1. 18 Jul, 2022 8 commits
    • Kuniyuki Iwashima's avatar
      igmp: Fix data-races around sysctl_igmp_qrv. · 8ebcc62c
      Kuniyuki Iwashima authored
      While reading sysctl_igmp_qrv, it can be changed concurrently.
      Thus, we need to add READ_ONCE() to its readers.
      
      This test can be packed into a helper, so such changes will be in the
      follow-up series after net is merged into net-next.
      
        qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
      
      Fixes: a9fe8e29 ("ipv4: implement igmp_qrv sysctl to tune igmp robustness variable")
      Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8ebcc62c
    • Kuniyuki Iwashima's avatar
      igmp: Fix data-races around sysctl_igmp_max_msf. · 6ae0f2e5
      Kuniyuki Iwashima authored
      While reading sysctl_igmp_max_msf, it can be changed concurrently.
      Thus, we need to add READ_ONCE() to its readers.
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6ae0f2e5
    • Kuniyuki Iwashima's avatar
      igmp: Fix a data-race around sysctl_igmp_max_memberships. · 6305d821
      Kuniyuki Iwashima authored
      While reading sysctl_igmp_max_memberships, it can be changed concurrently.
      Thus, we need to add READ_ONCE() to its reader.
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6305d821
    • Kuniyuki Iwashima's avatar
      igmp: Fix data-races around sysctl_igmp_llm_reports. · f6da2267
      Kuniyuki Iwashima authored
      While reading sysctl_igmp_llm_reports, it can be changed concurrently.
      Thus, we need to add READ_ONCE() to its readers.
      
      This test can be packed into a helper, so such changes will be in the
      follow-up series after net is merged into net-next.
      
        if (ipv4_is_local_multicast(pmc->multiaddr) &&
            !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
      
      Fixes: df2cf4a7 ("IGMP: Inhibit reports for local multicast groups")
      Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f6da2267
    • Maksym Glubokiy's avatar
      net: prestera: acl: use proper mask for port selector · 1e20904e
      Maksym Glubokiy authored
      Adjusted as per packet processor documentation.
      This allows to properly match 'indev' for clsact rules.
      
      Fixes: 47327e19 ("net: prestera: acl: migrate to new vTCAM api")
      Signed-off-by: default avatarMaksym Glubokiy <maksym.glubokiy@plvision.eu>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1e20904e
    • Tariq Toukan's avatar
      net/tls: Fix race in TLS device down flow · f08d8c1b
      Tariq Toukan authored
      Socket destruction flow and tls_device_down function sync against each
      other using tls_device_lock and the context refcount, to guarantee the
      device resources are freed via tls_dev_del() by the end of
      tls_device_down.
      
      In the following unfortunate flow, this won't happen:
      - refcount is decreased to zero in tls_device_sk_destruct.
      - tls_device_down starts, skips the context as refcount is zero, going
        all the way until it flushes the gc work, and returns without freeing
        the device resources.
      - only then, tls_device_queue_ctx_destruction is called, queues the gc
        work and frees the context's device resources.
      
      Solve it by decreasing the refcount in the socket's destruction flow
      under the tls_device_lock, for perfect synchronization.  This does not
      slow down the common likely destructor flow, in which both the refcount
      is decreased and the spinlock is acquired, anyway.
      
      Fixes: e8f69799 ("net/tls: Add generic NIC offload infrastructure")
      Reviewed-by: default avatarMaxim Mikityanskiy <maximmi@nvidia.com>
      Signed-off-by: default avatarTariq Toukan <tariqt@nvidia.com>
      Reviewed-by: default avatarJakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f08d8c1b
    • Junxiao Chang's avatar
      net: stmmac: fix dma queue left shift overflow issue · 613b065c
      Junxiao Chang authored
      When queue number is > 4, left shift overflows due to 32 bits
      integer variable. Mask calculation is wrong for MTL_RXQ_DMA_MAP1.
      
