1. 07 Jul, 2020 28 commits
  2. 06 Jul, 2020 12 commits
    • Davide Caratti's avatar
      mptcp: fix race in subflow_data_ready() · d47a7215
      Davide Caratti authored
      syzkaller was able to make the kernel reach subflow_data_ready() for a
      server subflow that was closed before subflow_finish_connect() completed.
      In these cases we can avoid using the path for regular/fallback MPTCP
      data, and just wake the main socket, to avoid the following warning:
      
       WARNING: CPU: 0 PID: 9370 at net/mptcp/subflow.c:885
       subflow_data_ready+0x1e6/0x290 net/mptcp/subflow.c:885
       Kernel panic - not syncing: panic_on_warn set ...
       CPU: 0 PID: 9370 Comm: syz-executor.0 Not tainted 5.7.0 #106
       Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
       rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
       Call Trace:
        <IRQ>
        __dump_stack lib/dump_stack.c:77 [inline]
        dump_stack+0xb7/0xfe lib/dump_stack.c:118
        panic+0x29e/0x692 kernel/panic.c:221
        __warn.cold+0x2f/0x3d kernel/panic.c:582
        report_bug+0x28b/0x2f0 lib/bug.c:195
        fixup_bug arch/x86/kernel/traps.c:105 [inline]
        fixup_bug arch/x86/kernel/traps.c:100 [inline]
        do_error_trap+0x10f/0x180 arch/x86/kernel/traps.c:197
        do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:216
        invalid_op+0x1e/0x30 arch/x86/entry/entry_64.S:1027
       RIP: 0010:subflow_data_ready+0x1e6/0x290 net/mptcp/subflow.c:885
       Code: 04 02 84 c0 74 06 0f 8e 91 00 00 00 41 0f b6 5e 48 31 ff 83 e3 18
       89 de e8 37 ec 3d fe 84 db 0f 85 65 ff ff ff e8 fa ea 3d fe <0f> 0b e9
       59 ff ff ff e8 ee ea 3d fe 48 89 ee 4c 89 ef e8 f3 77 ff
       RSP: 0018:ffff88811b2099b0 EFLAGS: 00010206
       RAX: ffff888111197000 RBX: 0000000000000000 RCX: ffffffff82fbc609
       RDX: 0000000000000100 RSI: ffffffff82fbc616 RDI: 0000000000000001
       RBP: ffff8881111bc800 R08: ffff888111197000 R09: ffffed10222a82af
       R10: ffff888111541577 R11: ffffed10222a82ae R12: 1ffff11023641336
       R13: ffff888111541000 R14: ffff88810fd4ca00 R15: ffff888111541570
        tcp_child_process+0x754/0x920 net/ipv4/tcp_minisocks.c:841
        tcp_v4_do_rcv+0x749/0x8b0 net/ipv4/tcp_ipv4.c:1642
        tcp_v4_rcv+0x2666/0x2e60 net/ipv4/tcp_ipv4.c:1999
        ip_protocol_deliver_rcu+0x29/0x1f0 net/ipv4/ip_input.c:204
        ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
        NF_HOOK include/linux/netfilter.h:421 [inline]
        ip_local_deliver+0x2da/0x390 net/ipv4/ip_input.c:252
        dst_input include/net/dst.h:441 [inline]
        ip_rcv_finish net/ipv4/ip_input.c:428 [inline]
        ip_rcv_finish net/ipv4/ip_input.c:414 [inline]
        NF_HOOK include/linux/netfilter.h:421 [inline]
        ip_rcv+0xef/0x140 net/ipv4/ip_input.c:539
        __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5268
