1. 10 Nov, 2023 9 commits
    • Andrii Nakryiko's avatar
      selftests/bpf: add more test cases for check_cfg() · e2e57d63
      Andrii Nakryiko authored
      Add a few more simple cases to validate proper privileged vs unprivileged
      loop detection behavior. conditional_loop2 is the one reported by Hao
      Sun that triggered this set of fixes.
      Acked-by: default avatarEduard Zingerman <eddyz87@gmail.com>
      Suggested-by: default avatarHao Sun <sunhao.th@gmail.com>
      Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
      Link: https://lore.kernel.org/r/20231110061412.2995786-2-andrii@kernel.orgSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      e2e57d63
    • Andrii Nakryiko's avatar
      bpf: fix control-flow graph checking in privileged mode · 10e14e96
      Andrii Nakryiko authored
      When BPF program is verified in privileged mode, BPF verifier allows
      bounded loops. This means that from CFG point of view there are
      definitely some back-edges. Original commit adjusted check_cfg() logic
      to not detect back-edges in control flow graph if they are resulting
      from conditional jumps, which the idea that subsequent full BPF
      verification process will determine whether such loops are bounded or
      not, and either accept or reject the BPF program. At least that's my
      reading of the intent.
      
      Unfortunately, the implementation of this idea doesn't work correctly in
      all possible situations. Conditional jump might not result in immediate
      back-edge, but just a few unconditional instructions later we can arrive
      at back-edge. In such situations check_cfg() would reject BPF program
      even in privileged mode, despite it might be bounded loop. Next patch
      adds one simple program demonstrating such scenario.
      
      To keep things simple, instead of trying to detect back edges in
      privileged mode, just assume every back edge is valid and let subsequent
      BPF verification prove or reject bounded loops.
      
      Note a few test changes. For unknown reason, we have a few tests that
      are specified to detect a back-edge in a privileged mode, but looking at
      their code it seems like the right outcome is passing check_cfg() and
      letting subsequent verification to make a decision about bounded or not
      bounded looping.
      
      Bounded recursion case is also interesting. The example should pass, as
      recursion is limited to just a few levels and so we never reach maximum
      number of nested frames and never exhaust maximum stack depth. But the
      way that max stack depth logic works today it falsely detects this as
      exceeding max nested frame count. This patch series doesn't attempt to
      fix this orthogonal problem, so we just adjust expected verifier failure.
      Suggested-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Fixes: 2589726d ("bpf: introduce bounded loops")
      Reported-by: default avatarHao Sun <sunhao.th@gmail.com>
      Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
      Link: https://lore.kernel.org/r/20231110061412.2995786-1-andrii@kernel.orgSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      10e14e96
    • Alexei Starovoitov's avatar
      Merge branch 'bpf-control-flow-graph-and-precision-backtrack-fixes' · 8c74b27f
      Alexei Starovoitov authored
      Andrii Nakryiko says:
      
      ====================
      BPF control flow graph and precision backtrack fixes
      
      A small fix to BPF verifier's CFG logic around handling and reporting ldimm64
      instructions. Patch #1 was previously submitted separately ([0]), and so this
      patch set supersedes that patch.
      
      Second patch is fixing obscure corner case in mark_chain_precise() logic. See
      patch for details. Patch #3 adds a dedicated test, however fragile it might.
      
        [0] https://patchwork.kernel.org/project/netdevbpf/patch/20231101205626.119243-1-andrii@kernel.org/
      ====================
      
      Link: https://lore.kernel.org/r/20231110002638.4168352-1-andrii@kernel.orgSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      8c74b27f
    • Andrii Nakryiko's avatar
      selftests/bpf: add edge case backtracking logic test · 62ccdb11
      Andrii Nakryiko authored
      Add a dedicated selftests to try to set up conditions to have a state
      with same first and last instruction index, but it actually is a loop
      3->4->1->2->3. This confuses mark_chain_precision() if verifier doesn't
      take into account jump history.
      Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
      Link: https://lore.kernel.org/r/20231110002638.4168352-4-andrii@kernel.orgSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      62ccdb11
    • Andrii Nakryiko's avatar
      bpf: fix precision backtracking instruction iteration · 4bb7ea94
      Andrii Nakryiko authored
      Fix an edge case in __mark_chain_precision() which prematurely stops
      backtracking instructions in a state if it happens that state's first
      and last instruction indexes are the same. This situations doesn't
      necessarily mean that there were no instructions simulated in a state,
      but rather that we starting from the instruction, jumped around a bit,
      and then ended up at the same instruction before checkpointing or
      marking precision.
      
      To distinguish between these two possible situations, we need to consult
      jump history. If it's empty or contain a single record "bridging" parent
      state and first instruction of processed state, then we indeed
      backtracked all instructions in this state. But if history is not empty,
      we are definitely not done yet.
      
      Move this logic inside get_prev_insn_idx() to contain it more nicely.
      Use -ENOENT return code to denote "we are out of instructions"
      situation.
      
      This bug was exposed by verifier_loop1.c's bounded_recursion subtest, once
      the next fix in this patch set is applied.
      Acked-by: default avatarEduard Zingerman <eddyz87@gmail.com>
      Fixes: b5dc0163 ("bpf: precise scalar_value tracking")
      Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
      Link: https://lore.kernel.org/r/20231110002638.4168352-3-andrii@kernel.orgSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      4bb7ea94
    • Andrii Nakryiko's avatar
      bpf: handle ldimm64 properly in check_cfg() · 3feb263b
      Andrii Nakryiko authored
      ldimm64 instructions are 16-byte long, and so have to be handled
      appropriately in check_cfg(), just like the rest of BPF verifier does.
      
