1. 27 Oct, 2019 1 commit
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next · 5b7fe93d
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf-next 2019-10-27
      
      The following pull-request contains BPF updates for your *net-next* tree.
      
      We've added 52 non-merge commits during the last 11 day(s) which contain
      a total of 65 files changed, 2604 insertions(+), 1100 deletions(-).
      
      The main changes are:
      
       1) Revolutionize BPF tracing by using in-kernel BTF to type check BPF
          assembly code. The work here teaches BPF verifier to recognize
          kfree_skb()'s first argument as 'struct sk_buff *' in tracepoints
          such that verifier allows direct use of bpf_skb_event_output() helper
          used in tc BPF et al (w/o probing memory access) that dumps skb data
          into perf ring buffer. Also add direct loads to probe memory in order
          to speed up/replace bpf_probe_read() calls, from Alexei Starovoitov.
      
       2) Big batch of changes to improve libbpf and BPF kselftests. Besides
          others: generalization of libbpf's CO-RE relocation support to now
          also include field existence relocations, revamp the BPF kselftest
          Makefile to add test runner concept allowing to exercise various
          ways to build BPF programs, and teach bpf_object__open() and friends
          to automatically derive BPF program type/expected attach type from
          section names to ease their use, from Andrii Nakryiko.
      
       3) Fix deadlock in stackmap's build-id lookup on rq_lock(), from Song Liu.
      
       4) Allow to read BTF as raw data from bpftool. Most notable use case
          is to dump /sys/kernel/btf/vmlinux through this, from Jiri Olsa.
      
       5) Use bpf_redirect_map() helper in libbpf's AF_XDP helper prog which
          manages to improve "rx_drop" performance by ~4%., from Björn Töpel.
      
       6) Fix to restore the flow dissector after reattach BPF test and also
          fix error handling in bpf_helper_defs.h generation, from Jakub Sitnicki.
      
       7) Improve verifier's BTF ctx access for use outside of raw_tp, from
          Martin KaFai Lau.
      
       8) Improve documentation for AF_XDP with new sections and to reflect
          latest features, from Magnus Karlsson.
      
       9) Add back 'version' section parsing to libbpf for old kernels, from
          John Fastabend.
      
      10) Fix strncat bounds error in libbpf's libbpf_prog_type_by_name(),
          from KP Singh.
      
      11) Turn on -mattr=+alu32 in LLVM by default for BPF kselftests in order
          to improve insn coverage for built BPF progs, from Yonghong Song.
      
      12) Misc minor cleanups and fixes, from various others.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5b7fe93d
  2. 26 Oct, 2019 26 commits
    • Roman Mashak's avatar
      tc-testing: list required kernel options for act_ct action · b9512485
      Roman Mashak authored
      Updated config with required kernel options for conntrac TC action,
      so that tdc can run the tests.
      Signed-off-by: default avatarRoman Mashak <mrv@mojatatu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b9512485
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · 4b1f5dda
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter/IPVS updates for net-next
      
      The following patchset contains Netfilter/IPVS updates for net-next,
      more specifically:
      
      * Updates for ipset:
      
      1) Coding style fix for ipset comment extension, from Jeremy Sowden.
      
      2) De-inline many functions in ipset, from Jeremy Sowden.
      
      3) Move ipset function definition from header to source file.
      
      4) Move ip_set_put_flags() to source, export it as a symbol, remove
         inline.
      
      5) Move range_to_mask() to the source file where this is used.
      
      6) Move ip_set_get_ip_port() to the source file where this is used.
      
      * IPVS selftests and netns improvements:
      
      7) Two patches to speedup ipvs netns dismantle, from Haishuang Yan.
      
      8) Three patches to add selftest script for ipvs, also from
         Haishuang Yan.
      
      * Conntrack updates and new nf_hook_slow_list() function:
      
      9) Document ct ecache extension, from Florian Westphal.
      
      10) Skip ct extensions from ctnetlink dump, from Florian.
      
      11) Free ct extension immediately, from Florian.
      
