1. 03 Aug, 2023 9 commits
  2. 02 Aug, 2023 12 commits
    • Wen Gong's avatar
      wifi: ath12k: change to use dynamic memory for channel list of scan · 3742928a
      Wen Gong authored
      Currently there are about 60 channels for 6 GHz, then the size of
      chan_list in struct scan_req_params which is 40 is not enough to
      fill all the channel list of 6 GHz.
      
      Use dynamic memory to save the channel list of scan.
      
      Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
      Signed-off-by: default avatarWen Gong <quic_wgong@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230717033431.21983-1-quic_wgong@quicinc.com
      3742928a
    • Wen Gong's avatar
      wifi: ath12k: trigger station disconnect on hardware restart · 68c35cc3
      Wen Gong authored
      Currently after the hardware restart triggered from the driver, the
      station interface connection remains intact, since a disconnect
      trigger is not sent to userspace. This can lead to a problem in
      targets where the wifi mac sequence is added by the firmware.
      
      After the target restart, its wifi mac sequence number gets reset to
      zero. Hence AP to which our device is connected will receive frames
      with a wifi mac sequence number jump to the past, thereby resulting
      in the AP dropping all these frames, until the frame arrives with a
      wifi mac sequence number which AP was expecting.
      
      To avoid such frame drops, its better to trigger a station disconnect
      upon target hardware restart which can be done with API
      ieee80211_reconfig_disconnect exposed to mac80211.
      
      Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
      Signed-off-by: default avatarWen Gong <quic_wgong@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230714092555.2018-1-quic_wgong@quicinc.com
      68c35cc3
    • Baochen Qiang's avatar
      wifi: ath12k: Use pdev_id rather than mac_id to get pdev · 7ee027ab
      Baochen Qiang authored
      We are seeing kernel crash in below test scenario:
       1. make DUT connect to an WPA3 encrypted 11ax AP in Ch44 HE80
       2. use "wpa_cli -i <inf> disconnect" to disconnect
       3. wait for DUT to automatically reconnect
      
