1. 31 Mar, 2023 1 commit
    • Hans de Goede's avatar
      wifi: brcmfmac: Fix SDIO suspend/resume regression · e4efa515
      Hans de Goede authored
      After commit 92cadedd ("brcmfmac: Avoid keeping power to SDIO card
      unless WOWL is used"), the wifi adapter by default is turned off on suspend
      and then re-probed on resume.
      
      In at least 2 model x86/acpi tablets with brcmfmac43430a1 wifi adapters,
      the newly added re-probe on resume fails like this:
      
       brcmfmac: brcmf_sdio_bus_rxctl: resumed on timeout
       ieee80211 phy1: brcmf_bus_started: failed: -110
       ieee80211 phy1: brcmf_attach: dongle is not responding: err=-110
       brcmfmac: brcmf_sdio_firmware_callback: brcmf_attach failed
      
      It seems this specific brcmfmac model does not like being reprobed without
      it actually being turned off first.
      
      And the adapter is not being turned off during suspend because of
      commit f0992ace ("brcmfmac: prohibit ACPI power management for brcmfmac
      driver").
      
      Now that the driver is being reprobed on resume, the disabling of ACPI
      pm is no longer necessary, except when WOWL is used (in which case there
      is no-reprobe).
      
      Move the dis-/en-abling of ACPI pm to brcmf_sdio_wowl_config(), this fixes
      the brcmfmac43430a1 suspend/resume regression and should help save some
      power when suspended.
      
      This change means that the code now also may re-enable ACPI pm when WOWL
      gets disabled. ACPI pm should only be re-enabled if it was enabled by
      the ACPI core originally. Add a brcmf_sdiod_acpi_save_power_manageable()
      to save the original state for this.
      
      This has been tested on the following devices:
      
      Asus T100TA                brcmfmac43241b4-sdio
      Acer Iconia One 7 B1-750   brcmfmac43340-sdio
      Chuwi Hi8                  brcmfmac43430a0-sdio
      Chuwi Hi8                  brcmfmac43430a1-sdio
      
      (the Asus T100TA is the device for which the prohibiting of ACPI pm
       was originally added)
      
      Fixes: 92cadedd ("brcmfmac: Avoid keeping power to SDIO card unless WOWL is used")
      Cc: Ulf Hansson <ulf.hansson@linaro.org>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Reviewed-by: default avatarUlf Hansson <ulf.hansson@linaro.org>
      Signed-off-by: default avatarKalle Valo <kvalo@kernel.org>
      Link: https://lore.kernel.org/r/20230320122252.240070-1-hdegoede@redhat.com
      e4efa515
  2. 30 Mar, 2023 7 commits
  3. 22 Mar, 2023 4 commits
  4. 15 Mar, 2023 2 commits
  5. 13 Mar, 2023 3 commits
    • Lorenzo Bianconi's avatar
      wifi: mt76: connac: do not check WED status for non-mmio devices · 5683e148
      Lorenzo Bianconi authored
      WED is supported just for mmio devices, so do not check it for usb or
      sdio devices. This patch fixes the crash reported below:
      