      12) Skip access to ecache extension from nf_ct_deliver_cached_events()
          this is not correct as reported by Syzbot.
      
      13) Add and use nf_hook_slow_list(), from Florian.
      
      * Flowtable infrastructure updates:
      
      14) Move priority to nf_flowtable definition.
      
      15) Dynamic allocation of per-device hooks in flowtables.
      
      16) Allow to include netdevice only once in flowtable definitions.
      
      17) Rise maximum number of devices per flowtable.
      
      * Netfilter hardware offload infrastructure updates:
      
      18) Add nft_flow_block_chain() helper function.
      
      19) Pass callback list to nft_setup_cb_call().
      
      20) Add nft_flow_cls_offload_setup() helper function.
      
      21) Remove rules for the unregistered device via netdevice event.
      
      22) Support for multiple devices in a basechain definition at the
          ingress hook.
      
      22) Add nft_chain_offload_cmd() helper function.
      
      23) Add nft_flow_block_offload_init() helper function.
      
      24) Rewind in case of failing to bind multiple devices to hook.
      
      25) Typo in IPv6 tproxy module description, from Norman Rasmussen.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4b1f5dda
    • David S. Miller's avatar
      Merge branch 'net-aquantia-ptp-followup-fixes' · 64fe8e97
      David S. Miller authored
      Igor Russkikh says:
      
      ====================
      net: aquantia: ptp followup fixes
      
      Here are two sparse warnings, third patch is a fix for
      scaled_ppm_to_ppb missing. Eventually I reworked this
      to exclude ptp module from build. Please consider it instead
      of this patch: https://patchwork.ozlabs.org/patch/1184171/
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      64fe8e97
    • Igor Russkikh's avatar
      net: aquantia: disable ptp object build if no config · 7873ee26
      Igor Russkikh authored
      We do disable aq_ptp module build using inline
      stubs when CONFIG_PTP_1588_CLOCK is not declared.
      
      This reduces module size and removes unnecessary code.
      Reported-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: default avatarIgor Russkikh <igor.russkikh@aquantia.com>
      Acked-by: default avatarRichard Cochran <richardcochran@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7873ee26
    • Igor Russkikh's avatar
      net: aquantia: fix warnings on endianness · 5eeb6c3c
      Igor Russkikh authored
      fixes to remove sparse warnings:
      sparse: sparse: cast to restricted __be64
      
      Fixes: 04a18399 ("net: aquantia: implement data PTP datapath")
      Reported-by: default avatarkbuild test robot <lkp@intel.com>
      Signed-off-by: default avatarIgor Russkikh <igor.russkikh@aquantia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5eeb6c3c
    • Igor Russkikh's avatar
      net: aquantia: fix var initialization warning · bb1eded1
      Igor Russkikh authored
      found by sparse, simply useless local initialization with zero.
      
      Fixes: 94ad9455 ("net: aquantia: add PTP rings infrastructure")
      Reported-by: default avatarkbuild test robot <lkp@intel.com>
      Signed-off-by: default avatarIgor Russkikh <igor.russkikh@aquantia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bb1eded1
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables_offload: unbind if multi-device binding fails · 671312e1
      Pablo Neira Ayuso authored
      nft_flow_block_chain() needs to unbind in case of error when performing
      the multi-device binding.
      
      Fixes: d54725cd ("netfilter: nf_tables: support for multiple devices per netdev hook")
      Reported-by: default avatarwenxu <wenxu@ucloud.cn>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      671312e1
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables_offload: add nft_flow_block_offload_init() · 75ceaf86
      Pablo Neira Ayuso authored
      This patch adds the nft_flow_block_offload_init() helper function to
      initialize the flow_block_offload object.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      75ceaf86
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables_offload: add nft_chain_offload_cmd() · 6df5490f
      Pablo Neira Ayuso authored
      This patch adds the nft_chain_offload_cmd() helper function.
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      6df5490f
    • Florian Westphal's avatar
      netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks · ad88b7a6
      Florian Westphal authored
      syzbot reported following splat:
      BUG: KASAN: use-after-free in __nf_ct_ext_exist
      include/net/netfilter/nf_conntrack_extend.h:53 [inline]
      BUG: KASAN: use-after-free in nf_ct_deliver_cached_events+0x5c3/0x6d0
      net/netfilter/nf_conntrack_ecache.c:205
      nf_conntrack_confirm include/net/netfilter/nf_conntrack_core.h:65 [inline]
      nf_confirm+0x3d8/0x4d0 net/netfilter/nf_conntrack_proto.c:154
      [..]
      
