1. 11 Jul, 2023 1 commit
    • Björn Töpel's avatar
      riscv, bpf: Fix inconsistent JIT image generation · c56fb2aa
      Björn Töpel authored
      In order to generate the prologue and epilogue, the BPF JIT needs to
      know which registers that are clobbered. Therefore, the during
      pre-final passes, the prologue is generated after the body of the
      program body-prologue-epilogue. Then, in the final pass, a proper
      prologue-body-epilogue JITted image is generated.
      
      This scheme has worked most of the time. However, for some large
      programs with many jumps, e.g. the test_kmod.sh BPF selftest with
      hardening enabled (blinding constants), this has shown to be
      incorrect. For the final pass, when the proper prologue-body-epilogue
      is generated, the image has not converged. This will lead to that the
      final image will have incorrect jump offsets. The following is an
      excerpt from an incorrect image:
      
        | ...
        |     3b8:       00c50663                beq     a0,a2,3c4 <.text+0x3c4>
        |     3bc:       0020e317                auipc   t1,0x20e
        |     3c0:       49630067                jalr    zero,1174(t1) # 20e852 <.text+0x20e852>
        | ...
        |  20e84c:       8796                    c.mv    a5,t0
        |  20e84e:       6422                    c.ldsp  s0,8(sp)    # Epilogue start
        |  20e850:       6141                    c.addi16sp      sp,16
        |  20e852:       853e                    c.mv    a0,a5       # Incorrect jump target
        |  20e854:       8082                    c.jr    ra
      
      The image has shrunk, and the epilogue offset is incorrect in the
      final pass.
      
      Correct the problem by always generating proper prologue-body-epilogue
      outputs, which means that the first pass will only generate the body
      to track what registers that are touched.
      
      Fixes: 2353ecc6 ("bpf, riscv: add BPF JIT for RV64G")
      Signed-off-by: default avatarBjörn Töpel <bjorn@rivosinc.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Link: https://lore.kernel.org/bpf/20230710074131.19596-1-bjorn@kernel.org
      c56fb2aa
  2. 06 Jul, 2023 3 commits
  3. 05 Jul, 2023 25 commits
    • Linus Torvalds's avatar
      Merge tag 'net-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 68433066
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bluetooth, bpf and wireguard.
      
        Current release - regressions:
      
         - nvme-tcp: fix comma-related oops after sendpage changes
      
        Current release - new code bugs:
      
         - ptp: make max_phase_adjustment sysfs device attribute invisible
           when not supported
      
        Previous releases - regressions:
      
         - sctp: fix potential deadlock on &net->sctp.addr_wq_lock
      
         - mptcp:
            - ensure subflow is unhashed before cleaning the backlog
            - do not rely on implicit state check in mptcp_listen()
      
        Previous releases - always broken:
      
         - net: fix net_dev_start_xmit trace event vs skb_transport_offset()
      
         - Bluetooth:
            - fix use-bdaddr-property quirk
            - L2CAP: fix multiple UaFs
            - ISO: use hci_sync for setting CIG parameters
            - hci_event: fix Set CIG Parameters error status handling
            - hci_event: fix parsing of CIS Established Event
            - MGMT: fix marking SCAN_RSP as not connectable
      
         - wireguard: queuing: use saner cpu selection wrapping
      
         - sched: act_ipt: various bug fixes for iptables <> TC interactions
      
         - sched: act_pedit: add size check for TCA_PEDIT_PARMS_EX
      
         - dsa: fixes for receiving PTP packets with 8021q and sja1105 tagging
      
         - eth: sfc: fix null-deref in devlink port without MAE access
      
         - eth: ibmvnic: do not reset dql stats on NON_FATAL err
      
        Misc:
      
         - xsk: honor SO_BINDTODEVICE on bind"
      
      * tag 'net-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (70 commits)
        nfp: clean mc addresses in application firmware when closing port
        selftests: mptcp: pm_nl_ctl: fix 32-bit support
        selftests: mptcp: depend on SYN_COOKIES
        selftests: mptcp: userspace_pm: report errors with 'remove' tests
        selftests: mptcp: userspace_pm: use correct server port
        selftests: mptcp: sockopt: return error if wrong mark
        selftests: mptcp: sockopt: use 'iptables-legacy' if available
        selftests: mptcp: connect: fail if nft supposed to work
        mptcp: do not rely on implicit state check in mptcp_listen()
        mptcp: ensure subflow is unhashed before cleaning the backlog
        s390/qeth: Fix vipa deletion
        octeontx-af: fix hardware timestamp configuration
        net: dsa: sja1105: always enable the send_meta options
        net: dsa: tag_sja1105: fix MAC DA patching from meta frames
        net: Replace strlcpy with strscpy
        pptp: Fix fib lookup calls.
        mlxsw: spectrum_router: Fix an IS_ERR() vs NULL check
        net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
        xsk: Honor SO_BINDTODEVICE on bind
        ptp: Make max_phase_adjustment sysfs device attribute invisible when not supported
        ...
      68433066
    • Linus Torvalds's avatar
      Merge tag 'f2fs-for-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs · 73a3fcda
      Linus Torvalds authored
      Pull f2fs updates from Jaegeuk Kim:
       "In this cycle, we've mainly investigated the zoned block device
        support along with patches such as correcting write pointers between
        f2fs and storage, adding asynchronous zone reset flow, and managing
        the number of open zones.
      
        Other than them, f2fs adds another mount option, "errors=x" to specify
        how to handle when it detects an unexpected behavior at runtime.
      
