1. 08 Nov, 2022 11 commits
  2. 28 Oct, 2022 22 commits
  3. 27 Oct, 2022 7 commits
    • Jakub Kicinski's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 31f1aa4f
      Jakub Kicinski authored
      drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
        2871edb3 ("can: kvaser_usb: Fix possible completions during init_completion")
        abb86709 ("can: kvaser_usb_leaf: Ignore stale bus-off after start")
        8d21f592 ("can: kvaser_usb_leaf: Fix improved state not being reported")
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      31f1aa4f
    • Linus Torvalds's avatar
      Merge tag 'net-6.1-rc3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 23758867
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from 802.15.4 (Zigbee et al).
      
        Current release - regressions:
      
         - ipa: fix bugs in the register conversion for IPA v3.1 and v3.5.1
      
        Current release - new code bugs:
      
         - mptcp: fix abba deadlock on fastopen
      
         - eth: stmmac: rk3588: allow multiple gmac controllers in one system
      
        Previous releases - regressions:
      
         - ip: rework the fix for dflt addr selection for connected nexthop
      
         - net: couple more fixes for misinterpreting bits in struct page
           after the signature was added
      
        Previous releases - always broken:
      
         - ipv6: ensure sane device mtu in tunnels
      
         - openvswitch: switch from WARN to pr_warn on a user-triggerable path
      
         - ethtool: eeprom: fix null-deref on genl_info in dump
      
         - ieee802154: more return code fixes for corner cases in
           dgram_sendmsg
      
         - mac802154: fix link-quality-indicator recording
      
         - eth: mlx5: fixes for IPsec, PTP timestamps, OvS and conntrack
           offload
      
         - eth: fec: limit register access on i.MX6UL
      
         - eth: bcm4908_enet: update TX stats after actual transmission
      
         - can: rcar_canfd: improve IRQ handling for RZ/G2L
      
        Misc:
      
         - genetlink: piggy back on the newly added resv_op_start to enforce
           more sanity checks on new commands"
      
      * tag 'net-6.1-rc3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (57 commits)
        net: enetc: survive memory pressure without crashing
        kcm: do not sense pfmemalloc status in kcm_sendpage()
        net: do not sense pfmemalloc status in skb_append_pagefrags()
        net/mlx5e: Fix macsec sci endianness at rx sa update
        net/mlx5e: Fix wrong bitwise comparison usage in macsec_fs_rx_add_rule function
        net/mlx5e: Fix macsec rx security association (SA) update/delete
        net/mlx5e: Fix macsec coverity issue at rx sa update
        net/mlx5: Fix crash during sync firmware reset
        net/mlx5: Update fw fatal reporter state on PCI handlers successful recover
        net/mlx5e: TC, Fix cloned flow attr instance dests are not zeroed
        net/mlx5e: TC, Reject forwarding from internal port to internal port
        net/mlx5: Fix possible use-after-free in async command interface
        net/mlx5: ASO, Create the ASO SQ with the correct timestamp format
        net/mlx5e: Update restore chain id for slow path packets
        net/mlx5e: Extend SKB room check to include PTP-SQ
        net/mlx5: DR, Fix matcher disconnect error flow
        net/mlx5: Wait for firmware to enable CRS before pci_restore_state
        net/mlx5e: Do not increment ESN when updating IPsec ESN state
        netdevsim: remove dir in nsim_dev_debugfs_init() when creating ports dir failed
        netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed
        ...
      23758867
    • Linus Torvalds's avatar
      Merge tag 'execve-v6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 7dd257d0
      Linus Torvalds authored
      Pull execve fixes from Kees Cook:
      
       - Fix an ancient signal action copy race (Bernd Edlinger)
      
       - Fix a memory leak in ELF loader, when under memory pressure (Li
         Zetao)
      
      * tag 'execve-v6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        fs/binfmt_elf: Fix memory leak in load_elf_binary()
        exec: Copy oldsighand->action under spin-lock
      7dd257d0
    • Linus Torvalds's avatar
      Merge tag 'hardening-v6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 2eb72d85
      Linus Torvalds authored
      Pull hardening fixes from Kees Cook:
      
       - Fix older Clang vs recent overflow KUnit test additions (Nick
         Desaulniers, Kees Cook)
      
       - Fix kern-doc visibility for overflow helpers (Kees Cook)
      