      This has implications in three places:
        - when determining next instruction for non-jump instructions;
        - when determining next instruction for callback address ldimm64
          instructions (in visit_func_call_insn());
        - when checking for unreachable instructions, where second half of
          ldimm64 is expected to be unreachable;
      
      We take this also as an opportunity to report jump into the middle of
      ldimm64. And adjust few test_verifier tests accordingly.
      Acked-by: default avatarEduard Zingerman <eddyz87@gmail.com>
      Reported-by: default avatarHao Sun <sunhao.th@gmail.com>
      Fixes: 475fb78f ("bpf: verifier (add branch/goto checks)")
      Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
      Link: https://lore.kernel.org/r/20231110002638.4168352-2-andrii@kernel.orgSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      3feb263b
    • Anders Roxell's avatar
      selftests: bpf: xskxceiver: ksft_print_msg: fix format type error · fe69a1b1
      Anders Roxell authored
      Crossbuilding selftests/bpf for architecture arm64, format specifies
      type error show up like.
      
      xskxceiver.c:912:34: error: format specifies type 'int' but the argument
      has type '__u64' (aka 'unsigned long long') [-Werror,-Wformat]
       ksft_print_msg("[%s] expected meta_count [%d], got meta_count [%d]\n",
                                                                      ~~
                                                                      %llu
                      __func__, pkt->pkt_nb, meta->count);
                                             ^~~~~~~~~~~
      xskxceiver.c:929:55: error: format specifies type 'unsigned long long' but
       the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
       ksft_print_msg("Frag invalid addr: %llx len: %u\n", addr, len);
                                          ~~~~             ^~~~
      
      Fixing the issues by casting to (unsigned long long) and changing the
      specifiers to be %llu from %d and %u, since with u64s it might be %llx
      or %lx, depending on architecture.
      Signed-off-by: default avatarAnders Roxell <anders.roxell@linaro.org>
      Link: https://lore.kernel.org/r/20231109174328.1774571-1-anders.roxell@linaro.orgSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      fe69a1b1
    • Linus Torvalds's avatar
      Merge tag 'net-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 89cdf9d5
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from netfilter and bpf.
      
        Current release - regressions:
      
         - sched: fix SKB_NOT_DROPPED_YET splat under debug config
      
        Current release - new code bugs:
      
         - tcp:
             - fix usec timestamps with TCP fastopen
             - fix possible out-of-bounds reads in tcp_hash_fail()
             - fix SYN option room calculation for TCP-AO
      
         - tcp_sigpool: fix some off by one bugs
      
         - bpf: fix compilation error without CGROUPS
      
         - ptp:
             - ptp_read() should not release queue
             - fix tsevqs corruption
      
        Previous releases - regressions:
      
         - llc: verify mac len before reading mac header
      
        Previous releases - always broken:
      
         - bpf:
             - fix check_stack_write_fixed_off() to correctly spill imm
             - fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
             - check map->usercnt after timer->timer is assigned
      
         - dsa: lan9303: consequently nested-lock physical MDIO
      
         - dccp/tcp: call security_inet_conn_request() after setting IP addr
      
         - tg3: fix the TX ring stall due to incorrect full ring handling
      
         - phylink: initialize carrier state at creation
      
         - ice: fix direction of VF rules in switchdev mode
      
        Misc:
      
         - fill in a bunch of missing MODULE_DESCRIPTION()s, more to come"
      
      * tag 'net-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (84 commits)
        net: ti: icss-iep: fix setting counter value
        ptp: fix corrupted list in ptp_open
        ptp: ptp_read should not release queue
        net_sched: sch_fq: better validate TCA_FQ_WEIGHTS and TCA_FQ_PRIOMAP
        net: kcm: fill in MODULE_DESCRIPTION()
        net/sched: act_ct: Always fill offloading tuple iifidx
        netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
        netfilter: xt_recent: fix (increase) ipv6 literal buffer length
        ipvs: add missing module descriptions
        netfilter: nf_tables: remove catchall element in GC sync path
        netfilter: add missing module descriptions
        drivers/net/ppp: use standard array-copy-function
        net: enetc: shorten enetc_setup_xdp_prog() error message to fit NETLINK_MAX_FMTMSG_LEN
        virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt()
        r8169: respect userspace disabling IFF_MULTICAST
        selftests/bpf: get trusted cgrp from bpf_iter__cgroup directly
        bpf: Let verifier consider {task,cgroup} is trusted in bpf_iter_reg
        net: phylink: initialize carrier state at creation
        test/vsock: add dobule bind connect test
        test/vsock: refactor vsock_accept
        ...
      89cdf9d5
    • Linus Torvalds's avatar
      Merge tag 'v6.7-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 3b220413
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes a regression in ahash and hides the Kconfig sub-options for
        the jitter RNG"
      
      * tag 'v6.7-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: ahash - Set using_shash for cloned ahash wrapper over shash
        crypto: jitterentropy - Hide esoteric Kconfig options under FIPS and EXPERT
      3b220413
  2. 09 Nov, 2023 15 commits
    • Linus Torvalds's avatar
      Merge tag 'input-for-v6.7-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · a12deb44
      Linus Torvalds authored
      Pull input updates from Dmitry Torokhov:
      
       - a number of input drivers has been converted to use facilities
         provided by the device core to instantiate driver-specific attributes
         instead of using devm_device_add_group() and similar APIs
      
       - platform input devices have been converted to use remove() callback
         returning void
      
       - a fix for use-after-free when tearing down a Synaptics RMI device
      
       - a few flexible arrays in input structures have been annotated with
         __counted_by to help hardening efforts
      
       - handling of vddio supply in cyttsp5 driver
      
       - other miscellaneous fixups
      
      * tag 'input-for-v6.7-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (86 commits)
        Input: walkera0701 - use module_parport_driver macro to simplify the code
        Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
        dt-bindings: input: fsl,scu-key: Document wakeup-source
        Input: cyttsp5 - add handling for vddio regulator
        dt-bindings: input: cyttsp5: document vddio-supply
        Input: tegra-kbc - use device_get_match_data()
        Input: Annotate struct ff_device with __counted_by
        Input: axp20x-pek - avoid needless newline removal
        Input: mt - annotate struct input_mt with __counted_by
        Input: leds - annotate struct input_leds with __counted_by
        Input: evdev - annotate struct evdev_client with __counted_by
        Input: synaptics-rmi4 - replace deprecated strncpy
        Input: wm97xx-core - convert to platform remove callback returning void
        Input: wm831x-ts - convert to platform remove callback returning void
        Input: ti_am335x_tsc - convert to platform remove callback returning void
        Input: sun4i-ts - convert to platform remove callback returning void
        Input: stmpe-ts - convert to platform remove callback returning void
        Input: pcap_ts - convert to platform remove callback returning void
        Input: mc13783_ts - convert to platform remove callback returning void
        Input: mainstone-wm97xx - convert to platform remove callback returning void
        ...
      a12deb44
    • Linus Torvalds's avatar
      Merge tag 'for-6.7-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · ace92fd9
      Linus Torvalds authored
      Pull more i2c updates from Wolfram Sang:
       "This contains one patch which slipped through the cracks (iproc), a
        core sanitizing improvement as the new memdup_array_user() helper went
        upstream (i2c-dev), and two driver bugfixes (designware, cp2615)"
      