      [   21.946627] wlp0s3u1i3: authenticate with c4:41:1e:f5:2b:1d
      [   22.525298] wlp0s3u1i3: send auth to c4:41:1e:f5:2b:1d (try 1/3)
      [   22.548274] wlp0s3u1i3: authenticate with c4:41:1e:f5:2b:1d
      [   22.557694] wlp0s3u1i3: send auth to c4:41:1e:f5:2b:1d (try 1/3)
      [   22.565885] wlp0s3u1i3: authenticated
      [   22.569502] wlp0s3u1i3: associate with c4:41:1e:f5:2b:1d (try 1/3)
      [   22.578966] wlp0s3u1i3: RX AssocResp from c4:41:1e:f5:2b:1d (capab=0x11 status=30 aid=3)
      [   22.579113] wlp0s3u1i3: c4:41:1e:f5:2b:1d rejected association temporarily; comeback duration 1000 TU (1024 ms)
      [   23.649518] wlp0s3u1i3: associate with c4:41:1e:f5:2b:1d (try 2/3)
      [   23.752528] wlp0s3u1i3: RX AssocResp from c4:41:1e:f5:2b:1d (capab=0x11 status=0 aid=3)
      [   23.797450] wlp0s3u1i3: associated
      [   24.959527] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
      [   24.959640] BUG: unable to handle page fault for address: ffff88800c223200
      [   24.959706] #PF: supervisor instruction fetch in kernel mode
      [   24.959788] #PF: error_code(0x0011) - permissions violation
      [   24.959846] PGD 2c01067 P4D 2c01067 PUD 2c02067 PMD c2a8063 PTE 800000000c223163
      [   24.959957] Oops: 0011 [#1] PREEMPT SMP
      [   24.960009] CPU: 0 PID: 391 Comm: wpa_supplicant Not tainted 6.2.0-kvm #18
      [   24.960089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 04/01/2014
      [   24.960191] RIP: 0010:0xffff88800c223200
      [   24.960446] RSP: 0018:ffffc90000ff7698 EFLAGS: 00010282
      [   24.960513] RAX: ffff888028397010 RBX: ffff88800c26e630 RCX: 0000000000000058
      [   24.960598] RDX: ffff88800c26f844 RSI: 0000000000000006 RDI: ffff888028397010
      [   24.960682] RBP: ffff88800ea72f00 R08: 18b873fbab2b964c R09: be06b38235f3c63c
      [   24.960766] R10: 18b873fbab2b964c R11: be06b38235f3c63c R12: 0000000000000001
      [   24.960853] R13: ffff88800c26f84c R14: ffff8880063f0ff8 R15: ffff88800c26e644
      [   24.960950] FS:  00007effcea327c0(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000
      [   24.961036] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   24.961106] CR2: ffff88800c223200 CR3: 000000000eaa2000 CR4: 00000000000006b0
      [   24.961190] Call Trace:
      [   24.961219]  <TASK>
      [   24.961245]  ? mt76_connac_mcu_add_key+0x2cf/0x310
      [   24.961313]  ? mt7921_set_key+0x150/0x200
      [   24.961365]  ? drv_set_key+0xa9/0x1b0
      [   24.961418]  ? ieee80211_key_enable_hw_accel+0xd9/0x240
      [   24.961485]  ? ieee80211_key_replace+0x3f3/0x730
      [   24.961541]  ? crypto_shash_setkey+0x89/0xd0
      [   24.961597]  ? ieee80211_key_link+0x2d7/0x3a0
      [   24.961664]  ? crypto_aead_setauthsize+0x31/0x50
      [   24.961730]  ? sta_info_hash_lookup+0xa6/0xf0
      [   24.961785]  ? ieee80211_add_key+0x1fc/0x250
      [   24.961842]  ? rdev_add_key+0x41/0x140
      [   24.961882]  ? nl80211_parse_key+0x6c/0x2f0
      [   24.961940]  ? nl80211_new_key+0x24a/0x290
      [   24.961984]  ? genl_rcv_msg+0x36c/0x3a0
      [   24.962036]  ? rdev_mod_link_station+0xe0/0xe0
      [   24.962102]  ? nl80211_set_key+0x410/0x410
      [   24.962143]  ? nl80211_pre_doit+0x200/0x200
      [   24.962187]  ? genl_bind+0xc0/0xc0
      [   24.962217]  ? netlink_rcv_skb+0xaa/0xd0
      [   24.962259]  ? genl_rcv+0x24/0x40
      [   24.962300]  ? netlink_unicast+0x224/0x2f0
      [   24.962345]  ? netlink_sendmsg+0x30b/0x3d0
      [   24.962388]  ? ____sys_sendmsg+0x109/0x1b0
      [   24.962388]  ? ____sys_sendmsg+0x109/0x1b0
      [   24.962440]  ? __import_iovec+0x2e/0x110
      [   24.962482]  ? ___sys_sendmsg+0xbe/0xe0
      [   24.962525]  ? mod_objcg_state+0x25c/0x330
      [   24.962576]  ? __dentry_kill+0x19e/0x1d0
      [   24.962618]  ? call_rcu+0x18f/0x270
      [   24.962660]  ? __dentry_kill+0x19e/0x1d0
      [   24.962702]  ? __x64_sys_sendmsg+0x70/0x90
      [   24.962744]  ? do_syscall_64+0x3d/0x80
      [   24.962796]  ? exit_to_user_mode_prepare+0x1b/0x70
      [   24.962852]  ? entry_SYSCALL_64_after_hwframe+0x46/0xb0
      [   24.962913]  </TASK>
      [   24.962939] Modules linked in:
      [   24.962981] CR2: ffff88800c223200
      [   24.963022] ---[ end trace 0000000000000000 ]---
      [   24.963087] RIP: 0010:0xffff88800c223200
      [   24.963323] RSP: 0018:ffffc90000ff7698 EFLAGS: 00010282
      [   24.963376] RAX: ffff888028397010 RBX: ffff88800c26e630 RCX: 0000000000000058
      [   24.963458] RDX: ffff88800c26f844 RSI: 0000000000000006 RDI: ffff888028397010
      [   24.963538] RBP: ffff88800ea72f00 R08: 18b873fbab2b964c R09: be06b38235f3c63c
      [   24.963622] R10: 18b873fbab2b964c R11: be06b38235f3c63c R12: 0000000000000001
      [   24.963705] R13: ffff88800c26f84c R14: ffff8880063f0ff8 R15: ffff88800c26e644
      [   24.963788] FS:  00007effcea327c0(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000
      [   24.963871] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   24.963941] CR2: ffff88800c223200 CR3: 000000000eaa2000 CR4: 00000000000006b0
      [   24.964018] note: wpa_supplicant[391] exited with irqs disabled
      
