1. 11 Feb, 2023 7 commits
  2. 10 Feb, 2023 24 commits
  3. 09 Feb, 2023 9 commits
    • Jakub Kicinski's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 8697a258
      Jakub Kicinski authored
      net/devlink/leftover.c / net/core/devlink.c:
        565b4824 ("devlink: change port event netdev notifier from per-net to global")
        f05bd8eb ("devlink: move code to a dedicated directory")
        687125b5 ("devlink: split out core code")
      https://lore.kernel.org/all/20230208094657.379f2b1a@canb.auug.org.au/Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      8697a258
    • Eric Dumazet's avatar
      net: enable usercopy for skb_small_head_cache · 0b34d680
      Eric Dumazet authored
      syzbot and other bots reported that we have to enable
      user copy to/from skb->head. [1]
      
      We can prevent access to skb_shared_info, which is a nice
      improvement over standard kmem_cache.
      
      Layout of these kmem_cache objects is:
      
      < SKB_SMALL_HEAD_HEADROOM >< struct skb_shared_info >
      
      usercopy: Kernel memory overwrite attempt detected to SLUB object 'skbuff_small_head' (offset 32, size 20)!
      ------------[ cut here ]------------
      kernel BUG at mm/usercopy.c:102 !
      invalid opcode: 0000 [#1] PREEMPT SMP KASAN
      CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.2.0-rc6-syzkaller-01425-gcb6b2e11 #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
      RIP: 0010:usercopy_abort+0xbd/0xbf mm/usercopy.c:102
      Code: e8 ee ad ba f7 49 89 d9 4d 89 e8 4c 89 e1 41 56 48 89 ee 48 c7 c7 20 2b 5b 8a ff 74 24 08 41 57 48 8b 54 24 20 e8 7a 17 fe ff <0f> 0b e8 c2 ad ba f7 e8 7d fb 08 f8 48 8b 0c 24 49 89 d8 44 89 ea
      RSP: 0000:ffffc90000067a48 EFLAGS: 00010286
      RAX: 000000000000006b RBX: ffffffff8b5b6ea0 RCX: 0000000000000000
      RDX: ffff8881401c0000 RSI: ffffffff8166195c RDI: fffff5200000cf3b
      RBP: ffffffff8a5b2a60 R08: 000000000000006b R09: 0000000000000000
      R10: 0000000080000000 R11: 0000000000000000 R12: ffffffff8bf2a925
      R13: ffffffff8a5b29a0 R14: 0000000000000014 R15: ffffffff8a5b2960
      FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
      CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000000000 CR3: 000000000c48e000 CR4: 00000000003506e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
      <TASK>
      __check_heap_object+0xdd/0x110 mm/slub.c:4761
      check_heap_object mm/usercopy.c:196 [inline]
      __check_object_size mm/usercopy.c:251 [inline]
      __check_object_size+0x1da/0x5a0 mm/usercopy.c:213
      check_object_size include/linux/thread_info.h:199 [inline]
      check_copy_size include/linux/thread_info.h:235 [inline]
      copy_from_iter include/linux/uio.h:186 [inline]
      copy_from_iter_full include/linux/uio.h:194 [inline]
      memcpy_from_msg include/linux/skbuff.h:3977 [inline]
      qrtr_sendmsg+0x65f/0x970 net/qrtr/af_qrtr.c:965
      sock_sendmsg_nosec net/socket.c:722 [inline]
      sock_sendmsg+0xde/0x190 net/socket.c:745
      say_hello+0xf6/0x170 net/qrtr/ns.c:325
      qrtr_ns_init+0x220/0x2b0 net/qrtr/ns.c:804
      qrtr_proto_init+0x59/0x95 net/qrtr/af_qrtr.c:1296
      do_one_initcall+0x141/0x790 init/main.c:1306
      do_initcall_level init/main.c:1379 [inline]
      do_initcalls init/main.c:1395 [inline]
      do_basic_setup init/main.c:1414 [inline]
      kernel_init_freeable+0x6f9/0x782 init/main.c:1634
      kernel_init+0x1e/0x1d0 init/main.c:1522
      ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
      </TASK>
      