      * tag 'for-6.7-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: cp2615: Fix 'assignment to __be16' warning
        i2c: dev: copy userspace array safely
        i2c: designware: Disable TX_EMPTY irq while waiting for block length byte
        i2c: iproc: handle invalid slave state
      ace92fd9
    • Linus Torvalds's avatar
      Merge tag 'linux-watchdog-6.7-rc1' of git://www.linux-watchdog.org/linux-watchdog · 12418ece
      Linus Torvalds authored
      Pull watchdog updates from Wim Van Sebroeck:
      
       - add support for Amlogic C3 and S4 SoCs
      
       - add IT8613 ID
      
       - add MSM8226 and MSM8974 compatibles
      
       - other small fixes and improvements
      
      * tag 'linux-watchdog-6.7-rc1' of git://www.linux-watchdog.org/linux-watchdog: (24 commits)
        dt-bindings: watchdog: Add support for Amlogic C3 and S4 SoCs
        watchdog: mlx-wdt: Parameter desctiption warning fix
        watchdog: aspeed: Add support for aspeed,reset-mask DT property
        dt-bindings: watchdog: aspeed-wdt: Add aspeed,reset-mask property
        watchdog: apple: Deactivate on suspend
        dt-bindings: watchdog: qcom-wdt: Add MSM8226 and MSM8974 compatibles
        dt-bindings: watchdog: fsl-imx7ulp-wdt: Add 'fsl,ext-reset-output'
        wdog: imx7ulp: Enable wdog int_en bit for watchdog any reset
        drivers: watchdog: marvell_gti: Program the max_hw_heartbeat_ms
        drivers: watchdog: marvell_gti: fix zero pretimeout handling
        watchdog: marvell_gti: Replace of_platform.h with explicit includes
        watchdog: imx_sc_wdt: continue if the wdog already enabled
        watchdog: st_lpc: Use device_get_match_data()
        watchdog: wdat_wdt: Add timeout value as a param in ping method
        watchdog: gpio_wdt: Make use of device properties
        sbsa_gwdt: Calculate timeout with 64-bit math
        watchdog: ixp4xx: Make sure restart always works
        watchdog: it87_wdt: add IT8613 ID
        watchdog: marvell_gti_wdt: Fix error code in probe()
        Watchdog: marvell_gti_wdt: Remove redundant dev_err_probe() for platform_get_irq()
        ...
      12418ece
    • Linus Torvalds's avatar
      Merge tag 'pwm/for-6.7-rc1' of... · f3bfe643
      Linus Torvalds authored
      Merge tag 'pwm/for-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
      
      Pull pwm updates from Thierry Reding:
       "This contains a few fixes and a bunch of cleanups, a lot of which is
        in preparation for Uwe's character device support that may be ready in
        time for the next merge window"
      
      * tag 'pwm/for-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: (37 commits)
        pwm: samsung: Document new member .channel in struct samsung_pwm_chip
        pwm: bcm2835: Add support for suspend/resume
        pwm: brcmstb: Checked clk_prepare_enable() return value
        pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
        pwm: pxa: Explicitly include correct DT includes
        pwm: cros-ec: Simplify using devm_pwmchip_add() and dev_err_probe()
        pwm: samsung: Consistently use the same name for driver data
        pwm: vt8500: Simplify using devm functions
        pwm: sprd: Simplify using devm_pwmchip_add() and dev_err_probe()
        pwm: sprd: Provide a helper to cast a chip to driver data
        pwm: spear: Simplify using devm functions
        pwm: mtk-disp: Simplify using devm_pwmchip_add()
        pwm: imx-tpm: Simplify using devm functions
        pwm: brcmstb: Simplify using devm functions
        pwm: bcm2835: Simplify using devm functions
        pwm: bcm-iproc: Simplify using devm functions
        pwm: Adapt sysfs API documentation to reality
        pwm: dwc: add PWM bit unset in get_state call
        pwm: dwc: make timer clock configurable
        pwm: dwc: split pci out of core driver
        ...
      f3bfe643
    • Linus Torvalds's avatar
      Merge tag 'iommu-updates-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 4bbdb725
      Linus Torvalds authored
      Pull iommu updates from Joerg Roedel:
       "Core changes:
         - Make default-domains mandatory for all IOMMU drivers
         - Remove group refcounting
         - Add generic_single_device_group() helper and consolidate drivers
         - Cleanup map/unmap ops
         - Scaling improvements for the IOVA rcache depot
         - Convert dart & iommufd to the new domain_alloc_paging()
      
        ARM-SMMU:
         - Device-tree binding update:
             - Add qcom,sm7150-smmu-v2 for Adreno on SM7150 SoC
         - SMMUv2:
             - Support for Qualcomm SDM670 (MDSS) and SM7150 SoCs
         - SMMUv3:
             - Large refactoring of the context descriptor code to move the CD
               table into the master, paving the way for '->set_dev_pasid()'
               support on non-SVA domains
         - Minor cleanups to the SVA code
      
        Intel VT-d:
         - Enable debugfs to dump domain attached to a pasid
         - Remove an unnecessary inline function
      
        AMD IOMMU:
         - Initial patches for SVA support (not complete yet)
      
        S390 IOMMU:
         - DMA-API conversion and optimized IOTLB flushing
      
        And some smaller fixes and improvements"
      