      * tag 'hardening-v6.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        overflow: Refactor test skips for Clang-specific issues
        overflow: disable failing tests for older clang versions
        overflow: Fix kern-doc markup for functions
      2eb72d85
    • Linus Torvalds's avatar
      Merge tag 'media/v6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media · 7f9a7cd6
      Linus Torvalds authored
      Pull media fixes from Mauro Carvalho Chehab:
       "A bunch of patches addressing issues in the vivid driver and adding
        new checks in V4L2 to validate the input parameters from some ioctls"
      
      * tag 'media/v6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
        media: vivid.rst: loop_video is set on the capture devnode
        media: vivid: set num_in/outputs to 0 if not supported
        media: vivid: drop GFP_DMA32
        media: vivid: fix control handler mutex deadlock
        media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
        media: v4l2-dv-timings: add sanity checks for blanking values
        media: vivid: dev->bitmap_cap wasn't freed in all cases
        media: vivid: s_fbuf: add more sanity checks
      7f9a7cd6
    • Linus Torvalds's avatar
      Merge tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt · 200204f5
      Linus Torvalds authored
      Pull fscrypt fix from Eric Biggers:
       "Fix a memory leak that was introduced by a change that went into -rc1"
      
      * tag 'fscrypt-for-linus' of git://git.kernel.org/pub/scm/fs/fscrypt/fscrypt:
        fscrypt: fix keyring memory leak on mount failure
      200204f5
    • Vladimir Oltean's avatar
      net: enetc: survive memory pressure without crashing · 84ce1ca3
      Vladimir Oltean authored
      Under memory pressure, enetc_refill_rx_ring() may fail, and when called
      during the enetc_open() -> enetc_setup_rxbdr() procedure, this is not
      checked for.
      
      An extreme case of memory pressure will result in exactly zero buffers
      being allocated for the RX ring, and in such a case it is expected that
      hardware drops all RX packets due to lack of buffers.
      
      This does not happen, because the reset-default value of the consumer
      and produces index is 0, and this makes the ENETC think that all buffers
      have been initialized and that it owns them (when in reality none were).
      
      The hardware guide explains this best:
      
      | Configure the receive ring producer index register RBaPIR with a value
      | of 0. The producer index is initially configured by software but owned
      | by hardware after the ring has been enabled. Hardware increments the
      | index when a frame is received which may consume one or more BDs.
      | Hardware is not allowed to increment the producer index to match the
      | consumer index since it is used to indicate an empty condition. The ring
      | can hold at most RBLENR[LENGTH]-1 received BDs.
      |
      | Configure the receive ring consumer index register RBaCIR. The
      | consumer index is owned by software and updated during operation of the
      | of the BD ring by software, to indicate that any receive data occupied
      | in the BD has been processed and it has been prepared for new data.
      | - If consumer index and producer index are initialized to the same
      |   value, it indicates that all BDs in the ring have been prepared and
      |   hardware owns all of the entries.
      | - If consumer index is initialized to producer index plus N, it would
      |   indicate N BDs have been prepared. Note that hardware cannot start if
      |   only a single buffer is prepared due to the restrictions described in
      |   (2).
      | - Software may write consumer index to match producer index anytime
      |   while the ring is operational to indicate all received BDs prior have
      |   been processed and new BDs prepared for hardware.
      
      Normally, the value of rx_ring->rcir (consumer index) is brought in sync
      with the rx_ring->next_to_use software index, but this only happens if
      page allocation ever succeeded.
      
      When PI==CI==0, the hardware appears to receive frames and write them to
      DMA address 0x0 (?!), then set the READY bit in the BD.
      
      The enetc_clean_rx_ring() function (and its XDP derivative) is naturally
      not prepared to handle such a condition. It will attempt to process
      those frames using the rx_swbd structure associated with index i of the
      RX ring, but that structure is not fully initialized (enetc_new_page()
      does all of that). So what happens next is undefined behavior.
      
      To operate using no buffer, we must initialize the CI to PI + 1, which
      will block the hardware from advancing the CI any further, and drop
      everything.
      
      The issue was seen while adding support for zero-copy AF_XDP sockets,
      where buffer memory comes from user space, which can even decide to
      supply no buffers at all (example: "xdpsock --txonly"). However, the bug
      is present also with the network stack code, even though it would take a
      very determined person to trigger a page allocation failure at the
      perfect time (a series of ifup/ifdown under memory pressure should
      eventually reproduce it given enough retries).
      
      Fixes: d4fd0404 ("enetc: Introduce basic PF and VF ENETC ethernet drivers")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Reviewed-by: default avatarClaudiu Manoil <claudiu.manoil@nxp.com>
      Link: https://lore.kernel.org/r/20221027182925.3256653-1-vladimir.oltean@nxp.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      84ce1ca3