1. 02 Apr, 2024 4 commits
  2. 29 Mar, 2024 7 commits
  3. 28 Mar, 2024 15 commits
    • Linus Torvalds's avatar
      Merge tag 'net-6.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 50108c35
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Including fixes from bpf, WiFi and netfilter.
      
        Current release - regressions:
      
         - ipv6: fix address dump when IPv6 is disabled on an interface
      
        Current release - new code bugs:
      
         - bpf: temporarily disable atomic operations in BPF arena
      
         - nexthop: fix uninitialized variable in nla_put_nh_group_stats()
      
        Previous releases - regressions:
      
         - bpf: protect against int overflow for stack access size
      
         - hsr: fix the promiscuous mode in offload mode
      
         - wifi: don't always use FW dump trig
      
         - tls: adjust recv return with async crypto and failed copy to
           userspace
      
         - tcp: properly terminate timers for kernel sockets
      
         - ice: fix memory corruption bug with suspend and rebuild
      
         - at803x: fix kernel panic with at8031_probe
      
         - qeth: handle deferred cc1
      
        Previous releases - always broken:
      
         - bpf: fix bug in BPF_LDX_MEMSX
      
         - netfilter: reject table flag and netdev basechain updates
      
         - inet_defrag: prevent sk release while still in use
      
         - wifi: pick the version of SESSION_PROTECTION_NOTIF
      
         - wwan: t7xx: split 64bit accesses to fix alignment issues
      
         - mlxbf_gige: call request_irq() after NAPI initialized
      
         - hns3: fix kernel crash when devlink reload during pf
           initialization"
      
      * tag 'net-6.9-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (81 commits)
        inet: inet_defrag: prevent sk release while still in use
        Octeontx2-af: fix pause frame configuration in GMP mode
        net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips
        net: bcmasp: Remove phy_{suspend/resume}
        net: bcmasp: Bring up unimac after PHY link up
        net: phy: qcom: at803x: fix kernel panic with at8031_probe
        netfilter: arptables: Select NETFILTER_FAMILY_ARP when building arp_tables.c
        netfilter: nf_tables: skip netdev hook unregistration if table is dormant
        netfilter: nf_tables: reject table flag and netdev basechain updates
        netfilter: nf_tables: reject destroy command to remove basechain hooks
        bpf: update BPF LSM designated reviewer list
        bpf: Protect against int overflow for stack access size
        bpf: Check bloom filter map value size
        bpf: fix warning for crash_kexec
        selftests: netdevsim: set test timeout to 10 minutes
        net: wan: framer: Add missing static inline qualifiers
        mlxbf_gige: call request_irq() after NAPI initialized
        tls: get psock ref after taking rxlock to avoid leak
        selftests: tls: add test with a partially invalid iov
        tls: adjust recv return with async crypto and failed copy to userspace
        ...
      50108c35
    • Florian Westphal's avatar
      inet: inet_defrag: prevent sk release while still in use · 18685451
      Florian Westphal authored
      ip_local_out() and other functions can pass skb->sk as function argument.
      
      If the skb is a fragment and reassembly happens before such function call
      returns, the sk must not be released.
      
      This affects skb fragments reassembled via netfilter or similar
      modules, e.g. openvswitch or ct_act.c, when run as part of tx pipeline.
      
      Eric Dumazet made an initial analysis of this bug.  Quoting Eric:
        Calling ip_defrag() in output path is also implying skb_orphan(),
        which is buggy because output path relies on sk not disappearing.
      
        A relevant old patch about the issue was :
        8282f274 ("inet: frag: Always orphan skbs inside ip_defrag()")
      
        [..]
      
        net/ipv4/ip_output.c depends on skb->sk being set, and probably to an
        inet socket, not an arbitrary one.
      
        If we orphan the packet in ipvlan, then downstream things like FQ
        packet scheduler will not work properly.
      
        We need to change ip_defrag() to only use skb_orphan() when really
        needed, ie whenever frag_list is going to be used.
      
