1. 08 Jun, 2022 12 commits
  2. 07 Jun, 2022 3 commits
  3. 06 Jun, 2022 9 commits
  4. 02 Jun, 2022 16 commits
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables: always initialize flowtable hook list in transaction · 2c9e4559
      Pablo Neira Ayuso authored
      The hook list is used if nft_trans_flowtable_update(trans) == true. However,
      initialize this list for other cases for safety reasons.
      
      Fixes: 78d9f48f ("netfilter: nf_tables: add devices to existing flowtable")
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      2c9e4559
    • Linus Torvalds's avatar
      Merge tag 'net-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 58f9d52f
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bpf and netfilter.
      
        Current release - new code bugs:
      
         - af_packet: make sure to pull the MAC header, avoid skb panic in GSO
      
         - ptp_clockmatrix: fix inverted logic in is_single_shot()
      
         - netfilter: flowtable: fix missing FLOWI_FLAG_ANYSRC flag
      
         - dt-bindings: net: adin: fix adi,phy-output-clock description syntax
      
         - wifi: iwlwifi: pcie: rename CAUSE macro, avoid MIPS build warning
      
        Previous releases - regressions:
      
         - Revert "net: af_key: add check for pfkey_broadcast in function
           pfkey_process"
      
         - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
      
         - nf_tables: disallow non-stateful expression in sets earlier
      
         - nft_limit: clone packet limits' cost value
      
         - nf_tables: double hook unregistration in netns path
      
         - ping6: fix ping -6 with interface name
      
        Previous releases - always broken:
      
         - sched: fix memory barriers to prevent skbs from getting stuck in
           lockless qdiscs
      
         - neigh: set lower cap for neigh_managed_work rearming, avoid
           constantly scheduling the probe work
      
         - bpf: fix probe read error on big endian in ___bpf_prog_run()
      
         - amt: memory leak and error handling fixes
      
        Misc:
      
         - ipv6: expand & rename accept_unsolicited_na to accept_untracked_na"
      
      * tag 'net-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (80 commits)
        net/af_packet: make sure to pull mac header
        net: add debug info to __skb_pull()
        net: CONFIG_DEBUG_NET depends on CONFIG_NET
        stmmac: intel: Add RPL-P PCI ID
        net: stmmac: use dev_err_probe() for reporting mdio bus registration failure
        tipc: check attribute length for bearer name
        ice: fix access-beyond-end in the switch code
        nfp: remove padding in nfp_nfdk_tx_desc
        ax25: Fix ax25 session cleanup problems
        net: usb: qmi_wwan: Add support for Cinterion MV31 with new baseline
        sfc/siena: fix wrong tx channel offset with efx_separate_tx_channels
        sfc/siena: fix considering that all channels have TX queues
        socket: Don't use u8 type in uapi socket.h
        net/sched: act_api: fix error code in tcf_ct_flow_table_fill_tuple_ipv6()
        net: ping6: Fix ping -6 with interface name
        macsec: fix UAF bug for real_dev
        octeontx2-af: fix error code in is_valid_offset()
        wifi: mac80211: fix use-after-free in chanctx code
        bonding: guard ns_targets by CONFIG_IPV6
        tcp: tcp_rtx_synack() can be called from process context
        ...
      58f9d52f
    • Saravana Kannan's avatar
      module: Fix prefix for module.sig_enforce module param · 73503963
      Saravana Kannan authored
      Commit cfc1d277 ("module: Move all into module/") changed the prefix
      of the module param by moving/renaming files.  A later commit also moves
      the module_param() into a different file, thereby changing the prefix
      yet again.
      
      This would break kernel cmdline compatibility and also userspace
      compatibility at /sys/module/module/parameters/sig_enforce.
      
      So, set the prefix back to "module.".
      
