1. 15 Aug, 2020 6 commits
  2. 14 Aug, 2020 34 commits
    • Fugang Duan's avatar
      net: fec: correct the error path for regulator disable in probe · c6165cf0
      Fugang Duan authored
      Correct the error path for regulator disable.
      
      Fixes: 9269e556 ("net: fec: add phy-reset-gpios PROBE_DEFER check")
      Signed-off-by: default avatarFugang Duan <fugang.duan@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c6165cf0
    • Nivedita Singhvi's avatar
      docs: networking: bonding.rst resources section cleanup · b07e2a86
      Nivedita Singhvi authored
      Removed obsolete resources from bonding.rst doc:
         - bonding-devel@lists.sourceforge.net hasn't been used since 2008
         - admin interface is 404
         - Donald Becker's domain/content no longer online
      Signed-off-by: default avatarNivedita Singhvi <nivedita.singhvi@canonical.com>
      Acked-by: default avatarJay Vosburgh <jay.vosburgh@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b07e2a86
    • David S. Miller's avatar
      Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue · 0b32ce68
      David S. Miller authored
      Tony Nguyen says:
      
      ====================
      Intel Wired LAN Driver Updates 2020-08-14
      
      This series contains updates to i40e and igc drivers.
      
      Vinicius fixes an issue with PTP spinlock being accessed before
      initialization.
      
      Przemyslaw fixes an issue with trusted VFs seeing additional traffic.
      
      Grzegorz adds a wait for pending resets on driver removal to prevent
      null pointer dereference.
      
      v2: Fix function parameter for hw/aq in patch 2. Fix fixes tag in patch 3.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0b32ce68
    • Grzegorz Szczurek's avatar
      i40e: Fix crash during removing i40e driver · 5b6d4a7f
      Grzegorz Szczurek authored
      Fix the reason of crashing system by add waiting time to finish reset
      recovery process before starting remove driver procedure.
      Now VSI is releasing if VSI is not in reset recovery mode.
      Without this fix it was possible to start remove driver if other
      processing command need reset recovery procedure which resulted in
      null pointer dereference. VSI used by the ethtool process has been
      cleared by remove driver process.
      