      Fixes: d1369e51 ("wifi: mt76: connac: introduce mt76_connac_mcu_sta_wed_update utility routine")
      Signed-off-by: default avatarLorenzo Bianconi <lorenzo@kernel.org>
      Acked-by: default avatarFelix Fietkau <nbd@nbd.name>
      Signed-off-by: default avatarKalle Valo <kvalo@kernel.org>
      Link: https://lore.kernel.org/r/c42168429453474213fa8244bf4b069de4531f40.1678124335.git.lorenzo@kernel.org
      5683e148
    • Felix Fietkau's avatar
      wifi: mt76: mt7915: add back 160MHz channel width support for MT7915 · c2f73eac
      Felix Fietkau authored
      A number of users reported that this support was working fine before
      it got removed. Add it back, but leave out the unsupported 80+80 mode.
      
      Fixes: ac922bd6 ("wifi: mt76: mt7915: remove BW160 and BW80+80 support")
      Signed-off-by: default avatarFelix Fietkau <nbd@nbd.name>
      Signed-off-by: default avatarKalle Valo <kvalo@kernel.org>
      Link: https://lore.kernel.org/r/20230301163739.52314-1-nbd@nbd.name
      c2f73eac
    • Lorenzo Bianconi's avatar
      wifi: mt76: do not run mt76_unregister_device() on unregistered hw · 41130c32
      Lorenzo Bianconi authored
      Trying to probe a mt7921e pci card without firmware results in a
      successful probe where ieee80211_register_hw hasn't been called. When
      removing the driver, ieee802111_unregister_hw is called unconditionally
      leading to a kernel NULL pointer dereference.
      Fix the issue running mt76_unregister_device routine just for registered
      hw.
      
      Link: https://bugs.debian.org/1029116
      Link: https://bugs.kali.org/view.php?id=8140Reported-by: default avatarStuart Hayhurst <stuart.a.hayhurst@gmail.com>
      Fixes: 1c71e03a ("mt76: mt7921: move mt7921_init_hw in a dedicated work")
      Tested-by: default avatarHelmut Grohne <helmut@freexian.com>
      Signed-off-by: default avatarLorenzo Bianconi <lorenzo@kernel.org>
      Signed-off-by: default avatarKalle Valo <kvalo@kernel.org>
      Link: https://lore.kernel.org/r/be3457d82f4e44bb71a22b2b5db27b644a37b1e1.1677107277.git.lorenzo@kernel.org
      41130c32
  6. 10 Mar, 2023 4 commits
  7. 09 Mar, 2023 12 commits
    • Linus Torvalds's avatar
      Merge tag 'net-6.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 44889ba5
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Including fixes from netfilter and bpf.
      
        Current release - regressions:
      
         - core: avoid skb end_offset change in __skb_unclone_keeptruesize()
      
         - sched:
            - act_connmark: handle errno on tcf_idr_check_alloc
            - flower: fix fl_change() error recovery path
      
         - ieee802154: prevent user from crashing the host
      
        Current release - new code bugs:
      
         - eth: bnxt_en: fix the double free during device removal
      
         - tools: ynl:
            - fix enum-as-flags in the generic CLI
            - fully inherit attrs in subsets
            - re-license uniformly under GPL-2.0 or BSD-3-clause
      
        Previous releases - regressions:
      
         - core: use indirect calls helpers for sk_exit_memory_pressure()
      
         - tls:
            - fix return value for async crypto
            - avoid hanging tasks on the tx_lock
      
         - eth: ice: copy last block omitted in ice_get_module_eeprom()
      
        Previous releases - always broken:
      
         - core: avoid double iput when sock_alloc_file fails
      
         - af_unix: fix struct pid leaks in OOB support
      
         - tls:
            - fix possible race condition
            - fix device-offloaded sendpage straddling records
      
         - bpf:
            - sockmap: fix an infinite loop error
            - test_run: fix &xdp_frame misplacement for LIVE_FRAMES
            - fix resolving BTF_KIND_VAR after ARRAY, STRUCT, UNION, PTR
      
         - netfilter: tproxy: fix deadlock due to missing BH disable
      
         - phylib: get rid of unnecessary locking
      
         - eth: bgmac: fix *initial* chip reset to support BCM5358
      
         - eth: nfp: fix csum for ipsec offload
      
         - eth: mtk_eth_soc: fix RX data corruption issue
      
        Misc:
      
