1. 14 Sep, 2024 8 commits
    • Jakub Kicinski's avatar
      Merge tag 'linux-can-fixes-for-6.11-20240912' of... · 36f6b72c
      Jakub Kicinski authored
      Merge tag 'linux-can-fixes-for-6.11-20240912' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2024-09-12
      
      Kuniyuki Iwashima's patch fixes an incomplete bug fix in the CAN BCM
      protocol, which was introduced during v6.11.
      
      A patch by Stefan Mätje removes the unsupported CAN_CTRLMODE_3_SAMPLES
      mode for CAN-USB/3-FD devices in the esd_usb driver.
      
      The next patch is by Martin Jocic and enables 64-bit DMA addressing
      for the kvaser_pciefd driver.
      
      The last two patches both affect the m_can driver. Jake Hamby's patch
      activates NAPI before interrupts are activated, a patch by me moves
      the stopping of the clock after the device has been shut down.
      
      * tag 'linux-can-fixes-for-6.11-20240912' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can:
        can: m_can: m_can_close(): stop clocks after device has been shut down
        can: m_can: enable NAPI before enabling interrupts
        can: kvaser_pciefd: Enable 64-bit DMA addressing
        can: esd_usb: Remove CAN_CTRLMODE_3_SAMPLES for CAN-USB/3-FD
        can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
      ====================
      
      Link: https://patch.msgid.link/20240912075804.2825408-1-mkl@pengutronix.deSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      36f6b72c
    • Eric Dumazet's avatar
      ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() · 04ccecfa
      Eric Dumazet authored
      Blamed commit accidentally removed a check for rt->rt6i_idev being NULL,
      as spotted by syzbot:
      
      Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI
      KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
      CPU: 1 UID: 0 PID: 10998 Comm: syz-executor Not tainted 6.11.0-rc6-syzkaller-00208-g62540317 #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
       RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline]
       RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914
      Code: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06
      RSP: 0018:ffffc900047374e0 EFLAGS: 00010246
      RAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000
      RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0
      RBP: ffffc900047375d0 R08: 0000000000000003 R09: fffff520008e6e8c
      R10: dffffc0000000000 R11: fffff520008e6e8c R12: 1ffff1100fdf8f18
      R13: ffff88807efc7998 R14: 0000000000000000 R15: ffff88807efc7930
      FS:  0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000020002a80 CR3: 0000000022f62000 CR4: 00000000003506f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       <TASK>
        addrconf_ifdown+0x15d/0x1bd0 net/ipv6/addrconf.c:3856
       addrconf_notify+0x3cb/0x1020
        notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93
        call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]
        call_netdevice_notifiers net/core/dev.c:2046 [inline]
        unregister_netdevice_many_notify+0xd81/0x1c40 net/core/dev.c:11352
        unregister_netdevice_many net/core/dev.c:11414 [inline]
        unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11289
        unregister_netdevice include/linux/netdevice.h:3129 [inline]
        __tun_detach+0x6b9/0x1600 drivers/net/tun.c:685
        tun_detach drivers/net/tun.c:701 [inline]
        tun_chr_close+0x108/0x1b0 drivers/net/tun.c:3510
        __fput+0x24a/0x8a0 fs/file_table.c:422
        task_work_run+0x24f/0x310 kernel/task_work.c:228
        exit_task_work include/linux/task_work.h:40 [inline]
        do_exit+0xa2f/0x27f0 kernel/exit.c:882
        do_group_exit+0x207/0x2c0 kernel/exit.c:1031
        __do_sys_exit_group kernel/exit.c:1042 [inline]
        __se_sys_exit_group kernel/exit.c:1040 [inline]
        __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040
        x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232
        do_syscall_x64 arch/x86/entry/common.c:52 [inline]
        do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      RIP: 0033:0x7f1acc77def9
      Code: Unable to access opcode bytes at 0x7f1acc77decf.
      RSP: 002b:00007ffeb26fa738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
      RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1acc77def9
      RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
      RBP: 00007f1acc7dd508 R08: 00007ffeb26f84d7 R09: 0000000000000003
      R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
      R13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffeb26fa8e0
       </TASK>
      Modules linked in:
      ---[ end trace 0000000000000000 ]---
       RIP: 0010:rt6_uncached_list_flush_dev net/ipv6/route.c:177 [inline]
       RIP: 0010:rt6_disable_ip+0x33e/0x7e0 net/ipv6/route.c:4914
      Code: 41 80 3c 04 00 74 0a e8 90 d0 9b f7 48 8b 7c 24 08 48 8b 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 f7 e8 64 d0 9b f7 48 8b 44 24 18 49 39 06
      RSP: 0018:ffffc900047374e0 EFLAGS: 00010246
      RAX: 0000000000000000 RBX: 1ffff1100fdf8f33 RCX: dffffc0000000000
      RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88807efc78c0
      RBP: ffffc900047375d0 R08: 0000000000000003 R09: fffff520008e6e8c
      R10: dffffc0000000000 R11: fffff520008e6e8c R12: 1ffff1100fdf8f18
      R13: ffff88807efc7998 R14: 0000000000000000 R15: ffff88807efc7930
      FS:  0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000020002a80 CR3: 0000000022f62000 CR4: 00000000003506f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      
      Fixes: e332bc67 ("ipv6: Don't call with rt6_uncached_list_flush_dev")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Acked-by: default avatarMartin KaFai Lau <martin.lau@kernel.org>
      Link: https://patch.msgid.link/20240913083147.3095442-1-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      04ccecfa
    • Su Hui's avatar
      net: tipc: avoid possible garbage value · 99655a30
      Su Hui authored
      Clang static checker (scan-build) warning:
      net/tipc/bcast.c:305:4:
      The expression is an uninitialized value. The computed value will also
      be garbage [core.uninitialized.Assign]
        305 |                         (*cong_link_cnt)++;
            |                         ^~~~~~~~~~~~~~~~~~
      