      [ 6731.508665] BUG: kernel NULL pointer dereference, address: 0000000000000000
      [ 6731.508668] #PF: supervisor read access in kernel mode
      [ 6731.508670] #PF: error_code(0x0000) - not-present page
      [ 6731.508671] PGD 0 P4D 0
      [ 6731.508674] Oops: 0000 [#1] SMP PTI
      [ 6731.508679] Hardware name: Intel Corporation S2600WT2R/S2600WT2R, BIOS SE5C610.86B.01.01.0021.032120170601 03/21/2017
      [ 6731.508694] RIP: 0010:i40e_down+0x252/0x310 [i40e]
      [ 6731.508696] Code: c7 78 de fa c0 e8 61 02 3a c1 66 83 bb f6 0c 00 00 00 0f 84 bf 00 00 00 45 31 e4 45 31 ff eb 03 41 89 c7 48 8b 83 98 0c 00 00 <4a> 8b 3c 20 e8 a5 79 02 00 48 83 bb d0 0c 00 00 00 74 10 48 8b 83
      [ 6731.508698] RSP: 0018:ffffb75ac7b3faf0 EFLAGS: 00010246
      [ 6731.508700] RAX: 0000000000000000 RBX: ffff9c9874bd5000 RCX: 0000000000000007
      [ 6731.508701] RDX: 0000000000000000 RSI: 0000000000000096 RDI: ffff9c987f4d9780
      [ 6731.508703] RBP: ffffb75ac7b3fb30 R08: 0000000000005b60 R09: 0000000000000004
      [ 6731.508704] R10: ffffb75ac64fbd90 R11: 0000000000000001 R12: 0000000000000000
      [ 6731.508706] R13: ffff9c97a08e0000 R14: ffff9c97a08e0a68 R15: 0000000000000000
      [ 6731.508708] FS:  00007f2617cd2740(0000) GS:ffff9c987f4c0000(0000) knlGS:0000000000000000
      [ 6731.508710] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 6731.508711] CR2: 0000000000000000 CR3: 0000001e765c4006 CR4: 00000000003606e0
      [ 6731.508713] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [ 6731.508714] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [ 6731.508715] Call Trace:
      [ 6731.508734]  i40e_vsi_close+0x84/0x90 [i40e]
      [ 6731.508742]  i40e_quiesce_vsi.part.98+0x3c/0x40 [i40e]
      [ 6731.508749]  i40e_pf_quiesce_all_vsi+0x55/0x60 [i40e]
      [ 6731.508757]  i40e_prep_for_reset+0x59/0x130 [i40e]
      [ 6731.508765]  i40e_reconfig_rss_queues+0x5a/0x120 [i40e]
      [ 6731.508774]  i40e_set_channels+0xda/0x170 [i40e]
      [ 6731.508778]  ethtool_set_channels+0xe9/0x150
      [ 6731.508781]  dev_ethtool+0x1b94/0x2920
      [ 6731.508805]  dev_ioctl+0xc2/0x590
      [ 6731.508811]  sock_do_ioctl+0xae/0x150
      [ 6731.508813]  sock_ioctl+0x34f/0x3c0
      [ 6731.508821]  ksys_ioctl+0x98/0xb0
      [ 6731.508828]  __x64_sys_ioctl+0x1a/0x20
      [ 6731.508831]  do_syscall_64+0x57/0x1c0
      [ 6731.508835]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Fixes: 4b816446 ("i40e: Add common function for finding VSI by type")
      Signed-off-by: default avatarGrzegorz Szczurek <grzegorzx.szczurek@intel.com>
      Signed-off-by: default avatarArkadiusz Kubalewski <arkadiusz.kubalewski@intel.com>
      Tested-by: default avatarAaron Brown <aaron.f.brown@intel.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      5b6d4a7f
    • Przemyslaw Patynowski's avatar
      i40e: Set RX_ONLY mode for unicast promiscuous on VLAN · 4bd5e02a
      Przemyslaw Patynowski authored
      Trusted VF with unicast promiscuous mode set, could listen to TX
      traffic of other VFs.
      Set unicast promiscuous mode to RX traffic, if VSI has port VLAN
      configured. Rename misleading I40E_AQC_SET_VSI_PROMISC_TX bit to
      I40E_AQC_SET_VSI_PROMISC_RX_ONLY. Aligned unicast promiscuous with
      VLAN to the one without VLAN.
      
      Fixes: 6c41a760 ("i40e: Add promiscuous on VLAN support")
      Fixes: 3b120089 ("i40e: When in promisc mode apply promisc mode to Tx Traffic as well")
      Signed-off-by: default avatarPrzemyslaw Patynowski <przemyslawx.patynowski@intel.com>
      Signed-off-by: default avatarAleksandr Loktionov <aleksandr.loktionov@intel.com>
      Signed-off-by: default avatarArkadiusz Kubalewski <arkadiusz.kubalewski@intel.com>
      Tested-by: default avatarAndrew Bowers <andrewx.bowers@intel.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      4bd5e02a
    • Florian Westphal's avatar
      mptcp: sendmsg: reset iter on error · 35759383
      Florian Westphal authored
      Once we've copied data from the iterator we need to revert in case we
      end up not sending any data.
      
      This bug doesn't trigger with normal 'poll' based tests, because
      we only feed a small chunk of data to kernel after poll indicated
      POLLOUT.  With blocking IO and large writes this triggers. Receiver
      ends up with less data than it should get.
      
      Fixes: 72511aab ("mptcp: avoid blocking in tcp_sendpages")
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Reviewed-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      35759383
    • Edward Cree's avatar
      sfc: check hash is valid before using it · 06888543
      Edward Cree authored
      On EF100, the RX hash field in the packet prefix may not be valid (e.g.
       if the header parse failed), and this is indicated by a one-bit flag
       elsewhere in the packet prefix.  Only call skb_set_hash() if the
       RSS_HASH_VALID bit is set.
      Signed-off-by: default avatarEdward Cree <ecree@solarflare.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      06888543
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-5.9-20200814' of... · e591d298
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-5.9-20200814' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2020-08-14
      
      this is a pull request of 6 patches for net/master. All patches fix problems in
      the j1939 CAN networking stack.
      
