1. 09 Dec, 2021 20 commits
    • M Chetan Kumar's avatar
      net: wwan: iosm: fixes unnecessary doorbell send · 373f121a
      M Chetan Kumar authored
      In TX packet accumulation flow transport layer is
      giving a doorbell to device even though there is
      no pending control TX transfer that needs immediate
      attention.
      
      Introduced a new hpda_ctrl_pending variable to keep
      track of pending control TX transfer. If there is a
      pending control TX transfer which needs an immediate
      attention only then give a doorbell to device.
      Signed-off-by: default avatarM Chetan Kumar <m.chetan.kumar@linux.intel.com>
      Reviewed-by: default avatarSergey Ryazanov <ryazanov.s.a@gmail.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      373f121a
    • José Expósito's avatar
      net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering · e8b1d769
      José Expósito authored
      Avoid a memory leak if there is not a CPU port defined.
      
      Fixes: 8d5f7954 ("net: dsa: felix: break at first CPU port during init and teardown")
      Addresses-Coverity-ID: 1492897 ("Resource leak")
      Addresses-Coverity-ID: 1492899 ("Resource leak")
      Signed-off-by: default avatarJosé Expósito <jose.exposito89@gmail.com>
      Reviewed-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Link: https://lore.kernel.org/r/20211209110538.11585-1-jose.exposito89@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      e8b1d769
    • Julian Wiedmann's avatar
      MAINTAINERS: s390/net: remove myself as maintainer · 37ad4e2a
      Julian Wiedmann authored
      I won't have access to the relevant HW and docs much longer.
      Signed-off-by: default avatarJulian Wiedmann <jwi@linux.ibm.com>
      Link: https://lore.kernel.org/r/20211209153546.1152921-1-jwi@linux.ibm.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      37ad4e2a
    • Eric Dumazet's avatar
      net/sched: fq_pie: prevent dismantle issue · 61c24026
      Eric Dumazet authored
      For some reason, fq_pie_destroy() did not copy
      working code from pie_destroy() and other qdiscs,
      thus causing elusive bug.
      
      Before calling del_timer_sync(&q->adapt_timer),
      we need to ensure timer will not rearm itself.
      
      rcu: INFO: rcu_preempt self-detected stall on CPU
      rcu:    0-....: (4416 ticks this GP) idle=60d/1/0x4000000000000000 softirq=10433/10434 fqs=2579
              (t=10501 jiffies g=13085 q=3989)
      NMI backtrace for cpu 0
      CPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 5.16.0-rc4-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       <IRQ>
       __dump_stack lib/dump_stack.c:88 [inline]
       dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
       nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
       nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
       trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
       rcu_dump_cpu_stacks+0x25e/0x3f0 kernel/rcu/tree_stall.h:343
       print_cpu_stall kernel/rcu/tree_stall.h:627 [inline]
       check_cpu_stall kernel/rcu/tree_stall.h:711 [inline]
       rcu_pending kernel/rcu/tree.c:3878 [inline]
       rcu_sched_clock_irq.cold+0x9d/0x746 kernel/rcu/tree.c:2597
       update_process_times+0x16d/0x200 kernel/time/timer.c:1785
       tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226
       tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1428
       __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
       __hrtimer_run_queues+0x1c0/0xe50 kernel/time/hrtimer.c:1749
       hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811
       local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]
       __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1103
       sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1097
       </IRQ>
       <TASK>
       asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
      RIP: 0010:write_comp_data kernel/kcov.c:221 [inline]
      RIP: 0010:__sanitizer_cov_trace_const_cmp1+0x1d/0x80 kernel/kcov.c:273
      Code: 54 c8 20 48 89 10 c3 66 0f 1f 44 00 00 53 41 89 fb 41 89 f1 bf 03 00 00 00 65 48 8b 0c 25 40 70 02 00 48 89 ce 4c 8b 54 24 08 <e8> 4e f7 ff ff 84 c0 74 51 48 8b 81 88 15 00 00 44 8b 81 84 15 00
      RSP: 0018:ffffc90000d27b28 EFLAGS: 00000246
      RAX: 0000000000000000 RBX: ffff888064bf1bf0 RCX: ffff888011928000
      RDX: ffff888011928000 RSI: ffff888011928000 RDI: 0000000000000003
      RBP: ffff888064bf1c28 R08: 0000000000000000 R09: 0000000000000000
      R10: ffffffff875d8295 R11: 0000000000000000 R12: 0000000000000000
      R13: ffff8880783dd300 R14: 0000000000000000 R15: 0000000000000000
       pie_calculate_probability+0x405/0x7c0 net/sched/sch_pie.c:418
       fq_pie_timer+0x170/0x2a0 net/sched/sch_fq_pie.c:383
       call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
       expire_timers kernel/time/timer.c:1466 [inline]
       __run_timers.part.0+0x675/0xa20 kernel/time/timer.c:1734
       __run_timers kernel/time/timer.c:1715 [inline]
       run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747
       __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
       run_ksoftirqd kernel/softirq.c:921 [inline]
       run_ksoftirqd+0x2d/0x60 kernel/softirq.c:913
       smpboot_thread_fn+0x645/0x9c0 kernel/smpboot.c:164
       kthread+0x405/0x4f0 kernel/kthread.c:327
       ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
       </TASK>
      
