1. 25 Sep, 2020 11 commits
  2. 24 Sep, 2020 4 commits
  3. 23 Sep, 2020 5 commits
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.9-rc5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · c9c9e6a4
      Linus Torvalds authored
      Pull bootconfig fixes from Steven Rostedt:
       "A couple of fixes for bootconfig.
      
        Masami discovered two bugs which this fixes and he added tests to
        cover these issues.
      
         - Fix a bug that breaks bootconfig tree nodes
      
         - Fix a bug that does not truncate whitespace properly
      
         - Add tests to cover the above two cases"
      
      * tag 'trace-v5.9-rc5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tools/bootconfig: Add testcase for tailing space
        tools/bootconfig: Add testcases for repeated key with brace
        lib/bootconfig: Fix to remove tailing spaces after value
        lib/bootconfig: Fix a bug of breaking existing tree nodes
      c9c9e6a4
    • Linus Torvalds's avatar
      Merge tag 'for-5.9/dm-fixes-2' of... · a969324f
      Linus Torvalds authored
      Merge tag 'for-5.9/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - DM core fix for incorrect double bio splitting. Keep "fixing" this
         because past attempts didn't fully appreciate the liability relative
         to recursive bio splitting. This fix limits DM's bio splitting to a
         single method and does _not_ use blk_queue_split() for normal IO.
      
       - DM crypt Documentation updates for features added during 5.9 merge.
      
      * tag 'for-5.9/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm crypt: document encrypted keyring key option
        dm crypt: document new no_workqueue flags
        dm: fix comment in dm_process_bio()
        dm: fix bio splitting and its bio completion order for regular IO
      a969324f
    • Linus Torvalds's avatar
      Merge tag 'for-5.9-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · bffac4b5
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "syzkaller started to hit us with reports, here's a fix for one type
        (stack overflow when printing checksums on read error).
      
        The other patch is a fix for sysfs object, we have a test for that and
        it leads to a crash."
      
      * tag 'for-5.9-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: fix put of uninitialized kobject after seed device delete
        btrfs: fix overflow when copying corrupt csums for a message
      bffac4b5
    • Linus Torvalds's avatar
      mm: move the copy_one_pte() pte_present check into the caller · 79a1971c
      Linus Torvalds authored
      This completes the split of the non-present and present pte cases by
      moving the check for the source pte being present into the single
      caller, which also means that we clearly separate out the very different
      return value case for a non-present pte.
      
      The present pte case currently always succeeds.
      
      This is a pure code re-organization with no semantic change: the intent
      is to make it much easier to add a new return case to the present pte
      case for when we do early COW at page table copy time.
      
      This was split out from the previous commit simply to make it easy to
      visually see that there were no semantic changes from this code
      re-organization.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      79a1971c
    • Linus Torvalds's avatar
      mm: split out the non-present case from copy_one_pte() · df3a57d1
      Linus Torvalds authored
      This is a purely mechanical split of the copy_one_pte() function.  It's
      not immediately obvious when looking at the diff because of the
      indentation change, but the way to see what is going on in this commit
      is to use the "-w" flag to not show pure whitespace changes, and you see
      how the first part of copy_one_pte() is simply lifted out into a
      separate function.
      
      And since the non-present case is marked unlikely, don't make the new
      function be inlined.  Not that gcc really seems to care, since it looks
      like it will inline it anyway due to the whole "single callsite for
      static function" logic.  In fact, code generation with the function
      split is almost identical to before.  But not marking it inline is the
      right thing to do.
      
      This is pure prep-work and cleanup for subsequent changes.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      df3a57d1
  4. 22 Sep, 2020 20 commits
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 805c6d3c
      Linus Torvalds authored
      Pull vfs fixes from Al Viro:
       "No common topic, just assorted fixes"
      
      * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        fuse: fix the ->direct_IO() treatment of iov_iter
        fs: fix cast in fsparam_u32hex() macro
        vboxsf: Fix the check for the old binary mount-arguments struct
      805c6d3c
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · d3017135
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
      
       - fix failure to add bond interfaces to a bridge, the offload-handling
         code was too defensive there and recent refactoring unearthed that.
         Users complained (Ido)
      
       - fix unnecessarily reflecting ECN bits within TOS values / QoS marking
         in TCP ACK and reset packets (Wei)
      
       - fix a deadlock with bpf iterator. Hopefully we're in the clear on
         this front now... (Yonghong)
      
       - BPF fix for clobbering r2 in bpf_gen_ld_abs (Daniel)
      
       - fix AQL on mt76 devices with FW rate control and add a couple of AQL
         issues in mac80211 code (Felix)
      