        Enhancements:
         - support 'errors=remount-ro|continue|panic' mount option
         - enforce some inode flag policies
         - allow .tmp compression given extensions
         - add some ioctls to manage the f2fs compression
         - improve looped node chain flow
         - avoid issuing small-sized discard commands during checkpoint
         - implement an asynchronous zone reset
      
        Bug fixes:
         - fix deadlock in xattr and inode page lock
         - fix and add sanity check in some error paths
         - fix to avoid NULL pointer dereference f2fs_write_end_io() along
           with put_super
         - set proper flags to quota files
         - fix potential deadlock due to unpaired node_write lock use
         - fix over-estimating free section during FG GC
         - fix the wrong condition to determine atomic context
      
        As usual, also there are a number of patches with code refactoring and
        minor clean-ups"
      
      * tag 'f2fs-for-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (46 commits)
        f2fs: fix to do sanity check on direct node in truncate_dnode()
        f2fs: only set release for file that has compressed data
        f2fs: fix compile warning in f2fs_destroy_node_manager()
        f2fs: fix error path handling in truncate_dnode()
        f2fs: fix deadlock in i_xattr_sem and inode page lock
        f2fs: remove unneeded page uptodate check/set
        f2fs: update mtime and ctime in move file range method
        f2fs: compress tmp files given extension
        f2fs: refactor struct f2fs_attr macro
        f2fs: convert to use sbi directly
        f2fs: remove redundant assignment to variable err
        f2fs: do not issue small discard commands during checkpoint
        f2fs: check zone write pointer points to the end of zone
        f2fs: add f2fs_ioc_get_compress_blocks
        f2fs: cleanup MIN_INLINE_XATTR_SIZE
        f2fs: add helper to check compression level
        f2fs: set FMODE_CAN_ODIRECT instead of a dummy direct_IO method
        f2fs: do more sanity check on inode
        f2fs: compress: fix to check validity of i_compress_flag field
        f2fs: add sanity compress level check for compressed file
        ...
      73a3fcda
    • Linus Torvalds's avatar
      Merge tag 'xfs-6.5-merge-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · bb8e7e9f
      Linus Torvalds authored
      Pull more xfs updates from Darrick Wong:
      
       - Fix some ordering problems with log items during log recovery
      
       - Don't deadlock the system by trying to flush busy freed extents while
         holding on to busy freed extents
      
       - Improve validation of log geometry parameters when reading the
         primary superblock
      
       - Validate the length field in the AGF header
      
       - Fix recordset filtering bugs when re-calling GETFSMAP to return more
         results when the resultset didn't previously fit in the caller's
         buffer
      
       - Fix integer overflows in GETFSMAP when working with rt volumes larger
         than 2^32 fsblocks
      
       - Fix GETFSMAP reporting the undefined space beyond the last rtextent
      
       - Fix filtering bugs in GETFSMAP's log device backend if the log ever
         becomes longer than 2^32 fsblocks
      
       - Improve validation of file offsets in the GETFSMAP range parameters
      
       - Fix an off by one bug in the pmem media failure notification
         computation
      
       - Validate the length field in the AGI header too
      
      * tag 'xfs-6.5-merge-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: Remove unneeded semicolon
        xfs: AGI length should be bounds checked
        xfs: fix the calculation for "end" and "length"
        xfs: fix xfs_btree_query_range callers to initialize btree rec fully
        xfs: validate fsmap offsets specified in the query keys
        xfs: fix logdev fsmap query result filtering
        xfs: clean up the rtbitmap fsmap backend
        xfs: fix getfsmap reporting past the last rt extent
        xfs: fix integer overflows in the fsmap rtbitmap and logdev backends
        xfs: fix interval filtering in multi-step fsmap queries
        xfs: fix bounds check in xfs_defer_agfl_block()
        xfs: AGF length has never been bounds checked
        xfs: journal geometry is not properly bounds checked
        xfs: don't block in busy flushing when freeing extents
        xfs: allow extent free intents to be retried
        xfs: pass alloc flags through to xfs_extent_busy_flush()
        xfs: use deferred frees for btree block freeing
        xfs: don't reverse order of items in bulk AIL insertion
        xfs: remove redundant initializations of pointers drop_leaf and save_leaf
      bb8e7e9f
    • Linus Torvalds's avatar
      Merge tag 'pwm/for-6.5-rc1' of... · ace1ba1c
      Linus Torvalds authored
      Merge tag 'pwm/for-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
      
      Pull pwm updates from Thierry Reding:
       "There's a little bit of everything in here: we've got various
        improvements and cleanups to drivers, some fixes across the board and
        a bit of new hardware support"
      
      * tag 'pwm/for-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: (22 commits)
        dt-bindings: pwm: convert pwm-bcm2835 bindings to YAML
        pwm: Add Renesas RZ/G2L MTU3a PWM driver
        pwm: mtk_disp: Fix the disable flow of disp_pwm
        dt-bindings: pwm: restrict node name suffixes
        pwm: pca9685: Switch i2c driver back to use .probe()
        pwm: ab8500: Fix error code in probe()
        MAINTAINERS: add pwm to PolarFire SoC entry
        pwm: add microchip soft ip corePWM driver
        pwm: sysfs: Do not apply state to already disabled PWMs
        pwm: imx-tpm: force 'real_period' to be zero in suspend
        pwm: meson: make full use of common clock framework
        pwm: meson: don't use hdmi/video clock as mux parent
        pwm: meson: switch to using struct clk_parent_data for mux parents
        pwm: meson: remove not needed check in meson_pwm_calc
        pwm: meson: fix handling of period/duty if greater than UINT_MAX
        pwm: meson: modify and simplify calculation in meson_pwm_get_state
        dt-bindings: pwm: Add R-Car V3U device tree bindings
        dt-bindings: pwm: imx: add i.MX8QXP compatible
        pwm: mediatek: Add support for MT7981
        dt-bindings: pwm: mediatek: Add mediatek,mt7981 compatible
        ...
      ace1ba1c
    • Linus Torvalds's avatar
      Merge tag 'devicetree-for-6.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · b9861581
      Linus Torvalds authored
      Pull more devicetree updates from Rob Herring:
      
