1. 06 Jan, 2023 5 commits
  2. 05 Jan, 2023 10 commits
    • Linus Torvalds's avatar
      Merge tag 'net-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 50011c32
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bpf, wifi, and netfilter.
      
        Current release - regressions:
      
         - bpf: fix nullness propagation for reg to reg comparisons, avoid
           null-deref
      
         - inet: control sockets should not use current thread task_frag
      
         - bpf: always use maximal size for copy_array()
      
         - eth: bnxt_en: don't link netdev to a devlink port for VFs
      
        Current release - new code bugs:
      
         - rxrpc: fix a couple of potential use-after-frees
      
         - netfilter: conntrack: fix IPv6 exthdr error check
      
         - wifi: iwlwifi: fw: skip PPAG for JF, avoid FW crashes
      
         - eth: dsa: qca8k: various fixes for the in-band register access
      
         - eth: nfp: fix schedule in atomic context when sync mc address
      
         - eth: renesas: rswitch: fix getting mac address from device tree
      
         - mobile: ipa: use proper endpoint mask for suspend
      
        Previous releases - regressions:
      
         - tcp: add TIME_WAIT sockets in bhash2, fix regression caught by
           Jiri / python tests
      
         - net: tc: don't intepret cls results when asked to drop, fix
           oob-access
      
         - vrf: determine the dst using the original ifindex for multicast
      
         - eth: bnxt_en:
            - fix XDP RX path if BPF adjusted packet length
            - fix HDS (header placement) and jumbo thresholds for RX packets
      
         - eth: ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf,
           avoid memory corruptions
      
        Previous releases - always broken:
      
         - ulp: prevent ULP without clone op from entering the LISTEN status
      
         - veth: fix race with AF_XDP exposing old or uninitialized
           descriptors
      
         - bpf:
            - pull before calling skb_postpull_rcsum() (fix checksum support
              and avoid a WARN())
            - fix panic due to wrong pageattr of im->image (when livepatch and
              kretfunc coexist)
            - keep a reference to the mm, in case the task is dead
      
         - mptcp: fix deadlock in fastopen error path
      
         - netfilter:
            - nf_tables: perform type checking for existing sets
            - nf_tables: honor set timeout and garbage collection updates
            - ipset: fix hash:net,port,net hang with /0 subnet
            - ipset: avoid hung task warning when adding/deleting entries
      
         - selftests: net:
            - fix cmsg_so_mark.sh test hang on non-x86 systems
            - fix the arp_ndisc_evict_nocarrier test for IPv6
      
         - usb: rndis_host: secure rndis_query check against int overflow
      
         - eth: r8169: fix dmar pte write access during suspend/resume with
           WOL
      
         - eth: lan966x: fix configuration of the PCS
      
         - eth: sparx5: fix reading of the MAC address
      
         - eth: qed: allow sleep in qed_mcp_trace_dump()
      
         - eth: hns3:
            - fix interrupts re-initialization after VF FLR
            - fix handling of promisc when MAC addr table gets full
            - refine the handling for VF heartbeat
      
         - eth: mlx5:
            - properly handle ingress QinQ-tagged packets on VST
            - fix io_eq_size and event_eq_size params validation on big endian
            - fix RoCE setting at HCA level if not supported at all
            - don't turn CQE compression on by default for IPoIB
      
         - eth: ena:
            - fix toeplitz initial hash key value
            - account for the number of XDP-processed bytes in interface stats
            - fix rx_copybreak value update
      
        Misc:
      
         - ethtool: harden phy stat handling against buggy drivers
      
         - docs: netdev: convert maintainer's doc from FAQ to a normal
           document"
      
      * tag 'net-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (112 commits)
        caif: fix memory leak in cfctrl_linkup_request()
        inet: control sockets should not use current thread task_frag
        net/ulp: prevent ULP without clone op from entering the LISTEN status
        qed: allow sleep in qed_mcp_trace_dump()
        MAINTAINERS: Update maintainers for ptp_vmw driver
        usb: rndis_host: Secure rndis_query check against int overflow
        net: dpaa: Fix dtsec check for PCS availability
        octeontx2-pf: Fix lmtst ID used in aura free
        drivers/net/bonding/bond_3ad: return when there's no aggregator
        netfilter: ipset: Rework long task execution when adding/deleting entries
        netfilter: ipset: fix hash:net,port,net hang with /0 subnet
        net: sparx5: Fix reading of the MAC address
        vxlan: Fix memory leaks in error path
        net: sched: htb: fix htb_classify() kernel-doc
        net: sched: cbq: dont intepret cls results when asked to drop
        net: sched: atm: dont intepret cls results when asked to drop
        dt-bindings: net: marvell,orion-mdio: Fix examples
        dt-bindings: net: sun8i-emac: Add phy-supply property
        net: ipa: use proper endpoint mask for suspend
        selftests: net: return non-zero for failures reported in arp_ndisc_evict_nocarrier
        ...
      50011c32
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · aa01a183
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
       "A reference leak fix, two fixes for using uninitialized variables and
        more drivers converted to using immutable irqchips:
      