      tipc_rcast_xmit() will increase cong_link_cnt's value, but cong_link_cnt
      is uninitialized. Although it won't really cause a problem, it's better
      to fix it.
      
      Fixes: dca4a17d ("tipc: fix potential hanging after b/rcast changing")
      Signed-off-by: default avatarSu Hui <suhui@nfschina.com>
      Reviewed-by: default avatarJustin Stitt <justinstitt@google.com>
      Link: https://patch.msgid.link/20240912110119.2025503-1-suhui@nfschina.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      99655a30
    • Brett Creeley's avatar
      fbnic: Set napi irq value after calling netif_napi_add · 9f3e7f11
      Brett Creeley authored
      The driver calls netif_napi_set_irq() and then calls netif_napi_add(),
      which calls netif_napi_add_weight(). At the end of
      netif_napi_add_weight() is a call to netif_napi_set_irq(napi, -1), which
      clears the previously set napi->irq value. Fix this by calling
      netif_napi_set_irq() after calling netif_napi_add().
      
      This was found when reviewing another patch and I have no way to test
      this, but the fix seemed relatively straight forward.
      
      Fixes: bc610777 ("eth: fbnic: Allocate a netdevice and napi vectors with queues")
      Signed-off-by: default avatarBrett Creeley <brett.creeley@amd.com>
      Reviewed-by: default avatarJoe Damato <jdamato@fastly.com>
      Reviewed-by: default avatarVadim Fedorenko <vadim.fedorenko@linux.dev>
      Link: https://patch.msgid.link/20240912174922.10550-1-brett.creeley@amd.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      9f3e7f11
    • Justin Iurman's avatar
      net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input · 2c84b0aa
      Justin Iurman authored
      Free the skb before returning from rpl_input when skb_cow_head() fails.
      Use a "drop" label and goto instructions.
      
      Fixes: a7a29f9c ("net: ipv6: add rpl sr tunnel")
      Signed-off-by: default avatarJustin Iurman <justin.iurman@uliege.be>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Link: https://patch.msgid.link/20240911174557.11536-1-justin.iurman@uliege.beSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      2c84b0aa
    • Heiner Kallweit's avatar
      r8169: disable ALDPS per default for RTL8125 · b9c7ac4f
      Heiner Kallweit authored
      En-Wei reported that traffic breaks if cable is unplugged for more
      than 3s and then re-plugged. This was supposed to be fixed by
      621735f5 ("r8169: fix rare issue with broken rx after link-down on
      RTL8125"). But apparently this didn't fix the issue for everybody.
      The 3s threshold rang a bell, as this is the delay after which ALDPS
      kicks in. And indeed disabling ALDPS fixes the issue for this user.
      Maybe this fixes the issue in general. In a follow-up step we could
      remove the first fix attempt and see whether anybody complains.
      