      If CONFIG_UBSAN is enabled, kernel dumps below warning:
      [   10.363842] ==================================================================
      [   10.363882] UBSAN: shift-out-of-bounds in /build/linux-intel-iotg-5.15-8e6Tf4/
      linux-intel-iotg-5.15-5.15.0/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c:224:12
      [   10.363929] shift exponent 40 is too large for 32-bit type 'unsigned int'
      [   10.363953] CPU: 1 PID: 599 Comm: NetworkManager Not tainted 5.15.0-1003-intel-iotg
      [   10.363956] Hardware name: ADLINK Technology Inc. LEC-EL/LEC-EL, BIOS 0.15.11 12/22/2021
      [   10.363958] Call Trace:
      [   10.363960]  <TASK>
      [   10.363963]  dump_stack_lvl+0x4a/0x5f
      [   10.363971]  dump_stack+0x10/0x12
      [   10.363974]  ubsan_epilogue+0x9/0x45
      [   10.363976]  __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e
      [   10.363979]  ? wake_up_klogd+0x4a/0x50
      [   10.363983]  ? vprintk_emit+0x8f/0x240
      [   10.363986]  dwmac4_map_mtl_dma.cold+0x42/0x91 [stmmac]
      [   10.364001]  stmmac_mtl_configuration+0x1ce/0x7a0 [stmmac]
      [   10.364009]  ? dwmac410_dma_init_channel+0x70/0x70 [stmmac]
      [   10.364020]  stmmac_hw_setup.cold+0xf/0xb14 [stmmac]
      [   10.364030]  ? page_pool_alloc_pages+0x4d/0x70
      [   10.364034]  ? stmmac_clear_tx_descriptors+0x6e/0xe0 [stmmac]
      [   10.364042]  stmmac_open+0x39e/0x920 [stmmac]
      [   10.364050]  __dev_open+0xf0/0x1a0
      [   10.364054]  __dev_change_flags+0x188/0x1f0
      [   10.364057]  dev_change_flags+0x26/0x60
      [   10.364059]  do_setlink+0x908/0xc40
      [   10.364062]  ? do_setlink+0xb10/0xc40
      [   10.364064]  ? __nla_validate_parse+0x4c/0x1a0
      [   10.364068]  __rtnl_newlink+0x597/0xa10
      [   10.364072]  ? __nla_reserve+0x41/0x50
      [   10.364074]  ? __kmalloc_node_track_caller+0x1d0/0x4d0
      [   10.364079]  ? pskb_expand_head+0x75/0x310
      [   10.364082]  ? nla_reserve_64bit+0x21/0x40
      [   10.364086]  ? skb_free_head+0x65/0x80
      [   10.364089]  ? security_sock_rcv_skb+0x2c/0x50
      [   10.364094]  ? __cond_resched+0x19/0x30
      [   10.364097]  ? kmem_cache_alloc_trace+0x15a/0x420
      [   10.364100]  rtnl_newlink+0x49/0x70
      
      This change fixes MTL_RXQ_DMA_MAP1 mask issue and channel/queue
      mapping warning.
      
      Fixes: d43042f4 ("net: stmmac: mapping mtl rx to dma channel")
      BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216195Reported-by: default avatarCedric Wassenaar <cedric@bytespeed.nl>
      Signed-off-by: default avatarJunxiao Chang <junxiao.chang@intel.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      613b065c
    • Wong Vee Khee's avatar
      net: stmmac: switch to use interrupt for hw crosstimestamping · 76c16d3e
      Wong Vee Khee authored
      Using current implementation of polling mode, there is high chances we
      will hit into timeout error when running phc2sys. Hence, update the
      implementation of hardware crosstimestamping to use the MAC interrupt
      service routine instead of polling for TSIS bit in the MAC Timestamp
      Interrupt Status register to be set.
      