      Eric suggested to stash sk in fragment queue and made an initial patch.
      However there is a problem with this:
      
      If skb is refragmented again right after, ip_do_fragment() will copy
      head->sk to the new fragments, and sets up destructor to sock_wfree.
      IOW, we have no choice but to fix up sk_wmem accouting to reflect the
      fully reassembled skb, else wmem will underflow.
      
      This change moves the orphan down into the core, to last possible moment.
      As ip_defrag_offset is aliased with sk_buff->sk member, we must move the
      offset into the FRAG_CB, else skb->sk gets clobbered.
      
      This allows to delay the orphaning long enough to learn if the skb has
      to be queued or if the skb is completing the reasm queue.
      
      In the former case, things work as before, skb is orphaned.  This is
      safe because skb gets queued/stolen and won't continue past reasm engine.
      
      In the latter case, we will steal the skb->sk reference, reattach it to
      the head skb, and fix up wmem accouting when inet_frag inflates truesize.
      
      Fixes: 7026b1dd ("netfilter: Pass socket pointer down through okfn().")
      Diagnosed-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarxingwei lee <xrivendell7@gmail.com>
      Reported-by: default avataryue sun <samsun1006219@gmail.com>
      Reported-by: syzbot+e5167d7144a62715044c@syzkaller.appspotmail.com
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Link: https://lore.kernel.org/r/20240326101845.30836-1-fw@strlen.deSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      18685451
    • Hariprasad Kelam's avatar
      Octeontx2-af: fix pause frame configuration in GMP mode · 40d4b480
      Hariprasad Kelam authored
      The Octeontx2 MAC block (CGX) has separate data paths (SMU and GMP) for
      different speeds, allowing for efficient data transfer.
      
      The previous patch which added pause frame configuration has a bug due
      to which pause frame feature is not working in GMP mode.
      
      This patch fixes the issue by configurating appropriate registers.
      
      Fixes: f7e086e7 ("octeontx2-af: Pause frame configuration at cgx")
      Signed-off-by: default avatarHariprasad Kelam <hkelam@marvell.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Link: https://lore.kernel.org/r/20240326052720.4441-1-hkelam@marvell.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      40d4b480
    • Raju Lakkaraju's avatar
      net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips · e4a58989
      Raju Lakkaraju authored
      PCI11x1x Rev B0 devices might drop packets when receiving back to back frames
      at 2.5G link speed. Change the B0 Rev device's Receive filtering Engine FIFO
      threshold parameter from its hardware default of 4 to 3 dwords to prevent the
      problem. Rev C0 and later hardware already defaults to 3 dwords.
      
      Fixes: bb4f6bff ("net: lan743x: Add PCI11010 / PCI11414 device IDs")
      Signed-off-by: default avatarRaju Lakkaraju <Raju.Lakkaraju@microchip.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Link: https://lore.kernel.org/r/20240326065805.686128-1-Raju.Lakkaraju@microchip.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      e4a58989
    • Paolo Abeni's avatar
      Merge branch 'net-bcmasp-phy-managements-fixes' · eb67cdb3
      Paolo Abeni authored
      Justin Chen says:
      
      ====================
      net: bcmasp: phy managements fixes
      
      Fix two issues.
      
      - The unimac may be put in a bad state if PHY RX clk doesn't exist
        during reset. Work around this by bringing the unimac out of reset
        during phy up.
      
      - Remove redundant phy_{suspend/resume}
      ====================
      
      Link: https://lore.kernel.org/r/20240325193025.1540737-1-justin.chen@broadcom.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      eb67cdb3
    • Justin Chen's avatar
      net: bcmasp: Remove phy_{suspend/resume} · 4494c10e
      Justin Chen authored
      phy_{suspend/resume} is redundant. It gets called from phy_{stop/start}.
      