      Fixes: f1bce4ad ("r8169: add support for RTL8125")
      Tested-by: default avatarEn-Wei WU <en-wei.wu@canonical.com>
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Link: https://patch.msgid.link/778b9d86-05c4-4856-be59-cde4487b9e52@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      b9c7ac4f
    • Breno Leitao's avatar
      netkit: Assign missing bpf_net_context · 157f2915
      Breno Leitao authored
      During the introduction of struct bpf_net_context handling for
      XDP-redirect, the netkit driver has been missed, which also requires it
      because NETKIT_REDIRECT invokes skb_do_redirect() which is accessing the
      per-CPU variables. Otherwise we see the following crash:
      
      	BUG: kernel NULL pointer dereference, address: 0000000000000038
      	bpf_redirect()
      	netkit_xmit()
      	dev_hard_start_xmit()
      
      Set the bpf_net_context before invoking netkit_xmit() program within the
      netkit driver.
      
      Fixes: 401cb7da ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.")
      Signed-off-by: default avatarBreno Leitao <leitao@debian.org>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Reviewed-by: default avatarSebastian Andrzej Siewior <bigeasy@linutronix.de>
      Reviewed-by: default avatarToke Høiland-Jørgensen <toke@redhat.com>
      Acked-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
      Acked-by: default avatarMartin KaFai Lau <martin.lau@kernel.org>
      Link: https://patch.msgid.link/20240912155620.1334587-1-leitao@debian.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      157f2915
    • Maciej Fijalkowski's avatar
      xsk: fix batch alloc API on non-coherent systems · 4144a105
      Maciej Fijalkowski authored
      In cases when synchronizing DMA operations is necessary,
      xsk_buff_alloc_batch() returns a single buffer instead of the requested
      count. This puts the pressure on drivers that use batch API as they have
      to check for this corner case on their side and take care of allocations
      by themselves, which feels counter productive. Let us improve the core
      by looping over xp_alloc() @max times when slow path needs to be taken.
      
      Another issue with current interface, as spotted and fixed by Dries, was
      that when driver called xsk_buff_alloc_batch() with @max == 0, for slow
      path case it still allocated and returned a single buffer, which should
      not happen. By introducing the logic from first paragraph we kill two
      birds with one stone and address this problem as well.
      
      Fixes: 47e4075d ("xsk: Batched buffer allocation for the pool")
      Reported-and-tested-by: default avatarDries De Winter <ddewinter@synamedia.com>
      Co-developed-by: default avatarDries De Winter <ddewinter@synamedia.com>
      Signed-off-by: default avatarDries De Winter <ddewinter@synamedia.com>
      Signed-off-by: default avatarMaciej Fijalkowski <maciej.fijalkowski@intel.com>
      Acked-by: default avatarMagnus Karlsson <magnus.karlsson@intel.com>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Link: https://patch.msgid.link/20240911191019.296480-1-maciej.fijalkowski@intel.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      4144a105
  2. 13 Sep, 2024 3 commits
  3. 12 Sep, 2024 13 commits
    • Linus Torvalds's avatar
      Merge tag 'net-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 5abfdfd4
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Including fixes from netfilter.
      
        There is a recently notified BT regression with no fix yet. I do not
        think a fix will land in the next week.
      
        Current release - regressions:
      
         - core: tighten bad gso csum offset check in virtio_net_hdr
      
         - netfilter: move nf flowtable bpf initialization in
           nf_flow_table_module_init()
      
         - eth: ice: stop calling pci_disable_device() as we use pcim
      
         - eth: fou: fix null-ptr-deref in GRO.
      
