Wed, 30 Mar 2022 04:24:53 +0000 (21:24 -0700)]
docs: netdev: minor reword

that -> those

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agodocs: netdev: replace references to old archives
Jakub Kicinski [Wed, 30 Mar 2022 04:24:52 +0000 (21:24 -0700)]
docs: netdev: replace references to old archives

Most people use (or should use) lore at this point.
Replace the pointers to older archiving systems.

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agonet: sparx5: uses, depends on BRIDGE or !BRIDGE
Randy Dunlap [Wed, 30 Mar 2022 01:20:25 +0000 (18:20 -0700)]
net: sparx5: uses, depends on BRIDGE or !BRIDGE

Fix build errors when BRIDGE=m and SPARX5_SWITCH=y:

riscv64-linux-ld: drivers/net/ethernet/microchip/sparx5/sparx5_switchdev.o: in function `.L305':
sparx5_switchdev.c:(.text+0xdb0): undefined reference to `br_vlan_enabled'
riscv64-linux-ld: drivers/net/ethernet/microchip/sparx5/sparx5_switchdev.o: in function `.L283':
sparx5_switchdev.c:(.text+0xee0): undefined reference to `br_vlan_enabled'

Fixes: 3cfa11bac9bb ("net: sparx5: add the basic sparx5 driver")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Horatiu Vultur <horatiu.vultur@microchip.com>
Cc: Lars Povlsen <lars.povlsen@microchip.com>
Cc: Steen Hegelund <Steen.Hegelund@microchip.com>
Cc: UNGLinuxDriver@microchip.com
Cc: Paolo Abeni <pabeni@redhat.com>
Link: https://lore.kernel.org/r/20220330012025.29560-1-rdunlap@infradead.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agoMerge branch 'wireguard-patches-for-5-18-rc1'
Jakub Kicinski [Thu, 31 Mar 2022 02:14:11 +0000 (19:14 -0700)]
Merge branch 'wireguard-patches-for-5-18-rc1'

Jason A. Donenfeld says:

====================
wireguard patches for 5.18-rc1

Here's a small set of fixes for the next net push:

1) Pipacs reported a CFI violation in a cleanup routine, which he
   triggered using grsec's RAP. I haven't seen reports of this yet from
   the Android/CFI world yet, but it's only a matter of time there.

2) A small rng cleanup to the self test harness to make it initialize
   faster on 5.18.

3) Wang reported and fixed a skb leak for CONFIG_IPV6=n.

4) After Wang's fix for the direct leak, I investigated how that code
   path even could be hit, and found that the netlink layer still
   handles IPv6 endpoints, when it probably shouldn't.
====================

Link: https://lore.kernel.org/r/20220330013127.426620-1-Jason@zx2c4.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agowireguard: socket: ignore v6 endpoints when ipv6 is disabled
Jason A. Donenfeld [Wed, 30 Mar 2022 01:31:27 +0000 (21:31 -0400)]
wireguard: socket: ignore v6 endpoints when ipv6 is disabled

The previous commit fixed a memory leak on the send path in the event
that IPv6 is disabled at compile time, but how did a packet even arrive
there to begin with? It turns out we have previously allowed IPv6
endpoints even when IPv6 support is disabled at compile time. This is
awkward and inconsistent. Instead, let's just ignore all things IPv6,
the same way we do other malformed endpoints, in the case where IPv6 is
disabled.

Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agowireguard: socket: free skb in send6 when ipv6 is disabled
Wang Hai [Wed, 30 Mar 2022 01:31:26 +0000 (21:31 -0400)]
wireguard: socket: free skb in send6 when ipv6 is disabled

I got a memory leak report:

unreferenced object 0xffff8881191fc040 (size 232):
  comm "kworker/u17:0", pid 23193, jiffies 4295238848 (age 3464.870s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff814c3ef4>] slab_post_alloc_hook+0x84/0x3b0
    [<ffffffff814c8977>] kmem_cache_alloc_node+0x167/0x340
    [<ffffffff832974fb>] __alloc_skb+0x1db/0x200
    [<ffffffff82612b5d>] wg_socket_send_buffer_to_peer+0x3d/0xc0
    [<ffffffff8260e94a>] wg_packet_send_handshake_initiation+0xfa/0x110
    [<ffffffff8260ec81>] wg_packet_handshake_send_worker+0x21/0x30
    [<ffffffff8119c558>] process_one_work+0x2e8/0x770
    [<ffffffff8119ca2a>] worker_thread+0x4a/0x4b0
    [<ffffffff811a88e0>] kthread+0x120/0x160
    [<ffffffff8100242f>] ret_from_fork+0x1f/0x30

In function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_
buffer_to_peer(), the semantics of send6() is required to free skb. But
when CONFIG_IPV6 is disable, kfree_skb() is missing. This patch adds it
to fix this bug.

Signed-off-by: Wang Hai <wanghai38@huawei.com>
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agowireguard: selftests: simplify RNG seeding
Jason A. Donenfeld [Wed, 30 Mar 2022 01:31:25 +0000 (21:31 -0400)]
wireguard: selftests: simplify RNG seeding

The seed_rng() function was written to work across lots of old kernels,
back when WireGuard used a big compatibility layer. Now that things have
evolved, we can vastly simplify this, by just marking the RNG as seeded.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agowireguard: queueing: use CFI-safe ptr_ring cleanup function
Jason A. Donenfeld [Wed, 30 Mar 2022 01:31:24 +0000 (21:31 -0400)]
wireguard: queueing: use CFI-safe ptr_ring cleanup function

We make too nuanced use of ptr_ring to entirely move to the skb_array
wrappers, but we at least should avoid the naughty function pointer cast
when cleaning up skbs. Otherwise RAP/CFI will honk at us. This patch
uses the __skb_array_destroy_skb wrapper for the cleanup, rather than
directly providing kfree_skb, which is what other drivers in the same
situation do too.

Reported-by: PaX Team <pageexec@freemail.hu>
Fixes: 886fcee939ad ("wireguard: receive: use ring buffer for incoming handshakes")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agosfc: Avoid NULL pointer dereference on systems without numa awareness
Martin Habets [Tue, 29 Mar 2022 16:07:49 +0000 (17:07 +0100)]
sfc: Avoid NULL pointer dereference on systems without numa awareness

On such systems cpumask_of_node() returns NULL, which bitmap
operations are not happy with.

Fixes: c265b569a45f ("sfc: default config to 1 channel/core in local NUMA node only")
Fixes: 09a99ab16c60 ("sfc: set affinity hints in local NUMA node only")
Signed-off-by: Martin Habets <habetsm.xilinx@gmail.com>
Reviewed-by: Íñigo Huguet <ihuguet@redhat.com>
Link: https://lore.kernel.org/r/164857006953.8140.3265568858101821256.stgit@palantir17.mph.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agoptp: ocp: handle error from nvmem_device_find
Jonathan Lemon [Tue, 29 Mar 2022 16:03:54 +0000 (09:03 -0700)]
ptp: ocp: handle error from nvmem_device_find

nvmem_device_find returns a valid pointer or IS_ERR().
Handle this properly.

Fixes: 0cfcdd1ebcfe ("ptp: ocp: add nvmem interface for accessing eeprom")
Signed-off-by: Jonathan Lemon <jonathan.lemon@gmail.com>
Link: https://lore.kernel.org/r/20220329160354.4035-1-jonathan.lemon@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: dsa: felix: fix possible NULL pointer dereference
Zheng Yongjun [Tue, 29 Mar 2022 09:08:00 +0000 (09:08 +0000)]
net: dsa: felix: fix possible NULL pointer dereference

As the possible failure of the allocation, kzalloc() may return NULL
pointer.
Therefore, it should be better to check the 'sgi' in order to prevent
the dereference of NULL pointer.

Fixes: 23ae3a7877718 ("net: dsa: felix: add stream gate settings for psfp").
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Link: https://lore.kernel.org/r/20220329090800.130106-1-zhengyongjun3@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agoMerge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
Jakub Kicinski [Wed, 30 Mar 2022 01:59:14 +0000 (18:59 -0700)]
Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

Alexei Starovoitov says:

====================
pull-request: bpf 2022-03-29

We've added 16 non-merge commits during the last 1 day(s) which contain
a total of 24 files changed, 354 insertions(+), 187 deletions(-).

The main changes are:

1) x86 specific bits of fprobe/rethook, from Masami and Peter.

2) ice/xsk fixes, from Maciej and Magnus.

3) Various small fixes, from Andrii, Yonghong, Geliang and others.

* https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
  selftests/bpf: Fix clang compilation errors
  ice: xsk: Fix indexing in ice_tx_xsk_pool()
  ice: xsk: Stop Rx processing when ntc catches ntu
  ice: xsk: Eliminate unnecessary loop iteration
  xsk: Do not write NULL in SW ring at allocation failure
  x86,kprobes: Fix optprobe trampoline to generate complete pt_regs
  x86,rethook: Fix arch_rethook_trampoline() to generate a complete pt_regs
  x86,rethook,kprobes: Replace kretprobe with rethook on x86
  kprobes: Use rethook for kretprobe if possible
  bpftool: Fix generated code in codegen_asserts
  selftests/bpf: fix selftest after random: Urandom_read tracepoint removal
  bpf: Fix maximum permitted number of arguments check
  bpf: Sync comments for bpf_get_stack
  fprobe: Fix sparse warning for acccessing __rcu ftrace_hash
  fprobe: Fix smatch type mismatch warning
  bpf/bpftool: Add unprivileged_bpf_disabled check against value of 2
====================

Link: https://lore.kernel.org/r/20220329234924.39053-1-alexei.starovoitov@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agodt-bindings: net: qcom,ethqos: Document SM8150 SoC compatible
Vinod Koul [Fri, 25 Mar 2022 20:07:31 +0000 (01:37 +0530)]
dt-bindings: net: qcom,ethqos: Document SM8150 SoC compatible

SM8150 has an ethernet controller and it needs a different
configuration, so add a new compatible for this.

Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
[bhsharma: Massage the commit log]
Signed-off-by: Bhupesh Sharma <bhupesh.sharma@linaro.org>
Link: https://lore.kernel.org/r/20220325200731.1585554-1-bhupesh.sharma@linaro.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: lan966x: fix kernel oops on ioctl when I/F is down
Michael Walle [Mon, 28 Mar 2022 22:03:50 +0000 (00:03 +0200)]
net: lan966x: fix kernel oops on ioctl when I/F is down

ioctls handled by phy_mii_ioctl() will cause a kernel oops when the
interface is down. Fix it by making sure there is a PHY attached.

Fixes: 735fec995b21 ("net: lan966x: Implement SIOCSHWTSTAMP and SIOCGHWTSTAMP")
Signed-off-by: Michael Walle <michael@walle.cc>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20220328220350.3118969-1-michael@walle.cc
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agoMerge branch 'fix-uaf-bugs-caused-by-ax25_release'
Paolo Abeni [Tue, 29 Mar 2022 08:24:37 +0000 (10:24 +0200)]
Merge branch 'fix-uaf-bugs-caused-by-ax25_release'

Duoming Zhou says:

====================
Fix UAF bugs caused by ax25_release()

The first patch fixes UAF bugs in ax25_send_control, and
the second patch fixes UAF bugs in ax25 timers.
====================

Link: https://lore.kernel.org/r/cover.1648472006.git.duoming@zju.edu.cn
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agoax25: Fix UAF bugs in ax25 timers
Duoming Zhou [Mon, 28 Mar 2022 13:00:15 +0000 (21:00 +0800)]
ax25: Fix UAF bugs in ax25 timers

There are race conditions that may lead to UAF bugs in
ax25_heartbeat_expiry(), ax25_t1timer_expiry(), ax25_t2timer_expiry(),
ax25_t3timer_expiry() and ax25_idletimer_expiry(), when we call
ax25_release() to deallocate ax25_dev.