      * tag 'iommu-updates-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: (102 commits)
        iommu/dart: Remove the force_bypass variable
        iommu/dart: Call apple_dart_finalize_domain() as part of alloc_paging()
        iommu/dart: Convert to domain_alloc_paging()
        iommu/dart: Move the blocked domain support to a global static
        iommu/dart: Use static global identity domains
        iommufd: Convert to alloc_domain_paging()
        iommu/vt-d: Use ops->blocked_domain
        iommu/vt-d: Update the definition of the blocking domain
        iommu: Move IOMMU_DOMAIN_BLOCKED global statics to ops->blocked_domain
        Revert "iommu/vt-d: Remove unused function"
        iommu/amd: Remove DMA_FQ type from domain allocation path
        iommu: change iommu_map_sgtable to return signed values
        iommu/virtio: Add __counted_by for struct viommu_request and use struct_size()
        iommu/vt-d: debugfs: Support dumping a specified page table
        iommu/vt-d: debugfs: Create/remove debugfs file per {device, pasid}
        iommu/vt-d: debugfs: Dump entry pointing to huge page
        iommu/vt-d: Remove unused function
        iommu/arm-smmu-v3-sva: Remove bond refcount
        iommu/arm-smmu-v3-sva: Remove unused iommu_sva handle
        iommu/arm-smmu-v3: Rename cdcfg to cd_table
        ...
      4bbdb725
    • Diogo Ivo's avatar
      net: ti: icss-iep: fix setting counter value · 83b9dda8
      Diogo Ivo authored
      Currently icss_iep_set_counter() writes the upper 32-bits of the
      counter value to both the lower and upper counter registers, so
      fix this by writing the appropriate value to the lower register.
      
      Fixes: c1e0230e ("net: ti: icss-iep: Add IEP driver")
      Signed-off-by: default avatarDiogo Ivo <diogo.ivo@siemens.com>
      Link: https://lore.kernel.org/r/20231107120037.1513546-1-diogo.ivo@siemens.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      83b9dda8
    • Edward Adam Davis's avatar
      ptp: fix corrupted list in ptp_open · 1bea2c3e
      Edward Adam Davis authored
      There is no lock protection when writing ptp->tsevqs in ptp_open() and
      ptp_release(), which can cause data corruption, use spin lock to avoid this
      issue.
      
      Moreover, ptp_release() should not be used to release the queue in ptp_read(),
      and it should be deleted altogether.
      Acked-by: default avatarRichard Cochran <richardcochran@gmail.com>
      Reported-and-tested-by: syzbot+df3f3ef31f60781fa911@syzkaller.appspotmail.com
      Fixes: 8f5de6fb ("ptp: support multiple timestamp event readers")
      Signed-off-by: default avatarEdward Adam Davis <eadavis@qq.com>
      Link: https://lore.kernel.org/r/tencent_CD19564FFE8DA8A5918DFE92325D92DD8107@qq.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      1bea2c3e
    • Edward Adam Davis's avatar
      ptp: ptp_read should not release queue · b714ca2c
      Edward Adam Davis authored
      Firstly, queue is not the memory allocated in ptp_read;
      Secondly, other processes may block at ptp_read and wait for conditions to be
      met to perform read operations.
      Acked-by: default avatarRichard Cochran <richardcochran@gmail.com>
      Reported-and-tested-by: syzbot+df3f3ef31f60781fa911@syzkaller.appspotmail.com
      Fixes: 8f5de6fb ("ptp: support multiple timestamp event readers")
      Signed-off-by: default avatarEdward Adam Davis <eadavis@qq.com>
      Link: https://lore.kernel.org/r/tencent_18747D76F1675A3C633772960237544AAA09@qq.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      b714ca2c
    • Jakub Kicinski's avatar
      Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue · 9b818a34
      Jakub Kicinski authored
      Tony Nguyen says:
      
      ====================
      Intel Wired LAN Driver Updates 2023-11-06 (ice)
      
      This series contains updates to ice driver only.
      
      Dave removes SR-IOV LAG attribute for only the interface being disabled
      to allow for proper unwinding of all interfaces.
      
      Michal Schmidt changes some LAG allocations from GFP_KERNEL to GFP_ATOMIC
      due to non-allowed sleeping.
      
      Aniruddha and Marcin fix redirection and drop rules for switchdev by
      properly setting and marking egress/ingress type.
      
      * '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue:
        ice: Fix VF-VF direction matching in drop rule in switchdev
        ice: Fix VF-VF filter rules in switchdev mode
        ice: lag: in RCU, use atomic allocation
        ice: Fix SRIOV LAG disable on non-compliant aggregate
      ====================
      
      Link: https://lore.kernel.org/r/20231107004844.655549-1-anthony.l.nguyen@intel.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      9b818a34
    • Eric Dumazet's avatar
      net_sched: sch_fq: better validate TCA_FQ_WEIGHTS and TCA_FQ_PRIOMAP · f1a3b283
      Eric Dumazet authored
      syzbot was able to trigger the following report while providing
      too small TCA_FQ_WEIGHTS attribute [1]
      
      Fix is to use NLA_POLICY_EXACT_LEN() to ensure user space
      provided correct sizes.
      
      Apply the same fix to TCA_FQ_PRIOMAP.
      