        Current release - new code bugs:
      
         - hsr: prevent NULL pointer dereference in hsr_proxy_announce()
      
        Previous releases - regressions:
      
         - hsr: remove seqnr_lock
      
         - netfilter: nft_socket: fix sk refcount leaks
      
         - mptcp: pm: fix uaf in __timer_delete_sync
      
         - phy: dp83822: fix NULL pointer dereference on DP83825 devices
      
         - eth: revert "virtio_net: rx enable premapped mode by default"
      
         - eth: octeontx2-af: Modify SMQ flush sequence to drop packets
      
        Previous releases - always broken:
      
         - eth: mlx5: fix bridge mode operations when there are no VFs
      
         - eth: igb: Always call igb_xdp_ring_update_tail() under Tx lock"
      
      * tag 'net-6.11-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (36 commits)
        net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init()
        net: tighten bad gso csum offset check in virtio_net_hdr
        netlink: specs: mptcp: fix port endianness
        net: dpaa: Pad packets to ETH_ZLEN
        mptcp: pm: Fix uaf in __timer_delete_sync
        net: libwx: fix number of Rx and Tx descriptors
        net: dsa: felix: ignore pending status of TAS module when it's disabled
        net: hsr: prevent NULL pointer dereference in hsr_proxy_announce()
        selftests: mptcp: include net_helper.sh file
        selftests: mptcp: include lib.sh file
        selftests: mptcp: join: restrict fullmesh endp on 1st sf
        netfilter: nft_socket: make cgroupsv2 matching work with namespaces
        netfilter: nft_socket: fix sk refcount leaks
        MAINTAINERS: Add ethtool pse-pd to PSE NETWORK DRIVER
        dt-bindings: net: tja11xx: fix the broken binding
        selftests: net: csum: Fix checksums for packets with non-zero padding
        net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices
        virtio_net: disable premapped mode by default
        Revert "virtio_net: big mode skip the unmap check"
        Revert "virtio_net: rx remove premapped failover code"
        ...
      5abfdfd4
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v6.11-7' of... · 42c5b519
      Linus Torvalds authored
      Merge tag 'platform-drivers-x86-v6.11-7' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
      
      Pull x86 platform driver fixes from Ilpo Järvinen:
      
       - asus-wmi: Disable OOBE that interferes with backlight control
      
       - panasonic-laptop: Two fixes to SINF array handling
      
      * tag 'platform-drivers-x86-v6.11-7' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
        platform/x86: asus-wmi: Disable OOBE experience on Zenbook S 16
        platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array
        platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
      42c5b519
    • Linus Torvalds's avatar
      mm: avoid leaving partial pfn mappings around in error case · 79a61cc3
      Linus Torvalds authored
      As Jann points out, PFN mappings are special, because unlike normal
      memory mappings, there is no lifetime information associated with the
      mapping - it is just a raw mapping of PFNs with no reference counting of
      a 'struct page'.
      
      That's all very much intentional, but it does mean that it's easy to
      mess up the cleanup in case of errors.  Yes, a failed mmap() will always
      eventually clean up any partial mappings, but without any explicit
      lifetime in the page table mapping itself, it's very easy to do the
      error handling in the wrong order.
      
      In particular, it's easy to mistakenly free the physical backing store
      before the page tables are actually cleaned up and (temporarily) have
      stale dangling PTE entries.
      
      To make this situation less error-prone, just make sure that any partial
      pfn mapping is torn down early, before any other error handling.
      Reported-and-tested-by: default avatarJann Horn <jannh@google.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Jason Gunthorpe <jgg@ziepe.ca>
      Cc: Simona Vetter <simona.vetter@ffwll.ch>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      79a61cc3
    • Lorenzo Bianconi's avatar
      net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init() · 3e705251
      Lorenzo Bianconi authored
      Move nf flowtable bpf initialization in nf_flow_table module load
      routine since nf_flow_table_bpf is part of nf_flow_table module and not
      nf_flow_table_inet one. This patch allows to avoid the following kernel
      warning running the reproducer below:
      
      $modprobe nf_flow_table_inet
      $rmmod nf_flow_table_inet
      $modprobe nf_flow_table_inet
      modprobe: ERROR: could not insert 'nf_flow_table_inet': Invalid argument
      