One of the UAF bugs caused by ax25_release() is shown below:

      (Thread 1)                    |      (Thread 2)
ax25_dev_device_up() //(1)          |
...                                 | ax25_kill_by_device()
ax25_bind()          //(2)          |
ax25_connect()                      | ...
 ax25_std_establish_data_link()     |
  ax25_start_t1timer()              | ax25_dev_device_down() //(3)
   mod_timer(&ax25->t1timer,..)     |
                                    | ax25_release()
   (wait a time)                    |  ...
                                    |  ax25_dev_put(ax25_dev) //(4)FREE
   ax25_t1timer_expiry()            |
    ax25->ax25_dev->values[..] //USE|  ...
     ...                            |

We increase the refcount of ax25_dev in position (1) and (2), and
decrease the refcount of ax25_dev in position (3) and (4).
The ax25_dev will be freed in position (4) and be used in
ax25_t1timer_expiry().

The fail log is shown below:
==============================================================

[  106.116942] BUG: KASAN: use-after-free in ax25_t1timer_expiry+0x1c/0x60
[  106.116942] Read of size 8 at addr ffff88800bda9028 by task swapper/0/0
[  106.116942] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.17.0-06123-g0905eec574
[  106.116942] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-14
[  106.116942] Call Trace:
...
[  106.116942]  ax25_t1timer_expiry+0x1c/0x60
[  106.116942]  call_timer_fn+0x122/0x3d0
[  106.116942]  __run_timers.part.0+0x3f6/0x520
[  106.116942]  run_timer_softirq+0x4f/0xb0
[  106.116942]  __do_softirq+0x1c2/0x651
...

This patch adds del_timer_sync() in ax25_release(), which could ensure
that all timers stop before we deallocate ax25_dev.

Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agoax25: fix UAF bug in ax25_send_control()
Duoming Zhou [Mon, 28 Mar 2022 13:00:14 +0000 (21:00 +0800)]
ax25: fix UAF bug in ax25_send_control()

There are UAF bugs in ax25_send_control(), when we call ax25_release()
to deallocate ax25_dev. The possible race condition is shown below:

      (Thread 1)              |     (Thread 2)
ax25_dev_device_up() //(1)    |
                              | ax25_kill_by_device()
ax25_bind()          //(2)    |
ax25_connect()                | ...
 ax25->state = AX25_STATE_1   |
 ...                          | ax25_dev_device_down() //(3)

      (Thread 3)
ax25_release()                |
 ax25_dev_put()  //(4) FREE   |
 case AX25_STATE_1:           |
  ax25_send_control()         |
   alloc_skb()       //USE    |

The refcount of ax25_dev increases in position (1) and (2), and
decreases in position (3) and (4). The ax25_dev will be freed
before dereference sites in ax25_send_control().

The following is part of the report:

[  102.297448] BUG: KASAN: use-after-free in ax25_send_control+0x33/0x210
[  102.297448] Read of size 8 at addr ffff888009e6e408 by task ax25_close/602
[  102.297448] Call Trace:
[  102.303751]  ax25_send_control+0x33/0x210
[  102.303751]  ax25_release+0x356/0x450
[  102.305431]  __sock_release+0x6d/0x120
[  102.305431]  sock_close+0xf/0x20
[  102.305431]  __fput+0x11f/0x420
[  102.305431]  task_work_run+0x86/0xd0
[  102.307130]  get_signal+0x1075/0x1220
[  102.308253]  arch_do_signal_or_restart+0x1df/0xc00
[  102.308253]  exit_to_user_mode_prepare+0x150/0x1e0
[  102.308253]  syscall_exit_to_user_mode+0x19/0x50
[  102.308253]  do_syscall_64+0x48/0x90
[  102.308253]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  102.308253] RIP: 0033:0x405ae7

This patch defers the free operation of ax25_dev and net_device after
all corresponding dereference sites in ax25_release() to avoid UAF.

Fixes: 9fd75b66b8f6 ("ax25: Fix refcount leaks caused by ax25_cb_del()")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agoopenvswitch: Fixed nd target mask field in the flow dump.
Martin Varghese [Mon, 28 Mar 2022 05:41:48 +0000 (11:11 +0530)]
openvswitch: Fixed nd target mask field in the flow dump.

IPv6 nd target mask was not getting populated in flow dump.

In the function __ovs_nla_put_key the icmp code mask field was checked
instead of icmp code key field to classify the flow as neighbour discovery.

ufid:bdfbe3e5-60c2-43b0-a5ff-dfcac1c37328, recirc_id(0),dp_hash(0/0),
skb_priority(0/0),in_port(ovs-nm1),skb_mark(0/0),ct_state(0/0),
ct_zone(0/0),ct_mark(0/0),ct_label(0/0),
eth(src=00:00:00:00:00:00/00:00:00:00:00:00,
dst=00:00:00:00:00:00/00:00:00:00:00:00),
eth_type(0x86dd),
ipv6(src=::/::,dst=::/::,label=0/0,proto=58,tclass=0/0,hlimit=0/0,frag=no),
icmpv6(type=135,code=0),
nd(target=2001::2/::,
sll=00:00:00:00:00:00/00:00:00:00:00:00,
tll=00:00:00:00:00:00/00:00:00:00:00:00),
packets:10, bytes:860, used:0.504s, dp:ovs, actions:ovs-nm2

Fixes: e64457191a25 (openvswitch: Restructure datapath.c and flow.c)
Signed-off-by: Martin Varghese <martin.varghese@nokia.com>
Link: https://lore.kernel.org/r/20220328054148.3057-1-martinvarghesenokia@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 years agoselftests/bpf: Fix clang compilation errors
Yonghong Song [Fri, 25 Mar 2022 20:03:04 +0000 (13:03 -0700)]
selftests/bpf: Fix clang compilation errors

llvm upstream patch ([1]) added to issue warning for code like
  void test() {
    int j = 0;
    for (int i = 0; i < 1000; i++)
            j++;
    return;
  }

This triggered several errors in selftests/bpf build since
compilation flag -Werror is used.
  ...
  test_lpm_map.c:212:15: error: variable 'n_matches' set but not used [-Werror,-Wunused-but-set-variable]
        size_t i, j, n_matches, n_matches_after_delete, n_nodes, n_lookups;
                     ^
  test_lpm_map.c:212:26: error: variable 'n_matches_after_delete' set but not used [-Werror,-Wunused-but-set-variable]
        size_t i, j, n_matches, n_matches_after_delete, n_nodes, n_lookups;
                                ^
  ...
  prog_tests/get_stack_raw_tp.c:32:15: error: variable 'cnt' set but not used [-Werror,-Wunused-but-set-variable]
        static __u64 cnt;
                     ^
  ...

  For test_lpm_map.c, 'n_matches'/'n_matches_after_delete' are changed to be volatile
  in order to silent the warning. I didn't remove these two declarations since
  they are referenced in a commented code which might be used by people in certain
  cases. For get_stack_raw_tp.c, the variable 'cnt' is removed.

  [1] https://reviews.llvm.org/D122271

Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220325200304.2915588-1-yhs@fb.com
2 years agoMerge branch 'xsk: another round of fixes'
Alexei Starovoitov [Tue, 29 Mar 2022 02:56:28 +0000 (19:56 -0700)]
Merge branch 'xsk: another round of fixes'

Maciej Fijalkowski says:

====================

Hello,

yet another fixes for XSK from Magnus and me.

Magnus addresses the fact that xp_alloc() can return NULL, so this needs
to be handled to avoid clearing entries in the SW ring on driver side.
Then he addresses the off-by-one problem in Tx desc cleaning routine for
ice ZC driver.

From my side, I am adding protection to ZC Rx processing loop so that
cleaning of descriptors wouldn't go over already processed entries.
Then I also fix an issue with assigning XSK pool to Tx queues.

This is directed to bpf tree.

Thanks!

Maciej Fijalkowski (2):
  ice: xsk: stop Rx processing when ntc catches ntu
  ice: xsk: fix indexing in ice_tx_xsk_pool()
====================

Acked-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2 years agoice: xsk: Fix indexing in ice_tx_xsk_pool()
Maciej Fijalkowski [Mon, 28 Mar 2022 14:21:23 +0000 (16:21 +0200)]
ice: xsk: Fix indexing in ice_tx_xsk_pool()

Ice driver tries to always create XDP rings array to be
num_possible_cpus() sized, regardless of user's queue count setting that
can be changed via ethtool -L for example.

Currently, ice_tx_xsk_pool() calculates the qid by decrementing the
ring->q_index by the count of XDP queues, but ring->q_index is set to 'i
+ vsi->alloc_txq'.

When user did ethtool -L $IFACE combined 1, alloc_txq is 1, but
vsi->num_xdp_txq is still num_possible_cpus(). Then, ice_tx_xsk_pool()
will do OOB access and in the final result ring would not get xsk_pool
pointer assigned. Then, each ice_xsk_wakeup() call will fail with error
and it will not be possible to get into NAPI and do the processing from
driver side.

Fix this by decrementing vsi->alloc_txq instead of vsi->num_xdp_txq from
ring-q_index in ice_tx_xsk_pool() so the calculation is reflected to the
setting of ring->q_index.

Fixes: 22bf877e528f ("ice: introduce XDP_TX fallback path")
Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220328142123.170157-5-maciej.fijalkowski@intel.com
2 years agoice: xsk: Stop Rx processing when ntc catches ntu
Maciej Fijalkowski [Mon, 28 Mar 2022 14:21:22 +0000 (16:21 +0200)]
ice: xsk: Stop Rx processing when ntc catches ntu

This can happen with big budget values and some breakage of re-filling
descriptors as we do not clear the entry that ntu is pointing at the end
of ice_alloc_rx_bufs_zc. So if ntc is at ntu then it might be the case
that status_error0 has an old, uncleared value and ntc would go over
with processing which would result in false results.

Break Rx loop when ntc == ntu to avoid broken behavior.

Fixes: 3876ff525de7 ("ice: xsk: Handle SW XDP ring wrap and bump tail more often")
Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220328142123.170157-4-maciej.fijalkowski@intel.com
2 years agoice: xsk: Eliminate unnecessary loop iteration
Magnus Karlsson [Mon, 28 Mar 2022 14:21:21 +0000 (16:21 +0200)]
ice: xsk: Eliminate unnecessary loop iteration

The NIC Tx ring completion routine cleans entries from the ring in
batches. However, it processes one more batch than it is supposed
to. Note that this does not matter from a functionality point of view
since it will not find a set DD bit for the next batch and just exit
the loop. But from a performance perspective, it is faster to
terminate the loop before and not issue an expensive read over PCIe to
get the DD bit.

Fixes: 126cdfe1007a ("ice: xsk: Improve AF_XDP ZC Tx and use batching API")
Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220328142123.170157-3-maciej.fijalkowski@intel.com
2 years agoxsk: Do not write NULL in SW ring at allocation failure
Magnus Karlsson [Mon, 28 Mar 2022 14:21:20 +0000 (16:21 +0200)]
xsk: Do not write NULL in SW ring at allocation failure

For the case when xp_alloc_batch() is used but the batched allocation
cannot be used, there is a slow path that uses the non-batched
xp_alloc(). When it fails to allocate an entry, it returns NULL. The
current code wrote this NULL into the entry of the provided results
array (pointer to the driver SW ring usually) and returned. This might
not be what the driver expects and to make things simpler, just write
successfully allocated xdp_buffs into the SW ring,. The driver might
have information in there that is still important after an allocation
failure.

Note that at this point in time, there are no drivers using
xp_alloc_batch() that could trigger this slow path. But one might get
added.

Fixes: 47e4075df300 ("xsk: Batched buffer allocation for the pool")
Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220328142123.170157-2-maciej.fijalkowski@intel.com
2 years agoMerge branch 'kprobes: rethook: x86: Replace kretprobe trampoline with rethook'
Alexei Starovoitov [Tue, 29 Mar 2022 02:39:06 +0000 (19:39 -0700)]
Merge branch 'kprobes: rethook: x86: Replace kretprobe trampoline with rethook'

Masami Hiramatsu says:

====================
Here are the 3rd version for generic kretprobe and kretprobe on x86 for
replacing the kretprobe trampoline with rethook. The previous version
is here[1]

[1] https://lore.kernel.org/all/164821817332.2373735.12048266953420821089.stgit@devnote2/T/#u

This version fixed typo and build issues for bpf-next and CONFIG_RETHOOK=y
error. I also add temporary mitigation lines for ANNOTATE_NOENDBR macro
issue for bpf-next tree [2/4].