      Fixes: 490cb412 ("net: bcmasp: Add support for ASP2.0 Ethernet controller")
      Signed-off-by: default avatarJustin Chen <justin.chen@broadcom.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      4494c10e
    • Justin Chen's avatar
      net: bcmasp: Bring up unimac after PHY link up · dfd222e2
      Justin Chen authored
      The unimac requires the PHY RX clk during reset or it may be put
      into a bad state. Bring up the unimac after link up to ensure the
      PHY RX clk exists.
      
      Fixes: 490cb412 ("net: bcmasp: Add support for ASP2.0 Ethernet controller")
      Signed-off-by: default avatarJustin Chen <justin.chen@broadcom.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      dfd222e2
    • Christian Marangi's avatar
      net: phy: qcom: at803x: fix kernel panic with at8031_probe · 6a4aee27
      Christian Marangi authored
      On reworking and splitting the at803x driver, in splitting function of
      at803x PHYs it was added a NULL dereference bug where priv is referenced
      before it's actually allocated and then is tried to write to for the
      is_1000basex and is_fiber variables in the case of at8031, writing on
      the wrong address.
      
      Fix this by correctly setting priv local variable only after
      at803x_probe is called and actually allocates priv in the phydev struct.
      Reported-by: default avatarWilliam Wortel <wwortel@dorpstraat.com>
      Cc: <stable@vger.kernel.org>
      Fixes: 25d2ba94 ("net: phy: at803x: move specific at8031 probe mode check to dedicated probe")
      Signed-off-by: default avatarChristian Marangi <ansuelsmth@gmail.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Link: https://lore.kernel.org/r/20240325190621.2665-1-ansuelsmth@gmail.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      6a4aee27
    • Paolo Abeni's avatar
      Merge tag 'nf-24-03-28' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf · 005e528c
      Paolo Abeni authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for net:
      
      Patch #1 reject destroy chain command to delete device hooks in netdev
               family, hence, only delchain commands are allowed.
      
      Patch #2 reject table flag update interference with netdev basechain
      	 hook updates, this can leave hooks in inconsistent
      	 registration/unregistration state.
      
      Patch #3 do not unregister netdev basechain hooks if table is dormant.
      	 Otherwise, splat with double unregistration is possible.
      
      Patch #4 fixes Kconfig to allow to restore IP_NF_ARPTABLES,
      	 from Kuniyuki Iwashima.
      
      There are a more fixes still in progress on my side that need more work.
      
      * tag 'nf-24-03-28' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
        netfilter: arptables: Select NETFILTER_FAMILY_ARP when building arp_tables.c
        netfilter: nf_tables: skip netdev hook unregistration if table is dormant
        netfilter: nf_tables: reject table flag and netdev basechain updates
        netfilter: nf_tables: reject destroy command to remove basechain hooks
      ====================
      
      Link: https://lore.kernel.org/r/20240328031855.2063-1-pablo@netfilter.orgSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      005e528c
    • Paolo Abeni's avatar
      Merge tag 'for-net' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 7e6f4b2a
      Paolo Abeni authored
      Alexei Starovoitov says:
      
      ====================
      pull-request: bpf 2024-03-27
      
      The following pull-request contains BPF updates for your *net* tree.
      
      We've added 4 non-merge commits during the last 1 day(s) which contain
      a total of 5 files changed, 26 insertions(+), 3 deletions(-).
      
      The main changes are:
      
      1) Fix bloom filter value size validation and protect the verifier
         against such mistakes, from Andrei.
      
      2) Fix build due to CONFIG_KEXEC_CORE/CRASH_DUMP split, from Hari.
      
      3) Update bpf_lsm maintainers entry, from Matt.
      
