1. 29 Jul, 2024 27 commits
  2. 25 Jul, 2024 13 commits
    • Linus Torvalds's avatar
      Merge tag 'net-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 1722389b
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bpf and netfilter.
      
        A lot of networking people were at a conference last week, busy
        catching COVID, so relatively short PR.
      
        Current release - regressions:
      
         - tcp: process the 3rd ACK with sk_socket for TFO and MPTCP
      
        Current release - new code bugs:
      
         - l2tp: protect session IDR and tunnel session list with one lock,
           make sure the state is coherent to avoid a warning
      
         - eth: bnxt_en: update xdp_rxq_info in queue restart logic
      
         - eth: airoha: fix location of the MBI_RX_AGE_SEL_MASK field
      
        Previous releases - regressions:
      
         - xsk: require XDP_UMEM_TX_METADATA_LEN to actuate tx_metadata_len,
           the field reuses previously un-validated pad
      
        Previous releases - always broken:
      
         - tap/tun: drop short frames to prevent crashes later in the stack
      
         - eth: ice: add a per-VF limit on number of FDIR filters
      
         - af_unix: disable MSG_OOB handling for sockets in sockmap/sockhash"
      
      * tag 'net-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (34 commits)
        tun: add missing verification for short frame
        tap: add missing verification for short frame
        mISDN: Fix a use after free in hfcmulti_tx()
        gve: Fix an edge case for TSO skb validity check
        bnxt_en: update xdp_rxq_info in queue restart logic
        tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
        selftests/bpf: Add XDP_UMEM_TX_METADATA_LEN to XSK TX metadata test
        xsk: Require XDP_UMEM_TX_METADATA_LEN to actuate tx_metadata_len
        bpf: Fix a segment issue when downgrading gso_size
        net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling
        MAINTAINERS: make Breno the netconsole maintainer
        MAINTAINERS: Update bonding entry
        net: nexthop: Initialize all fields in dumped nexthops
        net: stmmac: Correct byte order of perfect_match
        selftests: forwarding: skip if kernel not support setting bridge fdb learning limit
        tipc: Return non-zero value from tipc_udp_addr2str() on error
        netfilter: nft_set_pipapo_avx2: disable softinterrupts
        ice: Fix recipe read procedure
        ice: Add a per-VF limit on number of FDIR filters
        net: bonding: correctly annotate RCU in bond_should_notify_peers()
        ...
      1722389b
    • Linus Torvalds's avatar
      Merge tag 'printk-for-6.11-trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux · 8bf10009
      Linus Torvalds authored
      Pull printk updates from Petr Mladek:
      
       - trivial printk changes
      
      The bigger "real" printk work is still being discussed.
      
      * tag 'printk-for-6.11-trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux:
        vsprintf: add missing MODULE_DESCRIPTION() macro
        printk: Rename console_replay_all() and update context
      8bf10009
    • Linus Torvalds's avatar
      Merge tag 'constfy-sysctl-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl · b4856250
      Linus Torvalds authored
      Pull sysctl constification from Joel Granados:
       "Treewide constification of the ctl_table argument of proc_handlers
        using a coccinelle script and some manual code formatting fixups.
      
        This is a prerequisite to moving the static ctl_table structs into
        read-only data section which will ensure that proc_handler function
        pointers cannot be modified"
      
      * tag 'constfy-sysctl-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl:
        sysctl: treewide: constify the ctl_table argument of proc_handlers
      b4856250
    • Linus Torvalds's avatar
      Merge tag 'efi-fixes-for-v6.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi · bba959f4
      Linus Torvalds authored
      Pull EFI fixes from Ard Biesheuvel:
      
       - Wipe screen_info after allocating it from the heap - used by arm32
         and EFI zboot, other EFI architectures allocate it statically
      
       - Revert to allocating boot_params from the heap on x86 when entering
         via the native PE entrypoint, to work around a regression on older
         Dell hardware
      
      * tag 'efi-fixes-for-v6.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
        x86/efistub: Revert to heap allocated boot_params for PE entrypoint
        efi/libstub: Zero initialize heap allocated struct screen_info
      bba959f4
    • Linus Torvalds's avatar
      Merge tag 'kgdb-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux · 9b219936
      Linus Torvalds authored
      Pull kgdb updates from Daniel Thompson:
       "Three small changes this cycle:
      
         - Clean up an architecture abstraction that is no longer needed
           because all the architectures have converged.
      
