1. 18 Sep, 2023 2 commits
    • Eric Dumazet's avatar
      dccp: fix dccp_v4_err()/dccp_v6_err() again · 6af28974
      Eric Dumazet authored
      dh->dccph_x is the 9th byte (offset 8) in "struct dccp_hdr",
      not in the "byte 7" as Jann claimed.
      
      We need to make sure the ICMP messages are big enough,
      using more standard ways (no more assumptions).
      
      syzbot reported:
      BUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2667 [inline]
      BUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2681 [inline]
      BUG: KMSAN: uninit-value in dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94
      pskb_may_pull_reason include/linux/skbuff.h:2667 [inline]
      pskb_may_pull include/linux/skbuff.h:2681 [inline]
      dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94
      icmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867
      icmpv6_rcv+0x19d5/0x30d0
      ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438
      ip6_input_finish net/ipv6/ip6_input.c:483 [inline]
      NF_HOOK include/linux/netfilter.h:304 [inline]
      ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492
      ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586
      dst_input include/net/dst.h:468 [inline]
      ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79
      NF_HOOK include/linux/netfilter.h:304 [inline]
      ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310
      __netif_receive_skb_one_core net/core/dev.c:5523 [inline]
      __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637
      netif_receive_skb_internal net/core/dev.c:5723 [inline]
      netif_receive_skb+0x58/0x660 net/core/dev.c:5782
      tun_rx_batched+0x83b/0x920
      tun_get_user+0x564c/0x6940 drivers/net/tun.c:2002
      tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
      call_write_iter include/linux/fs.h:1985 [inline]
      new_sync_write fs/read_write.c:491 [inline]
      vfs_write+0x8ef/0x15c0 fs/read_write.c:584
      ksys_write+0x20f/0x4c0 fs/read_write.c:637
      __do_sys_write fs/read_write.c:649 [inline]
      __se_sys_write fs/read_write.c:646 [inline]
      __x64_sys_write+0x93/0xd0 fs/read_write.c:646
      do_syscall_x64 arch/x86/entry/common.c:50 [inline]
      do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
      entry_SYSCALL_64_after_hwframe+0x63/0xcd
      
      Uninit was created at:
      slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767
      slab_alloc_node mm/slub.c:3478 [inline]
      kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523
      kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559
      __alloc_skb+0x318/0x740 net/core/skbuff.c:650
      alloc_skb include/linux/skbuff.h:1286 [inline]
      alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313
      sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2795
      tun_alloc_skb drivers/net/tun.c:1531 [inline]
      tun_get_user+0x23cf/0x6940 drivers/net/tun.c:1846
      tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
      call_write_iter include/linux/fs.h:1985 [inline]
      new_sync_write fs/read_write.c:491 [inline]
      vfs_write+0x8ef/0x15c0 fs/read_write.c:584
      ksys_write+0x20f/0x4c0 fs/read_write.c:637
      __do_sys_write fs/read_write.c:649 [inline]
      __se_sys_write fs/read_write.c:646 [inline]
      __x64_sys_write+0x93/0xd0 fs/read_write.c:646
      do_syscall_x64 arch/x86/entry/common.c:50 [inline]
      do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
      entry_SYSCALL_64_after_hwframe+0x63/0xcd
      
      CPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0 #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
      
      Fixes: 977ad86c ("dccp: Fix out of bounds access in DCCP error handler")
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Jann Horn <jannh@google.com>
      Reviewed-by: default avatarJann Horn <jannh@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6af28974
    • Johnathan Mantey's avatar
      ncsi: Propagate carrier gain/loss events to the NCSI controller · 3780bb29
      Johnathan Mantey authored
      Report the carrier/no-carrier state for the network interface
      shared between the BMC and the passthrough channel. Without this
      functionality the BMC is unable to reconfigure the NIC in the event
      of a re-cabling to a different subnet.
      Signed-off-by: default avatarJohnathan Mantey <johnathanx.mantey@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3780bb29
  2. 17 Sep, 2023 3 commits
  3. 16 Sep, 2023 4 commits
  4. 15 Sep, 2023 21 commits
    • Nick Desaulniers's avatar
      bpf: Fix BTF_ID symbol generation collision in tools/ · c0bb9fb0
      Nick Desaulniers authored
      Marcus and Satya reported an issue where BTF_ID macro generates same
      symbol in separate objects and that breaks final vmlinux link.
      
        ld.lld: error: ld-temp.o <inline asm>:14577:1: symbol
        '__BTF_ID__struct__cgroup__624' is already defined
      
      This can be triggered under specific configs when __COUNTER__ happens to
      be the same for the same symbol in two different translation units,
      which is already quite unlikely to happen.
      
      Add __LINE__ number suffix to make BTF_ID symbol more unique, which is
      not a complete fix, but it would help for now and meanwhile we can work
      on better solution as suggested by Andrii.
      
      Cc: stable@vger.kernel.org
      Reported-by: default avatarSatya Durga Srinivasu Prabhala <quic_satyap@quicinc.com>
      Reported-by: default avatarMarcus Seyfarth <m.seyfarth@gmail.com>
      Closes: https://github.com/ClangBuiltLinux/linux/issues/1913Debugged-by: default avatarNathan Chancellor <nathan@kernel.org>
      Co-developed-by: default avatarJiri Olsa <jolsa@kernel.org>
      Link: https://lore.kernel.org/bpf/CAEf4Bzb5KQ2_LmhN769ifMeSJaWfebccUasQOfQKaOd0nQ51tw@mail.gmail.com/Signed-off-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Link: https://lore.kernel.org/r/20230915-bpf_collision-v3-2-263fc519c21f@google.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      c0bb9fb0
    • Jiri Olsa's avatar
      bpf: Fix BTF_ID symbol generation collision · 8f908db7
      Jiri Olsa authored
      Marcus and Satya reported an issue where BTF_ID macro generates same
      symbol in separate objects and that breaks final vmlinux link.
      
      ld.lld: error: ld-temp.o <inline asm>:14577:1: symbol
      '__BTF_ID__struct__cgroup__624' is already defined
      
      This can be triggered under specific configs when __COUNTER__ happens to
      be the same for the same symbol in two different translation units,
      which is already quite unlikely to happen.
      
      Add __LINE__ number suffix to make BTF_ID symbol more unique, which is
      not a complete fix, but it would help for now and meanwhile we can work
      on better solution as suggested by Andrii.
      
      Cc: stable@vger.kernel.org
      Reported-by: default avatarSatya Durga Srinivasu Prabhala <quic_satyap@quicinc.com>
      Reported-by: default avatarMarcus Seyfarth <m.seyfarth@gmail.com>
      Closes: https://github.com/ClangBuiltLinux/linux/issues/1913Debugged-by: default avatarNathan Chancellor <nathan@kernel.org>
      Link: https://lore.kernel.org/bpf/CAEf4Bzb5KQ2_LmhN769ifMeSJaWfebccUasQOfQKaOd0nQ51tw@mail.gmail.com/Signed-off-by: default avatarJiri Olsa <jolsa@kernel.org>
      Signed-off-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Reviewed-by: default avatarNathan Chancellor <nathan@kernel.org>
      Link: https://lore.kernel.org/r/20230915-bpf_collision-v3-1-263fc519c21f@google.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      8f908db7
    • Jiri Olsa's avatar
      bpf: Fix uprobe_multi get_pid_task error path · 57eb5e1c
      Jiri Olsa authored
      Dan reported Smatch static checker warning due to missing error
      value set in uprobe multi link's get_pid_task error path.
      Reported-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
      Closes: https://lore.kernel.org/bpf/c5ffa7c0-6b06-40d5-aca2-63833b5cd9af@moroto.mountain/Signed-off-by: default avatarJiri Olsa <jolsa@kernel.org>
      Reviewed-by: default avatarSong Liu <song@kernel.org>
      Link: https://lore.kernel.org/r/20230915101420.1193800-1-jolsa@kernel.orgSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      57eb5e1c
    • Hou Tao's avatar
      bpf: Skip unit_size checking for global per-cpu allocator · dca7acd8
      Hou Tao authored
      For global per-cpu allocator, the size of free object in free list
      doesn't match with unit_size and now there is no way to get the size of
      per-cpu pointer saved in free object, so just skip the checking.
      Reported-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Closes: https://lore.kernel.org/bpf/20230913133436.0eeec4cb@canb.auug.org.au/Signed-off-by: default avatarHou Tao <houtao1@huawei.com>
      Tested-by: default avatarBiju Das <biju.das.jz@bp.renesas.com>
      Link: https://lore.kernel.org/r/20230913135943.3137292-1-houtao@huaweicloud.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      dca7acd8
    • Ilya Leoshkevich's avatar
      netfilter, bpf: Adjust timeouts of non-confirmed CTs in bpf_ct_insert_entry() · 837723b2
      Ilya Leoshkevich authored
      bpf_nf testcase fails on s390x: bpf_skb_ct_lookup() cannot find the entry
      that was added by bpf_ct_insert_entry() within the same BPF function.
      
      The reason is that this entry is deleted by nf_ct_gc_expired().
      
