1. 21 Feb, 2023 7 commits
    • Jiri Pirko's avatar
      sefltests: netdevsim: wait for devlink instance after netns removal · f922c7b1
      Jiri Pirko authored
      When devlink instance is put into network namespace and that network
      namespace gets deleted, devlink instance is moved back into init_ns.
      This is done as a part of cleanup_net() routine. Since cleanup_net()
      is called asynchronously from workqueue, there is no guarantee that
      the devlink instance move is done after "ip netns del" returns.
      
      So fix this race by making sure that the devlink instance is present
      before any other operation.
      Reported-by: default avatarAmir Tzin <amirtz@nvidia.com>
      Fixes: b74c37fd ("selftests: netdevsim: add tests for devlink reload with resources")
      Signed-off-by: default avatarJiri Pirko <jiri@nvidia.com>
      Reviewed-by: default avatarPavan Chebbi <pavan.chebbi@broadcom.com>
      Link: https://lore.kernel.org/r/20230220132336.198597-1-jiri@resnulli.usSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      f922c7b1
    • Roxana Nicolescu's avatar
      selftest: fib_tests: Always cleanup before exit · b60417a9
      Roxana Nicolescu authored
      Usage of `set -e` before executing a command causes immediate exit
      on failure, without cleanup up the resources allocated at setup.
      This can affect the next tests that use the same resources,
      leading to a chain of failures.
      
      A simple fix is to always call cleanup function when the script exists.
      This approach is already used by other existing tests.
      
      Fixes: 1056691b ("selftests: fib_tests: Make test results more verbose")
      Signed-off-by: default avatarRoxana Nicolescu <roxana.nicolescu@canonical.com>
      Link: https://lore.kernel.org/r/20230220110400.26737-2-roxana.nicolescu@canonical.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      b60417a9
    • Horatiu Vultur's avatar
      net: lan966x: Fix possible deadlock inside PTP · 3a70e0d4
      Horatiu Vultur authored
      When doing timestamping in lan966x and having PROVE_LOCKING
      enabled the following warning is shown.
      
      ========================================================
      WARNING: possible irq lock inversion dependency detected
      6.2.0-rc7-01749-gc54e1f7f7e36 #2786 Tainted: G                 N
      --------------------------------------------------------
      swapper/0/0 just changed the state of lock:
      c2609f50 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0x16c/0x2e8
      but this lock took another, SOFTIRQ-unsafe lock in the past:
       (&lan966x->ptp_ts_id_lock){+.+.}-{2:2}
      
      and interrupts could create inverse lock ordering between them.
      
      other info that might help us debug this:
       Possible interrupt unsafe locking scenario:
      
             CPU0                    CPU1
             ----                    ----
        lock(&lan966x->ptp_ts_id_lock);
                                     local_irq_disable();
                                     lock(_xmit_ETHER#2);
                                     lock(&lan966x->ptp_ts_id_lock);
        <Interrupt>
          lock(_xmit_ETHER#2);
      
       *** DEADLOCK ***
      
      5 locks held by swapper/0/0:
       #0: c1001e18 ((&ndev->rs_timer)){+.-.}-{0:0}, at: call_timer_fn+0x0/0x33c
       #1: c105e7c4 (rcu_read_lock){....}-{1:2}, at: ndisc_send_skb+0x134/0x81c
       #2: c105e7d8 (rcu_read_lock_bh){....}-{1:2}, at: ip6_finish_output2+0x17c/0xc64
       #3: c105e7d8 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x4c/0x1224
       #4: c3056174 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x354/0x1224
      
