1. 02 Jun, 2022 8 commits
    • Duoming Zhou's avatar
      ax25: Fix ax25 session cleanup problems · 7d8a3a47
      Duoming Zhou authored
      There are session cleanup problems in ax25_release() and
      ax25_disconnect(). If we setup a session and then disconnect,
      the disconnected session is still in "LISTENING" state that
      is shown below.
      
      Active AX.25 sockets
      Dest       Source     Device  State        Vr/Vs    Send-Q  Recv-Q
      DL9SAU-4   DL9SAU-3   ???     LISTENING    000/000  0       0
      DL9SAU-3   DL9SAU-4   ???     LISTENING    000/000  0       0
      
      The first reason is caused by del_timer_sync() in ax25_release().
      The timers of ax25 are used for correct session cleanup. If we use
      ax25_release() to close ax25 sessions and ax25_dev is not null,
      the del_timer_sync() functions in ax25_release() will execute.
      As a result, the sessions could not be cleaned up correctly,
      because the timers have stopped.
      
      In order to solve this problem, this patch adds a device_up flag
      in ax25_dev in order to judge whether the device is up. If there
      are sessions to be cleaned up, the del_timer_sync() in
      ax25_release() will not execute. What's more, we add ax25_cb_del()
      in ax25_kill_by_device(), because the timers have been stopped
      and there are no functions that could delete ax25_cb if we do not
      call ax25_release(). Finally, we reorder the position of
      ax25_list_lock in ax25_cb_del() in order to synchronize among
      different functions that call ax25_cb_del().
      
      The second reason is caused by improper check in ax25_disconnect().
      The incoming ax25 sessions which ax25->sk is null will close
      heartbeat timer, because the check "if(!ax25->sk || ..)" is
      satisfied. As a result, the session could not be cleaned up properly.
      
      In order to solve this problem, this patch changes the improper
      check to "if(ax25->sk && ..)" in ax25_disconnect().
      
      What`s more, the ax25_disconnect() may be called twice, which is
      not necessary. For example, ax25_kill_by_device() calls
      ax25_disconnect() and sets ax25->state to AX25_STATE_0, but
      ax25_release() calls ax25_disconnect() again.
      
      In order to solve this problem, this patch add a check in
      ax25_release(). If the flag of ax25->sk equals to SOCK_DEAD,
      the ax25_disconnect() in ax25_release() should not be executed.
      
      Fixes: 82e31755 ("ax25: Fix UAF bugs in ax25 timers")
      Fixes: 8a367e74 ("ax25: Fix segfault after sock connection timeout")
      Reported-and-tested-by: default avatarThomas Osterried <thomas@osterried.de>
      Signed-off-by: default avatarDuoming Zhou <duoming@zju.edu.cn>
      Link: https://lore.kernel.org/r/20220530152158.108619-1-duoming@zju.edu.cnSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      7d8a3a47
    • Slark Xiao's avatar
      net: usb: qmi_wwan: Add support for Cinterion MV31 with new baseline · 9f4fc18b
      Slark Xiao authored
      Adding support for Cinterion device MV31 with Qualcomm
      new baseline. Use different PIDs to separate it from
      previous base line products.
      All interfaces settings keep same as previous.
      
      T:  Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  7 Spd=480 MxCh= 0
      D:  Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs=  1
      P:  Vendor=1e2d ProdID=00b9 Rev=04.14
      S:  Manufacturer=Cinterion
      S:  Product=Cinterion PID 0x00B9 USB Mobile Broadband
      S:  SerialNumber=90418e79
      C:  #Ifs= 4 Cfg#= 1 Atr=a0 MxPwr=500mA
      I:  If#=0x0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan
      I:  If#=0x1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
      I:  If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
      I:  If#=0x3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
      Signed-off-by: default avatarSlark Xiao <slark_xiao@163.com>
      Acked-by: default avatarBjørn Mork <bjorn@mork.no>
      Link: https://lore.kernel.org/r/20220601040531.6016-1-slark_xiao@163.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      9f4fc18b
    • Jakub Kicinski's avatar
      Merge tag 'mlx5-fixes-2022-05-31' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux · c034ff2b
      Jakub Kicinski authored
      Saeed Mahameed says:
      
      ====================
      mlx5 fixes 2022-05-31
      
      This series provides bug fixes to mlx5 driver.
      Please pull and let me know if there is any problem.
      