      [  184.081501] ------------[ cut here ]------------
      [  184.081527] WARNING: CPU: 0 PID: 1362 at kernel/bpf/btf.c:8206 btf_populate_kfunc_set+0x23c/0x330
      [  184.081550] CPU: 0 UID: 0 PID: 1362 Comm: modprobe Kdump: loaded Not tainted 6.11.0-0.rc5.22.el10.x86_64 #1
      [  184.081553] Hardware name: Red Hat OpenStack Compute, BIOS 1.14.0-1.module+el8.4.0+8855+a9e237a9 04/01/2014
      [  184.081554] RIP: 0010:btf_populate_kfunc_set+0x23c/0x330
      [  184.081558] RSP: 0018:ff22cfb38071fc90 EFLAGS: 00010202
      [  184.081559] RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000000
      [  184.081560] RDX: 000000000000006e RSI: ffffffff95c00000 RDI: ff13805543436350
      [  184.081561] RBP: ffffffffc0e22180 R08: ff13805543410808 R09: 000000000001ec00
      [  184.081562] R10: ff13805541c8113c R11: 0000000000000010 R12: ff13805541b83c00
      [  184.081563] R13: ff13805543410800 R14: 0000000000000001 R15: ffffffffc0e2259a
      [  184.081564] FS:  00007fa436c46740(0000) GS:ff1380557ba00000(0000) knlGS:0000000000000000
      [  184.081569] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  184.081570] CR2: 000055e7b3187000 CR3: 0000000100c48003 CR4: 0000000000771ef0
      [  184.081571] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [  184.081572] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [  184.081572] PKRU: 55555554
      [  184.081574] Call Trace:
      [  184.081575]  <TASK>
      [  184.081578]  ? show_trace_log_lvl+0x1b0/0x2f0
      [  184.081580]  ? show_trace_log_lvl+0x1b0/0x2f0
      [  184.081582]  ? __register_btf_kfunc_id_set+0x199/0x200
      [  184.081585]  ? btf_populate_kfunc_set+0x23c/0x330
      [  184.081586]  ? __warn.cold+0x93/0xed
      [  184.081590]  ? btf_populate_kfunc_set+0x23c/0x330
      [  184.081592]  ? report_bug+0xff/0x140
      [  184.081594]  ? handle_bug+0x3a/0x70
      [  184.081596]  ? exc_invalid_op+0x17/0x70
      [  184.081597]  ? asm_exc_invalid_op+0x1a/0x20
      [  184.081601]  ? btf_populate_kfunc_set+0x23c/0x330
      [  184.081602]  __register_btf_kfunc_id_set+0x199/0x200
      [  184.081605]  ? __pfx_nf_flow_inet_module_init+0x10/0x10 [nf_flow_table_inet]
      [  184.081607]  do_one_initcall+0x58/0x300
      [  184.081611]  do_init_module+0x60/0x230
      [  184.081614]  __do_sys_init_module+0x17a/0x1b0
      [  184.081617]  do_syscall_64+0x7d/0x160
      [  184.081620]  ? __count_memcg_events+0x58/0xf0
      [  184.081623]  ? handle_mm_fault+0x234/0x350
      [  184.081626]  ? do_user_addr_fault+0x347/0x640
      [  184.081630]  ? clear_bhb_loop+0x25/0x80
      [  184.081633]  ? clear_bhb_loop+0x25/0x80
      [  184.081634]  ? clear_bhb_loop+0x25/0x80
      [  184.081637]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
      [  184.081639] RIP: 0033:0x7fa43652e4ce
      [  184.081647] RSP: 002b:00007ffe8213be18 EFLAGS: 00000246 ORIG_RAX: 00000000000000af
      [  184.081649] RAX: ffffffffffffffda RBX: 000055e7b3176c20 RCX: 00007fa43652e4ce
      [  184.081650] RDX: 000055e7737fde79 RSI: 0000000000003990 RDI: 000055e7b3185380
      [  184.081651] RBP: 000055e7737fde79 R08: 0000000000000007 R09: 000055e7b3179bd0
      [  184.081651] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000040000
      [  184.081652] R13: 000055e7b3176fa0 R14: 0000000000000000 R15: 000055e7b3179b80
      
      Fixes: 391bb659 ("netfilter: Add bpf_xdp_flow_lookup kfunc")
      Signed-off-by: default avatarLorenzo Bianconi <lorenzo@kernel.org>
      Acked-by: default avatarFlorian Westphal <fw@strlen.de>
      Acked-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      Link: https://patch.msgid.link/20240911-nf-flowtable-bpf-modprob-fix-v1-1-f9fc075aafc3@kernel.orgSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      3e705251
    • Paolo Abeni's avatar
      Merge tag 'nf-24-09-12' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf · 87009709
      Paolo Abeni authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following batch contains two fixes from Florian Westphal:
      
      Patch #1 fixes a sk refcount leak in nft_socket on mismatch.
      