      the shortest dependencies between 2nd lock and 1st lock:
       -> (&lan966x->ptp_ts_id_lock){+.+.}-{2:2} {
          HARDIRQ-ON-W at:
                            lock_acquire.part.0+0xb0/0x248
                            _raw_spin_lock+0x38/0x48
                            lan966x_ptp_irq_handler+0x164/0x2a8
                            irq_thread_fn+0x1c/0x78
                            irq_thread+0x130/0x278
                            kthread+0xec/0x110
                            ret_from_fork+0x14/0x28
          SOFTIRQ-ON-W at:
                            lock_acquire.part.0+0xb0/0x248
                            _raw_spin_lock+0x38/0x48
                            lan966x_ptp_irq_handler+0x164/0x2a8
                            irq_thread_fn+0x1c/0x78
                            irq_thread+0x130/0x278
                            kthread+0xec/0x110
                            ret_from_fork+0x14/0x28
          INITIAL USE at:
                           lock_acquire.part.0+0xb0/0x248
                           _raw_spin_lock_irqsave+0x4c/0x68
                           lan966x_ptp_txtstamp_request+0x128/0x1cc
                           lan966x_port_xmit+0x224/0x43c
                           dev_hard_start_xmit+0xa8/0x2f0
                           sch_direct_xmit+0x108/0x2e8
                           __dev_queue_xmit+0x41c/0x1224
                           packet_sendmsg+0xdb4/0x134c
                           __sys_sendto+0xd0/0x154
                           sys_send+0x18/0x20
                           ret_fast_syscall+0x0/0x1c
        }
        ... key      at: [<c174ba0c>] __key.2+0x0/0x8
        ... acquired at:
         _raw_spin_lock_irqsave+0x4c/0x68
         lan966x_ptp_txtstamp_request+0x128/0x1cc
         lan966x_port_xmit+0x224/0x43c
         dev_hard_start_xmit+0xa8/0x2f0
         sch_direct_xmit+0x108/0x2e8
         __dev_queue_xmit+0x41c/0x1224
         packet_sendmsg+0xdb4/0x134c
         __sys_sendto+0xd0/0x154
         sys_send+0x18/0x20
         ret_fast_syscall+0x0/0x1c
      
      -> (_xmit_ETHER#2){+.-.}-{2:2} {
         HARDIRQ-ON-W at:
                          lock_acquire.part.0+0xb0/0x248
                          _raw_spin_lock+0x38/0x48
                          netif_freeze_queues+0x38/0x68
                          dev_deactivate_many+0xac/0x388
                          dev_deactivate+0x38/0x6c
                          linkwatch_do_dev+0x70/0x8c
                          __linkwatch_run_queue+0xd4/0x1e8
                          linkwatch_event+0x24/0x34
                          process_one_work+0x284/0x744
                          worker_thread+0x28/0x4bc
                          kthread+0xec/0x110
                          ret_from_fork+0x14/0x28
         IN-SOFTIRQ-W at:
                          lock_acquire.part.0+0xb0/0x248
                          _raw_spin_lock+0x38/0x48
                          sch_direct_xmit+0x16c/0x2e8
                          __dev_queue_xmit+0x41c/0x1224
                          ip6_finish_output2+0x5f4/0xc64
                          ndisc_send_skb+0x4cc/0x81c
                          addrconf_rs_timer+0xb0/0x2f8
                          call_timer_fn+0xb4/0x33c
                          expire_timers+0xb4/0x10c
                          run_timer_softirq+0xf8/0x2a8
                          __do_softirq+0xd4/0x5fc
                          __irq_exit_rcu+0x138/0x17c
                          irq_exit+0x8/0x28
                          __irq_svc+0x90/0xbc
                          arch_cpu_idle+0x30/0x3c
                          default_idle_call+0x44/0xac
                          do_idle+0xc8/0x138
                          cpu_startup_entry+0x18/0x1c
                          rest_init+0xcc/0x168
                          arch_post_acpi_subsys_init+0x0/0x8
         INITIAL USE at:
                         lock_acquire.part.0+0xb0/0x248
                         _raw_spin_lock+0x38/0x48
                         netif_freeze_queues+0x38/0x68
                         dev_deactivate_many+0xac/0x388
                         dev_deactivate+0x38/0x6c
                         linkwatch_do_dev+0x70/0x8c
                         __linkwatch_run_queue+0xd4/0x1e8
                         linkwatch_event+0x24/0x34
                         process_one_work+0x284/0x744
                         worker_thread+0x28/0x4bc
                         kthread+0xec/0x110
                         ret_from_fork+0x14/0x28
       }
       ... key      at: [<c175974c>] netdev_xmit_lock_key+0x8/0x1c8
       ... acquired at:
         __lock_acquire+0x978/0x2978
         lock_acquire.part.0+0xb0/0x248
         _raw_spin_lock+0x38/0x48
         sch_direct_xmit+0x16c/0x2e8
         __dev_queue_xmit+0x41c/0x1224
         ip6_finish_output2+0x5f4/0xc64
         ndisc_send_skb+0x4cc/0x81c
         addrconf_rs_timer+0xb0/0x2f8
         call_timer_fn+0xb4/0x33c
         expire_timers+0xb4/0x10c
         run_timer_softirq+0xf8/0x2a8
         __do_softirq+0xd4/0x5fc
         __irq_exit_rcu+0x138/0x17c
         irq_exit+0x8/0x28
         __irq_svc+0x90/0xbc
         arch_cpu_idle+0x30/0x3c
         default_idle_call+0x44/0xac
         do_idle+0xc8/0x138
         cpu_startup_entry+0x18/0x1c
         rest_init+0xcc/0x168
         arch_post_acpi_subsys_init+0x0/0x8
      
