1. 27 May, 2021 7 commits
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 3c856a31
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
      
       - Don't use contiguous or block mappings for the linear map when KFENCE
         is enabled.
      
       - Fix link in the arch_counter_enforce_ordering() comment.
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: mm: don't use CON and BLK mapping if KFENCE is enabled
        arm64: Fix stale link in the arch_counter_enforce_ordering() comment
      3c856a31
    • Linus Torvalds's avatar
      Merge tag 'for-5.13/dm-fixes-2' of... · 38747c9a
      Linus Torvalds authored
      Merge tag 'for-5.13/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - Fix DM verity target's 'require_signatures' module_param permissions.
      
       - Revert DM snapshot fix from v5.13-rc3 and then properly fix crash
         when an origin has no snapshots. This allows only the proper fix to
         go to stable@ (since the original fix was successfully dropped).
      
      * tag 'for-5.13/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm snapshot: properly fix a crash when an origin has no snapshots
        dm snapshot: revert "fix a crash when an origin has no snapshots"
        dm verity: fix require_signatures module_param permissions
      38747c9a
    • Linus Torvalds's avatar
      Merge tag 'acpi-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 3224374f
      Linus Torvalds authored
      Pull ACPI fix from Rafael Wysocki:
       "Fix a recent ACPI power management regression causing boot issues to
        occur on some systems due to attempts to turn off ACPI power resources
        that are already off (which should work according to the ACPI
        specification)"
      
      * tag 'acpi-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: power: Refine turning off unused power resources
      3224374f
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-v5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 96c132f8
      Linus Torvalds authored
      Pull iommu fixes from Joerg Roedel:
      
       - Important fix for the AMD IOMMU driver in the recently added
         page-specific invalidation code to fix a calculation.
      
       - Fix a NULL-ptr dereference in the AMD IOMMU driver when a device
         switches domain types.
      
       - Fixes for the Intel VT-d driver to check for allocation failure and
         do correct cleanup.
      
       - Another fix for Intel VT-d to not allow supervisor page requests from
         devices when using second level page translation.
      
       - Add a MODULE_DEVICE_TABLE to the VIRTIO IOMMU driver
      
      * tag 'iommu-fixes-v5.13-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/vt-d: Fix sysfs leak in alloc_iommu()
        iommu/vt-d: Use user privilege for RID2PASID translation
        iommu/vt-d: Check for allocation failure in aux_detach_device()
        iommu/virtio: Add missing MODULE_DEVICE_TABLE
        iommu/amd: Fix wrong parentheses on page-specific invalidations
        iommu/amd: Clear DMA ops when switching domain
      96c132f8
    • David Howells's avatar
      afs: Fix the nlink handling of dir-over-dir rename · f610a5a2
      David Howells authored
      Fix rename of one directory over another such that the nlink on the deleted
      directory is cleared to 0 rather than being decremented to 1.
      
      This was causing the generic/035 xfstest to fail.
      
      Fixes: e49c7b2f ("afs: Build an abstraction around an "operation" concept")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarMarc Dionne <marc.dionne@auristor.com>
      cc: linux-afs@lists.infradead.org
      Link: https://lore.kernel.org/r/162194384460.3999479.7605572278074191079.stgit@warthog.procyon.org.uk/ # v1
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f610a5a2
    • Rolf Eike Beer's avatar
      iommu/vt-d: Fix sysfs leak in alloc_iommu() · 0ee74d5a
      Rolf Eike Beer authored
      iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent
      errors.
      
      Fixes: 39ab9555 ("iommu: Add sysfs bindings for struct iommu_device")
      Cc: stable@vger.kernel.org # 4.11.x
      Signed-off-by: default avatarRolf Eike Beer <eb@emlix.com>
      Acked-by: default avatarLu Baolu <baolu.lu@linux.intel.com>
      Link: https://lore.kernel.org/r/17411490.HIIP88n32C@mobilepool36.emlix.com
      Link: https://lore.kernel.org/r/20210525070802.361755-2-baolu.lu@linux.intel.comSigned-off-by: default avatarJoerg Roedel <jroedel@suse.de>
      0ee74d5a
    • Linus Torvalds's avatar
      Merge tag 'net-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · d7c5303f
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Networking fixes for 5.13-rc4, including fixes from bpf, netfilter,
        can and wireless trees. Notably including fixes for the recently
        announced "FragAttacks" WiFi vulnerabilities. Rather large batch,
        touching some core parts of the stack, too, but nothing hair-raising.
      