      The first patch is by Eric Dumazet fixes a kernel-infoleak in
      j1939_sk_sock2sockaddr_can().
      
      The remaining 5 patches are by Oleksij Rempel and fix recption of j1939
      messages not orginated by the stack, a use-after-free in j1939_tp_txtimer(),
      ensure that the CAN driver has a ml_priv allocated. These problem were found by
      google's syzbot. Further ETP sessions with block size of less than 255 are
      fixed and a sanity check was added to j1939_xtp_rx_dat_one() to detect packet
      corruption.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e591d298
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 7fca4dee
      Linus Torvalds authored
      Pull powerpc fix from Michael Ellerman:
       "One fix for a boot crash on some platforms introduced by the recent
        pkey refactoring.
      
        Thanks to Christian Zigotzky and Aneesh Kumar K.V"
      
      * tag 'powerpc-5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/pkeys: Fix boot failures with Nemo board (A-EON AmigaOne X1000)
      7fca4dee
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.9-rc1b-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 0520058d
      Linus Torvalds authored
      Pull more xen updates from Juergen Gross:
      
       - Remove support for running as 32-bit Xen PV-guest.
      
         32-bit PV guests are rarely used, are lacking security fixes for
         Meltdown, and can be easily replaced by PVH mode. Another series for
         doing more cleanup will follow soon (removal of 32-bit-only pvops
         functionality).
      
       - Fixes and additional features for the Xen display frontend driver.
      
      * tag 'for-linus-5.9-rc1b-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        drm/xen-front: Pass dumb buffer data offset to the backend
        xen: Sync up with the canonical protocol definition in Xen
        drm/xen-front: Add YUYV to supported formats
        drm/xen-front: Fix misused IS_ERR_OR_NULL checks
        xen/gntdev: Fix dmabuf import with non-zero sgt offset
        x86/xen: drop tests for highmem in pv code
        x86/xen: eliminate xen-asm_64.S
        x86/xen: remove 32-bit Xen PV guest support
      0520058d
    • Linus Torvalds's avatar
      Merge tag 'hyperv-fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux · cd94257d
      Linus Torvalds authored
      Pull hyper-v fixes from Wei Liu:
      
       - fix oops reporting on Hyper-V
      
       - make objtool happy
      
      * tag 'hyperv-fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
        x86/hyperv: Make hv_setup_sched_clock inline
        Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops
      cd94257d
    • Eric Dumazet's avatar
      x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task · 8ab49526
      Eric Dumazet authored
      syzbot found its way in 86_fsgsbase_read_task() and triggered this oops:
      
         KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
         CPU: 0 PID: 6866 Comm: syz-executor262 Not tainted 5.8.0-syzkaller #0
         RIP: 0010:x86_fsgsbase_read_task+0x16d/0x310 arch/x86/kernel/process_64.c:393
         Call Trace:
           putreg32+0x3ab/0x530 arch/x86/kernel/ptrace.c:876
           genregs32_set arch/x86/kernel/ptrace.c:1026 [inline]
           genregs32_set+0xa4/0x100 arch/x86/kernel/ptrace.c:1006
           copy_regset_from_user include/linux/regset.h:326 [inline]
           ia32_arch_ptrace arch/x86/kernel/ptrace.c:1061 [inline]
           compat_arch_ptrace+0x36c/0xd90 arch/x86/kernel/ptrace.c:1198
           __do_compat_sys_ptrace kernel/ptrace.c:1420 [inline]
           __se_compat_sys_ptrace kernel/ptrace.c:1389 [inline]
           __ia32_compat_sys_ptrace+0x220/0x2f0 kernel/ptrace.c:1389
           do_syscall_32_irqs_on arch/x86/entry/common.c:84 [inline]
           __do_fast_syscall_32+0x57/0x80 arch/x86/entry/common.c:126
           do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:149
           entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
      
      This can happen if ptrace() or sigreturn() pokes an LDT selector into FS
      or GS for a task with no LDT and something tries to read the base before
      a return to usermode notices the bad selector and fixes it.
      