      stack backtrace:
      CPU: 0 PID: 0 Comm: swapper/0 Tainted: G                 N 6.2.0-rc7-01749-gc54e1f7f7e36 #2786
      Hardware name: Generic DT based system
       unwind_backtrace from show_stack+0x10/0x14
       show_stack from dump_stack_lvl+0x58/0x70
       dump_stack_lvl from mark_lock.part.0+0x59c/0x93c
       mark_lock.part.0 from __lock_acquire+0x978/0x2978
       __lock_acquire from lock_acquire.part.0+0xb0/0x248
       lock_acquire.part.0 from _raw_spin_lock+0x38/0x48
       _raw_spin_lock from sch_direct_xmit+0x16c/0x2e8
       sch_direct_xmit from __dev_queue_xmit+0x41c/0x1224
       __dev_queue_xmit from ip6_finish_output2+0x5f4/0xc64
       ip6_finish_output2 from ndisc_send_skb+0x4cc/0x81c
       ndisc_send_skb from addrconf_rs_timer+0xb0/0x2f8
       addrconf_rs_timer from call_timer_fn+0xb4/0x33c
       call_timer_fn from expire_timers+0xb4/0x10c
       expire_timers from run_timer_softirq+0xf8/0x2a8
       run_timer_softirq from __do_softirq+0xd4/0x5fc
       __do_softirq from __irq_exit_rcu+0x138/0x17c
       __irq_exit_rcu from irq_exit+0x8/0x28
       irq_exit from __irq_svc+0x90/0xbc
      Exception stack(0xc1001f20 to 0xc1001f68)
      1f20: ffffffff ffffffff 00000001 c011f840 c100e000 c100e000 c1009314 c1009370
      1f40: c10f0c1a c0d5e564 c0f5da8c 00000000 00000000 c1001f70 c010f0bc c010f0c0
      1f60: 600f0013 ffffffff
       __irq_svc from arch_cpu_idle+0x30/0x3c
       arch_cpu_idle from default_idle_call+0x44/0xac
       default_idle_call from do_idle+0xc8/0x138
       do_idle from cpu_startup_entry+0x18/0x1c
       cpu_startup_entry from rest_init+0xcc/0x168
       rest_init from arch_post_acpi_subsys_init+0x0/0x8
      
      Fix this by using spin_lock_irqsave/spin_lock_irqrestore also
      inside lan966x_ptp_irq_handler.
      