         - Actually use the prompt argument to kdb_position_cursor() instead
           of ignoring it (functionally this fix is a nop but that was due to
           luck rather than good judgement)
      
         - Fix a -Wformat-security warning"
      
      * tag 'kgdb-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/danielt/linux:
        kdb: Get rid of redundant kdb_curr_task()
        kdb: Use the passed prompt in kdb_position_cursor()
        kdb: address -Wformat-security warnings
      9b219936
    • Linus Torvalds's avatar
      Merge tag 'mips_6.11_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux · 28e7241c
      Linus Torvalds authored
      Pull MIPS updates from Thomas Bogendoerfer:
      
       - Use improved timer sync for Loongson64
      
       - Fix address of GCR_ACCESS register
      
       - Add missing MODULE_DESCRIPTION
      
      * tag 'mips_6.11_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
        mips: sibyte: add missing MODULE_DESCRIPTION() macro
        MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later
        MIPS: Loongson64: Switch to SYNC_R4K
      28e7241c
    • Linus Torvalds's avatar
      Merge tag 'parisc-for-6.11-rc1' of... · f6464295
      Linus Torvalds authored
      Merge tag 'parisc-for-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
      
      Pull parisc updates from Helge Deller:
       "The gettimeofday() and clock_gettime() syscalls are now available as
        vDSO functions, and Dave added a patch which allows to use NVMe cards
        in the PCI slots as fast and easy alternative to SCSI discs.
      
        Summary:
      
         - add gettimeofday() and clock_gettime() vDSO functions
      
         - enable PCI_MSI_ARCH_FALLBACKS to allow PCI to PCIe bridge adaptor
           with PCIe NVME card to function in parisc machines
      
         - allow users to reduce kernel unaligned runtime warnings
      
         - minor code cleanups"
      
      * tag 'parisc-for-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Add support for CONFIG_SYSCTL_ARCH_UNALIGN_NO_WARN
        parisc: Use max() to calculate parisc_tlb_flush_threshold
        parisc: Fix warning at drivers/pci/msi/msi.h:121
        parisc: Add 64-bit gettimeofday() and clock_gettime() vDSO functions
        parisc: Add 32-bit gettimeofday() and clock_gettime() vDSO functions
        parisc: Clean up unistd.h file
      f6464295
    • Linus Torvalds's avatar
      Merge tag 'uml-for-linus-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux · f9bcc61a
      Linus Torvalds authored
      Pull UML updates from Richard Weinberger:
      
       - Support for preemption
      
       - i386 Rust support
      
       - Huge cleanup by Benjamin Berg
      
       - UBSAN support
      
       - Removal of dead code
      
      * tag 'uml-for-linus-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux: (41 commits)
        um: vector: always reset vp->opened
        um: vector: remove vp->lock
        um: register power-off handler
        um: line: always fill *error_out in setup_one_line()
        um: remove pcap driver from documentation
        um: Enable preemption in UML
        um: refactor TLB update handling
        um: simplify and consolidate TLB updates
        um: remove force_flush_all from fork_handler
        um: Do not flush MM in flush_thread
        um: Delay flushing syscalls until the thread is restarted
        um: remove copy_context_skas0
        um: remove LDT support
        um: compress memory related stub syscalls while adding them
        um: Rework syscall handling
        um: Add generic stub_syscall6 function
        um: Create signal stack memory assignment in stub_data
        um: Remove stub-data.h include from common-offsets.h
        um: time-travel: fix signal blocking race/hang
        um: time-travel: remove time_exit()
        ...
      f9bcc61a
    • Linus Torvalds's avatar
      Merge tag 'driver-core-6.11-rc1' of... · c2a96b7f
      Linus Torvalds authored
      Merge tag 'driver-core-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core updates from Greg KH:
       "Here is the big set of driver core changes for 6.11-rc1.
      
        Lots of stuff in here, with not a huge diffstat, but apis are evolving
        which required lots of files to be touched. Highlights of the changes
        in here are:
      
         - platform remove callback api final fixups (Uwe took many releases
           to get here, finally!)
      
         - Rust bindings for basic firmware apis and initial driver-core
           interactions.
      
           It's not all that useful for a "write a whole driver in rust" type
           of thing, but the firmware bindings do help out the phy rust
           drivers, and the driver core bindings give a solid base on which
           others can start their work.
      
           There is still a long way to go here before we have a multitude of
           rust drivers being added, but it's a great first step.
      
         - driver core const api changes.
      
           This reached across all bus types, and there are some fix-ups for
           some not-common bus types that linux-next and 0-day testing shook
           out.
      
           This work is being done to help make the rust bindings more safe,
           as well as the C code, moving toward the end-goal of allowing us to
           put driver structures into read-only memory. We aren't there yet,
           but are getting closer.
      
         - minor devres cleanups and fixes found by code inspection
      
         - arch_topology minor changes
      
         - other minor driver core cleanups
      
        All of these have been in linux-next for a very long time with no
        reported problems"
      
      * tag 'driver-core-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (55 commits)
        ARM: sa1100: make match function take a const pointer
        sysfs/cpu: Make crash_hotplug attribute world-readable
        dio: Have dio_bus_match() callback take a const *
        zorro: make match function take a const pointer
        driver core: module: make module_[add|remove]_driver take a const *
        driver core: make driver_find_device() take a const *
        driver core: make driver_[create|remove]_file take a const *
        firmware_loader: fix soundness issue in `request_internal`
        firmware_loader: annotate doctests as `no_run`
        devres: Correct code style for functions that return a pointer type
        devres: Initialize an uninitialized struct member
        devres: Fix memory leakage caused by driver API devm_free_percpu()
        devres: Fix devm_krealloc() wasting memory
        driver core: platform: Switch to use kmemdup_array()
        driver core: have match() callback in struct bus_type take a const *
        MAINTAINERS: add Rust device abstractions to DRIVER CORE
        device: rust: improve safety comments
        MAINTAINERS: add Danilo as FIRMWARE LOADER maintainer
        MAINTAINERS: add Rust FW abstractions to FIRMWARE LOADER
        firmware: rust: improve safety comments
        ...
      c2a96b7f
    • Linus Torvalds's avatar
      Merge tag 'linux-watchdog-6.11-rc1' of git://www.linux-watchdog.org/linux-watchdog · b2eed733
      Linus Torvalds authored
      Pull watchdog updates from Wim Van Sebroeck:
      