      The fix is to make sure ldt pointer is not NULL.
      
      Fixes: 07e1d88a ("x86/fsgsbase/64: Fix ptrace() to read the FS/GS base accurately")
      Co-developed-by: default avatarJann Horn <jannh@google.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Acked-by: default avatarAndy Lutomirski <luto@kernel.org>
      Cc: Chang S. Bae <chang.seok.bae@intel.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Markus T Metzger <markus.t.metzger@intel.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ravi Shankar <ravi.v.shankar@intel.com>
      Cc: Rik van Riel <riel@surriel.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8ab49526
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · d9361cb2
      Linus Torvalds authored
      Pull crypto fix from Herbert Xu:
       "This fixes a regression in af_alg"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: algif_aead - fix uninitialized ctx->init
      d9361cb2
    • Linus Torvalds's avatar
      Merge tag 'modules-for-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux · 0fd9cc6b
      Linus Torvalds authored
      Pull module updates from Jessica Yu:
       "The most important change would be Christoph Hellwig's patch
        implementing proprietary taint inheritance, in an effort to discourage
        the creation of GPL "shim" modules that interface between GPL symbols
        and proprietary symbols.
      
        Summary:
      
         - Have modules that use symbols from proprietary modules inherit the
           TAINT_PROPRIETARY_MODULE taint, in an effort to prevent GPL shim
           modules that are used to circumvent _GPL exports. These are modules
           that claim to be GPL licensed while also using symbols from
           proprietary modules. Such modules will be rejected while non-GPL
           modules will inherit the proprietary taint.
      
         - Module export space cleanup. Unexport symbols that are unused
           outside of module.c or otherwise used in only built-in code"
      
      * tag 'modules-for-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux:
        modules: inherit TAINT_PROPRIETARY_MODULE
        modules: return licensing information from find_symbol
        modules: rename the licence field in struct symsearch to license
        modules: unexport __module_address
        modules: unexport __module_text_address
        modules: mark each_symbol_section static
        modules: mark find_symbol static
        modules: mark ref_module static
        modules: linux/moduleparam.h: drop duplicated word in a comment
      0fd9cc6b
    • Linus Torvalds's avatar
      Merge tag 'kconfig-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild · 32b2ee5c
      Linus Torvalds authored
      Pull Kconfig updates from Masahiro Yamada:
      
       - remove '---help---' keyword support
      
       - fix mouse events for 'menuconfig' symbols in search view of qconf
      
       - code cleanups of qconf
      
      * tag 'kconfig-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (24 commits)
        kconfig: qconf: move setOptionMode() to ConfigList from ConfigView
        kconfig: qconf: do not limit the pop-up menu to the first row
        kconfig: qconf: refactor icon setups
        kconfig: qconf: remove unused voidPix, menuInvPix
        kconfig: qconf: remove ConfigItem::text/setText
        kconfig: qconf: remove ConfigList::addColumn/removeColumn
        kconfig: qconf: remove ConfigItem::pixmap/setPixmap
        kconfig: qconf: drop more localization code
        kconfig: qconf: remove 'parent' from ConfigList::updateMenuList()
        kconfig: qconf: remove unused argument from ConfigView::updateList()
        kconfig: qconf: remove unused argument from ConfigList::updateList()
        kconfig: qconf: omit parent to QHBoxLayout()
        kconfig: qconf: remove name from ConfigSearchWindow constructor
        kconfig: qconf: remove unused ConfigList::listView()
        kconfig: qconf: overload addToolBar() to create and insert toolbar
        kconfig: qconf: remove toolBar from ConfigMainWindow members
        kconfig: qconf: use 'menu' variable for (QMenu *)
        kconfig: qconf: do not use 'menu' variable for (QMenuBar *)
        kconfig: qconf: remove ->addSeparator() to menuBar
        kconfig: add 'static' to some file-local data
        ...
      32b2ee5c
    • Vinicius Costa Gomes's avatar
      igc: Fix PTP initialization · 3cda505a
      Vinicius Costa Gomes authored
      Right now, igc_ptp_reset() is called from igc_reset(), which is called
      from igc_probe() before igc_ptp_init() has a chance to run. It is
      detected as an attempt to use an spinlock without registering its key
      first. See log below.
      