      Fixes: cfc1d277 ("module: Move all into module/")
      Link: https://lore.kernel.org/lkml/20220602034111.4163292-1-saravanak@google.com/
      Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
      Cc: Aaron Tomlin <atomlin@redhat.com>
      Acked-by: default avatarLuis Chamberlain <mcgrof@kernel.org>
      Signed-off-by: default avatarSaravana Kannan <saravanak@google.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      73503963
    • Linus Torvalds's avatar
      Merge tag 'pci-v5.19-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · c399c85d
      Linus Torvalds authored
      Pull pci fixes from Bjorn Helgaas:
      
       - Revert brcmstb patches that broke booting on Raspberry Pi Compute
         Module 4 (Bjorn Helgaas)
      
       - Fix bridge_d3_blacklist[] error that overwrote the existing Gigabyte
         X299 entry instead of adding a new one (Bjorn Helgaas)
      
       - Update Lorenzo Pieralisi's email address in MAINTAINERS (Lorenzo
         Pieralisi)
      
      * tag 'pci-v5.19-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        MAINTAINERS: Update Lorenzo Pieralisi's email address
        PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
        Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs"
        Revert "PCI: brcmstb: Add mechanism to turn on subdev regulators"
        Revert "PCI: brcmstb: Add control of subdevice voltage regulators"
        Revert "PCI: brcmstb: Do not turn off WOL regulators on suspend"
      c399c85d
    • Jakub Kicinski's avatar
      Merge branch 'net-af_packet-be-careful-when-expanding-mac-header-size' · 638696ef
      Jakub Kicinski authored
      Eric Dumazet says:
      
      ====================
      net: af_packet: be careful when expanding mac header size
      
      A recent regression in af_packet needed a preliminary debug patch,
      which will presumably be useful for next bugs hunting.
      
      The af_packet fix is to make sure MAC headers are contained in
      skb linear part, as GSO stack requests.
      
      v2: CONFIG_DEBUG_NET depends on CONFIG_NET to avoid compile
         errors found by kernel bots.
      ====================
      
      Link: https://lore.kernel.org/r/20220602161859.2546399-1-eric.dumazet@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      638696ef
    • Eric Dumazet's avatar
      net/af_packet: make sure to pull mac header · e9d3f809
      Eric Dumazet authored
      GSO assumes skb->head contains link layer headers.
      
      tun device in some case can provide base 14 bytes,
      regardless of VLAN being used or not.
      
      After blamed commit, we can end up setting a network
      header offset of 18+, we better pull the missing
      bytes to avoid a posible crash in GSO.
      
      syzbot report was:
      kernel BUG at include/linux/skbuff.h:2699!
      invalid opcode: 0000 [#1] PREEMPT SMP KASAN
      CPU: 1 PID: 3601 Comm: syz-executor210 Not tainted 5.18.0-syzkaller-11338-g2c5ca23f #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:__skb_pull include/linux/skbuff.h:2699 [inline]
      RIP: 0010:skb_mac_gso_segment+0x48f/0x530 net/core/gro.c:136
      Code: 00 48 c7 c7 00 96 d4 8a c6 05 cb d3 45 06 01 e8 26 bb d0 01 e9 2f fd ff ff 49 c7 c4 ea ff ff ff e9 f1 fe ff ff e8 91 84 19 fa <0f> 0b 48 89 df e8 97 44 66 fa e9 7f fd ff ff e8 ad 44 66 fa e9 48
      RSP: 0018:ffffc90002e2f4b8 EFLAGS: 00010293
      RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000000000
      RDX: ffff88805bb58000 RSI: ffffffff8760ed0f RDI: 0000000000000004
      RBP: 0000000000005dbc R08: 0000000000000004 R09: 0000000000000fe0
      R10: 0000000000000fe4 R11: 0000000000000000 R12: 0000000000000fe0
      R13: ffff88807194d780 R14: 1ffff920005c5e9b R15: 0000000000000012
      FS:  000055555730f300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00000000200015c0 CR3: 0000000071ff8000 CR4: 0000000000350ee0
      Call Trace:
       <TASK>
       __skb_gso_segment+0x327/0x6e0 net/core/dev.c:3411
       skb_gso_segment include/linux/netdevice.h:4749 [inline]
       validate_xmit_skb+0x6bc/0xf10 net/core/dev.c:3669
       validate_xmit_skb_list+0xbc/0x120 net/core/dev.c:3719
       sch_direct_xmit+0x3d1/0xbe0 net/sched/sch_generic.c:327
       __dev_xmit_skb net/core/dev.c:3815 [inline]
       __dev_queue_xmit+0x14a1/0x3a00 net/core/dev.c:4219
       packet_snd net/packet/af_packet.c:3071 [inline]
       packet_sendmsg+0x21cb/0x5550 net/packet/af_packet.c:3102
       sock_sendmsg_nosec net/socket.c:714 [inline]
       sock_sendmsg+0xcf/0x120 net/socket.c:734
       ____sys_sendmsg+0x6eb/0x810 net/socket.c:2492
       ___sys_sendmsg+0xf3/0x170 net/socket.c:2546
       __sys_sendmsg net/socket.c:2575 [inline]
       __do_sys_sendmsg net/socket.c:2584 [inline]
       __se_sys_sendmsg net/socket.c:2582 [inline]
       __x64_sys_sendmsg+0x132/0x220 net/socket.c:2582
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x46/0xb0
      RIP: 0033:0x7f4b95da06c9
      Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
      RSP: 002b:00007ffd7defc4c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
      RAX: ffffffffffffffda RBX: 00007ffd7defc4f0 RCX: 00007f4b95da06c9
      RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
      RBP: 0000000000000003 R08: bb1414ac00000050 R09: bb1414ac00000050
      R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000
      R13: 00007ffd7defc4e0 R14: 00007ffd7defc4d8 R15: 00007ffd7defc4d4
       </TASK>
      
