1. 12 Sep, 2024 7 commits
    • Marc Kleine-Budde's avatar
      can: m_can: m_can_close(): stop clocks after device has been shut down · 2c09b50e
      Marc Kleine-Budde authored
      After calling m_can_stop() an interrupt may be pending or NAPI might
      still be executed. This means the driver might still touch registers
      of the IP core after the clocks have been disabled. This is not good
      practice and might lead to aborts depending on the SoC integration.
      
      To avoid these potential problems, make m_can_close() symmetric to
      m_can_open(), i.e. stop the clocks at the end, right before shutting
      down the transceiver.
      
      Fixes: e0d1f481 ("can: m_can: add Bosch M_CAN controller support")
      Link: https://patch.msgid.link/20240910-can-m_can-fix-ifup-v3-2-6c1720ba45ce@pengutronix.deSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      2c09b50e
    • Jake Hamby's avatar
      can: m_can: enable NAPI before enabling interrupts · 801ad2f8
      Jake Hamby authored
      If an interrupt (RX-complete or error flag) is set when bringing up
      the CAN device, e.g. due to CAN bus traffic before initializing the
      device, when m_can_start() is called and interrupts are enabled,
      m_can_isr() is called immediately, which disables all CAN interrupts
      and calls napi_schedule().
      
      Because napi_enable() isn't called until later in m_can_open(), the
      call to napi_schedule() never schedules the m_can_poll() callback and
      the device is left with interrupts disabled and can't receive any CAN
      packets until rebooted.
      
      This can be verified by running "cansend" from another device before
      setting the bitrate and calling "ip link set up can0" on the test
      device. Adding debug lines to m_can_isr() shows it's called with flags
      (IR_EP | IR_EW | IR_CRCE), which calls m_can_disable_all_interrupts()
      and napi_schedule(), and then m_can_poll() is never called.
      
      Move the call to napi_enable() above the call to m_can_start() to
      enable any initial interrupt flags to be handled by m_can_poll() so
      that interrupts are reenabled. Add a call to napi_disable() in the
      error handling section of m_can_open(), to handle the case where later
      functions return errors.
      
      Also, in m_can_close(), move the call to napi_disable() below the call
      to m_can_stop() to ensure all interrupts are handled when bringing
      down the device. This race condition is much less likely to occur.
      
      Tested on a Microchip SAMA7G54 MPU. The fix should be applicable to
      any SoC with a Bosch M_CAN controller.
      Signed-off-by: default avatarJake Hamby <Jake.Hamby@Teledyne.com>
      Fixes: e0d1f481 ("can: m_can: add Bosch M_CAN controller support")
      Link: https://patch.msgid.link/20240910-can-m_can-fix-ifup-v3-1-6c1720ba45ce@pengutronix.deSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      801ad2f8
    • Martin Jocic's avatar
      can: kvaser_pciefd: Enable 64-bit DMA addressing · d0fa0640
      Martin Jocic authored
      Enabling 64-bit addressing for DMA buffers will prevent issues
      on some memory constrained platforms like e.g. Raspberry Pi 5,
      where the driver won't load because it cannot allocate enough
      continuous memory in the default 32-bit memory address range.
      Signed-off-by: default avatarMartin Jocic <martin.jocic@kvaser.com>
      Link: https://patch.msgid.link/d7340f78e3db305bfeeb8229d2dd1c9077e10b92.1725875278.git.martin.jocic@kvaser.comSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      d0fa0640
    • Stefan Mätje's avatar
      can: esd_usb: Remove CAN_CTRLMODE_3_SAMPLES for CAN-USB/3-FD · 75b31895
      Stefan Mätje authored
      Remove the CAN_CTRLMODE_3_SAMPLES announcement for CAN-USB/3-FD devices
      because these devices don't support it.
      
      The hardware has a Microchip SAM E70 microcontroller that uses a Bosch
      MCAN IP core as CAN FD controller. But this MCAN core doesn't support
      triple sampling.
      
      Fixes: 80662d94 ("can: esd_usb: Add support for esd CAN-USB/3")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarStefan Mätje <stefan.maetje@esd.eu>
      Reviewed-by: default avatarVincent Mailhol <mailhol.vincent@wanadoo.fr>
      Link: https://patch.msgid.link/20240904222740.2985864-2-stefan.maetje@esd.euSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      75b31895
    • Kuniyuki Iwashima's avatar
      can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). · 94b0818f
      Kuniyuki Iwashima authored
      syzbot reported a warning in bcm_release(). [0]
      
      The blamed change fixed another warning that is triggered when
      connect() is issued again for a socket whose connect()ed device has
      been unregistered.
      
      However, if the socket is just close()d without the 2nd connect(), the
      remaining bo->bcm_proc_read triggers unnecessary remove_proc_entry()
      in bcm_release().
      
      Let's clear bo->bcm_proc_read after remove_proc_entry() in bcm_notify().
      