      To avoid this problem, simplify the initialization: igc_ptp_init() is
      only called from igc_probe(), and igc_ptp_reset() is only called from
      igc_reset().
      
      [    2.736332] INFO: trying to register non-static key.
      [    2.736902] input: HDA Intel PCH Front Headphone as /devices/pci0000:00/0000:00:1f.3/sound/card0/input10
      [    2.737513] the code is fine but needs lockdep annotation.
      [    2.737513] turning off the locking correctness validator.
      [    2.737515] CPU: 8 PID: 239 Comm: systemd-udevd Tainted: G            E     5.8.0-rc7+ #13
      [    2.737515] Hardware name: Gigabyte Technology Co., Ltd. Z390 AORUS ULTRA/Z390 AORUS ULTRA-CF, BIOS F7 03/14/2019
      [    2.737516] Call Trace:
      [    2.737521]  dump_stack+0x78/0xa0
      [    2.737524]  register_lock_class+0x6b1/0x6f0
      [    2.737526]  ? lockdep_hardirqs_on_prepare+0xca/0x160
      [    2.739177]  ? _raw_spin_unlock_irq+0x24/0x50
      [    2.739179]  ? trace_hardirqs_on+0x1c/0xf0
      [    2.740820]  __lock_acquire+0x56/0x1ff0
      [    2.740823]  ? __schedule+0x30c/0x970
      [    2.740825]  lock_acquire+0x97/0x3e0
      [    2.740830]  ? igc_ptp_reset+0x35/0xf0 [igc]
      [    2.740833]  ? schedule_hrtimeout_range_clock+0xb7/0x120
      [    2.742507]  _raw_spin_lock_irqsave+0x3a/0x50
      [    2.742512]  ? igc_ptp_reset+0x35/0xf0 [igc]
      [    2.742515]  igc_ptp_reset+0x35/0xf0 [igc]
      [    2.742519]  igc_reset+0x96/0xd0 [igc]
      [    2.744148]  igc_probe+0x68f/0x7d0 [igc]
      [    2.745796]  local_pci_probe+0x3d/0x70
      [    2.745799]  pci_device_probe+0xd1/0x190
      [    2.745802]  really_probe+0x15a/0x3f0
      [    2.759936]  driver_probe_device+0xe1/0x150
      [    2.759937]  device_driver_attach+0xa8/0xb0
      [    2.761786]  __driver_attach+0x89/0x150
      [    2.761786]  ? device_driver_attach+0xb0/0xb0
      [    2.761787]  ? device_driver_attach+0xb0/0xb0
      [    2.761788]  bus_for_each_dev+0x66/0x90
      [    2.765012]  bus_add_driver+0x12e/0x1f0
      [    2.765716]  driver_register+0x8b/0xe0
      [    2.766418]  ? 0xffffffffc0230000
      [    2.767119]  do_one_initcall+0x5a/0x310
      [    2.767826]  ? kmem_cache_alloc_trace+0xe9/0x200
      [    2.768528]  do_init_module+0x5c/0x260
      [    2.769206]  __do_sys_finit_module+0x93/0xe0
      [    2.770048]  do_syscall_64+0x46/0xa0
      [    2.770716]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
      [    2.771396] RIP: 0033:0x7f83534589e0
      [    2.772073] Code: 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 2e 2e 2e 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 80 24 0d 00 f7 d8 64 89 01 48
      [    2.772074] RSP: 002b:00007ffd31d0ed18 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
      [    2.774854] RAX: ffffffffffffffda RBX: 000055d52816aba0 RCX: 00007f83534589e0
      [    2.774855] RDX: 0000000000000000 RSI: 00007f83535b982f RDI: 0000000000000006
      [    2.774855] RBP: 00007ffd31d0ed60 R08: 0000000000000000 R09: 00007ffd31d0ed30
      [    2.774856] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000
      [    2.774856] R13: 0000000000020000 R14: 00007f83535b982f R15: 000055d527f5e120
      