      [1]
      BUG: KMSAN: uninit-value in fq_load_weights net/sched/sch_fq.c:960 [inline]
      BUG: KMSAN: uninit-value in fq_change+0x1348/0x2fe0 net/sched/sch_fq.c:1071
      fq_load_weights net/sched/sch_fq.c:960 [inline]
      fq_change+0x1348/0x2fe0 net/sched/sch_fq.c:1071
      fq_init+0x68e/0x780 net/sched/sch_fq.c:1159
      qdisc_create+0x12f3/0x1be0 net/sched/sch_api.c:1326
      tc_modify_qdisc+0x11ef/0x2c20
      rtnetlink_rcv_msg+0x16a6/0x1840 net/core/rtnetlink.c:6558
      netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545
      rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6576
      netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
      netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368
      netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910
      sock_sendmsg_nosec net/socket.c:730 [inline]
      __sock_sendmsg net/socket.c:745 [inline]
      ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2588
      ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2642
      __sys_sendmsg net/socket.c:2671 [inline]
      __do_sys_sendmsg net/socket.c:2680 [inline]
      __se_sys_sendmsg net/socket.c:2678 [inline]
      __x64_sys_sendmsg+0x307/0x490 net/socket.c:2678
      do_syscall_x64 arch/x86/entry/common.c:51 [inline]
      do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
      entry_SYSCALL_64_after_hwframe+0x63/0x6b
      
      Uninit was created at:
      slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768
      slab_alloc_node mm/slub.c:3478 [inline]
      kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523
      kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560
      __alloc_skb+0x318/0x740 net/core/skbuff.c:651
      alloc_skb include/linux/skbuff.h:1286 [inline]
      netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline]
      netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885
      sock_sendmsg_nosec net/socket.c:730 [inline]
      __sock_sendmsg net/socket.c:745 [inline]
      ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2588
      ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2642
      __sys_sendmsg net/socket.c:2671 [inline]
      __do_sys_sendmsg net/socket.c:2680 [inline]
      __se_sys_sendmsg net/socket.c:2678 [inline]
      __x64_sys_sendmsg+0x307/0x490 net/socket.c:2678
      do_syscall_x64 arch/x86/entry/common.c:51 [inline]
      do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
      entry_SYSCALL_64_after_hwframe+0x63/0x6b
      
      CPU: 1 PID: 5001 Comm: syz-executor300 Not tainted 6.6.0-syzkaller-12401-g8f6f76a6 #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
      
      Fixes: 29f834aa ("net_sched: sch_fq: add 3 bands and WRR scheduling")
      Fixes: 49e7265f ("net_sched: sch_fq: add TCA_FQ_WEIGHTS attribute")
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: Jamal Hadi Salim<jhs@mojatatu.com>
      Link: https://lore.kernel.org/r/20231107160440.1992526-1-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      f1a3b283
    • Jakub Kicinski's avatar
      Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue · 09699f19
      Jakub Kicinski authored
      Tony Nguyen says:
      
      ====================
      Intel Wired LAN Driver Updates 2023-11-06 (i40e)
      
      This series contains updates to i40e driver only.
      
      Ivan Vecera resolves a couple issues with devlink; removing a call to
      devlink_port_type_clear() and ensuring devlink port is unregistered
      after the net device.
      
      * '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue:
        i40e: Fix devlink port unregistering
        i40e: Do not call devlink_port_type_clear()
      ====================
      
      Link: https://lore.kernel.org/r/20231107003600.653796-1-anthony.l.nguyen@intel.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      09699f19
    • Jakub Kicinski's avatar
      net: kcm: fill in MODULE_DESCRIPTION() · 31356547
      Jakub Kicinski authored
      W=1 builds now warn if module is built without a MODULE_DESCRIPTION().
      
      Link: https://lore.kernel.org/r/20231108020305.537293-1-kuba@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      31356547
    • Jakub Kicinski's avatar
      Merge tag 'nf-23-11-08' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf · 0613736e
      Jakub Kicinski authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for net:
      
      1) Add missing netfilter modules description to fix W=1, from Florian Westphal.
      
      2) Fix catch-all element GC with timeout when use with the pipapo set
         backend, this remained broken since I tried to fix it this summer,
         then another attempt to fix it recently.
      
      3) Add missing IPVS modules descriptions to fix W=1, also from Florian.
      
      4) xt_recent allocated a too small buffer to store an IPv4-mapped IPv6
         address which can be parsed by in6_pton(), from Maciej Zenczykowski.
         Broken for many releases.
      
      5) Skip IPv4-mapped IPv6, IPv4-compat IPv6, site/link local scoped IPv6
         addressses to set up IPv6 NAT redirect, also from Florian. This is
         broken since 2012.
      
      * tag 'nf-23-11-08' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
        netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses
        netfilter: xt_recent: fix (increase) ipv6 literal buffer length
        ipvs: add missing module descriptions
        netfilter: nf_tables: remove catchall element in GC sync path
        netfilter: add missing module descriptions
      ====================
      
      Link: https://lore.kernel.org/r/20231108155802.84617-1-pablo@netfilter.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      0613736e
    • Jakub Kicinski's avatar
      Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 942b8b38
      Jakub Kicinski authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2023-11-08
      
      We've added 16 non-merge commits during the last 6 day(s) which contain
      a total of 30 files changed, 341 insertions(+), 130 deletions(-).
      
      The main changes are:
      
      1) Fix a BPF verifier issue in precision tracking for BPF_ALU | BPF_TO_BE |
         BPF_END where the source register was incorrectly marked as precise,
         from Shung-Hsi Yu.
      
      2) Fix a concurrency issue in bpf_timer where the former could still have
         been alive after an application releases or unpins the map, from Hou Tao.
      
      3) Fix a BPF verifier issue where immediates are incorrectly cast to u32
         before being spilled and therefore losing sign information, from Hao Sun.
      
      4) Fix a misplaced BPF_TRACE_ITER in check_css_task_iter_allowlist which
         incorrectly compared bpf_prog_type with bpf_attach_type, from Chuyi Zhou.
      
      5) Add __bpf_hook_{start,end} as well as __bpf_kfunc_{start,end}_defs macros,
         migrate all BPF-related __diag callsites over to it, and add a new
         __diag_ignore_all for -Wmissing-declarations to the macros to address
         recent build warnings, from Dave Marchevsky.
      
      6) Fix broken BPF selftest build of xdp_hw_metadata test on architectures
         where char is not signed, from Björn Töpel.
      
      7) Fix test_maps selftest to properly use LIBBPF_OPTS() macro to initialize
         the bpf_map_create_opts, from Andrii Nakryiko.
      
      8) Fix bpffs selftest to avoid unmounting /sys/kernel/debug as it may have
         been mounted and used by other applications already, from Manu Bretelle.
      
      9) Fix a build issue without CONFIG_CGROUPS wrt css_task open-coded
         iterators, from Matthieu Baerts.
      
      * tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
        selftests/bpf: get trusted cgrp from bpf_iter__cgroup directly
        bpf: Let verifier consider {task,cgroup} is trusted in bpf_iter_reg
        selftests/bpf: Fix broken build where char is unsigned
        selftests/bpf: precision tracking test for BPF_NEG and BPF_END
        bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END
        selftests/bpf: Add test for using css_task iter in sleepable progs
        selftests/bpf: Add tests for css_task iter combining with cgroup iter
        bpf: Relax allowlist for css_task iter
        selftests/bpf: fix test_maps' use of bpf_map_create_opts
        bpf: Check map->usercnt after timer->timer is assigned
        bpf: Add __bpf_hook_{start,end} macros
        bpf: Add __bpf_kfunc_{start,end}_defs macros
        selftests/bpf: fix test_bpffs
        selftests/bpf: Add test for immediate spilled to stack
        bpf: Fix check_stack_write_fixed_off() to correctly spill imm
        bpf: fix compilation error without CGROUPS
      ====================
      
      Link: https://lore.kernel.org/r/20231108132448.1970-1-daniel@iogearbox.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      942b8b38
    • Vlad Buslov's avatar
      net/sched: act_ct: Always fill offloading tuple iifidx · 9bc64bd0
      Vlad Buslov authored
      Referenced commit doesn't always set iifidx when offloading the flow to
      hardware. Fix the following cases:
      
      - nf_conn_act_ct_ext_fill() is called before extension is created with
      nf_conn_act_ct_ext_add() in tcf_ct_act(). This can cause rule offload with
      unspecified iifidx when connection is offloaded after only single
      original-direction packet has been processed by tc data path. Always fill
      the new nf_conn_act_ct_ext instance after creating it in
      nf_conn_act_ct_ext_add().
      
      - Offloading of unidirectional UDP NEW connections is now supported, but ct
      flow iifidx field is not updated when connection is promoted to
      bidirectional which can result reply-direction iifidx to be zero when
      refreshing the connection. Fill in the extension and update flow iifidx
      before calling flow_offload_refresh().
      
      Fixes: 9795ded7 ("net/sched: act_ct: Fill offloading tuple iifidx")
      Reviewed-by: default avatarPaul Blakey <paulb@nvidia.com>
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Fixes: 6a9bad00 ("net/sched: act_ct: offload UDP NEW connections")
      Link: https://lore.kernel.org/r/20231103151410.764271-1-vladbu@nvidia.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      9bc64bd0
  3. 08 Nov, 2023 16 commits
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-6.7-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 6bc986ab
      Linus Torvalds authored
      Pull NFS client updates from Trond Myklebust:
       "Bugfixes:
      
         - SUNRPC:
             - re-probe the target RPC port after an ECONNRESET error
             - handle allocation errors from rpcb_call_async()
             - fix a use-after-free condition in rpc_pipefs
             - fix up various checks for timeouts
      
         - NFSv4.1:
             - Handle NFS4ERR_DELAY errors during session trunking
             - fix SP4_MACH_CRED protection for pnfs IO
      
         - NFSv4:
             - Ensure that we test all delegations when the server notifies
               us that it may have revoked some of them
      
        Features:
      
         - Allow knfsd processes to break out of NFS4ERR_DELAY loops when
           re-exporting NFSv4.x by setting appropriate values for the
           'delay_retrans' module parameter
      
         - nfs: Convert nfs_symlink() to use a folio"
      
      * tag 'nfs-for-6.7-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        nfs: Convert nfs_symlink() to use a folio
        SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
        NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO
        SUNRPC: Add an IS_ERR() check back to where it was
        NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking
        nfs41: drop dependency between flexfiles layout driver and NFSv3 modules
        NFSv4: fairly test all delegations on a SEQ4_ revocation
        SUNRPC: SOFTCONN tasks should time out when on the sending list
        SUNRPC: Force close the socket when a hard error is reported
        SUNRPC: Don't skip timeout checks in call_connect_status()
        SUNRPC: ECONNRESET might require a rebind
        NFSv4/pnfs: Allow layoutget to return EAGAIN for softerr mounts
        NFSv4: Add a parameter to limit the number of retries after NFS4ERR_DELAY
      6bc986ab
    • Linus Torvalds's avatar
      Merge tag 'exfat-for-6.7-rc1-part2' of... · 67c0afb6
      Linus Torvalds authored
      Merge tag 'exfat-for-6.7-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat
      
      Pull exfat updates from Namjae Jeon:
      
       - Fix an issue that exfat timestamps are not updated caused by new
         timestamp accessor function patch
      
      * tag 'exfat-for-6.7-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat:
        exfat: fix ctime is not updated
        exfat: fix setting uninitialized time to ctime/atime
      67c0afb6
    • Linus Torvalds's avatar
      Merge tag 'xfs-6.7-merge-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 34f76326
      Linus Torvalds authored
      Pull xfs updates from Chandan Babu:
      
       - Realtime device subsystem:
          - Cleanup usage of xfs_rtblock_t and xfs_fsblock_t data types
          - Replace open coded conversions between rt blocks and rt extents
            with calls to static inline helpers
          - Replace open coded realtime geometry compuation and macros with
            helper functions
          - CPU usage optimizations for realtime allocator
          - Misc bug fixes associated with Realtime device
      
       - Allow read operations to execute while an FICLONE ioctl is being
         serviced
      
       - Misc bug fixes:
          - Alert user when xfs_droplink() encounters an inode with a link
            count of zero
          - Handle the case where the allocator could return zero extents when
            servicing an fallocate request
      