      * tag 'mlx5-fixes-2022-05-31' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux:
        net/mlx5: Fix mlx5_get_next_dev() peer device matching
        net/mlx5e: Update netdev features after changing XDP state
        net/mlx5: correct ECE offset in query qp output
        net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition
        net/mlx5: CT: Fix header-rewrite re-use for tupels
        net/mlx5e: TC NIC mode, fix tc chains miss table
        net/mlx5: Don't use already freed action pointer
      ====================
      
      Link: https://lore.kernel.org/r/20220531205447.99236-1-saeed@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      c034ff2b
    • Jakub Kicinski's avatar
      Merge branch 'sfc-siena-fix-some-efx_separate_tx_channels-errors' · 11049c9e
      Jakub Kicinski authored
      Íñigo Huguet says:
      
      ====================
      sfc/siena: fix some efx_separate_tx_channels errors
      
      Trying to load sfc driver with modparam efx_separate_tx_channels=1
      resulted in errors during initialization and not being able to use the
      NIC. This patches fix a few bugs and make it work again.
      
      This has been already done for sfc, do it also for sfc_siena.
      ====================
      
      Link: https://lore.kernel.org/r/20220601063603.15362-1-ihuguet@redhat.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      11049c9e
    • Íñigo Huguet's avatar
      sfc/siena: fix wrong tx channel offset with efx_separate_tx_channels · 25bde571
      Íñigo Huguet authored
      tx_channel_offset is calculated in efx_allocate_msix_channels, but it is
      also calculated again in efx_set_channels because it was originally done
      there, and when efx_allocate_msix_channels was introduced it was
      forgotten to be removed from efx_set_channels.
      
      Moreover, the old calculation is wrong when using
      efx_separate_tx_channels because now we can have XDP channels after the
      TX channels, so n_channels - n_tx_channels doesn't point to the first TX
      channel.
      
      Remove the old calculation from efx_set_channels, and add the
      initialization of this variable if MSI or legacy interrupts are used,
      next to the initialization of the rest of the related variables, where
      it was missing.
      
      This has been already done for sfc, do it also for sfc_siena.
      
      Fixes: 3990a8ff ("sfc: allocate channels for XDP tx queues")
      Reported-by: default avatarTianhao Zhao <tizhao@redhat.com>
      Signed-off-by: default avatarÍñigo Huguet <ihuguet@redhat.com>
      Acked-by: default avatarMartin Habets <habetsm.xilinx@gmail.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      25bde571
    • Martin Habets's avatar
      sfc/siena: fix considering that all channels have TX queues · 183614bf
      Martin Habets authored
      Normally, all channels have RX and TX queues, but this is not true if
      modparam efx_separate_tx_channels=1 is used. In that cases, some
      channels only have RX queues and others only TX queues (or more
      preciselly, they have them allocated, but not initialized).
      
      Fix efx_channel_has_tx_queues to return the correct value for this case
      too.
      
      This has been already done for sfc, do it also for sfc_siena.
      
      Messages shown at probe time before the fix:
       sfc 0000:03:00.0 ens6f0np0: MC command 0x82 inlen 544 failed rc=-22 (raw=0) arg=0
       ------------[ cut here ]------------
       netdevice: ens6f0np0: failed to initialise TXQ -1
       WARNING: CPU: 1 PID: 626 at drivers/net/ethernet/sfc/ef10.c:2393 efx_ef10_tx_init+0x201/0x300 [sfc]
       [...] stripped
       RIP: 0010:efx_ef10_tx_init+0x201/0x300 [sfc]
       [...] stripped
       Call Trace:
        efx_init_tx_queue+0xaa/0xf0 [sfc]
        efx_start_channels+0x49/0x120 [sfc]
        efx_start_all+0x1f8/0x430 [sfc]
        efx_net_open+0x5a/0xe0 [sfc]
        __dev_open+0xd0/0x190
        __dev_change_flags+0x1b3/0x220
        dev_change_flags+0x21/0x60
       [...] stripped
      