        Current release - regressions:
      
         - tipc: make node link identity publish thread safe
      
         - dsa: felix: re-enable TAS guard band mode
      
         - stmmac: correct clocks enabled in stmmac_vlan_rx_kill_vid()
      
         - stmmac: fix system hang if change mac address after interface
           ifdown
      
        Current release - new code bugs:
      
         - mptcp: avoid OOB access in setsockopt()
      
         - bpf: Fix nested bpf_bprintf_prepare with more per-cpu buffers
      
         - ethtool: stats: fix a copy-paste error - init correct array size
      
        Previous releases - regressions:
      
         - sched: fix packet stuck problem for lockless qdisc
      
         - net: really orphan skbs tied to closing sk
      
         - mlx4: fix EEPROM dump support
      
         - bpf: fix alu32 const subreg bound tracking on bitwise operations
      
         - bpf: fix mask direction swap upon off reg sign change
      
         - bpf, offload: reorder offload callback 'prepare' in verifier
      
         - stmmac: Fix MAC WoL not working if PHY does not support WoL
      
         - packetmmap: fix only tx timestamp on request
      
         - tipc: skb_linearize the head skb when reassembling msgs
      
        Previous releases - always broken:
      
         - mac80211: address recent "FragAttacks" vulnerabilities
      
         - mac80211: do not accept/forward invalid EAPOL frames
      
         - mptcp: avoid potential error message floods
      
         - bpf, ringbuf: deny reserve of buffers larger than ringbuf to
           prevent out of buffer writes
      
         - bpf: forbid trampoline attach for functions with variable arguments
      
         - bpf: add deny list of functions to prevent inf recursion of tracing
           programs
      
         - tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT
      
         - can: isotp: prevent race between isotp_bind() and
           isotp_setsockopt()
      
         - netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check,
           fallback to non-AVX2 version
      
        Misc:
      
         - bpf: add kconfig knob for disabling unpriv bpf by default"
      
      * tag 'net-5.13-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (172 commits)
        net: phy: Document phydev::dev_flags bits allocation
        mptcp: validate 'id' when stopping the ADD_ADDR retransmit timer
        mptcp: avoid error message on infinite mapping
        mptcp: drop unconditional pr_warn on bad opt
        mptcp: avoid OOB access in setsockopt()
        nfp: update maintainer and mailing list addresses
        net: mvpp2: add buffer header handling in RX
        bnx2x: Fix missing error code in bnx2x_iov_init_one()
        net: zero-initialize tc skb extension on allocation
        net: hns: Fix kernel-doc
        sctp: fix the proc_handler for sysctl encap_port
        sctp: add the missing setting for asoc encap_port
        bpf, selftests: Adjust few selftest result_unpriv outcomes
        bpf: No need to simulate speculative domain for immediates
        bpf: Fix mask direction swap upon off reg sign change
        bpf: Wrap aux data inside bpf_sanitize_info container
        bpf: Fix BPF_LSM kconfig symbol dependency
        selftests/bpf: Add test for l3 use of bpf_redirect_peer
        bpftool: Add sock_release help info for cgroup attach/prog load command
        net: dsa: microchip: enable phy errata workaround on 9567
        ...
      d7c5303f
  2. 26 May, 2021 2 commits
  3. 25 May, 2021 30 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · f5d28712
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2021-05-26
      
      The following pull-request contains BPF updates for your *net* tree.
      
      We've added 14 non-merge commits during the last 14 day(s) which contain
      a total of 17 files changed, 513 insertions(+), 231 deletions(-).
      
      The main changes are:
      
      1) Fix bpf_skb_change_head() helper to reset mac_len, from Jussi Maki.
      
      2) Fix masking direction swap upon off-reg sign change, from Daniel Borkmann.
      
      3) Fix BPF offloads in verifier by reordering driver callback, from Yinjun Zhang.
      
      4) BPF selftest for ringbuf mmap ro/rw restrictions, from Andrii Nakryiko.
      
      5) Follow-up fixes to nested bprintf per-cpu buffers, from Florent Revest.
      
      6) Fix bpftool sock_release attach point help info, from Liu Jian.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f5d28712
    • David S. Miller's avatar
      Merge branch 'mptcp-fixes' · 6dfa87b4
      David S. Miller authored
      Mat Martineau says:
      
      ====================
      MPTCP fixes
      
      Here are a few fixes for the -net tree.
      
      Patch 1 fixes an attempt to access a tcp-specific field that does not
      exist in mptcp sockets.
      
      Patches 2 and 3 remove warning/error log output that could be flooded.
      
      Patch 4 performs more validation on address advertisement echo packets
      to improve RFC 8684 compliance.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6dfa87b4
    • Davide Caratti's avatar
      mptcp: validate 'id' when stopping the ADD_ADDR retransmit timer · d58300c3
      Davide Caratti authored
      when Linux receives an echo-ed ADD_ADDR, it checks the IP address against
      the list of "announced" addresses. In case of a positive match, the timer
      that handles retransmissions is stopped regardless of the 'Address Id' in
      the received packet: this behaviour does not comply with RFC8684 3.4.1.
      
