1. 13 Jul, 2020 22 commits
  2. 12 Jul, 2020 8 commits
  3. 11 Jul, 2020 6 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.8b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 0aea6d5c
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "Just one fix of a recent patch (double free in an error path)"
      
      * tag 'for-linus-5.8b-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/xenbus: Fix a double free in xenbus_map_ring_pv()
      0aea6d5c
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.8-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 997c4431
      Linus Torvalds authored
      Pull powerpc fix from Michael Ellerman:
       "One fix for a crash/soft lockup on Power8, caused by the exception
        rework we did in v5.7.
      
        Thanks to Paul Menzel and Nicholas Piggin"
      
      * tag 'powerpc-5.8-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/64s/exception: Fix 0x1500 interrupt handler crash
      997c4431
    • Linus Torvalds's avatar
      Merge tag 'libnvdimm-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 1df0d896
      Linus Torvalds authored
      Pull libnvdimm fix from Dan Williams:
       "A one-line Fix for key ring search permissions to address a regression
        from -rc1"
      
      * tag 'libnvdimm-fix-v5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        libnvdimm/security: Fix key lookup permissions
      1df0d896
    • Linus Torvalds's avatar
      Merge tag '5.8-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 5ab39e08
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Four cifs/smb3 fixes: the three for stable fix problems found recently
        with change notification including a reference count leak"
      
      * tag '5.8-rc4-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: update internal module version number
        cifs: fix reference leak for tlink
        smb3: fix unneeded error message on change notify
        cifs: remove the retry in cifs_poxis_lock_set
        smb3: fix access denied on change notify request to some servers
      5ab39e08
    • Linus Torvalds's avatar
      Merge tag 'inclusive-terminology' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux · 49decddd
      Linus Torvalds authored
      Pull coding style terminology documentation from Dan Williams:
       "The discussion has tapered off as well as the incoming ack, review,
        and sign-off tags. I did not see a reason to wait for the next merge
        window"
      
      * tag 'inclusive-terminology' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux:
        CodingStyle: Inclusive Terminology
      49decddd
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 5a764898
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Restore previous behavior of CAP_SYS_ADMIN wrt loading networking
          BPF programs, from Maciej Żenczykowski.
      
       2) Fix dropped broadcasts in mac80211 code, from Seevalamuthu
          Mariappan.
      
       3) Slay memory leak in nl80211 bss color attribute parsing code, from
          Luca Coelho.
      
       4) Get route from skb properly in ip_route_use_hint(), from Miaohe Lin.
      
       5) Don't allow anything other than ARPHRD_ETHER in llc code, from Eric
          Dumazet.
      
       6) xsk code dips too deeply into DMA mapping implementation internals.
          Add dma_need_sync and use it. From Christoph Hellwig
      
       7) Enforce power-of-2 for BPF ringbuf sizes. From Andrii Nakryiko.
      
       8) Check for disallowed attributes when loading flow dissector BPF
          programs. From Lorenz Bauer.
      
       9) Correct packet injection to L3 tunnel devices via AF_PACKET, from
          Jason A. Donenfeld.
      
      10) Don't advertise checksum offload on ipa devices that don't support
          it. From Alex Elder.
      
      11) Resolve several issues in TCP MD5 signature support. Missing memory
          barriers, bogus options emitted when using syncookies, and failure
          to allow md5 key changes in established states. All from Eric
          Dumazet.
      
      12) Fix interface leak in hsr code, from Taehee Yoo.
      
      13) VF reset fixes in hns3 driver, from Huazhong Tan.
      
      14) Make loopback work again with ipv6 anycast, from David Ahern.
      
      15) Fix TX starvation under high load in fec driver, from Tobias
          Waldekranz.
      
      16) MLD2 payload lengths not checked properly in bridge multicast code,
          from Linus Lüssing.
      
      17) Packet scheduler code that wants to find the inner protocol
          currently only works for one level of VLAN encapsulation. Allow
          Q-in-Q situations to work properly here, from Toke
          Høiland-Jørgensen.
      
      18) Fix route leak in l2tp, from Xin Long.
      
      19) Resolve conflict between the sk->sk_user_data usage of bpf reuseport
          support and various protocols. From Martin KaFai Lau.
      