         - usb: qmi_wwan: add telit 0x1080 composition"
      
      * tag 'net-6.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (64 commits)
        tools: ynl: fix enum-as-flags in the generic CLI
        tools: ynl: move the enum classes to shared code
        net: avoid double iput when sock_alloc_file fails
        af_unix: fix struct pid leaks in OOB support
        eth: fealnx: bring back this old driver
        net: dsa: mt7530: permit port 5 to work without port 6 on MT7621 SoC
        net: microchip: sparx5: fix deletion of existing DSCP mappings
        octeontx2-af: Unlock contexts in the queue context cache in case of fault detection
        net/smc: fix fallback failed while sendmsg with fastopen
        ynl: re-license uniformly under GPL-2.0 OR BSD-3-Clause
        mailmap: update entries for Stephen Hemminger
        mailmap: add entry for Maxim Mikityanskiy
        nfc: change order inside nfc_se_io error path
        ethernet: ice: avoid gcc-9 integer overflow warning
        ice: don't ignore return codes in VSI related code
        ice: Fix DSCP PFC TLV creation
        net: usb: qmi_wwan: add Telit 0x1080 composition
        net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
        netfilter: conntrack: adopt safer max chain length
        net: tls: fix device-offloaded sendpage straddling records
        ...
      44889ba5
    • Linus Torvalds's avatar
      Merge tag 'for-linus-2023030901' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid · 2653e3fe
      Linus Torvalds authored
      Pull HID fixes from Benjamin Tissoires:
      
       - fix potential out of bound write of zeroes in HID core with a
         specially crafted uhid device (Lee Jones)
      
       - fix potential use-after-free in work function in intel-ish-hid (Reka
         Norman)
      
       - selftests config fixes (Benjamin Tissoires)
      
       - few device small fixes and support
      
      * tag 'for-linus-2023030901' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
        HID: intel-ish-hid: ipc: Fix potential use-after-free in work function
        HID: logitech-hidpp: Add support for Logitech MX Master 3S mouse
        HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded
        selftest: hid: fix hid_bpf not set in config
        HID: uhid: Over-ride the default maximum data buffer value with our own
        HID: core: Provide new max_buffer_size attribute to over-ride the default
      2653e3fe
    • Linus Torvalds's avatar
      Merge tag 'm68k-for-v6.3-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k · c70e9b8e
      Linus Torvalds authored
      Pull m68k fixes from Geert Uytterhoeven:
      
       - Fix systems with memory at end of 32-bit address space
      
       - Fix initrd on systems where memory does not start at address zero
      
       - Fix 68030 handling of bus errors for addresses in exception tables
      
      * tag 'm68k-for-v6.3-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
        m68k: Only force 030 bus error if PC not in exception table
        m68k: mm: Move initrd phys_to_virt handling after paging_init()
        m68k: mm: Fix systems with memory at end of 32-bit address space
      c70e9b8e
    • Al Viro's avatar
      sh: sanitize the flags on sigreturn · 573b22cc
      Al Viro authored
      We fetch %SR value from sigframe; it might have been modified by signal
      handler, so we can't trust it with any bits that are not modifiable in
      user mode.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Cc: Rich Felker <dalias@libc.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      573b22cc
    • Paolo Abeni's avatar
      Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue · 67eeadf2
      Paolo Abeni authored
      Tony Nguyen says:
      
      ====================
      Intel Wired LAN Driver Updates 2023-03-07 (ice)
      
      This series contains updates to ice driver only.
      
      Dave removes masking from pfcena field as it was incorrectly preventing
      valid traffic classes from being enabled.
      
      Michal resolves various smatch issues such as not propagating error
      codes and returning 0 explicitly.
      
      Arnd Bergmann resolves gcc-9 warning for integer overflow.
      
      * '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue:
        ethernet: ice: avoid gcc-9 integer overflow warning
        ice: don't ignore return codes in VSI related code
        ice: Fix DSCP PFC TLV creation
      ====================
      
      Link: https://lore.kernel.org/r/20230307220714.3997294-1-anthony.l.nguyen@intel.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      67eeadf2
    • Jakub Kicinski's avatar
      Merge branch 'tools-ynl-fix-enum-as-flags-in-the-generic-cli' · 2d8cb0bf
      Jakub Kicinski authored
      Jakub Kicinski says:
      
      ====================
      tools: ynl: fix enum-as-flags in the generic CLI
      
      The CLI needs to use proper classes when looking at Enum definitions
      rather than interpreting the YAML spec ad-hoc, because we have more
      than on format of the definition supported.
      ====================
      