      Fix it by validating the 'Address Id' in received echo-ed ADD_ADDRs.
      Tested using packetdrill, with the following captured output:
      
       unpatched kernel:
      
       Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0xfd2e62517888fe29,mptcp dss ack 3007449509], length 0
       In  <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 1 1.2.3.4,mptcp dss ack 3013740213], length 0
       Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0xfd2e62517888fe29,mptcp dss ack 3007449509], length 0
       In  <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 90 198.51.100.2,mptcp dss ack 3013740213], length 0
              ^^^ retransmission is stopped here, but 'Address Id' is 90
      
       patched kernel:
      
       Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0x1cf372d59e05f4b8,mptcp dss ack 3007449509], length 0
       In  <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 1 1.2.3.4,mptcp dss ack 1672384568], length 0
       Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0x1cf372d59e05f4b8,mptcp dss ack 3007449509], length 0
       In  <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 90 198.51.100.2,mptcp dss ack 1672384568], length 0
       Out <...> Flags [.], ack 1, win 256, options [mptcp add-addr v1 id 1 198.51.100.2 hmac 0x1cf372d59e05f4b8,mptcp dss ack 3007449509], length 0
       In  <...> Flags [.], ack 1, win 257, options [mptcp add-addr v1-echo id 1 198.51.100.2,mptcp dss ack 1672384568], length 0
              ^^^ retransmission is stopped here, only when both 'Address Id' and 'IP Address' match
      
      Fixes: 00cfd77b ("mptcp: retransmit ADD_ADDR when timeout")
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d58300c3
    • Paolo Abeni's avatar
      mptcp: avoid error message on infinite mapping · 3ed0a585
      Paolo Abeni authored
      Another left-over. Avoid flooding dmesg with useless text,
      we already have a MIB for that event.
      
      Fixes: 648ef4b8 ("mptcp: Implement MPTCP receive path")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3ed0a585
    • Paolo Abeni's avatar
      mptcp: drop unconditional pr_warn on bad opt · 3812ce89
      Paolo Abeni authored
      This is a left-over of early day. A malicious peer can flood
      the kernel logs with useless messages, just drop it.
      
      Fixes: f296234c ("mptcp: Add handling of incoming MP_JOIN requests")
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3812ce89
    • Paolo Abeni's avatar
      mptcp: avoid OOB access in setsockopt() · 20b5759f
      Paolo Abeni authored
      We can't use tcp_set_congestion_control() on an mptcp socket, as
      such function can end-up accessing a tcp-specific field -
      prior_ssthresh - causing an OOB access.
      
      To allow propagating the correct ca algo on subflow, cache the ca
      name at initialization time.
      
      Additionally avoid overriding the user-selected CA (if any) at
      clone time.
      
      Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/182
      Fixes: aa1fbd94 ("mptcp: sockopt: add TCP_CONGESTION and TCP_INFO")
      Acked-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      20b5759f
    • Simon Horman's avatar
      nfp: update maintainer and mailing list addresses · bab09fe2
      Simon Horman authored
      Some of Netronome's activities and people have moved over to Corigine,
      including NFP driver maintenance and myself.
      Signed-off-by: default avatarSimon Horman <simon.horman@corigine.com>
      Signed-off-by: default avatarLouis Peens <louis.peens@corigine.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bab09fe2
    • Stefan Chulski's avatar
      net: mvpp2: add buffer header handling in RX · 17f9c1b6
      Stefan Chulski authored
      If Link Partner sends frames larger than RX buffer size, MAC mark it
      as oversize but still would pass it to the Packet Processor.
      In this scenario, Packet Processor scatter frame between multiple buffers,
      but only a single buffer would be returned to the Buffer Manager pool and
      it would not refill the poll.
      
      Patch add handling of oversize error with buffer header handling, so all
      buffers would be returned to the Buffer Manager pool.
      
      Fixes: 3f518509 ("ethernet: Add new driver for Marvell Armada 375 network unit")
      Reported-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarStefan Chulski <stefanc@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      17f9c1b6
    • Jiapeng Chong's avatar
      bnx2x: Fix missing error code in bnx2x_iov_init_one() · 65161c35
      Jiapeng Chong authored
      Eliminate the follow smatch warning:
      
      drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c:1227
      bnx2x_iov_init_one() warn: missing error code 'err'.
      Reported-by: default avatarAbaci Robot <abaci@linux.alibaba.com>
      Signed-off-by: default avatarJiapeng Chong <jiapeng.chong@linux.alibaba.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      65161c35
    • Vlad Buslov's avatar
      net: zero-initialize tc skb extension on allocation · 9453d45e
      Vlad Buslov authored
      Function skb_ext_add() doesn't initialize created skb extension with any
      value and leaves it up to the user. However, since extension of type
      TC_SKB_EXT originally contained only single value tc_skb_ext->chain its
      users used to just assign the chain value without setting whole extension
      memory to zero first. This assumption changed when TC_SKB_EXT extension was
      extended with additional fields but not all users were updated to
      initialize the new fields which leads to use of uninitialized memory
      afterwards. UBSAN log:
      