      Fixes: e85a96e4 ("net: lan966x: Add support for ptp interrupts")
      Signed-off-by: default avatarHoratiu Vultur <horatiu.vultur@microchip.com>
      Link: https://lore.kernel.org/r/20230217210917.2649365-1-horatiu.vultur@microchip.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      3a70e0d4
    • Stefan Schmidt's avatar
      MAINTAINERS: Add Miquel Raynal as additional maintainer for ieee802154 · 195d6cc9
      Stefan Schmidt authored
      We are growing the maintainer team for ieee802154 to spread the load for
      review and general maintenance. Miquel has been driving the subsystem
      forward over the last year and we would like to welcome him as a
      maintainer.
      Signed-off-by: default avatarStefan Schmidt <stefan@datenfreihafen.org>
      Acked-by: default avatarMiquel Raynal <miquel.raynal@bootlin.com>
      Link: https://lore.kernel.org/r/20230218211317.284889-4-stefan@datenfreihafen.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      195d6cc9
    • Stefan Schmidt's avatar
      MAINTAINERS: Switch maintenance for mrf24j40 driver over · 6b441772
      Stefan Schmidt authored
      Alan Ott has not been actively working on the driver or reviewing
      patches for several years. I have been taking odd fixes in through the
      wpan/ieee802154 tree. Update the MAINTAINERS file to reflect this
      reality. I wanted to thank Alan for his work on the driver.
      Signed-off-by: default avatarStefan Schmidt <stefan@datenfreihafen.org>
      Link: https://lore.kernel.org/r/20230218211317.284889-3-stefan@datenfreihafen.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      6b441772
    • Stefan Schmidt's avatar
      MAINTAINERS: Switch maintenance for mcr20a driver over · d1b4b411
      Stefan Schmidt authored
      Xue Liu has not been actively working on the driver or reviewing
      patches for several years. I have been taking odd fixes in through the
      wpan/ieee802154 tree. Update the MAINTAINERS file to reflect this
      reality. I wanted to thank Xue Liu for his work on the driver.
      Signed-off-by: default avatarStefan Schmidt <stefan@datenfreihafen.org>
      Link: https://lore.kernel.org/r/20230218211317.284889-2-stefan@datenfreihafen.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      d1b4b411
    • Stefan Schmidt's avatar
      MAINTAINERS: Switch maintenance for cc2520 driver over · c551c569
      Stefan Schmidt authored
      Varka Bhadram has not been actively working on the driver or reviewing
      patches for several years. I have been taking odd fixes in through the
      wpan/ieee802154 tree. Update the MAINTAINERS file to reflect this
      reality. I wanted to thank Varka for his work on the driver.
      Signed-off-by: default avatarStefan Schmidt <stefan@datenfreihafen.org>
      Link: https://lore.kernel.org/r/20230218211317.284889-1-stefan@datenfreihafen.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      c551c569
  2. 20 Feb, 2023 6 commits
    • Doug Berger's avatar
      net: bcmgenet: fix MoCA LED control · a7515af9
      Doug Berger authored
      When the bcmgenet_mii_config() code was refactored it was missed
      that the LED control for the MoCA interface got overwritten by
      the port_ctrl value. Its previous programming is restored here.
      
      Fixes: 4f8d81b7 ("net: bcmgenet: Refactor register access in bcmgenet_mii_config")
      Signed-off-by: default avatarDoug Berger <opendmb@gmail.com>
      Acked-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a7515af9
    • Shigeru Yoshida's avatar
      l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register() · 9ca5e7ec
      Shigeru Yoshida authored
      When a file descriptor of pppol2tp socket is passed as file descriptor
      of UDP socket, a recursive deadlock occurs in l2tp_tunnel_register().
      This situation is reproduced by the following program:
      
      int main(void)
      {
      	int sock;
      	struct sockaddr_pppol2tp addr;
      
      	sock = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
      	if (sock < 0) {
      		perror("socket");
      		return 1;
      	}
      
