1. 15 Apr, 2022 32 commits
  2. 14 Apr, 2022 8 commits
    • Linus Torvalds's avatar
      Merge tag 'net-5.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · d20339fa
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Including fixes from wireless and netfilter.
      
        Current release - regressions:
      
         - smc: fix af_ops of child socket pointing to released memory
      
         - wifi: ath9k: fix usage of driver-private space in tx_info
      
        Previous releases - regressions:
      
         - ipv6: fix panic when forwarding a pkt with no in6 dev
      
         - sctp: use the correct skb for security_sctp_assoc_request
      
         - smc: fix NULL pointer dereference in smc_pnet_find_ib()
      
         - sched: fix initialization order when updating chain 0 head
      
         - phy: don't defer probe forever if PHY IRQ provider is missing
      
         - dsa: revert "net: dsa: setup master before ports"
      
         - dsa: felix: fix tagging protocol changes with multiple CPU ports
      
         - eth: ice:
            - fix use-after-free when freeing @rx_cpu_rmap
            - revert "iavf: fix deadlock occurrence during resetting VF
              interface"
      
         - eth: lan966x: stop processing the MAC entry is port is wrong
      
        Previous releases - always broken:
      
         - sched:
            - flower: fix parsing of ethertype following VLAN header
            - taprio: check if socket flags are valid
      
         - nfc: add flush_workqueue to prevent uaf
      
         - veth: ensure eth header is in skb's linear part
      
         - eth: stmmac: fix altr_tse_pcs function when using a fixed-link
      
         - eth: macb: restart tx only if queue pointer is lagging
      
         - eth: macvlan: fix leaking skb in source mode with nodst option"
      
      * tag 'net-5.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (52 commits)
        net: bcmgenet: Revert "Use stronger register read/writes to assure ordering"
        rtnetlink: Fix handling of disabled L3 stats in RTM_GETSTATS replies
        net: dsa: felix: fix tagging protocol changes with multiple CPU ports
        tun: annotate access to queue->trans_start
        nfc: nci: add flush_workqueue to prevent uaf
        net: dsa: realtek: don't parse compatible string for RTL8366S
        net: dsa: realtek: fix Kconfig to assure consistent driver linkage
        net: ftgmac100: access hardware register after clock ready
        Revert "net: dsa: setup master before ports"
        macvlan: Fix leaking skb in source mode with nodst option
        netfilter: nf_tables: nft_parse_register can return a negative value
        net: lan966x: Stop processing the MAC entry is port is wrong.
        net: lan966x: Fix when a port's upper is changed.
        net: lan966x: Fix IGMP snooping when frames have vlan tag
        net: lan966x: Update lan966x_ptp_get_nominal_value
        sctp: Initialize daddr on peeled off socket
        net/smc: Fix af_ops of child socket pointing to released memory
        net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
        net/smc: use memcpy instead of snprintf to avoid out of bounds read
        net: macb: Restart tx only if queue pointer is lagging
        ...
      d20339fa
    • Linus Torvalds's avatar
      Merge tag 'sound-5.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · b9b4c79e
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "This became an unexpectedly large pull request due to various
        regression fixes in the previous kernels.
      
        The majority of fixes are a series of patches to address the
        regression at probe errors in devres'ed drivers, while there are yet
        more fixes for the x86 SG allocations and for USB-audio buffer
        management. In addition, a few HD-audio quirks and other small fixes
        are found"
      
      * tag 'sound-5.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (52 commits)
        ALSA: usb-audio: Limit max buffer and period sizes per time
        ALSA: memalloc: Add fallback SG-buffer allocations for x86
        ALSA: nm256: Don't call card private_free at probe error path
        ALSA: mtpav: Don't call card private_free at probe error path
        ALSA: rme9652: Fix the missing snd_card_free() call at probe error
        ALSA: hdspm: Fix the missing snd_card_free() call at probe error
        ALSA: hdsp: Fix the missing snd_card_free() call at probe error
        ALSA: oxygen: Fix the missing snd_card_free() call at probe error
        ALSA: lx6464es: Fix the missing snd_card_free() call at probe error
        ALSA: cmipci: Fix the missing snd_card_free() call at probe error
        ALSA: aw2: Fix the missing snd_card_free() call at probe error
        ALSA: als300: Fix the missing snd_card_free() call at probe error
        ALSA: lola: Fix the missing snd_card_free() call at probe error
        ALSA: bt87x: Fix the missing snd_card_free() call at probe error
        ALSA: sis7019: Fix the missing error handling
        ALSA: intel_hdmi: Fix the missing snd_card_free() call at probe error
        ALSA: via82xx: Fix the missing snd_card_free() call at probe error
        ALSA: sonicvibes: Fix the missing snd_card_free() call at probe error
        ALSA: rme96: Fix the missing snd_card_free() call at probe error
        ALSA: rme32: Fix the missing snd_card_free() call at probe error
        ...
      b9b4c79e
    • Linus Torvalds's avatar
      Merge tag 'for-5.18-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 722985e2
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "A few more code and warning fixes.
      