      Patch #2 fixes cgroupsv2 matching from containers due to incorrect
      	 level in subtree.
      
      netfilter pull request 24-09-12
      
      * tag 'nf-24-09-12' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
        netfilter: nft_socket: make cgroupsv2 matching work with namespaces
        netfilter: nft_socket: fix sk refcount leaks
      ====================
      
      Link: https://patch.msgid.link/20240911222520.3606-1-pablo@netfilter.orgSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      87009709
    • Marc Kleine-Budde's avatar
      Merge patch series "can: m_can: fix struct net_device_ops::{open,stop}... · 717338e2
      Marc Kleine-Budde authored
      Merge patch series "can: m_can: fix struct net_device_ops::{open,stop} callbacks under high bus load"
      
      Marc Kleine-Budde <mkl@pengutronix.de> says:
      
      Under high CAN-bus load the struct net_device_ops::{open,stop}
      callbacks (m_can_open(), m_can_close()) don't properly start and
      shutdown the device.
      
      Fix the problems by re-arranging the order of functions in
      m_can_open() and m_can_close().
      
      Link: https://patch.msgid.link/20240910-can-m_can-fix-ifup-v3-0-6c1720ba45ce@pengutronix.deSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      717338e2
    • Marc Kleine-Budde's avatar
      can: m_can: m_can_close(): stop clocks after device has been shut down · 2c09b50e
      Marc Kleine-Budde authored
      After calling m_can_stop() an interrupt may be pending or NAPI might
      still be executed. This means the driver might still touch registers
      of the IP core after the clocks have been disabled. This is not good
      practice and might lead to aborts depending on the SoC integration.
      
      To avoid these potential problems, make m_can_close() symmetric to
      m_can_open(), i.e. stop the clocks at the end, right before shutting
      down the transceiver.
      
      Fixes: e0d1f481 ("can: m_can: add Bosch M_CAN controller support")
      Link: https://patch.msgid.link/20240910-can-m_can-fix-ifup-v3-2-6c1720ba45ce@pengutronix.deSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      2c09b50e
    • Jake Hamby's avatar
      can: m_can: enable NAPI before enabling interrupts · 801ad2f8
      Jake Hamby authored
      If an interrupt (RX-complete or error flag) is set when bringing up
      the CAN device, e.g. due to CAN bus traffic before initializing the
      device, when m_can_start() is called and interrupts are enabled,
      m_can_isr() is called immediately, which disables all CAN interrupts
      and calls napi_schedule().
      
      Because napi_enable() isn't called until later in m_can_open(), the
      call to napi_schedule() never schedules the m_can_poll() callback and
      the device is left with interrupts disabled and can't receive any CAN
      packets until rebooted.
      
      This can be verified by running "cansend" from another device before
      setting the bitrate and calling "ip link set up can0" on the test
      device. Adding debug lines to m_can_isr() shows it's called with flags
      (IR_EP | IR_EW | IR_CRCE), which calls m_can_disable_all_interrupts()
      and napi_schedule(), and then m_can_poll() is never called.
      
      Move the call to napi_enable() above the call to m_can_start() to
      enable any initial interrupt flags to be handled by m_can_poll() so
      that interrupts are reenabled. Add a call to napi_disable() in the
      error handling section of m_can_open(), to handle the case where later
      functions return errors.
      
      Also, in m_can_close(), move the call to napi_disable() below the call
      to m_can_stop() to ensure all interrupts are handled when bringing
      down the device. This race condition is much less likely to occur.
      