      	addr.sa_family = AF_PPPOX;
      	addr.sa_protocol = PX_PROTO_OL2TP;
      	addr.pppol2tp.pid = 0;
      	addr.pppol2tp.fd = sock;
      	addr.pppol2tp.addr.sin_family = PF_INET;
      	addr.pppol2tp.addr.sin_port = htons(0);
      	addr.pppol2tp.addr.sin_addr.s_addr = inet_addr("192.168.0.1");
      	addr.pppol2tp.s_tunnel = 1;
      	addr.pppol2tp.s_session = 0;
      	addr.pppol2tp.d_tunnel = 0;
      	addr.pppol2tp.d_session = 0;
      
      	if (connect(sock, (const struct sockaddr *)&addr, sizeof(addr)) < 0) {
      		perror("connect");
      		return 1;
      	}
      
      	return 0;
      }
      
      This program causes the following lockdep warning:
      
       ============================================
       WARNING: possible recursive locking detected
       6.2.0-rc5-00205-gc9661827 #56 Not tainted
       --------------------------------------------
       repro/8607 is trying to acquire lock:
       ffff8880213c8130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: l2tp_tunnel_register+0x2b7/0x11c0
      
       but task is already holding lock:
       ffff8880213c8130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0xa82/0x1a30
      
       other info that might help us debug this:
        Possible unsafe locking scenario:
      
              CPU0
              ----
         lock(sk_lock-AF_PPPOX);
         lock(sk_lock-AF_PPPOX);
      
        *** DEADLOCK ***
      
        May be due to missing lock nesting notation
      
       1 lock held by repro/8607:
        #0: ffff8880213c8130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppol2tp_connect+0xa82/0x1a30
      
       stack backtrace:
       CPU: 0 PID: 8607 Comm: repro Not tainted 6.2.0-rc5-00205-gc9661827 #56
       Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014
       Call Trace:
        <TASK>
        dump_stack_lvl+0x100/0x178
        __lock_acquire.cold+0x119/0x3b9
        ? lockdep_hardirqs_on_prepare+0x410/0x410
        lock_acquire+0x1e0/0x610
        ? l2tp_tunnel_register+0x2b7/0x11c0
        ? lock_downgrade+0x710/0x710
        ? __fget_files+0x283/0x3e0
        lock_sock_nested+0x3a/0xf0
        ? l2tp_tunnel_register+0x2b7/0x11c0
        l2tp_tunnel_register+0x2b7/0x11c0
        ? sprintf+0xc4/0x100
        ? l2tp_tunnel_del_work+0x6b0/0x6b0
        ? debug_object_deactivate+0x320/0x320
        ? lockdep_init_map_type+0x16d/0x7a0
        ? lockdep_init_map_type+0x16d/0x7a0
        ? l2tp_tunnel_create+0x2bf/0x4b0
        ? l2tp_tunnel_create+0x3c6/0x4b0
        pppol2tp_connect+0x14e1/0x1a30
        ? pppol2tp_put_sk+0xd0/0xd0
        ? aa_sk_perm+0x2b7/0xa80
        ? aa_af_perm+0x260/0x260
        ? bpf_lsm_socket_connect+0x9/0x10
        ? pppol2tp_put_sk+0xd0/0xd0
        __sys_connect_file+0x14f/0x190
        __sys_connect+0x133/0x160
        ? __sys_connect_file+0x190/0x190
        ? lockdep_hardirqs_on+0x7d/0x100
        ? ktime_get_coarse_real_ts64+0x1b7/0x200
        ? ktime_get_coarse_real_ts64+0x147/0x200
        ? __audit_syscall_entry+0x396/0x500
        __x64_sys_connect+0x72/0xb0
        do_syscall_64+0x38/0xb0
        entry_SYSCALL_64_after_hwframe+0x63/0xcd
      
      This patch fixes the issue by getting/creating the tunnel before
      locking the pppol2tp socket.
      