        There's one feature ioctl removal patch slated for 5.18 that did not
        make it to the main pull request. It's just a one-liner and the ioctl
        has a v2 that's in use for a long time, no point to postpone it to
        5.19.
      
        Late update:
      
         - remove balance v1 ioctl, superseded by v2 in 2012
      
        Fixes:
      
         - add back cgroup attribution for compressed writes
      
         - add super block write start/end annotations to asynchronous balance
      
         - fix root reference count on an error handling path
      
         - in zoned mode, activate zone at the chunk allocation time to avoid
           ENOSPC due to timing issues
      
         - fix delayed allocation accounting for direct IO
      
        Warning fixes:
      
         - simplify assertion condition in zoned check
      
         - remove an unused variable"
      
      * tag 'for-5.18-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: fix btrfs_submit_compressed_write cgroup attribution
        btrfs: fix root ref counts in error handling in btrfs_get_root_ref
        btrfs: zoned: activate block group only for extent allocation
        btrfs: return allocated block group from do_chunk_alloc()
        btrfs: mark resumed async balance as writing
        btrfs: remove support of balance v1 ioctl
        btrfs: release correct delalloc amount in direct IO write path
        btrfs: remove unused variable in btrfs_{start,write}_dirty_block_groups()
        btrfs: zoned: remove redundant condition in btrfs_run_delalloc_range
      722985e2
    • Linus Torvalds's avatar
      Merge tag 'fscache-fixes-20220413' of... · ec9c57a7
      Linus Torvalds authored
      Merge tag 'fscache-fixes-20220413' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
      
      Pull fscache fixes from David Howells:
       "Here's a collection of fscache and cachefiles fixes and misc small
        cleanups. The two main fixes are:
      
         - Add a missing unmark of the inode in-use mark in an error path.
      
         - Fix a KASAN slab-out-of-bounds error when setting the xattr on a
           cachefiles volume due to the wrong length being given to memcpy().
      
        In addition, there's the removal of an unused parameter, removal of an
        unused Kconfig option, conditionalising a bit of procfs-related stuff
        and some doc fixes"
      
      * tag 'fscache-fixes-20220413' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
        fscache: remove FSCACHE_OLD_API Kconfig option
        fscache: Use wrapper fscache_set_cache_state() directly when relinquishing
        fscache: Move fscache_cookies_seq_ops specific code under CONFIG_PROC_FS
        fscache: Remove the cookie parameter from fscache_clear_page_bits()
        docs: filesystems: caching/backend-api.rst: fix an object withdrawn API
        docs: filesystems: caching/backend-api.rst: correct two relinquish APIs use
        cachefiles: Fix KASAN slab-out-of-bounds in cachefiles_set_volume_xattr
        cachefiles: unmark inode in use in error path
      ec9c57a7
    • Paolo Abeni's avatar
      Merge branch 'rndis_host-handle-bogus-mac-addresses-in-zte-rndis-devices' · caf968b4
      Paolo Abeni authored
      Lech Perczak says:
      
      ====================
      rndis_host: handle bogus MAC addresses in ZTE RNDIS devices
      
      When porting support of ZTE MF286R to OpenWrt [1], it was discovered,
      that its built-in LTE modem fails to adjust its target MAC address,
      when a random MAC address is assigned to the interface, due to detection of
      "locally-administered address" bit. This leads to dropping of ingress
      trafficat the host. The modem uses RNDIS as its primary interface,
      with some variants exposing both of them simultaneously.
      
      Then it was discovered, that cdc_ether driver contains a fixup for that
      exact issue, also appearing on CDC ECM interfaces.
      I discussed how to proceed with that with Bjørn Mork at OpenWrt forum [3],
      with the first approach would be to trust the locally-administered MAC
      again, and add a quirk for the problematic ZTE devices, as suggested by
      Kristian Evensen. before [4], but reusing the fixup from cdc_ether looks
      like a safer and more generic solution.
      
      Finally, according to Bjørn's suggestion. limit the scope of bogus MAC
      addressdetection to ZTE devices, the same way as it is done in cdc_ether,
      as this trait wasn't really observed outside of ZTE devices.
      Do that for both flavours of RNDIS devices, with interface classes
      02/02/ff and e0/01/03, as both types are reported by different modems.
      