      The CT timeout starts ticking after the CT confirmation; therefore
      nf_conn.timeout is initially set to the timeout value, and
      __nf_conntrack_confirm() sets it to the deadline value.
      
      bpf_ct_insert_entry() sets IPS_CONFIRMED_BIT, but does not adjust the
      timeout, making its value meaningless and causing false positives.
      
      Fix the problem by making bpf_ct_insert_entry() adjust the timeout,
      like __nf_conntrack_confirm().
      
      Fixes: 2cdaa3ee ("netfilter: conntrack: restore IPS_CONFIRMED out of nf_conntrack_hash_check_insert()")
      Signed-off-by: default avatarIlya Leoshkevich <iii@linux.ibm.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Cc: Florian Westphal <fw@strlen.de>
      Link: https://lore.kernel.org/bpf/20230830011128.1415752-3-iii@linux.ibm.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      837723b2
    • Ivan Vecera's avatar
      i40e: Fix VF VLAN offloading when port VLAN is configured · d0d362ff
      Ivan Vecera authored
      If port VLAN is configured on a VF then any other VLANs on top of this VF
      are broken.
      
      During i40e_ndo_set_vf_port_vlan() call the i40e driver reset the VF and
      iavf driver asks PF (using VIRTCHNL_OP_GET_VF_RESOURCES) for VF capabilities
      but this reset occurs too early, prior setting of vf->info.pvid field
      and because this field can be zero during i40e_vc_get_vf_resources_msg()
      then VIRTCHNL_VF_OFFLOAD_VLAN capability is reported to iavf driver.
      
      This is wrong because iavf driver should not report VLAN offloading
      capability when port VLAN is configured as i40e does not support QinQ
      offloading.
      
      Fix the issue by moving VF reset after setting of vf->port_vlan_id
      field.
      
      Without this patch:
      $ echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs
      $ ip link set enp2s0f0 vf 0 vlan 3
      $ ip link set enp2s0f0v0 up
      $ ip link add link enp2s0f0v0 name vlan4 type vlan id 4
      $ ip link set vlan4 up
      ...
      $ ethtool -k enp2s0f0v0 | grep vlan-offload
      rx-vlan-offload: on
      tx-vlan-offload: on
      $ dmesg -l err | grep iavf
      [1292500b.742914] iavf 0000:02:02.0: Failed to add VLAN filter, error IAVF_ERR_INVALID_QP_ID
      
      With this patch:
      $ echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs
      $ ip link set enp2s0f0 vf 0 vlan 3
      $ ip link set enp2s0f0v0 up
      $ ip link add link enp2s0f0v0 name vlan4 type vlan id 4
      $ ip link set vlan4 up
      ...
      $ ethtool -k enp2s0f0v0 | grep vlan-offload
      rx-vlan-offload: off [requested on]
      tx-vlan-offload: off [requested on]
      $ dmesg -l err | grep iavf
      
      Fixes: f9b4b627 ("i40e: Reset the VF upon conflicting VLAN configuration")
      Signed-off-by: default avatarIvan Vecera <ivecera@redhat.com>
      Reviewed-by: default avatarJesse Brandeburg <jesse.brandeburg@intel.com>
      Tested-by: default avatarRafal Romanowski <rafal.romanowski@intel.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      d0d362ff
    • Petr Oros's avatar
      iavf: schedule a request immediately after add/delete vlan · 5f3d319a
      Petr Oros authored
      When the iavf driver wants to reconfigure the VLAN filters
      (iavf_add_vlan, iavf_del_vlan), it sets a flag in
      aq_required:
        adapter->aq_required |= IAVF_FLAG_AQ_ADD_VLAN_FILTER;
      or:
        adapter->aq_required |= IAVF_FLAG_AQ_DEL_VLAN_FILTER;
      
      This is later processed by the watchdog_task, but it runs periodically
      every 2 seconds, so it can be a long time before it processes the request.
      
      In the worst case, the interface is unable to receive traffic for more
      than 2 seconds for no objective reason.
      
      Fixes: 5eae00c5 ("i40evf: main driver core")
      Signed-off-by: default avatarPetr Oros <poros@redhat.com>
      Co-developed-by: default avatarMichal Schmidt <mschmidt@redhat.com>
      Signed-off-by: default avatarMichal Schmidt <mschmidt@redhat.com>
      Co-developed-by: default avatarIvan Vecera <ivecera@redhat.com>
      Signed-off-by: default avatarIvan Vecera <ivecera@redhat.com>
      Reviewed-by: default avatarAhmed Zaki <ahmed.zaki@intel.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Tested-by: default avatarRafal Romanowski <rafal.romanowski@intel.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      5f3d319a
    • Petr Oros's avatar
      iavf: add iavf_schedule_aq_request() helper · ed4cad33
      Petr Oros authored
      Add helper for set iavf aq request AVF_FLAG_AQ_* and immediately
      schedule watchdog_task. Helper will be used in cases where it is
      necessary to run aq requests asap
      Signed-off-by: default avatarPetr Oros <poros@redhat.com>
      Co-developed-by: default avatarMichal Schmidt <mschmidt@redhat.com>
      Signed-off-by: default avatarMichal Schmidt <mschmidt@redhat.com>
      Co-developed-by: default avatarIvan Vecera <ivecera@redhat.com>
      Signed-off-by: default avatarIvan Vecera <ivecera@redhat.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Tested-by: default avatarRafal Romanowski <rafal.romanowski@intel.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      ed4cad33
    • Radoslaw Tyl's avatar
      iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set · c8de44b5
      Radoslaw Tyl authored
      Prevent schedule operations for adminq during device remove and when
      __IAVF_IN_REMOVE_TASK flag is set. Currently, the iavf_down function
      adds operations for adminq that shouldn't be processed when the device
      is in the __IAVF_REMOVE state.
      
      Reproduction:
      
      echo 4 > /sys/bus/pci/devices/0000:17:00.0/sriov_numvfs
      ip link set dev ens1f0 vf 0 trust on
      ip link set dev ens1f0 vf 1 trust on
      ip link set dev ens1f0 vf 2 trust on
      ip link set dev ens1f0 vf 3 trust on
      
      ip link set dev ens1f0 vf 0 mac 00:22:33:44:55:66
      ip link set dev ens1f0 vf 1 mac 00:22:33:44:55:67
      ip link set dev ens1f0 vf 2 mac 00:22:33:44:55:68
      ip link set dev ens1f0 vf 3 mac 00:22:33:44:55:69
      
      echo 0000:17:02.0 > /sys/bus/pci/devices/0000\:17\:02.0/driver/unbind
      echo 0000:17:02.1 > /sys/bus/pci/devices/0000\:17\:02.1/driver/unbind
      echo 0000:17:02.2 > /sys/bus/pci/devices/0000\:17\:02.2/driver/unbind
      echo 0000:17:02.3 > /sys/bus/pci/devices/0000\:17\:02.3/driver/unbind
      sleep 10
      echo 0000:17:02.0 > /sys/bus/pci/drivers/iavf/bind
      echo 0000:17:02.1 > /sys/bus/pci/drivers/iavf/bind
      echo 0000:17:02.2 > /sys/bus/pci/drivers/iavf/bind
      echo 0000:17:02.3 > /sys/bus/pci/drivers/iavf/bind
      
      modprobe vfio-pci
      echo 8086 154c > /sys/bus/pci/drivers/vfio-pci/new_id
      
      qemu-system-x86_64 -accel kvm -m 4096 -cpu host \
      -drive file=centos9.qcow2,if=none,id=virtio-disk0 \
      -device virtio-blk-pci,drive=virtio-disk0,bootindex=0 -smp 4 \
      -device vfio-pci,host=17:02.0 -net none \
      -device vfio-pci,host=17:02.1 -net none \
      -device vfio-pci,host=17:02.2 -net none \
      -device vfio-pci,host=17:02.3 -net none \
      -daemonize -vnc :5
      
      Current result:
      There is a probability that the mac of VF in guest is inconsistent with
      it in host
      
      Expected result:
      When passthrough NIC VF to guest, the VF in guest should always get
      the same mac as it in host.
      
      Fixes: 14756b2a ("iavf: Fix __IAVF_RESETTING state usage")
      Signed-off-by: default avatarRadoslaw Tyl <radoslawx.tyl@intel.com>
      Tested-by: default avatarRafal Romanowski <rafal.romanowski@intel.com>
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      c8de44b5
    • David S. Miller's avatar
      Merge tag 'nf-23-09-13' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf · 615efed8
      David S. Miller authored
      netfilter pull request 23-09-13
      
      ====================
      
      The following patchset contains Netfilter fixes for net:
      
      1) Do not permit to remove rules from chain binding, otherwise
         double rule release is possible, triggering UaF. This rule
         deletion support does not make sense and userspace does not use
         this. Problem exists since the introduction of chain binding support.
      
      2) rbtree GC worker only collects the elements that have expired.
         This operation is not destructive, therefore, turn write into
         read spinlock to avoid datapath contention due to GC worker run.
         This was not fixed in the recent GC fix batch in the 6.5 cycle.
      
      3) pipapo set backend performs sync GC, therefore, catchall elements
         must use sync GC queue variant. This bug was introduced in the
         6.5 cycle with the recent GC fixes.
      