This will be removed after merging kernel IBT series.

Background:

This rethook came from Jiri's request of multiple kprobe for bpf[2].
He tried to solve an issue that starting bpf with multiple kprobe will
take a long time because bpf-kprobe will wait for RCU grace period for
sync rcu events.

Jiri wanted to attach a single bpf handler to multiple kprobes and
he tried to introduce multiple-probe interface to kprobe. So I asked
him to use ftrace and kretprobe-like hook if it is only for the
function entry and exit, instead of adding ad-hoc interface
to kprobes.
For this purpose, I introduced the fprobe (kprobe like interface for
ftrace) with the rethook (this is a generic return hook feature for
fprobe exit handler)[3].

[2] https://lore.kernel.org/all/20220104080943.113249-1-jolsa@kernel.org/T/#u
[3] https://lore.kernel.org/all/164191321766.806991.7930388561276940676.stgit@devnote2/T/#u

The rethook is basically same as the kretprobe trampoline. I just made
it decoupled from kprobes. Eventually, the all arch dependent kretprobe
trampolines will be replaced with the rethook trampoline instead of
cloning and set HAVE_RETHOOK=y.
When I port the rethook for all arch which supports kretprobe, the
legacy kretprobe specific code (which is for CONFIG_KRETPROBE_ON_RETHOOK=n)
will be removed eventually.
====================

Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2 years agox86,kprobes: Fix optprobe trampoline to generate complete pt_regs
Masami Hiramatsu [Sat, 26 Mar 2022 02:27:40 +0000 (11:27 +0900)]
x86,kprobes: Fix optprobe trampoline to generate complete pt_regs

Currently the optprobe trampoline template code ganerate an
almost complete pt_regs on-stack, everything except regs->ss.
The 'regs->ss' points to the top of stack, which is not a
valid segment decriptor.

As same as the rethook does, complete the job by also pushing ss.

Suggested-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/164826166027.2455864.14759128090648961900.stgit@devnote2
2 years agox86,rethook: Fix arch_rethook_trampoline() to generate a complete pt_regs
Peter Zijlstra [Sat, 26 Mar 2022 02:27:28 +0000 (11:27 +0900)]
x86,rethook: Fix arch_rethook_trampoline() to generate a complete pt_regs

Currently arch_rethook_trampoline() generates an almost complete
pt_regs on-stack, everything except regs->ss that is, that currently
points to the fake return address, which is not a valid segment
descriptor.

Since interpretation of regs->[sb]p should be done in the context of
regs->ss, and we have code actually doing that (see
arch/x86/lib/insn-eval.c for instance), complete the job by also
pushing ss.

This ensures that anybody who does do look at regs->ss doesn't
mysteriously malfunction, avoiding much future pain.

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Link: https://lore.kernel.org/bpf/164826164851.2455864.17272661073069737350.stgit@devnote2
2 years agox86,rethook,kprobes: Replace kretprobe with rethook on x86
Masami Hiramatsu [Sat, 26 Mar 2022 02:27:17 +0000 (11:27 +0900)]
x86,rethook,kprobes: Replace kretprobe with rethook on x86

Replaces the kretprobe code with rethook on x86. With this patch,
kretprobe on x86 uses the rethook instead of kretprobe specific
trampoline code.

Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Tested-by: Jiri Olsa <jolsa@kernel.org>
Link: https://lore.kernel.org/bpf/164826163692.2455864.13745421016848209527.stgit@devnote2
2 years agokprobes: Use rethook for kretprobe if possible
Masami Hiramatsu [Sat, 26 Mar 2022 02:27:05 +0000 (11:27 +0900)]
kprobes: Use rethook for kretprobe if possible

Use rethook for kretprobe function return hooking if the arch sets
CONFIG_HAVE_RETHOOK=y. In this case, CONFIG_KRETPROBE_ON_RETHOOK is
set to 'y' automatically, and the kretprobe internal data fields
switches to use rethook. If not, it continues to use kretprobe
specific function return hooks.

Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/164826162556.2455864.12255833167233452047.stgit@devnote2
2 years agobpftool: Fix generated code in codegen_asserts
Jiri Olsa [Mon, 28 Mar 2022 08:37:03 +0000 (10:37 +0200)]
bpftool: Fix generated code in codegen_asserts

Arnaldo reported perf compilation fail with:

  $ make -k BUILD_BPF_SKEL=1 CORESIGHT=1 PYTHON=python3
  ...
  In file included from util/bpf_counter.c:28:
  /tmp/build/perf//util/bpf_skel/bperf_leader.skel.h: In function ‘bperf_leader_bpf__assert’:
  /tmp/build/perf//util/bpf_skel/bperf_leader.skel.h:351:51: error: unused parameter ‘s’ [-Werror=unused-parameter]
    351 | bperf_leader_bpf__assert(struct bperf_leader_bpf *s)
        |                          ~~~~~~~~~~~~~~~~~~~~~~~~~^
  cc1: all warnings being treated as errors

If there's nothing to generate in the new assert function,
we will get unused 's' warn/error, adding 'unused' attribute to it.

Fixes: 08d4dba6ae77 ("bpftool: Bpf skeletons assert type sizes")
Reported-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Link: https://lore.kernel.org/bpf/20220328083703.2880079-1-jolsa@kernel.org
2 years agoselftests/bpf: fix selftest after random: Urandom_read tracepoint removal
Andrii Nakryiko [Fri, 25 Mar 2022 22:56:43 +0000 (15:56 -0700)]
selftests/bpf: fix selftest after random: Urandom_read tracepoint removal

14c174633f34 ("random: remove unused tracepoints") removed all the
tracepoints from drivers/char/random.c, one of which,
random:urandom_read, was used by stacktrace_build_id selftest to trigger
stack trace capture.

Fix breakage by switching to kprobing urandom_read() function.

Suggested-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20220325225643.2606-1-andrii@kernel.org
2 years agobpf: Fix maximum permitted number of arguments check
Yuntao Wang [Thu, 24 Mar 2022 16:42:38 +0000 (00:42 +0800)]
bpf: Fix maximum permitted number of arguments check

Since the m->arg_size array can hold up to MAX_BPF_FUNC_ARGS argument
sizes, it's ok that nargs is equal to MAX_BPF_FUNC_ARGS.

Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/20220324164238.1274915-1-ytcoode@gmail.com
2 years agobpf: Sync comments for bpf_get_stack
Geliang Tang [Thu, 24 Mar 2022 08:37:32 +0000 (16:37 +0800)]
bpf: Sync comments for bpf_get_stack

Commit ee2a098851bf missed updating the comments for helper bpf_get_stack
in tools/include/uapi/linux/bpf.h. Sync it.

Fixes: ee2a098851bf ("bpf: Adjust BPF stack helper functions to accommodate skip > 0")
Signed-off-by: Geliang Tang <geliang.tang@suse.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/ce54617746b7ed5e9ba3b844e55e74cb8a60e0b5.1648110794.git.geliang.tang@suse.com
2 years agoMerge branch 'fprobe: Fixes for Sparse and Smatch warnings'
Alexei Starovoitov [Tue, 29 Mar 2022 02:05:41 +0000 (19:05 -0700)]
Merge branch 'fprobe: Fixes for Sparse and Smatch warnings'

Masami Hiramatsu says:

====================

Hi,

These fprobe patches are for fixing the warnings by Smatch and sparse.
This is arch independent part of the fixes.

Thank you,
---
====================

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2 years agofprobe: Fix sparse warning for acccessing __rcu ftrace_hash
Masami Hiramatsu [Wed, 23 Mar 2022 07:35:36 +0000 (16:35 +0900)]
fprobe: Fix sparse warning for acccessing __rcu ftrace_hash

Since ftrace_ops::local_hash::filter_hash field is an __rcu pointer,
we have to use rcu_access_pointer() to access it.

Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/164802093635.1732982.4938094876018890866.stgit@devnote2
2 years agofprobe: Fix smatch type mismatch warning
Masami Hiramatsu [Wed, 23 Mar 2022 07:35:26 +0000 (16:35 +0900)]
fprobe: Fix smatch type mismatch warning

Fix the type mismatching warning of 'rethook_node vs fprobe_rethook_node'
found by Smatch.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/164802092611.1732982.12268174743437084619.stgit@devnote2
2 years agobpf/bpftool: Add unprivileged_bpf_disabled check against value of 2
Milan Landaverde [Tue, 22 Mar 2022 14:49:45 +0000 (10:49 -0400)]
bpf/bpftool: Add unprivileged_bpf_disabled check against value of 2

In [1], we added a kconfig knob that can set
/proc/sys/kernel/unprivileged_bpf_disabled to 2

We now check against this value in bpftool feature probe

[1] https://lore.kernel.org/bpf/74ec548079189e4e4dffaeb42b8987bb3c852eee.1620765074.git.daniel@iogearbox.net

Signed-off-by: Milan Landaverde <milan@mdaverde.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Quentin Monnet <quentin@isovalent.com>
Acked-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/bpf/20220322145012.1315376-1-milan@mdaverde.com
2 years agoMerge tag 'net-5.18-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Linus Torvalds [Tue, 29 Mar 2022 00:02:04 +0000 (17:02 -0700)]
Merge tag 'net-5.18-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Pull networking fixes from Jakub Kicinski:
 "Including fixes from netfilter.

  Current release - regressions:

   - llc: only change llc->dev when bind() succeeds, fix null-deref

  Current release - new code bugs:

   - smc: fix a memory leak in smc_sysctl_net_exit()

   - dsa: realtek: make interface drivers depend on OF

  Previous releases - regressions:

   - sched: act_ct: fix ref leak when switching zones

  Previous releases - always broken:

   - netfilter: egress: report interface as outgoing

   - vsock/virtio: enable VQs early on probe and finish the setup before
     using them

  Misc:

   - memcg: enable accounting for nft objects"

* tag 'net-5.18-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (39 commits)
  Revert "selftests: net: Add tls config dependency for tls selftests"
  net/smc: Send out the remaining data in sndbuf before close
  net: move net_unlink_todo() out of the header
  net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
  net: bnxt_ptp: fix compilation error
  selftests: net: Add tls config dependency for tls selftests
  memcg: enable accounting for nft objects
  net/sched: act_ct: fix ref leak when switching zones
  net/smc: fix a memory leak in smc_sysctl_net_exit()
  selftests: tls: skip cmsg_to_pipe tests with TLS=n
  octeontx2-af: initialize action variable
  net: sparx5: switchdev: fix possible NULL pointer dereference
  net/x25: Fix null-ptr-deref caused by x25_disconnect
  qlcnic: dcb: default to returning -EOPNOTSUPP
  net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL
  net: hns3: fix phy can not link up when autoneg off and reset
  net: hns3: add NULL pointer check for hns3_set/get_ringparam()
  net: hns3: add netdev reset check for hns3_set_tunable()
  net: hns3: clean residual vf config after disable sriov
  net: hns3: add max order judgement for tx spare buffer
  ...

2 years agoRevert "selftests: net: Add tls config dependency for tls selftests"
Jakub Kicinski [Mon, 28 Mar 2022 21:29:04 +0000 (14:29 -0700)]
Revert "selftests: net: Add tls config dependency for tls selftests"

This reverts commit d9142e1cf3bbdaf21337767114ecab26fe702d47.

The test is supposed to run cleanly with TLS is disabled,
to test compatibility with TCP behavior. I can't repro
the failure [1], the problem should be debugged rather
than papered over.

Link: https://lore.kernel.org/all/20220325161203.7000698c@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com/
Fixes: d9142e1cf3bb ("selftests: net: Add tls config dependency for tls selftests")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/r/20220328212904.2685395-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet/smc: Send out the remaining data in sndbuf before close
Wen Gu [Mon, 28 Mar 2022 06:10:36 +0000 (14:10 +0800)]
net/smc: Send out the remaining data in sndbuf before close

The current autocork algorithms will delay the data transmission
in BH context to smc_release_cb() when sock_lock is hold by user.