       - Whitespace clean-ups in binding examples
      
       - Restrict node name suffixes to "-[0-9]+" for cases of multiple
         instances which don't have unit-addresses
      
       - Convert brcm,kona-wdt and cdns,wdt-r1p2 watchdog bindings to DT
         schema
      
      * tag 'devicetree-for-6.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        dt-bindings: soc: qcom: stats: Update maintainer email
        dt-bindings: cleanup DTS example whitespaces
        dt-bindings: timestamp: restrict node name suffixes
        dt-bindings: slimbus: restrict node name suffixes
        dt-bindings: watchdog: restrict node name suffixes
        dt-bindings: watchdog: brcm,kona-wdt: convert txt file to yaml
        dt-bindings: watchdog: cdns,wdt-r1p2: Convert cadence watchdog to yaml
      b9861581
    • Yinjun Zhang's avatar
      nfp: clean mc addresses in application firmware when closing port · cc7eab25
      Yinjun Zhang authored
      When moving devices from one namespace to another, mc addresses are
      cleaned in software while not removed from application firmware. Thus
      the mc addresses are remained and will cause resource leak.
      
      Now use `__dev_mc_unsync` to clean mc addresses when closing port.
      
      Fixes: e20aa071 ("nfp: fix schedule in atomic context when sync mc address")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarYinjun Zhang <yinjun.zhang@corigine.com>
      Acked-by: default avatarSimon Horman <simon.horman@corigine.com>
      Signed-off-by: default avatarLouis Peens <louis.peens@corigine.com>
      Reviewed-by: default avatarJacob Keller <jacob.e.keller@intel.com>
      Message-ID: <20230705052818.7122-1-louis.peens@corigine.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      cc7eab25
    • Jakub Kicinski's avatar
      Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · fdaff05b
      Jakub Kicinski authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2023-07-05
      
      We've added 2 non-merge commits during the last 1 day(s) which contain
      a total of 3 files changed, 16 insertions(+), 4 deletions(-).
      
      The main changes are:
      
      1) Fix BTF to warn but not returning an error for a NULL BTF to still be
         able to load modules under CONFIG_DEBUG_INFO_BTF, from SeongJae Park.
      
      2) Fix xsk sockets to honor SO_BINDTODEVICE in bind(), from Ilya Maximets.
      
      * tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
        xsk: Honor SO_BINDTODEVICE on bind
        bpf, btf: Warn but return no error for NULL btf from __register_btf_kfunc_id_set()
      ====================
      
      Link: https://lore.kernel.org/r/20230705171716.6494-1-daniel@iogearbox.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      fdaff05b
    • Linus Torvalds's avatar
      Merge tag 'soundwire-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire · fe1de551
      Linus Torvalds authored
      Pull soundwire updates from Vinod Koul:
      
       - Stream handling and slave alert handling
      
       - Qualcomm Soundwire v2.0.0 controller support
      
       - Intel ACE2.x initial support and code reorganization
      
      * tag 'soundwire-6.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/soundwire: (55 commits)
        soundwire: stream: Make master_list ordered to prevent deadlocks
        soundwire: bus: Prevent lockdep asserts when stream has multiple buses
        soundwire: qcom: fix storing port config out-of-bounds
        soundwire: intel_ace2x: fix SND_SOC_SOF_HDA_MLINK dependency
        soundwire: debugfs: Add missing SCP registers
        soundwire: stream: Remove unnecessary gotos
        soundwire: stream: Invert logic on runtime alloc flags
        soundwire: stream: Remove unneeded checks for NULL bus
        soundwire: bandwidth allocation: Remove pointless variable
        soundwire: cadence: revisit parity injection
        soundwire: intel/cadence: update hardware reset sequence
        soundwire: intel_bus_common: enable interrupts last
        soundwire: intel_bus_common: update error log
        soundwire: amd: Improve error message in remove callback
        soundwire: debugfs: fix unbalanced pm_runtime_put()
        soundwire: qcom: fix unbalanced pm_runtime_put()
        soundwire: qcom: set clk stop need reset flag at runtime
        soundwire: qcom: add software workaround for bus clash interrupt assertion
        soundwire: qcom: wait for fifo to be empty before suspend
        soundwire: qcom: drop unused struct qcom_swrm_ctrl members
        ...
      fe1de551
    • Linus Torvalds's avatar
      Merge tag 'media/v6.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media · 15ac4686
      Linus Torvalds authored
      Pull media updates from Mauro Carvalho Chehab:
      
       - Lots of improvement at atomisp driver, which is starting to look in
         good shape
      
       - Mediatek vcodec driver has gained support for av1 and hevc stateless
         codecs
      