      Tested on a Microchip SAMA7G54 MPU. The fix should be applicable to
      any SoC with a Bosch M_CAN controller.
      Signed-off-by: default avatarJake Hamby <Jake.Hamby@Teledyne.com>
      Fixes: e0d1f481 ("can: m_can: add Bosch M_CAN controller support")
      Link: https://patch.msgid.link/20240910-can-m_can-fix-ifup-v3-1-6c1720ba45ce@pengutronix.deSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      801ad2f8
    • Martin Jocic's avatar
      can: kvaser_pciefd: Enable 64-bit DMA addressing · d0fa0640
      Martin Jocic authored
      Enabling 64-bit addressing for DMA buffers will prevent issues
      on some memory constrained platforms like e.g. Raspberry Pi 5,
      where the driver won't load because it cannot allocate enough
      continuous memory in the default 32-bit memory address range.
      Signed-off-by: default avatarMartin Jocic <martin.jocic@kvaser.com>
      Link: https://patch.msgid.link/d7340f78e3db305bfeeb8229d2dd1c9077e10b92.1725875278.git.martin.jocic@kvaser.comSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      d0fa0640
    • Stefan Mätje's avatar
      can: esd_usb: Remove CAN_CTRLMODE_3_SAMPLES for CAN-USB/3-FD · 75b31895
      Stefan Mätje authored
      Remove the CAN_CTRLMODE_3_SAMPLES announcement for CAN-USB/3-FD devices
      because these devices don't support it.
      
      The hardware has a Microchip SAM E70 microcontroller that uses a Bosch
      MCAN IP core as CAN FD controller. But this MCAN core doesn't support
      triple sampling.
      
      Fixes: 80662d94 ("can: esd_usb: Add support for esd CAN-USB/3")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarStefan Mätje <stefan.maetje@esd.eu>
      Reviewed-by: default avatarVincent Mailhol <mailhol.vincent@wanadoo.fr>
      Link: https://patch.msgid.link/20240904222740.2985864-2-stefan.maetje@esd.euSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      75b31895
    • Kuniyuki Iwashima's avatar
      can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). · 94b0818f
      Kuniyuki Iwashima authored
      syzbot reported a warning in bcm_release(). [0]
      
      The blamed change fixed another warning that is triggered when
      connect() is issued again for a socket whose connect()ed device has
      been unregistered.
      
      However, if the socket is just close()d without the 2nd connect(), the
      remaining bo->bcm_proc_read triggers unnecessary remove_proc_entry()
      in bcm_release().
      
      Let's clear bo->bcm_proc_read after remove_proc_entry() in bcm_notify().
      
      [0]
      name '4986'
      WARNING: CPU: 0 PID: 5234 at fs/proc/generic.c:711 remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711
      Modules linked in:
      CPU: 0 UID: 0 PID: 5234 Comm: syz-executor606 Not tainted 6.11.0-rc5-syzkaller-00178-g5517ae24 #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
      RIP: 0010:remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711
      Code: ff eb 05 e8 cb 1e 5e ff 48 8b 5c 24 10 48 c7 c7 e0 f7 aa 8e e8 2a 38 8e 09 90 48 c7 c7 60 3a 1b 8c 48 89 de e8 da 42 20 ff 90 <0f> 0b 90 90 48 8b 44 24 18 48 c7 44 24 40 0e 36 e0 45 49 c7 04 07
      RSP: 0018:ffffc9000345fa20 EFLAGS: 00010246
      RAX: 2a2d0aee2eb64600 RBX: ffff888032f1f548 RCX: ffff888029431e00
      RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
      RBP: ffffc9000345fb08 R08: ffffffff8155b2f2 R09: 1ffff1101710519a
      R10: dffffc0000000000 R11: ffffed101710519b R12: ffff888011d38640
      R13: 0000000000000004 R14: 0000000000000000 R15: dffffc0000000000
      FS:  0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007fcfb52722f0 CR3: 000000000e734000 CR4: 00000000003506f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       <TASK>
       bcm_release+0x250/0x880 net/can/bcm.c:1578
       __sock_release net/socket.c:659 [inline]
       sock_close+0xbc/0x240 net/socket.c:1421
       __fput+0x24a/0x8a0 fs/file_table.c:422
       task_work_run+0x24f/0x310 kernel/task_work.c:228
       exit_task_work include/linux/task_work.h:40 [inline]
       do_exit+0xa2f/0x27f0 kernel/exit.c:882
       do_group_exit+0x207/0x2c0 kernel/exit.c:1031
       __do_sys_exit_group kernel/exit.c:1042 [inline]
       __se_sys_exit_group kernel/exit.c:1040 [inline]
       __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040
       x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      RIP: 0033:0x7fcfb51ee969
      Code: Unable to access opcode bytes at 0x7fcfb51ee93f.
      RSP: 002b:00007ffce0109ca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
      RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcfb51ee969
      RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
      RBP: 00007fcfb526f3b0 R08: ffffffffffffffb8 R09: 0000555500000000
      R10: 0000555500000000 R11: 0000000000000246 R12: 00007fcfb526f3b0
      R13: 0000000000000000 R14: 00007fcfb5271ee0 R15: 00007fcfb51bf160
       </TASK>
      