      Link: https://lore.kernel.org/r/20230308003923.445268-1-kuba@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      2d8cb0bf
    • Jakub Kicinski's avatar
      tools: ynl: fix enum-as-flags in the generic CLI · c311aaa7
      Jakub Kicinski authored
      Lorenzo points out that the generic CLI is broken for the netdev
      family. When I added the support for documentation of enums
      (and sparse enums) the client script was not updated.
      It expects the values in enum to be a list of names,
      now it can also be a dict (YAML object).
      Reported-by: default avatarLorenzo Bianconi <lorenzo@kernel.org>
      Fixes: e4b48ed4 ("tools: ynl: add a completely generic client")
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      c311aaa7
    • Jakub Kicinski's avatar
      tools: ynl: move the enum classes to shared code · 6517a60b
      Jakub Kicinski authored
      Move bulk of the EnumSet and EnumEntry code to shared
      code for reuse by cli.
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      6517a60b
    • Thadeu Lima de Souza Cascardo's avatar
      net: avoid double iput when sock_alloc_file fails · 649c15c7
      Thadeu Lima de Souza Cascardo authored
      When sock_alloc_file fails to allocate a file, it will call sock_release.
      __sys_socket_file should then not call sock_release again, otherwise there
      will be a double free.
      
      [   89.319884] ------------[ cut here ]------------
      [   89.320286] kernel BUG at fs/inode.c:1764!
      [   89.320656] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
      [   89.321051] CPU: 7 PID: 125 Comm: iou-sqp-124 Not tainted 6.2.0+ #361
      [   89.321535] RIP: 0010:iput+0x1ff/0x240
      [   89.321808] Code: d1 83 e1 03 48 83 f9 02 75 09 48 81 fa 00 10 00 00 77 05 83 e2 01 75 1f 4c 89 ef e8 fb d2 ba 00 e9 80 fe ff ff c3 cc cc cc cc <0f> 0b 0f 0b e9 d0 fe ff ff 0f 0b eb 8d 49 8d b4 24 08 01 00 00 48
      [   89.322760] RSP: 0018:ffffbdd60068bd50 EFLAGS: 00010202
      [   89.323036] RAX: 0000000000000000 RBX: ffff9d7ad3cacac0 RCX: 0000000000001107
      [   89.323412] RDX: 000000000003af00 RSI: 0000000000000000 RDI: ffff9d7ad3cacb40
      [   89.323785] RBP: ffffbdd60068bd68 R08: ffffffffffffffff R09: ffffffffab606438
      [   89.324157] R10: ffffffffacb3dfa0 R11: 6465686361657256 R12: ffff9d7ad3cacb40
      [   89.324529] R13: 0000000080000001 R14: 0000000080000001 R15: 0000000000000002
      [   89.324904] FS:  00007f7b28516740(0000) GS:ffff9d7aeb1c0000(0000) knlGS:0000000000000000
      [   89.325328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   89.325629] CR2: 00007f0af52e96c0 CR3: 0000000002a02006 CR4: 0000000000770ee0
      [   89.326004] PKRU: 55555554
      [   89.326161] Call Trace:
      [   89.326298]  <TASK>
      [   89.326419]  __sock_release+0xb5/0xc0
      [   89.326632]  __sys_socket_file+0xb2/0xd0
      [   89.326844]  io_socket+0x88/0x100
      [   89.327039]  ? io_issue_sqe+0x6a/0x430
      [   89.327258]  io_issue_sqe+0x67/0x430
      [   89.327450]  io_submit_sqes+0x1fe/0x670
      [   89.327661]  io_sq_thread+0x2e6/0x530
      [   89.327859]  ? __pfx_autoremove_wake_function+0x10/0x10
      [   89.328145]  ? __pfx_io_sq_thread+0x10/0x10
      [   89.328367]  ret_from_fork+0x29/0x50
      [   89.328576] RIP: 0033:0x0
      [   89.328732] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
      [   89.329073] RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
      [   89.329477] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7b28637a3d
      [   89.329845] RDX: 00007fff4e4318a8 RSI: 00007fff4e4318b0 RDI: 0000000000000400
      [   89.330216] RBP: 00007fff4e431830 R08: 00007fff4e431711 R09: 00007fff4e4318b0
      [   89.330584] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff4e441b38
      [   89.330950] R13: 0000563835e3e725 R14: 0000563835e40d10 R15: 00007f7b28784040
      [   89.331318]  </TASK>
      [   89.331441] Modules linked in:
      [   89.331617] ---[ end trace 0000000000000000 ]---
      
      Fixes: da214a47 ("net: add __sys_socket_file()")
      Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
      Reviewed-by: default avatarJens Axboe <axboe@kernel.dk>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Reviewed-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Link: https://lore.kernel.org/r/20230307173707.468744-1-cascardo@canonical.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      649c15c7
    • Eric Dumazet's avatar
      af_unix: fix struct pid leaks in OOB support · 2aab4b96
      Eric Dumazet authored
      syzbot reported struct pid leak [1].
      