      [  778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28
      [  778.301495] load of value 107 is not a valid value for type '_Bool'
      [  778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2
      [  778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
      [  778.307901] Call Trace:
      [  778.308680]  <IRQ>
      [  778.309358]  dump_stack+0xbb/0x107
      [  778.310307]  ubsan_epilogue+0x5/0x40
      [  778.311167]  __ubsan_handle_load_invalid_value.cold+0x43/0x48
      [  778.312454]  ? memset+0x20/0x40
      [  778.313230]  ovs_flow_key_extract.cold+0xf/0x14 [openvswitch]
      [  778.314532]  ovs_vport_receive+0x19e/0x2e0 [openvswitch]
      [  778.315749]  ? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch]
      [  778.317188]  ? create_prof_cpu_mask+0x20/0x20
      [  778.318220]  ? arch_stack_walk+0x82/0xf0
      [  778.319153]  ? secondary_startup_64_no_verify+0xb0/0xbb
      [  778.320399]  ? stack_trace_save+0x91/0xc0
      [  778.321362]  ? stack_trace_consume_entry+0x160/0x160
      [  778.322517]  ? lock_release+0x52e/0x760
      [  778.323444]  netdev_frame_hook+0x323/0x610 [openvswitch]
      [  778.324668]  ? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch]
      [  778.325950]  __netif_receive_skb_core+0x771/0x2db0
      [  778.327067]  ? lock_downgrade+0x6e0/0x6f0
      [  778.328021]  ? lock_acquire+0x565/0x720
      [  778.328940]  ? generic_xdp_tx+0x4f0/0x4f0
      [  778.329902]  ? inet_gro_receive+0x2a7/0x10a0
      [  778.330914]  ? lock_downgrade+0x6f0/0x6f0
      [  778.331867]  ? udp4_gro_receive+0x4c4/0x13e0
      [  778.332876]  ? lock_release+0x52e/0x760
      [  778.333808]  ? dev_gro_receive+0xcc8/0x2380
      [  778.334810]  ? lock_downgrade+0x6f0/0x6f0
      [  778.335769]  __netif_receive_skb_list_core+0x295/0x820
      [  778.336955]  ? process_backlog+0x780/0x780
      [  778.337941]  ? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core]
      [  778.339613]  ? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0
      [  778.341033]  ? kvm_clock_get_cycles+0x14/0x20
      [  778.342072]  netif_receive_skb_list_internal+0x5f5/0xcb0
      [  778.343288]  ? __kasan_kmalloc+0x7a/0x90
      [  778.344234]  ? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core]
      [  778.345676]  ? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core]
      [  778.347140]  ? __netif_receive_skb_list_core+0x820/0x820
      [  778.348351]  ? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core]
      [  778.349688]  ? napi_gro_flush+0x26c/0x3c0
      [  778.350641]  napi_complete_done+0x188/0x6b0
      [  778.351627]  mlx5e_napi_poll+0x373/0x1b80 [mlx5_core]
      [  778.352853]  __napi_poll+0x9f/0x510
      [  778.353704]  ? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core]
      [  778.355158]  net_rx_action+0x34c/0xa40
      [  778.356060]  ? napi_threaded_poll+0x3d0/0x3d0
      [  778.357083]  ? sched_clock_cpu+0x18/0x190
      [  778.358041]  ? __common_interrupt+0x8e/0x1a0
      [  778.359045]  __do_softirq+0x1ce/0x984
      [  778.359938]  __irq_exit_rcu+0x137/0x1d0
      [  778.360865]  irq_exit_rcu+0xa/0x20
      [  778.361708]  common_interrupt+0x80/0xa0
      [  778.362640]  </IRQ>
      [  778.363212]  asm_common_interrupt+0x1e/0x40
      [  778.364204] RIP: 0010:native_safe_halt+0xe/0x10
      [  778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00
      [  778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246
      [  778.370570] RAX: ffff88842de46a80 RBX: ffffffff84425840 RCX: ffffffff83418468
      [  778.372143] RDX: 000000000026f1da RSI: 0000000000000004 RDI: ffffffff8343af5e
      [  778.373722] RBP: fffffbfff0884b08 R08: 0000000000000000 R09: ffff88842de46bcb
      [  778.375292] R10: ffffed1085bc8d79 R11: 0000000000000001 R12: 0000000000000000
      [  778.376860] R13: ffffffff851124a0 R14: 0000000000000000 R15: dffffc0000000000
      [  778.378491]  ? rcu_eqs_enter.constprop.0+0xb8/0xe0
      [  778.379606]  ? default_idle_call+0x5e/0xe0
      [  778.380578]  default_idle+0xa/0x10
      [  778.381406]  default_idle_call+0x96/0xe0
      [  778.382350]  do_idle+0x3d4/0x550
      [  778.383153]  ? arch_cpu_idle_exit+0x40/0x40
      [  778.384143]  cpu_startup_entry+0x19/0x20
      [  778.385078]  start_kernel+0x3c7/0x3e5
      [  778.385978]  secondary_startup_64_no_verify+0xb0/0xbb
      
      Fix the issue by providing new function tc_skb_ext_alloc() that allocates
      tc skb extension and initializes its memory to 0 before returning it to the
      caller. Change all existing users to use new API instead of calling
      skb_ext_add() directly.
      