So there is a possibility that when connection is being actively
closed (sock_lock is hold by user now), some corked data still
remains in sndbuf, waiting to be sent by smc_release_cb(). This
will cause:

- smc_close_stream_wait(), which is called under the sock_lock,
  has a high probability of timeout because data transmission is
  delayed until sock_lock is released.

- Unexpected data sends may happen after connction closed and use
  the rtoken which has been deleted by remote peer through
  LLC_DELETE_RKEY messages.

So this patch will try to send out the remaining corked data in
sndbuf before active close process, to ensure data integrity and
avoid unexpected data transmission after close.

Reported-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
Fixes: 6b88af839d20 ("net/smc: don't send in the BH context if sock_owned_by_user")
Signed-off-by: Wen Gu <guwen@linux.alibaba.com>
Acked-by: Karsten Graul <kgraul@linux.ibm.com>
Link: https://lore.kernel.org/r/1648447836-111521-1-git-send-email-guwen@linux.alibaba.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agoMerge tag 'kgdb-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt...
Linus Torvalds [Mon, 28 Mar 2022 22:00:42 +0000 (15:00 -0700)]
Merge tag 'kgdb-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux

Pull kgdb update from Daniel Thompson:
 "Only a single patch this cycle. Fix an obvious mistake with the kdb
  memory accessors.

  It was a stupid mistake (to/from backwards) but it has been there for
  a long time since many architectures tolerated it with surprisingly
  good grace"

* tag 'kgdb-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux:
  kdb: Fix the putarea helper function

2 years agoMerge tag 'hexagon-5.18-0' of git://git.kernel.org/pub/scm/linux/kernel/git/bcain...
Linus Torvalds [Mon, 28 Mar 2022 21:53:00 +0000 (14:53 -0700)]
Merge tag 'hexagon-5.18-0' of git://git.kernel.org/pub/scm/linux/kernel/git/bcain/linux

Pull hexagon update from Brian Cain:
 "Maintainer email update"

* tag 'hexagon-5.18-0' of git://git.kernel.org/pub/scm/linux/kernel/git/bcain/linux:
  MAINTAINERS: update hexagon maintainer email, tree

2 years agoMerge tag 'microblaze-v5.18' of git://git.monstr.eu/linux-2.6-microblaze
Linus Torvalds [Mon, 28 Mar 2022 21:46:53 +0000 (14:46 -0700)]
Merge tag 'microblaze-v5.18' of git://git.monstr.eu/linux-2.6-microblaze

Pull microblaze updates from Michal Simek:

 - Small fixups

 - Remove unused pci_phys_mem_access_prot()

* tag 'microblaze-v5.18' of git://git.monstr.eu/linux-2.6-microblaze:
  microblaze/PCI: Remove pci_phys_mem_access_prot() dead code
  microblaze: add const to of_device_id
  microblaze: fix typo in a comment

2 years agonet: move net_unlink_todo() out of the header
Johannes Berg [Fri, 25 Mar 2022 21:50:23 +0000 (22:50 +0100)]
net: move net_unlink_todo() out of the header

There's no reason for this to be in netdevice.h, it's all
just used in dev.c. Also make it no longer inline and let
the compiler decide to do that by itself.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20220325225023.f49b9056fe1c.I6b901a2df00000837a9bd251a8dd259bd23f5ded@changeid
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agonet: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
Xiaomeng Tong [Mon, 28 Mar 2022 03:24:31 +0000 (11:24 +0800)]
net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator

The bug is here:
return rule;

The list iterator value 'rule' will *always* be set and non-NULL
by list_for_each_entry(), so it is incorrect to assume that the
iterator value will be NULL if the list is empty or no element
is found.

To fix the bug, return 'rule' when found, otherwise return NULL.

Fixes: ae7a5aff783c7 ("net: dsa: bcm_sf2: Keep copy of inserted rules")
Reviewed-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Xiaomeng Tong <xiam0nd.tong@gmail.com>
Link: https://lore.kernel.org/r/20220328032431.22538-1-xiam0nd.tong@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agoMerge tag 'livepatching-for-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Mon, 28 Mar 2022 21:38:31 +0000 (14:38 -0700)]
Merge tag 'livepatching-for-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching

Pull livepatching updates from Petr Mladek:

 - Forced transitions block only to-be-removed livepatches [Chengming]

 - Detect when ftrace handler could not be disabled in self-tests [David]

 - Calm down warning from a static analyzer [Tom]

* tag 'livepatching-for-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching:
  livepatch: Reorder to use before freeing a pointer
  livepatch: Don't block removal of patches that are safe to unload
  livepatch: Skip livepatch tests if ftrace cannot be configured

2 years agoMerge tag 'for-linus-5.18-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Mon, 28 Mar 2022 21:32:39 +0000 (14:32 -0700)]
Merge tag 'for-linus-5.18-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen updates from Juergen Gross:

 - A bunch of minor cleanups

 - A fix for kexec in Xen dom0 when executed on a high cpu number

 - A fix for resuming after suspend of a Xen guest with assigned PCI
   devices

 - A fix for a crash due to not disabled preemption when resuming as Xen
   dom0

* tag 'for-linus-5.18-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen: fix is_xen_pmu()
  xen: don't hang when resuming PCI device
  arch:x86:xen: Remove unnecessary assignment in xen_apic_read()
  xen/grant-table: remove readonly parameter from functions
  xen/grant-table: remove gnttab_*transfer*() functions
  drivers/xen: use helper macro __ATTR_RW
  x86/xen: Fix kerneldoc warning
  xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
  xen: use time_is_before_eq_jiffies() instead of open coding it

2 years agoMAINTAINERS: update hexagon maintainer email, tree
Brian Cain [Fri, 28 Jan 2022 16:46:30 +0000 (10:46 -0600)]
MAINTAINERS: update hexagon maintainer email, tree

Some email infrastructure changes required this switch.

Signed-off-by: Brian Cain <bcain@quicinc.com>
2 years agonet: bnxt_ptp: fix compilation error
Damien Le Moal [Mon, 28 Mar 2022 06:27:08 +0000 (15:27 +0900)]
net: bnxt_ptp: fix compilation error

The Broadcom bnxt_ptp driver does not compile with GCC 11.2.2 when
CONFIG_WERROR is enabled. The following error is generated:

drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c: In function ‘bnxt_ptp_enable’:
drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:400:43: error: array
subscript 255 is above array bounds of ‘struct pps_pin[4]’
[-Werror=array-bounds]
  400 |  ptp->pps_info.pins[pin_id].event = BNXT_PPS_EVENT_EXTERNAL;
      |  ~~~~~~~~~~~~~~~~~~^~~~~~~~
In file included from drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:20:
drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h:75:24: note: while
referencing ‘pins’
   75 |         struct pps_pin pins[BNXT_MAX_TSIO_PINS];
      |                        ^~~~
cc1: all warnings being treated as errors

This is due to the function ptp_find_pin() returning a pin ID of -1 when
a valid pin is not found and this error never being checked.
Change the TSIO_PIN_VALID() function to also check that a pin ID is not
negative and use this macro in bnxt_ptp_enable() to check the result of
the calls to ptp_find_pin() to return an error early for invalid pins.
This fixes the compilation error.

Cc: <stable@vger.kernel.org>
Fixes: 9e518f25802c ("bnxt_en: 1PPS functions to configure TSIO pins")
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Reviewed-by: Michael Chan <michael.chan@broadcom.com>
Link: https://lore.kernel.org/r/20220328062708.207079-1-damien.lemoal@opensource.wdc.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2 years agoMerge tag 'tty-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Linus Torvalds [Mon, 28 Mar 2022 20:00:51 +0000 (13:00 -0700)]
Merge tag 'tty-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

Pull tty/serial driver updates from Greg KH:
 "Here are the big set of tty and serial driver changes for 5.18-rc1.

  Nothing major, some more good cleanups from Jiri and 2 new serial
  drivers. Highlights include:

   - termbits cleanups

   - export symbol cleanups and other core cleanups from Jiri Slaby

   - new sunplus and mvebu uart drivers (amazing that people are still
     creating new uarts...)

   - samsung serial driver cleanups

   - ldisc 29 is now "reserved" for experimental/development line
     disciplines

   - lots of other tiny fixes and cleanups to serial drivers and
     bindings

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'tty-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (104 commits)
  vt_ioctl: fix potential spectre v1 in VT_DISALLOCATE
  serial: 8250: fix XOFF/XON sending when DMA is used
  tty: serial: samsung: Add ARTPEC-8 support
  dt-bindings: serial: samsung: Add ARTPEC-8 UART
  serial: sc16is7xx: Clear RS485 bits in the shutdown
  tty: serial: samsung: simplify getting OF match data
  tty: serial: samsung: constify variables and pointers
  tty: serial: samsung: constify s3c24xx_serial_drv_data members
  tty: serial: samsung: constify UART name
  tty: serial: samsung: constify s3c24xx_serial_drv_data
  tty: serial: samsung: reduce number of casts
  tty: serial: samsung: embed s3c2410_uartcfg in parent structure
  tty: serial: samsung: embed s3c24xx_uart_info in parent structure
  serial: 8250_tegra: mark acpi_device_id as unused with !ACPI
  tty: serial: bcm63xx: use more precise Kconfig symbol
  serial: SERIAL_SUNPLUS should depend on ARCH_SUNPLUS
  tty: serial: jsm: fix two assignments in if conditions
  tty: serial: jsm: remove redundant assignments to variable linestatus
  serial: 8250_mtk: make two read-only arrays static const
  serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
  ...

2 years agoMerge tag 'staging-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Mon, 28 Mar 2022 19:50:50 +0000 (12:50 -0700)]
Merge tag 'staging-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging driver updates from Greg KH:
 "Here is the big set of staging driver updates for 5.18-rc1.

  Loads of tiny cleanups for almost all staging drivers in here, nothing
  major at all. Highlights include:

   - remove the ashmem Android driver. It is long-dead and if there are
     any legacy userspace applications still using it, the Android
     kernel images will maintain it, the community shouldn't care about
     it anymore

   - wfx wifi driver major cleanups. Should be ready to merge out of
     staging soon, and will coordinate with the wifi maintainers after
     -rc1 is out

   - major cleanups and unwinding of the layers of the r8188eu driver.
     It's amazing just how many unneeded layers of abstraction is in
     there, just when we think it's done, another is found...

   - lots of tiny coding style cleanups in many other staging drivers.

  All have been in linux-next for a while with no reported problems"

* tag 'staging-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (455 commits)
  staging: r8188eu: remove unnecessary memset in r8188eu
  staging: greybus: introduce pwm_ops::apply
  staging: rts5208: Resolve checkpatch.pl issues.
  staging: sm750fb: fix naming style
  staging: fbtft: Consider type of init sequence values in fbtft_init_display()
  staging: fbtft: Constify buf parameter in fbtft_dbg_hex()
  staging: mmal-vchiq: clear redundant item named bulk_scratch
  mips: dts: ralink: add MT7621 SoC
  staging: r8188eu: remove some unused local ieee80211 macros
  staging: r8188eu: make rtl8188e_process_phy_info static
  staging: r8188eu: remove unused function prototype
  staging: r8188eu: remove three unused receive defines
  staging: r8188eu: remove unnecessary initializations
  staging: rtl8192e: Fix spelling mistake "RESQUEST" -> "REQUEST"
  MAINTAINERS: remove the obsolete file entry for staging in ANDROID DRIVERS
  staging: r8188eu: proper error handling in rtw_init_drv_sw
  staging: r8188eu: call _cancel_timer_ex from _rtw_free_recv_priv
  staging: vt6656: Removed unused variable vt3342_vnt_threshold
  staging: vt6656: Removed unused variable bb_vga_0
  staging: remove ashmem
  ...