       - fix authentication issue with mwifiex (Maximilian)
      
       - WiFi connectivity fix: revert IGTK support in ti/wlcore (Mauro)
      
       - fix exception handling for multipath routes via same device (David
         Ahern)
      
       - revert back to a BH spin lock flavor for nsid_lock: there are paths
         which do require the BH context protection (Taehee)
      
       - fix interrupt / queue / NAPI handling in the lantiq driver (Hauke)
      
       - fix ife module load deadlock (Cong)
      
       - make an adjustment to netlink reply message type for code added in
         this release (the sole change touching uAPI here) (Michal)
      
       - a number of fixes for small NXP and Microchip switches (Vladimir)
      
      [ Pull request acked by David: "you can expect more of this in the
        future as I try to delegate more things to Jakub" ]
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (167 commits)
        net: mscc: ocelot: fix some key offsets for IP4_TCP_UDP VCAP IS2 entries
        net: dsa: seville: fix some key offsets for IP4_TCP_UDP VCAP IS2 entries
        net: dsa: felix: fix some key offsets for IP4_TCP_UDP VCAP IS2 entries
        inet_diag: validate INET_DIAG_REQ_PROTOCOL attribute
        net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU
        net: Update MAINTAINERS for MediaTek switch driver
        net/mlx5e: mlx5e_fec_in_caps() returns a boolean
        net/mlx5e: kTLS, Avoid kzalloc(GFP_KERNEL) under spinlock
        net/mlx5e: kTLS, Fix leak on resync error flow
        net/mlx5e: kTLS, Add missing dma_unmap in RX resync
        net/mlx5e: kTLS, Fix napi sync and possible use-after-free
        net/mlx5e: TLS, Do not expose FPGA TLS counter if not supported
        net/mlx5e: Fix using wrong stats_grps in mlx5e_update_ndo_stats()
        net/mlx5e: Fix multicast counter not up-to-date in "ip -s"
        net/mlx5e: Fix endianness when calculating pedit mask first bit
        net/mlx5e: Enable adding peer miss rules only if merged eswitch is supported
        net/mlx5e: CT: Fix freeing ct_label mapping
        net/mlx5e: Fix memory leak of tunnel info when rule under multipath not ready
        net/mlx5e: Use synchronize_rcu to sync with NAPI
        net/mlx5e: Use RCU to protect rq->xdp_prog
        ...
      d3017135
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.9-2020-09-22' of git://git.kernel.dk/linux-block · 0baca070
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "A few fixes - most of them regression fixes from this cycle, but also
        a few stable heading fixes, and a build fix for the included demo tool
        since some systems now actually have gettid() available"
      
      * tag 'io_uring-5.9-2020-09-22' of git://git.kernel.dk/linux-block:
        io_uring: fix openat/openat2 unified prep handling
        io_uring: mark statx/files_update/epoll_ctl as non-SQPOLL
        tools/io_uring: fix compile breakage
        io_uring: don't use retry based buffered reads for non-async bdev
        io_uring: don't re-setup vecs/iter in io_resumit_prep() is already there
        io_uring: don't run task work on an exiting task
        io_uring: drop 'ctx' ref on task work cancelation
        io_uring: grab any needed state during defer prep
      0baca070
    • Linus Torvalds's avatar
      Merge tag 'block-5.9-2020-09-22' of git://git.kernel.dk/linux-block · c37b7189
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A few NVMe fixes, and a dasd write zero fix"
      
      * tag 'block-5.9-2020-09-22' of git://git.kernel.dk/linux-block:
        nvmet: get transport reference for passthru ctrl
        nvme-core: get/put ctrl and transport module in nvme_dev_open/release()
        nvme-tcp: fix kconfig dependency warning when !CRYPTO
        nvme-pci: disable the write zeros command for Intel 600P/P3100
        s390/dasd: Fix zero write for FBA devices
      c37b7189
    • Milan Broz's avatar
      dm crypt: document encrypted keyring key option · 4c07ae0a
      Milan Broz authored
      Commit 27f5411a ("dm crypt: support using encrypted keys")
      introduced support for encrypted keyring type.
      
      Fix documentation in admin guide to mention this type.
      
      Fixes: 27f5411a ("dm crypt: support using encrypted keys")
      Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      4c07ae0a
    • Milan Broz's avatar
      dm crypt: document new no_workqueue flags · 4a5caa4a
      Milan Broz authored
      Commit 39d42fa9 ("dm crypt: add flags to optionally bypass kcryptd
      workqueues") introduced new dm-crypt 'no_read_workqueue' and
      'no_write_workqueue' flags.
      