      Fixes: 5f295805 ("igc: Add basic skeleton for PTP")
      Signed-off-by: default avatarVinicius Costa Gomes <vinicius.gomes@intel.com>
      Reviewed-by: default avatarAndre Guedes <andre.guedes@intel.com>
      Tested-by: default avatarAaron Brown <aaron.f.brown@intel.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      3cda505a
    • Oleksij Rempel's avatar
      can: j1939: transport: j1939_xtp_rx_dat_one(): compare own packets to detect corruptions · e052d054
      Oleksij Rempel authored
      Since the stack relays on receiving own packets, it was overwriting own
      transmit buffer from received packets.
      
      At least theoretically, the received echo buffer can be corrupt or
      changed and the session partner can request to resend previous data. In
      this case we will re-send bad data.
      
      With this patch we will stop to overwrite own TX buffer and use it for
      sanity checking.
      Signed-off-by: default avatarOleksij Rempel <o.rempel@pengutronix.de>
      Link: https://lore.kernel.org/r/20200807105200.26441-6-o.rempel@pengutronix.deSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      e052d054
    • Oleksij Rempel's avatar
      can: j1939: transport: add j1939_session_skb_find_by_offset() function · 840835c9
      Oleksij Rempel authored
      Sometimes it makes no sense to search the skb by pkt.dpo, since we need
      next the skb within the transaction block. This may happen if we have an
      ETP session with CTS set to less than 255 packets.
      
      After this patch, we will be able to work with ETP sessions where the
      block size (ETP.CM_CTS byte 2) is less than 255 packets.
      Reported-by: default avatarHenrique Figueira <henrislip@gmail.com>
      Reported-by: https://github.com/linux-can/can-utils/issues/228
      Fixes: 9d71dd0c ("can: add support of SAE J1939 protocol")
      Signed-off-by: default avatarOleksij Rempel <o.rempel@pengutronix.de>
      Link: https://lore.kernel.org/r/20200807105200.26441-5-o.rempel@pengutronix.deSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      840835c9
    • Oleksij Rempel's avatar
      can: j1939: socket: j1939_sk_bind(): make sure ml_priv is allocated · af804b78
      Oleksij Rempel authored
      This patch adds check to ensure that the struct net_device::ml_priv is
      allocated, as it is used later by the j1939 stack.
      
      The allocation is done by all mainline CAN network drivers, but when using
      bond or team devices this is not the case.
      
      Bail out if no ml_priv is allocated.
      
      Reported-by: syzbot+f03d384f3455d28833eb@syzkaller.appspotmail.com
      Fixes: 9d71dd0c ("can: add support of SAE J1939 protocol")
      Cc: linux-stable <stable@vger.kernel.org> # >= v5.4
      Signed-off-by: default avatarOleksij Rempel <o.rempel@pengutronix.de>
      Link: https://lore.kernel.org/r/20200807105200.26441-4-o.rempel@pengutronix.deSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      af804b78
    • Oleksij Rempel's avatar
      can: j1939: transport: j1939_session_tx_dat(): fix use-after-free read in j1939_tp_txtimer() · cd3b3636
      Oleksij Rempel authored
      The current stack implementation do not support ECTS requests of not
      aligned TP sized blocks.
      
      If ECTS will request a block with size and offset spanning two TP
      blocks, this will cause memcpy() to read beyond the queued skb (which
      does only contain one TP sized block).
      
      Sometimes KASAN will detect this read if the memory region beyond the
      skb was previously allocated and freed. In other situations it will stay
      undetected. The ETP transfer in any case will be corrupted.
      