      Issue is that queue_oob() calls maybe_add_creds() which potentially
      holds a reference on a pid.
      
      But skb->destructor is not set (either directly or by calling
      unix_scm_to_skb())
      
      This means that subsequent kfree_skb() or consume_skb() would leak
      this reference.
      
      In this fix, I chose to fully support scm even for the OOB message.
      
      [1]
      BUG: memory leak
      unreferenced object 0xffff8881053e7f80 (size 128):
      comm "syz-executor242", pid 5066, jiffies 4294946079 (age 13.220s)
      hex dump (first 32 bytes):
      01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
      backtrace:
      [<ffffffff812ae26a>] alloc_pid+0x6a/0x560 kernel/pid.c:180
      [<ffffffff812718df>] copy_process+0x169f/0x26c0 kernel/fork.c:2285
      [<ffffffff81272b37>] kernel_clone+0xf7/0x610 kernel/fork.c:2684
      [<ffffffff812730cc>] __do_sys_clone+0x7c/0xb0 kernel/fork.c:2825
      [<ffffffff849ad699>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
      [<ffffffff849ad699>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
      [<ffffffff84a0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
      
      Fixes: 314001f0 ("af_unix: Add OOB support")
      Reported-by: syzbot+7699d9e5635c10253a27@syzkaller.appspotmail.com
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Rao Shoaib <rao.shoaib@oracle.com>
      Reviewed-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Link: https://lore.kernel.org/r/20230307164530.771896-1-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      2aab4b96
    • Jakub Kicinski's avatar
      eth: fealnx: bring back this old driver · 8f148208
      Jakub Kicinski authored
      This reverts commit d5e2d038.
      
      We have a report of this chip being used on a
      
        SURECOM EP-320X-S 100/10M Ethernet PCI Adapter
      
      which could still have been purchased in some parts
      of the world 3 years ago.
      
      Cc: stable@vger.kernel.org
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=217151
      Fixes: d5e2d038 ("eth: fealnx: delete the driver for Myson MTD-800")
      Link: https://lore.kernel.org/r/20230307171930.4008454-1-kuba@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      8f148208
    • Vladimir Oltean's avatar
      net: dsa: mt7530: permit port 5 to work without port 6 on MT7621 SoC · c8b8a3c6
      Vladimir Oltean authored
      The MT7530 switch from the MT7621 SoC has 2 ports which can be set up as
      internal: port 5 and 6. Arınç reports that the GMAC1 attached to port 5
      receives corrupted frames, unless port 6 (attached to GMAC0) has been
      brought up by the driver. This is true regardless of whether port 5 is
      used as a user port or as a CPU port (carrying DSA tags).
      
      Offline debugging (blind for me) which began in the linked thread showed
      experimentally that the configuration done by the driver for port 6
      contains a step which is needed by port 5 as well - the write to
      CORE_GSWPLL_GRP2 (note that I've no idea as to what it does, apart from
      the comment "Set core clock into 500Mhz"). Prints put by Arınç show that
      the reset value of CORE_GSWPLL_GRP2 is RG_GSWPLL_POSDIV_500M(1) |
      RG_GSWPLL_FBKDIV_500M(40) (0x128), both on the MCM MT7530 from the
      MT7621 SoC, as well as on the standalone MT7530 from MT7623NI Bananapi
      BPI-R2. Apparently, port 5 on the standalone MT7530 can work under both
      values of the register, while on the MT7621 SoC it cannot.
      
      The call path that triggers the register write is:
      
      mt753x_phylink_mac_config() for port 6
      -> mt753x_pad_setup()
         -> mt7530_pad_clk_setup()
      
      so this fully explains the behavior noticed by Arınç, that bringing port
      6 up is necessary.
      
      The simplest fix for the problem is to extract the register writes which
      are needed for both port 5 and 6 into a common mt7530_pll_setup()
      function, which is called at mt7530_setup() time, immediately after
      switch reset. We can argue that this mirrors the code layout introduced
      in mt7531_setup() by commit 42bc4faf ("net: mt7531: only do PLL once
      after the reset"), in that the PLL setup has the exact same positioning,
      and further work to consolidate the separate setup() functions is not
      hindered.
      