      Fixes: 76fe372c ("can: bcm: Remove proc entry when dev is unregistered.")
      Reported-by: syzbot+0532ac7a06fb1a03187e@syzkaller.appspotmail.com
      Closes: https://syzkaller.appspot.com/bug?extid=0532ac7a06fb1a03187e
      Tested-by: syzbot+0532ac7a06fb1a03187e@syzkaller.appspotmail.com
      Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Reviewed-by: default avatarVincent Mailhol <mailhol.vincent@wanadoo.fr>
      Link: https://patch.msgid.link/20240905012237.79683-1-kuniyu@amazon.comSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      94b0818f
    • Willem de Bruijn's avatar
      net: tighten bad gso csum offset check in virtio_net_hdr · 6513eb3d
      Willem de Bruijn authored
      The referenced commit drops bad input, but has false positives.
      Tighten the check to avoid these.
      
      The check detects illegal checksum offload requests, which produce
      csum_start/csum_off beyond end of packet after segmentation.
      
      But it is based on two incorrect assumptions:
      
      1. virtio_net_hdr_to_skb with VIRTIO_NET_HDR_GSO_TCP[46] implies GSO.
      True in callers that inject into the tx path, such as tap.
      But false in callers that inject into rx, like virtio-net.
      Here, the flags indicate GRO, and CHECKSUM_UNNECESSARY or
      CHECKSUM_NONE without VIRTIO_NET_HDR_F_NEEDS_CSUM is normal.
      
      2. TSO requires checksum offload, i.e., ip_summed == CHECKSUM_PARTIAL.
      False, as tcp[46]_gso_segment will fix up csum_start and offset for
      all other ip_summed by calling __tcp_v4_send_check.
      
      Because of 2, we can limit the scope of the fix to virtio_net_hdr
      that do try to set these fields, with a bogus value.
      
      Link: https://lore.kernel.org/netdev/20240909094527.GA3048202@port70.net/
      Fixes: 89add400 ("net: drop bad gso csum_start and offset in virtio_net_hdr")
      Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Cc: stable@vger.kernel.org
      Link: https://patch.msgid.link/20240910213553.839926-1-willemdebruijn.kernel@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      6513eb3d
    • Asbjørn Sloth Tønnesen's avatar
      netlink: specs: mptcp: fix port endianness · 09a45a55
      Asbjørn Sloth Tønnesen authored
      The MPTCP port attribute is in host endianness, but was documented
      as big-endian in the ynl specification.
      
      Below are two examples from net/mptcp/pm_netlink.c showing that the
      attribute is converted to/from host endianness for use with netlink.
      
      Import from netlink:
        addr->port = htons(nla_get_u16(tb[MPTCP_PM_ADDR_ATTR_PORT]))
      
      Export to netlink:
        nla_put_u16(skb, MPTCP_PM_ADDR_ATTR_PORT, ntohs(addr->port))
      
      Where addr->port is defined as __be16.
      
      No functional change intended.
      
      Fixes: bc8aeb20 ("Documentation: netlink: add a YAML spec for mptcp")
      Signed-off-by: default avatarAsbjørn Sloth Tønnesen <ast@fiberby.net>
      Reviewed-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Reviewed-by: default avatarMatthieu Baerts (NGI0) <matttbe@kernel.org>
      Link: https://patch.msgid.link/20240911091003.1112179-1-ast@fiberby.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      09a45a55
  4. 11 Sep, 2024 16 commits