      20) Fix socket cgroup v2 reference counting in some situations, from
          Cong Wang.
      
      21) Cure memory leak in mlx5 connection tracking offload support, from
          Eli Britstein.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (146 commits)
        mlxsw: pci: Fix use-after-free in case of failed devlink reload
        mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
        net: macb: fix call to pm_runtime in the suspend/resume functions
        net: macb: fix macb_suspend() by removing call to netif_carrier_off()
        net: macb: fix macb_get/set_wol() when moving to phylink
        net: macb: mark device wake capable when "magic-packet" property present
        net: macb: fix wakeup test in runtime suspend/resume routines
        bnxt_en: fix NULL dereference in case SR-IOV configuration fails
        libbpf: Fix libbpf hashmap on (I)LP32 architectures
        net/mlx5e: CT: Fix memory leak in cleanup
        net/mlx5e: Fix port buffers cell size value
        net/mlx5e: Fix 50G per lane indication
        net/mlx5e: Fix CPU mapping after function reload to avoid aRFS RX crash
        net/mlx5e: Fix VXLAN configuration restore after function reload
        net/mlx5e: Fix usage of rcu-protected pointer
        net/mxl5e: Verify that rpriv is not NULL
        net/mlx5: E-Switch, Fix vlan or qos setting in legacy mode
        net/mlx5: Fix eeprom support for SFP module
        cgroup: Fix sock_cgroup_data on big-endian.
        selftests: bpf: Fix detach from sockmap tests
        ...
      5a764898
  4. 10 Jul, 2020 4 commits
    • Nathan Chancellor's avatar
      mips: Remove compiler check in unroll macro · 9321f1aa
      Nathan Chancellor authored
      CONFIG_CC_IS_GCC is undefined when Clang is used, which breaks the build
      (see our Travis link below).
      
      Clang 8 was chosen as a minimum version for this check because there
      were some improvements around __builtin_constant_p in that release. In
      reality, MIPS was not even buildable until clang 9 so that check was not
      technically necessary. Just remove all compiler checks and just assume
      that we have a working compiler.
      
      Fixes: d4e60453 ("Restore gcc check in mips asm/unroll.h")
      Link: https://travis-ci.com/github/ClangBuiltLinux/continuous-integration/jobs/359642821Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9321f1aa
    • David S. Miller's avatar
      Merge branch 'mlxsw-Various-fixes' · 1195c7ce
      David S. Miller authored
      Ido Schimmel says:
      
      ====================
      mlxsw: Various fixes
      
      Fix two issues found by syzkaller.
      
      Patch #1 removes inappropriate usage of WARN_ON() following memory
      allocation failure. Constantly triggered when syzkaller injects faults.
      
      Patch #2 fixes a use-after-free that can be triggered by 'devlink dev
      info' following a failed devlink reload.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1195c7ce
    • Ido Schimmel's avatar
      mlxsw: pci: Fix use-after-free in case of failed devlink reload · c4317b11
      Ido Schimmel authored
      In case devlink reload failed, it is possible to trigger a
      use-after-free when querying the kernel for device info via 'devlink dev
      info' [1].
      
      This happens because as part of the reload error path the PCI command
      interface is de-initialized and its mailboxes are freed. When the
      devlink '->info_get()' callback is invoked the device is queried via the
      command interface and the freed mailboxes are accessed.
      
      Fix this by initializing the command interface once during probe and not
      during every reload.
      
      This is consistent with the other bus used by mlxsw (i.e., 'mlxsw_i2c')
      and also allows user space to query the running firmware version (for
      example) from the device after a failed reload.
      