      Kernel crashes while waiting, below shows the crash stack:
      [  755.120868] BUG: kernel NULL pointer dereference, address: 0000000000000000
      [  755.120871] #PF: supervisor read access in kernel mode
      [  755.120872] #PF: error_code(0x0000) - not-present page
      [  755.120873] PGD 0 P4D 0
      [  755.120875] Oops: 0000 [#1] PREEMPT SMP NOPTI
      [  755.120876] CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Not tainted 5.19.0-rc1+ #3
      [  755.120878] Hardware name: Intel(R) Client Systems NUC11PHi7/NUC11PHBi7, BIOS PHTGL579.0063.2021.0707.1057 07/07/2021
      [  755.120879] RIP: 0010:ath12k_dp_process_rx_err+0x2b6/0x14a0 [ath12k]
      [  755.120890] Code: 01 c0 48 c1 e0 05 48 8b 9c 07 b8 b2 00 00 48 c7 c0 61 ff 0e c1 48 85 db 53 48 0f 44 c6 48 c7 c6 80 9d 0f c1 50 e8 1a 25 00 00 <4c> 8b 3b 4d 8b 76 14 41 59 41 5a 41 8b 87 78 43 01 00 4d 85 f6 89
      [  755.120891] RSP: 0018:ffff9a93402c8d10 EFLAGS: 00010282
      [  755.120892] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000303
      [  755.120893] RDX: 0000000000000000 RSI: ffffffff93b7cbe9 RDI: 00000000ffffffff
      [  755.120894] RBP: ffff9a93402c8e50 R08: ffffffff93e65360 R09: ffffffff942e044d
      [  755.120894] R10: 0000000000000000 R11: 0000000000000063 R12: ffff8dbec5420000
      [  755.120895] R13: ffff8dbec5420000 R14: ffff8dbdefe9a0a0 R15: ffff8dbec5420000
      [  755.120896] FS:  0000000000000000(0000) GS:ffff8dc2705c0000(0000) knlGS:0000000000000000
      [  755.120897] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  755.120898] CR2: 0000000000000000 CR3: 0000000107be4005 CR4: 0000000000770ee0
      [  755.120898] PKRU: 55555554
      [  755.120899] Call Trace:
      [  755.120900]  <IRQ>
      [  755.120903]  ? ath12k_pci_write32+0x2e/0x80 [ath12k]
      [  755.120910]  ath12k_dp_service_srng+0x214/0x2e0 [ath12k]
      [  755.120917]  ath12k_pci_ext_grp_napi_poll+0x26/0x80 [ath12k]
      [  755.120923]  __napi_poll+0x2b/0x1c0
      [  755.120925]  net_rx_action+0x2a1/0x2f0
      [  755.120927]  __do_softirq+0xfa/0x2e9
      [  755.120929]  irq_exit_rcu+0xb9/0xd0
      [  755.120932]  common_interrupt+0xc1/0xe0
      [  755.120934]  </IRQ>
      [  755.120934]  <TASK>
      [  755.120935]  asm_common_interrupt+0x2c/0x40
      [  755.120936] RIP: 0010:cpuidle_enter_state+0xdd/0x3a0
      [  755.120938] Code: 00 31 ff e8 45 e2 74 ff 80 7d d7 00 74 16 9c 58 0f 1f 40 00 f6 c4 02 0f 85 a0 02 00 00 31 ff e8 69 79 7b ff fb 0f 1f 44 00 00 <45> 85 ff 0f 88 6d 01 00 00 49 63 d7 4c 2b 6d c8 48 8d 04 52 48 8d
      [  755.120939] RSP: 0018:ffff9a934018be50 EFLAGS: 00000246
      [  755.120940] RAX: ffff8dc2705c0000 RBX: 0000000000000002 RCX: 000000000000001f
      [  755.120941] RDX: 000000afd0b532d3 RSI: ffffffff93b7cbe9 RDI: ffffffff93b8b66e
      [  755.120942] RBP: ffff9a934018be88 R08: 0000000000000002 R09: 0000000000030500
      [  755.120942] R10: ffff9a934018be18 R11: 0000000000000741 R12: ffffba933fdc0600
      [  755.120943] R13: 000000afd0b532d3 R14: ffffffff93fcbc60 R15: 0000000000000002
      [  755.120945]  cpuidle_enter+0x2e/0x40
      [  755.120946]  call_cpuidle+0x23/0x40
      [  755.120948]  do_idle+0x1ff/0x260
      [  755.120950]  cpu_startup_entry+0x1d/0x20
      [  755.120951]  start_secondary+0x10d/0x130
      [  755.120953]  secondary_startup_64_no_verify+0xd3/0xdb
      [  755.120956]  </TASK>
      [  755.120956] Modules linked in: michael_mic rfcomm cmac algif_hash algif_skcipher af_alg bnep qrtr_mhi intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio kvm_intel qrtr snd_hda_codec_hdmi kvm irqbypass ath12k snd_hda_intel snd_seq_midi crct10dif_pclmul mhi ghash_clmulni_intel snd_intel_dspcfg snd_seq_midi_event aesni_intel qmi_helpers i915 snd_rawmidi crypto_simd snd_hda_codec cryptd cec intel_cstate snd_hda_core mac80211 rc_core nouveau snd_seq snd_hwdep btusb drm_buddy drm_ttm_helper nls_iso8859_1 snd_pcm ttm btrtl snd_seq_device wmi_bmof mxm_wmi input_leds cfg80211 joydev btbcm drm_display_helper snd_timer btintel mei_me libarc4 drm_kms_helper bluetooth i2c_algo_bit snd fb_sys_fops syscopyarea mei sysfillrect ecdh_generic soundcore sysimgblt ecc acpi_pad mac_hid sch_fq_codel ipmi_devintf ipmi_msghandler msr parport_pc ppdev lp ramoops parport reed_solomon drm efi_pstore ip_tables x_tables autofs4
      [  755.120992]  hid_generic usbhid hid ax88179_178a usbnet mii nvme nvme_core rtsx_pci_sdmmc crc32_pclmul i2c_i801 intel_lpss_pci i2c_smbus intel_lpss rtsx_pci idma64 virt_dma vmd wmi video
      [  755.121002] CR2: 0000000000000000
      
      The crash is because, for WCN7850, only ab->pdev[0] is initialized, while mac_id here is
      misused to retrieve pdev and it is not zero, leading to a NULL pointer access.
      