      Testing confirms that:
      
      - the slight reordering of writes to MT7530_P6ECR and to
        CORE_GSWPLL_GRP1 / CORE_GSWPLL_GRP2 introduced by this change does not
        appear to cause problems for the operation of port 6 on MT7621 and on
        MT7623 (where port 5 also always worked)
      
      - packets sent through port 5 are not corrupted anymore, regardless of
        whether port 6 is enabled by phylink or not (or even present in the
        device tree)
      
      My algorithm for determining the Fixes: tag is as follows. Testing shows
      that some logic from mt7530_pad_clk_setup() is needed even for port 5.
      Prior to commit ca366d6c ("net: dsa: mt7530: Convert to PHYLINK
      API"), a call did exist for all phy_is_pseudo_fixed_link() ports - so
      port 5 included. That commit replaced it with a temporary "Port 5 is not
      supported!" comment, and the following commit 38f790a8 ("net: dsa:
      mt7530: Add support for port 5") replaced that comment with a
      configuration procedure in mt7530_setup_port5() which was insufficient
      for port 5 to work. I'm laying the blame on the patch that claimed
      support for port 5, although one would have also needed the change from
      commit c3b8e079 ("net: dsa: mt7530: setup core clock even in TRGMII
      mode") for the write to be performed completely independently from port
      6's configuration.
      
      Thanks go to Arınç for describing the problem, for debugging and for
      testing.
      Reported-by: default avatarArınç ÜNAL <arinc.unal@arinc9.com>
      Link: https://lore.kernel.org/netdev/f297c2c4-6e7c-57ac-2394-f6025d309b9d@arinc9.com/
      Fixes: 38f790a8 ("net: dsa: mt7530: Add support for port 5")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Tested-by: default avatarArınç ÜNAL <arinc.unal@arinc9.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Link: https://lore.kernel.org/r/20230307155411.868573-1-vladimir.oltean@nxp.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      c8b8a3c6
  8. 08 Mar, 2023 6 commits
    • Linus Torvalds's avatar
      Merge tag 'fs_for_v6.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · 6a98c9ca
      Linus Torvalds authored
      Pull udf fixes from Jan Kara:
       "Fix bugs in UDF caused by the big pile of changes that went in during
        the merge window"
      
      * tag 'fs_for_v6.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        udf: Warn if block mapping is done for in-ICB files
        udf: Fix reading of in-ICB files
        udf: Fix lost writes in udf_adinicb_writepage()
      6a98c9ca
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v6.3-2' of... · 55ee6646
      Linus Torvalds authored
      Merge tag 'platform-drivers-x86-v6.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
      
      Pull x86 platform driver fixes from Hans de Goede:
       "A small set of assorted bug and build/warning fixes"
      
      * tag 'platform-drivers-x86-v6.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
        platform: mellanox: mlx-platform: Initialize shift variable to 0
        platform/x86: int3472: Add GPIOs to Surface Go 3 Board data
        platform/x86: ISST: Fix kernel documentation warnings
        platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it
        platform: mellanox: select REGMAP instead of depending on it
        platform/x86/intel/tpmi: Fix double free reported by Smatch
        platform/x86: ISST: Increase range of valid mail box commands
        platform/x86: dell-ddv: Fix temperature scaling
        platform/x86: dell-ddv: Fix cache invalidation on resume
        platform/x86/amd: pmc: remove CONFIG_SUSPEND checks
      55ee6646
    • Linus Torvalds's avatar
      x86/resctl: fix scheduler confusion with 'current' · 7fef0997
      Linus Torvalds authored
      The implementation of 'current' on x86 is very intentionally special: it
      is a very common thing to look up, and it uses 'this_cpu_read_stable()'
      to get the current thread pointer efficiently from per-cpu storage.
      
      And the keyword in there is 'stable': the current thread pointer never
      changes as far as a single thread is concerned.  Even if when a thread
      is preempted, or moved to another CPU, or even across an explicit call
      'schedule()' that thread will still have the same value for 'current'.
      
      It is, after all, the kernel base pointer to thread-local storage.
      That's why it's stable to begin with, but it's also why it's important
      enough that we have that special 'this_cpu_read_stable()' access for it.
      
      So this is all done very intentionally to allow the compiler to treat
      'current' as a value that never visibly changes, so that the compiler
      can do CSE and combine multiple different 'current' accesses into one.
      
      However, there is obviously one very special situation when the
      currently running thread does actually change: inside the scheduler
      itself.
      
      So the scheduler code paths are special, and do not have a 'current'
      thread at all.  Instead there are _two_ threads: the previous and the
      next thread - typically called 'prev' and 'next' (or prev_p/next_p)
      internally.
      
      So this is all actually quite straightforward and simple, and not all
      that complicated.
      
      Except for when you then have special code that is run in scheduler
      context, that code then has to be aware that 'current' isn't really a
      valid thing.  Did you mean 'prev'? Did you mean 'next'?
      