      This patch adds a sanity check to avoid this kind of read and abort the
      session with error J1939_XTP_ABORT_ECTS_TOO_BIG.
      
      Reported-by: syzbot+5322482fe520b02aea30@syzkaller.appspotmail.com
      Fixes: 9d71dd0c ("can: add support of SAE J1939 protocol")
      Cc: linux-stable <stable@vger.kernel.org> # >= v5.4
      Signed-off-by: default avatarOleksij Rempel <o.rempel@pengutronix.de>
      Link: https://lore.kernel.org/r/20200807105200.26441-3-o.rempel@pengutronix.deSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      cd3b3636
    • Oleksij Rempel's avatar
      can: j1939: transport: j1939_simple_recv(): ignore local J1939 messages send not by J1939 stack · b43e3a82
      Oleksij Rempel authored
      In current J1939 stack implementation, we process all locally send
      messages as own messages. Even if it was send by CAN_RAW socket.
      
      To reproduce it use following commands:
      testj1939 -P -r can0:0x80 &
      cansend can0 18238040#0123
      
      This step will trigger false positive not critical warning:
      j1939_simple_recv: Received already invalidated message
      
      With this patch we add additional check to make sure, related skb is own
      echo message.
      
      Fixes: 9d71dd0c ("can: add support of SAE J1939 protocol")
      Signed-off-by: default avatarOleksij Rempel <o.rempel@pengutronix.de>
      Link: https://lore.kernel.org/r/20200807105200.26441-2-o.rempel@pengutronix.deSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      b43e3a82
    • Eric Dumazet's avatar
      can: j1939: fix kernel-infoleak in j1939_sk_sock2sockaddr_can() · 38ba8b92
      Eric Dumazet authored
      syzbot found that at least 2 bytes of kernel information
      were leaked during getsockname() on AF_CAN CAN_J1939 socket.
      
      Since struct sockaddr_can has in fact two holes, simply
      clear the whole area before filling it with useful data.
      
      BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253
      CPU: 0 PID: 8466 Comm: syz-executor511 Not tainted 5.8.0-rc5-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x21c/0x280 lib/dump_stack.c:118
       kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
       kmsan_internal_check_memory+0x238/0x3d0 mm/kmsan/kmsan.c:423
       kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253
       instrument_copy_to_user include/linux/instrumented.h:91 [inline]
       _copy_to_user+0x18e/0x260 lib/usercopy.c:39
       copy_to_user include/linux/uaccess.h:186 [inline]
       move_addr_to_user+0x3de/0x670 net/socket.c:237
       __sys_getsockname+0x407/0x5e0 net/socket.c:1909
       __do_sys_getsockname net/socket.c:1920 [inline]
       __se_sys_getsockname+0x91/0xb0 net/socket.c:1917
       __x64_sys_getsockname+0x4a/0x70 net/socket.c:1917
       do_syscall_64+0xad/0x160 arch/x86/entry/common.c:386
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      RIP: 0033:0x440219
      Code: Bad RIP value.
      RSP: 002b:00007ffe5ee150c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000033
      RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219
      RDX: 0000000020000240 RSI: 0000000020000100 RDI: 0000000000000003
      RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
      R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a20
      R13: 0000000000401ab0 R14: 0000000000000000 R15: 0000000000000000
      
      Local variable ----address@__sys_getsockname created at:
       __sys_getsockname+0x91/0x5e0 net/socket.c:1894
       __sys_getsockname+0x91/0x5e0 net/socket.c:1894
      
      Bytes 2-3 of 24 are uninitialized
      Memory access of size 24 starts at ffff8880ba2c7de8
      Data copied to user address 0000000020000100
      
      Fixes: 9d71dd0c ("can: add support of SAE J1939 protocol")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Cc: Robin van der Gracht <robin@protonic.nl>
      Cc: Oleksij Rempel <o.rempel@pengutronix.de>
      Cc: Pengutronix Kernel Team <kernel@pengutronix.de>
      Cc: linux-can@vger.kernel.org
      Acked-by: default avatarOleksij Rempel <o.rempel@pengutronix.de>
      Link: https://lore.kernel.org/r/20200813161834.4021638-1-edumazet@google.comSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      38ba8b92
    • Masahiro Yamada's avatar
      kconfig: qconf: move setOptionMode() to ConfigList from ConfigView · d4bbe8a1
      Masahiro Yamada authored
      ConfigView::setOptionMode() only gets access to the 'list' member.
      