        __netif_receive_skb+0x27/0x1c0 net/core/dev.c:5382
        process_backlog+0x1e5/0x6d0 net/core/dev.c:6226
        napi_poll net/core/dev.c:6671 [inline]
        net_rx_action+0x3e3/0xd70 net/core/dev.c:6739
        __do_softirq+0x18c/0x634 kernel/softirq.c:292
        do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1082
        </IRQ>
        do_softirq.part.0+0x26/0x30 kernel/softirq.c:337
        do_softirq arch/x86/include/asm/preempt.h:26 [inline]
        __local_bh_enable_ip+0x46/0x50 kernel/softirq.c:189
        local_bh_enable include/linux/bottom_half.h:32 [inline]
        rcu_read_unlock_bh include/linux/rcupdate.h:723 [inline]
        ip_finish_output2+0x78a/0x19c0 net/ipv4/ip_output.c:229
        __ip_finish_output+0x471/0x720 net/ipv4/ip_output.c:306
        dst_output include/net/dst.h:435 [inline]
        ip_local_out+0x181/0x1e0 net/ipv4/ip_output.c:125
        __ip_queue_xmit+0x7a1/0x14e0 net/ipv4/ip_output.c:530
        __tcp_transmit_skb+0x19dc/0x35e0 net/ipv4/tcp_output.c:1238
        __tcp_send_ack.part.0+0x3c2/0x5b0 net/ipv4/tcp_output.c:3785
        __tcp_send_ack net/ipv4/tcp_output.c:3791 [inline]
        tcp_send_ack+0x7d/0xa0 net/ipv4/tcp_output.c:3791
        tcp_rcv_synsent_state_process net/ipv4/tcp_input.c:6040 [inline]
        tcp_rcv_state_process+0x36a4/0x49c2 net/ipv4/tcp_input.c:6209
        tcp_v4_do_rcv+0x343/0x8b0 net/ipv4/tcp_ipv4.c:1651
        sk_backlog_rcv include/net/sock.h:996 [inline]
        __release_sock+0x1ad/0x310 net/core/sock.c:2548
        release_sock+0x54/0x1a0 net/core/sock.c:3064
        inet_wait_for_connect net/ipv4/af_inet.c:594 [inline]
        __inet_stream_connect+0x57e/0xd50 net/ipv4/af_inet.c:686
        inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:725
        mptcp_stream_connect+0x171/0x5f0 net/mptcp/protocol.c:1920
        __sys_connect_file net/socket.c:1854 [inline]
        __sys_connect+0x267/0x2f0 net/socket.c:1871
        __do_sys_connect net/socket.c:1882 [inline]
        __se_sys_connect net/socket.c:1879 [inline]
        __x64_sys_connect+0x6f/0xb0 net/socket.c:1879
        do_syscall_64+0xb7/0x3d0 arch/x86/entry/common.c:295
        entry_SYSCALL_64_after_hwframe+0x44/0xa9
       RIP: 0033:0x7fb577d06469
       Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89
       f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
       f0 ff ff 73 01 c3 48 8b 0d ff 49 2b 00 f7 d8 64 89 01 48
       RSP: 002b:00007fb5783d5dd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
       RAX: ffffffffffffffda RBX: 000000000068bfa0 RCX: 00007fb577d06469
       RDX: 000000000000004d RSI: 0000000020000040 RDI: 0000000000000003
       RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
       R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
       R13: 000000000041427c R14: 00007fb5783d65c0 R15: 0000000000000003
      
      Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/39Reported-by: default avatarChristoph Paasch <cpaasch@apple.com>
      Fixes: e1ff9e82 ("net: mptcp: improve fallback to TCP")
      Suggested-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Reviewed-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d47a7215
    • Alexander A. Klimov's avatar
      Replace HTTP links with HTTPS ones: IPv* · 7a6498eb
      Alexander A. Klimov authored
      Rationale:
      Reduces attack surface on kernel devs opening the links for MITM
      as HTTPS traffic is much harder to manipulate.
      
      Deterministic algorithm:
      For each file:
        If not .svg:
          For each line:
            If doesn't contain `\bxmlns\b`:
              For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
                If both the HTTP and HTTPS versions
                return 200 OK and serve the same content:
                  Replace HTTP with HTTPS.
      Signed-off-by: default avatarAlexander A. Klimov <grandmaster@al2klimov.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7a6498eb
    • David S. Miller's avatar
      Merge branch 'qed-warnings-cleanup' · 1eafa736
      David S. Miller authored
      Alexander Lobakin says:
      
      ====================
      net: qed/qede: W=1 C=1 warnings cleanup
      
      This set cleans qed/qede build log under W=1 C=1 with GCC 8 and
      sparse 0.6.2. The only thing left is "context imbalance -- unexpected
      unlock" in one of the source files, which will be issued later during
      the refactoring cycles.
      
      The biggest part is handling the endianness warnings. The current code
      often just assumes that both host and device operate in LE, which is
      obviously incorrect (despite the fact that it's true for x86 platforms),
      and makes sparse {s,m}ad.
      
      The rest of the series is mostly random non-functional fixes
      here-and-there.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1eafa736
    • Alexander Lobakin's avatar
      net: qede: fix BE vs CPU comparison · fd081662
      Alexander Lobakin authored
      Flow Dissector's keys are mostly Network / Big Endian. U{16,32}_MAX are
      the same in either of byteorders, but let's make sparse happy with
      wrapping them into noops.
      Signed-off-by: default avatarAlexander Lobakin <alobakin@marvell.com>
      Signed-off-by: default avatarIgor Russkikh <irusskikh@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fd081662
    • Alexander Lobakin's avatar
      net: qede: fix kernel-doc for qede_ptp_adjfreq() · 50089be6
      Alexander Lobakin authored
      One of the function arguments was renamed some time ago, but this
      wasn't reflected in its kernel-doc comment.
      Also add the description for return values.
      Signed-off-by: default avatarAlexander Lobakin <alobakin@marvell.com>
      Signed-off-by: default avatarIgor Russkikh <irusskikh@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      50089be6
    • Alexander Lobakin's avatar
      net: qed: sanitize BE/LE data processing · 5ab90341
      Alexander Lobakin authored
      Current code assumes that both host and device operates in Little Endian
      in lots of places. While this is true for x86 platform, this doesn't mean
      we should not care about this.
      
      This commit addresses all parts of the code that were pointed out by sparse
      checker. All operations with restricted (__be*/__le*) types are now
      protected with explicit from/to CPU conversions, even if they're noops on
      common setups.
      
      I'm sure there are more such places, but this implies a deeper code
      investigation, and is a subject for future works.
      Signed-off-by: default avatarAlexander Lobakin <alobakin@marvell.com>
      Signed-off-by: default avatarIgor Russkikh <irusskikh@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5ab90341
    • Alexander Lobakin's avatar
      net: qed: use ptr shortcuts to dedup field accessing in some parts · a0f3266f
      Alexander Lobakin authored
      Use intermediate pointers instead of multiple dereferencing to
      simplify and beautify parts of code that will be addressed in
      the next commit.
      Signed-off-by: default avatarAlexander Lobakin <alobakin@marvell.com>
      Signed-off-by: default avatarIgor Russkikh <irusskikh@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a0f3266f
    • Alexander Lobakin's avatar
      net: qed: improve indentation of some parts of code · 1451e467
      Alexander Lobakin authored
      To not mix functional and stylistic changes, correct indentation
      of code that will be modified in the subsequent commits.
      Signed-off-by: default avatarAlexander Lobakin <alobakin@marvell.com>
      Signed-off-by: default avatarIgor Russkikh <irusskikh@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1451e467
    • Alexander Lobakin's avatar
      net: qed: address kernel-doc warnings · 71e11a3f
      Alexander Lobakin authored
      Get rid of the kernel-doc warnings when building with W=1+ by
      rewriting the problematic doc comments according to the
      recommended format and style.
      
