1. 22 Apr, 2021 1 commit
    • Linus Torvalds's avatar
      Merge tag 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/tpmdd · 90c911ad
      Linus Torvalds authored
      Pull tpm fix from James Bottomley:
       "This is an urgent regression fix for a tpm patch set that went in this
        merge window. It looks like a rebase before the original pull request
        lost a tpm_try_get_ops() so we have a lock imbalance in our code which
        is causing oopses. The original patch was correct on the mailing list.
      
        I'm sending this in agreement with Mimi (as joint maintainers of
        trusted keys) because Jarkko is off communing with the Reindeer or
        whatever it is Finns do when on holiday"
      
      * tag 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/tpmdd:
        KEYS: trusted: Fix TPM reservation for seal/unseal
      90c911ad
  2. 21 Apr, 2021 2 commits
  3. 20 Apr, 2021 3 commits
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 1fe5501b
      Linus Torvalds authored
      Pull tracing fix from Steven Rostedt:
       "Fix tp_printk command line and trace events
      
        Masami added a wrapper to be able to unhash trace event pointers as
        they are only read by root anyway, and they can also be extracted by
        the raw trace data buffers. But this wrapper utilized the iterator to
        have a temporary buffer to manipulate the text with.
      
        tp_printk is a kernel command line option that will send the trace
        output of a trace event to the console on boot up (useful when the
        system crashes before finishing the boot). But the code used the same
        wrapper that Masami added, and its iterator did not have a buffer, and
        this caused the system to crash.
      
        Have the wrapper just print the trace event normally if the iterator
        has no temporary buffer"
      
      * tag 'trace-v5.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Fix checking event hash pointer logic when tp_printk is enabled
      1fe5501b
    • Serge E. Hallyn's avatar
      capabilities: require CAP_SETFCAP to map uid 0 · db2e718a
      Serge E. Hallyn authored
      cap_setfcap is required to create file capabilities.
      
      Since commit 8db6c34f ("Introduce v3 namespaced file capabilities"),
      a process running as uid 0 but without cap_setfcap is able to work
      around this as follows: unshare a new user namespace which maps parent
      uid 0 into the child namespace.
      
      While this task will not have new capabilities against the parent
      namespace, there is a loophole due to the way namespaced file
      capabilities are represented as xattrs.  File capabilities valid in
      userns 1 are distinguished from file capabilities valid in userns 2 by
      the kuid which underlies uid 0.  Therefore the restricted root process
      can unshare a new self-mapping namespace, add a namespaced file
      capability onto a file, then use that file capability in the parent
      namespace.
      
      To prevent that, do not allow mapping parent uid 0 if the process which
      opened the uid_map file does not have CAP_SETFCAP, which is the
      capability for setting file capabilities.
      
      As a further wrinkle: a task can unshare its user namespace, then open
      its uid_map file itself, and map (only) its own uid.  In this case we do
      not have the credential from before unshare, which was potentially more
      restricted.  So, when creating a user namespace, we record whether the
      creator had CAP_SETFCAP.  Then we can use that during map_write().
      
      With this patch:
      
      1. Unprivileged user can still unshare -Ur
      
         ubuntu@caps:~$ unshare -Ur
         root@caps:~# logout
      
      2. Root user can still unshare -Ur
      
         ubuntu@caps:~$ sudo bash
         root@caps:/home/ubuntu# unshare -Ur
         root@caps:/home/ubuntu# logout
      
      3. Root user without CAP_SETFCAP cannot unshare -Ur:
      
         root@caps:/home/ubuntu# /sbin/capsh --drop=cap_setfcap --
         root@caps:/home/ubuntu# /sbin/setcap cap_setfcap=p /sbin/setcap
         unable to set CAP_SETFCAP effective capability: Operation not permitted
         root@caps:/home/ubuntu# unshare -Ur
         unshare: write failed /proc/self/uid_map: Operation not permitted
      
      Note: an alternative solution would be to allow uid 0 mappings by
      processes without CAP_SETFCAP, but to prevent such a namespace from
      writing any file capabilities.  This approach can be seen at [1].
      