2 years agoMerge tag 'driver-core-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Mon, 28 Mar 2022 19:41:28 +0000 (12:41 -0700)]
Merge tag 'driver-core-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core updates from Greg KH:
 "Here is the set of driver core changes for 5.18-rc1.

  Not much here, primarily it was a bunch of cleanups and small updates:

   - kobj_type cleanups for default_groups

   - documentation updates

   - firmware loader minor changes

   - component common helper added and take advantage of it in many
     drivers (the largest part of this pull request).

  All of these have been in linux-next for a while with no reported
  problems"

* tag 'driver-core-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (54 commits)
  Documentation: update stable review cycle documentation
  drivers/base/dd.c : Remove the initial value of the global variable
  Documentation: update stable tree link
  Documentation: add link to stable release candidate tree
  devres: fix typos in comments
  Documentation: add note block surrounding security patch note
  samples/kobject: Use sysfs_emit instead of sprintf
  base: soc: Make soc_device_match() simpler and easier to read
  driver core: dd: fix return value of __setup handler
  driver core: Refactor sysfs and drv/bus remove hooks
  driver core: Refactor multiple copies of device cleanup
  scripts: get_abi.pl: Fix typo in help message
  kernfs: fix typos in comments
  kernfs: remove unneeded #if 0 guard
  ALSA: hda/realtek: Make use of the helper component_compare_dev_name
  video: omapfb: dss: Make use of the helper component_compare_dev
  power: supply: ab8500: Make use of the helper component_compare_dev
  ASoC: codecs: wcd938x: Make use of the helper component_compare/release_of
  iommu/mediatek: Make use of the helper component_compare/release_of
  drm: of: Make use of the helper component_release_of
  ...

2 years agoMerge tag 'char-misc-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregk...
Linus Torvalds [Mon, 28 Mar 2022 19:27:35 +0000 (12:27 -0700)]
Merge tag 'char-misc-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull char/misc and other driver updates from Greg KH:
 "Here is the big set of char/misc and other small driver subsystem
  updates for 5.18-rc1.

  Included in here are merges from driver subsystems which contain:

   - iio driver updates and new drivers

   - fsi driver updates

   - fpga driver updates

   - habanalabs driver updates and support for new hardware

   - soundwire driver updates and new drivers

   - phy driver updates and new drivers

   - coresight driver updates

   - icc driver updates

  Individual changes include:

   - mei driver updates

   - interconnect driver updates

   - new PECI driver subsystem added

   - vmci driver updates

   - lots of tiny misc/char driver updates

  All of these have been in linux-next for a while with no reported
  problems"

* tag 'char-misc-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (556 commits)
  firmware: google: Properly state IOMEM dependency
  kgdbts: fix return value of __setup handler
  firmware: sysfb: fix platform-device leak in error path
  firmware: stratix10-svc: add missing callback parameter on RSU
  arm64: dts: qcom: add non-secure domain property to fastrpc nodes
  misc: fastrpc: Add dma handle implementation
  misc: fastrpc: Add fdlist implementation
  misc: fastrpc: Add helper function to get list and page
  misc: fastrpc: Add support to secure memory map
  dt-bindings: misc: add fastrpc domain vmid property
  misc: fastrpc: check before loading process to the DSP
  misc: fastrpc: add secure domain support
  dt-bindings: misc: add property to support non-secure DSP
  misc: fastrpc: Add support to get DSP capabilities
  misc: fastrpc: add support for FASTRPC_IOCTL_MEM_MAP/UNMAP
  misc: fastrpc: separate fastrpc device from channel context
  dt-bindings: nvmem: brcm,nvram: add basic NVMEM cells
  dt-bindings: nvmem: make "reg" property optional
  nvmem: brcm_nvram: parse NVRAM content into NVMEM cells
  nvmem: dt-bindings: Fix the error of dt-bindings check
  ...

2 years agoMerge tag 'pinctrl-v5.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw...
Linus Torvalds [Mon, 28 Mar 2022 18:52:53 +0000 (11:52 -0700)]
Merge tag 'pinctrl-v5.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pin control updates from Linus Walleij:
 "No core changes this time. Just new driver code and improvements!

  New drivers:

   - New driver for the Broadcom BCM4908 SoC.

   - New subdriver for Tesla FSD (Full Self Driving) SoC, a derivative
     of the Samsung Exynos pin control driver.

   - New driver for the Amlogic Meson S4 SoC.

   - New driver for the Sunplus SP7021 SoC.

   - New driver for the Microsemi Ocelot family ServalT SoC.

   - New subdriver for Intel Alder Lake-M SoC.

   - New subdriver for Intel Ice Lake-N SoC, including PCH support.

   - New subdriver for Renesas R8A779F0 SoC.

   - New subdriver for Mediatek MT8186 SoC.

   - New subdriver for NXP Freescale i.MX93 SoC.

   - New driver for Nuvoton WPCM450 SoC.

   - New driver for Qualcomm SC8280XP SoC.

  Improvements:

   - Wakeup support on Samsung Exynos850 and ExynosAutov9.

   - Serious and voluminous maintenance cleanup and refactoring in the
     Renesas drivers. Mainly sharing similar data between the different
     SoC subdrivers.

   - Qualcomm SM8450 EGPIO support.

   - Drive strength support on the Mediatek MT8195.

   - Add some missing groups and functions to the Ralink RT2880"

* tag 'pinctrl-v5.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: (188 commits)
  pinctrl: mediatek: common-v1: fix semicolon.cocci warnings
  pinctrl: nuvoton: wpcm450: Fix build error without OF
  pinctrl: qcom-pmic-gpio: Add support for pm8450
  dt-bindings: pinctrl: aspeed: Update gfx node in example
  dt-bindings: pinctrl: rt2880: add missing pin groups and functions
  pinctrl: ingenic: Fix regmap on X series SoCs
  pinctrl: nuvoton: Fix return value check in wpcm450_gpio_register()
  pinctrl: nuvoton: wpcm450: off by one in wpcm450_gpio_register()
  pinctrl: nuvoton: wpcm450: select GENERIC_PINCTRL_GROUPS
  pinctrl: nuvoton: Fix sparse warning
  pinctrl: mediatek: mt8186: Account for probe refactoring
  pinctrl: mediatek: common-v1: Commonize spec_ies_smt_set callback
  pinctrl: mediatek: common-v1: Commonize spec_pupd callback
  pinctrl: mediatek: common-v1: Use common probe function
  pinctrl: mediatek: common-v1: Add common probe function
  pinctrl: mediatek: paris: Unify probe function by using OF match data
  pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
  pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
  pinctrl: berlin: fix error return code of berlin_pinctrl_build_state()
  pinctrl: qcom: Introduce sc8280xp TLMM driver
  ...

2 years agoReinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
Linus Torvalds [Mon, 28 Mar 2022 18:37:05 +0000 (11:37 -0700)]
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""

Halil Pasic points out [1] that the full revert of that commit (revert
in bddac7c1e02b), and that a partial revert that only reverts the
problematic case, but still keeps some of the cleanups is probably
better.  

And that partial revert [2] had already been verified by Oleksandr
Natalenko to also fix the issue, I had just missed that in the long
discussion.

So let's reinstate the cleanups from commit aa6f8dcbab47 ("swiotlb:
rework "fix info leak with DMA_FROM_DEVICE""), and effectively only
revert the part that caused problems.

Link: https://lore.kernel.org/all/20220328013731.017ae3e3.pasic@linux.ibm.com/
Link: https://lore.kernel.org/all/20220324055732.GB12078@lst.de/
Link: https://lore.kernel.org/all/4386660.LvFx2qVVIh@natalenko.name/
Suggested-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Cc: Christoph Hellwig" <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2 years agoselftests: net: Add tls config dependency for tls selftests
Naresh Kamboju [Mon, 28 Mar 2022 13:46:50 +0000 (19:16 +0530)]
selftests: net: Add tls config dependency for tls selftests

selftest net tls test cases need TLS=m without this the test hangs.
Enabling config TLS solves this problem and runs to complete.
  - CONFIG_TLS=m

Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
Signed-off-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
David S. Miller [Mon, 28 Mar 2022 15:57:10 +0000 (08:57 -0700)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Incorrect output device in nf_egress hook, from Phill Sutter.

2) Preserve liberal flag in TCP conntrack state, reported by Sven Auhagen.

3) Use GFP_KERNEL_ACCOUNT flag for nf_tables objects, from Vasily Averin.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agoMerge branch 'for-5.18/selftests-fixes' into for-linus
Petr Mladek [Mon, 28 Mar 2022 08:56:22 +0000 (10:56 +0200)]
Merge branch 'for-5.18/selftests-fixes' into for-linus

2 years agomemcg: enable accounting for nft objects
Vasily Averin [Thu, 24 Mar 2022 18:05:50 +0000 (21:05 +0300)]
memcg: enable accounting for nft objects

nftables replaces iptables, but it lacks memcg accounting.

This patch account most of the memory allocation associated with nft
and should protect the host from misusing nft inside a memcg restricted
container.

Signed-off-by: Vasily Averin <vvs@openvz.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2 years agomm: kfence: fix missing objcg housekeeping for SLAB
Muchun Song [Sun, 27 Mar 2022 05:18:52 +0000 (13:18 +0800)]
mm: kfence: fix missing objcg housekeeping for SLAB

The objcg is not cleared and put for kfence object when it is freed,
which could lead to memory leak for struct obj_cgroup and wrong
statistics of NR_SLAB_RECLAIMABLE_B or NR_SLAB_UNRECLAIMABLE_B.

Since the last freed object's objcg is not cleared,
mem_cgroup_from_obj() could return the wrong memcg when this kfence
object, which is not charged to any objcgs, is reallocated to other
users.

A real word issue [1] is caused by this bug.

Link: https://lore.kernel.org/all/000000000000cabcb505dae9e577@google.com/
Reported-by: syzbot+f8c45ccc7d5d45fc5965@syzkaller.appspotmail.com
Fixes: d3fb45f370d9 ("mm, kfence: insert KFENCE hooks for SLAB")
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Marco Elver <elver@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2 years agopowerpc: restore removed #endif
Stephen Rothwell [Sun, 27 Mar 2022 21:55:39 +0000 (08:55 +1100)]
powerpc: restore removed #endif

Fixes: 7001052160d1 ("Merge tag 'x86_core_for_5.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip")
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Brown-paper-bag-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2 years agoMerge tag 'landlock-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic...
Linus Torvalds [Sun, 27 Mar 2022 21:26:47 +0000 (14:26 -0700)]
Merge tag 'landlock-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux

Pull landlock updates from Mickaël Salaün:
 "These two commits contain a minor fix for the sandboxer sample, and a
  Landlock ruleset FD name standardization"

* tag 'landlock-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
  landlock: Use square brackets around "landlock-ruleset"
  samples/landlock: Fix path_list memory leak

2 years agoMerge tag 'mailbox-v5.18' of git://git.linaro.org/landing-teams/working/fujitsu/integ...
Linus Torvalds [Sun, 27 Mar 2022 21:21:57 +0000 (14:21 -0700)]
Merge tag 'mailbox-v5.18' of git://git.linaro.org/landing-teams/working/fujitsu/integration

Pull mailbox updates from Jassi Brar:
 "qcom:
   - add support for MSM8976

  mtk:
   - enable mt8186
   - add ADSP controller driver

  ti:
   - use poll mode during suspend

  tegra:
   - fix tx channel flush

  imx:
   - add i.MX8 SECO MU support
   - prepare for, and add iMX93 support"