         - fix a reference leak in gpio-sifive
      
         - fix a potential use of an uninitialized variable in core gpiolib
      
         - fix a potential use of an uninitialized variable in gpio-pca953x
      
         - make GPIO irqchips immutable in gpio-pmic-eic-sprd, gpio-eic-sprd
           and gpio-sprd"
      
      * tag 'gpio-fixes-for-v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: sifive: Fix refcount leak in sifive_gpio_probe
        gpio: sprd: Make the irqchip immutable
        gpio: pmic-eic-sprd: Make the irqchip immutable
        gpio: eic-sprd: Make the irqchip immutable
        gpio: pca953x: avoid to use uninitialized value pinctrl
        gpiolib: Fix using uninitialized lookup-flags on ACPI platforms
      aa01a183
    • Linus Torvalds's avatar
      Merge tag 'fbdev-for-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev · 5e9af4b4
      Linus Torvalds authored
      Pull fbdev fixes from Helge Deller:
      
       - Fix Matrox G200eW initialization failure
      
       - Fix build failure of offb driver when built as module
      
       - Optimize stack usage in omapfb
      
      * tag 'fbdev-for-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev:
        fbdev: omapfb: avoid stack overflow warning
        fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB
        fbdev: atyfb: use strscpy() to instead of strncpy()
        fbdev: omapfb: use strscpy() to instead of strncpy()
        fbdev: make offb driver tristate
      5e9af4b4
    • Arnd Bergmann's avatar
      fbdev: omapfb: avoid stack overflow warning · 634cf6ea
      Arnd Bergmann authored
      The dsi_irq_stats structure is a little too big to fit on the
      stack of a 32-bit task, depending on the specific gcc options:
      
      fbdev/omap2/omapfb/dss/dsi.c: In function 'dsi_dump_dsidev_irqs':
      fbdev/omap2/omapfb/dss/dsi.c:1621:1: error: the frame size of 1064 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
      
      Since this is only a debugfs file, performance is not critical,
      so just dynamically allocate it, and print an error message
      in there in place of a failure code when the allocation fails.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarHelge Deller <deller@gmx.de>
      634cf6ea
    • Zhengchao Shao's avatar
      caif: fix memory leak in cfctrl_linkup_request() · fe69230f
      Zhengchao Shao authored
      When linktype is unknown or kzalloc failed in cfctrl_linkup_request(),
      pkt is not released. Add release process to error path.
      
      Fixes: b482cd20 ("net-caif: add CAIF core protocol stack")
      Fixes: 8d545c8f ("caif: Disconnect without waiting for response")
      Signed-off-by: default avatarZhengchao Shao <shaozhengchao@huawei.com>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Link: https://lore.kernel.org/r/20230104065146.1153009-1-shaozhengchao@huawei.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      fe69230f
    • Eric Dumazet's avatar
      inet: control sockets should not use current thread task_frag · 1ac88557
      Eric Dumazet authored
      Because ICMP handlers run from softirq contexts,
      they must not use current thread task_frag.
      
      Previously, all sockets allocated by inet_ctl_sock_create()
      would use the per-socket page fragment, with no chance of
      recursion.
      
      Fixes: 98123866 ("Treewide: Stop corrupting socket's task_frag")
      Reported-by: syzbot+bebc6f1acdf4cbb79b03@syzkaller.appspotmail.com
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Benjamin Coddington <bcodding@redhat.com>
      Acked-by: default avatarGuillaume Nault <gnault@redhat.com>
      Link: https://lore.kernel.org/r/20230103192736.454149-1-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      1ac88557
    • Paolo Abeni's avatar
      net/ulp: prevent ULP without clone op from entering the LISTEN status · 2c02d41d
      Paolo Abeni authored
      When an ULP-enabled socket enters the LISTEN status, the listener ULP data
      pointer is copied inside the child/accepted sockets by sk_clone_lock().
      
      The relevant ULP can take care of de-duplicating the context pointer via
      the clone() operation, but only MPTCP and SMC implement such op.
      
      Other ULPs may end-up with a double-free at socket disposal time.
      
      We can't simply clear the ULP data at clone time, as TLS replaces the
      socket ops with custom ones assuming a valid TLS ULP context is
      available.
      