      * tag 'for-net' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
        bpf: update BPF LSM designated reviewer list
        bpf: Protect against int overflow for stack access size
        bpf: Check bloom filter map value size
        bpf: fix warning for crash_kexec
      ====================
      
      Link: https://lore.kernel.org/r/20240328012938.24249-1-alexei.starovoitov@gmail.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      7e6f4b2a
    • Linus Torvalds's avatar
      Merge tag 'erofs-for-6.9-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs · 8d025e20
      Linus Torvalds authored
      Pull erofs fixes from Gao Xiang:
      
       - Add a new reviewer Sandeep Dhavale to build a healthier community
      
       - Drop experimental warning for FSDAX
      
      * tag 'erofs-for-6.9-rc2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs:
        MAINTAINERS: erofs: add myself as reviewer
        erofs: drop experimental warning for FSDAX
      8d025e20
    • Kuniyuki Iwashima's avatar
      netfilter: arptables: Select NETFILTER_FAMILY_ARP when building arp_tables.c · 15fba562
      Kuniyuki Iwashima authored
      syzkaller started to report a warning below [0] after consuming the
      commit 4654467d ("netfilter: arptables: allow xtables-nft only
      builds").
      
      The change accidentally removed the dependency on NETFILTER_FAMILY_ARP
      from IP_NF_ARPTABLES.
      
      If NF_TABLES_ARP is not enabled on Kconfig, NETFILTER_FAMILY_ARP will
      be removed and some code necessary for arptables will not be compiled.
      
        $ grep -E "(NETFILTER_FAMILY_ARP|IP_NF_ARPTABLES|NF_TABLES_ARP)" .config
        CONFIG_NETFILTER_FAMILY_ARP=y
        # CONFIG_NF_TABLES_ARP is not set
        CONFIG_IP_NF_ARPTABLES=y
      
        $ make olddefconfig
      
        $ grep -E "(NETFILTER_FAMILY_ARP|IP_NF_ARPTABLES|NF_TABLES_ARP)" .config
        # CONFIG_NF_TABLES_ARP is not set
        CONFIG_IP_NF_ARPTABLES=y
      
      So, when nf_register_net_hooks() is called for arptables, it will
      trigger the splat below.
      
      Now IP_NF_ARPTABLES is only enabled by IP_NF_ARPFILTER, so let's
      restore the dependency on NETFILTER_FAMILY_ARP in IP_NF_ARPFILTER.
      
      [0]:
      WARNING: CPU: 0 PID: 242 at net/netfilter/core.c:316 nf_hook_entry_head+0x1e1/0x2c0 net/netfilter/core.c:316
      Modules linked in:
      CPU: 0 PID: 242 Comm: syz-executor.0 Not tainted 6.8.0-12821-g537c2e91 #10
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
      RIP: 0010:nf_hook_entry_head+0x1e1/0x2c0 net/netfilter/core.c:316
      Code: 83 fd 04 0f 87 bc 00 00 00 e8 5b 84 83 fd 4d 8d ac ec a8 0b 00 00 e8 4e 84 83 fd 4c 89 e8 5b 5d 41 5c 41 5d c3 e8 3f 84 83 fd <0f> 0b e8 38 84 83 fd 45 31 ed 5b 5d 4c 89 e8 41 5c 41 5d c3 e8 26
      RSP: 0018:ffffc90000b8f6e8 EFLAGS: 00010293
      RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff83c42164
      RDX: ffff888106851180 RSI: ffffffff83c42321 RDI: 0000000000000005
      RBP: 0000000000000000 R08: 0000000000000005 R09: 000000000000000a
      R10: 0000000000000003 R11: ffff8881055c2f00 R12: ffff888112b78000
      R13: 0000000000000000 R14: ffff8881055c2f00 R15: ffff8881055c2f00
      FS:  00007f377bd78800(0000) GS:ffff88811b000000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000496068 CR3: 000000011298b003 CR4: 0000000000770ef0
      PKRU: 55555554
      Call Trace:
       <TASK>
       __nf_register_net_hook+0xcd/0x7a0 net/netfilter/core.c:428
       nf_register_net_hook+0x116/0x170 net/netfilter/core.c:578
       nf_register_net_hooks+0x5d/0xc0 net/netfilter/core.c:594
       arpt_register_table+0x250/0x420 net/ipv4/netfilter/arp_tables.c:1553
       arptable_filter_table_init+0x41/0x60 net/ipv4/netfilter/arptable_filter.c:39
       xt_find_table_lock+0x2e9/0x4b0 net/netfilter/x_tables.c:1260
       xt_request_find_table_lock+0x2b/0xe0 net/netfilter/x_tables.c:1285
       get_info+0x169/0x5c0 net/ipv4/netfilter/arp_tables.c:808
       do_arpt_get_ctl+0x3f9/0x830 net/ipv4/netfilter/arp_tables.c:1444
       nf_getsockopt+0x76/0xd0 net/netfilter/nf_sockopt.c:116
       ip_getsockopt+0x17d/0x1c0 net/ipv4/ip_sockglue.c:1777
       tcp_getsockopt+0x99/0x100 net/ipv4/tcp.c:4373
       do_sock_getsockopt+0x279/0x360 net/socket.c:2373
       __sys_getsockopt+0x115/0x1e0 net/socket.c:2402
       __do_sys_getsockopt net/socket.c:2412 [inline]
       __se_sys_getsockopt net/socket.c:2409 [inline]
       __x64_sys_getsockopt+0xbd/0x150 net/socket.c:2409
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x46/0x4e
      RIP: 0033:0x7f377beca6fe
      Code: 1f 44 00 00 48 8b 15 01 97 0a 00 f7 d8 64 89 02 b8 ff ff ff ff eb b8 0f 1f 44 00 00 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 c9
      RSP: 002b:00000000005df728 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
      RAX: ffffffffffffffda RBX: 00000000004966e0 RCX: 00007f377beca6fe
      RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000003
      RBP: 000000000042938a R08: 00000000005df73c R09: 00000000005df800
      R10: 00000000004966e8 R11: 0000000000000246 R12: 0000000000000003
      R13: 0000000000496068 R14: 0000000000000003 R15: 00000000004bc9d8
       </TASK>
      