      Fixes: bf9f1baa ("net: add dedicated kmem_cache for typical/small skb->head")
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarSoheil Hassas Yeganeh <soheil@google.com>
      Tested-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Reported-by: default avatarLinux Kernel Functional Testing <lkft@linaro.org>
      Tested-by: default avatarLinux Kernel Functional Testing <lkft@linaro.org>
      Link: https://lore.kernel.org/linux-next/CA+G9fYs-i-c2KTSA7Ai4ES_ZESY1ZnM=Zuo8P1jN00oed6KHMA@mail.gmail.com
      Link: https://lore.kernel.org/r/20230208142508.3278406-1-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      0b34d680
    • Linus Torvalds's avatar
      Merge tag 'net-6.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 35674e78
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Including fixes from can and ipsec subtrees.
      
        Current release - regressions:
      
         - sched: fix off by one in htb_activate_prios()
      
         - eth: mana: fix accessing freed irq affinity_hint
      
         - eth: ice: fix out-of-bounds KASAN warning in virtchnl
      
        Current release - new code bugs:
      
         - eth: mtk_eth_soc: enable special tag when any MAC uses DSA
      
        Previous releases - always broken:
      
         - core: fix sk->sk_txrehash default
      
         - neigh: make sure used and confirmed times are valid
      
         - mptcp: be careful on subflow status propagation on errors
      
         - xfrm: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
      
         - phylink: move phy_device_free() to correctly release phy device
      
         - eth: mlx5:
            - fix crash unsetting rx-vlan-filter in switchdev mode
            - fix hang on firmware reset
            - serialize module cleanup with reload and remove"
      
      * tag 'net-6.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (57 commits)
        selftests: forwarding: lib: quote the sysctl values
        net: mscc: ocelot: fix all IPv6 getting trapped to CPU when PTP timestamping is used
        rds: rds_rm_zerocopy_callback() use list_first_entry()
        net: txgbe: Update support email address
        selftests: Fix failing VXLAN VNI filtering test
        selftests: mptcp: stop tests earlier
        selftests: mptcp: allow more slack for slow test-case
        mptcp: be careful on subflow status propagation on errors
        mptcp: fix locking for in-kernel listener creation
        mptcp: fix locking for setsockopt corner-case
        mptcp: do not wait for bare sockets' timeout
        net: ethernet: mtk_eth_soc: fix DSA TX tag hwaccel for switch port 0
        nfp: ethtool: fix the bug of setting unsupported port speed
        txhash: fix sk->sk_txrehash default
        net: ethernet: mtk_eth_soc: fix wrong parameters order in __xdp_rxq_info_reg()
        net: ethernet: mtk_eth_soc: enable special tag when any MAC uses DSA
        net: sched: sch: Fix off by one in htb_activate_prios()
        igc: Add ndo_tx_timeout support
        net: mana: Fix accessing freed irq affinity_hint
        hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC
        ...
      35674e78
    • Linus Torvalds's avatar
      Merge tag 'for-linus-2023020901' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid · 0b028189
      Linus Torvalds authored
      Pull HID fixes from Benjamin Tissoires:
      
       - fix potential infinite loop with a badly crafted HID device (Xin
         Zhao)
      
       - fix regression from 6.1 in USB logitech devices potentially making
         their mouse wheel not working (Bastien Nocera)
      
       - clean up in AMD sensors, which fixes a long time resume bug (Mario
         Limonciello)
      
       - few device small fixes and quirks
      
      * tag 'for-linus-2023020901' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
        HID: Ignore battery for ELAN touchscreen 29DF on HP
        HID: amd_sfh: if no sensors are enabled, clean up
        HID: logitech: Disable hi-res scrolling on USB
        HID: core: Fix deadloop in hid_apply_multiplier.
        HID: Ignore battery for Elan touchscreen on Asus TP420IA
        HID: elecom: add support for TrackBall 056E:011C
      0b028189
    • Linus Torvalds's avatar
      Merge tag '6.2-rc8-smb3-client-fix' of git://git.samba.org/sfrench/cifs-2.6 · 94a1f56d
      Linus Torvalds authored
      Pull cifx fix from Steve French:
       "Small fix for use after free"
      