      Cc: Richard Cochran <richardcochran@gmail.com>
      Signed-off-by: default avatarWong Vee Khee <vee.khee.wong@linux.intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      76c16d3e
  2. 16 Jul, 2022 1 commit
    • Kuniyuki Iwashima's avatar
      tcp/udp: Make early_demux back namespacified. · 11052589
      Kuniyuki Iwashima authored
      Commit e21145a9 ("ipv4: namespacify ip_early_demux sysctl knob") made
      it possible to enable/disable early_demux on a per-netns basis.  Then, we
      introduced two knobs, tcp_early_demux and udp_early_demux, to switch it for
      TCP/UDP in commit dddb64bc ("net: Add sysctl to toggle early demux for
      tcp and udp").  However, the .proc_handler() was wrong and actually
      disabled us from changing the behaviour in each netns.
      
      We can execute early_demux if net.ipv4.ip_early_demux is on and each proto
      .early_demux() handler is not NULL.  When we toggle (tcp|udp)_early_demux,
      the change itself is saved in each netns variable, but the .early_demux()
      handler is a global variable, so the handler is switched based on the
      init_net's sysctl variable.  Thus, netns (tcp|udp)_early_demux knobs have
      nothing to do with the logic.  Whether we CAN execute proto .early_demux()
      is always decided by init_net's sysctl knob, and whether we DO it or not is
      by each netns ip_early_demux knob.
      
      This patch namespacifies (tcp|udp)_early_demux again.  For now, the users
      of the .early_demux() handler are TCP and UDP only, and they are called
      directly to avoid retpoline.  So, we can remove the .early_demux() handler
      from inet6?_protos and need not dereference them in ip6?_rcv_finish_core().
      If another proto needs .early_demux(), we can restore it at that time.
      
      Fixes: dddb64bc ("net: Add sysctl to toggle early demux for tcp and udp")
      Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Link: https://lore.kernel.org/r/20220713175207.7727-1-kuniyu@amazon.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      11052589
  3. 15 Jul, 2022 22 commits
  4. 14 Jul, 2022 9 commits
    • Nathan Chancellor's avatar
      x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current · db886979
      Nathan Chancellor authored
      Clang warns:
      
        arch/x86/kernel/cpu/bugs.c:58:21: error: section attribute is specified on redeclared variable [-Werror,-Wsection]
        DEFINE_PER_CPU(u64, x86_spec_ctrl_current);
                            ^
        arch/x86/include/asm/nospec-branch.h:283:12: note: previous declaration is here
        extern u64 x86_spec_ctrl_current;
                   ^
        1 error generated.
      
      The declaration should be using DECLARE_PER_CPU instead so all
      attributes stay in sync.
      
      Cc: stable@vger.kernel.org
      Fixes: fc02735b ("KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS")
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Signed-off-by: default avatarNathan Chancellor <nathan@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      db886979
    • Linus Torvalds's avatar
      Merge tag 'net-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 9bd572ec
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from netfilter, bpf and wireless.
      
        Still no major regressions, the release continues to be calm. An
        uptick of fixes this time around due to trivial data race fixes and
        patches flowing down from subtrees.
      
        There has been a few driver fixes (particularly a few fixes for false
        positives due to 66e4c8d9 which went into -next in May!) that make
        me worry the wide testing is not exactly fully through.
      
        So "calm" but not "let's just cut the final ASAP" vibes over here.
      
        Current release - regressions:
      
         - wifi: rtw88: fix write to const table of channel parameters
      
        Current release - new code bugs:
      
         - mac80211: add gfp_t arg to ieeee80211_obss_color_collision_notify
      
         - mlx5:
            - TC, allow offload from uplink to other PF's VF
            - Lag, decouple FDB selection and shared FDB
            - Lag, correct get the port select mode str
      
         - bnxt_en: fix and simplify XDP transmit path
      
         - r8152: fix accessing unset transport header
      
        Previous releases - regressions:
      
         - conntrack: fix crash due to confirmed bit load reordering (after
           atomic -> refcount conversion)
      
         - stmmac: dwc-qos: disable split header for Tegra194
      
        Previous releases - always broken:
      