      Instead completely prevent clone-less ULP sockets from entering the
      LISTEN status.
      
      Fixes: 734942cc ("tcp: ULP infrastructure")
      Reported-by: default avatarslipper <slipper.alive@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Link: https://lore.kernel.org/r/4b80c3d1dbe3d0ab072f80450c202d9bc88b4b03.1672740602.git.pabeni@redhat.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      2c02d41d
    • Caleb Sander's avatar
      qed: allow sleep in qed_mcp_trace_dump() · 5401c3e0
      Caleb Sander authored
      By default, qed_mcp_cmd_and_union() delays 10us at a time in a loop
      that can run 500K times, so calls to qed_mcp_nvm_rd_cmd()
      may block the current thread for over 5s.
      We observed thread scheduling delays over 700ms in production,
      with stacktraces pointing to this code as the culprit.
      
      qed_mcp_trace_dump() is called from ethtool, so sleeping is permitted.
      It already can sleep in qed_mcp_halt(), which calls qed_mcp_cmd().
      Add a "can sleep" parameter to qed_find_nvram_image() and
      qed_nvram_read() so they can sleep during qed_mcp_trace_dump().
      qed_mcp_trace_get_meta_info() and qed_mcp_trace_read_meta(),
      called only by qed_mcp_trace_dump(), allow these functions to sleep.
      I can't tell if the other caller (qed_grc_dump_mcp_hw_dump()) can sleep,
      so keep b_can_sleep set to false when it calls these functions.
      
      An example stacktrace from a custom warning we added to the kernel
      showing a thread that has not scheduled despite long needing resched:
      [ 2745.362925,17] ------------[ cut here ]------------
      [ 2745.362941,17] WARNING: CPU: 23 PID: 5640 at arch/x86/kernel/irq.c:233 do_IRQ+0x15e/0x1a0()
      [ 2745.362946,17] Thread not rescheduled for 744 ms after irq 99
      [ 2745.362956,17] Modules linked in: ...
      [ 2745.363339,17] CPU: 23 PID: 5640 Comm: lldpd Tainted: P           O    4.4.182+ #202104120910+6d1da174272d.61x
      [ 2745.363343,17] Hardware name: FOXCONN MercuryB/Quicksilver Controller, BIOS H11P1N09 07/08/2020
      [ 2745.363346,17]  0000000000000000 ffff885ec07c3ed8 ffffffff8131eb2f ffff885ec07c3f20
      [ 2745.363358,17]  ffffffff81d14f64 ffff885ec07c3f10 ffffffff81072ac2 ffff88be98ed0000
      [ 2745.363369,17]  0000000000000063 0000000000000174 0000000000000074 0000000000000000
      [ 2745.363379,17] Call Trace:
      [ 2745.363382,17]  <IRQ>  [<ffffffff8131eb2f>] dump_stack+0x8e/0xcf
      [ 2745.363393,17]  [<ffffffff81072ac2>] warn_slowpath_common+0x82/0xc0
      [ 2745.363398,17]  [<ffffffff81072b4c>] warn_slowpath_fmt+0x4c/0x50
      [ 2745.363404,17]  [<ffffffff810d5a8e>] ? rcu_irq_exit+0xae/0xc0
      [ 2745.363408,17]  [<ffffffff817c99fe>] do_IRQ+0x15e/0x1a0
      [ 2745.363413,17]  [<ffffffff817c7ac9>] common_interrupt+0x89/0x89
      [ 2745.363416,17]  <EOI>  [<ffffffff8132aa74>] ? delay_tsc+0x24/0x50
      [ 2745.363425,17]  [<ffffffff8132aa04>] __udelay+0x34/0x40
      [ 2745.363457,17]  [<ffffffffa04d45ff>] qed_mcp_cmd_and_union+0x36f/0x7d0 [qed]
      [ 2745.363473,17]  [<ffffffffa04d5ced>] qed_mcp_nvm_rd_cmd+0x4d/0x90 [qed]
      [ 2745.363490,17]  [<ffffffffa04e1dc7>] qed_mcp_trace_dump+0x4a7/0x630 [qed]
      [ 2745.363504,17]  [<ffffffffa04e2556>] ? qed_fw_asserts_dump+0x1d6/0x1f0 [qed]
      [ 2745.363520,17]  [<ffffffffa04e4ea7>] qed_dbg_mcp_trace_get_dump_buf_size+0x37/0x80 [qed]
      [ 2745.363536,17]  [<ffffffffa04ea881>] qed_dbg_feature_size+0x61/0xa0 [qed]
      [ 2745.363551,17]  [<ffffffffa04eb427>] qed_dbg_all_data_size+0x247/0x260 [qed]
      [ 2745.363560,17]  [<ffffffffa0482c10>] qede_get_regs_len+0x30/0x40 [qede]
      [ 2745.363566,17]  [<ffffffff816c9783>] ethtool_get_drvinfo+0xe3/0x190
      [ 2745.363570,17]  [<ffffffff816cc152>] dev_ethtool+0x1362/0x2140
      [ 2745.363575,17]  [<ffffffff8109bcc6>] ? finish_task_switch+0x76/0x260
      [ 2745.363580,17]  [<ffffffff817c2116>] ? __schedule+0x3c6/0x9d0
      [ 2745.363585,17]  [<ffffffff810dbd50>] ? hrtimer_start_range_ns+0x1d0/0x370
      [ 2745.363589,17]  [<ffffffff816c1e5b>] ? dev_get_by_name_rcu+0x6b/0x90
      [ 2745.363594,17]  [<ffffffff816de6a8>] dev_ioctl+0xe8/0x710
      [ 2745.363599,17]  [<ffffffff816a58a8>] sock_do_ioctl+0x48/0x60
      [ 2745.363603,17]  [<ffffffff816a5d87>] sock_ioctl+0x1c7/0x280
      [ 2745.363608,17]  [<ffffffff8111f393>] ? seccomp_phase1+0x83/0x220
      [ 2745.363612,17]  [<ffffffff811e3503>] do_vfs_ioctl+0x2b3/0x4e0
      [ 2745.363616,17]  [<ffffffff811e3771>] SyS_ioctl+0x41/0x70
      [ 2745.363619,17]  [<ffffffff817c6ffe>] entry_SYSCALL_64_fastpath+0x1e/0x79
      [ 2745.363622,17] ---[ end trace f6954aa440266421 ]---
      