      * tag '6.2-rc8-smb3-client-fix' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: Fix use-after-free in rdata->read_into_pages()
      94a1f56d
    • Hangbin Liu's avatar
      selftests: forwarding: lib: quote the sysctl values · 3a082086
      Hangbin Liu authored
      When set/restore sysctl value, we should quote the value as some keys
      may have multi values, e.g. net.ipv4.ping_group_range
      
      Fixes: f5ae5778 ("selftests: forwarding: lib: Add sysctl_set(), sysctl_restore()")
      Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Reviewed-by: default avatarPetr Machata <petrm@nvidia.com>
      Link: https://lore.kernel.org/r/20230208032110.879205-1-liuhangbin@gmail.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      3a082086
    • Vladimir Oltean's avatar
      net: mscc: ocelot: fix all IPv6 getting trapped to CPU when PTP timestamping is used · 2fcde9fe
      Vladimir Oltean authored
      While running this selftest which usually passes:
      
      ~/selftests/drivers/net/dsa# ./local_termination.sh eno0 swp0
      TEST: swp0: Unicast IPv4 to primary MAC address                     [ OK ]
      TEST: swp0: Unicast IPv4 to macvlan MAC address                     [ OK ]
      TEST: swp0: Unicast IPv4 to unknown MAC address                     [ OK ]
      TEST: swp0: Unicast IPv4 to unknown MAC address, promisc            [ OK ]
      TEST: swp0: Unicast IPv4 to unknown MAC address, allmulti           [ OK ]
      TEST: swp0: Multicast IPv4 to joined group                          [ OK ]
      TEST: swp0: Multicast IPv4 to unknown group                         [ OK ]
      TEST: swp0: Multicast IPv4 to unknown group, promisc                [ OK ]
      TEST: swp0: Multicast IPv4 to unknown group, allmulti               [ OK ]
      TEST: swp0: Multicast IPv6 to joined group                          [ OK ]
      TEST: swp0: Multicast IPv6 to unknown group                         [ OK ]
      TEST: swp0: Multicast IPv6 to unknown group, promisc                [ OK ]
      TEST: swp0: Multicast IPv6 to unknown group, allmulti               [ OK ]
      
      if I start PTP timestamping then run it again (debug prints added by me),
      the unknown IPv6 MC traffic is seen by the CPU port even when it should
      have been dropped:
      
      ~/selftests/drivers/net/dsa# ptp4l -i swp0 -2 -P -m
      ptp4l[225.410]: selected /dev/ptp1 as PTP clock
      [  225.445746] mscc_felix 0000:00:00.5: ocelot_l2_ptp_trap_add: port 0 adding L2 PTP trap
      [  225.453815] mscc_felix 0000:00:00.5: ocelot_ipv4_ptp_trap_add: port 0 adding IPv4 PTP event trap
      [  225.462703] mscc_felix 0000:00:00.5: ocelot_ipv4_ptp_trap_add: port 0 adding IPv4 PTP general trap
      [  225.471768] mscc_felix 0000:00:00.5: ocelot_ipv6_ptp_trap_add: port 0 adding IPv6 PTP event trap
      [  225.480651] mscc_felix 0000:00:00.5: ocelot_ipv6_ptp_trap_add: port 0 adding IPv6 PTP general trap
      ptp4l[225.488]: port 1: INITIALIZING to LISTENING on INIT_COMPLETE
      ptp4l[225.488]: port 0: INITIALIZING to LISTENING on INIT_COMPLETE
      ^C
      ~/selftests/drivers/net/dsa# ./local_termination.sh eno0 swp0
      TEST: swp0: Unicast IPv4 to primary MAC address                     [ OK ]
      TEST: swp0: Unicast IPv4 to macvlan MAC address                     [ OK ]
      TEST: swp0: Unicast IPv4 to unknown MAC address                     [ OK ]
      TEST: swp0: Unicast IPv4 to unknown MAC address, promisc            [ OK ]
      TEST: swp0: Unicast IPv4 to unknown MAC address, allmulti           [ OK ]
      TEST: swp0: Multicast IPv4 to joined group                          [ OK ]
      TEST: swp0: Multicast IPv4 to unknown group                         [ OK ]
      TEST: swp0: Multicast IPv4 to unknown group, promisc                [ OK ]
      TEST: swp0: Multicast IPv4 to unknown group, allmulti               [ OK ]
      TEST: swp0: Multicast IPv6 to joined group                          [ OK ]
      TEST: swp0: Multicast IPv6 to unknown group                         [FAIL]
              reception succeeded, but should have failed
      TEST: swp0: Multicast IPv6 to unknown group, promisc                [ OK ]
      TEST: swp0: Multicast IPv6 to unknown group, allmulti               [ OK ]
      