* tag 'mailbox-v5.18' of git://git.linaro.org/landing-teams/working/fujitsu/integration:
  dt-bindings: mailbox: add definition for mt8186
  mailbox: ti-msgmgr: Operate mailbox in polled mode during system suspend
  mailbox: ti-msgmgr: Refactor message read during interrupt handler
  mailbox: imx: support i.MX93 S401 MU
  mailbox: imx: support dual interrupts
  mailbox: imx: extend irq to an array
  dt-bindings: mailbox: imx-mu: add i.MX93 S4 MU support
  dt-bindings: mailbox: imx-mu: add i.MX93 MU
  mailbox: imx: add i.MX8 SECO MU support
  mailbox: imx: introduce rxdb callback
  dt-bindings: mailbox: imx-mu: add i.MX8 SECO MU support
  mailbox: imx: enlarge timeout while reading/writing messages to SCFW
  mailbox: imx: fix crash in resume on i.mx8ulp
  mailbox: imx: fix wakeup failure from freeze mode
  mailbox: mediatek: add support for adsp mailbox controller
  dt-bindings: mailbox: mtk,adsp-mbox: add mtk adsp-mbox document
  mailbox: qcom-apcs-ipc: Add compatible for MSM8976 SoC
  dt-bindings: mailbox: Add compatible for the MSM8976
  mailbox: tegra-hsp: Flush whole channel

2 years agoMerge tag 'leds-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/pavel...
Linus Torvalds [Sun, 27 Mar 2022 21:09:48 +0000 (14:09 -0700)]
Merge tag 'leds-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/pavel/linux-leds

Pull LED updates from Pavel Machek:
 "Nothing major here, there are two drivers that need review and did not
  make it into this round"

* tag 'leds-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/pavel/linux-leds:
  leds: pca955x: Allow zero LEDs to be specified
  leds: pca955x: Make the gpiochip always expose all pins
  leds: simatic-ipc-leds: Don't directly deref ioremap_resource() returned ptr
  leds: simatic-ipc-leds: Make simatic_ipc_led_mem_res static
  leds: lm3692x: Return 0 from remove callback
  leds: sgm3140: Add ocs,ocp8110 compatible
  dt-bindings: vendor-prefixes: Add ocs prefix
  dt-bindings: leds: common: fix unit address in max77693 example

2 years agoMerge tag 'perf-tools-for-v5.18-2022-03-26' of git://git.kernel.org/pub/scm/linux...
Linus Torvalds [Sun, 27 Mar 2022 20:42:32 +0000 (13:42 -0700)]
Merge tag 'perf-tools-for-v5.18-2022-03-26' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

Pull perf tools updates from Arnaldo Carvalho de Melo:
 "New features:

  perf ftrace:

   - Add -n/--use-nsec option to the 'latency' subcommand.

     Default: usecs:

     $ sudo perf ftrace latency -T dput -a sleep 1
     #   DURATION     |      COUNT | GRAPH                          |
          0 - 1    us |    2098375 | #############################  |
          1 - 2    us |         61 |                                |
          2 - 4    us |         33 |                                |
          4 - 8    us |         13 |                                |
          8 - 16   us |        124 |                                |
         16 - 32   us |        123 |                                |
         32 - 64   us |          1 |                                |
         64 - 128  us |          0 |                                |
        128 - 256  us |          1 |                                |
        256 - 512  us |          0 |                                |

     Better granularity with nsec:

     $ sudo perf ftrace latency -T dput -a -n sleep 1
     #   DURATION     |      COUNT | GRAPH                          |
          0 - 1    us |          0 |                                |
          1 - 2    ns |          0 |                                |
          2 - 4    ns |          0 |                                |
          4 - 8    ns |          0 |                                |
          8 - 16   ns |          0 |                                |
         16 - 32   ns |          0 |                                |
         32 - 64   ns |          0 |                                |
         64 - 128  ns |    1163434 | ##############                 |
        128 - 256  ns |     914102 | #############                  |
        256 - 512  ns |        884 |                                |
        512 - 1024 ns |        613 |                                |
          1 - 2    us |         31 |                                |
          2 - 4    us |         17 |                                |
          4 - 8    us |          7 |                                |
          8 - 16   us |        123 |                                |
         16 - 32   us |         83 |                                |

  perf lock:

   - Add -c/--combine-locks option to merge lock instances in the same
     class into a single entry.

     # perf lock report -c
                    Name acquired contended avg wait(ns) total wait(ns) max wait(ns) min wait(ns)

           rcu_read_lock   251225         0            0              0            0            0
      hrtimer_bases.lock    39450         0            0              0            0            0
     &sb->s_type->i_l...    10301         1          662            662          662          662
        ptlock_ptr(page)    10173         2          701           1402          760          642
     &(ei->i_block_re...     8732         0            0              0            0            0
            &xa->xa_lock     8088         0            0              0            0            0
             &base->lock     6705         0            0              0            0            0
             &p->pi_lock     5549         0            0              0            0            0
     &dentry->d_lockr...     5010         4         1274           5097         1844          789
               &ep->lock     3958         0            0              0            0            0

      - Add -F/--field option to customize the list of fields to output:

     $ perf lock report -F contended,wait_max -k avg_wait
                     Name contended max wait(ns) avg wait(ns)

           slock-AF_INET6         1        23543        23543
        &lruvec->lru_lock         5        18317        11254
           slock-AF_INET6         1        10379        10379
               rcu_node_1         1         2104         2104
      &dentry->d_lockr...         1         1844         1844
      &dentry->d_lockr...         1         1672         1672
         &newf->file_lock        15         2279         1025
      &dentry->d_lockr...         1          792          792

   - Add --synth=no option for record, as there is no need to symbolize,
     lock names comes from the tracepoints.

  perf record:

   - Threaded recording, opt-in, via the new --threads command line
     option.

   - Improve AMD IBS (Instruction-Based Sampling) error handling
     messages.

  perf script:

   - Add 'brstackinsnlen' field (use it with -F) for branch stacks.

   - Output branch sample type in 'perf script'.

  perf report:

   - Add "addr_from" and "addr_to" sort dimensions.

   - Print branch stack entry type in 'perf report --dump-raw-trace'

   - Fix symbolization for chrooted workloads.

  Hardware tracing:

  Intel PT:

   - Add CFE (Control Flow Event) and EVD (Event Data) packets support.

   - Add MODE.Exec IFLAG bit support.

     Explanation about these features from the "Intel® 64 and IA-32
     architectures software developer’s manual combined volumes: 1, 2A,
     2B, 2C, 2D, 3A, 3B, 3C, 3D, and 4" PDF at:

        https://cdrdv2.intel.com/v1/dl/getContent/671200

     At page 3951:
      "32.2.4

       Event Trace is a capability that exposes details about the
       asynchronous events, when they are generated, and when their
       corresponding software event handler completes execution. These
       include:

        o Interrupts, including NMI and SMI, including the interrupt
          vector when defined.

        o Faults, exceptions including the fault vector.

           - Page faults additionally include the page fault address,
             when in context.

        o Event handler returns, including IRET and RSM.

        o VM exits and VM entries.¹

           - VM exits include the values written to the “exit reason”
             and “exit qualification” VMCS fields. INIT and SIPI events.

        o TSX aborts, including the abort status returned for the RTM
          instructions.

        o Shutdown.

       Additionally, it provides indication of the status of the
       Interrupt Flag (IF), to indicate when interrupts are masked"

  ARM CoreSight:

   - Use advertised caps/min_interval as default sample_period on ARM
     spe.

   - Update deduction of TRCCONFIGR register for branch broadcast on
     ARM's CoreSight ETM.

  Vendor Events (JSON):

  Intel:

   - Update events and metrics for: Alderlake, Broadwell, Broadwell DE,
     BroadwellX, CascadelakeX, Elkhartlake, Bonnell, Goldmont,
     GoldmontPlus, Westmere EP-DP, Haswell, HaswellX, Icelake, IcelakeX,
     Ivybridge, Ivytown, Jaketown, Knights Landing, Nehalem EP,
     Sandybridge, Silvermont, Skylake, Skylake Server, SkylakeX,
     Tigerlake, TremontX, Westmere EP-SP, and Westmere EX.

  ARM:

   - Add support for HiSilicon CPA PMU aliasing.

  perf stat:

   - Fix forked applications enablement of counters.

   - The 'slots' should only be printed on a different order than the
     one specified on the command line when 'topdown' events are
     present, fix it.

  Miscellaneous:

   - Sync msr-index, cpufeatures header files with the kernel sources.

   - Stop using some deprecated libbpf APIs in 'perf trace'.

   - Fix some spelling mistakes.

   - Refactor the maps pointers usage to pave the way for using refcount
     debugging.

   - Only offer the --tui option on perf top, report and annotate when
     perf was built with libslang.

   - Don't mention --to-ctf in 'perf data --help' when not linking with
     the required library, libbabeltrace.

   - Use ARRAY_SIZE() instead of ad hoc equivalent, spotted by
     array_size.cocci.

   - Enhance the matching of sub-commands abbreviations:
'perf c2c rec' -> 'perf c2c record'
'perf c2c recport -> error

   - Set build-id using build-id header on new mmap records.

   - Fix generation of 'perf --version' string.

  perf test:

   - Add test for the arm_spe event.

   - Add test to check unwinding using fame-pointer (fp) mode on arm64.

   - Make metric testing more robust in 'perf test'.

   - Add error message for unsupported branch stack cases.

  libperf:

   - Add API for allocating new thread map array.

   - Fix typo in perf_evlist__open() failure error messages in libperf
     tests.

  perf c2c:

   - Replace bitmap_weight() with bitmap_empty() where appropriate"

* tag 'perf-tools-for-v5.18-2022-03-26' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: (143 commits)
  perf evsel: Improve AMD IBS (Instruction-Based Sampling) error handling messages
  perf python: Add perf_env stubs that will be needed in evsel__open_strerror()
  perf tools: Enhance the matching of sub-commands abbreviations
  libperf tests: Fix typo in perf_evlist__open() failure error messages
  tools arm64: Import cputype.h
  perf lock: Add -F/--field option to control output
  perf lock: Extend struct lock_key to have print function
  perf lock: Add --synth=no option for record
  tools headers cpufeatures: Sync with the kernel sources
  tools headers cpufeatures: Sync with the kernel sources
  perf stat: Fix forked applications enablement of counters
  tools arch x86: Sync the msr-index.h copy with the kernel sources
  perf evsel: Make evsel__env() always return a valid env
  perf build-id: Fix spelling mistake "Cant" -> "Can't"
  perf header: Fix spelling mistake "could't" -> "couldn't"
  perf script: Add 'brstackinsnlen' for branch stacks
  perf parse-events: Move slots only with topdown
  perf ftrace latency: Update documentation
  perf ftrace latency: Add -n/--use-nsec option
  perf tools: Fix version kernel tag
  ...

2 years agoMerge tag 'memblock-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt...
Linus Torvalds [Sun, 27 Mar 2022 20:36:06 +0000 (13:36 -0700)]
Merge tag 'memblock-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock

Pull memblock updates from Mike Rapoport:
 "Test suite and a small cleanup:

   - A small cleanup of unused variable in __next_mem_pfn_range_in_zone

   - Initial test suite to simulate memblock behaviour in userspace"

* tag 'memblock-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock: (27 commits)
  memblock tests: Add TODO and README files
  memblock tests: Add memblock_alloc_try_nid tests for bottom up
  memblock tests: Add memblock_alloc_try_nid tests for top down
  memblock tests: Add memblock_alloc_from tests for bottom up
  memblock tests: Add memblock_alloc_from tests for top down
  memblock tests: Add memblock_alloc tests for bottom up
  memblock tests: Add memblock_alloc tests for top down
  memblock tests: Add simulation of physical memory
  memblock tests: Split up reset_memblock function
  memblock tests: Fix testing with 32-bit physical addresses
  memblock: __next_mem_pfn_range_in_zone: remove unneeded local variable nid
  memblock tests: Add memblock_free tests
  memblock tests: Add memblock_add_node test
  memblock tests: Add memblock_remove tests
  memblock tests: Add memblock_reserve tests
  memblock tests: Add memblock_add tests
  memblock tests: Add memblock reset function
  memblock tests: Add skeleton of the memblock simulator
  tools/include: Add debugfs.h stub
  tools/include: Add pfn.h stub
  ...