      4) Stop GC run if memory allocation fails in pipapo set backend,
         otherwise access to NULL pointer to GC transaction object might
         occur. This bug was introduced in the 6.5 cycle with the recent
         GC fixes.
      
      5) rhash GC run uses an iterator that might hit EAGAIN to rewind,
         triggering double-collection of the same element. This bug was
         introduced in the 6.5 cycle with the recent GC fixes.
      
      6) Do not permit to remove elements in anonymous sets, this type of
         sets are populated once and then bound to rules. This fix is
         similar to the chain binding patch coming first in this batch.
         API permits since the very beginning but it has no use case from
         userspace.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      615efed8
    • Shinas Rasheed's avatar
      octeon_ep: fix tx dma unmap len values in SG · 350db8a5
      Shinas Rasheed authored
      Lengths of SG pointers are kept in the following order in
      the SG entries in hardware.
       63      48|47     32|31     16|15       0
       -----------------------------------------
       |  Len 0  |  Len 1  |  Len 2  |  Len 3  |
       -----------------------------------------
       |                Ptr 0                  |
       -----------------------------------------
       |                Ptr 1                  |
       -----------------------------------------
       |                Ptr 2                  |
       -----------------------------------------
       |                Ptr 3                  |
       -----------------------------------------
      Dma pointers have to be unmapped based on their
      respective lengths given in this format.
      
      Fixes: 37d79d05 ("octeon_ep: add Tx/Rx processing and interrupt support")
      Signed-off-by: default avatarShinas Rasheed <srasheed@marvell.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      350db8a5
    • Mika Westerberg's avatar
      net: thunderbolt: Fix TCPv6 GSO checksum calculation · e0b65f9b
      Mika Westerberg authored
      Alex reported that running ssh over IPv6 does not work with
      Thunderbolt/USB4 networking driver. The reason for that is that driver
      should call skb_is_gso() before calling skb_is_gso_v6(), and it should
      not return false after calculates the checksum successfully. This probably
      was a copy paste error from the original driver where it was done properly.
      Reported-by: default avatarAlex Balcanquall <alex@alexbal.com>
      Fixes: e69b6c02 ("net: Add support for networking over Thunderbolt cable")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMika Westerberg <mika.westerberg@linux.intel.com>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e0b65f9b
    • Sasha Neftin's avatar
      net/core: Fix ETH_P_1588 flow dissector · 75ad80ed
      Sasha Neftin authored
      When a PTP ethernet raw frame with a size of more than 256 bytes followed
      by a 0xff pattern is sent to __skb_flow_dissect, nhoff value calculation
      is wrong. For example: hdr->message_length takes the wrong value (0xffff)
      and it does not replicate real header length. In this case, 'nhoff' value
      was overridden and the PTP header was badly dissected. This leads to a
      kernel crash.
      
      net/core: flow_dissector
      net/core flow dissector nhoff = 0x0000000e
      net/core flow dissector hdr->message_length = 0x0000ffff
      net/core flow dissector nhoff = 0x0001000d (u16 overflow)
      ...
      skb linear:   00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88
      skb frag:     00000000: f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      
      Using the size of the ptp_header struct will allow the corrected
      calculation of the nhoff value.
      
      net/core flow dissector nhoff = 0x0000000e
      net/core flow dissector nhoff = 0x00000030 (sizeof ptp_header)
      ...
      skb linear:   00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88 f7 ff ff
      skb linear:   00000010: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      skb linear:   00000020: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      skb frag:     00000000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      
      Kernel trace:
      [   74.984279] ------------[ cut here ]------------
      [   74.989471] kernel BUG at include/linux/skbuff.h:2440!
      [   74.995237] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
      [   75.001098] CPU: 4 PID: 0 Comm: swapper/4 Tainted: G     U            5.15.85-intel-ese-standard-lts #1
      [   75.011629] Hardware name: Intel Corporation A-Island (CPU:AlderLake)/A-Island (ID:06), BIOS SB_ADLP.01.01.00.01.03.008.D-6A9D9E73-dirty Mar 30 2023
      [   75.026507] RIP: 0010:eth_type_trans+0xd0/0x130
      [   75.031594] Code: 03 88 47 78 eb c7 8b 47 68 2b 47 6c 48 8b 97 c0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb ab <0f> 0b b8 00 01 00 00 eb a2 48 85 ff 74 eb 48 8d 54 24 06 31 f6 b9
      [   75.052612] RSP: 0018:ffff9948c0228de0 EFLAGS: 00010297
      [   75.058473] RAX: 00000000000003f2 RBX: ffff8e47047dc300 RCX: 0000000000001003
      [   75.066462] RDX: ffff8e4e8c9ea040 RSI: ffff8e4704e0a000 RDI: ffff8e47047dc300
      [   75.074458] RBP: ffff8e4704e2acc0 R08: 00000000000003f3 R09: 0000000000000800
      [   75.082466] R10: 000000000000000d R11: ffff9948c0228dec R12: ffff8e4715e4e010
      [   75.090461] R13: ffff9948c0545018 R14: 0000000000000001 R15: 0000000000000800
      [   75.098464] FS:  0000000000000000(0000) GS:ffff8e4e8fb00000(0000) knlGS:0000000000000000
      [   75.107530] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   75.113982] CR2: 00007f5eb35934a0 CR3: 0000000150e0a002 CR4: 0000000000770ee0
      [   75.121980] PKRU: 55555554
      [   75.125035] Call Trace:
      [   75.127792]  <IRQ>
      [   75.130063]  ? eth_get_headlen+0xa4/0xc0
      [   75.134472]  igc_process_skb_fields+0xcd/0x150
      [   75.139461]  igc_poll+0xc80/0x17b0
      [   75.143272]  __napi_poll+0x27/0x170
      [   75.147192]  net_rx_action+0x234/0x280
      [   75.151409]  __do_softirq+0xef/0x2f4
      [   75.155424]  irq_exit_rcu+0xc7/0x110
      [   75.159432]  common_interrupt+0xb8/0xd0
      [   75.163748]  </IRQ>
      [   75.166112]  <TASK>
      [   75.168473]  asm_common_interrupt+0x22/0x40
      [   75.173175] RIP: 0010:cpuidle_enter_state+0xe2/0x350
      [   75.178749] Code: 85 c0 0f 8f 04 02 00 00 31 ff e8 39 6c 67 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 50 02 00 00 31 ff e8 52 b0 6d ff fb 45 85 f6 <0f> 88 b1 00 00 00 49 63 ce 4c 2b 2c 24 48 89 c8 48 6b d1 68 48 c1
      [   75.199757] RSP: 0018:ffff9948c013bea8 EFLAGS: 00000202
      [   75.205614] RAX: ffff8e4e8fb00000 RBX: ffffb948bfd23900 RCX: 000000000000001f
      [   75.213619] RDX: 0000000000000004 RSI: ffffffff94206161 RDI: ffffffff94212e20
      [   75.221620] RBP: 0000000000000004 R08: 000000117568973a R09: 0000000000000001
      [   75.229622] R10: 000000000000afc8 R11: ffff8e4e8fb29ce4 R12: ffffffff945ae980
      [   75.237628] R13: 000000117568973a R14: 0000000000000004 R15: 0000000000000000
      [   75.245635]  ? cpuidle_enter_state+0xc7/0x350
      [   75.250518]  cpuidle_enter+0x29/0x40
      [   75.254539]  do_idle+0x1d9/0x260
      [   75.258166]  cpu_startup_entry+0x19/0x20
      [   75.262582]  secondary_startup_64_no_verify+0xc2/0xcb
      [   75.268259]  </TASK>
      [   75.270721] Modules linked in: 8021q snd_sof_pci_intel_tgl snd_sof_intel_hda_common tpm_crb snd_soc_hdac_hda snd_sof_intel_hda snd_hda_ext_core snd_sof_pci snd_sof snd_sof_xtensa_dsp snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core snd_compress iTCO_wdt ac97_bus intel_pmc_bxt mei_hdcp iTCO_vendor_support snd_hda_codec_hdmi pmt_telemetry intel_pmc_core pmt_class snd_hda_intel x86_pkg_temp_thermal snd_intel_dspcfg snd_hda_codec snd_hda_core kvm_intel snd_pcm snd_timer kvm snd mei_me soundcore tpm_tis irqbypass i2c_i801 mei tpm_tis_core pcspkr intel_rapl_msr tpm i2c_smbus intel_pmt thermal sch_fq_codel uio uhid i915 drm_buddy video drm_display_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm fuse configfs
      [   75.342736] ---[ end trace 3785f9f360400e3a ]---
      [   75.347913] RIP: 0010:eth_type_trans+0xd0/0x130
      [   75.352984] Code: 03 88 47 78 eb c7 8b 47 68 2b 47 6c 48 8b 97 c0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb ab <0f> 0b b8 00 01 00 00 eb a2 48 85 ff 74 eb 48 8d 54 24 06 31 f6 b9
      [   75.373994] RSP: 0018:ffff9948c0228de0 EFLAGS: 00010297
      [   75.379860] RAX: 00000000000003f2 RBX: ffff8e47047dc300 RCX: 0000000000001003
      [   75.387856] RDX: ffff8e4e8c9ea040 RSI: ffff8e4704e0a000 RDI: ffff8e47047dc300
      [   75.395864] RBP: ffff8e4704e2acc0 R08: 00000000000003f3 R09: 0000000000000800
      [   75.403857] R10: 000000000000000d R11: ffff9948c0228dec R12: ffff8e4715e4e010
      [   75.411863] R13: ffff9948c0545018 R14: 0000000000000001 R15: 0000000000000800
      [   75.419875] FS:  0000000000000000(0000) GS:ffff8e4e8fb00000(0000) knlGS:0000000000000000
      [   75.428946] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   75.435403] CR2: 00007f5eb35934a0 CR3: 0000000150e0a002 CR4: 0000000000770ee0
      [   75.443410] PKRU: 55555554
      [   75.446477] Kernel panic - not syncing: Fatal exception in interrupt
      [   75.453738] Kernel Offset: 0x11c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
      [   75.465794] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
      