      Fixes: 0b2c5972 ("l2tp: close all race conditions in l2tp_tunnel_register()")
      Cc: Cong Wang <cong.wang@bytedance.com>
      Signed-off-by: default avatarShigeru Yoshida <syoshida@redhat.com>
      Reviewed-by: default avatarGuillaume Nault <gnault@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9ca5e7ec
    • Jakub Sitnicki's avatar
      selftests/net: Interpret UDP_GRO cmsg data as an int value · 43686409
      Jakub Sitnicki authored
      Data passed to user-space with a (SOL_UDP, UDP_GRO) cmsg carries an
      int (see udp_cmsg_recv), not a u16 value, as strace confirms:
      
        recvmsg(8, {msg_name=...,
                    msg_iov=[{iov_base="\0\0..."..., iov_len=96000}],
                    msg_iovlen=1,
                    msg_control=[{cmsg_len=20,         <-- sizeof(cmsghdr) + 4
                                  cmsg_level=SOL_UDP,
                                  cmsg_type=0x68}],    <-- UDP_GRO
                                  msg_controllen=24,
                                  msg_flags=0}, 0) = 11200
      
      Interpreting the data as an u16 value won't work on big-endian platforms.
      Since it is too late to back out of this API decision [1], fix the test.
      
      [1]: https://lore.kernel.org/netdev/20230131174601.203127-1-jakub@cloudflare.com/
      
      Fixes: 3327a9c4 ("selftests: add functionals test for UDP GRO")
      Suggested-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarJakub Sitnicki <jakub@cloudflare.com>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      43686409
    • Manish Chopra's avatar
      qede: fix interrupt coalescing configuration · 908d4bb7
      Manish Chopra authored
      On default driver load device gets configured with unexpected
      higher interrupt coalescing values instead of default expected
      values as memory allocated from krealloc() is not supposed to
      be zeroed out and may contain garbage values.
      
      Fix this by allocating the memory of required size first with
      kcalloc() and then use krealloc() to resize and preserve the
      contents across down/up of the interface.
      Signed-off-by: default avatarManish Chopra <manishc@marvell.com>
      Fixes: b0ec5489 ("qede: preserve per queue stats across up/down of interface")
      Cc: stable@vger.kernel.org
      Cc: Bhaskar Upadhaya <bupadhaya@marvell.com>
      Cc: David S. Miller <davem@davemloft.net>
      Link: https://bugzilla.redhat.com/show_bug.cgi?id=2160054Signed-off-by: default avatarAlok Prasad <palok@marvell.com>
      Signed-off-by: default avatarAriel Elior <aelior@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      908d4bb7
    • D. Wythe's avatar
      net/smc: fix application data exception · 475f9ff6
      D. Wythe authored
      There is a certain probability that following
      exceptions will occur in the wrk benchmark test:
      
      Running 10s test @ http://11.213.45.6:80
        8 threads and 64 connections
        Thread Stats   Avg      Stdev     Max   +/- Stdev
          Latency     3.72ms   13.94ms 245.33ms   94.17%
          Req/Sec     1.96k   713.67     5.41k    75.16%
        155262 requests in 10.10s, 23.10MB read
      Non-2xx or 3xx responses: 3
      
      We will find that the error is HTTP 400 error, which is a serious
      exception in our test, which means the application data was
      corrupted.
      
      Consider the following scenarios:
      
      CPU0                            CPU1
      
      buf_desc->used = 0;
                                      cmpxchg(buf_desc->used, 0, 1)
                                      deal_with(buf_desc)
      
      memset(buf_desc->cpu_addr,0);
      
      This will cause the data received by a victim connection to be cleared,
      thus triggering an HTTP 400 error in the server.
      
      This patch exchange the order between clear used and memset, add
      barrier to ensure memory consistency.
      