2 years agoMerge tag 'for-linus' of https://github.com/openrisc/linux
Linus Torvalds [Sun, 27 Mar 2022 18:43:09 +0000 (11:43 -0700)]
Merge tag 'for-linus' of https://github.com/openrisc/linux

Pull OpenRISC updates from Stafford Horne:
 "Not much for OpenRISC this merge window, I do have some things on the
  back burner like sparse warning cleanups and new defconfigs. But I
  didn't get time to polish the patches off for this round. There are
  OpenRISC updates coming in via other queues like removal of set_fs()
  and possibly new generic ticket locks.

  This just has a small fixup to remove duplicate initializer in memcpy
  from Kuniyuki Iwashima"

* tag 'for-linus' of https://github.com/openrisc/linux:
  openrisc/boot: Remove unnecessary initialisation in memcpy().

2 years agoMerge tag 'x86_core_for_5.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sun, 27 Mar 2022 17:17:23 +0000 (10:17 -0700)]
Merge tag 'x86_core_for_5.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 CET-IBT (Control-Flow-Integrity) support from Peter Zijlstra:
 "Add support for Intel CET-IBT, available since Tigerlake (11th gen),
  which is a coarse grained, hardware based, forward edge
  Control-Flow-Integrity mechanism where any indirect CALL/JMP must
  target an ENDBR instruction or suffer #CP.

  Additionally, since Alderlake (12th gen)/Sapphire-Rapids, speculation
  is limited to 2 instructions (and typically fewer) on branch targets
  not starting with ENDBR. CET-IBT also limits speculation of the next
  sequential instruction after the indirect CALL/JMP [1].

  CET-IBT is fundamentally incompatible with retpolines, but provides,
  as described above, speculation limits itself"

[1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html

* tag 'x86_core_for_5.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (53 commits)
  kvm/emulate: Fix SETcc emulation for ENDBR
  x86/Kconfig: Only allow CONFIG_X86_KERNEL_IBT with ld.lld >= 14.0.0
  x86/Kconfig: Only enable CONFIG_CC_HAS_IBT for clang >= 14.0.0
  kbuild: Fixup the IBT kbuild changes
  x86/Kconfig: Do not allow CONFIG_X86_X32_ABI=y with llvm-objcopy
  x86: Remove toolchain check for X32 ABI capability
  x86/alternative: Use .ibt_endbr_seal to seal indirect calls
  objtool: Find unused ENDBR instructions
  objtool: Validate IBT assumptions
  objtool: Add IBT/ENDBR decoding
  objtool: Read the NOENDBR annotation
  x86: Annotate idtentry_df()
  x86,objtool: Move the ASM_REACHABLE annotation to objtool.h
  x86: Annotate call_on_stack()
  objtool: Rework ASM_REACHABLE
  x86: Mark __invalid_creds() __noreturn
  exit: Mark do_group_exit() __noreturn
  x86: Mark stop_this_cpu() __noreturn
  objtool: Ignore extra-symbol code
  objtool: Rename --duplicate to --lto
  ...

2 years agopinctrl: mediatek: common-v1: fix semicolon.cocci warnings
kernel test robot [Tue, 22 Mar 2022 13:03:08 +0000 (21:03 +0800)]
pinctrl: mediatek: common-v1: fix semicolon.cocci warnings

drivers/pinctrl/mediatek/pinctrl-mtk-common.c:171:2-3: Unneeded semicolon

 Remove unneeded semicolon.

Generated by: scripts/coccinelle/misc/semicolon.cocci

Fixes: 156f721704b5 ("pinctrl: mediatek: common-v1: Commonize spec_ies_smt_set callback")
CC: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/r/20220322130308.GA21877@65fc916127a5
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2 years agonet/sched: act_ct: fix ref leak when switching zones
Marcelo Ricardo Leitner [Thu, 24 Mar 2022 19:22:10 +0000 (16:22 -0300)]
net/sched: act_ct: fix ref leak when switching zones

When switching zones or network namespaces without doing a ct clear in
between, it is now leaking a reference to the old ct entry. That's
because tcf_ct_skb_nfct_cached() returns false and
tcf_ct_flow_table_lookup() may simply overwrite it.

The fix is to, as the ct entry is not reusable, free it already at
tcf_ct_skb_nfct_cached().

Reported-by: Florian Westphal <fw@strlen.de>
Fixes: 2f131de361f6 ("net/sched: act_ct: Fix flow table lookup after ct clear or switching zones")
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agoMerge tag 'trace-v5.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt...
Linus Torvalds [Sat, 26 Mar 2022 21:54:41 +0000 (14:54 -0700)]
Merge tag 'trace-v5.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull trace event string verifier fix from Steven Rostedt:
 "The run-time string verifier checks all trace event formats as
  they are read from the tracing file to make sure that the %s pointers
  are not reading something that no longer exists.

  However, it failed to account for the valid case of '%*.s' where the
  length given is zero, and the string is NULL. It incorrectly flagged
  it as a null pointer dereference and gave a WARN_ON()"

* tag 'trace-v5.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing: Have trace event string test handle zero length strings

2 years agonet/smc: fix a memory leak in smc_sysctl_net_exit()
Eric Dumazet [Fri, 25 Mar 2022 16:50:21 +0000 (09:50 -0700)]
net/smc: fix a memory leak in smc_sysctl_net_exit()

Recently added smc_sysctl_net_exit() forgot to free
the memory allocated from smc_sysctl_net_init()
for non initial network namespace.

Fixes: 462791bbfa35 ("net/smc: add sysctl interface for SMC")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Tony Lu <tonylu@linux.alibaba.com>
Cc: Dust Li <dust.li@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agoselftests: tls: skip cmsg_to_pipe tests with TLS=n
Jakub Kicinski [Fri, 25 Mar 2022 23:27:09 +0000 (16:27 -0700)]
selftests: tls: skip cmsg_to_pipe tests with TLS=n

These are negative tests, testing TLS code rejects certain
operations. They won't pass without TLS enabled, pure TCP
accepts those operations.

Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
Fixes: d87d67fd61ef ("selftests: tls: test splicing cmsgs")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agoocteontx2-af: initialize action variable
Tom Rix [Sat, 26 Mar 2022 16:03:06 +0000 (09:03 -0700)]
octeontx2-af: initialize action variable

Clang static analysis reports this representative issue
rvu_npc.c:898:15: warning: Assigned value is garbage
  or undefined
  req.match_id = action.match_id;
               ^ ~~~~~~~~~~~~~~~

The initial setting of action is conditional on
 if (is_mcam_entry_enabled(...))
The later check of action.op will sometimes be garbage.
So initialize action.

Reduce setting of
  *(u64 *)&action = 0x00;
to
  *(u64 *)&action = 0;

Fixes: 967db3529eca ("octeontx2-af: add support for multicast/promisc packet replication feature")
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agoMerge tag 'usb-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Linus Torvalds [Sat, 26 Mar 2022 20:08:25 +0000 (13:08 -0700)]
Merge tag 'usb-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB/Thunderbolt updates from Greg KH:
 "Here is the big set of USB and Thunderbolt changes for 5.18-rc1.

  Nothing major in here, just lots of little improvements and cleanups
  and new device support. Highlights are:

   - list iterator fixups for when we walk past the end of the list (a
     common problem that was cut/pasted in almost all USB gadget
     drivers)

   - xen USB driver "hardening" for malicious hosts

   - xhci driver updates and fixes for more hardware types

   - xhci debug cable fixes to make it actually work again

   - usb gadget audio driver improvements

   - usb gadget storage fixes to work with OS-X

   - lots of other small usb gadget fixes and updates

   - USB DWC3 driver improvements for more hardware types

   - Lots of other small USB driver improvements

   - DTS updates for some USB platforms

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'usb-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (172 commits)
  usb: gadget: fsl_qe_udc: Add missing semicolon in qe_ep_dequeue()
  dt-bindings: usb: mtk-xhci: add compatible for mt8186
  usb: dwc3: Issue core soft reset before enabling run/stop
  usb: gadget: Makefile: remove ccflags-y
  USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
  usb: gadget: eliminate anonymous module_init & module_exit
  usb: usbip: eliminate anonymous module_init & module_exit
  xen/usb: harden xen_hcd against malicious backends
  usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue
  usb: dwc3: gadget: move cmd_endtransfer to extra function
  usb: dwc3: gadget: ep_queue simplify isoc start condition
  xen/usb: don't use arbitrary_virt_to_machine()
  usb: isp1760: remove redundant max_packet() macro
  usb: oxu210hp-hcd: remove redundant call to max_packet() macro
  usb: common: usb-conn-gpio: Make VBUS supply completely optional
  USB: storage: ums-realtek: fix error code in rts51x_read_mem()
  usb: early: xhci-dbc: Fix xdbc number parsing
  usb: early: xhci-dbc: Remove duplicate keep parsing
  x86/tsc: Be consistent about use_tsc_delay()
  usb: gadget: udc: s3c2410: remove usage of list iterator past the loop body
  ...

2 years agoMerge branch 'i2c/for-mergewindow' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sat, 26 Mar 2022 19:46:08 +0000 (12:46 -0700)]
Merge branch 'i2c/for-mergewindow' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux

Pull i2c updates from Wolfram Sang:

 - tracepoints when Linux acts as an I2C client

 - added support for AMD PSP

 - whole subsystem now uses generic_handle_irq_safe()

 - piix4 driver gained MMIO access enabling so far missed controllers
   with AMD chipsets

 - a bulk of device driver updates, refactorization, and fixes.

* 'i2c/for-mergewindow' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (61 commits)
  i2c: mux: demux-pinctrl: do not deactivate a master that is not active
  i2c: meson: Fix wrong speed use from probe
  i2c: add tracepoints for I2C slave events
  i2c: designware: Remove code duplication
  i2c: cros-ec-tunnel: Fix syntax errors in comments
  MAINTAINERS: adjust XLP9XX I2C DRIVER after removing the devicetree binding
  i2c: designware: Mark dw_i2c_plat_{suspend,resume}() as __maybe_unused
  i2c: mediatek: Add i2c compatible for Mediatek MT8168
  dt-bindings: i2c: update bindings for MT8168 SoC
  i2c: mt65xx: Simplify with clk-bulk
  i2c: i801: Drop two outdated comments
  i2c: xiic: Make bus names unique
  i2c: i801: Add support for the Process Call command
  i2c: i801: Drop useless masking in i801_access
  i2c: tegra: Add SMBus block read function
  i2c: designware: Use the i2c_mark_adapter_suspended/resumed() helpers
  i2c: designware: Lock the adapter while setting the suspended flag
  i2c: mediatek: remove redundant null check
  i2c: mediatek: modify bus speed calculation formula
  i2c: designware: Fix improper usage of readl
  ...

2 years agoMerge tag 'write-page-prefaulting' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sat, 26 Mar 2022 19:41:52 +0000 (12:41 -0700)]
Merge tag 'write-page-prefaulting' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2

Pull iomap fixlet from Andreas Gruenbacher:
 "Fix buffered write page prefaulting.

  I forgot to send it the previous merge window. I've only improved the
  patch description since"

* tag 'write-page-prefaulting' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
  fs/iomap: Fix buffered write page prefaulting

2 years agoMerge tag 'array-bounds-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sat, 26 Mar 2022 19:30:44 +0000 (12:30 -0700)]
Merge tag 'array-bounds-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull array-bounds updates from Kees Cook:
 "This enables -Warray-bounds and -Wzero-length-bounds, now that the
  many bug fixes have landed all over the place in the kernel, and in
  GCC itself[1].

  A couple fixes[2] for known corner-case issues currently live in my
  "pending-fixes" tree which I'm expecting to send next week if other
  maintainers still haven't picked them up.