      Fixes: ec97ecf1 ("net: sched: add Flow Queue PIE packet scheduler")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Cc: Mohit P. Tahiliani <tahiliani@nitk.edu.in>
      Cc: Sachin D. Patil <sdp.sachin@gmail.com>
      Cc: V. Saicharan <vsaicharan1998@gmail.com>
      Cc: Mohit Bhasi <mohitbhasi1998@gmail.com>
      Cc: Leslie Monis <lesliemonis@gmail.com>
      Cc: Gautam Ramakrishnan <gautamramk@gmail.com>
      Link: https://lore.kernel.org/r/20211209084937.3500020-1-eric.dumazet@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      61c24026
    • José Expósito's avatar
      net: mana: Fix memory leak in mana_hwc_create_wq · 9acfc57f
      José Expósito authored
      If allocating the DMA buffer fails, mana_hwc_destroy_wq was called
      without previously storing the pointer to the queue.
      
      In order to avoid leaking the pointer to the queue, store it as soon as
      it is allocated.
      
      Addresses-Coverity-ID: 1484720 ("Resource leak")
      Signed-off-by: default avatarJosé Expósito <jose.exposito89@gmail.com>
      Reviewed-by: default avatarDexuan Cui <decui@microsoft.com>
      Link: https://lore.kernel.org/r/20211208223723.18520-1-jose.exposito89@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      9acfc57f
    • Andrea Mayer's avatar
      seg6: fix the iif in the IPv6 socket control block · ae68d933
      Andrea Mayer authored
      When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving
      interface index into the IPv4 socket control block (v5.16-rc4,
      net/ipv4/ip_input.c line 510):
      
          IPCB(skb)->iif = skb->skb_iif;
      
      If that IPv4 packet is meant to be encapsulated in an outer IPv6+SRH
      header, the seg6_do_srh_encap(...) performs the required encapsulation.
      In this case, the seg6_do_srh_encap function clears the IPv6 socket control
      block (v5.16-rc4 net/ipv6/seg6_iptunnel.c line 163):
      
          memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
      
      The memset(...) was introduced in commit ef489749 ("ipv6: sr: clear
      IP6CB(skb) on SRH ip4ip6 encapsulation") a long time ago (2019-01-29).
      
      Since the IPv6 socket control block and the IPv4 socket control block share
      the same memory area (skb->cb), the receiving interface index info is lost
      (IP6CB(skb)->iif is set to zero).
      
      As a side effect, that condition triggers a NULL pointer dereference if
      commit 0857d6f8 ("ipv6: When forwarding count rx stats on the orig
      netdev") is applied.
      
      To fix that issue, we set the IP6CB(skb)->iif with the index of the
      receiving interface once again.
      