      [1] https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=7ac8da00609f42b8aba74b7efc6b0d055b7cef3e
      [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bfe9b9d2df669a57a95d641ed46eb018e204c6ce
      [3] https://forum.openwrt.org/t/problem-with-modem-in-zte-mf286r/120988
      [4] https://lore.kernel.org/all/CAKfDRXhDp3heiD75Lat7cr1JmY-kaJ-MS0tt7QXX=s8RFjbpUQ@mail.gmail.com/T/
      
      Cc: Bjørn Mork <bjorn@mork.no>
      Cc: Kristian Evensen <kristian.evensen@gmail.com>
      Cc: Oliver Neukum <oliver@neukum.org>
      
      v3: Fixed wrong identifier commit description and whitespace in patch 2.
      
      v2: ensure that MAC fixup is applied to all Ethernet frames in RNDIS
      batch, by introducing a driver flag, and integrating the fixup inside
      rndis_rx_fixup().
      ====================
      
      Link: https://lore.kernel.org/r/20220413014416.2306843-1-lech.perczak@gmail.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      caf968b4
    • Lech Perczak's avatar
      rndis_host: limit scope of bogus MAC address detection to ZTE devices · 171cfae6
      Lech Perczak authored
      Reporting of bogus MAC addresses and ignoring configuration of new
      destination address wasn't observed outside of a range of ZTE devices,
      among which this seems to be the common bug. Align rndis_host driver
      with implementation found in cdc_ether, which also limits this workaround
      to ZTE devices.
      Suggested-by: default avatarBjørn Mork <bjorn@mork.no>
      Cc: Kristian Evensen <kristian.evensen@gmail.com>
      Cc: Oliver Neukum <oliver@neukum.org>
      Signed-off-by: default avatarLech Perczak <lech.perczak@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      171cfae6
    • Lech Perczak's avatar
      rndis_host: enable the bogus MAC fixup for ZTE devices from cdc_ether · 36e74797
      Lech Perczak authored
      Certain ZTE modems, namely: MF823. MF831, MF910, built-in modem from
      MF286R, expose both CDC-ECM and RNDIS network interfaces.
      They have a trait of ignoring the locally-administered MAC address
      configured on the interface both in CDC-ECM and RNDIS part,
      and this leads to dropping of incoming traffic by the host.
      However, the workaround was only present in CDC-ECM, and MF286R
      explicitly requires it in RNDIS mode.
      
      Re-use the workaround in rndis_host as well, to fix operation of MF286R
      module, some versions of which expose only the RNDIS interface. Do so by
      introducing new flag, RNDIS_DRIVER_DATA_DST_MAC_FIXUP, and testing for it
      in rndis_rx_fixup. This is required, as RNDIS uses frame batching, and all
      of the packets inside the batch need the fixup. This might introduce a
      performance penalty, because test is done for every returned Ethernet
      frame.
      
      Apply the workaround to both "flavors" of RNDIS interfaces, as older ZTE
      modems, like MF823 found in the wild, report the USB_CLASS_COMM class
      interfaces, while MF286R reports USB_CLASS_WIRELESS_CONTROLLER.
      Suggested-by: default avatarBjørn Mork <bjorn@mork.no>
      Cc: Kristian Evensen <kristian.evensen@gmail.com>
      Cc: Oliver Neukum <oliver@neukum.org>
      Signed-off-by: default avatarLech Perczak <lech.perczak@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      36e74797
    • Lech Perczak's avatar
      cdc_ether: export usbnet_cdc_zte_rx_fixup · 64b97df9
      Lech Perczak authored
      Commit bfe9b9d2 ("cdc_ether: Improve ZTE MF823/831/910 handling")
      introduces a workaround for certain ZTE modems reporting invalid MAC
      addresses over CDC-ECM.
      The same issue was present on their RNDIS interface,which was fixed in
      commit a5a18bdf ("rndis_host: Set valid random MAC on buggy devices").
      
      However, internal modem of ZTE MF286R router, on its RNDIS interface, also
      exhibits a second issue fixed already in CDC-ECM, of the device not
      respecting configured random MAC address. In order to share the fixup for
      this with rndis_host driver, export the workaround function, which will
      be re-used in the following commit in rndis_host.
      
      Cc: Kristian Evensen <kristian.evensen@gmail.com>
      Cc: Bjørn Mork <bjorn@mork.no>
      Cc: Oliver Neukum <oliver@neukum.org>
      Signed-off-by: default avatarLech Perczak <lech.perczak@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      64b97df9