      [0]
      name '4986'
      WARNING: CPU: 0 PID: 5234 at fs/proc/generic.c:711 remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711
      Modules linked in:
      CPU: 0 UID: 0 PID: 5234 Comm: syz-executor606 Not tainted 6.11.0-rc5-syzkaller-00178-g5517ae24 #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
      RIP: 0010:remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711
      Code: ff eb 05 e8 cb 1e 5e ff 48 8b 5c 24 10 48 c7 c7 e0 f7 aa 8e e8 2a 38 8e 09 90 48 c7 c7 60 3a 1b 8c 48 89 de e8 da 42 20 ff 90 <0f> 0b 90 90 48 8b 44 24 18 48 c7 44 24 40 0e 36 e0 45 49 c7 04 07
      RSP: 0018:ffffc9000345fa20 EFLAGS: 00010246
      RAX: 2a2d0aee2eb64600 RBX: ffff888032f1f548 RCX: ffff888029431e00
      RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
      RBP: ffffc9000345fb08 R08: ffffffff8155b2f2 R09: 1ffff1101710519a
      R10: dffffc0000000000 R11: ffffed101710519b R12: ffff888011d38640
      R13: 0000000000000004 R14: 0000000000000000 R15: dffffc0000000000
      FS:  0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007fcfb52722f0 CR3: 000000000e734000 CR4: 00000000003506f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       <TASK>
       bcm_release+0x250/0x880 net/can/bcm.c:1578
       __sock_release net/socket.c:659 [inline]
       sock_close+0xbc/0x240 net/socket.c:1421
       __fput+0x24a/0x8a0 fs/file_table.c:422
       task_work_run+0x24f/0x310 kernel/task_work.c:228
       exit_task_work include/linux/task_work.h:40 [inline]
       do_exit+0xa2f/0x27f0 kernel/exit.c:882
       do_group_exit+0x207/0x2c0 kernel/exit.c:1031
       __do_sys_exit_group kernel/exit.c:1042 [inline]
       __se_sys_exit_group kernel/exit.c:1040 [inline]
       __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040
       x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      RIP: 0033:0x7fcfb51ee969
      Code: Unable to access opcode bytes at 0x7fcfb51ee93f.
      RSP: 002b:00007ffce0109ca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
      RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcfb51ee969
      RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
      RBP: 00007fcfb526f3b0 R08: ffffffffffffffb8 R09: 0000555500000000
      R10: 0000555500000000 R11: 0000000000000246 R12: 00007fcfb526f3b0
      R13: 0000000000000000 R14: 00007fcfb5271ee0 R15: 00007fcfb51bf160
       </TASK>
      
      Fixes: 76fe372c ("can: bcm: Remove proc entry when dev is unregistered.")
      Reported-by: syzbot+0532ac7a06fb1a03187e@syzkaller.appspotmail.com
      Closes: https://syzkaller.appspot.com/bug?extid=0532ac7a06fb1a03187e
      Tested-by: syzbot+0532ac7a06fb1a03187e@syzkaller.appspotmail.com
      Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Reviewed-by: default avatarVincent Mailhol <mailhol.vincent@wanadoo.fr>
      Link: https://patch.msgid.link/20240905012237.79683-1-kuniyu@amazon.comSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      94b0818f
    • Willem de Bruijn's avatar
      net: tighten bad gso csum offset check in virtio_net_hdr · 6513eb3d
      Willem de Bruijn authored
      The referenced commit drops bad input, but has false positives.
      Tighten the check to avoid these.
      
      The check detects illegal checksum offload requests, which produce
      csum_start/csum_off beyond end of packet after segmentation.
      
      But it is based on two incorrect assumptions:
      
      1. virtio_net_hdr_to_skb with VIRTIO_NET_HDR_GSO_TCP[46] implies GSO.
      True in callers that inject into the tx path, such as tap.
      But false in callers that inject into rx, like virtio-net.
      Here, the flags indicate GRO, and CHECKSUM_UNNECESSARY or
      CHECKSUM_NONE without VIRTIO_NET_HDR_F_NEEDS_CSUM is normal.
      
      2. TSO requires checksum offload, i.e., ip_summed == CHECKSUM_PARTIAL.
      False, as tcp[46]_gso_segment will fix up csum_start and offset for
      all other ip_summed by calling __tcp_v4_send_check.
      
      Because of 2, we can limit the scope of the fix to virtio_net_hdr
      that do try to set these fields, with a bogus value.
      
      Link: https://lore.kernel.org/netdev/20240909094527.GA3048202@port70.net/
      Fixes: 89add400 ("net: drop bad gso csum_start and offset in virtio_net_hdr")
      Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Cc: stable@vger.kernel.org
      Link: https://patch.msgid.link/20240910213553.839926-1-willemdebruijn.kernel@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      6513eb3d
    • Asbjørn Sloth Tønnesen's avatar
      netlink: specs: mptcp: fix port endianness · 09a45a55
      Asbjørn Sloth Tønnesen authored
      The MPTCP port attribute is in host endianness, but was documented
      as big-endian in the ynl specification.
      
      Below are two examples from net/mptcp/pm_netlink.c showing that the
      attribute is converted to/from host endianness for use with netlink.
      
      Import from netlink:
        addr->port = htons(nla_get_u16(tb[MPTCP_PM_ADDR_ATTR_PORT]))
      
      Export to netlink:
        nla_put_u16(skb, MPTCP_PM_ADDR_ATTR_PORT, ntohs(addr->port))
      
      Where addr->port is defined as __be16.
      
      No functional change intended.
      
      Fixes: bc8aeb20 ("Documentation: netlink: add a YAML spec for mptcp")
      Signed-off-by: default avatarAsbjørn Sloth Tønnesen <ast@fiberby.net>
      Reviewed-by: default avatarDavide Caratti <dcaratti@redhat.com>
      Reviewed-by: default avatarMatthieu Baerts (NGI0) <matttbe@kernel.org>
      Link: https://patch.msgid.link/20240911091003.1112179-1-ast@fiberby.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      09a45a55
  2. 11 Sep, 2024 13 commits
  3. 10 Sep, 2024 9 commits
  4. 09 Sep, 2024 11 commits