      Fix this issue by getting pdev_id first and then use it to retrieve pdev.
      
      Also fix some other code snippets which have the same issue.
      
      Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
      Signed-off-by: default avatarBaochen Qiang <quic_bqiang@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230714080658.3140-1-quic_bqiang@quicinc.com
      7ee027ab
    • Wen Gong's avatar
      wifi: ath12k: avoid array overflow of hw mode for preferred_hw_mode · 1e9b1363
      Wen Gong authored
      Currently ath12k define WMI_HOST_HW_MODE_DBS_OR_SBS=5 as max hw mode
      for enum wmi_host_hw_mode_config_type, it is also same for the array
      ath12k_hw_mode_pri_map.
      
      When tested with new version firmware/board data which support new
      hw mode eMLSR mode with hw mode value 8, it leads overflow usage for
      array ath12k_hw_mode_pri_map in function ath12k_wmi_hw_mode_caps(),
      and then lead preferred_hw_mode changed to 8, and finally function
      ath12k_pull_mac_phy_cap_svc_ready_ext() select the capability of hw
      mode 8, but the capability of eMLSR mode report from firmware does
      not support 2.4 GHz band for WCN7850, so finally 2.4 GHz band is
      disabled.
      
      Skip the hw mode which exceeds WMI_HOST_HW_MODE_MAX in function
      ath12k_wmi_hw_mode_caps() helps to avoid array overflow, then the 2.4
      GHz band will not be disabled.
      
      This is to keep compatibility with newer version firmware/board data
      files, this change is still needed after ath12k add eMLSR hw mode 8 in
      array ath12k_hw_mode_pri_map and enum wmi_host_hw_mode_config_type,
      because more hw mode maybe added in next firmware/board data version
      e.g hw mode 9, then it will also lead new array overflow without this
      change.
      
      Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
      Signed-off-by: default avatarWen Gong <quic_wgong@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230714072405.28705-1-quic_wgong@quicinc.com
      1e9b1363
    • Arnd Bergmann's avatar
      wifi: ath12k: fix memcpy array overflow in ath12k_peer_assoc_h_he() · 603cf6c2
      Arnd Bergmann authored
      Two memory copies in this function copy from a short array into a longer one,
      using the wrong size, which leads to an out-of-bounds access:
      
      include/linux/fortify-string.h:592:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
                              __read_overflow2_field(q_size_field, size);
                              ^
      include/linux/fortify-string.h:592:4: error: call to '__read_overflow2_field' declared with 'warning' attribute: detected read beyond size of field (2nd parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
      2 errors generated.
      
      Fixes: d8899132 ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230703123737.3420464-1-arnd@kernel.org
      603cf6c2
    • Wen Gong's avatar
      wifi: ath12k: correct the data_type from QMI_OPT_FLAG to QMI_UNSIGNED_1_BYTE for mlo_capable · 15c8441d
      Wen Gong authored
      Currently, the encoding rule for field mlo_capable in struct
      qmi_wlanfw_host_cap_req_msg_v01 defined in array
      qmi_wlanfw_host_cap_req_msg_v01_ei uses type QMI_OPT_FLAG.
      
      Unfortunately, all ath12k firmware actually expects this field to be of
      type NON QMI_OPT_FLAG such as QMI_UNSIGNED_1_BYTE/QMI_UNSIGNED_8_BYTE...
      And as a result, firmware is unable to correctly decode the mlo_capable
      field.
      
      Change the ath12k definition as QMI_UNSIGNED_1_BYTE to match the firmware
      definition so that firmware can correctly parse the mlo_capable info from
      message QMI_WLANFW_HOST_CAP_REQ_V01 at wlan load time.
      
      This is just an accidental typo and that both WCN7850 and QCN9274 firmwares
      use QMI_UNSIGNED_1_BYTE.
      
      Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
      Signed-off-by: default avatarWen Gong <quic_wgong@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230726093857.3610-1-quic_wgong@quicinc.com
      15c8441d
    • Wen Gong's avatar
      wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan() · 8ad314da
      Wen Gong authored
      In ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly
      used in memcpy(), which may lead to a NULL pointer dereference on
      failure of kzalloc().
      
      Fix this bug by adding a check of arg.extraie.ptr.
      
      Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4
      Signed-off-by: default avatarWen Gong <quic_wgong@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230726092625.3350-1-quic_wgong@quicinc.com
      8ad314da
    • Seevalamuthu Mariappan's avatar
      wifi: ath11k: Remove cal_done check during probe · 13329d0c
      Seevalamuthu Mariappan authored
      In some race conditions, calibration done QMI message is received even
      before host wait starts for calibration to be done.
      Due to this, resetting firmware was not performed after calibration.
      
      Hence, remove cal_done check in ath11k_qmi_fwreset_from_cold_boot()
      as this is called only from probe.
      
      Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
      Signed-off-by: default avatarSeevalamuthu Mariappan <quic_seevalam@quicinc.com>
      Signed-off-by: default avatarRaj Kumar Bhagat <quic_rajkbhag@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230726141032.3061-4-quic_rajkbhag@quicinc.com
      13329d0c
    • Anilkumar Kolli's avatar
      wifi: ath11k: Add coldboot calibration support for QCN9074 · bdfc967b
      Anilkumar Kolli authored
      QCN9074 supports 6 GHz, which has increased number of channels
      compared to 5 GHz/2 GHz. So, to support coldboot calibration in
      QCN9074 ATH11K_COLD_BOOT_FW_RESET_DELAY extended to 60 seconds. To
      avoid code redundancy, fwreset_from_cold_boot moved to QMI and made
      common for both ahb and pci. Coldboot calibration is enabled only in
      FTM mode for QCN9074. QCN9074 requires firmware restart after coldboot,
      hence enable cbcal_restart_fw in hw_params.
      
      This support can be enabled/disabled using hw params for different
      hardware. Currently it is not enabled for QCA6390.
      
      Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
      Signed-off-by: default avatarAnilkumar Kolli <quic_akolli@quicinc.com>
      Signed-off-by: default avatarSeevalamuthu Mariappan <quic_seevalam@quicinc.com>
      Signed-off-by: default avatarRaj Kumar Bhagat <quic_rajkbhag@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230726141032.3061-3-quic_rajkbhag@quicinc.com
      bdfc967b
    • Seevalamuthu Mariappan's avatar
      wifi: ath11k: Split coldboot calibration hw_param · 011e5a30
      Seevalamuthu Mariappan authored
      QCN9074 enables coldboot calibration only in Factory Test Mode (FTM).
      Hence, split cold_boot_calib to two hw_params for mission and FTM
      mode.
      
      Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
      Signed-off-by: default avatarSeevalamuthu Mariappan <quic_seevalam@quicinc.com>
      Signed-off-by: default avatarRaj Kumar Bhagat <quic_rajkbhag@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230726141032.3061-2-quic_rajkbhag@quicinc.com
      011e5a30
    • Dmitry Antipov's avatar
      wifi: ath11k: simplify ath11k_mac_validate_vht_he_fixed_rate_settings() · 6f092c98
      Dmitry Antipov authored
      In ath11k_mac_validate_vht_he_fixed_rate_settings() ar->ab->peers
      list is not altered so list_for_each_entry() should be safe.
      
      Compile tested only.
      Signed-off-by: default avatarDmitry Antipov <dmantipov@yandex.ru>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230726092113.78794-1-dmantipov@yandex.ru
      6f092c98
    • Aditya Kumar Singh's avatar
      wifi: ath11k: fix band selection for ppdu received in channel 177 of 5 GHz · 72c8caf9
      Aditya Kumar Singh authored
      5 GHz band channel 177 support was added with the commit e5e94d10 ("wifi:
      ath11k: add channel 177 into 5 GHz channel list"). However, during processing
      for the received ppdu in ath11k_dp_rx_h_ppdu(), channel number is checked only
      till 173. This leads to driver code checking for channel and then fetching the
      band from it which is extra effort since firmware has already given the channel
      number in the metadata.
      