      Background history: commit 95ebabde ("capabilities: Don't allow
      writing ambiguous v3 file capabilities") tried to fix the issue by
      preventing v3 fscaps to be written to disk when the root uid would map
      to the same uid in nested user namespaces.  This led to regressions for
      various workloads.  For example, see [2].  Ultimately this is a valid
      use-case we have to support meaning we had to revert this change in
      3b0c2d3e ("Revert 95ebabde ("capabilities: Don't allow writing
      ambiguous v3 file capabilities")").
      
      Link: https://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux.git/log/?h=2021-04-15/setfcap-nsfscaps-v4 [1]
      Link: https://github.com/containers/buildah/issues/3071 [2]
      Signed-off-by: default avatarSerge Hallyn <serge@hallyn.com>
      Reviewed-by: default avatarAndrew G. Morgan <morgan@kernel.org>
      Tested-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
      Reviewed-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
      Tested-by: default avatarGiuseppe Scrivano <gscrivan@redhat.com>
      Cc: Eric Biederman <ebiederm@xmission.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      db2e718a
    • Steven Rostedt (VMware)'s avatar
      tracing: Fix checking event hash pointer logic when tp_printk is enabled · 0e1e71d3
      Steven Rostedt (VMware) authored
      Pointers in events that are printed are unhashed if the flags allow it,
      and the logic to do so is called before processing the event output from
      the raw ring buffer. In most cases, this is done when a user reads one of
      the trace files.
      
      But if tp_printk is added on the kernel command line, this logic is done
      for trace events when they are triggered, and their output goes out via
      printk. The unhash logic (and even the validation of the output) did not
      support the tp_printk output, and would crash.
      
      Link: https://lore.kernel.org/linux-tegra/9835d9f1-8d3a-3440-c53f-516c2606ad07@nvidia.com/
      
      Fixes: efbbdaa2 ("tracing: Show real address for trace event arguments")
      Reported-by: default avatarJon Hunter <jonathanh@nvidia.com>
      Tested-by: default avatarJon Hunter <jonathanh@nvidia.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      0e1e71d3
  4. 19 Apr, 2021 2 commits
  5. 18 Apr, 2021 6 commits
    • Linus Torvalds's avatar
      Linux 5.12-rc8 · bf05bf16
      Linus Torvalds authored
      bf05bf16
    • Linus Torvalds's avatar
      Merge tag 'arm-fixes-5.12-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 5ffe04cc
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
       "Another smaller set of fixes for three of the Arm platforms:
      
        TI OMAP:
      
           Fix swapped mmc device order also for omap3 that got changed with
           the recent PROBE_PREFER_ASYNCHRONOUS changes. While eventually the
           aliases should be board specific, all the mmc device instances are
           all there in the SoC, and we do probe them by default so that PM
           runtime can idle the devices if left enabled from the bootloader.
      
        Qualcomm Snapdragon:
      
           This bypasses the recently introduced interconnect handling in
           the GENI (serial engine) driver when running off ACPI, as this
           causes the GENI probe to fail and the Lenovo Yoga C630 to boot
           without keyboard and touchpad.
      