      Fixes: 1c552696 ("net/smc: Clear memory when release and reuse buffer")
      Signed-off-by: default avatarD. Wythe <alibuda@linux.alibaba.com>
      Reviewed-by: default avatarWenjia Zhang <wenjia@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      475f9ff6
    • D. Wythe's avatar
      net/smc: fix potential panic dues to unprotected smc_llc_srv_add_link() · e40b801b
      D. Wythe authored
      There is a certain chance to trigger the following panic:
      
      PID: 5900   TASK: ffff88c1c8af4100  CPU: 1   COMMAND: "kworker/1:48"
       #0 [ffff9456c1cc79a0] machine_kexec at ffffffff870665b7
       #1 [ffff9456c1cc79f0] __crash_kexec at ffffffff871b4c7a
       #2 [ffff9456c1cc7ab0] crash_kexec at ffffffff871b5b60
       #3 [ffff9456c1cc7ac0] oops_end at ffffffff87026ce7
       #4 [ffff9456c1cc7ae0] page_fault_oops at ffffffff87075715
       #5 [ffff9456c1cc7b58] exc_page_fault at ffffffff87ad0654
       #6 [ffff9456c1cc7b80] asm_exc_page_fault at ffffffff87c00b62
          [exception RIP: ib_alloc_mr+19]
          RIP: ffffffffc0c9cce3  RSP: ffff9456c1cc7c38  RFLAGS: 00010202
          RAX: 0000000000000000  RBX: 0000000000000002  RCX: 0000000000000004
          RDX: 0000000000000010  RSI: 0000000000000000  RDI: 0000000000000000
          RBP: ffff88c1ea281d00   R8: 000000020a34ffff   R9: ffff88c1350bbb20
          R10: 0000000000000000  R11: 0000000000000001  R12: 0000000000000000
          R13: 0000000000000010  R14: ffff88c1ab040a50  R15: ffff88c1ea281d00
          ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
       #7 [ffff9456c1cc7c60] smc_ib_get_memory_region at ffffffffc0aff6df [smc]
       #8 [ffff9456c1cc7c88] smcr_buf_map_link at ffffffffc0b0278c [smc]
       #9 [ffff9456c1cc7ce0] __smc_buf_create at ffffffffc0b03586 [smc]
      
      The reason here is that when the server tries to create a second link,
      smc_llc_srv_add_link() has no protection and may add a new link to
      link group. This breaks the security environment protected by
      llc_conf_mutex.
      
      Fixes: 2d2209f2 ("net/smc: first part of add link processing as SMC server")
      Signed-off-by: default avatarD. Wythe <alibuda@linux.alibaba.com>
      Reviewed-by: default avatarLarysa Zaremba <larysa.zaremba@intel.com>
      Reviewed-by: default avatarWenjia Zhang <wenjia@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e40b801b
  3. 17 Feb, 2023 1 commit
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2023-02-17' of git://anongit.freedesktop.org/drm/drm · ec35307e
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Just a final collection of misc fixes, the biggest disables the
        recently added dynamic debugging support, it has a regression that
        needs some bigger fixes.
      
        Otherwise a bunch of fixes across the board, vc4, amdgpu and vmwgfx
        mostly, with some smaller i915 and ast fixes.
      
        drm:
         - dynamic debug disable for now
      
        fbdev:
         - deferred i/o device close fix
      
        amdgpu:
         - Fix GC11.x suspend warning
         - Fix display warning
      
        vc4:
         - YUV planes fix
         - hdmi display fix
         - crtc reduced blanking fix
      
        ast:
         - fix start address computation
      
        vmwgfx:
         - fix bo/handle races
      
        i915:
         - gen11 WA fix"
      
      * tag 'drm-fixes-2023-02-17' of git://anongit.freedesktop.org/drm/drm:
        drm/amd/display: Fail atomic_check early on normalize_zpos error
        drm/amd/amdgpu: fix warning during suspend
        drm/vmwgfx: Do not drop the reference to the handle too soon
        drm/vmwgfx: Stop accessing buffer objects which failed init
        drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
        drm: Disable dynamic debug as broken
        drm/ast: Fix start address computation
        fbdev: Fix invalid page access after closing deferred I/O devices
        drm/vc4: crtc: Increase setup cost in core clock calculation to handle extreme reduced blanking
        drm/vc4: hdmi: Always enable GCP with AVMUTE cleared
        drm/vc4: Fix YUV plane handling when planes are in different buffers
      ec35307e
  4. 16 Feb, 2023 15 commits
  5. 15 Feb, 2023 11 commits