         - mlx5e: ring the TX doorbell on DMA errors
      
         - bpf: make sure mac_header was set before using it
      
         - mac80211: do not wake queues on a vif that is being stopped
      
         - mac80211: fix queue selection for mesh/OCB interfaces
      
         - ip: fix dflt addr selection for connected nexthop
      
         - seg6: fix skb checksums for SRH encapsulation/insertion
      
         - xdp: fix spurious packet loss in generic XDP TX path
      
         - bunch of sysctl data race fixes
      
         - nf_log: incorrect offset to network header
      
        Misc:
      
         - bpf: add flags arg to bpf_dynptr_read and bpf_dynptr_write APIs"
      
      * tag 'net-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (87 commits)
        nfp: flower: configure tunnel neighbour on cmsg rx
        net/tls: Check for errors in tls_device_init
        MAINTAINERS: Add an additional maintainer to the AMD XGBE driver
        xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
        selftests/net: test nexthop without gw
        ip: fix dflt addr selection for connected nexthop
        net: atlantic: remove aq_nic_deinit() when resume
        net: atlantic: remove deep parameter on suspend/resume functions
        sfc: fix kernel panic when creating VF
        seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
        seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
        seg6: fix skb checksum evaluation in SRH encapsulation/insertion
        sfc: fix use after free when disabling sriov
        net: sunhme: output link status with a single print.
        r8152: fix accessing unset transport header
        net: stmmac: fix leaks in probe
        net: ftgmac100: Hold reference returned by of_get_child_by_name()
        nexthop: Fix data-races around nexthop_compat_mode.
        ipv4: Fix data-races around sysctl_ip_dynaddr.
        tcp: Fix a data-race around sysctl_tcp_ecn_fallback.
        ...
      9bd572ec
    • Linus Torvalds's avatar
      Merge tag '5.19-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 · f41d5df5
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Three smb3 client fixes:
      
         - two multichannel fixes: fix a potential deadlock freeing a channel,
           and fix a race condition on failed creation of a new channel
      
         - mount failure fix: work around a server bug in some common older
           Samba servers by avoiding padding at the end of the negotiate
           protocol request"
      
      * tag '5.19-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: workaround negprot bug in some Samba servers
        cifs: remove unnecessary locking of chan_lock while freeing session
        cifs: fix race condition with delayed threads
      f41d5df5
    • Linus Torvalds's avatar
      Merge tag 'nfsd-5.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux · a24a6c05
      Linus Torvalds authored
      Pull nfsd fixes from Chuck Lever:
       "Notable regression fixes:
      
         - Enable SETATTR(time_create) to fix regression with Mac OS clients
      
         - Fix a lockd crasher and broken NLM UNLCK behavior"
      
      * tag 'nfsd-5.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
        lockd: fix nlm_close_files
        lockd: set fl_owner when unlocking files
        NFSD: Decode NFSv4 birth time attribute
      a24a6c05
    • Linus Torvalds's avatar
      Merge tag 'integrity-v5.19-fix' of... · 4adfa865
      Linus Torvalds authored
      Merge tag 'integrity-v5.19-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
      
      Pull integrity fixes from Mimi Zohar:
       "Here are a number of fixes for recently found bugs.
      
        Only 'ima: fix violation measurement list record' was introduced in
        the current release. The rest address existing bugs"
      
      * tag 'integrity-v5.19-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
        ima: Fix potential memory leak in ima_init_crypto()
        ima: force signature verification when CONFIG_KEXEC_SIG is configured
        ima: Fix a potential integer overflow in ima_appraise_measurement
        ima: fix violation measurement list record
        Revert "evm: Fix memleak in init_desc"
      4adfa865
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm · 2eb5866c
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
      