      Fixes: dfed913e ("net/af_packet: add VLAN support for AF_PACKET SOCK_RAW GSO")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Acked-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Acked-by: default avatarWillem de Bruijn <willemb@google.com>
      Cc: Michael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      e9d3f809
    • Eric Dumazet's avatar
      net: add debug info to __skb_pull() · 22296a5c
      Eric Dumazet authored
      While analyzing yet another syzbot report, I found the following
      patch very useful. It allows to better understand what went wrong.
      
      This debug info is only enabled if CONFIG_DEBUG_NET=y,
      which is the case for syzbot builds.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      22296a5c
    • Eric Dumazet's avatar
      net: CONFIG_DEBUG_NET depends on CONFIG_NET · eb0b39ef
      Eric Dumazet authored
      It makes little sense to debug networking stacks
      if networking is not compiled in.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      eb0b39ef
    • Michael Sit Wei Hong's avatar
    • Rasmus Villemoes's avatar
      net: stmmac: use dev_err_probe() for reporting mdio bus registration failure · 839612d2
      Rasmus Villemoes authored
      I have a board where these two lines are always printed during boot:
      
         imx-dwmac 30bf0000.ethernet: Cannot register the MDIO bus
         imx-dwmac 30bf0000.ethernet: stmmac_dvr_probe: MDIO bus (id: 1) registration failed
      
      It's perfectly fine, and the device is successfully (and silently, as
      far as the console goes) probed later.
      
      Use dev_err_probe() instead, which will demote these messages to debug
      level (thus removing the alarming messages from the console) when the
      error is -EPROBE_DEFER, and also has the advantage of including the
      error code if/when it happens to be something other than -EPROBE_DEFER.
      
      While here, add the missing \n to one of the format strings.
      Signed-off-by: default avatarRasmus Villemoes <linux@rasmusvillemoes.dk>
      Link: https://lore.kernel.org/r/20220602074840.1143360-1-linux@rasmusvillemoes.dkSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      839612d2
    • Hoang Le's avatar
      tipc: check attribute length for bearer name · 7f36f798
      Hoang Le authored
      syzbot reported uninit-value:
      =====================================================
      BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:644 [inline]
      BUG: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725
       string_nocheck lib/vsprintf.c:644 [inline]
       string+0x4f9/0x6f0 lib/vsprintf.c:725
       vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806
       vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158
       vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256
       vprintk_default+0x86/0xa0 kernel/printk/printk.c:2283
       vprintk+0x15f/0x180 kernel/printk/printk_safe.c:50
       _printk+0x18d/0x1cf kernel/printk/printk.c:2293
       tipc_enable_bearer net/tipc/bearer.c:371 [inline]
       __tipc_nl_bearer_enable+0x2022/0x22a0 net/tipc/bearer.c:1033
       tipc_nl_bearer_enable+0x6c/0xb0 net/tipc/bearer.c:1042
       genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
      
      - Do sanity check the attribute length for TIPC_NLA_BEARER_NAME.
      - Do not use 'illegal name' in printing message.
      