      Fixes: 038ebb1a ("net/sched: act_ct: fix miss set mru for ovs after defrag in act_ct")
      Fixes: d29334c1 ("net/sched: act_api: fix miss set post_ct for ovs after do conntrack in act_ct")
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Acked-by: default avatarCong Wang <cong.wang@bytedance.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9453d45e
    • Yang Li's avatar
      net: hns: Fix kernel-doc · c1cf1afd
      Yang Li authored
      Fix function name in hns_ethtool.c kernel-doc comment
      to remove these warnings found by clang_w1.
      
      drivers/net/ethernet/hisilicon/hns/hns_ethtool.c:202: warning: expecting
      prototype for hns_nic_set_link_settings(). Prototype was for
      hns_nic_set_link_ksettings() instead.
      drivers/net/ethernet/hisilicon/hns/hns_ethtool.c:837: warning: expecting
      prototype for get_ethtool_stats(). Prototype was for
      hns_get_ethtool_stats() instead.
      drivers/net/ethernet/hisilicon/hns/hns_ethtool.c:894: warning:
      expecting prototype for get_strings(). Prototype was for
      hns_get_strings() instead.
      Reported-by: default avatarAbaci Robot <abaci@linux.alibaba.com>
      Fixes: 'commit 262b38cd ("net: ethernet: hisilicon: hns: use phydev
      from struct net_device")'
      Signed-off-by: default avatarYang Li <yang.lee@linux.alibaba.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c1cf1afd
    • Xin Long's avatar
      sctp: fix the proc_handler for sysctl encap_port · b2540cdc
      Xin Long authored
      proc_dointvec() cannot do min and max check for setting a value
      when extra1/extra2 is set, so change it to proc_dointvec_minmax()
      for sysctl encap_port.
      
      Fixes: e8a3001c ("sctp: add encap_port for netns sock asoc and transport")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b2540cdc
    • Xin Long's avatar
      sctp: add the missing setting for asoc encap_port · 297739bd
      Xin Long authored
      This patch is to add the missing setting back for asoc encap_port.
      
      Fixes: 8dba2960 ("sctp: add SCTP_REMOTE_UDP_ENCAPS_PORT sockopt")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      297739bd
    • Kees Cook's avatar
      proc: Check /proc/$pid/attr/ writes against file opener · bfb819ea
      Kees Cook authored
      Fix another "confused deputy" weakness[1]. Writes to /proc/$pid/attr/
      files need to check the opener credentials, since these fds do not
      transition state across execve(). Without this, it is possible to
      trick another process (which may have different credentials) to write
      to its own /proc/$pid/attr/ files, leading to unexpected and possibly
      exploitable behaviors.
      
      [1] https://www.kernel.org/doc/html/latest/security/credentials.html?highlight=confused#open-file-credentials
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bfb819ea
    • Mikulas Patocka's avatar
      dm snapshot: properly fix a crash when an origin has no snapshots · 7e768532
      Mikulas Patocka authored
      If an origin target has no snapshots, o->split_boundary is set to 0.
      This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split().
      
      Fix this by initializing chunk_size, and in turn split_boundary, to
      rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits
      into "unsigned" type.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      7e768532
    • Mikulas Patocka's avatar
      dm snapshot: revert "fix a crash when an origin has no snapshots" · f16dba5d
      Mikulas Patocka authored
      Commit 7ee06ddc ("dm snapshot: fix a
      crash when an origin has no snapshots") introduced a regression in
      snapshot merging - causing the lvm2 test lvcreate-cache-snapshot.sh
      got stuck in an infinite loop.
      
      Even though commit 7ee06ddc was marked
      for stable@ the stable team was notified to _not_ backport it.
      
      Fixes: 7ee06ddc ("dm snapshot: fix a crash when an origin has no snapshots")
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      f16dba5d
    • John Keeping's avatar
      dm verity: fix require_signatures module_param permissions · 0c1f3193
      John Keeping authored
      The third parameter of module_param() is permissions for the sysfs node
      but it looks like it is being used as the initial value of the parameter
      here.  In fact, false here equates to omitting the file from sysfs and
      does not affect the value of require_signatures.
      