        Allwinner:
      
           One 32kHz clock fix for the beelink gs1, a CD polarity fix for the
           SoPine, some MAINTAINERS maintainance, and a clk / reset switch to
           our headers"
      
      * tag 'arm-fixes-5.12-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
        arm64: dts: allwinner: h6: beelink-gs1: Remove ext. 32 kHz osc reference
        MAINTAINERS: Match on allwinner keyword
        MAINTAINERS: Add our new mailing-list
        arm64: dts: allwinner: Fix SD card CD GPIO for SOPine systems
        arm64: dts: allwinner: h6: Switch to macros for RSB clock/reset indices
        ARM: OMAP2+: Fix uninitialized sr_inst
        ARM: dts: Fix swapped mmc order for omap3
        ARM: OMAP2+: Fix warning for omap_init_time_of()
        soc: qcom: geni: shield geni_icc_get() for ACPI boot
      5ffe04cc
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm · f5ce0466
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
      
       - Halve maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled
      
       - Fix conversion for_each_membock() to for_each_mem_range()
      
       - Fix footbridge PCI mapping
      
       - Avoid uprobes hooking on thumb instructions
      
      * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 9071/1: uprobes: Don't hook on thumb instructions
        ARM: footbridge: fix PCI interrupt mapping
        ARM: 9069/1: NOMMU: Fix conversion for_each_membock() to for_each_mem_range()
        ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled
      f5ce0466
    • Fredrik Strupe's avatar
      ARM: 9071/1: uprobes: Don't hook on thumb instructions · d2f7eca6
      Fredrik Strupe authored
      Since uprobes is not supported for thumb, check that the thumb bit is
      not set when matching the uprobes instruction hooks.
      
      The Arm UDF instructions used for uprobes triggering
      (UPROBE_SWBP_ARM_INSN and UPROBE_SS_ARM_INSN) coincidentally share the
      same encoding as a pair of unallocated 32-bit thumb instructions (not
      UDF) when the condition code is 0b1111 (0xf). This in effect makes it
      possible to trigger the uprobes functionality from thumb, and at that
      using two unallocated instructions which are not permanently undefined.
      Signed-off-by: default avatarFredrik Strupe <fredrik@strupe.net>
      Cc: stable@vger.kernel.org
      Fixes: c7edc9e3 ("ARM: add uprobes support")
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      d2f7eca6
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · c98ff1d0
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Two fixes: the libsas fix is for a problem that occurs when trying to
        change the cache type of an ATA device and the libiscsi one is a
        regression fix from this merge window"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: libsas: Reset num_scatter if libata marks qc as NODATA
        scsi: iscsi: Fix iSCSI cls conn state
      c98ff1d0
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2021-04-18' of git://anongit.freedesktop.org/drm/drm · aba5970c
      Linus Torvalds authored
      Pull vmwgfx fixes from Dave Airlie:
       "This contains two regression fixes for vmwgfx, one due to a refactor
        which meant locks were being used before initialisation, and the other
        in fixing up some warnings from the core when destroying pinned
        buffers.
      
        vmwgfx:
      
         - fixed unpinning before destruction
      
         - lockdep init reordering"
      
      * tag 'drm-fixes-2021-04-18' of git://anongit.freedesktop.org/drm/drm:
        drm/vmwgfx: Make sure bo's are unpinned before putting them back
        drm/vmwgfx: Fix the lockdep breakage
        drm/vmwgfx: Make sure we unpin no longer needed buffers
      aba5970c
  6. 17 Apr, 2021 9 commits
    • Dave Airlie's avatar
      Merge tag 'vmwgfx-fixes-2021-04-14' of gitlab.freedesktop.org:zack/vmwgfx into drm-fixes · 796b556c
      Dave Airlie authored
      vmwgfx fixes for regressions in 5.12
      