       - make watchdog_class const
      
       - rework of the rzg2l_wdt driver
      
       - other small fixes and improvements
      
      * tag 'linux-watchdog-6.11-rc1' of git://www.linux-watchdog.org/linux-watchdog:
        dt-bindings: watchdog: dlg,da9062-watchdog: Drop blank space
        watchdog: rzn1: Convert comma to semicolon
        watchdog: lenovo_se10_wdt: Convert comma to semicolon
        dt-bindings: watchdog: renesas,wdt: Document RZ/G3S support
        watchdog: rzg2l_wdt: Add suspend/resume support
        watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset
        watchdog: rzg2l_wdt: Remove comparison with zero
        watchdog: rzg2l_wdt: Remove reset de-assert from probe
        watchdog: rzg2l_wdt: Check return status of pm_runtime_put()
        watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get()
        watchdog: rzg2l_wdt: Make the driver depend on PM
        watchdog: rzg2l_wdt: Restrict the driver to ARCH_RZG2L and ARCH_R9A09G011
        watchdog: imx7ulp_wdt: keep already running watchdog enabled
        watchdog: starfive: Add missing clk_disable_unprepare()
        watchdog: Make watchdog_class const
      b2eed733
    • Linus Torvalds's avatar
      Merge tag 'dma-mapping-6.11-2024-07-24' of git://git.infradead.org/users/hch/dma-mapping · 9cf601e8
      Linus Torvalds authored
      Pull dma-mapping fix from Christoph Hellwig:
      
       - fix the order of actions in dmam_free_coherent (Lance Richardson)
      
      * tag 'dma-mapping-6.11-2024-07-24' of git://git.infradead.org/users/hch/dma-mapping:
        dma: fix call order in dmam_free_coherent
      9cf601e8
    • Jakub Kicinski's avatar
      Merge branch 'tap-tun-harden-by-dropping-short-frame' · af65ea42
      Jakub Kicinski authored
      Dongli Zhang says:
      
      ====================
      tap/tun: harden by dropping short frame
      
      This is to harden all of tap/tun to avoid any short frame smaller than the
      Ethernet header (ETH_HLEN).
      
      While the xen-netback already rejects short frame smaller than ETH_HLEN ...
      
       914 static void xenvif_tx_build_gops(struct xenvif_queue *queue,
       915                                      int budget,
       916                                      unsigned *copy_ops,
       917                                      unsigned *map_ops)
       918 {
      ... ...
      1007                 if (unlikely(txreq.size < ETH_HLEN)) {
      1008                         netdev_dbg(queue->vif->dev,
      1009                                    "Bad packet size: %d\n", txreq.size);
      1010                         xenvif_tx_err(queue, &txreq, extra_count, idx);
      1011                         break;
      1012                 }
      
      ... the short frame may not be dropped by vhost-net/tap/tun.
      
      This fixes CVE-2024-41090 and CVE-2024-41091.
      ====================
      
      Link: https://patch.msgid.link/20240724170452.16837-1-dongli.zhang@oracle.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      af65ea42
    • Dongli Zhang's avatar
      tun: add missing verification for short frame · 04958480
      Dongli Zhang authored
      The cited commit missed to check against the validity of the frame length
      in the tun_xdp_one() path, which could cause a corrupted skb to be sent
      downstack. Even before the skb is transmitted, the
      tun_xdp_one-->eth_type_trans() may access the Ethernet header although it
      can be less than ETH_HLEN. Once transmitted, this could either cause
      out-of-bound access beyond the actual length, or confuse the underlayer
      with incorrect or inconsistent header length in the skb metadata.
      
      In the alternative path, tun_get_user() already prohibits short frame which
      has the length less than Ethernet header size from being transmitted for
      IFF_TAP.
      
      This is to drop any frame shorter than the Ethernet header size just like
      how tun_get_user() does.
      
      CVE: CVE-2024-41091
      Inspired-by: https://lore.kernel.org/netdev/1717026141-25716-1-git-send-email-si-wei.liu@oracle.com/
      Fixes: 043d222f ("tuntap: accept an array of XDP buffs through sendmsg()")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDongli Zhang <dongli.zhang@oracle.com>
      Reviewed-by: default avatarSi-Wei Liu <si-wei.liu@oracle.com>
      Reviewed-by: default avatarWillem de Bruijn <willemb@google.com>
      Reviewed-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Reviewed-by: default avatarJason Wang <jasowang@redhat.com>
      Link: https://patch.msgid.link/20240724170452.16837-3-dongli.zhang@oracle.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      04958480