      Add documentation to admin guide for them.
      
      Fixes: 39d42fa9 ("dm crypt: add flags to optionally bypass kcryptd workqueues")
      Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      4a5caa4a
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · eff48dde
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
      
       - Check kprobe is enabled before unregistering from ftrace as it isn't
         registered when disabled.
      
       - Remove kprobes enabled via command-line that is on init text when
         freed.
      
       - Add missing RCU synchronization for ftrace trampoline symbols removed
         from kallsyms.
      
       - Free trampoline on error path if ftrace_startup() fails.
      
       - Give more space for the longer PID numbers in trace output.
      
       - Fix a possible double free in the histogram code.
      
       - A couple of fixes that were discovered by sparse.
      
      * tag 'trace-v5.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        bootconfig: init: make xbc_namebuf static
        kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot
        tracing: fix double free
        ftrace: Let ftrace_enable_sysctl take a kernel pointer buffer
        tracing: Make the space reserved for the pid wider
        ftrace: Fix missing synchronize_rcu() removing trampoline from kallsyms
        ftrace: Free the trampoline when ftrace_startup() fails
        kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
      eff48dde
    • Kai-Heng Feng's avatar
      Revert "ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control" · c413c310
      Kai-Heng Feng authored
      This reverts commit 34dedd2a.
      
      According to Realtek, volume FU works for line-in.
      
      I can confirm volume control works after device firmware is updated.
      
      Fixes: 34dedd2a ("ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control")
      Signed-off-by: default avatarKai-Heng Feng <kai.heng.feng@canonical.com>
      Link: https://lore.kernel.org/r/20200915103925.12777-1-kai.heng.feng@canonical.comSigned-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      c413c310
    • Anand Jain's avatar
      btrfs: fix put of uninitialized kobject after seed device delete · b5ddcffa
      Anand Jain authored
      The following test case leads to NULL kobject free error:
      
        mount seed /mnt
        add sprout to /mnt
        umount /mnt
        mount sprout to /mnt
        delete seed
      
        kobject: '(null)' (00000000dd2b87e4): is not initialized, yet kobject_put() is being called.
        WARNING: CPU: 1 PID: 15784 at lib/kobject.c:736 kobject_put+0x80/0x350
        RIP: 0010:kobject_put+0x80/0x350
        ::
        Call Trace:
        btrfs_sysfs_remove_devices_dir+0x6e/0x160 [btrfs]
        btrfs_rm_device.cold+0xa8/0x298 [btrfs]
        btrfs_ioctl+0x206c/0x22a0 [btrfs]
        ksys_ioctl+0xe2/0x140
        __x64_sys_ioctl+0x1e/0x29
        do_syscall_64+0x96/0x150
        entry_SYSCALL_64_after_hwframe+0x44/0xa9
        RIP: 0033:0x7f4047c6288b
        ::
      
      This is because, at the end of the seed device-delete, we try to remove
      the seed's devid sysfs entry. But for the seed devices under the sprout
      fs, we don't initialize the devid kobject yet. So add a kobject state
      check, which takes care of the bug.
      
      Fixes: 668e48af ("btrfs: sysfs, add devid/dev_state kobject and device attributes")
      CC: stable@vger.kernel.org # 5.6+
      Signed-off-by: default avatarAnand Jain <anand.jain@oracle.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      b5ddcffa
    • Jacopo Mondi's avatar
      media: dt-bindings: media: imx274: Convert to json-schema · d0254f82
      Jacopo Mondi authored
      Convert the imx274 bindings document to json-schema and update
      the MAINTAINERS file accordingly.
      Reviewed-by: default avatarLuca Ceresoli <luca@lucaceresoli.net>
      Reviewed-by: default avatarLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Signed-off-by: default avatarJacopo Mondi <jacopo+renesas@jmondi.org>
      Reviewed-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarSakari Ailus <sakari.ailus@linux.intel.com>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab+huawei@kernel.org>
      d0254f82
    • Masami Hiramatsu's avatar
      2f5fb555
    • Masami Hiramatsu's avatar
    • Masami Hiramatsu's avatar
      lib/bootconfig: Fix to remove tailing spaces after value · c7af4ecd
      Masami Hiramatsu authored
      Fix to remove tailing spaces after value. If there is a space
      after value, the bootconfig failed to remove it because it
      applies strim() before replacing the delimiter with null.
      
      For example,
      
      foo = var    # comment
      
      was parsed as below.
      
      foo="var    "
      
      but user will expect
      
      foo="var"
      
      This fixes it by applying strim() after removing the delimiter.
      