       - New sensor driver: ov01a10
      
       - verisilicon driver has gained AV1 entropy helpers
      
       - tegra-video has gained support for Tegra20 parallel input
      
       - dvb core has gained an extra property to better support DVB-S2X
      
       - as usual, lots of cleanups, fixes and improvements on media drivers
      
      * tag 'media/v6.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (253 commits)
        media: wl128x: fix a clang warning
        media: dvb: mb86a20s: get rid of a clang-15 warning
        media: cec: i2c: ch7322: also select REGMAP
        media: add HAS_IOPORT dependencies
        media: tc358746: select CONFIG_GENERIC_PHY
        media: mediatek: vcodec: Add dbgfs help function
        media: mediatek: vcodec: Add encode to support dbgfs
        media: mediatek: vcodec: Change dbgfs interface to support encode
        media: mediatek: vcodec: Get each instance format type
        media: mediatek: vcodec: Get each context resolution information
        media: mediatek: vcodec: Add a debugfs file to get different useful information
        media: mediatek: vcodec: Add debug params to control different log level
        media: mediatek: vcodec: Add debugfs interface to get debug information
        media: mediatek: vcodec: support stateless AV1 decoder
        media: verisilicon: Conditionally ignore native formats
        media: verisilicon: Enable AV1 decoder on rk3588
        media: verisilicon: Add film grain feature to AV1 driver
        media: verisilicon: Add Rockchip AV1 decoder
        media: verisilicon: Add AV1 entropy helpers
        media: verisilicon: Compute motion vectors size for AV1 frames
        ...
      15ac4686
    • Linus Torvalds's avatar
      Merge tag 'trace-tools-v6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace · 2784d74b
      Linus Torvalds authored
      Pull tracing tooling updates from Steven Rostedt:
      
       - Add cgroup support for rtla via the -C option
      
       - Add --house-keeping option that tells rtla where to place the
         housekeeping threads
      
       - Have rtla/timerlat have its own tracing instance instead of using the
         top level tracing instance that is the default for other tracing
         users to use
      
       - Add auto analysis to timerlat_hist
      
       - Have rtla start the tracers after creating the instances
      
       - Reduce rtla hwnoise down to 75% from 100% as it runs with preemption
         disabled and can cause system instability at 100%
      
       - Add support to run timerlat_top and timerlat_hist threads in
         user-space instead of just using the kernel tasks
      
       - Some minor clean ups and documentation changes
      
      * tag 'trace-tools-v6.5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
        Documentation: Add tools/rtla timerlat -u option documentation
        rtla/timerlat_hist: Add timerlat user-space support
        rtla/timerlat_top: Add timerlat user-space support
        rtla/hwnoise: Reduce runtime to 75%
        rtla: Start the tracers after creating all instances
        rtla/timerlat_hist: Add auto-analysis support
        rtla/timerlat: Give timerlat auto analysis its own instance
        rtla: Automatically move rtla to a house-keeping cpu
        rtla: Change monitored_cpus from char * to cpu_set_t
        rtla: Add --house-keeping option
        rtla: Add -C cgroup support
      2784d74b
    • Linus Torvalds's avatar
      Merge tag 'parisc-for-6.5-rc1-2' of... · 2a95b03d
      Linus Torvalds authored
      Merge tag 'parisc-for-6.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
      
      Pull more parisc architecture updates from Helge Deller:
      
       -  Fix all compiler warnings in arch/parisc and drivers/parisc when
          compiled with W=1
      
      * tag 'parisc-for-6.5-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: syscalls: Avoid compiler warnings with W=1
        parisc: math-emu: Avoid compiler warnings with W=1
        parisc: Raise minimal GCC version to 12.0.0
        parisc: unwind: Avoid missing prototype warning for handle_interruption()
        parisc: smp: Add declaration for start_cpu_itimer()
        parisc: pdt: Get prototype for arch_report_meminfo()
      2a95b03d
    • Linus Torvalds's avatar
      gup: make the stack expansion warning a bit more targeted · 6cd06ab1
      Linus Torvalds authored
      I added a warning about about GUP no longer expanding the stack in
      commit a425ac53 ("gup: add warning if some caller would seem to want
      stack expansion"), but didn't really expect anybody to hit it.
      
      And it's true that nobody seems to have hit a _real_ case yet, but we
      certainly have a number of reports of false positives.  Which not only
      causes extra noise in itself, but might also end up hiding any real
      cases if they do exist.
      
      So let's tighten up the warning condition, and replace the simplistic
      
      	vma = find_vma(mm, start);
      	if (vma && (start < vma->vm_start)) {
      		WARN_ON_ONCE(vma->vm_flags & VM_GROWSDOWN);
      
      with a
      
      	vma = gup_vma_lookup(mm, start);
      
      helper function which works otherwise like just "vma_lookup()", but with
      some heuristics for when to warn about gup no longer causing stack
      expansion.
      
      In particular, don't just warn for "below the stack", but warn if it's
      _just_ below the stack (with "just below" arbitrarily defined as 64kB,
      because why not?).  And rate-limit it to at most once per hour, which
      means that any false positives shouldn't completely hide subsequent
      reports, but we won't be flooding the logs about it either.
      
      The previous code triggered when some GUP user (chromium crashpad)
      accessing past the end of the previous vma, for example.  That has never
      expanded the stack, it just causes GUP to return early, and as such we
      shouldn't be warning about it.
      
      This is still going trigger the randomized testers, but to mitigate the
      noise from that, use "dump_stack()" instead of "WARN_ON_ONCE()" to get
      the kernel call chain.  We'll get the relevant information, but syzbot
      shouldn't get too upset about it.
      