      Fixes: ef489749 ("ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation")
      Signed-off-by: default avatarAndrea Mayer <andrea.mayer@uniroma2.it>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Link: https://lore.kernel.org/r/20211208195409.12169-1-andrea.mayer@uniroma2.itSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      ae68d933
    • Jianglei Nie's avatar
      nfp: Fix memory leak in nfp_cpp_area_cache_add() · c56c9630
      Jianglei Nie authored
      In line 800 (#1), nfp_cpp_area_alloc() allocates and initializes a
      CPP area structure. But in line 807 (#2), when the cache is allocated
      failed, this CPP area structure is not freed, which will result in
      memory leak.
      
      We can fix it by freeing the CPP area when the cache is allocated
      failed (#2).
      
      792 int nfp_cpp_area_cache_add(struct nfp_cpp *cpp, size_t size)
      793 {
      794 	struct nfp_cpp_area_cache *cache;
      795 	struct nfp_cpp_area *area;
      
      800	area = nfp_cpp_area_alloc(cpp, NFP_CPP_ID(7, NFP_CPP_ACTION_RW, 0),
      801 				  0, size);
      	// #1: allocates and initializes
      
      802 	if (!area)
      803 		return -ENOMEM;
      
      805 	cache = kzalloc(sizeof(*cache), GFP_KERNEL);
      806 	if (!cache)
      807 		return -ENOMEM; // #2: missing free
      
      817	return 0;
      818 }
      
      Fixes: 4cb584e0 ("nfp: add CPP access core")
      Signed-off-by: default avatarJianglei Nie <niejianglei2021@163.com>
      Acked-by: default avatarSimon Horman <simon.horman@corigine.com>
      Link: https://lore.kernel.org/r/20211209061511.122535-1-niejianglei2021@163.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      c56c9630
    • Krzysztof Kozlowski's avatar
      nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done · 4cd8371a
      Krzysztof Kozlowski authored
      The done() netlink callback nfc_genl_dump_ses_done() should check if
      received argument is non-NULL, because its allocation could fail earlier
      in dumpit() (nfc_genl_dump_ses()).
      
      Fixes: ac22ac46 ("NFC: Add a GET_SE netlink API")
      Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
      Link: https://lore.kernel.org/r/20211209081307.57337-1-krzysztof.kozlowski@canonical.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      4cd8371a
    • Tadeusz Struk's avatar
      nfc: fix segfault in nfc_genl_dump_devices_done · fd79a0cb
      Tadeusz Struk authored
      When kmalloc in nfc_genl_dump_devices() fails then
      nfc_genl_dump_devices_done() segfaults as below
      
      KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
      CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65-dirty #5
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014
      Workqueue: events netlink_sock_destruct_work
      RIP: 0010:klist_iter_exit+0x26/0x80
      Call Trace:
      <TASK>
      class_dev_iter_exit+0x15/0x20
      nfc_genl_dump_devices_done+0x3b/0x50
      genl_lock_done+0x84/0xd0
      netlink_sock_destruct+0x8f/0x270
      __sk_destruct+0x64/0x3b0
      sk_destruct+0xa8/0xd0
      __sk_free+0x2e8/0x3d0
      sk_free+0x51/0x90
      netlink_sock_destruct_work+0x1c/0x20
      process_one_work+0x411/0x710
      worker_thread+0x6fd/0xa80
      
      Link: https://syzkaller.appspot.com/bug?id=fc0fa5a53db9edd261d56e74325419faf18bd0df
      Reported-by: syzbot+f9f76f4a0766420b4a02@syzkaller.appspotmail.com
      Signed-off-by: default avatarTadeusz Struk <tadeusz.struk@linaro.org>
      Reviewed-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
      Link: https://lore.kernel.org/r/20211208182742.340542-1-tadeusz.struk@linaro.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      fd79a0cb
    • Jianguo Wu's avatar
      udp: using datalen to cap max gso segments · 158390e4
      Jianguo Wu authored
      The max number of UDP gso segments is intended to cap to UDP_MAX_SEGMENTS,
      this is checked in udp_send_skb():
      
          if (skb->len > cork->gso_size * UDP_MAX_SEGMENTS) {
              kfree_skb(skb);
              return -EINVAL;
          }
      
      skb->len contains network and transport header len here, we should use
      only data len instead.
      