      Making the parameter writable is not simple because going from
      false->true is fine but it should not be possible to remove the
      requirement to verify a signature.  But it can be useful to inspect the
      value of this parameter from userspace, so change the permissions to
      make a read-only file in sysfs.
      Signed-off-by: default avatarJohn Keeping <john@metanate.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      0c1f3193
    • Daniel Borkmann's avatar
      bpf, selftests: Adjust few selftest result_unpriv outcomes · 1bad6fd5
      Daniel Borkmann authored
      Given we don't need to simulate the speculative domain for registers with
      immediates anymore since the verifier uses direct imm-based rewrites instead
      of having to mask, we can also lift a few cases that were previously rejected.
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      1bad6fd5
    • Daniel Borkmann's avatar
      bpf: No need to simulate speculative domain for immediates · a7036191
      Daniel Borkmann authored
      In 801c6058 ("bpf: Fix leakage of uninitialized bpf stack under
      speculation") we replaced masking logic with direct loads of immediates
      if the register is a known constant. Given in this case we do not apply
      any masking, there is also no reason for the operation to be truncated
      under the speculative domain.
      
      Therefore, there is also zero reason for the verifier to branch-off and
      simulate this case, it only needs to do it for unknown but bounded scalars.
      As a side-effect, this also enables few test cases that were previously
      rejected due to simulation under zero truncation.
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Reviewed-by: default avatarPiotr Krysiuk <piotras@gmail.com>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      a7036191
    • Daniel Borkmann's avatar
      bpf: Fix mask direction swap upon off reg sign change · bb01a1bb
      Daniel Borkmann authored
      Masking direction as indicated via mask_to_left is considered to be
      calculated once and then used to derive pointer limits. Thus, this
      needs to be placed into bpf_sanitize_info instead so we can pass it
      to sanitize_ptr_alu() call after the pointer move. Piotr noticed a
      corner case where the off reg causes masking direction change which
      then results in an incorrect final aux->alu_limit.
      
      Fixes: 7fedb63a ("bpf: Tighten speculative pointer arithmetic mask")
      Reported-by: default avatarPiotr Krysiuk <piotras@gmail.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Reviewed-by: default avatarPiotr Krysiuk <piotras@gmail.com>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      bb01a1bb
    • Daniel Borkmann's avatar
      bpf: Wrap aux data inside bpf_sanitize_info container · 3d0220f6
      Daniel Borkmann authored
      Add a container structure struct bpf_sanitize_info which holds
      the current aux info, and update call-sites to sanitize_ptr_alu()
      to pass it in. This is needed for passing in additional state
      later on.
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Reviewed-by: default avatarPiotr Krysiuk <piotras@gmail.com>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      3d0220f6
    • Daniel Borkmann's avatar
      bpf: Fix BPF_LSM kconfig symbol dependency · 5c9d706f
      Daniel Borkmann authored
      Similarly as 6bdacdb4 ("bpf: Fix BPF_JIT kconfig symbol dependency") we
      need to detangle the hard BPF_LSM dependency on NET. This was previously
      implicit by its dependency on BPF_JIT which itself was dependent on NET (but
      without any actual/real hard dependency code-wise). Given the latter was
      lifted, so should be the former as BPF_LSMs could well exist on net-less
      systems. This therefore also fixes a randconfig build error recently reported
      by Randy:
      
        ld: kernel/bpf/bpf_lsm.o: in function `bpf_lsm_func_proto':
        bpf_lsm.c:(.text+0x1a0): undefined reference to `bpf_sk_storage_get_proto'
        ld: bpf_lsm.c:(.text+0x1b8): undefined reference to `bpf_sk_storage_delete_proto'
        [...]
      
      Fixes: b24abcff ("bpf, kconfig: Add consolidated menu entry for bpf with core options")
      Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Tested-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      5c9d706f
    • Linus Torvalds's avatar
      Merge tag 'netfs-lib-fixes-20200525' of... · ad9f25d3
      Linus Torvalds authored
      Merge tag 'netfs-lib-fixes-20200525' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
      
      Pull netfs fixes from David Howells:
       "A couple of fixes to the new netfs lib:
      
         - Pass the AOP flags through from netfs_write_begin() into
           grab_cache_page_write_begin().
      
         - Automatically enable in Kconfig netfs lib rather than presenting an
           option for manual enablement"
      
      * tag 'netfs-lib-fixes-20200525' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
        netfs: Make CONFIG_NETFS_SUPPORT auto-selected rather than manual
        netfs: Pass flags through to grab_cache_page_write_begin()
      ad9f25d3
    • Gustavo A. R. Silva's avatar
      afs: Fix fall-through warnings for Clang · b2db6c35
      Gustavo A. R. Silva authored
      In preparation to enable -Wimplicit-fallthrough for Clang, fix multiple
      warnings by explicitly adding multiple fallthrough pseudo-keywords in
      places where the code is intended to fall through to the next case.
      