      Fixes: 4f1cc51f ("net: flow_dissector: Parse PTP L2 packet header")
      Signed-off-by: default avatarSasha Neftin <sasha.neftin@intel.com>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      75ad80ed
    • Arnd Bergmann's avatar
      net: ti: icssg-prueth: add PTP dependency · a8f367f7
      Arnd Bergmann authored
      The driver can now use PTP if enabled but fails to link built-in
      if PTP is a loadable module:
      
      aarch64-linux-ld: drivers/net/ethernet/ti/icssg/icss_iep.o: in function `icss_iep_get_ptp_clock_idx':
      icss_iep.c:(.text+0x200): undefined reference to `ptp_clock_index'
      
      Add the usual dependency to avoid this.
      
      Fixes: 186734c1 ("net: ti: icssg-prueth: add packet timestamping and ptp support")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Reviewed-by: default avatarMD Danish Anwar <danishanwar@ti.com>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a8f367f7
    • Sabrina Dubroca's avatar
      selftests: tls: swap the TX and RX sockets in some tests · c326ca98
      Sabrina Dubroca authored
      tls.sendmsg_large and tls.sendmsg_multiple are trying to send through
      the self->cfd socket (only configured with TLS_RX) and to receive through
      the self->fd socket (only configured with TLS_TX), so they're not using
      kTLS at all. Swap the sockets.
      
      Fixes: 7f657d5b ("selftests: tls: add selftests for TLS sockets")
      Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c326ca98
    • David S. Miller's avatar
      Merge branch 'sparx5-leaks' · 63a2de8d
      David S. Miller authored
      Jinjie Ruan says:
      
      ====================
      net: microchip: sparx5: Fix some memory leaks in vcap_api_kunit
      
      There are some memory leaks in vcap_api_kunit, this patchset
      fixes them.
      
      Changes in v3:
      - Fix the typo in patch 3, from "export" to "vcap enabled port".
      - Fix the typo in patch 4, from "vcap_dup_rule" to "vcap_alloc_rule".
      
      Changes in v2:
      - Adhere to the 80 character limit in vcap_free_caf()
      - Fix kernel test robot reported warnings in test_vcap_xn_rule_creator()
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      63a2de8d
    • Jinjie Ruan's avatar
      net: microchip: sparx5: Fix possible memory leaks in vcap_api_kunit · 2a2dffd9
      Jinjie Ruan authored
      Inject fault while probing kunit-example-test.ko, the duprule which
      is allocated by kzalloc in vcap_dup_rule() of
      test_vcap_xn_rule_creator() is not freed, and it cause the memory leaks
      below. Use vcap_del_rule() to free them as other functions do it.
      
      unreferenced object 0xffff6eb4846f6180 (size 192):
        comm "kunit_try_catch", pid 405, jiffies 4294895522 (age 880.004s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 0a 00 00 00 f4 01 00 00  .'..............
          00 00 00 00 00 00 00 00 98 61 6f 84 b4 6e ff ff  .........ao..n..
        backtrace:
          [<00000000f1b5b86e>] slab_post_alloc_hook+0xb8/0x368
          [<00000000c56cdd9a>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000046ef1b64>] kmalloc_trace+0x40/0x164
          [<000000008565145b>] vcap_dup_rule+0x38/0x210
          [<00000000bd9e1f12>] vcap_add_rule+0x29c/0x32c
          [<0000000070a539b1>] test_vcap_xn_rule_creator.constprop.43+0x120/0x330
          [<00000000d2ac4ccb>] vcap_api_rule_insert_in_order_test+0xa4/0x114
          [<000000000f88f9cb>] kunit_try_run_case+0x50/0xac
          [<00000000e848de5a>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000058a88b6b>] kthread+0x124/0x130
          [<00000000891cf28a>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff6eb4846f6240 (size 192):
        comm "kunit_try_catch", pid 405, jiffies 4294895524 (age 879.996s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 14 00 00 00 90 01 00 00  .'..............
          00 00 00 00 00 00 00 00 58 62 6f 84 b4 6e ff ff  ........Xbo..n..
        backtrace:
          [<00000000f1b5b86e>] slab_post_alloc_hook+0xb8/0x368
          [<00000000c56cdd9a>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000046ef1b64>] kmalloc_trace+0x40/0x164
          [<000000008565145b>] vcap_dup_rule+0x38/0x210
          [<00000000bd9e1f12>] vcap_add_rule+0x29c/0x32c
          [<0000000070a539b1>] test_vcap_xn_rule_creator.constprop.43+0x120/0x330
          [<0000000052e6ad35>] vcap_api_rule_insert_in_order_test+0xbc/0x114
          [<000000000f88f9cb>] kunit_try_run_case+0x50/0xac
          [<00000000e848de5a>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000058a88b6b>] kthread+0x124/0x130
          [<00000000891cf28a>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff6eb4846f6300 (size 192):
        comm "kunit_try_catch", pid 405, jiffies 4294895524 (age 879.996s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 1e 00 00 00 2c 01 00 00  .'..........,...
          00 00 00 00 00 00 00 00 18 63 6f 84 b4 6e ff ff  .........co..n..
        backtrace:
          [<00000000f1b5b86e>] slab_post_alloc_hook+0xb8/0x368
          [<00000000c56cdd9a>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000046ef1b64>] kmalloc_trace+0x40/0x164
          [<000000008565145b>] vcap_dup_rule+0x38/0x210
          [<00000000bd9e1f12>] vcap_add_rule+0x29c/0x32c
          [<0000000070a539b1>] test_vcap_xn_rule_creator.constprop.43+0x120/0x330
          [<000000001b0895d4>] vcap_api_rule_insert_in_order_test+0xd4/0x114
          [<000000000f88f9cb>] kunit_try_run_case+0x50/0xac
          [<00000000e848de5a>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000058a88b6b>] kthread+0x124/0x130
          [<00000000891cf28a>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff6eb4846f63c0 (size 192):
        comm "kunit_try_catch", pid 405, jiffies 4294895524 (age 880.012s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 28 00 00 00 c8 00 00 00  .'......(.......
          00 00 00 00 00 00 00 00 d8 63 6f 84 b4 6e ff ff  .........co..n..
        backtrace:
          [<00000000f1b5b86e>] slab_post_alloc_hook+0xb8/0x368
          [<00000000c56cdd9a>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000046ef1b64>] kmalloc_trace+0x40/0x164
          [<000000008565145b>] vcap_dup_rule+0x38/0x210
          [<00000000bd9e1f12>] vcap_add_rule+0x29c/0x32c
          [<0000000070a539b1>] test_vcap_xn_rule_creator.constprop.43+0x120/0x330