      Fixes: 4654467d ("netfilter: arptables: allow xtables-nft only builds")
      Reported-by: default avatarsyzkaller <syzkaller@googlegroups.com>
      Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      15fba562
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables: skip netdev hook unregistration if table is dormant · 216e7bf7
      Pablo Neira Ayuso authored
      Skip hook unregistration when adding or deleting devices from an
      existing netdev basechain. Otherwise, commit/abort path try to
      unregister hooks which not enabled.
      
      Fixes: b9703ed4 ("netfilter: nf_tables: support for adding new devices to an existing netdev chain")
      Fixes: 7d937b10 ("netfilter: nf_tables: support for deleting devices in an existing netdev chain")
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      216e7bf7
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables: reject table flag and netdev basechain updates · 1e1fb6f0
      Pablo Neira Ayuso authored
      netdev basechain updates are stored in the transaction object hook list.
      When setting on the table dormant flag, it iterates over the existing
      hooks in the basechain. Thus, skipping the hooks that are being
      added/deleted in this transaction, which leaves hook registration in
      inconsistent state.
      
      Reject table flag updates in combination with netdev basechain updates
      in the same batch:
      
      - Update table flags and add/delete basechain: Check from basechain update
        path if there are pending flag updates for this table.
      - add/delete basechain and update table flags: Iterate over the transaction
        list to search for basechain updates from the table update path.
      
      In both cases, the batch is rejected. Based on suggestion from Florian Westphal.
      
      Fixes: b9703ed4 ("netfilter: nf_tables: support for adding new devices to an existing netdev chain")
      Fixes: 7d937b10 ("netfilter: nf_tables: support for deleting devices in an existing netdev chain")
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      1e1fb6f0
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables: reject destroy command to remove basechain hooks · b32ca27f
      Pablo Neira Ayuso authored
      Report EOPNOTSUPP if NFT_MSG_DESTROYCHAIN is used to delete hooks in an
      existing netdev basechain, thus, only NFT_MSG_DELCHAIN is allowed.
      
      Fixes: 7d937b10 ("netfilter: nf_tables: support for deleting devices in an existing netdev chain")
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      b32ca27f
  4. 27 Mar, 2024 14 commits