      Link: https://github.com/KSPP/linux/issues/115Signed-off-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarJeffrey Altman <jaltman@auristor.com>
      cc: linux-afs@lists.infradead.org
      cc: linux-hardening@vger.kernel.org
      Link: https://lore.kernel.org/r/51150b54e0b0431a2c401cd54f2c4e7f50e94601.1605896059.git.gustavoars@kernel.org/ # v1
      Link: https://lore.kernel.org/r/20210420211615.GA51432@embeddedor/ # v2
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b2db6c35
    • Jussi Maki's avatar
      selftests/bpf: Add test for l3 use of bpf_redirect_peer · 6fd5fb63
      Jussi Maki authored
      Add a test case for using bpf_skb_change_head() in combination with
      bpf_redirect_peer() to redirect a packet from a L3 device to veth and back.
      
      The test uses a BPF program that adds L2 headers to the packet coming
      from a L3 device and then calls bpf_redirect_peer() to redirect the packet
      to a veth device. The test fails as skb->mac_len is not set properly and
      thus the ethernet headers are not properly skb_pull'd in cls_bpf_classify(),
      causing tcp_v4_rcv() to point the TCP header into middle of the IP header.
      Signed-off-by: default avatarJussi Maki <joamaki@gmail.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Link: https://lore.kernel.org/bpf/20210525102955.2811090-1-joamaki@gmail.com
      6fd5fb63
    • Liu Jian's avatar
      bpftool: Add sock_release help info for cgroup attach/prog load command · a8deba85
      Liu Jian authored
      The help information was not added at the time when the function got added.
      Fix this and add the missing information to its cli, documentation and bash
      completion.
      
      Fixes: db94cc0b ("bpftool: Add support for BPF_CGROUP_INET_SOCK_RELEASE")
      Signed-off-by: default avatarLiu Jian <liujian56@huawei.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Reviewed-by: default avatarQuentin Monnet <quentin@isovalent.com>
      Link: https://lore.kernel.org/bpf/20210525014139.323859-1-liujian56@huawei.com
      a8deba85
    • Jisheng Zhang's avatar
      arm64: mm: don't use CON and BLK mapping if KFENCE is enabled · e6901240
      Jisheng Zhang authored
      When we added KFENCE support for arm64, we intended that it would
      force the entire linear map to be mapped at page granularity, but we
      only enforced this in arch_add_memory() and not in map_mem(), so
      memory mapped at boot time can be mapped at a larger granularity.
      
      When booting a kernel with KFENCE=y and RODATA_FULL=n, this results in
      the following WARNING at boot:
      
      [    0.000000] ------------[ cut here ]------------
      [    0.000000] WARNING: CPU: 0 PID: 0 at mm/memory.c:2462 apply_to_pmd_range+0xec/0x190
      [    0.000000] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.13.0-rc1+ #10
      [    0.000000] Hardware name: linux,dummy-virt (DT)
      [    0.000000] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO BTYPE=--)
      [    0.000000] pc : apply_to_pmd_range+0xec/0x190
      [    0.000000] lr : __apply_to_page_range+0x94/0x170
      [    0.000000] sp : ffffffc010573e20
      [    0.000000] x29: ffffffc010573e20 x28: ffffff801f400000 x27: ffffff801f401000
      [    0.000000] x26: 0000000000000001 x25: ffffff801f400fff x24: ffffffc010573f28
      [    0.000000] x23: ffffffc01002b710 x22: ffffffc0105fa450 x21: ffffffc010573ee4
      [    0.000000] x20: ffffff801fffb7d0 x19: ffffff801f401000 x18: 00000000fffffffe
      [    0.000000] x17: 000000000000003f x16: 000000000000000a x15: ffffffc01060b940
      [    0.000000] x14: 0000000000000000 x13: 0098968000000000 x12: 0000000098968000
      [    0.000000] x11: 0000000000000000 x10: 0000000098968000 x9 : 0000000000000001
      [    0.000000] x8 : 0000000000000000 x7 : ffffffc010573ee4 x6 : 0000000000000001
      [    0.000000] x5 : ffffffc010573f28 x4 : ffffffc01002b710 x3 : 0000000040000000
      [    0.000000] x2 : ffffff801f5fffff x1 : 0000000000000001 x0 : 007800005f400705
      [    0.000000] Call trace:
      [    0.000000]  apply_to_pmd_range+0xec/0x190
      [    0.000000]  __apply_to_page_range+0x94/0x170
      [    0.000000]  apply_to_page_range+0x10/0x20
      [    0.000000]  __change_memory_common+0x50/0xdc
      [    0.000000]  set_memory_valid+0x30/0x40
      [    0.000000]  kfence_init_pool+0x9c/0x16c
      [    0.000000]  kfence_init+0x20/0x98
      [    0.000000]  start_kernel+0x284/0x3f8
      