      Link: https://lkml.kernel.org/r/160068149134.1088739.8868306567670058853.stgit@devnote2
      
      Fixes: 76db5a27 ("bootconfig: Add Extra Boot Config support")
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      c7af4ecd
    • Masami Hiramatsu's avatar
      lib/bootconfig: Fix a bug of breaking existing tree nodes · ead1e19a
      Masami Hiramatsu authored
      Fix a bug of breaking existing tree nodes by parsing the second
      and subsequent braces. Since the bootconfig parser uses the
      node.next field as a flag of current parent node, but this will
      break the existing tree if the same key node is specified again
      in the bootconfig.
      
      For example, the following bootconfig should be foo.buz and bar.
      
      foo
      bar
      foo { buz }
      
      However, when parsing the brace "{", it breaks foo->bar link
      by marking open-brace node. So the bootconfig unlinks bar
      from the bootconfig internal tree.
      
      This introduces a stack outside of the tree and record the
      last open-brace on the stack instead of using node.next field.
      
      Link: https://lkml.kernel.org/r/160068148267.1088739.8264704338030168660.stgit@devnote2
      
      Fixes: 76db5a27 ("bootconfig: Add Extra Boot Config support")
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      ead1e19a
    • David S. Miller's avatar
      Merge branch 'Fix-broken-tc-flower-rules-for-mscc_ocelot-switches' · b334ec66
      David S. Miller authored
      Vladimir Oltean says:
      
      ====================
      Fix broken tc-flower rules for mscc_ocelot switches
      
      All 3 switch drivers from the Ocelot family have the same bug in the
      VCAP IS2 key offsets, which is that some keys are in the incorrect
      order.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b334ec66
    • Vladimir Oltean's avatar
      net: mscc: ocelot: fix some key offsets for IP4_TCP_UDP VCAP IS2 entries · 8194d8fa
      Vladimir Oltean authored
      The IS2 IP4_TCP_UDP key offsets do not correspond to the VSC7514
      datasheet. Whether they work or not is unknown to me. On VSC9959 and
      VSC9953, with the same mistake and same discrepancy from the
      documentation, tc-flower src_port and dst_port rules did not work, so I
      am assuming the same is true here.
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8194d8fa
    • Vladimir Oltean's avatar
      net: dsa: seville: fix some key offsets for IP4_TCP_UDP VCAP IS2 entries · 7a023075
      Vladimir Oltean authored
      Since these were copied from the Felix VCAP IS2 code, and only the
      offsets were adjusted, the order of the bit fields is still wrong.
      Fix it.
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7a023075
    • Xiaoliang Yang's avatar
      net: dsa: felix: fix some key offsets for IP4_TCP_UDP VCAP IS2 entries · 8b9e03cd
      Xiaoliang Yang authored
      Some of the IS2 IP4_TCP_UDP keys are not correct, like L4_DPORT,
      L4_SPORT and other L4 keys. This prevents offloaded tc-flower rules from
      matching on src_port and dst_port for TCP and UDP packets.
      Signed-off-by: default avatarXiaoliang Yang <xiaoliang.yang_1@nxp.com>
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8b9e03cd
    • Eric Dumazet's avatar
      inet_diag: validate INET_DIAG_REQ_PROTOCOL attribute · d5e4d0a5
      Eric Dumazet authored
      User space could send an invalid INET_DIAG_REQ_PROTOCOL attribute
      as caught by syzbot.
      