      Fix this issue by checking the channel number till 177 since we support
      it now.
      
      Found via code review. Compile tested only.
      
      Fixes: e5e94d10 ("wifi: ath11k: add channel 177 into 5 GHz channel list")
      Signed-off-by: default avatarAditya Kumar Singh <quic_adisi@quicinc.com>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230726044624.20507-1-quic_adisi@quicinc.com
      72c8caf9
  3. 27 Jul, 2023 1 commit
    • Dmitry Antipov's avatar
      wifi: wil6210: fix fortify warnings · 1ad8237e
      Dmitry Antipov authored
      When compiling with gcc 13.1 and CONFIG_FORTIFY_SOURCE=y,
      I've noticed the following:
      
      In function ‘fortify_memcpy_chk’,
          inlined from ‘wil_rx_crypto_check_edma’ at drivers/net/wireless/ath/wil6210/txrx_edma.c:566:2:
      ./include/linux/fortify-string.h:529:25: warning: call to ‘__read_overflow2_field’
      declared with attribute warning: detected read beyond size of field (2nd parameter);
      maybe use struct_group()? [-Wattribute-warning]
        529 |                         __read_overflow2_field(q_size_field, size);
            |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      where the compiler complains on:
      
      const u8 *pn;
      ...
      pn = (u8 *)&st->ext.pn_15_0;
      ...
      memcpy(cc->pn, pn, IEEE80211_GCMP_PN_LEN);
      
      and:
      
      In function ‘fortify_memcpy_chk’,
          inlined from ‘wil_rx_crypto_check’ at drivers/net/wireless/ath/wil6210/txrx.c:684:2:
      ./include/linux/fortify-string.h:529:25: warning: call to ‘__read_overflow2_field’
      declared with attribute warning: detected read beyond size of field (2nd parameter);
      maybe use struct_group()? [-Wattribute-warning]
        529 |                         __read_overflow2_field(q_size_field, size);
            |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      where the compiler complains on:
      
      const u8 *pn = (u8 *)&d->mac.pn_15_0;
      ...
      memcpy(cc->pn, pn, IEEE80211_GCMP_PN_LEN);
      
      In both cases, the fortification logic interprets 'memcpy()' as 6-byte
      overread of 2-byte field 'pn_15_0' of 'struct wil_rx_status_extension'
      and 'pn_15_0' of 'struct vring_rx_mac', respectively. To silence
      these warnings, last two fields of the aforementioned structures
      are grouped using 'struct_group_attr(pn, __packed' quirk.
      Signed-off-by: default avatarDmitry Antipov <dmantipov@yandex.ru>
      Signed-off-by: default avatarKalle Valo <quic_kvalo@quicinc.com>
      Link: https://lore.kernel.org/r/20230621093711.80118-1-dmantipov@yandex.ru
      1ad8237e
  4. 25 Jul, 2023 5 commits
  5. 24 Jul, 2023 1 commit
    • Eric Dumazet's avatar
      ipv6: remove hard coded limitation on ipv6_pinfo · f5f80e32
      Eric Dumazet authored
      IPv6 inet sockets are supposed to have a "struct ipv6_pinfo"
      field at the end of their definition, so that inet6_sk_generic()
      can derive from socket size the offset of the "struct ipv6_pinfo".
      
      This is very fragile, and prevents adding bigger alignment
      in sockets, because inet6_sk_generic() does not work
      if the compiler adds padding after the ipv6_pinfo component.
      