      Fixes: 840b2398 ("arm64, kfence: enable KFENCE for ARM64")
      Cc: <stable@vger.kernel.org> # 5.12.x
      Signed-off-by: default avatarJisheng Zhang <Jisheng.Zhang@synaptics.com>
      Acked-by: default avatarMark Rutland <mark.rutland@arm.com>
      Acked-by: default avatarMarco Elver <elver@google.com>
      Tested-by: default avatarMarco Elver <elver@google.com>
      Link: https://lore.kernel.org/r/20210525104551.2ec37f77@xhacker.debianSigned-off-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      e6901240
    • David Howells's avatar
      netfs: Make CONFIG_NETFS_SUPPORT auto-selected rather than manual · b71c7912
      David Howells authored
      Make the netfs helper library selected automatically by the things that use
      it rather than being manually configured, even though it's required[1].
      
      Fixes: 3a5829fe ("netfs: Make a netfs helper module")
      Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
      cc: linux-mm@kvack.org
      cc: linux-cachefs@redhat.com
      cc: linux-afs@lists.infradead.org
      cc: linux-nfs@vger.kernel.org
      cc: linux-cifs@vger.kernel.org
      cc: ceph-devel@vger.kernel.org
      cc: v9fs-developer@lists.sourceforge.net
      cc: linux-fsdevel@vger.kernel.org
      Link: https://lore.kernel.org/r/CAMuHMdXJZ7iNQE964CdBOU=vRKVMFzo=YF_eiwsGgqzuvZ+TuA@mail.gmail.com [1]
      Link: https://lore.kernel.org/r/162090298141.3166007.2971118149366779916.stgit@warthog.procyon.org.uk # v1
      b71c7912
    • David Howells's avatar
      netfs: Pass flags through to grab_cache_page_write_begin() · 19dee613
      David Howells authored
      In netfs_write_begin(), pass the AOP flags through to
      grab_cache_page_write_begin() so that a request to use GFP_NOFS is
      honoured.
      
      Fixes: e1b1240c ("netfs: Add write_begin helper")
      Reported-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
      Reviewed-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      cc: linux-mm@kvack.org
      cc: linux-cachefs@redhat.com
      cc: linux-afs@lists.infradead.org
      cc: linux-nfs@vger.kernel.org
      cc: linux-cifs@vger.kernel.org
      cc: ceph-devel@vger.kernel.org
      cc: v9fs-developer@lists.sourceforge.net
      cc: linux-fsdevel@vger.kernel.org
      Link: https://lore.kernel.org/r/162090295383.3165945.13595101698295243662.stgit@warthog.procyon.org.uk # v1
      19dee613
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v5.13-2021-05-24' of... · a050a6d2
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v5.13-2021-05-24' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tool fixes from Arnaldo Carvalho de Melo:
      
       - Fix 'perf script' decoding of Intel PT traces for abort handling and
         sample instruction bytes.
      
       - Add missing PERF_IP_FLAG_CHARS for VM-Entry and VM-Exit to Intel PT
         'perf script' decoder.
      
       - Fixes for the python based Intel PT trace viewer GUI.
      
       - Sync UAPI copies (unwire quotactl_path, some comment fixes).
      
       - Fix handling of missing kernel software events, such as the recently
         added 'cgroup-switches', and add the trivial glue for it in the
         tooling side, since it was added in this merge window.
      
       - Add missing initialization of zstd_data in 'perf buildid-list',
         detected with valgrind's memcheck.
      
       - Remove needless event enable/disable when all events uses BPF.
      
       - Fix libpfm4 support (63) test error for nested event groups.
      
      * tag 'perf-tools-fixes-for-v5.13-2021-05-24' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        perf stat: Skip evlist__[enable|disable] when all events uses BPF
        perf script: Add missing PERF_IP_FLAG_CHARS for VM-Entry and VM-Exit
        perf scripts python: exported-sql-viewer.py: Fix warning display
        perf scripts python: exported-sql-viewer.py: Fix Array TypeError
        perf scripts python: exported-sql-viewer.py: Fix copy to clipboard from Top Calls by elapsed Time report
        tools headers UAPI: Sync files changed by the quotactl_path unwiring
        tools headers UAPI: Sync linux/perf_event.h with the kernel sources
        tools headers UAPI: Sync linux/fs.h with the kernel sources
        perf parse-events: Check if the software events array slots are populated
        perf tools: Add 'cgroup-switches' software event
        perf intel-pt: Remove redundant setting of ptq->insn_len
        perf intel-pt: Fix sample instruction bytes
        perf intel-pt: Fix transaction abort handling
        perf test: Fix libpfm4 support (63) test error for nested event groups
        tools arch kvm: Sync kvm headers with the kernel sources
        perf buildid-list: Initialize zstd_data
      a050a6d2
  4. 24 May, 2021 1 commit