      While there is no reproducer yet, the syzbot report contains one
      interesting bit of information:
      
      Freed by task 27585:
      [..]
       kfree+0x10a/0x2c0 mm/slab.c:3757
       nf_ct_ext_destroy+0x2ab/0x2e0 net/netfilter/nf_conntrack_extend.c:38
       nf_conntrack_free+0x8f/0xe0 net/netfilter/nf_conntrack_core.c:1418
       destroy_conntrack+0x1a2/0x270 net/netfilter/nf_conntrack_core.c:626
       nf_conntrack_put include/linux/netfilter/nf_conntrack_common.h:31 [inline]
       nf_ct_resolve_clash net/netfilter/nf_conntrack_core.c:915 [inline]
       ^^^^^^^^^^^^^^^^^^^
       __nf_conntrack_confirm+0x21ca/0x2830 net/netfilter/nf_conntrack_core.c:1038
       nf_conntrack_confirm include/net/netfilter/nf_conntrack_core.h:63 [inline]
       nf_confirm+0x3e7/0x4d0 net/netfilter/nf_conntrack_proto.c:154
      
      This is whats happening:
      
      1. a conntrack entry is about to be confirmed (added to hash table).
      2. a clash with existing entry is detected.
      3. nf_ct_resolve_clash() puts skb->nfct (the "losing" entry).
      4. this entry now has a refcount of 0 and is freed to SLAB_TYPESAFE_BY_RCU
         kmem cache.
      
      skb->nfct has been replaced by the one found in the hash.
      Problem is that nf_conntrack_confirm() uses the old ct:
      
      static inline int nf_conntrack_confirm(struct sk_buff *skb)
      {
       struct nf_conn *ct = (struct nf_conn *)skb_nfct(skb);
       int ret = NF_ACCEPT;
      
        if (ct) {
          if (!nf_ct_is_confirmed(ct))
             ret = __nf_conntrack_confirm(skb);
          if (likely(ret == NF_ACCEPT))
      	nf_ct_deliver_cached_events(ct); /* This ct has refcount 0! */
        }
        return ret;
      }
      
      As of "netfilter: conntrack: free extension area immediately", we can't
      access conntrack extensions in this case.
      
      To fix this, make sure we check the dying bit presence before attempting
      to get the eache extension.
      
      Reported-by: syzbot+c7aabc9fe93e7f3637ba@syzkaller.appspotmail.com
      Fixes: 2ad9d774 ("netfilter: conntrack: free extension area immediately")
      Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      ad88b7a6
    • David S. Miller's avatar
      Merge branch 'ionic-updates' · 0629d245
      David S. Miller authored
      Shannon Nelson says:
      
      ====================
      ionic updates
      
      These are a few of the driver updates we've been working on internally.
      These clean up a few mismatched struct comments, add checking for dead
      firmware, fix an initialization bug, and change the Rx buffer management.
      
      These are based on net-next v5.4-rc3-709-g985fd98a.
      