       - quieten the spectre-bhb prints
      
       - mark flattened device tree sections as shareable
      
       - remove some obsolete CPU domain code and help text
      
       - fix thumb unaligned access abort emulation
      
       - fix amba_device_add() refcount underflow
      
       - fix literal placement
      
      * tag 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 9208/1: entry: add .ltorg directive to keep literals in range
        ARM: 9207/1: amba: fix refcount underflow if amba_device_add() fails
        ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
        ARM: 9213/1: Print message about disabled Spectre workarounds only once
        ARM: 9212/1: domain: Modify Kconfig help text
        ARM: 9211/1: domain: drop modify_domain()
        ARM: 9210/1: Mark the FDT_FIXED sections as shareable
        ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
      2eb5866c
    • Guenter Roeck's avatar
      um: Replace to_phys() and to_virt() with less generic function names · 097da1a4
      Guenter Roeck authored
      The UML function names to_virt() and to_phys() are exposed by UML
      headers, and are very generic and may be defined by drivers.  As it
      turns out, commit 9409c9b6 ("pmem: refactor pmem_clear_poison()")
      did exactly that.
      
      This results in build errors such as the following when trying to build
      um:allmodconfig:
      
        drivers/nvdimm/pmem.c: In function ‘pmem_dax_zero_page_range’:
        ./arch/um/include/asm/page.h:105:20: error: too few arguments to function ‘to_phys’
          105 | #define __pa(virt) to_phys((void *) (unsigned long) (virt))
              |                    ^~~~~~~
      
      Use less generic function names for the um specific to_phys() and
      to_virt() functions to fix the problem and to avoid similar problems in
      the future.
      
      Fixes: 9409c9b6 ("pmem: refactor pmem_clear_poison()")
      Cc: Dan Williams <dan.j.williams@intel.com>
      Cc: Christoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      097da1a4
    • Linus Torvalds's avatar
      Merge tag 'sound-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · c4634a3c
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "Hopefully the last one for 5.19. This became bigger than wished, but
        all changes are pretty device-specific small fixes, which look less
        worrisome.
      
        The majority of changes are about various ASoC fixes, while the usual
        HD-audio quirks are included as well"
      
      * tag 'sound-5.19-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (28 commits)
        ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
        ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
        ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
        ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
        ALSA: hda - Add fixup for Dell Latitidue E5430
        ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
        ALSA: hda/realtek: Fix headset mic for Acer SF313-51
        ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
        ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks()
        ASoC: rt5640: Fix the wrong state of JD1 and JD2
        ASoC: Intel: sof_rt5682: fix out-of-bounds array access
        ASoC: qdsp6: fix potential memory leak in q6apm_get_audioreach_graph()
        ASoC: tas2764: Fix amp gain register offset & default
        ASoC: tas2764: Correct playback volume range
        ASoC: tas2764: Fix and extend FSYNC polarity handling
        ASoC: tas2764: Add post reset delays
        ASoC: dt-bindings: Fix description for msm8916
        ASoC: doc: Capitalize RESET line name
        ASoC: arizona: Update arizona_aif_cfg_changed to use RX_BCLK_RATE
        ASoC: cs47l92: Fix event generation for OUT1 demux
        ...
      c4634a3c
    • Tianyu Yuan's avatar
      nfp: flower: configure tunnel neighbour on cmsg rx · 656bd03a
      Tianyu Yuan authored
      nfp_tun_write_neigh() function will configure a tunnel neighbour when
      calling nfp_tun_neigh_event_handler() or nfp_flower_cmsg_process_one_rx()
      (with no tunnel neighbour type) from firmware.
      
      When configuring IP on physical port as a tunnel endpoint, no operation
      will be performed after receiving the cmsg mentioned above.
      
      Therefore, add a progress to configure tunnel neighbour in this case.
      
      v2: Correct format of fixes tag.
      
      Fixes: f1df7956 ("nfp: flower: rework tunnel neighbour configuration")
      Signed-off-by: default avatarTianyu Yuan <tianyu.yuan@corigine.com>
      Reviewed-by: default avatarLouis Peens <louis.peens@corigine.com>
      Reviewed-by: default avatarBaowen Zheng <baowen.zheng@corigine.com>
      Signed-off-by: default avatarSimon Horman <simon.horman@corigine.com>
      Link: https://lore.kernel.org/r/20220714081915.148378-1-simon.horman@corigine.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      656bd03a