      In fact, even if then look at the code, and you use 'current' after the
      new value has been assigned to the percpu variable, we have explicitly
      told the compiler that 'current' is magical and always stable.  So the
      compiler is quite free to use an older (or newer) value of 'current',
      and the actual assignment to the percpu storage is not relevant even if
      it might look that way.
      
      Which is exactly what happened in the resctl code, that blithely used
      'current' in '__resctrl_sched_in()' when it really wanted the new
      process state (as implied by the name: we're scheduling 'into' that new
      resctl state).  And clang would end up just using the old thread pointer
      value at least in some configurations.
      
      This could have happened with gcc too, and purely depends on random
      compiler details.  Clang just seems to have been more aggressive about
      moving the read of the per-cpu current_task pointer around.
      
      The fix is trivial: just make the resctl code adhere to the scheduler
      rules of using the prev/next thread pointer explicitly, instead of using
      'current' in a situation where it just wasn't valid.
      
      That same code is then also used outside of the scheduler context (when
      a thread resctl state is explicitly changed), and then we will just pass
      in 'current' as that pointer, of course.  There is no ambiguity in that
      case.
      
      The fix may be trivial, but noticing and figuring out what went wrong
      was not.  The credit for that goes to Stephane Eranian.
      Reported-by: default avatarStephane Eranian <eranian@google.com>
      Link: https://lore.kernel.org/lkml/20230303231133.1486085-1-eranian@google.com/
      Link: https://lore.kernel.org/lkml/alpine.LFD.2.01.0908011214330.3304@localhost.localdomain/Reviewed-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Tested-by: default avatarTony Luck <tony.luck@intel.com>
      Tested-by: default avatarStephane Eranian <eranian@google.com>
      Tested-by: default avatarBabu Moger <babu.moger@amd.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7fef0997
    • Daniel Machon's avatar
      net: microchip: sparx5: fix deletion of existing DSCP mappings · cdd28833
      Daniel Machon authored
      Fix deletion of existing DSCP mappings in the APP table.
      
      Adding and deleting DSCP entries are replicated per-port, since the
      mapping table is global for all ports in the chip. Whenever a mapping
      for a DSCP value already exists, the old mapping is deleted first.
      However, it is only deleted for the specified port. Fix this by calling
      sparx5_dcb_ieee_delapp() instead of dcb_ieee_delapp() as it ought to be.
      
      Reproduce:
      
      // Map and remap DSCP value 63
      $ dcb app add dev eth0 dscp-prio 63:1
      $ dcb app add dev eth0 dscp-prio 63:2
      
      $ dcb app show dev eth0 dscp-prio
      dscp-prio 63:2
      
      $ dcb app show dev eth1 dscp-prio
      dscp-prio 63:1 63:2 <-- 63:1 should not be there
      
      Fixes: 8dcf69a6 ("net: microchip: sparx5: add support for offloading dscp table")
      Signed-off-by: default avatarDaniel Machon <daniel.machon@microchip.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cdd28833
    • Suman Ghosh's avatar
      octeontx2-af: Unlock contexts in the queue context cache in case of fault detection · ea9dd2e5
      Suman Ghosh authored
      NDC caches contexts of frequently used queue's (Rx and Tx queues)
      contexts. Due to a HW errata when NDC detects fault/poision while
      accessing contexts it could go into an illegal state where a cache
      line could get locked forever. To makesure all cache lines in NDC
      are available for optimum performance upon fault/lockerror/posion
      errors scan through all cache lines in NDC and clear the lock bit.
      
      Fixes: 4a3581cd ("octeontx2-af: NPA AQ instruction enqueue support")
      Signed-off-by: default avatarSuman Ghosh <sumang@marvell.com>
      Signed-off-by: default avatarSunil Kovvuri Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarSai Krishna <saikrishnag@marvell.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ea9dd2e5
    • D. Wythe's avatar
      net/smc: fix fallback failed while sendmsg with fastopen · ce7ca794
      D. Wythe authored
      Before determining whether the msg has unsupported options, it has been
      prematurely terminated by the wrong status check.
      
      For the application, the general usages of MSG_FASTOPEN likes
      
      fd = socket(...)
      /* rather than connect */
      sendto(fd, data, len, MSG_FASTOPEN)
      
      Hence, We need to check the flag before state check, because the sock
      state here is always SMC_INIT when applications tries MSG_FASTOPEN.
      Once we found unsupported options, fallback it to TCP.
      
      Fixes: ee9dfbef ("net/smc: handle sockopts forcing fallback")
      Signed-off-by: default avatarD. Wythe <alibuda@linux.alibaba.com>
      Signed-off-by: default avatarSimon Horman <simon.horman@corigine.com>
      
      v2 -> v1: Optimize code style
      Reviewed-by: default avatarTony Lu <tonylu@linux.alibaba.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ce7ca794
  9. 07 Mar, 2023 1 commit