      v2: clear napi->skb in the error case in ionic_rx_frags()
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0629d245
    • Shannon Nelson's avatar
      ionic: update driver version · 63ad1cd6
      Shannon Nelson authored
      Signed-off-by: default avatarShannon Nelson <snelson@pensando.io>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      63ad1cd6
    • Shannon Nelson's avatar
      ionic: implement support for rx sgl · 08f2e4b2
      Shannon Nelson authored
      Even out Rx performance across MTU sizes by changing from full
      skb allocations to page-based frag allocations.  The device
      supports a form of scatter-gather in the Rx path, so we can
      set up a number of pages for each descriptor, all of which are
      easier to alloc and pass around than the standard kzalloc'd
      buffer.  An skb is wrapped around the pages while processing
      the received packets, and pages are recycled as needed, or
      left alone if they weren't used in the Rx.
      Signed-off-by: default avatarShannon Nelson <snelson@pensando.io>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      08f2e4b2
    • Shannon Nelson's avatar
      ionic: add a watchdog timer to monitor heartbeat · 089406bc
      Shannon Nelson authored
      Add a watchdog to periodically monitor the NIC heartbeat.
      Signed-off-by: default avatarShannon Nelson <snelson@pensando.io>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      089406bc
    • Shannon Nelson's avatar
      ionic: add heartbeat check · 97ca4865
      Shannon Nelson authored
      Most of our firmware has a heartbeat feature that the driver
      can watch for to see if the FW is still alive and likely to
      answer a dev_cmd or AdminQ request.
      Signed-off-by: default avatarShannon Nelson <snelson@pensando.io>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      97ca4865
    • Shannon Nelson's avatar
      ionic: reverse an interrupt coalesce calculation · ff7ebed9
      Shannon Nelson authored
      Fix the initial interrupt coalesce usec-to-hw setting
      to actually be usec-to-hw.
      
      Fixes: 780eded3 ("ionic: report users coalesce request")
      Signed-off-by: default avatarShannon Nelson <snelson@pensando.io>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ff7ebed9
    • Shannon Nelson's avatar
      ionic: fix up struct name comments · 5c28f213
      Shannon Nelson authored
      Fix up struct names in the ionic_if.h comments
      Signed-off-by: default avatarShannon Nelson <snelson@pensando.io>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5c28f213
    • Heiner Kallweit's avatar
      r8169: improve rtl8169_rx_fill · e4b5c7a5
      Heiner Kallweit authored
      We have only one user of the error path, so we can inline it.
      In addition the call to rtl8169_make_unusable_by_asic() can be removed
      because rtl8169_alloc_rx_data() didn't call rtl8169_mark_to_asic() yet
      for the respective index if returning NULL.
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e4b5c7a5
    • Heiner Kallweit's avatar
      r8169: align fix_features callback with vendor driver · 7cb83b21
      Heiner Kallweit authored
      This patch aligns the fix_features callback with the vendor driver and
      also disables IPv6 HW checksumming and TSO if jumbo packets are used
      on RTL8101/RTL8168/RTL8125.
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7cb83b21
    • David S. Miller's avatar
      Merge branch 'for-upstream' of... · 8ca12bc3
      David S. Miller authored
      Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next
      
      Johan Hedberg says:
      
      ====================
      pull request: bluetooth-next 2019-10-23
      
      Here's the main bluetooth-next pull request for the 5.5 kernel:
      
       - Multiple fixes to hci_qca driver
       - Fix for HCI_USER_CHANNEL initialization
       - btwlink: drop superseded driver
       - Add support for Intel FW download error recovery
       - Various other smaller fixes & improvements
      
      Please let me know if there are any issues pulling. Thanks.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8ca12bc3
    • Jason Baron's avatar
      tcp: add TCP_INFO status for failed client TFO · 48027478
      Jason Baron authored
      The TCPI_OPT_SYN_DATA bit as part of tcpi_options currently reports whether
      or not data-in-SYN was ack'd on both the client and server side. We'd like
      to gather more information on the client-side in the failure case in order
      to indicate the reason for the failure. This can be useful for not only
      debugging TFO, but also for creating TFO socket policies. For example, if
      a middle box removes the TFO option or drops a data-in-SYN, we can
      can detect this case, and turn off TFO for these connections saving the
      extra retransmits.
      
      The newly added tcpi_fastopen_client_fail status is 2 bits and has the
      following 4 states:
      
      1) TFO_STATUS_UNSPEC
      
      Catch-all state which includes when TFO is disabled via black hole
      detection, which is indicated via LINUX_MIB_TCPFASTOPENBLACKHOLE.
      