      Note that this only fixes problems found in C source files,
      headers aren't in scope for now.
      Signed-off-by: default avatarAlexander Lobakin <alobakin@marvell.com>
      Signed-off-by: default avatarIgor Russkikh <irusskikh@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      71e11a3f
    • Alexander Lobakin's avatar
      net: qed: correct qed_hw_err_notify() prototype · 365cd2ce
      Alexander Lobakin authored
      Change the prototype of qed_hw_err_notify() with the following:
      * constify "fmt" argument according to printk() declarations;
      * anontate it with __cold attribute to move the function out of
        the line;
      * annotate it with __printf() attribute;
      
      This eliminates W=1+ warning:
      
      drivers/net/ethernet/qlogic/qed/qed_hw.c: In function
      ‘qed_hw_err_notify’:
      drivers/net/ethernet/qlogic/qed/qed_hw.c:851:3: warning: function
      ‘qed_hw_err_notify’ might be a candidate for ‘gnu_printf’ format
      attribute [-Wsuggest-attribute=format]
       len = vsnprintf(buf, QED_HW_ERR_MAX_STR_SIZE, fmt, vl);
       ^~~
      
      as well as saves some code size:
      
      add/remove: 0/0 grow/shrink: 2/4 up/down: 40/-125 (-85)
      Function                                     old     new   delta
      qed_dmae_execute_command                    1680    1711     +31
      qed_spq_post                                1104    1113      +9
      qed_int_sp_dpc                              3554    3545      -9
      qed_mcp_cmd_and_union                       1896    1876     -20
      qed_hw_err_notify                            395     352     -43
      qed_mcp_handle_events                       2630    2577     -53
      Total: Before=368645, After=368560, chg -0.02%
      
      __printf() will also be helpful with catching bad format strings
      and arguments.
      Signed-off-by: default avatarAlexander Lobakin <alobakin@marvell.com>
      Signed-off-by: default avatarIgor Russkikh <irusskikh@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      365cd2ce
    • Alexander Lobakin's avatar
      net: qed: cleanup global structs declarations · c6b7314d
      Alexander Lobakin authored
      Fix several sparse warnings by moving structs declarations into
      the corresponding header files:
      
      drivers/net/ethernet/qlogic/qed/qed_dcbx.c:2402:32: warning:
      symbol 'qed_dcbnl_ops_pass' was not declared. Should it be static?
      
      drivers/net/ethernet/qlogic/qed/qed_ll2.c:2754:26: warning: symbol
      'qed_ll2_ops_pass' was not declared. Should it be static?
      
      drivers/net/ethernet/qlogic/qed/qed_ptp.c:449:30: warning: symbol
      'qed_ptp_ops_pass' was not declared. Should it be static?
      
      drivers/net/ethernet/qlogic/qed/qed_sriov.c:5265:29: warning:
      symbol 'qed_iov_ops_pass' was not declared. Should it be static?
      
      (some of them were declared twice in different header files)
      
      Also make qed_hw_err_type_descr[] const while at it.
      Signed-off-by: default avatarAlexander Lobakin <alobakin@marvell.com>
      Signed-off-by: default avatarIgor Russkikh <irusskikh@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c6b7314d
    • Alexander Lobakin's avatar
      net: qed: move static iro_arr[] out of header file · 0dfda108
      Alexander Lobakin authored
      Static variables (and functions, unless they're inline) should not
      be declared in header files.
      Move the static array iro_arr[] from "qed_hsi.h" to the sole place
      where it's used, "qed_init_ops.c". This eliminates lots of warnings
      (42 of them actually) against W=1+:
      
      In file included from drivers/net/ethernet/qlogic/qed/qed.h:51:0,
                       from drivers/net/ethernet/qlogic/qed/qed_ooo.c:40:
      drivers/net/ethernet/qlogic/qed/qed_hsi.h:4421:18: warning: 'iro_arr'
      defined but not used [-Wunused-const-variable=]
       static const u32 iro_arr[] = {
                        ^~~~~~~
      Signed-off-by: default avatarAlexander Lobakin <alobakin@marvell.com>
      Signed-off-by: default avatarIgor Russkikh <irusskikh@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0dfda108