      Messages shown at remove time before the fix:
       sfc 0000:03:00.0 ens6f0np0: failed to flush 10 queues
       sfc 0000:03:00.0 ens6f0np0: failed to flush queues
      
      Fixes: 8700aff0 ("sfc: fix channel allocation with brute force")
      Reported-by: default avatarTianhao Zhao <tizhao@redhat.com>
      Signed-off-by: default avatarMartin Habets <habetsm.xilinx@gmail.com>
      Tested-by: default avatarÍñigo Huguet <ihuguet@redhat.com>
      Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      183614bf
    • Jakub Kicinski's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec · 2440d206
      Jakub Kicinski authored
      Steffen Klassert says:
      
      ====================
      ipsec 2022-06-01
      
      1) Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
         From Michal Kubecek.
      
      2) Don't set IPv4 DF bit when encapsulating IPv6 frames below 1280 bytes.
         From Maciej Żenczykowski.
      
      * 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec:
        xfrm: do not set IPv4 DF flag when encapsulating IPv6 frames <= 1280 bytes.
        Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
      ====================
      
      Link: https://lore.kernel.org/r/20220601103349.2297361-1-steffen.klassert@secunet.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      2440d206
    • Jakub Kicinski's avatar
      Merge tag 'wireless-2022-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless · 38a4762e
      Jakub Kicinski authored
      Kalle Valo says:
      
      ====================
      wireless fixes for v5.19
      
      First set of fixes for v5.19. Build fixes for iwlwifi and libertas, a
      scheduling while atomic fix for rtw88 and use-after-free fix for
      mac80211.
      
      * tag 'wireless-2022-06-01' of git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless:
        wifi: mac80211: fix use-after-free in chanctx code
        wifi: rtw88: add a work to correct atomic scheduling warning of ::set_tim
        wifi: iwlwifi: pcie: rename CAUSE macro
        wifi: libertas: use variable-size data in assoc req/resp cmd
      ====================
      
      Link: https://lore.kernel.org/r/20220601110741.90B28C385A5@smtp.kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      38a4762e
  2. 01 Jun, 2022 10 commits
  3. 31 May, 2022 17 commits
  4. 30 May, 2022 3 commits
  5. 29 May, 2022 2 commits
    • David S. Miller's avatar
      Merge branch 'sfc-fixes' · 90343f57
      David S. Miller authored
      Íñigo Huguet says:
      
      ====================
      sfc: fix some efx_separate_tx_channels errors
      
      Trying to load sfc driver with modparam efx_separate_tx_channels=1
      resulted in errors during initialization and not being able to use the
      NIC. This patches fix a few bugs and make it work again.
      
      v2:
      * added Martin's patch instead of a previous mine. Mine one solved some
      of the initialization errors, but Martin's solves them also in all
      possible cases.
      * removed whitespaces cleanup, as requested by Jakub
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      90343f57
    • Íñigo Huguet's avatar
      sfc: fix wrong tx channel offset with efx_separate_tx_channels · c308dfd1
      Íñigo Huguet authored
      tx_channel_offset is calculated in efx_allocate_msix_channels, but it is
      also calculated again in efx_set_channels because it was originally done
      there, and when efx_allocate_msix_channels was introduced it was
      forgotten to be removed from efx_set_channels.
      
      Moreover, the old calculation is wrong when using
      efx_separate_tx_channels because now we can have XDP channels after the
      TX channels, so n_channels - n_tx_channels doesn't point to the first TX
      channel.
      
      Remove the old calculation from efx_set_channels, and add the
      initialization of this variable if MSI or legacy interrupts are used,
      next to the initialization of the rest of the related variables, where
      it was missing.
      
      Fixes: 3990a8ff ("sfc: allocate channels for XDP tx queues")
      Reported-by: default avatarTianhao Zhao <tizhao@redhat.com>
      Signed-off-by: default avatarÍñigo Huguet <ihuguet@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c308dfd1