      [1]
      BUG: KASAN: use-after-free in memcpy include/linux/string.h:406 [inline]
      BUG: KASAN: use-after-free in mlxsw_pci_cmd_exec+0x177/0xa60 drivers/net/ethernet/mellanox/mlxsw/pci.c:1675
      Write of size 4096 at addr ffff88810ae32000 by task syz-executor.1/2355
      
      CPU: 1 PID: 2355 Comm: syz-executor.1 Not tainted 5.8.0-rc2+ #29
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
      Call Trace:
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0xf6/0x16e lib/dump_stack.c:118
       print_address_description.constprop.0+0x1c/0x250 mm/kasan/report.c:383
       __kasan_report mm/kasan/report.c:513 [inline]
       kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
       check_memory_region_inline mm/kasan/generic.c:186 [inline]
       check_memory_region+0x14e/0x1b0 mm/kasan/generic.c:192
       memcpy+0x39/0x60 mm/kasan/common.c:106
       memcpy include/linux/string.h:406 [inline]
       mlxsw_pci_cmd_exec+0x177/0xa60 drivers/net/ethernet/mellanox/mlxsw/pci.c:1675
       mlxsw_cmd_exec+0x249/0x550 drivers/net/ethernet/mellanox/mlxsw/core.c:2335
       mlxsw_cmd_access_reg drivers/net/ethernet/mellanox/mlxsw/cmd.h:859 [inline]
       mlxsw_core_reg_access_cmd drivers/net/ethernet/mellanox/mlxsw/core.c:1938 [inline]
       mlxsw_core_reg_access+0x2f6/0x540 drivers/net/ethernet/mellanox/mlxsw/core.c:1985
       mlxsw_reg_query drivers/net/ethernet/mellanox/mlxsw/core.c:2000 [inline]
       mlxsw_devlink_info_get+0x17f/0x6e0 drivers/net/ethernet/mellanox/mlxsw/core.c:1090
       devlink_nl_info_fill.constprop.0+0x13c/0x2d0 net/core/devlink.c:4588
       devlink_nl_cmd_info_get_dumpit+0x246/0x460 net/core/devlink.c:4648
       genl_lock_dumpit+0x85/0xc0 net/netlink/genetlink.c:575
       netlink_dump+0x515/0xe50 net/netlink/af_netlink.c:2245
       __netlink_dump_start+0x53d/0x830 net/netlink/af_netlink.c:2353
       genl_family_rcv_msg_dumpit.isra.0+0x296/0x300 net/netlink/genetlink.c:638
       genl_family_rcv_msg net/netlink/genetlink.c:733 [inline]
       genl_rcv_msg+0x78d/0x9d0 net/netlink/genetlink.c:753
       netlink_rcv_skb+0x152/0x440 net/netlink/af_netlink.c:2469
       genl_rcv+0x24/0x40 net/netlink/genetlink.c:764
       netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
       netlink_unicast+0x53a/0x750 net/netlink/af_netlink.c:1329
       netlink_sendmsg+0x850/0xd90 net/netlink/af_netlink.c:1918
       sock_sendmsg_nosec net/socket.c:652 [inline]
       sock_sendmsg+0x150/0x190 net/socket.c:672
       ____sys_sendmsg+0x6d8/0x840 net/socket.c:2363
       ___sys_sendmsg+0xff/0x170 net/socket.c:2417
       __sys_sendmsg+0xe5/0x1b0 net/socket.c:2450
       do_syscall_64+0x56/0xa0 arch/x86/entry/common.c:359
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Fixes: a9c8336f ("mlxsw: core: Add support for devlink info command")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c4317b11
    • Ido Schimmel's avatar
      mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() · d9d54202
      Ido Schimmel authored
      We should not trigger a warning when a memory allocation fails. Remove
      the WARN_ON().
      
      The warning is constantly triggered by syzkaller when it is injecting
      faults:
      
      [ 2230.758664] FAULT_INJECTION: forcing a failure.
      [ 2230.758664] name failslab, interval 1, probability 0, space 0, times 0
      [ 2230.762329] CPU: 3 PID: 1407 Comm: syz-executor.0 Not tainted 5.8.0-rc2+ #28
      ...
      [ 2230.898175] WARNING: CPU: 3 PID: 1407 at drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:6265 mlxsw_sp_router_fib_event+0xfad/0x13e0
      [ 2230.898179] Kernel panic - not syncing: panic_on_warn set ...
      [ 2230.898183] CPU: 3 PID: 1407 Comm: syz-executor.0 Not tainted 5.8.0-rc2+ #28
      [ 2230.898190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
      
      Fixes: 3057224e ("mlxsw: spectrum_router: Implement FIB offload in deferred work")
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d9d54202