      Here's a set of 3 patches fixing ugly regressions
      in the vmwgfx driver. We broke lock initialization
      code and ended up using spinlocks before initialization
      breaking lockdep.
      Also there was a bit of a fallout from drm changes
      which made the core validate that unreferenced buffers
      have been unpinned. vmwgfx pinning code predates a lot
      of the core drm and wasn't written to account for those
      semantics. Fortunately changes required to fix it
      are not too intrusive.
      The changes have been validated by our internal ci.
      Signed-off-by: default avatarZack Rusin <zackr@vmware.com>
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Zack Rusin <zackr@vmware.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/f7add0a2-162e-3bd2-b1be-344a94f2acbf@vmware.com
      796b556c
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 194cf482
      Linus Torvalds authored
      Pull i2c fix from Wolfram Sang:
       "One more driver bugfix for I2C"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: mv64xxx: Fix random system lock caused by runtime PM
      194cf482
    • Linus Torvalds's avatar
      readdir: make sure to verify directory entry for legacy interfaces too · 0c93ac69
      Linus Torvalds authored
      This does the directory entry name verification for the legacy
      "fillonedir" (and compat) interface that goes all the way back to the
      dark ages before we had a proper dirent, and the readdir() system call
      returned just a single entry at a time.
      
      Nobody should use this interface unless you still have binaries from
      1991, but let's do it right.
      
      This came up during discussions about unsafe_copy_to_user() and proper
      checking of all the inputs to it, as the networking layer is looking to
      use it in a few new places.  So let's make sure the _old_ users do it
      all right and proper, before we add new ones.
      
      See also commit 8a23eb80 ("Make filldir[64]() verify the directory
      entry filename is valid") which did the proper modern interfaces that
      people actually use. It had a note:
      
          Note that I didn't bother adding the checks to any legacy interfaces
          that nobody uses.
      
      which this now corrects.  Note that we really don't care about POSIX and
      the presense of '/' in a directory entry, but verify_dirent_name() also
      ends up doing the proper name length verification which is what the
      input checking discussion was about.
      
      [ Another option would be to remove the support for this particular very
        old interface: any binaries that use it are likely a.out binaries, and
        they will no longer run anyway since we removed a.out binftm support
        in commit eac61655 ("x86: Deprecate a.out support").
      
        But I'm not sure which came first: getdents() or ELF support, so let's
        pretend somebody might still have a working binary that uses the
        legacy readdir() case.. ]
      
      Link: https://lore.kernel.org/lkml/CAHk-=wjbvzCAhAtvG0d81W5o0-KT5PPTHhfJ5ieDFq+bGtgOYg@mail.gmail.com/Acked-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0c93ac69
    • Linus Torvalds's avatar
      Merge tag 'net-5.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 88a5af94
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Networking fixes for 5.12-rc8, including fixes from netfilter, and
        bpf. BPF verifier changes stand out, otherwise things have slowed
        down.
      
        Current release - regressions:
      
         - gro: ensure frag0 meets IP header alignment
      
         - Revert "net: stmmac: re-init rx buffers when mac resume back"
      
         - ethernet: macb: fix the restore of cmp registers
      
        Previous releases - regressions:
      
         - ixgbe: Fix NULL pointer dereference in ethtool loopback test
      
         - ixgbe: fix unbalanced device enable/disable in suspend/resume
      
         - phy: marvell: fix detection of PHY on Topaz switches
      
         - make tcp_allowed_congestion_control readonly in non-init netns
      
         - xen-netback: Check for hotplug-status existence before watching
      
        Previous releases - always broken:
      
         - bpf: mitigate a speculative oob read of up to map value size by
           tightening the masking window
      
         - sctp: fix race condition in sctp_destroy_sock
      
         - sit, ip6_tunnel: Unregister catch-all devices
      
         - netfilter: nftables: clone set element expression template
      
         - netfilter: flowtable: fix NAT IPv6 offload mangling
      
         - net: geneve: check skb is large enough for IPv4/IPv6 header
      
         - netlink: don't call ->netlink_bind with table lock held"
      