      BUG: KMSAN: uninit-value in inet_diag_lock_handler net/ipv4/inet_diag.c:55 [inline]
      BUG: KMSAN: uninit-value in __inet_diag_dump+0x58c/0x720 net/ipv4/inet_diag.c:1147
      CPU: 0 PID: 8505 Comm: syz-executor174 Not tainted 5.9.0-rc4-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x21c/0x280 lib/dump_stack.c:118
       kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:122
       __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:219
       inet_diag_lock_handler net/ipv4/inet_diag.c:55 [inline]
       __inet_diag_dump+0x58c/0x720 net/ipv4/inet_diag.c:1147
       inet_diag_dump_compat+0x2a5/0x380 net/ipv4/inet_diag.c:1254
       netlink_dump+0xb73/0x1cb0 net/netlink/af_netlink.c:2246
       __netlink_dump_start+0xcf2/0xea0 net/netlink/af_netlink.c:2354
       netlink_dump_start include/linux/netlink.h:246 [inline]
       inet_diag_rcv_msg_compat+0x5da/0x6c0 net/ipv4/inet_diag.c:1288
       sock_diag_rcv_msg+0x24f/0x620 net/core/sock_diag.c:256
       netlink_rcv_skb+0x6d7/0x7e0 net/netlink/af_netlink.c:2470
       sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:275
       netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
       netlink_unicast+0x11c8/0x1490 net/netlink/af_netlink.c:1330
       netlink_sendmsg+0x173a/0x1840 net/netlink/af_netlink.c:1919
       sock_sendmsg_nosec net/socket.c:651 [inline]
       sock_sendmsg net/socket.c:671 [inline]
       ____sys_sendmsg+0xc82/0x1240 net/socket.c:2353
       ___sys_sendmsg net/socket.c:2407 [inline]
       __sys_sendmsg+0x6d1/0x820 net/socket.c:2440
       __do_sys_sendmsg net/socket.c:2449 [inline]
       __se_sys_sendmsg+0x97/0xb0 net/socket.c:2447
       __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2447
       do_syscall_64+0x9f/0x140 arch/x86/entry/common.c:48
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      RIP: 0033:0x441389
      Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
      RSP: 002b:00007fff3b02ce98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
      RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441389
      RDX: 0000000000000000 RSI: 0000000020001500 RDI: 0000000000000003
      RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
      R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000402130
      R13: 00000000004021c0 R14: 0000000000000000 R15: 0000000000000000
      
      Uninit was created at:
       kmsan_save_stack_with_flags mm/kmsan/kmsan.c:143 [inline]
       kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:126
       kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:80
       slab_alloc_node mm/slub.c:2907 [inline]
       __kmalloc_node_track_caller+0x9aa/0x12f0 mm/slub.c:4511
       __kmalloc_reserve net/core/skbuff.c:142 [inline]
       __alloc_skb+0x35f/0xb30 net/core/skbuff.c:210
       alloc_skb include/linux/skbuff.h:1094 [inline]
       netlink_alloc_large_skb net/netlink/af_netlink.c:1176 [inline]
       netlink_sendmsg+0xdb9/0x1840 net/netlink/af_netlink.c:1894
       sock_sendmsg_nosec net/socket.c:651 [inline]
       sock_sendmsg net/socket.c:671 [inline]
       ____sys_sendmsg+0xc82/0x1240 net/socket.c:2353
       ___sys_sendmsg net/socket.c:2407 [inline]
       __sys_sendmsg+0x6d1/0x820 net/socket.c:2440
       __do_sys_sendmsg net/socket.c:2449 [inline]
       __se_sys_sendmsg+0x97/0xb0 net/socket.c:2447
       __x64_sys_sendmsg+0x4a/0x70 net/socket.c:2447
       do_syscall_64+0x9f/0x140 arch/x86/entry/common.c:48
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Fixes: 3f935c75 ("inet_diag: support for wider protocol numbers")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Paolo Abeni <pabeni@redhat.com>
      Cc: Christoph Paasch <cpaasch@apple.com>
      Cc: Mat Martineau <mathew.j.martineau@linux.intel.com>
      Acked-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d5e4d0a5
    • Vladimir Oltean's avatar
      net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU · 99f62a74
      Vladimir Oltean authored
      When calling the RCU brother of br_vlan_get_pvid(), lockdep warns:
      
      =============================
      WARNING: suspicious RCU usage
      5.9.0-rc3-01631-g13c17acb8e38-dirty #814 Not tainted
      -----------------------------
      net/bridge/br_private.h:1054 suspicious rcu_dereference_protected() usage!
      
      Call trace:
       lockdep_rcu_suspicious+0xd4/0xf8
       __br_vlan_get_pvid+0xc0/0x100
       br_vlan_get_pvid_rcu+0x78/0x108
      
      The warning is because br_vlan_get_pvid_rcu() calls nbp_vlan_group()
      which calls rtnl_dereference() instead of rcu_dereference(). In turn,
      rtnl_dereference() calls rcu_dereference_protected() which assumes
      operation under an RCU write-side critical section, which obviously is
      not the case here. So, when the incorrect primitive is used to access
      the RCU-protected VLAN group pointer, READ_ONCE() is not used, which may
      cause various unexpected problems.
      
      I'm sad to say that br_vlan_get_pvid() and br_vlan_get_pvid_rcu() cannot
      share the same implementation. So fix the bug by splitting the 2
      functions, and making br_vlan_get_pvid_rcu() retrieve the VLAN groups
      under proper locking annotations.
      
      Fixes: 7582f5b7 ("bridge: add br_vlan_get_pvid_rcu()")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      99f62a74