          [<00000000134c151f>] vcap_api_rule_insert_in_order_test+0xec/0x114
          [<000000000f88f9cb>] kunit_try_run_case+0x50/0xac
          [<00000000e848de5a>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000058a88b6b>] kthread+0x124/0x130
          [<00000000891cf28a>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff6eb4845fc180 (size 192):
        comm "kunit_try_catch", pid 407, jiffies 4294895527 (age 880.000s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 14 00 00 00 c8 00 00 00  .'..............
          00 00 00 00 00 00 00 00 98 c1 5f 84 b4 6e ff ff  .........._..n..
        backtrace:
          [<00000000f1b5b86e>] slab_post_alloc_hook+0xb8/0x368
          [<00000000c56cdd9a>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000046ef1b64>] kmalloc_trace+0x40/0x164
          [<000000008565145b>] vcap_dup_rule+0x38/0x210
          [<00000000bd9e1f12>] vcap_add_rule+0x29c/0x32c
          [<0000000070a539b1>] test_vcap_xn_rule_creator.constprop.43+0x120/0x330
          [<00000000fa5f64d3>] vcap_api_rule_insert_reverse_order_test+0xc8/0x600
          [<000000000f88f9cb>] kunit_try_run_case+0x50/0xac
          [<00000000e848de5a>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000058a88b6b>] kthread+0x124/0x130
          [<00000000891cf28a>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff6eb4845fc240 (size 192):
        comm "kunit_try_catch", pid 407, jiffies 4294895527 (age 880.000s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 1e 00 00 00 2c 01 00 00  .'..........,...
          00 00 00 00 00 00 00 00 58 c2 5f 84 b4 6e ff ff  ........X._..n..
        backtrace:
          [<00000000f1b5b86e>] slab_post_alloc_hook+0xb8/0x368
          [<00000000c56cdd9a>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000046ef1b64>] kmalloc_trace+0x40/0x164
          [<000000008565145b>] vcap_dup_rule+0x38/0x210
          [<00000000453dcd80>] vcap_add_rule+0x134/0x32c
          [<0000000070a539b1>] test_vcap_xn_rule_creator.constprop.43+0x120/0x330
          [<00000000a7db42de>] vcap_api_rule_insert_reverse_order_test+0x108/0x600
          [<000000000f88f9cb>] kunit_try_run_case+0x50/0xac
          [<00000000e848de5a>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000058a88b6b>] kthread+0x124/0x130
          [<00000000891cf28a>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff6eb4845fc300 (size 192):
        comm "kunit_try_catch", pid 407, jiffies 4294895527 (age 880.000s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 28 00 00 00 90 01 00 00  .'......(.......
          00 00 00 00 00 00 00 00 18 c3 5f 84 b4 6e ff ff  .........._..n..
        backtrace:
          [<00000000f1b5b86e>] slab_post_alloc_hook+0xb8/0x368
          [<00000000c56cdd9a>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000046ef1b64>] kmalloc_trace+0x40/0x164
          [<000000008565145b>] vcap_dup_rule+0x38/0x210
          [<00000000453dcd80>] vcap_add_rule+0x134/0x32c
          [<0000000070a539b1>] test_vcap_xn_rule_creator.constprop.43+0x120/0x330
          [<00000000ea416c94>] vcap_api_rule_insert_reverse_order_test+0x150/0x600
          [<000000000f88f9cb>] kunit_try_run_case+0x50/0xac
          [<00000000e848de5a>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000058a88b6b>] kthread+0x124/0x130
          [<00000000891cf28a>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff6eb4845fc3c0 (size 192):
        comm "kunit_try_catch", pid 407, jiffies 4294895527 (age 880.020s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 32 00 00 00 f4 01 00 00  .'......2.......
          00 00 00 00 00 00 00 00 d8 c3 5f 84 b4 6e ff ff  .........._..n..
        backtrace:
          [<00000000f1b5b86e>] slab_post_alloc_hook+0xb8/0x368
          [<00000000c56cdd9a>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000046ef1b64>] kmalloc_trace+0x40/0x164
          [<000000008565145b>] vcap_dup_rule+0x38/0x210
          [<00000000453dcd80>] vcap_add_rule+0x134/0x32c
          [<0000000070a539b1>] test_vcap_xn_rule_creator.constprop.43+0x120/0x330
          [<00000000764a39b4>] vcap_api_rule_insert_reverse_order_test+0x198/0x600
          [<000000000f88f9cb>] kunit_try_run_case+0x50/0xac
          [<00000000e848de5a>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000058a88b6b>] kthread+0x124/0x130
          [<00000000891cf28a>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff6eb484cd4240 (size 192):
        comm "kunit_try_catch", pid 413, jiffies 4294895543 (age 879.956s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 1e 00 00 00 2c 01 00 00  .'..........,...
          00 00 00 00 00 00 00 00 58 42 cd 84 b4 6e ff ff  ........XB...n..
        backtrace:
          [<00000000f1b5b86e>] slab_post_alloc_hook+0xb8/0x368
          [<00000000c56cdd9a>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000046ef1b64>] kmalloc_trace+0x40/0x164
          [<000000008565145b>] vcap_dup_rule+0x38/0x210
          [<00000000bd9e1f12>] vcap_add_rule+0x29c/0x32c
          [<0000000070a539b1>] test_vcap_xn_rule_creator.constprop.43+0x120/0x330
          [<0000000023976dd4>] vcap_api_rule_remove_in_front_test+0x158/0x658
          [<000000000f88f9cb>] kunit_try_run_case+0x50/0xac
          [<00000000e848de5a>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000058a88b6b>] kthread+0x124/0x130
          [<00000000891cf28a>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff6eb484cd4300 (size 192):
        comm "kunit_try_catch", pid 413, jiffies 4294895543 (age 879.956s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 28 00 00 00 c8 00 00 00  .'......(.......
          00 00 00 00 00 00 00 00 18 43 cd 84 b4 6e ff ff  .........C...n..
        backtrace:
          [<00000000f1b5b86e>] slab_post_alloc_hook+0xb8/0x368
          [<00000000c56cdd9a>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000046ef1b64>] kmalloc_trace+0x40/0x164
          [<000000008565145b>] vcap_dup_rule+0x38/0x210
          [<00000000bd9e1f12>] vcap_add_rule+0x29c/0x32c
          [<0000000070a539b1>] test_vcap_xn_rule_creator.constprop.43+0x120/0x330
          [<000000000b4760ff>] vcap_api_rule_remove_in_front_test+0x170/0x658
          [<000000000f88f9cb>] kunit_try_run_case+0x50/0xac
          [<00000000e848de5a>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000058a88b6b>] kthread+0x124/0x130
          [<00000000891cf28a>] ret_from_fork+0x10/0x20
      