      We are currently working on a patch series to reorganize
      TCP structures for better data locality and found issues
      similar to the one fixed in commit f5d54767
      ("tcp: fix tcp_inet6_sk() for 32bit kernels")
      
      Alternative would be to force an alignment on "struct ipv6_pinfo",
      greater or equal to __alignof__(any ipv6 sock) to ensure there is
      no padding. This does not look great.
      
      v2: fix typo in mptcp_proto_v6_init() (Paolo)
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Chao Wu <wwchao@google.com>
      Cc: Wei Wang <weiwan@google.com>
      Cc: Coco Li <lixiaoyan@google.com>
      Cc: YiFei Zhu <zhuyifei@google.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f5f80e32
  6. 23 Jul, 2023 9 commits
    • Patrick Rohr's avatar
      net: add sysctl accept_ra_min_rtr_lft · 1671bcfd
      Patrick Rohr authored
      This change adds a new sysctl accept_ra_min_rtr_lft to specify the
      minimum acceptable router lifetime in an RA. If the received RA router
      lifetime is less than the configured value (and not 0), the RA is
      ignored.
      This is useful for mobile devices, whose battery life can be impacted
      by networks that configure RAs with a short lifetime. On such networks,
      the device should never gain IPv6 provisioning and should attempt to
      drop RAs via hardware offload, if available.
      Signed-off-by: default avatarPatrick Rohr <prohr@google.com>
      Cc: Maciej Żenczykowski <maze@google.com>
      Cc: Lorenzo Colitti <lorenzo@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1671bcfd
    • justinstitt@google.com's avatar
      net: dsa: remove deprecated strncpy · 5c9f7b04
      justinstitt@google.com authored
      `strncpy` is deprecated for use on NUL-terminated destination strings [1].
      
      Even call sites utilizing length-bounded destination buffers should
      switch over to using `strtomem` or `strtomem_pad`. In this case,
      however, the compiler is unable to determine the size of the `data`
      buffer which renders `strtomem` unusable. Due to this, `strscpy`
      should be used.
      
      It should be noted that most call sites already zero-initialize the
      destination buffer. However, I've opted to use `strscpy_pad` to maintain
      the same exact behavior that `strncpy` produced (zero-padded tail up to
      `len`).
      
      Also see [3].
      
      [1]: www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
      [2]: elixir.bootlin.com/linux/v6.3/source/net/ethtool/ioctl.c#L1944
      [3]: manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
      
      Link: https://github.com/KSPP/linux/issues/90Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarJustin Stitt <justinstitt@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5c9f7b04
    • David S. Miller's avatar
      Merge branch 'process-connector-bug-fixes-and-enhancements' · 2e60314c
      David S. Miller authored
      Anjali Kulkarni says:
      
      ====================
      Process connector bug fixes & enhancements
      
      Oracle DB is trying to solve a performance overhead problem it has been
      facing for the past 10 years and using this patch series, we can fix this
      issue.
      
      Oracle DB runs on a large scale with 100000s of short lived processes,
      starting up and exiting quickly. A process monitoring DB daemon which
      tracks and cleans up after processes that have died without a proper exit
      needs notifications only when a process died with a non-zero exit code
      (which should be rare).
      
      Due to the pmon architecture, which is distributed, each process is
      independent and has minimal interaction with pmon. Hence fd based
      solutions to track a process's spawning and exit cannot be used. Pmon
      needs to detect the abnormal death of a process so it can cleanup after.
      Currently it resorts to checking /proc every few seconds. Other methods
      we tried like using system call to reduce the above overhead were not
      accepted upstream.
      
      With this change, we add event based filtering to proc connector module
      so that DB can only listen to the events it is interested in. A new
      event type PROC_EVENT_NONZERO_EXIT is added, which is only sent by kernel
      to a listening application when any process exiting has a non-zero exit
      status.
      
      This change will give Oracle DB substantial performance savings - it takes
      50ms to scan about 8K PIDs in /proc, about 500ms for 100K PIDs. DB does
      this check every 3 secs, so over an hour we save 10secs for 100K PIDs.
      
      With this, a client can register to listen for only exit or fork or a mix or
      all of the events. This greatly enhances performance - currently, we
      need to listen to all events, and there are 9 different types of events.
      For eg. handling 3 types of events - 8K-forks + 8K-exits + 8K-execs takes
      200ms, whereas handling 2 types - 8K-forks + 8K-exits takes about 150ms,
      and handling just one type - 8K exits takes about 70ms.
      