      Also, don't even bother with the GROWSUP case, which would be using
      different heuristics entirely, but only happens on parisc.
      Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
      Reported-by: default avatarJohn Hubbard <jhubbard@nvidia.com>
      Reported-by: syzbot+6cf44e127903fdf9d929@syzkaller.appspotmail.com
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6cd06ab1
    • Maulik Shah's avatar
    • Krzysztof Kozlowski's avatar
      dt-bindings: cleanup DTS example whitespaces · ad5d9601
      Krzysztof Kozlowski authored
      The DTS code coding style expects spaces around '=' sign.
      Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
      Reviewed-by: default avatarMatthias Brugger <matthias.bgg@gmail.com>
      Acked-by: default avatarJonathan Cameron <Jonathan.Cameron@huawei.com>
      Reviewed-by: default avatarConor Dooley <conor.dooley@microchip.com>
      Acked-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> #display/msm
      Acked-by: default avatarNeil Armstrong <neil.armstrong@linaro.org>
      Acked-by: default avatarMike Leach <mike.leach@linaro.org>
      Reviewed-by: default avatarMathieu Poirier <mathieu.poirier@linaro.org>
      Acked-by: default avatarVinod Koul <vkoul@kernel.org>
      Link: https://lore.kernel.org/r/20230702182308.7583-1-krzysztof.kozlowski@linaro.orgSigned-off-by: default avatarRob Herring <robh@kernel.org>
      ad5d9601
    • David S. Miller's avatar
      Merge branch 'mptcp-fixes' · c451410c
      David S. Miller authored
      Matthieu Baerts says:
      
      ====================
      mptcp: fixes for v6.5
      
      Here is a first batch of fixes for v6.5 and older.
      
      The fixes are not linked to each others.
      
      Patch 1 ensures subflows are unhashed before cleaning the backlog to
      avoid races. This fixes another recent fix from v6.4.
      
      Patch 2 does not rely on implicit state check in mptcp_listen() to avoid
      races when receiving an MP_FASTCLOSE. A regression from v5.17.
      
      The rest fixes issues in the selftests.
      
      Patch 3 makes sure errors when setting up the environment are no longer
      ignored. For v5.17+.
      
      Patch 4 uses 'iptables-legacy' if available to be able to run on older
      kernels. A fix for v5.13 and newer.
      
      Patch 5 catches errors when issues are detected with packet marks. Also
      for v5.13+.
      
      Patch 6 uses the correct variable instead of an undefined one. Even if
      there was no visible impact, it can help to find regressions later. An
      issue visible in v5.19+.
      
      Patch 7 makes sure errors with some sub-tests are reported to have the
      selftest marked as failed as expected. Also for v5.19+.
      
      Patch 8 adds a kernel config that is required to execute MPTCP
      selftests. It is valid for v5.9+.
      
      Patch 9 fixes issues when validating the userspace path-manager with
      32-bit arch, an issue affecting v5.19+.
      ====================
      Signed-off-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      c451410c
    • Matthieu Baerts's avatar
      selftests: mptcp: pm_nl_ctl: fix 32-bit support · 61d96580
      Matthieu Baerts authored
      When using pm_nl_ctl to validate userspace path-manager's behaviours, it
      was failing on 32-bit architectures ~half of the time.
      
      pm_nl_ctl was not reporting any error but the command was not doing what
      it was expected to do. As a result, the expected linked event was not
      triggered after and the test failed.
      
      This is due to the fact the token given in argument to the application
      was parsed as an integer with atoi(): in a 32-bit arch, if the number
      was bigger than INT_MAX, 2147483647 was used instead.
      
      This can simply be fixed by using strtoul() instead of atoi().
      
      The errors have been seen "by chance" when manually looking at the
      results from LKFT.
      
      Fixes: 9a0b3650 ("selftests: mptcp: support MPTCP_PM_CMD_ANNOUNCE")
      Cc: stable@vger.kernel.org
      Fixes: ecd2a77d ("selftests: mptcp: support MPTCP_PM_CMD_REMOVE")
      Fixes: cf8d0a6d ("selftests: mptcp: support MPTCP_PM_CMD_SUBFLOW_CREATE")
      Fixes: 57cc361b ("selftests: mptcp: support MPTCP_PM_CMD_SUBFLOW_DESTROY")
      Fixes: ca188a25 ("selftests: mptcp: userspace PM support for MP_PRIO signals")
      Signed-off-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      61d96580
    • Matthieu Baerts's avatar
      selftests: mptcp: depend on SYN_COOKIES · 6c8880fc
      Matthieu Baerts authored
      MPTCP selftests are using TCP SYN Cookies for quite a while now, since
      v5.9.
      
      Some CIs don't have this config option enabled and this is causing
      issues in the tests:
      
        # ns1 MPTCP -> ns1 (10.0.1.1:10000      ) MPTCP     (duration   167ms) sysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory
        # [ OK ]./mptcp_connect.sh: line 554: [: -eq: unary operator expected
      
      There is no impact in the results but the test is not doing what it is
      supposed to do.
      
      Fixes: fed61c4b ("selftests: mptcp: make 2nd net namespace use tcp syn cookies unconditionally")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6c8880fc
    • Matthieu Baerts's avatar
      selftests: mptcp: userspace_pm: report errors with 'remove' tests · 966c6c3a
      Matthieu Baerts authored
      A message was mentioning an issue with the "remove" tests but the
      selftest was not marked as failed.
      
      Directly exit with an error like it is done everywhere else in this
      selftest.
      
      Link: https://github.com/multipath-tcp/mptcp_net-next/issues/368
      Fixes: 259a834f ("selftests: mptcp: functional tests for the userspace PM type")
      Cc: stable@vger.kernel.org
      Acked-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      966c6c3a
    • Matthieu Baerts's avatar
      selftests: mptcp: userspace_pm: use correct server port · d8566d0e
      Matthieu Baerts authored
      "server4_port" variable is not set but "app4_port" is the server port in
      v4 and the correct variable name to use.
      
      The port is optional so there was no visible impact.
      