      * tag 'xfs-6.7-merge-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: (40 commits)
        xfs: allow read IO and FICLONE to run concurrently
        xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space
        xfs: introduce protection for drop nlink
        xfs: don't look for end of extent further than necessary in xfs_rtallocate_extent_near()
        xfs: don't try redundant allocations in xfs_rtallocate_extent_near()
        xfs: limit maxlen based on available space in xfs_rtallocate_extent_near()
        xfs: return maximum free size from xfs_rtany_summary()
        xfs: invert the realtime summary cache
        xfs: simplify rt bitmap/summary block accessor functions
        xfs: simplify xfs_rtbuf_get calling conventions
        xfs: cache last bitmap block in realtime allocator
        xfs: use accessor functions for summary info words
        xfs: consolidate realtime allocation arguments
        xfs: create helpers for rtsummary block/wordcount computations
        xfs: use accessor functions for bitmap words
        xfs: create helpers for rtbitmap block/wordcount computations
        xfs: create a helper to handle logging parts of rt bitmap/summary blocks
        xfs: convert rt summary macros to helpers
        xfs: convert open-coded xfs_rtword_t pointer accesses to helper
        xfs: remove XFS_BLOCKWSIZE and XFS_BLOCKWMASK macros
        ...
      34f76326
    • Konstantin Ryabitsev's avatar
      MAINTAINERS: update lists.linuxfoundation.org migrated lists · 6d795e2a
      Konstantin Ryabitsev authored
      The mailman-2 system behind lists.linux[-]foundation.org is being
      retired, so the lists are being migrated to lists.linux.dev.
      
      Since both domains belong to LF and setting up proper forwards is
      possible, the old addresses will continue to work for a while, but all
      new patches should be sent to the new canonical addresses for each list.
      Signed-off-by: default avatarKonstantin Ryabitsev <konstantin@linuxfoundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6d795e2a
    • Linus Torvalds's avatar
      Merge tag 's390-6.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 1995a536
      Linus Torvalds authored
      Pull more s390 updates from Vasily Gorbik:
      
       - Get rid of s390 specific use of two PTEs per 4KB page with complex
         half-used pages tracking. Using full 4KB pages for 2KB PTEs increases
         the memory footprint of page tables but drastically simplify mm code,
         removing a common blocker for common code changes and adaptations
      
       - Simplify and rework "cmma no-dat" handling. This is a follow up for
         recent fixes which prevent potential incorrect guest TLB flushes
      
       - Add perf user stack unwinding as well as USER_STACKTRACE support for
         user space built with -mbackchain compile option
      
       - Add few missing conversion from tlb_remove_table to tlb_remove_ptdesc
      
       - Fix crypto cards vanishing in a secure execution environment due to
         asynchronous errors
      
       - Avoid reporting crypto cards or queues in check-stop state as online
      
       - Fix null-ptr deference in AP bus code triggered by early config
         change via SCLP
      
       - Couple of stability improvements in AP queue interrupt handling
      
      * tag 's390-6.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/mm: make pte_free_tlb() similar to pXd_free_tlb()
        s390/mm: use compound page order to distinguish page tables
        s390/mm: use full 4KB page for 2KB PTE
        s390/cmma: rework no-dat handling
        s390/cmma: move arch_set_page_dat() to header file
        s390/cmma: move set_page_stable() and friends to header file
        s390/cmma: move parsing of cmma kernel parameter to early boot code
        s390/cmma: cleanup inline assemblies
        s390/ap: fix vanishing crypto cards in SE environment
        s390/zcrypt: don't report online if card or queue is in check-stop state
        s390: add USER_STACKTRACE support
        s390/perf: implement perf_callchain_user()
        s390/ap: fix AP bus crash on early config change callback invocation
        s390/ap: re-enable interrupt for AP queues
        s390/ap: rework to use irq info from ap queue status
        s390/mm: add missing conversion to use ptdescs
      1995a536
    • Linus Torvalds's avatar
      Merge tag 'rcu-fixes-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/frederic/linux-dynticks · 90450a06
      Linus Torvalds authored
      Pull RCU fixes from Frederic Weisbecker:
      
       - Fix a lock inversion between scheduler and RCU introduced in
         v6.2-rc4. The scenario could trigger on any user of RCU_NOCB
         (mostly Android but also nohz_full)
      
       - Fix PF_IDLE semantic changes introduced in v6.6-rc3 breaking
         some RCU-Tasks and RCU-Tasks-Trace expectations as to what
         exactly is an idle task. This resulted in potential spurious
         stalls and warnings.
      
      * tag 'rcu-fixes-v6.7' of git://git.kernel.org/pub/scm/linux/kernel/git/frederic/linux-dynticks:
        rcu/tasks-trace: Handle new PF_IDLE semantics
        rcu/tasks: Handle new PF_IDLE semantics
        rcu: Introduce rcu_cpu_online()
        rcu: Break rcu_node_0 --> &rq->__lock order
      90450a06
    • Linus Torvalds's avatar
      Merge tag 'memblock-v6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock · 447cec03
      Linus Torvalds authored
      Pull memblock update from Mike Rapoport:
       "Report failures when memblock_can_resize is not set.
      
        Numerous memblock reservations at early boot may exhaust static
        memblock.reserved array and it is unnoticed because most of the
        callers don't check memblock_reserve() return value.
      
        In this case the system will crash later, but the reason is hard to
        identify.
      
        Replace return of an error with panic() when memblock.reserved is
        exhausted before it can be resized"
      
      * tag 'memblock-v6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock:
        memblock: report failures when memblock_can_resize is not set
      447cec03
    • Linus Torvalds's avatar
      Merge tag 'kgdb-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux · c1ef4df1
      Linus Torvalds authored
      Pull kgdb updates from Daniel Thompson:
       "Just two patches for you this time!
      
         - During a panic, flush the console before entering kgdb.
      