      Measuring the time using pidfds for monitoring 8K process exits took 4
      times longer - 200ms, as compared to 70ms using only exit notifications
      of proc connector. Hence, we cannot use pidfd for our use case.
      
      This kind of a new event could also be useful to other applications like
      Google's lmkd daemon, which needs a killed process's exit notification.
      
      This patch series is organized as follows -
      
      Patch 1 : Needed for patch 3 to work.
      Patch 2 : Needed for patch 3 to work.
      Patch 3 : Fixes some bugs in proc connector, details in the patch.
      Patch 4 : Adds event based filtering for performance enhancements.
      Patch 5 : Allow non-root users access to proc connector events.
      Patch 6 : Selftest code for proc connector.
      
      v9->v10 changes:
      - Rebased to net-next, re-compiled and re-tested.
      
      v8->v9 changes:
      - Added sha1 ("title") of reversed patch as suggested by Eric Dumazet.
      
      v7->v8 changes:
      - Fixed an issue pointed by Liam Howlett in v7.
      
      v6->v7 changes:
      - Incorporated Liam Howlett's comments on v6
      - Incorporated Kalesh Anakkur Purayil's comments
      
      v5->v6 changes:
      - Incorporated Liam Howlett's comments
      - Removed FILTER define from proc_filter.c and added a "-f" run-time
        option to run new filter code.
      - Made proc_filter.c a selftest in tools/testing/selftests/connector
      
      v4->v5 changes:
      - Change the cover letter
      - Fix a small issue in proc_filter.c
      
      v3->v4 changes:
      - Fix comments by Jakub Kicinski to incorporate root access changes
        within bind call of connector
      
      v2->v3 changes:
      - Fix comments by Jakub Kicinski to separate netlink (patch 2) (after
        layering) from connector fixes (patch 3).
      - Minor fixes suggested by Jakub.
      - Add new multicast group level permissions check at netlink layer.
        Split this into netlink & connector layers (patches 6 & 7)
      
      v1->v2 changes:
      - Fix comments by Jakub Kicinski to keep layering within netlink and
        update kdocs.
      - Move non-root users access patch last in series so remaining patches
        can go in first.
      
      v->v1 changes:
      - Changed commit log in patch 4 as suggested by Christian Brauner
      - Changed patch 4 to make more fine grained access to non-root users
      - Fixed warning in cn_proc.c,
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      - Fixed some existing warnings in cn_proc.c
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2e60314c
    • Anjali Kulkarni's avatar
      connector/cn_proc: Selftest for proc connector · 73a29531
      Anjali Kulkarni authored
      Run as ./proc_filter -f to run new filter code. Run without "-f" to run
      usual proc connector code without the new filtering code.
      Signed-off-by: default avatarAnjali Kulkarni <anjali.k.kulkarni@oracle.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      73a29531
    • Anjali Kulkarni's avatar
      connector/cn_proc: Allow non-root users access · bfdfdc2f
      Anjali Kulkarni authored
      There were a couple of reasons for not allowing non-root users access
      initially  - one is there was some point no proper receive buffer
      management in place for netlink multicast. But that should be long
      fixed. See link below for more context.
      
      Second is that some of the messages may contain data that is root only. But
      this should be handled with a finer granularity, which is being done at the
      protocol layer.  The only problematic protocols are nf_queue and the
      firewall netlink. Hence, this restriction for non-root access was relaxed
      for NETLINK_ROUTE initially:
      https://lore.kernel.org/all/20020612013101.A22399@wotan.suse.de/
      
      This restriction has also been removed for following protocols:
      NETLINK_KOBJECT_UEVENT, NETLINK_AUDIT, NETLINK_SOCK_DIAG,
      NETLINK_GENERIC, NETLINK_SELINUX.
      
      Since process connector messages are not sensitive (process fork, exit
      notifications etc.), and anyone can read /proc data, we can allow non-root
      access here. However, since process event notification is not the only
      consumer of NETLINK_CONNECTOR, we can make this change even more
      fine grained than the protocol level, by checking for multicast group
      within the protocol.
      