      Fixes: dccc30cc ("net: microchip: sparx5: Add KUNIT test of counters and sorted rules")
      Signed-off-by: default avatarJinjie Ruan <ruanjinjie@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2a2dffd9
    • Jinjie Ruan's avatar
      net: microchip: sparx5: Fix possible memory leaks in test_vcap_xn_rule_creator() · 20146fa7
      Jinjie Ruan authored
      Inject fault while probing kunit-example-test.ko, the rule which
      is allocated by kzalloc in vcap_alloc_rule(), the field which is
      allocated by kzalloc in vcap_rule_add_action() and
      vcap_rule_add_key() is not freed, and it cause the memory leaks
      below. Use vcap_free_rule() to free them as other drivers do it.
      
      And since the return rule of test_vcap_xn_rule_creator() is not
      used, remove it and switch to void.
      
      unreferenced object 0xffff058383334240 (size 192):
        comm "kunit_try_catch", pid 309, jiffies 4294894222 (age 639.800s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 14 00 00 00 90 01 00 00  .'..............
          00 00 00 00 00 00 00 00 00 81 93 84 83 05 ff ff  ................
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<00000000648fefae>] vcap_alloc_rule+0x17c/0x26c
          [<000000004da16164>] test_vcap_xn_rule_creator.constprop.43+0xac/0x328
          [<00000000231b1097>] vcap_api_rule_insert_in_order_test+0xcc/0x184
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0583849380c0 (size 64):
        comm "kunit_try_catch", pid 309, jiffies 4294894222 (age 639.800s)
        hex dump (first 32 bytes):
          40 81 93 84 83 05 ff ff 68 42 33 83 83 05 ff ff  @.......hB3.....
          22 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00  "...............
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<00000000ee41df9e>] vcap_rule_add_action+0x104/0x178
          [<000000001cc1bb38>] test_vcap_xn_rule_creator.constprop.43+0xd8/0x328
          [<00000000231b1097>] vcap_api_rule_insert_in_order_test+0xcc/0x184
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff058384938100 (size 64):
        comm "kunit_try_catch", pid 309, jiffies 4294894222 (age 639.800s)
        hex dump (first 32 bytes):
          80 81 93 84 83 05 ff ff 58 42 33 83 83 05 ff ff  ........XB3.....
          7d 00 00 00 01 00 00 00 02 00 00 00 ff 00 00 00  }...............
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<0000000043c78991>] vcap_rule_add_key+0x104/0x180
          [<00000000ba73cfbe>] vcap_add_type_keyfield+0xfc/0x128
          [<000000002b00f7df>] vcap_val_rule+0x274/0x3e8
          [<00000000e67d2ff5>] test_vcap_xn_rule_creator.constprop.43+0xf0/0x328
          [<00000000231b1097>] vcap_api_rule_insert_in_order_test+0xcc/0x184
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      
      unreferenced object 0xffff0583833b6240 (size 192):
        comm "kunit_try_catch", pid 311, jiffies 4294894225 (age 639.844s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 1e 00 00 00 2c 01 00 00  .'..........,...
          00 00 00 00 00 00 00 00 40 91 8f 84 83 05 ff ff  ........@.......
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<00000000648fefae>] vcap_alloc_rule+0x17c/0x26c
          [<000000004da16164>] test_vcap_xn_rule_creator.constprop.43+0xac/0x328
          [<00000000509de3f4>] vcap_api_rule_insert_reverse_order_test+0x10c/0x654
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0583848f9100 (size 64):
        comm "kunit_try_catch", pid 311, jiffies 4294894225 (age 639.844s)
        hex dump (first 32 bytes):
          80 91 8f 84 83 05 ff ff 68 62 3b 83 83 05 ff ff  ........hb;.....
          22 00 00 00 01 00 00 00 00 00 00 00 a5 b4 ff ff  "...............
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<00000000ee41df9e>] vcap_rule_add_action+0x104/0x178
          [<000000001cc1bb38>] test_vcap_xn_rule_creator.constprop.43+0xd8/0x328
          [<00000000509de3f4>] vcap_api_rule_insert_reverse_order_test+0x10c/0x654
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0583848f9140 (size 64):
        comm "kunit_try_catch", pid 311, jiffies 4294894225 (age 639.844s)
        hex dump (first 32 bytes):
          c0 91 8f 84 83 05 ff ff 58 62 3b 83 83 05 ff ff  ........Xb;.....
          7d 00 00 00 01 00 00 00 02 00 00 00 ff 00 00 00  }...............
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<0000000043c78991>] vcap_rule_add_key+0x104/0x180
          [<00000000ba73cfbe>] vcap_add_type_keyfield+0xfc/0x128
          [<000000002b00f7df>] vcap_val_rule+0x274/0x3e8
          [<00000000e67d2ff5>] test_vcap_xn_rule_creator.constprop.43+0xf0/0x328
          [<00000000509de3f4>] vcap_api_rule_insert_reverse_order_test+0x10c/0x654
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      
      unreferenced object 0xffff05838264e0c0 (size 192):
        comm "kunit_try_catch", pid 313, jiffies 4294894230 (age 639.864s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 0a 00 00 00 f4 01 00 00  .'..............
          00 00 00 00 00 00 00 00 40 3a 97 84 83 05 ff ff  ........@:......
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<00000000648fefae>] vcap_alloc_rule+0x17c/0x26c
          [<000000004da16164>] test_vcap_xn_rule_creator.constprop.43+0xac/0x328
          [<00000000a29794d8>] vcap_api_rule_remove_at_end_test+0xbc/0xb48
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff058384973a80 (size 64):
        comm "kunit_try_catch", pid 313, jiffies 4294894230 (age 639.864s)
        hex dump (first 32 bytes):
          e8 e0 64 82 83 05 ff ff e8 e0 64 82 83 05 ff ff  ..d.......d.....
          22 00 00 00 01 00 00 00 00 00 00 00 00 80 ff ff  "...............
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<00000000ee41df9e>] vcap_rule_add_action+0x104/0x178
          [<000000001cc1bb38>] test_vcap_xn_rule_creator.constprop.43+0xd8/0x328
          [<00000000a29794d8>] vcap_api_rule_remove_at_end_test+0xbc/0xb48
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff058384973a40 (size 64):
        comm "kunit_try_catch", pid 313, jiffies 4294894230 (age 639.880s)
        hex dump (first 32 bytes):
          80 39 97 84 83 05 ff ff d8 e0 64 82 83 05 ff ff  .9........d.....
          7d 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00  }...............
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<0000000043c78991>] vcap_rule_add_key+0x104/0x180
          [<0000000094335477>] vcap_add_type_keyfield+0xbc/0x128
          [<000000002b00f7df>] vcap_val_rule+0x274/0x3e8
          [<00000000e67d2ff5>] test_vcap_xn_rule_creator.constprop.43+0xf0/0x328
          [<00000000a29794d8>] vcap_api_rule_remove_at_end_test+0xbc/0xb48
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      
      unreferenced object 0xffff0583832fa240 (size 192):
        comm "kunit_try_catch", pid 315, jiffies 4294894233 (age 639.920s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 14 00 00 00 90 01 00 00  .'..............
          00 00 00 00 00 00 00 00 00 a1 8b 84 83 05 ff ff  ................
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<00000000648fefae>] vcap_alloc_rule+0x17c/0x26c
          [<000000004da16164>] test_vcap_xn_rule_creator.constprop.43+0xac/0x328
          [<00000000be638a45>] vcap_api_rule_remove_in_middle_test+0xc4/0xb80
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0583848ba0c0 (size 64):
        comm "kunit_try_catch", pid 315, jiffies 4294894233 (age 639.920s)
        hex dump (first 32 bytes):
          40 a1 8b 84 83 05 ff ff 68 a2 2f 83 83 05 ff ff  @.......h./.....
          22 00 00 00 01 00 00 00 00 00 00 00 00 80 ff ff  "...............
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<00000000ee41df9e>] vcap_rule_add_action+0x104/0x178
          [<000000001cc1bb38>] test_vcap_xn_rule_creator.constprop.43+0xd8/0x328
          [<00000000be638a45>] vcap_api_rule_remove_in_middle_test+0xc4/0xb80
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0583848ba100 (size 64):
        comm "kunit_try_catch", pid 315, jiffies 4294894233 (age 639.920s)
        hex dump (first 32 bytes):
          80 a1 8b 84 83 05 ff ff 58 a2 2f 83 83 05 ff ff  ........X./.....
          7d 00 00 00 01 00 00 00 02 00 00 00 ff 00 00 00  }...............
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<0000000043c78991>] vcap_rule_add_key+0x104/0x180
          [<00000000ba73cfbe>] vcap_add_type_keyfield+0xfc/0x128
          [<000000002b00f7df>] vcap_val_rule+0x274/0x3e8
          [<00000000e67d2ff5>] test_vcap_xn_rule_creator.constprop.43+0xf0/0x328
          [<00000000be638a45>] vcap_api_rule_remove_in_middle_test+0xc4/0xb80
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      
      unreferenced object 0xffff0583827d2180 (size 192):
        comm "kunit_try_catch", pid 317, jiffies 4294894238 (age 639.956s)
        hex dump (first 32 bytes):
          10 27 00 00 04 00 00 00 14 00 00 00 90 01 00 00  .'..............
          00 00 00 00 00 00 00 00 00 e1 06 83 83 05 ff ff  ................
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<00000000648fefae>] vcap_alloc_rule+0x17c/0x26c
          [<000000004da16164>] test_vcap_xn_rule_creator.constprop.43+0xac/0x328
          [<00000000e1ed8350>] vcap_api_rule_remove_in_front_test+0x144/0x6c0
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff05838306e0c0 (size 64):
        comm "kunit_try_catch", pid 317, jiffies 4294894238 (age 639.956s)
        hex dump (first 32 bytes):
          40 e1 06 83 83 05 ff ff a8 21 7d 82 83 05 ff ff  @........!}.....
          22 00 00 00 01 00 00 00 00 00 00 00 00 80 ff ff  "...............
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<00000000ee41df9e>] vcap_rule_add_action+0x104/0x178
          [<000000001cc1bb38>] test_vcap_xn_rule_creator.constprop.43+0xd8/0x328
          [<00000000e1ed8350>] vcap_api_rule_remove_in_front_test+0x144/0x6c0
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff05838306e180 (size 64):
        comm "kunit_try_catch", pid 317, jiffies 4294894238 (age 639.968s)
        hex dump (first 32 bytes):
          98 21 7d 82 83 05 ff ff 00 e1 06 83 83 05 ff ff  .!}.............
          67 00 00 00 00 00 00 00 01 01 00 00 ff 00 00 00  g...............
        backtrace:
          [<000000008585a8f7>] slab_post_alloc_hook+0xb8/0x368
          [<00000000795eba12>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000061886991>] kmalloc_trace+0x40/0x164
          [<0000000043c78991>] vcap_rule_add_key+0x104/0x180
          [<000000006ce4945d>] test_add_def_fields+0x84/0x8c
          [<00000000507e0ab6>] vcap_val_rule+0x294/0x3e8
          [<00000000e67d2ff5>] test_vcap_xn_rule_creator.constprop.43+0xf0/0x328
          [<00000000e1ed8350>] vcap_api_rule_remove_in_front_test+0x144/0x6c0
          [<00000000548b559e>] kunit_try_run_case+0x50/0xac
          [<00000000663f0105>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<00000000e646f120>] kthread+0x124/0x130
          [<000000005257599e>] ret_from_fork+0x10/0x20
      
      Fixes: dccc30cc ("net: microchip: sparx5: Add KUNIT test of counters and sorted rules")
      Signed-off-by: default avatarJinjie Ruan <ruanjinjie@huawei.com>
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Closes: https://lore.kernel.org/oe-kbuild-all/202309090950.uOTEKQq3-lkp@intel.com/Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      20146fa7
    • Jinjie Ruan's avatar
      net: microchip: sparx5: Fix possible memory leak in vcap_api_encode_rule_test() · 89e3af02
      Jinjie Ruan authored
      Inject fault while probing kunit-example-test.ko, the duprule which
      is allocated in vcap_dup_rule() and the vcap enabled port which
      is allocated in vcap_enable() of vcap_enable_lookups in
      vcap_api_encode_rule_test() is not freed, and it cause the memory
      leaks below.
      