      The PGID_MCIPV6 is configured correctly to not flood to the CPU,
      I checked that.
      
      Furthermore, when I disable back PTP RX timestamping (ptp4l doesn't do
      that when it exists), packets are RX filtered again as they should be:
      
      ~/selftests/drivers/net/dsa# hwstamp_ctl -i swp0 -r 0
      [  218.202854] mscc_felix 0000:00:00.5: ocelot_l2_ptp_trap_del: port 0 removing L2 PTP trap
      [  218.212656] mscc_felix 0000:00:00.5: ocelot_ipv4_ptp_trap_del: port 0 removing IPv4 PTP event trap
      [  218.222975] mscc_felix 0000:00:00.5: ocelot_ipv4_ptp_trap_del: port 0 removing IPv4 PTP general trap
      [  218.233133] mscc_felix 0000:00:00.5: ocelot_ipv6_ptp_trap_del: port 0 removing IPv6 PTP event trap
      [  218.242251] mscc_felix 0000:00:00.5: ocelot_ipv6_ptp_trap_del: port 0 removing IPv6 PTP general trap
      current settings:
      tx_type 1
      rx_filter 12
      new settings:
      tx_type 1
      rx_filter 0
      ~/selftests/drivers/net/dsa# ./local_termination.sh eno0 swp0
      TEST: swp0: Unicast IPv4 to primary MAC address                     [ OK ]
      TEST: swp0: Unicast IPv4 to macvlan MAC address                     [ OK ]
      TEST: swp0: Unicast IPv4 to unknown MAC address                     [ OK ]
      TEST: swp0: Unicast IPv4 to unknown MAC address, promisc            [ OK ]
      TEST: swp0: Unicast IPv4 to unknown MAC address, allmulti           [ OK ]
      TEST: swp0: Multicast IPv4 to joined group                          [ OK ]
      TEST: swp0: Multicast IPv4 to unknown group                         [ OK ]
      TEST: swp0: Multicast IPv4 to unknown group, promisc                [ OK ]
      TEST: swp0: Multicast IPv4 to unknown group, allmulti               [ OK ]
      TEST: swp0: Multicast IPv6 to joined group                          [ OK ]
      TEST: swp0: Multicast IPv6 to unknown group                         [ OK ]
      TEST: swp0: Multicast IPv6 to unknown group, promisc                [ OK ]
      TEST: swp0: Multicast IPv6 to unknown group, allmulti               [ OK ]
      
      So it's clear that something in the PTP RX trapping logic went wrong.
      
      Looking a bit at the code, I can see that there are 4 typos, which
      populate "ipv4" VCAP IS2 key filter fields for IPv6 keys.
      