      Fixes: bec1f6f6 ("udp: generate gso with UDP_SEGMENT")
      Signed-off-by: default avatarJianguo Wu <wujianguo@chinatelecom.cn>
      Reviewed-by: default avatarWillem de Bruijn <willemb@google.com>
      Link: https://lore.kernel.org/r/900742e5-81fb-30dc-6e0b-375c6cdd7982@163.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      158390e4
    • Ameer Hamza's avatar
      net: dsa: mv88e6xxx: error handling for serdes_power functions · 0416e7af
      Ameer Hamza authored
      Added default case to handle undefined cmode scenario in
      mv88e6393x_serdes_power() and mv88e6393x_serdes_power() methods.
      
      Addresses-Coverity: 1494644 ("Uninitialized scalar variable")
      Fixes: 21635d92 (net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X)
      Reviewed-by: default avatarMarek Behún <kabel@kernel.org>
      Signed-off-by: default avatarAmeer Hamza <amhamza.mgc@gmail.com>
      Link: https://lore.kernel.org/r/20211209041552.9810-1-amhamza.mgc@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      0416e7af
    • Jakub Kicinski's avatar
      Merge tag 'linux-can-fixes-for-5.16-20211209' of... · 8d6b32aa
      Jakub Kicinski authored
      Merge tag 'linux-can-fixes-for-5.16-20211209' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      can 2021-12-09
      
      Both patches are by Jimmy Assarsson. The first one fixes the
      incrementing of the rx/tx error counters in the Kvaser PCIe FD driver.
      The second one fixes the Kvaser USB driver by using the CAN clock
      frequency provided by the device instead of using a hard coded value.
      
      * tag 'linux-can-fixes-for-5.16-20211209' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can:
        can: kvaser_usb: get CAN clock frequency from device
        can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter
      ====================
      
      Link: https://lore.kernel.org/r/20211209081312.301036-1-mkl@pengutronix.deSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      8d6b32aa
    • Jimmy Assarsson's avatar
      can: kvaser_usb: get CAN clock frequency from device · fb12797a
      Jimmy Assarsson authored
      The CAN clock frequency is used when calculating the CAN bittiming
      parameters. When wrong clock frequency is used, the device may end up
      with wrong bittiming parameters, depending on user requested bittiming
      parameters.
      
      To avoid this, get the CAN clock frequency from the device. Various
      existing Kvaser Leaf products use different CAN clocks.
      
      Fixes: 080f40a6 ("can: kvaser_usb: Add support for Kvaser CAN/USB devices")
      Link: https://lore.kernel.org/all/20211208152122.250852-2-extja@kvaser.com
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJimmy Assarsson <extja@kvaser.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      fb12797a
    • Jimmy Assarsson's avatar
      can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter · 36aea60f
      Jimmy Assarsson authored
      Check the direction bit in the error frame packet (EPACK) to determine
      which net_device_stats {rx,tx}_errors counter to increase.
      
      Fixes: 26ad340e ("can: kvaser_pciefd: Add driver for Kvaser PCIEcan devices")
      Link: https://lore.kernel.org/all/20211208152122.250852-1-extja@kvaser.com
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJimmy Assarsson <extja@kvaser.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      36aea60f
    • Louis Amas's avatar
      net: mvpp2: fix XDP rx queues registering · a50e659b
      Louis Amas authored
      The registration of XDP queue information is incorrect because the
      RX queue id we use is invalid. When port->id == 0 it appears to works
      as expected yet it's no longer the case when port->id != 0.
      
      The problem arised while using a recent kernel version on the
      MACCHIATOBin. This board has several ports:
       * eth0 and eth1 are 10Gbps interfaces ; both ports has port->id == 0;
       * eth2 is a 1Gbps interface with port->id != 0.
      