           This makes things a little easier to comprehend, especially if an
           NMI backtrace was triggered on all CPUs just before we enter the
           panic routines
      
         - Correcting a couple of misleading (a.k.a. plain wrong) comments"
      
      * tag 'kgdb-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux:
        kdb: Corrects comment for kdballocenv
        kgdb: Flush console before entering kgdb on panic
      c1ef4df1
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · d46392bb
      Linus Torvalds authored
      Pull RISC-V updates from Palmer Dabbelt:
      
       - Support for cbo.zero in userspace
      
       - Support for CBOs on ACPI-based systems
      
       - A handful of improvements for the T-Head cache flushing ops
      
       - Support for software shadow call stacks
      
       - Various cleanups and fixes
      
      * tag 'riscv-for-linus-6.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: (31 commits)
        RISC-V: hwprobe: Fix vDSO SIGSEGV
        riscv: configs: defconfig: Enable configs required for RZ/Five SoC
        riscv: errata: prefix T-Head mnemonics with th.
        riscv: put interrupt entries into .irqentry.text
        riscv: mm: Update the comment of CONFIG_PAGE_OFFSET
        riscv: Using TOOLCHAIN_HAS_ZIHINTPAUSE marco replace zihintpause
        riscv/mm: Fix the comment for swap pte format
        RISC-V: clarify the QEMU workaround in ISA parser
        riscv: correct pt_level name via pgtable_l5/4_enabled
        RISC-V: Provide pgtable_l5_enabled on rv32
        clocksource: timer-riscv: Increase rating of clock_event_device for Sstc
        clocksource: timer-riscv: Don't enable/disable timer interrupt
        lkdtm: Fix CFI_BACKWARD on RISC-V
        riscv: Use separate IRQ shadow call stacks
        riscv: Implement Shadow Call Stack
        riscv: Move global pointer loading to a macro
        riscv: Deduplicate IRQ stack switching
        riscv: VMAP_STACK overflow detection thread-safe
        RISC-V: cacheflush: Initialize CBO variables on ACPI systems
        RISC-V: ACPI: RHCT: Add function to get CBO block sizes
        ...
      d46392bb
    • Florian Westphal's avatar
      netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses · 80abbe8a
      Florian Westphal authored
      The ipv6 redirect target was derived from the ipv4 one, i.e. its
      identical to a 'dnat' with the first (primary) address assigned to the
      network interface.  The code has been moved around to make it usable
      from nf_tables too, but its still the same as it was back when this
      was added in 2012.
      
      IPv6, however, has different types of addresses, if the 'wrong' address
      comes first the redirection does not work.
      
      In Daniels case, the addresses are:
        inet6 ::ffff:192 ...
        inet6 2a01: ...
      
      ... so the function attempts to redirect to the mapped address.
      
      Add more checks before the address is deemed correct:
      1. If the packets' daddr is scoped, search for a scoped address too
      2. skip tentative addresses
      3. skip mapped addresses
      
      Use the first address that appears to match our needs.
      Reported-by: default avatarDaniel Huhardeaux <tech@tootai.net>
      Closes: https://lore.kernel.org/netfilter/71be06b8-6aa0-4cf9-9e0b-e2839b01b22f@tootai.net/
      Fixes: 115e23ac ("netfilter: ip6tables: add REDIRECT target")
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      80abbe8a
    • Maciej Żenczykowski's avatar
      netfilter: xt_recent: fix (increase) ipv6 literal buffer length · 7b308feb
      Maciej Żenczykowski authored
      in6_pton() supports 'low-32-bit dot-decimal representation'
      (this is useful with DNS64/NAT64 networks for example):
      
        # echo +aaaa:bbbb:cccc:dddd:eeee:ffff:1.2.3.4 > /proc/self/net/xt_recent/DEFAULT
        # cat /proc/self/net/xt_recent/DEFAULT
        src=aaaa:bbbb:cccc:dddd:eeee:ffff:0102:0304 ttl: 0 last_seen: 9733848829 oldest_pkt: 1 9733848829
      
      but the provided buffer is too short:
      
        # echo +aaaa:bbbb:cccc:dddd:eeee:ffff:255.255.255.255 > /proc/self/net/xt_recent/DEFAULT
        -bash: echo: write error: Invalid argument
      
      Fixes: 079aa88f ("netfilter: xt_recent: IPv6 support")
      Signed-off-by: default avatarMaciej Żenczykowski <zenczykowski@gmail.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      7b308feb
    • Florian Westphal's avatar
      ipvs: add missing module descriptions · 17cd01e4
      Florian Westphal authored
      W=1 builds warn on missing MODULE_DESCRIPTION, add them.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      17cd01e4
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables: remove catchall element in GC sync path · 93995bf4
      Pablo Neira Ayuso authored
      The expired catchall element is not deactivated and removed from GC sync
      path. This path holds mutex so just call nft_setelem_data_deactivate()
      and nft_setelem_catchall_remove() before queueing the GC work.
      
      Fixes: 4a9e12ea ("netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC")
      Reported-by: default avatarlonial con <kongln9170@gmail.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      93995bf4
    • Florian Westphal's avatar
      netfilter: add missing module descriptions · 94090b23
      Florian Westphal authored
      W=1 builds warn on missing MODULE_DESCRIPTION, add them.
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      94090b23
    • Philipp Stanner's avatar
      drivers/net/ppp: use standard array-copy-function · caf31008
      Philipp Stanner authored
      In ppp_generic.c, memdup_user() is utilized to copy a userspace array.
      This is done without an overflow-check, which is, however, not critical
      because the multiplicands are an unsigned short and struct sock_filter,
      which is currently of size 8.
      
      Regardless, string.h now provides memdup_array_user(), a wrapper for
      copying userspace arrays in a standardized manner, which has the
      advantage of making it more obvious to the reader that an array is being
      copied.
      The wrapper additionally performs an obligatory overflow check, saving
      the reader the effort of analyzing the potential for overflow, and
      making the code a bit more robust in case of future changes to the
      multiplicands len * size.
      
      Replace memdup_user() with memdup_array_user().
      Suggested-by: default avatarDave Airlie <airlied@redhat.com>
      Signed-off-by: default avatarPhilipp Stanner <pstanner@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      caf31008
    • Bence Csókás's avatar
      i2c: cp2615: Fix 'assignment to __be16' warning · bdba49cb
      Bence Csókás authored
      While the preamble field _is_ technically big-endian, its value is always 0x2A2A,
      which is the same in either endianness. However, to avoid generating a warning,
      we should still call `htons()` explicitly.
      Signed-off-by: default avatarBence Csókás <bence98@sch.bme.hu>
      Signed-off-by: default avatarWolfram Sang <wsa@kernel.org>
      bdba49cb