      Link: https://github.com/multipath-tcp/mptcp_net-next/issues/368
      Fixes: ca188a25 ("selftests: mptcp: userspace PM support for MP_PRIO signals")
      Cc: stable@vger.kernel.org
      Acked-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d8566d0e
    • Matthieu Baerts's avatar
      selftests: mptcp: sockopt: return error if wrong mark · 9ac4c28e
      Matthieu Baerts authored
      When an error was detected when checking the marks, a message was
      correctly printed mentioning the error but followed by another one
      saying everything was OK and the selftest was not marked as failed as
      expected.
      
      Now the 'ret' variable is directly set to 1 in order to make sure the
      exit is done with an error, similar to what is done in other functions.
      While at it, the error is correctly propagated to the caller.
      
      Link: https://github.com/multipath-tcp/mptcp_net-next/issues/368
      Fixes: dc65fe82 ("selftests: mptcp: add packet mark test case")
      Cc: stable@vger.kernel.org
      Acked-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9ac4c28e
    • Matthieu Baerts's avatar
      selftests: mptcp: sockopt: use 'iptables-legacy' if available · a5a5990c
      Matthieu Baerts authored
      IPTables commands using 'iptables-nft' fail on old kernels, at least
      on v5.15 because it doesn't see the default IPTables chains:
      
        $ iptables -L
        iptables/1.8.2 Failed to initialize nft: Protocol not supported
      
      As a first step before switching to NFTables, we can use iptables-legacy
      if available.
      
      Link: https://github.com/multipath-tcp/mptcp_net-next/issues/368
      Fixes: dc65fe82 ("selftests: mptcp: add packet mark test case")
      Cc: stable@vger.kernel.org
      Acked-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a5a5990c
    • Matthieu Baerts's avatar
      selftests: mptcp: connect: fail if nft supposed to work · 221e4550
      Matthieu Baerts authored
      In case of "external" errors when preparing the environment for the
      TProxy tests, the subtests were marked as skipped.
      
      This is fine but it means these errors are ignored. On MPTCP Public CI,
      we do want to catch such issues and mark the selftest as failed if there
      are such issues. We can then use mptcp_lib_fail_if_expected_feature()
      helper that has been recently added to fail if needed.
      
      Link: https://github.com/multipath-tcp/mptcp_net-next/issues/368
      Fixes: 5fb62e9c ("selftests: mptcp: add tproxy test case")
      Cc: stable@vger.kernel.org
      Acked-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      221e4550
    • Paolo Abeni's avatar
      mptcp: do not rely on implicit state check in mptcp_listen() · 0226436a
      Paolo Abeni authored
      Since the blamed commit, closing the first subflow resets the first
      subflow socket state to SS_UNCONNECTED.
      
      The current mptcp listen implementation relies only on such
      state to prevent touching not-fully-disconnected sockets.
      
      Incoming mptcp fastclose (or paired endpoint removal) unconditionally
      closes the first subflow.
      
      All the above allows an incoming fastclose followed by a listen() call
      to successfully race with a blocking recvmsg(), potentially causing the
      latter to hit a divide by zero bug in cleanup_rbuf/__tcp_select_window().
      
      Address the issue explicitly checking the msk socket state in
      mptcp_listen(). An alternative solution would be moving the first
      subflow socket state update into mptcp_disconnect(), but in the long
      term the first subflow socket should be removed: better avoid relaying
      on it for internal consistency check.
      
      Fixes: b29fcfb5 ("mptcp: full disconnect implementation")
      Cc: stable@vger.kernel.org
      Reported-by: default avatarChristoph Paasch <cpaasch@apple.com>
      Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/414Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Reviewed-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0226436a
    • Paolo Abeni's avatar
      mptcp: ensure subflow is unhashed before cleaning the backlog · 3fffa15b
      Paolo Abeni authored
      While tacking care of the mptcp-level listener I unintentionally
      moved the subflow level unhash after the subflow listener backlog
      cleanup.
      
      That could cause some nasty race and makes the code harder to read.
      
      Address the issue restoring the proper order of operations.
      
      Fixes: 57fc0f1c ("mptcp: ensure listener is unhashed before updating the sk status")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Reviewed-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3fffa15b
    • Thorsten Winkler's avatar
      s390/qeth: Fix vipa deletion · 80de809b
      Thorsten Winkler authored
      Change boolean parameter of function "qeth_l3_vipa_store" inside the
      "qeth_l3_dev_vipa_del4_store" function from "true" to "false" because
      "true" is used for adding a virtual ip address and "false" for deleting.
      
      Fixes: 2390166a ("s390/qeth: clean up L3 sysfs code")
      Reviewed-by: default avatarAlexandra Winter <wintera@linux.ibm.com>
      Reviewed-by: default avatarWenjia Zhang <wenjia@linux.ibm.com>
      Signed-off-by: default avatarThorsten Winkler <twinkler@linux.ibm.com>
      Signed-off-by: default avatarAlexandra Winter <wintera@linux.ibm.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      80de809b
  4. 04 Jul, 2023 11 commits
    • Linus Torvalds's avatar
      Revert ".gitignore: ignore *.cover and *.mbx" · d5280145
      Linus Torvalds authored
      This reverts commit 534066a9.
      
      It's actively detrimental in that it hides files that shouldn't be
      hidden.
      
      If I have some b4 mbx file in my git directory, it either was already
      applied with "git am" and is now stale, or maybe it's waiting for that
      to happen.  In neither case is "ignore it" the right option.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d5280145
    • Linus Torvalds's avatar
      Merge tag 'core_guards_for_6.5_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue · 04f2933d
      Linus Torvalds authored
      Pull scope-based resource management infrastructure from Peter Zijlstra:
       "These are the first few patches in the Scope-based Resource Management
        series that introduce the infrastructure but not any conversions as of
        yet.
      