      2) TFO_COOKIE_UNAVAILABLE
      
      If TFO_CLIENT_NO_COOKIE mode is off, this state indicates that no cookie
      is available in the cache.
      
      3) TFO_DATA_NOT_ACKED
      
      Data was sent with SYN, we received a SYN/ACK but it did not cover the data
      portion. Cookie is not accepted by server because the cookie may be invalid
      or the server may be overloaded.
      
      4) TFO_SYN_RETRANSMITTED
      
      Data was sent with SYN, we received a SYN/ACK which did not cover the data
      after at least 1 additional SYN was sent (without data). It may be the case
      that a middle-box is dropping data-in-SYN packets. Thus, it would be more
      efficient to not use TFO on this connection to avoid extra retransmits
      during connection establishment.
      
      These new fields do not cover all the cases where TFO may fail, but other
      failures, such as SYN/ACK + data being dropped, will result in the
      connection not becoming established. And a connection blackhole after
      session establishment shows up as a stalled connection.
      Signed-off-by: default avatarJason Baron <jbaron@akamai.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Neal Cardwell <ncardwell@google.com>
      Cc: Christoph Paasch <cpaasch@apple.com>
      Cc: Yuchung Cheng <ycheng@google.com>
      Acked-by: default avatarYuchung Cheng <ycheng@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      48027478
    • David S. Miller's avatar
      Merge branch 'phy-dp83867-enable-robust-auto-mdix' · 79f2056b
      David S. Miller authored
      Grygorii Strashko says:
      
      ====================
      net: phy: dp83867: enable robust auto-mdix
      
      Patch 1 - improves link detection when dp83867 PHY is configured in manual mode
      by enabling CFG3[9] Robust Auto-MDIX option.
      
      Patch 2 - is minor optimization.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      79f2056b
    • Grygorii Strashko's avatar
      net: phy: dp83867: move dt parsing to probe · ef87f7da
      Grygorii Strashko authored
      Move DT parsing code to probe dp83867_probe() as it's one time operation.
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ef87f7da
    • Grygorii Strashko's avatar
      net: phy: dp83867: enable robust auto-mdix · 5a7f08c2
      Grygorii Strashko authored
      The link detection timeouts can be observed (or link might not be detected
      at all) when dp83867 PHY is configured in manual mode (speed/duplex).
      
      CFG3[9] Robust Auto-MDIX option allows to significantly improve link detection
      in case dp83867 is configured in manual mode and reduce link detection
      time.
      As per DM: "If link partners are configured to operational modes that are
      not supported by normal Auto MDI/MDIX mode (like Auto-Neg versus Force
      100Base-TX or Force 100Base-TX versus Force 100Base-TX), this Robust Auto
      MDI/MDIX mode allows MDI/MDIX resolution and prevents deadlock."
      
      Hence, enable this option by default as there are no known reasons
      not to do so.
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5a7f08c2
    • Vincent Prince's avatar
      net: sch_generic: Use pfifo_fast as fallback scheduler for CAN hardware · 546b85bb
      Vincent Prince authored
      There is networking hardware that isn't based on Ethernet for layers 1 and 2.
      
      For example CAN.
      
      CAN is a multi-master serial bus standard for connecting Electronic Control
      Units [ECUs] also known as nodes. A frame on the CAN bus carries up to 8 bytes
      of payload. Frame corruption is detected by a CRC. However frame loss due to
      corruption is possible, but a quite unusual phenomenon.
      
      While fq_codel works great for TCP/IP, it doesn't for CAN. There are a lot of
      legacy protocols on top of CAN, which are not build with flow control or high
      CAN frame drop rates in mind.
      
      When using fq_codel, as soon as the queue reaches a certain delay based length,
      skbs from the head of the queue are silently dropped. Silently meaning that the
      user space using a send() or similar syscall doesn't get an error. However
      TCP's flow control algorithm will detect dropped packages and adjust the
      bandwidth accordingly.
      