      Code from xdp-tutorial (more specifically advanced03-AF_XDP) was used
      to test packet capture and injection on all these interfaces. The XDP
      kernel was simplified to:
      
      	SEC("xdp_sock")
      	int xdp_sock_prog(struct xdp_md *ctx)
      	{
      		int index = ctx->rx_queue_index;
      
      		/* A set entry here means that the correspnding queue_id
      		* has an active AF_XDP socket bound to it. */
      		if (bpf_map_lookup_elem(&xsks_map, &index))
      			return bpf_redirect_map(&xsks_map, index, 0);
      
      		return XDP_PASS;
      	}
      
      Starting the program using:
      
      	./af_xdp_user -d DEV
      
      Gives the following result:
      
       * eth0 : ok
       * eth1 : ok
       * eth2 : no capture, no injection
      
      Investigating the issue shows that XDP rx queues for eth2 are wrong:
      XDP expects their id to be in the range [0..3] but we found them to be
      in the range [32..35].
      
      Trying to force rx queue ids using:
      
      	./af_xdp_user -d eth2 -Q 32
      
      fails as expected (we shall not have more than 4 queues).
      
      When we register the XDP rx queue information (using
      xdp_rxq_info_reg() in function mvpp2_rxq_init()) we tell it to use
      rxq->id as the queue id. This value is computed as:
      
      	rxq->id = port->id * max_rxq_count + queue_id
      
      where max_rxq_count depends on the device version. In the MACCHIATOBin
      case, this value is 32, meaning that rx queues on eth2 are numbered
      from 32 to 35 - there are four of them.
      
      Clearly, this is not the per-port queue id that XDP is expecting:
      it wants a value in the range [0..3]. It shall directly use queue_id
      which is stored in rxq->logic_rxq -- so let's use that value instead.
      
      rxq->id is left untouched ; its value is indeed valid but it should
      not be used in this context.
      
      This is consistent with the remaining part of the code in
      mvpp2_rxq_init().
      
      With this change, packet capture is working as expected on all the
      MACCHIATOBin ports.
      
      Fixes: b27db227 ("mvpp2: use page_pool allocator")
      Signed-off-by: default avatarLouis Amas <louis.amas@eho.link>
      Signed-off-by: default avatarEmmanuel Deloget <emmanuel.deloget@eho.link>
      Reviewed-by: default avatarMarcin Wojtas <mw@semihalf.com>
      Acked-by: default avatarJohn Fastabend <john.fastabend@gmail.com>
      Acked-by: default avatarJesper Dangaard Brouer <brouer@redhat.com>
      Link: https://lore.kernel.org/r/20211207143423.916334-1-louis.amas@eho.linkSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      a50e659b
    • Ronak Doshi's avatar
      vmxnet3: fix minimum vectors alloc issue · f71ef02f
      Ronak Doshi authored
      'Commit 39f9895a ("vmxnet3: add support for 32 Tx/Rx queues")'
      added support for 32Tx/Rx queues. Within that patch, value of
      VMXNET3_LINUX_MIN_MSIX_VECT was updated.
      
      However, there is a case (numvcpus = 2) which actually requires 3
      intrs which matches VMXNET3_LINUX_MIN_MSIX_VECT which then is
      treated as failure by stack to allocate more vectors. This patch
      fixes this issue.
      
      Fixes: 39f9895a ("vmxnet3: add support for 32 Tx/Rx queues")
      Signed-off-by: default avatarRonak Doshi <doshir@vmware.com>
      Acked-by: default avatarGuolin Yang <gyang@vmware.com>
      Link: https://lore.kernel.org/r/20211207081737.14000-1-doshir@vmware.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      f71ef02f
    • Eric Dumazet's avatar
      net, neigh: clear whole pneigh_entry at alloc time · e195e9b5
      Eric Dumazet authored
      Commit 2c611ad9 ("net, neigh: Extend neigh->flags to 32 bit
      to allow for extensions") enables a new KMSAM warning [1]
      
      I think the bug is actually older, because the following intruction
      only occurred if ndm->ndm_flags had NTF_PROXY set.
      
      	pn->flags = ndm->ndm_flags;
      
      Let's clear all pneigh_entry fields at alloc time.
      