        Adding the infrastructure now allows multiple people to start using
        them.
      
        Of note is that Sparse will need some work since it doesn't yet
        understand this attribute and might have decl-after-stmt issues"
      
      * tag 'core_guards_for_6.5_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue:
        kbuild: Drop -Wdeclaration-after-statement
        locking: Introduce __cleanup() based infrastructure
        apparmor: Free up __cleanup() name
        dmaengine: ioat: Free up __cleanup() name
      04f2933d
    • David Howells's avatar
      afs: Fix accidental truncation when storing data · 03275585
      David Howells authored
      When an AFS FS.StoreData RPC call is made, amongst other things it is
      given the resultant file size to be.  On the server, this is processed
      by truncating the file to new size and then writing the data.
      
      Now, kafs has a lock (vnode->io_lock) that serves to serialise
      operations against a specific vnode (ie.  inode), but the parameters for
      the op are set before the lock is taken.  This allows two writebacks
      (say sync and kswapd) to race - and if writes are ongoing the writeback
      for a later write could occur before the writeback for an earlier one if
      the latter gets interrupted.
      
      Note that afs_writepages() cannot take i_mutex and only takes a shared
      lock on vnode->validate_lock.
      
      Also note that the server does the truncation and the write inside a
      lock, so there's no problem at that end.
      
      Fix this by moving the calculation for the proposed new i_size inside
      the vnode->io_lock.  Also reset the iterator (which we might have read
      from) and update the mtime setting there.
      
      Fixes: bd80d8a8 ("afs: Use ITER_XARRAY for writing")
      Reported-by: default avatarMarc Dionne <marc.dionne@auristor.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarJeffrey Altman <jaltman@auristor.com>
      Reviewed-by: default avatarMarc Dionne <marc.dionne@auristor.com>
      cc: linux-afs@lists.infradead.org
      cc: linux-fsdevel@vger.kernel.org
      Link: https://lore.kernel.org/r/3526895.1687960024@warthog.procyon.org.uk/Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      03275585
    • Hariprasad Kelam's avatar
      octeontx-af: fix hardware timestamp configuration · 14bb236b
      Hariprasad Kelam authored
      MAC block on CN10K (RPM) supports hardware timestamp configuration. The
      previous patch which added timestamp configuration support has a bug.
      Though the netdev driver requests to disable timestamp configuration,
      the driver is always enabling it.
      
      This patch fixes the same.
      
      Fixes: d1489208 ("octeontx2-af: cn10k: RPM hardware timestamp configuration")
      Signed-off-by: default avatarHariprasad Kelam <hkelam@marvell.com>
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      14bb236b
    • Linus Torvalds's avatar
      Merge tag 'ovl-update-6.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs · 538140ca
      Linus Torvalds authored
      Pull more overlayfs updates from Amir Goldstein:
       "This is a small 'move code around' followup by Christian to his work
        on porting overlayfs to the new mount api for 6.5. It makes things a
        bit cleaner and simpler for the next development cycle when I hand
        overlayfs back over to Miklos"
      
      * tag 'ovl-update-6.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs:
        ovl: move all parameter handling into params.{c,h}
      538140ca
    • Linus Torvalds's avatar
      Merge tag 'gfs2-v6.4-rc5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 · 94c76955
      Linus Torvalds authored
      Pull gfs2 updates from Andreas Gruenbacher:
      
       - Move the freeze/thaw logic from glock callback context to process /
         worker thread context to prevent deadlocks
      
       - Fix a quota reference couting bug in do_qc()
      
       - Carry on deallocating inodes even when gfs2_rindex_update() fails
      
       - Retry filesystem-internal reads when they are interruped by a signal
      
       - Eliminate kmap_atomic() in favor of kmap_local_page() /
         memcpy_{from,to}_page()
      
       - Get rid of noop_direct_IO
      
       - And a few more minor fixes and cleanups
      
      * tag 'gfs2-v6.4-rc5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: (23 commits)
        gfs2: Add quota_change type
        gfs2: Use memcpy_{from,to}_page where appropriate
        gfs2: Convert remaining kmap_atomic calls to kmap_local_page
        gfs2: Replace deprecated kmap_atomic with kmap_local_page
        gfs: Get rid of unnucessary locking in inode_go_dump
        gfs2: gfs2_freeze_lock_shared cleanup
        gfs2: Replace sd_freeze_state with SDF_FROZEN flag
        gfs2: Rework freeze / thaw logic
        gfs2: Rename SDF_{FS_FROZEN => FREEZE_INITIATOR}
        gfs2: Reconfiguring frozen filesystem already rejected
        gfs2: Rename gfs2_freeze_lock{ => _shared }
        gfs2: Rename the {freeze,thaw}_super callbacks
        gfs2: Rename remaining "transaction" glock references
        gfs2: retry interrupted internal reads
        gfs2: Fix possible data races in gfs2_show_options()
        gfs2: Fix duplicate should_fault_in_pages() call
        gfs2: set FMODE_CAN_ODIRECT instead of a dummy direct_IO method
        gfs2: Don't remember delete unless it's successful
        gfs2: Update rl_unlinked before releasing rgrp lock
        gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold
        ...
      94c76955
    • David S. Miller's avatar
      Merge branch 'dsa-ll-fixes' · 95c41842
      David S. Miller authored
      Vladimir Oltean says:
      
      ====================
      dsa: Fix mangled link-local MAC DAs with SJA1105 DSA
      
      The SJA1105 hardware tagging protocol is weird and will put DSA
      information (source port, switch ID) in the MAC DA of the packets sent
      to the CPU, and then send some additional (meta) packets which contain
      the original bytes from the previous packet's MAC DA.
      