      Reported-by: syzbot+e820fdc8ce362f2dea51@syzkaller.appspotmail.com
      Fixes: cb30a633 ("tipc: refactor function tipc_enable_bearer()")
      Acked-by: default avatarJon Maloy <jmaloy@redhat.com>
      Signed-off-by: default avatarHoang Le <hoang.h.le@dektech.com.au>
      Link: https://lore.kernel.org/r/20220602063053.5892-1-hoang.h.le@dektech.com.auSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      7f36f798
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-5.19-rc1' of https://github.com/ceph/ceph-client · 17d8e3d9
      Linus Torvalds authored
      Pull ceph updates from Ilya Dryomov:
       "A big pile of assorted fixes and improvements for the filesystem with
        nothing in particular standing out, except perhaps that the fact that
        the MDS never really maintained atime was made official and thus it's
        no longer updated on the client either.
      
        We also have a MAINTAINERS update: Jeff is transitioning his
        filesystem maintainership duties to Xiubo"
      
      * tag 'ceph-for-5.19-rc1' of https://github.com/ceph/ceph-client: (23 commits)
        MAINTAINERS: move myself from ceph "Maintainer" to "Reviewer"
        ceph: fix decoding of client session messages flags
        ceph: switch TASK_INTERRUPTIBLE to TASK_KILLABLE
        ceph: remove redundant variable ino
        ceph: try to queue a writeback if revoking fails
        ceph: fix statfs for subdir mounts
        ceph: fix possible deadlock when holding Fwb to get inline_data
        ceph: redirty the page for writepage on failure
        ceph: try to choose the auth MDS if possible for getattr
        ceph: disable updating the atime since cephfs won't maintain it
        ceph: flush the mdlog for filesystem sync
        ceph: rename unsafe_request_wait()
        libceph: use swap() macro instead of taking tmp variable
        ceph: fix statx AT_STATX_DONT_SYNC vs AT_STATX_FORCE_SYNC check
        ceph: no need to invalidate the fscache twice
        ceph: replace usage of found with dedicated list iterator variable
        ceph: use dedicated list iterator variable
        ceph: update the dlease for the hashed dentry when removing
        ceph: stop retrying the request when exceeding 256 times
        ceph: stop forwarding the request when exceeding 256 times
        ...
      17d8e3d9
    • Linus Torvalds's avatar
      Merge tag 'livepatching-for-5.19' of... · 7c9e960c
      Linus Torvalds authored
      Merge tag 'livepatching-for-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching
      
      Pull livepatching cleanup from Petr Mladek:
      
       - Remove duplicated livepatch code [Christophe]
      
      * tag 'livepatching-for-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/livepatching/livepatching:
        livepatch: Remove klp_arch_set_pc() and asm/livepatch.h
      7c9e960c
    • Linus Torvalds's avatar
      Merge tag 'printk-for-5.19-fixup' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux · 12831f64
      Linus Torvalds authored
      Pull printk fixup from Petr Mladek:
      
       - Revert inappropriate use of wake_up_interruptible_all() in printk()
      
      * tag 'printk-for-5.19-fixup' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux:
        Revert "printk: wake up all waiters"
      12831f64
    • Linus Torvalds's avatar
      Merge tag 'memblock-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock · ca1dcc6d
      Linus Torvalds authored
      Pull memblock test suite updates from Mike Rapoport:
       "Comment updates for memblock test suite
      
        Update comments in the memblock tests so that they will have
        consistent style"
      
      * tag 'memblock-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock:
        memblock tests: remove completed TODO item
        memblock tests: update style of comments for memblock_free_*() functions
        memblock tests: update style of comments for memblock_remove_*() functions
        memblock tests: update style of comments for memblock_reserve_*() functions
        memblock tests: update style of comments for memblock_add_*() functions
      ca1dcc6d
    • Dan Carpenter's avatar
      i2c: ismt: prevent memory corruption in ismt_access() · 690b2549
      Dan Carpenter authored
      The "data->block[0]" variable comes from the user and is a number
      between 0-255.  It needs to be capped to prevent writing beyond the end
      of dma_buffer[].
      
      Fixes: 5e9a97b1 ("i2c: ismt: Adding support for I2C_SMBUS_BLOCK_PROC_CALL")
      Reported-and-tested-by: default avatarZheyu Ma <zheyuma97@gmail.com>
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Reviewed-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      690b2549