      Fixes: c965db44 ("qed: Add support for debug data collection")
      Signed-off-by: default avatarCaleb Sander <csander@purestorage.com>
      Acked-by: default avatarAlok Prasad <palok@marvell.com>
      Link: https://lore.kernel.org/r/20230103233021.1457646-1-csander@purestorage.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      5401c3e0
    • Jakub Kicinski's avatar
      Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 49d9601b
      Jakub Kicinski authored
      Alexei Starovoitov says:
      
      ====================
      bpf 2023-01-04
      
      We've added 5 non-merge commits during the last 8 day(s) which contain
      a total of 5 files changed, 112 insertions(+), 18 deletions(-).
      
      The main changes are:
      
      1) Always use maximal size for copy_array in the verifier to fix
         KASAN tracking, from Kees.
      
      2) Fix bpf task iterator walking through dead tasks, from Kui-Feng.
      
      3) Make sure livepatch and bpf fexit can coexist, from Chuang.
      
      * tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
        bpf: Always use maximal size for copy_array()
        selftests/bpf: add a test for iter/task_vma for short-lived processes
        bpf: keep a reference to the mm, in case the task is dead.
        selftests/bpf: Temporarily disable part of btf_dump:var_data test.
        bpf: Fix panic due to wrong pageattr of im->image
      ====================
      
      Link: https://lore.kernel.org/r/20230104215500.79435-1-alexei.starovoitov@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      49d9601b
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 41c03ba9
      Linus Torvalds authored
      Pull virtio updates from Michael Tsirkin:
       "Mostly fixes all over the place, a couple of cleanups"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: (32 commits)
        virtio_blk: Fix signedness bug in virtblk_prep_rq()
        vdpa_sim_net: should not drop the multicast/broadcast packet
        vdpasim: fix memory leak when freeing IOTLBs
        vdpa: conditionally fill max max queue pair for stats
        vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove
        vduse: Validate vq_num in vduse_validate_config()
        tools/virtio: remove smp_read_barrier_depends()
        tools/virtio: remove stray characters
        vhost_vdpa: fix the crash in unmap a large memory
        virtio: Implementing attribute show with sysfs_emit
        virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()
        tools/virtio: Variable type completion
        vdpa_sim: fix vringh initialization in vdpasim_queue_ready()
        virtio_blk: use UINT_MAX instead of -1U
        vhost-vdpa: fix an iotlb memory leak
        vhost: fix range used in translate_desc()
        vringh: fix range used in iotlb_translate()
        vhost/vsock: Fix error handling in vhost_vsock_init()
        vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init()
        tools: Delete the unneeded semicolon after curly braces
        ...
      41c03ba9
  3. 04 Jan, 2023 5 commits
  4. 03 Jan, 2023 12 commits
  5. 02 Jan, 2023 8 commits