      [1]
      BUG: KMSAN: uninit-value in pneigh_fill_info+0x986/0xb30 net/core/neighbour.c:2593
       pneigh_fill_info+0x986/0xb30 net/core/neighbour.c:2593
       pneigh_dump_table net/core/neighbour.c:2715 [inline]
       neigh_dump_info+0x1e3f/0x2c60 net/core/neighbour.c:2832
       netlink_dump+0xaca/0x16a0 net/netlink/af_netlink.c:2265
       __netlink_dump_start+0xd1c/0xee0 net/netlink/af_netlink.c:2370
       netlink_dump_start include/linux/netlink.h:254 [inline]
       rtnetlink_rcv_msg+0x181b/0x18c0 net/core/rtnetlink.c:5534
       netlink_rcv_skb+0x447/0x800 net/netlink/af_netlink.c:2491
       rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:5589
       netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
       netlink_unicast+0x1095/0x1360 net/netlink/af_netlink.c:1345
       netlink_sendmsg+0x16f3/0x1870 net/netlink/af_netlink.c:1916
       sock_sendmsg_nosec net/socket.c:704 [inline]
       sock_sendmsg net/socket.c:724 [inline]
       sock_write_iter+0x594/0x690 net/socket.c:1057
       call_write_iter include/linux/fs.h:2162 [inline]
       new_sync_write fs/read_write.c:503 [inline]
       vfs_write+0x1318/0x2030 fs/read_write.c:590
       ksys_write+0x28c/0x520 fs/read_write.c:643
       __do_sys_write fs/read_write.c:655 [inline]
       __se_sys_write fs/read_write.c:652 [inline]
       __x64_sys_write+0xdb/0x120 fs/read_write.c:652
       do_syscall_x64 arch/x86/entry/common.c:51 [inline]
       do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
       entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      Uninit was created at:
       slab_post_alloc_hook mm/slab.h:524 [inline]
       slab_alloc_node mm/slub.c:3251 [inline]
       slab_alloc mm/slub.c:3259 [inline]
       __kmalloc+0xc3c/0x12d0 mm/slub.c:4437
       kmalloc include/linux/slab.h:595 [inline]
       pneigh_lookup+0x60f/0xd70 net/core/neighbour.c:766
       arp_req_set_public net/ipv4/arp.c:1016 [inline]
       arp_req_set+0x430/0x10a0 net/ipv4/arp.c:1032
       arp_ioctl+0x8d4/0xb60 net/ipv4/arp.c:1232
       inet_ioctl+0x4ef/0x820 net/ipv4/af_inet.c:947
       sock_do_ioctl net/socket.c:1118 [inline]
       sock_ioctl+0xa3f/0x13e0 net/socket.c:1235
       vfs_ioctl fs/ioctl.c:51 [inline]
       __do_sys_ioctl fs/ioctl.c:874 [inline]
       __se_sys_ioctl+0x2df/0x4a0 fs/ioctl.c:860
       __x64_sys_ioctl+0xd8/0x110 fs/ioctl.c:860
       do_syscall_x64 arch/x86/entry/common.c:51 [inline]
       do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82
       entry_SYSCALL_64_after_hwframe+0x44/0xae
      
      CPU: 1 PID: 20001 Comm: syz-executor.0 Not tainted 5.16.0-rc3-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      
      Fixes: 62dd9318 ("[IPV6] NDISC: Set per-entry is_router flag in Proxy NA.")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Roopa Prabhu <roopa@nvidia.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Link: https://lore.kernel.org/r/20211206165329.1049835-1-eric.dumazet@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      e195e9b5
    • Jakub Kicinski's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · fd31cb0c
      Jakub Kicinski authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      1) Fix bogus compilter warning in nfnetlink_queue, from Florian Westphal.
      
      2) Don't run conntrack on vrf with !dflt qdisc, from Nicolas Dichtel.
      
      3) Fix nft_pipapo bucket load in AVX2 lookup routine for six 8-bit
         groups, from Stefano Brivio.
      
      4) Break rule evaluation on malformed TCP options.
      