      * tag 'net-5.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (52 commits)
        netlink: don't call ->netlink_bind with table lock held
        MAINTAINERS: update my email
        bpf: Update selftests to reflect new error states
        bpf: Tighten speculative pointer arithmetic mask
        bpf: Move sanitize_val_alu out of op switch
        bpf: Refactor and streamline bounds check into helper
        bpf: Improve verifier error messages for users
        bpf: Rework ptr_limit into alu_limit and add common error path
        bpf: Ensure off_reg has no mixed signed bounds for all types
        bpf: Move off_reg into sanitize_ptr_alu
        bpf: Use correct permission flag for mixed signed bounds arithmetic
        ch_ktls: do not send snd_una update to TCB in middle
        ch_ktls: tcb close causes tls connection failure
        ch_ktls: fix device connection close
        ch_ktls: Fix kernel panic
        i40e: fix the panic when running bpf in xdpdrv mode
        net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta
        net/mlx5e: Fix setting of RS FEC mode
        net/mlx5: Fix setting of devlink traps in switchdev mode
        Revert "net: stmmac: re-init rx buffers when mac resume back"
        ...
      88a5af94
    • Linus Torvalds's avatar
      Merge tag 'libnvdimm-fixes-for-5.12-rc8' of... · bdfd99e6
      Linus Torvalds authored
      Merge tag 'libnvdimm-fixes-for-5.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
      
      Pull libnvdimm fixes from Dan Williams:
       "The largest change is for a regression that landed during -rc1 for
        block-device read-only handling. Vaibhav found a new use for the
        ability (originally introduced by virtio_pmem) to call back to the
        platform to flush data, but also found an original bug in that
        implementation. Lastly, Arnd cleans up some compile warnings in dax.
      
        This has all appeared in -next with no reported issues.
      
        Summary:
      
         - Fix a regression of read-only handling in the pmem driver
      
         - Fix a compile warning
      
         - Fix support for platform cache flush commands on powerpc/papr"
      
      * tag 'libnvdimm-fixes-for-5.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC
        libnvdimm: Notify disk drivers to revalidate region read-only
        dax: avoid -Wempty-body warnings
      bdfd99e6
    • Linus Torvalds's avatar
      Merge tag 'cxl-fixes-for-5.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl · 7c226774
      Linus Torvalds authored
      Pull CXL memory class fixes from Dan Williams:
       "A collection of fixes for the CXL memory class driver introduced in
        this release cycle.
      
        The driver was primarily developed on a work-in-progress QEMU
        emulation of the interface and we have since found a couple places
        where it hid spec compliance bugs in the driver, or had a spec
        implementation bug itself.
      
        The biggest change here is replacing a percpu_ref with an rwsem to
        cleanup a couple bugs in the error unwind path during ioctl device
        init. Lastly there were some minor cleanups to not export the
        power-management sysfs-ABI for the ioctl device, use the proper sysfs
        helper for emitting values, and prevent subtle bugs as new
        administration commands are added to the supported list.
      
        The bulk of it has appeared in -next save for the top commit which was
        found today and validated on a fixed-up QEMU model.
      
        Summary:
      
         - Fix support for CXL memory devices with registers offset from the
           BAR base.
      
         - Fix the reporting of device capacity.
      
         - Fix the driver commands list definition to be disconnected from the
           UAPI command list.
      
         - Replace percpu_ref with rwsem to fix initialization error path.
      
         - Fix leaks in the driver initialization error path.
      
         - Drop the power/ directory from CXL device sysfs.
      
         - Use the recommended sysfs helper for attribute 'show'
           implementations"
      
      * tag 'cxl-fixes-for-5.12-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl:
        cxl/mem: Fix memory device capacity probing
        cxl/mem: Fix register block offset calculation
        cxl/mem: Force array size of mem_commands[] to CXL_MEM_COMMAND_ID_MAX
        cxl/mem: Disable cxl device power management
        cxl/mem: Do not rely on device_add() side effects for dev_set_name() failures
        cxl/mem: Fix synchronization mechanism for device removal vs ioctl operations
        cxl/mem: Use sysfs_emit() for attribute show routines
      7c226774
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · fdb5d6ca
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "12 patches.
      