      Allow non-root access for NETLINK_CONNECTOR via NL_CFG_F_NONROOT_RECV
      but add new bind function cn_bind(), which allows non-root access only
      for CN_IDX_PROC multicast group.
      Signed-off-by: default avatarAnjali Kulkarni <anjali.k.kulkarni@oracle.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bfdfdc2f
    • Anjali Kulkarni's avatar
      connector/cn_proc: Performance improvements · 743acf35
      Anjali Kulkarni authored
      This patch adds the capability to filter messages sent by the proc
      connector on the event type supplied in the message from the client
      to the connector. The client can register to listen for an event type
      given in struct proc_input.
      
      This event based filteting will greatly enhance performance - handling
      8K exits takes about 70ms, whereas 8K-forks + 8K-exits takes about 150ms
      & handling 8K-forks + 8K-exits + 8K-execs takes 200ms. There are currently
      9 different types of events, and we need to listen to all of them. Also,
      measuring the time using pidfds for monitoring 8K process exits took
      much longer - 200ms, as compared to 70ms using only exit notifications of
      proc connector.
      
      We also add a new event type - PROC_EVENT_NONZERO_EXIT, which is
      only sent by kernel to a listening application when any process exiting,
      has a non-zero exit status. This will help the clients like Oracle DB,
      where a monitoring process wants notfications for non-zero process exits
      so it can cleanup after them.
      
      This kind of a new event could also be useful to other applications like
      Google's lmkd daemon, which needs a killed process's exit notification.
      
      The patch takes care that existing clients using old mechanism of not
      sending the event type work without any changes.
      
      cn_filter function checks to see if the event type being notified via
      proc connector matches the event type requested by client, before
      sending(matches) or dropping(does not match) a packet.
      Signed-off-by: default avatarAnjali Kulkarni <anjali.k.kulkarni@oracle.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      743acf35
    • Anjali Kulkarni's avatar
      connector/cn_proc: Add filtering to fix some bugs · 2aa1f7a1
      Anjali Kulkarni authored
      The current proc connector code has the foll. bugs - if there are more
      than one listeners for the proc connector messages, and one of them
      deregisters for listening using PROC_CN_MCAST_IGNORE, they will still get
      all proc connector messages, as long as there is another listener.
      
      Another issue is if one client calls PROC_CN_MCAST_LISTEN, and another one
      calls PROC_CN_MCAST_IGNORE, then both will end up not getting any messages.
      
      This patch adds filtering and drops packet if client has sent
      PROC_CN_MCAST_IGNORE. This data is stored in the client socket's
      sk_user_data. In addition, we only increment or decrement
      proc_event_num_listeners once per client. This fixes the above issues.
      
      cn_release is the release function added for NETLINK_CONNECTOR. It uses
      the newly added netlink_release function added to netlink_sock. It will
      free sk_user_data.
      Signed-off-by: default avatarAnjali Kulkarni <anjali.k.kulkarni@oracle.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2aa1f7a1
    • Anjali Kulkarni's avatar
      netlink: Add new netlink_release function · a4c9a56e
      Anjali Kulkarni authored
      A new function netlink_release is added in netlink_sock to store the
      protocol's release function. This is called when the socket is deleted.
      This can be supplied by the protocol via the release function in
      netlink_kernel_cfg. This is being added for the NETLINK_CONNECTOR
      protocol, so it can free it's data when socket is deleted.
      Signed-off-by: default avatarAnjali Kulkarni <anjali.k.kulkarni@oracle.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Acked-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a4c9a56e
    • Anjali Kulkarni's avatar
      netlink: Reverse the patch which removed filtering · a3377386
      Anjali Kulkarni authored
      To use filtering at the connector & cn_proc layers, we need to enable
      filtering in the netlink layer. This reverses the patch which removed
      netlink filtering - commit ID for that patch:
      549017aa (netlink: remove netlink_broadcast_filtered).
      Signed-off-by: default avatarAnjali Kulkarni <anjali.k.kulkarni@oracle.com>
      Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
      Acked-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a3377386
  7. 22 Jul, 2023 3 commits