      When using fq_codel and sending raw frames over CAN, which is the common use
      case, the user space thinks the package has been sent without problems, because
      send() returned without an error. pfifo_fast will drop skbs, if the queue
      length exceeds the maximum. But with this scheduler the skbs at the tail are
      dropped, an error (-ENOBUFS) is propagated to user space. So that the user
      space can slow down the package generation.
      
      On distributions, where fq_codel is made default via CONFIG_DEFAULT_NET_SCH
      during compile time, or set default during runtime with sysctl
      net.core.default_qdisc (see [1]), we get a bad user experience. In my test case
      with pfifo_fast, I can transfer thousands of million CAN frames without a frame
      drop. On the other hand with fq_codel there is more then one lost CAN frame per
      thousand frames.
      
      As pointed out fq_codel is not suited for CAN hardware, so this patch changes
      attach_one_default_qdisc() to use pfifo_fast for "ARPHRD_CAN" network devices.
      
      During transition of a netdev from down to up state the default queuing
      discipline is attached by attach_default_qdiscs() with the help of
      attach_one_default_qdisc(). This patch modifies attach_one_default_qdisc() to
      attach the pfifo_fast (pfifo_fast_ops) if the network device type is
      "ARPHRD_CAN".
      
      [1] https://github.com/systemd/systemd/issues/9194Suggested-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      Signed-off-by: default avatarVincent Prince <vincent.prince.fr@gmail.com>
      Acked-by: default avatarDave Taht <dave.taht@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      546b85bb
    • Hayes Wang's avatar
      r8152: check the pointer rtl_fw->fw before using it · 8e484ebb
      Hayes Wang authored
      Fix the pointer rtl_fw->fw would be used before checking in
      rtl8152_apply_firmware() that causes the following kernel oops.
      
      Unable to handle kernel NULL pointer dereference at virtual address 00000002
      pgd = (ptrval)
      [00000002] *pgd=00000000
      Internal error: Oops: 5 [#1] PREEMPT SMP ARM
      Modules linked in:
      CPU: 0 PID: 131 Comm: kworker/0:2 Not tainted
      5.4.0-rc1-00539-g9370f2d0 #6788
      Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
      Workqueue: events_long rtl_hw_phy_work_func_t
      PC is at rtl8152_apply_firmware+0x14/0x464
      LR is at r8153_hw_phy_cfg+0x24/0x17c
      pc : [<c064f4e4>]    lr : [<c064fa18>]    psr: a0000013
      sp : e75c9e60  ip : 60000013  fp : c11b7614
      r10: e883b91c  r9 : 00000000  r8 : fffffffe
      r7 : e883b640  r6 : fffffffe  r5 : fffffffe  r4 : e883b640
      r3 : 736cfe7c  r2 : 736cfe7c  r1 : 000052f8  r0 : e883b640
      Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
      Control: 10c5387d  Table: 6640006a  DAC: 00000051
      Process kworker/0:2 (pid: 131, stack limit = 0x(ptrval))
      Stack: (0xe75c9e60 to 0xe75ca000)
      ...
      [<c064f4e4>] (rtl8152_apply_firmware) from [<c064fa18>]
      (r8153_hw_phy_cfg+0x24/0x17c)
      [<c064fa18>] (r8153_hw_phy_cfg) from [<c064e784>]
      (rtl_hw_phy_work_func_t+0x220/0x3e4)
      [<c064e784>] (rtl_hw_phy_work_func_t) from [<c0148a74>]
      (process_one_work+0x22c/0x7c8)
      [<c0148a74>] (process_one_work) from [<c0149054>] (worker_thread+0x44/0x520)
      [<c0149054>] (worker_thread) from [<c0150548>] (kthread+0x130/0x164)
      [<c0150548>] (kthread) from [<c01010b4>] (ret_from_fork+0x14/0x20)
      Exception stack(0xe75c9fb0 to 0xe75c9ff8)
      ...
      
      Fixes: 9370f2d0 ("r8152: support request_firmware for RTL8153")
      Reported-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Tested-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Signed-off-by: default avatarHayes Wang <hayeswang@realtek.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8e484ebb
  3. 25 Oct, 2019 3 commits
  4. 24 Oct, 2019 10 commits