      The tagging protocol driver contains logic to handle this, but the meta
      frames are optional functionality, and there are configurations when
      they aren't received (no PTP RX timestamping). Thus, the MAC DA from
      packets sent to the stack is not correct in all cases.
      
      Also, during testing it was found that the MAC DA patching procedure was
      incorrect.
      
      The investigation comes as a result of this discussion with Paolo:
      https://lore.kernel.org/netdev/f494387c8d55d9b1d5a3e88beedeeb448f2e6cc3.camel@redhat.com/
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      95c41842
    • Vladimir Oltean's avatar
      net: dsa: sja1105: always enable the send_meta options · a372d66a
      Vladimir Oltean authored
      incl_srcpt has the limitation, mentioned in commit b4638af8 ("net:
      dsa: sja1105: always enable the INCL_SRCPT option"), that frames with a
      MAC DA of 01:80:c2:xx:yy:zz will be received as 01:80:c2:00:00:zz unless
      PTP RX timestamping is enabled.
      
      The incl_srcpt option was initially unconditionally enabled, then that
      changed with commit 42824463 ("net: dsa: sja1105: Limit use of
      incl_srcpt to bridge+vlan mode"), then again with b4638af8 ("net:
      dsa: sja1105: always enable the INCL_SRCPT option"). Bottom line is that
      it now needs to be always enabled, otherwise the driver does not have a
      reliable source of information regarding source_port and switch_id for
      link-local traffic (tag_8021q VLANs may be imprecise since now they
      identify an entire bridging domain when ports are not standalone).
      
      If we accept that PTP RX timestamping (and therefore, meta frame
      generation) is always enabled in hardware, then that limitation could be
      avoided and packets with any MAC DA can be properly received, because
      meta frames do contain the original bytes from the MAC DA of their
      associated link-local packet.
      
      This change enables meta frame generation unconditionally, which also
      has the nice side effects of simplifying the switch control path
      (a switch reset is no longer required on hwtstamping settings change)
      and the tagger data path (it no longer needs to be informed whether to
      expect meta frames or not - it always does).
      
      Fixes: 227d07a0 ("net: dsa: sja1105: Add support for traffic through standalone ports")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Reviewed-by: default avatarFlorian Fainelli <florian.fainelli@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a372d66a
    • Vladimir Oltean's avatar
      net: dsa: tag_sja1105: fix MAC DA patching from meta frames · 1dcf6efd
      Vladimir Oltean authored
      The SJA1105 manual says that at offset 4 into the meta frame payload we
      have "MAC destination byte 2" and at offset 5 we have "MAC destination
      byte 1". These are counted from the LSB, so byte 1 is h_dest[ETH_HLEN-2]
      aka h_dest[4] and byte 2 is h_dest[ETH_HLEN-3] aka h_dest[3].
      
      The sja1105_meta_unpack() function decodes these the other way around,
      so a frame with MAC DA 01:80:c2:11:22:33 is received by the network
      stack as having 01:80:c2:22:11:33.
      
      Fixes: e53e18a6 ("net: dsa: sja1105: Receive and decode meta frames")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Reviewed-by: default avatarFlorian Fainelli <florian.fainelli@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1dcf6efd
    • Azeem Shaikh's avatar
      net: Replace strlcpy with strscpy · ba7bdec3
      Azeem Shaikh authored
      strlcpy() reads the entire source buffer first.
      This read may exceed the destination size limit.
      This is both inefficient and can lead to linear read
      overflows if a source string is not NUL-terminated [1].
      In an effort to remove strlcpy() completely [2], replace
      strlcpy() here with strscpy().
      No return values were used, so direct replacement is safe.
      
      [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strlcpy
      [2] https://github.com/KSPP/linux/issues/89Signed-off-by: default avatarAzeem Shaikh <azeemshaikh38@gmail.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ba7bdec3
    • Guillaume Nault's avatar
      pptp: Fix fib lookup calls. · 84bef5b6
      Guillaume Nault authored
      PPTP uses pppox sockets (struct pppox_sock). These sockets don't embed
      an inet_sock structure, so it's invalid to call inet_sk() on them.
      
      Therefore, the ip_route_output_ports() call in pptp_connect() has two
      problems:
      
        * The tos variable is set with RT_CONN_FLAGS(sk), which calls
          inet_sk() on the pppox socket.
      
        * ip_route_output_ports() tries to retrieve routing flags using
          inet_sk_flowi_flags(), which is also going to call inet_sk() on the
          pppox socket.
      
      While PPTP doesn't use inet sockets, it's actually really layered on
      top of IP and therefore needs a proper way to do fib lookups. So let's
      define pptp_route_output() to get a struct rtable from a pptp socket.
      Let's also replace the ip_route_output_ports() call of pptp_xmit() for
      consistency.
      
      In practice, this means that:
      
        * pptp_connect() sets ->flowi4_tos and ->flowi4_flags to zero instead
          of using bits of unrelated struct pppox_sock fields.
      
        * pptp_xmit() now respects ->sk_mark and ->sk_uid.
      
        * pptp_xmit() now calls the security_sk_classify_flow() security
          hook, thus allowing to set ->flowic_secid.
      
        * pptp_xmit() now passes the pppox socket to xfrm_lookup_route().
      
      Found by code inspection.
      
      Fixes: 00959ade ("PPTP: PPP over IPv4 (Point-to-Point Tunneling Protocol)")
      Signed-off-by: default avatarGuillaume Nault <gnault@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      84bef5b6