      Use vcap_enable_lookups() with false arg to free the vcap enabled
      port as other drivers do it. And use vcap_del_rule() to
      free the duprule.
      
      unreferenced object 0xffff677a0278bb00 (size 64):
        comm "kunit_try_catch", pid 388, jiffies 4294895987 (age 1101.840s)
        hex dump (first 32 bytes):
          18 bd a5 82 00 80 ff ff 18 bd a5 82 00 80 ff ff  ................
          40 fe c8 0e be c6 ff ff 00 00 00 00 00 00 00 00  @...............
        backtrace:
          [<000000007d53023a>] slab_post_alloc_hook+0xb8/0x368
          [<0000000076e3f654>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000034d76721>] kmalloc_trace+0x40/0x164
          [<00000000013380a5>] vcap_enable_lookups+0x1c8/0x70c
          [<00000000bbec496b>] vcap_api_encode_rule_test+0x2f8/0xb18
          [<000000002c2bfb7b>] kunit_try_run_case+0x50/0xac
          [<00000000ff74642b>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<000000004af845ca>] kthread+0x124/0x130
          [<0000000038a000ca>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff677a027803c0 (size 192):
        comm "kunit_try_catch", pid 388, jiffies 4294895988 (age 1101.836s)
        hex dump (first 32 bytes):
          00 12 7a 00 05 00 00 00 0a 00 00 00 64 00 00 00  ..z.........d...
          00 00 00 00 00 00 00 00 d8 03 78 02 7a 67 ff ff  ..........x.zg..
        backtrace:
          [<000000007d53023a>] slab_post_alloc_hook+0xb8/0x368
          [<0000000076e3f654>] __kmem_cache_alloc_node+0x174/0x290
          [<0000000034d76721>] kmalloc_trace+0x40/0x164
          [<00000000c1010131>] vcap_dup_rule+0x34/0x14c
          [<00000000d43c54a4>] vcap_add_rule+0x29c/0x32c
          [<0000000073f1c26d>] vcap_api_encode_rule_test+0x304/0xb18
          [<000000002c2bfb7b>] kunit_try_run_case+0x50/0xac
          [<00000000ff74642b>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<000000004af845ca>] kthread+0x124/0x130
          [<0000000038a000ca>] ret_from_fork+0x10/0x20
      
      Fixes: c956b9b3 ("net: microchip: sparx5: Adding KUNIT tests of key/action values in VCAP API")
      Signed-off-by: default avatarJinjie Ruan <ruanjinjie@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      89e3af02
    • Jinjie Ruan's avatar
      net: microchip: sparx5: Fix memory leak for vcap_api_rule_add_actionvalue_test() · 39d0ccc1
      Jinjie Ruan authored
      Inject fault while probing kunit-example-test.ko, the field which
      is allocated by kzalloc in vcap_rule_add_action() of
      vcap_rule_add_action_bit/u32() is not freed, and it cause
      the memory leaks below.
      
      unreferenced object 0xffff0276c496b300 (size 64):
        comm "kunit_try_catch", pid 286, jiffies 4294894224 (age 920.072s)
        hex dump (first 32 bytes):
          68 3c 62 82 00 80 ff ff 68 3c 62 82 00 80 ff ff  h<b.....h<b.....
          3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  <...............
        backtrace:
          [<0000000028f08898>] slab_post_alloc_hook+0xb8/0x368
          [<00000000514b9b37>] __kmem_cache_alloc_node+0x174/0x290
          [<000000004620684a>] kmalloc_trace+0x40/0x164
          [<000000008b41c84d>] vcap_rule_add_action+0x104/0x178
          [<00000000ae66c16c>] vcap_api_rule_add_actionvalue_test+0xa4/0x990
          [<00000000fcc5326c>] kunit_try_run_case+0x50/0xac
          [<00000000f5f45b20>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000026284079>] kthread+0x124/0x130
          [<0000000024d4a996>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0276c496b2c0 (size 64):
        comm "kunit_try_catch", pid 286, jiffies 4294894224 (age 920.072s)
        hex dump (first 32 bytes):
          68 3c 62 82 00 80 ff ff 68 3c 62 82 00 80 ff ff  h<b.....h<b.....
          3c 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  <...............
        backtrace:
          [<0000000028f08898>] slab_post_alloc_hook+0xb8/0x368
          [<00000000514b9b37>] __kmem_cache_alloc_node+0x174/0x290
          [<000000004620684a>] kmalloc_trace+0x40/0x164
          [<000000008b41c84d>] vcap_rule_add_action+0x104/0x178
          [<00000000607782aa>] vcap_api_rule_add_actionvalue_test+0x100/0x990
          [<00000000fcc5326c>] kunit_try_run_case+0x50/0xac
          [<00000000f5f45b20>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000026284079>] kthread+0x124/0x130
          [<0000000024d4a996>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0276c496b280 (size 64):
        comm "kunit_try_catch", pid 286, jiffies 4294894224 (age 920.072s)
        hex dump (first 32 bytes):
          68 3c 62 82 00 80 ff ff 68 3c 62 82 00 80 ff ff  h<b.....h<b.....
          3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  <...............
        backtrace:
          [<0000000028f08898>] slab_post_alloc_hook+0xb8/0x368
          [<00000000514b9b37>] __kmem_cache_alloc_node+0x174/0x290
          [<000000004620684a>] kmalloc_trace+0x40/0x164
          [<000000008b41c84d>] vcap_rule_add_action+0x104/0x178
          [<000000004e640602>] vcap_api_rule_add_actionvalue_test+0x15c/0x990
          [<00000000fcc5326c>] kunit_try_run_case+0x50/0xac
          [<00000000f5f45b20>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000026284079>] kthread+0x124/0x130
          [<0000000024d4a996>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0276c496b240 (size 64):
        comm "kunit_try_catch", pid 286, jiffies 4294894224 (age 920.092s)
        hex dump (first 32 bytes):
          68 3c 62 82 00 80 ff ff 68 3c 62 82 00 80 ff ff  h<b.....h<b.....
          5a 00 00 00 01 00 00 00 32 54 76 98 00 00 00 00  Z.......2Tv.....
        backtrace:
          [<0000000028f08898>] slab_post_alloc_hook+0xb8/0x368
          [<00000000514b9b37>] __kmem_cache_alloc_node+0x174/0x290
          [<000000004620684a>] kmalloc_trace+0x40/0x164
          [<000000008b41c84d>] vcap_rule_add_action+0x104/0x178
          [<0000000011141bf8>] vcap_api_rule_add_actionvalue_test+0x1bc/0x990
          [<00000000fcc5326c>] kunit_try_run_case+0x50/0xac
          [<00000000f5f45b20>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000026284079>] kthread+0x124/0x130
          [<0000000024d4a996>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0276c496b200 (size 64):
        comm "kunit_try_catch", pid 286, jiffies 4294894224 (age 920.092s)
        hex dump (first 32 bytes):
          68 3c 62 82 00 80 ff ff 68 3c 62 82 00 80 ff ff  h<b.....h<b.....
          28 00 00 00 01 00 00 00 dd cc bb aa 00 00 00 00  (...............
        backtrace:
          [<0000000028f08898>] slab_post_alloc_hook+0xb8/0x368
          [<00000000514b9b37>] __kmem_cache_alloc_node+0x174/0x290
          [<000000004620684a>] kmalloc_trace+0x40/0x164
          [<000000008b41c84d>] vcap_rule_add_action+0x104/0x178
          [<00000000d5ed3088>] vcap_api_rule_add_actionvalue_test+0x22c/0x990
          [<00000000fcc5326c>] kunit_try_run_case+0x50/0xac
          [<00000000f5f45b20>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000026284079>] kthread+0x124/0x130
          [<0000000024d4a996>] ret_from_fork+0x10/0x20
      
      Fixes: c956b9b3 ("net: microchip: sparx5: Adding KUNIT tests of key/action values in VCAP API")
      Signed-off-by: default avatarJinjie Ruan <ruanjinjie@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      39d0ccc1
    • Jinjie Ruan's avatar
      net: microchip: sparx5: Fix memory leak for vcap_api_rule_add_keyvalue_test() · f037fc99
      Jinjie Ruan authored
      Inject fault while probing kunit-example-test.ko, the field which
      is allocated by kzalloc in vcap_rule_add_key() of
      vcap_rule_add_key_bit/u32/u128() is not freed, and it cause
      the memory leaks below.
      