      Move it to the more relevant ConfigList class.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      d4bbe8a1
    • Masahiro Yamada's avatar
      kconfig: qconf: do not limit the pop-up menu to the first row · fa8de0a3
      Masahiro Yamada authored
      If you right-click the first row in the option tree, the pop-up menu
      shows up, but if you right-click the second row or below, the event
      is ignored due to the following check:
      
        if (e->y() <= header()->geometry().bottom()) {
      
      Perhaps, the intention was to show the pop-menu only when the tree
      header was right-clicked, but this handler is not called in that case.
      
      Since the origin of e->y() starts from the bottom of the header,
      this check is odd.
      
      Going forward, you can right-click anywhere in the tree to get the
      pop-up menu.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      fa8de0a3
    • Masahiro Yamada's avatar
      kconfig: qconf: refactor icon setups · 5cb255ff
      Masahiro Yamada authored
      These icon data are used by ConfigItem, but stored in each instance
      of ConfigView. There is no point to keep the same data in each of 3
      instances, "menu", "config", and "search".
      
      Move the icon data to the more relevant ConfigItem class, and make
      them static members.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      5cb255ff
    • Masahiro Yamada's avatar
      kconfig: qconf: remove unused voidPix, menuInvPix · 4fa91f52
      Masahiro Yamada authored
      These are initialized, but not used by anyone.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      4fa91f52
    • Masahiro Yamada's avatar
      kconfig: qconf: remove ConfigItem::text/setText · 5ca534cd
      Masahiro Yamada authored
      Use QTreeWidgetItem::text/setText directly
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      5ca534cd
    • Masahiro Yamada's avatar
      kconfig: qconf: remove ConfigList::addColumn/removeColumn · abf741a9
      Masahiro Yamada authored
      Use QTreeView::showColumn/hideColumn directly.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      abf741a9
    • Masahiro Yamada's avatar
      kconfig: qconf: remove ConfigItem::pixmap/setPixmap · 711b875b
      Masahiro Yamada authored
      Use QTreeWidgetItem::icon/setIcon directly.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      711b875b
    • Masahiro Yamada's avatar
      kconfig: qconf: drop more localization code · 3c73ff04
      Masahiro Yamada authored
      This is a remnant of commit 694c49a7 ("kconfig: drop localization
      support").
      
      Get it back to the code prior to commit 3b9fa093 ("[PATCH] Kconfig
      i18n support").
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      3c73ff04
    • Masahiro Yamada's avatar
      kconfig: qconf: remove 'parent' from ConfigList::updateMenuList() · 5b75a6c8
      Masahiro Yamada authored
      All the call-sites of this function pass 'this' to the first argument.
      
      So, 'parent' is always the 'this' pointer.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      5b75a6c8
    • Masahiro Yamada's avatar
      kconfig: qconf: remove unused argument from ConfigView::updateList() · 1031685c
      Masahiro Yamada authored
      Now that ConfigList::updateList() takes no argument, the 'item' argument
      ConfigView::updateList() is no longer used.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      1031685c
    • Masahiro Yamada's avatar
      kconfig: qconf: remove unused argument from ConfigList::updateList() · cb77043f
      Masahiro Yamada authored
      This function allocates 'item' before using it, so the argument 'item'
      is always shadowed.
      
      Remove the meaningless argument.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      cb77043f
    • Masahiro Yamada's avatar
      kconfig: qconf: omit parent to QHBoxLayout() · 92641154
      Masahiro Yamada authored
      Instead of passing 0 (i.e. nullptr), leave it empty.
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      92641154