      VCAP IS2 keys of type OCELOT_VCAP_KEY_IPV4 and OCELOT_VCAP_KEY_IPV6 are
      handled by is2_entry_set(). OCELOT_VCAP_KEY_IPV4 looks at
      &filter->key.ipv4, and OCELOT_VCAP_KEY_IPV6 at &filter->key.ipv6.
      Simply put, when we populate the wrong key field, &filter->key.ipv6
      fields "proto.mask" and "proto.value" remain all zeroes (or "don't care").
      So is2_entry_set() will enter the "else" of this "if" condition:
      
      	if (msk == 0xff && (val == IPPROTO_TCP || val == IPPROTO_UDP))
      
      and proceed to ignore the "proto" field. The resulting rule will match
      on all IPv6 traffic, trapping it to the CPU.
      
      This is the reason why the local_termination.sh selftest sees it,
      because control traps are stronger than the PGID_MCIPV6 used for
      flooding (from the forwarding data path).
      
      But the problem is in fact much deeper. We trap all IPv6 traffic to the
      CPU, but if we're bridged, we set skb->offload_fwd_mark = 1, so software
      forwarding will not take place and IPv6 traffic will never reach its
      destination.
      
      The fix is simple - correct the typos.
      
      I was intentionally inaccurate in the commit message about the breakage
      occurring when any PTP timestamping is enabled. In fact it only happens
      when L4 timestamping is requested (HWTSTAMP_FILTER_PTP_V2_EVENT or
      HWTSTAMP_FILTER_PTP_V2_L4_EVENT). But ptp4l requests a larger RX
      timestamping filter than it needs for "-2": HWTSTAMP_FILTER_PTP_V2_EVENT.
      I wanted people skimming through git logs to not think that the bug
      doesn't affect them because they only use ptp4l in L2 mode.
      
      Fixes: 96ca08c0 ("net: mscc: ocelot: set up traps for PTP packets")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Link: https://lore.kernel.org/r/20230207183117.1745754-1-vladimir.oltean@nxp.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      2fcde9fe
    • Pietro Borrello's avatar
      rds: rds_rm_zerocopy_callback() use list_first_entry() · f753a689
      Pietro Borrello authored
      rds_rm_zerocopy_callback() uses list_entry() on the head of a list
      causing a type confusion.
      Use list_first_entry() to actually access the first element of the
      rs_zcookie_queue list.
      
      Fixes: 9426bbc6 ("rds: use list structure to track information for zerocopy completion notification")
      Reviewed-by: default avatarWillem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarPietro Borrello <borrello@diag.uniroma1.it>
      Link: https://lore.kernel.org/r/20230202-rds-zerocopy-v3-1-83b0df974f9a@diag.uniroma1.itSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      f753a689
    • Jakub Kicinski's avatar
      Merge tag 'ipsec-2023-02-08' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec · 646be03e
      Jakub Kicinski authored
      Steffen Klassert says:
      
      ====================
      ipsec 2023-02-08
      
      1) Fix policy checks for nested IPsec tunnels when using
         xfrm interfaces. From Benedict Wong.
      
      2) Fix netlink message expression on 32=>64-bit
         messages translators. From Anastasia Belova.
      
      3) Prevent potential spectre v1 gadget in xfrm_xlate32_attr.
         From Eric Dumazet.
      
      4) Always consistently use time64_t in xfrm_timer_handler.
         From Eric Dumazet.
      
      5) Fix KCSAN reported bug: Multiple cpus can update use_time
         at the same time. From Eric Dumazet.
      
      6) Fix SCP copy from IPv4 to IPv6 on interfamily tunnel.
         From Christian Hopps.
      
      * tag 'ipsec-2023-02-08' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec:
        xfrm: fix bug with DSCP copy to v6 from v4 tunnel
        xfrm: annotate data-race around use_time
        xfrm: consistently use time64_t in xfrm_timer_handler()
        xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
        xfrm: compat: change expression for switch in xfrm_xlate64
        Fix XFRM-I support for nested ESP tunnels
      ====================
      
      Link: https://lore.kernel.org/r/20230208114322.266510-1-steffen.klassert@secunet.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      646be03e