      unreferenced object 0xffff0276c14b7240 (size 64):
        comm "kunit_try_catch", pid 284, jiffies 4294894220 (age 920.072s)
        hex dump (first 32 bytes):
          28 3c 61 82 00 80 ff ff 28 3c 61 82 00 80 ff ff  (<a.....(<a.....
          67 00 00 00 00 00 00 00 00 01 37 2b af ab ff ff  g.........7+....
        backtrace:
          [<0000000028f08898>] slab_post_alloc_hook+0xb8/0x368
          [<00000000514b9b37>] __kmem_cache_alloc_node+0x174/0x290
          [<000000004620684a>] kmalloc_trace+0x40/0x164
          [<0000000059ad6bcd>] vcap_rule_add_key+0x104/0x180
          [<00000000ff8002d3>] vcap_api_rule_add_keyvalue_test+0x100/0xba8
          [<00000000fcc5326c>] kunit_try_run_case+0x50/0xac
          [<00000000f5f45b20>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000026284079>] kthread+0x124/0x130
          [<0000000024d4a996>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0276c14b7280 (size 64):
        comm "kunit_try_catch", pid 284, jiffies 4294894221 (age 920.068s)
        hex dump (first 32 bytes):
          28 3c 61 82 00 80 ff ff 28 3c 61 82 00 80 ff ff  (<a.....(<a.....
          67 00 00 00 00 00 00 00 01 01 37 2b af ab ff ff  g.........7+....
        backtrace:
          [<0000000028f08898>] slab_post_alloc_hook+0xb8/0x368
          [<00000000514b9b37>] __kmem_cache_alloc_node+0x174/0x290
          [<000000004620684a>] kmalloc_trace+0x40/0x164
          [<0000000059ad6bcd>] vcap_rule_add_key+0x104/0x180
          [<00000000f5ac9dc7>] vcap_api_rule_add_keyvalue_test+0x168/0xba8
          [<00000000fcc5326c>] kunit_try_run_case+0x50/0xac
          [<00000000f5f45b20>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000026284079>] kthread+0x124/0x130
          [<0000000024d4a996>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0276c14b72c0 (size 64):
        comm "kunit_try_catch", pid 284, jiffies 4294894221 (age 920.068s)
        hex dump (first 32 bytes):
          28 3c 61 82 00 80 ff ff 28 3c 61 82 00 80 ff ff  (<a.....(<a.....
          67 00 00 00 00 00 00 00 00 00 37 2b af ab ff ff  g.........7+....
        backtrace:
          [<0000000028f08898>] slab_post_alloc_hook+0xb8/0x368
          [<00000000514b9b37>] __kmem_cache_alloc_node+0x174/0x290
          [<000000004620684a>] kmalloc_trace+0x40/0x164
          [<0000000059ad6bcd>] vcap_rule_add_key+0x104/0x180
          [<00000000c918ae7f>] vcap_api_rule_add_keyvalue_test+0x1d0/0xba8
          [<00000000fcc5326c>] kunit_try_run_case+0x50/0xac
          [<00000000f5f45b20>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000026284079>] kthread+0x124/0x130
          [<0000000024d4a996>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0276c14b7300 (size 64):
        comm "kunit_try_catch", pid 284, jiffies 4294894221 (age 920.084s)
        hex dump (first 32 bytes):
          28 3c 61 82 00 80 ff ff 28 3c 61 82 00 80 ff ff  (<a.....(<a.....
          7d 00 00 00 01 00 00 00 32 54 76 98 ab ff 00 ff  }.......2Tv.....
        backtrace:
          [<0000000028f08898>] slab_post_alloc_hook+0xb8/0x368
          [<00000000514b9b37>] __kmem_cache_alloc_node+0x174/0x290
          [<000000004620684a>] kmalloc_trace+0x40/0x164
          [<0000000059ad6bcd>] vcap_rule_add_key+0x104/0x180
          [<0000000003352814>] vcap_api_rule_add_keyvalue_test+0x240/0xba8
          [<00000000fcc5326c>] kunit_try_run_case+0x50/0xac
          [<00000000f5f45b20>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000026284079>] kthread+0x124/0x130
          [<0000000024d4a996>] ret_from_fork+0x10/0x20
      unreferenced object 0xffff0276c14b7340 (size 64):
        comm "kunit_try_catch", pid 284, jiffies 4294894221 (age 920.084s)
        hex dump (first 32 bytes):
          28 3c 61 82 00 80 ff ff 28 3c 61 82 00 80 ff ff  (<a.....(<a.....
          51 00 00 00 07 00 00 00 17 26 35 44 63 62 71 00  Q........&5Dcbq.
        backtrace:
          [<0000000028f08898>] slab_post_alloc_hook+0xb8/0x368
          [<00000000514b9b37>] __kmem_cache_alloc_node+0x174/0x290
          [<000000004620684a>] kmalloc_trace+0x40/0x164
          [<0000000059ad6bcd>] vcap_rule_add_key+0x104/0x180
          [<000000001516f109>] vcap_api_rule_add_keyvalue_test+0x2cc/0xba8
          [<00000000fcc5326c>] kunit_try_run_case+0x50/0xac
          [<00000000f5f45b20>] kunit_generic_run_threadfn_adapter+0x20/0x2c
          [<0000000026284079>] kthread+0x124/0x130
          [<0000000024d4a996>] ret_from_fork+0x10/0x20
      
      Fixes: c956b9b3 ("net: microchip: sparx5: Adding KUNIT tests of key/action values in VCAP API")
      Signed-off-by: default avatarJinjie Ruan <ruanjinjie@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f037fc99
  5. 14 Sep, 2023 5 commits
    • Linus Torvalds's avatar
      Merge tag 'net-6.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 9fdfb15a
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Quite unusually, this does not contains any fix coming from subtrees
        (nf, ebpf, wifi, etc).
      
        Current release - regressions:
      
         - bcmasp: fix possible OOB write in bcmasp_netfilt_get_all_active()
      
        Previous releases - regressions:
      
         - ipv4: fix one memleak in __inet_del_ifa()
      
         - tcp: fix bind() regressions for v4-mapped-v6 addresses.
      
         - tls: do not free tls_rec on async operation in
           bpf_exec_tx_verdict()
      
         - dsa: fixes for SJA1105 FDB regressions
      
         - veth: update XDP feature set when bringing up device
      
         - igb: fix hangup when enabling SR-IOV
      
        Previous releases - always broken:
      
         - kcm: fix memory leak in error path of kcm_sendmsg()
      
         - smc: fix data corruption in smcr_port_add
      
         - microchip: fix possible memory leak for vcap_dup_rule()"
      
      * tag 'net-6.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (37 commits)
        kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
        net: renesas: rswitch: Add spin lock protection for irq {un}mask
        net: renesas: rswitch: Fix unmasking irq condition
        igb: clean up in all error paths when enabling SR-IOV
        ixgbe: fix timestamp configuration code
        selftest: tcp: Add v4-mapped-v6 cases in bind_wildcard.c.
        selftest: tcp: Move expected_errno into each test case in bind_wildcard.c.
        selftest: tcp: Fix address length in bind_wildcard.c.
        tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address.
        tcp: Fix bind() regression for v4-mapped-v6 wildcard address.
        tcp: Factorise sk_family-independent comparison in inet_bind2_bucket_match(_addr_any).
        ipv6: fix ip6_sock_set_addr_preferences() typo
        veth: Update XDP feature set when bringing up device
        net: macb: fix sleep inside spinlock
        net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
        net: ethernet: mtk_eth_soc: fix pse_port configuration for MT7988
        net: ethernet: mtk_eth_soc: fix uninitialized variable
        kcm: Fix memory leak in error path of kcm_sendmsg()
        r8152: check budget for r8152_poll()
        net: dsa: sja1105: block FDB accesses that are concurrent with a switch reset
        ...
      9fdfb15a
    • Kuniyuki Iwashima's avatar
      kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). · a22730b1
      Kuniyuki Iwashima authored
      syzkaller found a memory leak in kcm_sendmsg(), and commit c821a88b
      ("kcm: Fix memory leak in error path of kcm_sendmsg()") suppressed it by
      updating kcm_tx_msg(head)->last_skb if partial data is copied so that the
      following sendmsg() will resume from the skb.
      
      However, we cannot know how many bytes were copied when we get the error.
      Thus, we could mess up the MSG_MORE queue.
      
      When kcm_sendmsg() fails for SOCK_DGRAM, we should purge the queue as we
      do so for UDP by udp_flush_pending_frames().
      
      Even without this change, when the error occurred, the following sendmsg()
      resumed from a wrong skb and the queue was messed up.  However, we have
      yet to get such a report, and only syzkaller stumbled on it.  So, this
      can be changed safely.
      
      Note this does not change SOCK_SEQPACKET behaviour.
      
      Fixes: c821a88b ("kcm: Fix memory leak in error path of kcm_sendmsg()")
      Fixes: ab7ac4eb ("kcm: Kernel Connection Multiplexor module")
      Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Link: https://lore.kernel.org/r/20230912022753.33327-1-kuniyu@amazon.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      a22730b1
    • Paolo Abeni's avatar
      Merge branch 'net-renesas-rswitch-fix-a-lot-of-redundant-irq-issue' · 96f7dc69
      Paolo Abeni authored
      Yoshihiro Shimoda says:
      
      ====================
      net: renesas: rswitch: Fix a lot of redundant irq issue
      
      After this patch series was applied, a lot of redundant interrupts
      no longer occur.
      
      For example: when "iperf3 -c <ipaddr> -R" on R-Car S4-8 Spider
       Before the patches are applied: about 800,000 times happened
       After the patches were applied: about 100,000 times happened
      ====================
      
      Link: https://lore.kernel.org/r/20230912014936.3175430-1-yoshihiro.shimoda.uh@renesas.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      96f7dc69
    • Yoshihiro Shimoda's avatar
      net: renesas: rswitch: Add spin lock protection for irq {un}mask · c4f922e8
      Yoshihiro Shimoda authored
      Add spin lock protection for irq {un}mask registers' control.
      
      After napi_complete_done() and this protection were applied,
      a lot of redundant interrupts no longer occur.
      
      For example: when "iperf3 -c <ipaddr> -R" on R-Car S4-8 Spider
       Before the patches are applied: about 800,000 times happened
       After the patches were applied: about 100,000 times happened
      
      Fixes: 3590918b ("net: ethernet: renesas: Add support for "Ethernet Switch"")
      Signed-off-by: default avatarYoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      c4f922e8
    • Yoshihiro Shimoda's avatar
      net: renesas: rswitch: Fix unmasking irq condition · e7b1ef29
      Yoshihiro Shimoda authored
      Fix unmasking irq condition by using napi_complete_done(). Otherwise,
      redundant interrupts happen.
      
      Fixes: 3590918b ("net: ethernet: renesas: Add support for "Ethernet Switch"")
      Signed-off-by: default avatarYoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      e7b1ef29
  6. 13 Sep, 2023 5 commits