        Subsystems affected by this patch series: mm (documentation, kasan,
        and pagemap), csky, ia64, gcov, and lib"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        lib: remove "expecting prototype" kernel-doc warnings
        gcov: clang: fix clang-11+ build
        mm: ptdump: fix build failure
        mm/mapping_dirty_helpers: guard hugepage pud's usage
        ia64: tools: remove duplicate definition of ia64_mf() on ia64
        ia64: tools: remove inclusion of ia64-specific version of errno.h header
        ia64: fix discontig.c section mismatches
        ia64: remove duplicate entries in generic_defconfig
        csky: change a Kconfig symbol name to fix e1000 build error
        kasan: remove redundant config option
        kasan: fix hwasan build for gcc
        mm: eliminate "expecting prototype" kernel-doc warnings
      fdb5d6ca
    • Dan Williams's avatar
      cxl/mem: Fix memory device capacity probing · fae8817a
      Dan Williams authored
      The CXL Identify Memory Device output payload emits capacity in 256MB
      units. The driver is treating the capacity field as bytes. This was
      missed because QEMU reports bytes when it should report bytes / 256MB.
      
      Fixes: 8adaf747 ("cxl/mem: Find device capabilities")
      Reviewed-by: default avatarVishal Verma <vishal.l.verma@intel.com>
      Cc: Ben Widawsky <ben.widawsky@intel.com>
      Link: https://lore.kernel.org/r/161862021044.3259705.7008520073059739760.stgit@dwillia2-desk3.amr.corp.intel.comSigned-off-by: default avatarDan Williams <dan.j.williams@intel.com>
      fae8817a
    • Florian Westphal's avatar
      netlink: don't call ->netlink_bind with table lock held · f2764bd4
      Florian Westphal authored
      When I added support to allow generic netlink multicast groups to be
      restricted to subscribers with CAP_NET_ADMIN I was unaware that a
      genl_bind implementation already existed in the past.
      
      It was reverted due to ABBA deadlock:
      
      1. ->netlink_bind gets called with the table lock held.
      2. genetlink bind callback is invoked, it grabs the genl lock.
      
      But when a new genl subsystem is (un)registered, these two locks are
      taken in reverse order.
      
      One solution would be to revert again and add a comment in genl
      referring 1e82a62f, "genetlink: remove genl_bind").
      
      This would need a second change in mptcp to not expose the raw token
      value anymore, e.g.  by hashing the token with a secret key so userspace
      can still associate subflow events with the correct mptcp connection.
      
      However, Paolo Abeni reminded me to double-check why the netlink table is
      locked in the first place.
      
      I can't find one.  netlink_bind() is already called without this lock
      when userspace joins a group via NETLINK_ADD_MEMBERSHIP setsockopt.
      Same holds for the netlink_unbind operation.
      
      Digging through the history, commit f7736080
      ("netlink: access nlk groups safely in netlink bind and getname")
      expanded the lock scope.
      
      commit 3a20773b ("net: netlink: cap max groups which will be considered in netlink_bind()")
      ... removed the nlk->ngroups access that the lock scope
      extension was all about.
      
      Reduce the lock scope again and always call ->netlink_bind without
      the table lock.
      
      The Fixes tag should be vs. the patch mentioned in the link below,
      but that one got squash-merged into the patch that came earlier in the
      series.
      
      Fixes: 4d54cc32 ("mptcp: avoid lock_fast usage in accept path")
      Link: https://lore.kernel.org/mptcp/20210213000001.379332-8-mathew.j.martineau@linux.intel.com/T/#u
      Cc: Cong Wang <xiyou.wangcong@gmail.com>
      Cc: Xin Long <lucien.xin@gmail.com>
      Cc: Johannes Berg <johannes.berg@intel.com>
      Cc: Sean Tranchetti <stranche@codeaurora.org>
      Cc: Paolo Abeni <pabeni@redhat.com>
      Cc: Pablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f2764bd4
  7. 16 Apr, 2021 17 commits