  I'm also expecting we can enable -Wstringop-overflow next cycle, as
  there are only a few stragglers[3], but it might even be possible for
  this release"

[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578
[2] https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/pending-fixes&id=2d253138910eec553fc706379914243d71de9b85
[3] https://github.com/KSPP/linux/issues/181

* tag 'array-bounds-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  Makefile: Enable -Wzero-length-bounds
  Makefile: Enable -Warray-bounds

2 years agoMerge tag 'memcpy-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees...
Linus Torvalds [Sat, 26 Mar 2022 19:19:04 +0000 (12:19 -0700)]
Merge tag 'memcpy-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull FORTIFY_SOURCE updates from Kees Cook:
 "This series consists of two halves:

   - strict compile-time buffer size checking under FORTIFY_SOURCE for
     the memcpy()-family of functions (for extensive details and
     rationale, see the first commit)

   - enabling FORTIFY_SOURCE for Clang, which has had many overlapping
     bugs that we've finally worked past"

* tag 'memcpy-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  fortify: Add Clang support
  fortify: Make sure strlen() may still be used as a constant expression
  fortify: Use __diagnose_as() for better diagnostic coverage
  fortify: Make pointer arguments const
  Compiler Attributes: Add __diagnose_as for Clang
  Compiler Attributes: Add __overloadable for Clang
  Compiler Attributes: Add __pass_object_size for Clang
  fortify: Replace open-coded __gnu_inline attribute
  fortify: Update compile-time tests for Clang 14
  fortify: Detect struct member overflows in memset() at compile-time
  fortify: Detect struct member overflows in memmove() at compile-time
  fortify: Detect struct member overflows in memcpy() at compile-time

2 years agoMerge tag 'for-5.18/64bit-pi-2022-03-25' of git://git.kernel.dk/linux-block
Linus Torvalds [Sat, 26 Mar 2022 19:01:35 +0000 (12:01 -0700)]
Merge tag 'for-5.18/64bit-pi-2022-03-25' of git://git.kernel.dk/linux-block

Pull block layer 64-bit data integrity support from Jens Axboe:
 "This adds support for 64-bit data integrity in the block layer and in
  NVMe"

* tag 'for-5.18/64bit-pi-2022-03-25' of git://git.kernel.dk/linux-block:
  crypto: fix crc64 testmgr digest byte order
  nvme: add support for enhanced metadata
  block: add pi for extended integrity
  crypto: add rocksoft 64b crc guard tag framework
  lib: add rocksoft model crc64
  linux/kernel: introduce lower_48_bits function
  asm-generic: introduce be48 unaligned accessors
  nvme: allow integrity on extended metadata formats
  block: support pi with extended metadata

2 years agoMerge tag 'for-5.18/alloc-cleanups-2022-03-25' of git://git.kernel.dk/linux-block
Linus Torvalds [Sat, 26 Mar 2022 18:59:30 +0000 (11:59 -0700)]
Merge tag 'for-5.18/alloc-cleanups-2022-03-25' of git://git.kernel.dk/linux-block

Pull bio allocation fix from Jens Axboe:
 "We got some reports of users seeing:

Unexpected gfp: 0x2 (__GFP_HIGHMEM). Fixing up to gfp: 0x1192888

  which is a regression caused by the bio allocation cleanups"

* tag 'for-5.18/alloc-cleanups-2022-03-25' of git://git.kernel.dk/linux-block:
  fs: do not pass __GFP_HIGHMEM to bio_alloc in do_mpage_readpage

2 years agoMerge tag 'for-5.18/write-streams-2022-03-18' of git://git.kernel.dk/linux-block
Linus Torvalds [Sat, 26 Mar 2022 18:51:46 +0000 (11:51 -0700)]
Merge tag 'for-5.18/write-streams-2022-03-18' of git://git.kernel.dk/linux-block

Pull NVMe write streams removal from Jens Axboe:
 "This removes the write streams support in NVMe. No vendor ever really
  shipped working support for this, and they are not interested in
  supporting it.

  With the NVMe support gone, we have nothing in the tree that supports
  this. Remove passing around of the hints.

  The only discussion point in this patchset imho is the fact that the
  file specific write hint setting/getting fcntl helpers will now return
  -1/EINVAL like they did before we supported write hints. No known
  applications use these functions, I only know of one prototype that I
  help do for RocksDB, and that's not used. That said, with a change
  like this, it's always a bit controversial. Alternatively, we could
  just make them return 0 and pretend it worked. It's placement based
  hints after all"

* tag 'for-5.18/write-streams-2022-03-18' of git://git.kernel.dk/linux-block:
  fs: remove fs.f_write_hint
  fs: remove kiocb.ki_hint
  block: remove the per-bio/request write hint
  nvme: remove support or stream based temperature hint

2 years agonet: sparx5: switchdev: fix possible NULL pointer dereference
Zheng Yongjun [Sat, 26 Mar 2022 08:12:39 +0000 (08:12 +0000)]
net: sparx5: switchdev: fix possible NULL pointer dereference

As the possible failure of the allocation, devm_kzalloc() may return NULL
pointer.
Therefore, it should be better to check the 'db' in order to prevent
the dereference of NULL pointer.

Fixes: 10615907e9b51 ("net: sparx5: switchdev: adding frame DMA functionality")
Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agonet/x25: Fix null-ptr-deref caused by x25_disconnect
Duoming Zhou [Sat, 26 Mar 2022 10:43:46 +0000 (18:43 +0800)]
net/x25: Fix null-ptr-deref caused by x25_disconnect

When the link layer is terminating, x25->neighbour will be set to NULL
in x25_disconnect(). As a result, it could cause null-ptr-deref bugs in
x25_sendmsg(),x25_recvmsg() and x25_connect(). One of the bugs is
shown below.

    (Thread 1)                 |  (Thread 2)
x25_link_terminated()          | x25_recvmsg()
 x25_kill_by_neigh()           |  ...
  x25_disconnect()             |  lock_sock(sk)
   ...                         |  ...
   x25->neighbour = NULL //(1) |
   ...                         |  x25->neighbour->extended //(2)

The code sets NULL to x25->neighbour in position (1) and dereferences
x25->neighbour in position (2), which could cause null-ptr-deref bug.

This patch adds lock_sock() in x25_kill_by_neigh() in order to synchronize
with x25_sendmsg(), x25_recvmsg() and x25_connect(). What`s more, the
sock held by lock_sock() is not NULL, because it is extracted from x25_list
and uses x25_list_lock to synchronize.

Fixes: 4becb7ee5b3d ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agoqlcnic: dcb: default to returning -EOPNOTSUPP
Tom Rix [Sat, 26 Mar 2022 17:20:03 +0000 (10:20 -0700)]
qlcnic: dcb: default to returning -EOPNOTSUPP

Clang static analysis reports this issue
qlcnic_dcb.c:382:10: warning: Assigned value is
  garbage or undefined
  mbx_out = *val;
          ^ ~~~~

val is set in the qlcnic_dcb_query_hw_capability() wrapper.
If there is no query_hw_capability op in dcp, success is
returned without setting the val.

For this and similar wrappers, return -EOPNOTSUPP.

Fixes: 14d385b99059 ("qlcnic: dcb: Query adapter DCB capabilities.")
Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agonet: sparx5: depends on PTP_1588_CLOCK_OPTIONAL
Randy Dunlap [Sat, 26 Mar 2022 18:02:34 +0000 (11:02 -0700)]
net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL

Fix build errors when PTP_1588_CLOCK=m and SPARX5_SWTICH=y.

arc-linux-ld: drivers/net/ethernet/microchip/sparx5/sparx5_ethtool.o: in function `sparx5_get_ts_info':
sparx5_ethtool.c:(.text+0x146): undefined reference to `ptp_clock_index'
arc-linux-ld: sparx5_ethtool.c:(.text+0x146): undefined reference to `ptp_clock_index'
arc-linux-ld: drivers/net/ethernet/microchip/sparx5/sparx5_ptp.o: in function `sparx5_ptp_init':
sparx5_ptp.c:(.text+0xd56): undefined reference to `ptp_clock_register'
arc-linux-ld: sparx5_ptp.c:(.text+0xd56): undefined reference to `ptp_clock_register'
arc-linux-ld: drivers/net/ethernet/microchip/sparx5/sparx5_ptp.o: in function `sparx5_ptp_deinit':
sparx5_ptp.c:(.text+0xf30): undefined reference to `ptp_clock_unregister'
arc-linux-ld: sparx5_ptp.c:(.text+0xf30): undefined reference to `ptp_clock_unregister'
arc-linux-ld: sparx5_ptp.c:(.text+0xf38): undefined reference to `ptp_clock_unregister'
arc-linux-ld: sparx5_ptp.c:(.text+0xf46): undefined reference to `ptp_clock_unregister'
arc-linux-ld: drivers/net/ethernet/microchip/sparx5/sparx5_ptp.o:sparx5_ptp.c:(.text+0xf46): more undefined references to `ptp_clock_unregister' follow

Fixes: 3cfa11bac9bb ("net: sparx5: add the basic sparx5 driver")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Horatiu Vultur <horatiu.vultur@microchip.com>
Cc: UNGLinuxDriver@microchip.com
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Steen Hegelund <steen.hegelund@microchip.com>
Cc: Bjarni Jonasson <bjarni.jonasson@microchip.com>
Cc: Lars Povlsen <lars.povlsen@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 years agoMerge tag 'devicetree-for-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sat, 26 Mar 2022 18:41:53 +0000 (11:41 -0700)]
Merge tag 'devicetree-for-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux

Pull devicetree updates from Rob Herring:

 - Add Krzysztof Kozlowski as co-maintainer for DT bindings providing
   much needed help.

 - DT schema validation now takes DTB files as input rather than
   intermediate YAML files. This decouples the validation from the
   source level syntax information. There's a bunch of schema fixes as a
   result of switching to DTB based validation which exposed some errors
   and incomplete schemas and examples.

 - Kbuild improvements to explicitly warn users running 'make
   dt_binding_check' on missing yamllint

 - Expand DT_SCHEMA_FILES kbuild variable to take just a partial
   filename or path instead of the full path to 1 file.

 - Convert various bindings to schema format: mscc,vsc7514-switch,
   multiple GNSS bindings, ahci-platform, i2c-at91, multiple UFS
   bindings, cortina,gemini-sata-bridge, cortina,gemini-ethernet, Atmel
   SHA, Atmel TDES, Atmel AES, armv7m-systick, Samsung Exynos display
   subsystem, nuvoton,npcm7xx-timer, samsung,s3c2410-i2c, zynqmp_dma,
   msm/mdp4, rda,8810pl-uart

 - New schemas for u-boot environment variable partition, TI clksel

 - New compatible strings for Renesas RZ/V2L SoC

 - Vendor prefixes for Xen, HPE, deprecated Synopsys, deprecated
   HiSilicon

 - Add/fix schemas for QEMU Arm 'virt' machine

 - Drop unused of_alias_get_alias_list() function

 - Add a script to check DT unittest EXPECT message output. Pass
   messages also now print by default at PR_INFO level to help test
   automation.

* tag 'devicetree-for-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: (96 commits)
  dt-bindings: kbuild: Make DT_SCHEMA_LINT a recursive variable
  dt-bindings: nvmem: add U-Boot environment variables binding
  dt-bindings: ufs: qcom: Add SM6350 compatible string
  dt-bindings: dmaengine: sifive,fu540-c000: include generic schema
  dt-bindings: gpio: pca95xx: drop useless consumer example
  Revert "of: base: Introduce of_alias_get_alias_list() to check alias IDs"
  dt-bindings: virtio,mmio: Allow setting devices 'dma-coherent'
  dt-bindings: gnss: Add two more chips
  dt-bindings: gnss: Rewrite sirfstar binding in YAML
  dt-bindings: gnss: Modify u-blox to use common bindings
  dt-bindings: gnss: Rewrite common bindings in YAML
  dt-bindings: ata: ahci-platform: Add rk3568-dwc-ahci compatible
  dt-bindings: ata: ahci-platform: Add power-domains property
  dt-bindings: ata: ahci-platform: Convert DT bindings to yaml
  dt-bindings: kbuild: Use DTB files for validation
  dt-bindings: kbuild: Pass DT_SCHEMA_FILES to dt-validate
  dt-bindings: Add QEMU virt machine compatible
  dt-bindings: arm: Convert QEMU fw-cfg to DT schema
  dt-bindings: i2c: at91: Add SAMA7G5 compatible strings list
  dt-bindings: i2c: convert i2c-at91 to json-schema
  ...