      5) Use socat instead of nc in selftests/netfilter/nft_zones_many.sh,
         also from Florian
      
      6) Fix KCSAN data-race in conntrack timeout updates, from Eric Dumazet.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf:
        netfilter: conntrack: annotate data-races around ct->timeout
        selftests: netfilter: switch zone stress to socat
        netfilter: nft_exthdr: break evaluation if setting TCP option fails
        selftests: netfilter: Add correctness test for mac,net set type
        nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups
        vrf: don't run conntrack on vrf with !dflt qdisc
        netfilter: nfnetlink_queue: silence bogus compiler warning
      ====================
      
      Link: https://lore.kernel.org/r/20211209000847.102598-1-pablo@netfilter.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      fd31cb0c
    • Jakub Kicinski's avatar
      Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue · b5b6b6ba
      Jakub Kicinski authored
      Tony Nguyen says:
      
      ====================
      Intel Wired LAN Driver Updates 2021-12-08
      
      Yahui adds re-initialization of Flow Director for VF reset.
      
      Paul restores interrupts when enabling VFs.
      
      Dave re-adds bandwidth check for DCBNL and moves DSCP mode check
      earlier in the function.
      
      Jesse prevents reporting of dropped packets that occur during
      initialization and fixes reporting of statistics which could occur with
      frequent reads.
      
      Michal corrects setting of protocol type for UDP header and fixes lack
      of differentiation when adding filters for tunnels.
      
      * '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue:
        ice: safer stats processing
        ice: fix adding different tunnels
        ice: fix choosing UDP header type
        ice: ignore dropped packets during init
        ice: Fix problems with DSCP QoS implementation
        ice: rearm other interrupt cause register after enabling VFs
        ice: fix FDIR init missing when reset VF
      ====================
      
      Link: https://lore.kernel.org/r/20211208211144.2629867-1-anthony.l.nguyen@intel.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      b5b6b6ba
    • Jakub Kicinski's avatar
      Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 6efcdadc
      Jakub Kicinski authored
      Daniel Borkmann says:
      
      ====================
      bpf 2021-12-08
      
      We've added 12 non-merge commits during the last 22 day(s) which contain
      a total of 29 files changed, 659 insertions(+), 80 deletions(-).
      
      The main changes are:
      
      1) Fix an off-by-two error in packet range markings and also add a batch of
         new tests for coverage of these corner cases, from Maxim Mikityanskiy.
      
      2) Fix a compilation issue on MIPS JIT for R10000 CPUs, from Johan Almbladh.
      
      3) Fix two functional regressions and a build warning related to BTF kfunc
         for modules, from Kumar Kartikeya Dwivedi.
      
      4) Fix outdated code and docs regarding BPF's migrate_disable() use on non-
         PREEMPT_RT kernels, from Sebastian Andrzej Siewior.
      
      5) Add missing includes in order to be able to detangle cgroup vs bpf header
         dependencies, from Jakub Kicinski.
      
      6) Fix regression in BPF sockmap tests caused by missing detachment of progs
         from sockets when they are removed from the map, from John Fastabend.
      
      7) Fix a missing "no previous prototype" warning in x86 JIT caused by BPF
         dispatcher, from Björn Töpel.
      
      * https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
        bpf: Add selftests to cover packet access corner cases
        bpf: Fix the off-by-two error in range markings
        treewide: Add missing includes masked by cgroup -> bpf dependency
        tools/resolve_btfids: Skip unresolved symbol warning for empty BTF sets
        bpf: Fix bpf_check_mod_kfunc_call for built-in modules
        bpf: Make CONFIG_DEBUG_INFO_BTF depend upon CONFIG_BPF_SYSCALL
        mips, bpf: Fix reference to non-existing Kconfig symbol
        bpf: Make sure bpf_disable_instrumentation() is safe vs preemption.
        Documentation/locking/locktypes: Update migrate_disable() bits.
        bpf, sockmap: Re-evaluate proto ops when psock is removed from sockmap
        bpf, sockmap: Attach map progs to psock early for feature probes
        bpf, x86: Fix "no previous prototype" warning
      ====================
      
      Link: https://lore.kernel.org/r/20211208155125.11826-1-daniel@iogearbox.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      6efcdadc
  2. 08 Dec, 2021 19 commits
  3. 07 Dec, 2021 1 commit