mirror of
https://github.com/torvalds/linux.git
synced 2024-12-04 10:01:41 +00:00
9199b915e9
1275531 Commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
Jianbo Liu
|
9199b915e9 |
xfrm: fix netdev reference count imbalance
In cited commit, netdev_tracker_alloc() is called for the newly
allocated xfrm state, but dev_hold() is missed, which causes netdev
reference count imbalance, because netdev_put() is called when the
state is freed in xfrm_dev_state_free(). Fix the issue by replacing
netdev_tracker_alloc() with netdev_hold().
Fixes:
|
||
Steffen Klassert
|
2d5317753e |
xfrm: Export symbol xfrm_dev_state_delete.
This fixes a build failure if xfrm_user is build as a module.
Fixes:
|
||
Steffen Klassert
|
07b87f9eea |
xfrm: Fix unregister netdevice hang on hardware offload.
When offloading xfrm states to hardware, the offloading
device is attached to the skbs secpath. If a skb is free
is deferred, an unregister netdevice hangs because the
netdevice is still refcounted.
Fix this by removing the netdevice from the xfrm states
when the netdevice is unregistered. To find all xfrm states
that need to be cleared we add another list where skbs
linked to that are unlinked from the lists (deleted)
but not yet freed.
Fixes:
|
||
Antony Antony
|
15f5fe9e84 |
xfrm: Log input direction mismatch error in one place
Previously, the offload data path decrypted the packet before checking
the direction, leading to error logging and packet dropping. However,
dropped packets wouldn't be visible in tcpdump or audit log.
With this fix, the offload path, upon noticing SA direction mismatch,
will pass the packet to the stack without decrypting it. The L3 layer
will then log the error, audit, and drop ESP without decrypting or
decapsulating it.
This also ensures that the slow path records the error and audit log,
making dropped packets visible in tcpdump.
Fixes:
|
||
Antony Antony
|
54fcc6189d |
xfrm: Fix input error path memory access
When there is a misconfiguration of input state slow path
KASAN report error. Fix this error.
west login:
[ 52.987278] eth1: renamed from veth11
[ 53.078814] eth1: renamed from veth21
[ 53.181355] eth1: renamed from veth31
[ 54.921702] ==================================================================
[ 54.922602] BUG: KASAN: wild-memory-access in xfrmi_rcv_cb+0x2d/0x295
[ 54.923393] Read of size 8 at addr 6b6b6b6b00000000 by task ping/512
[ 54.924169]
[ 54.924386] CPU: 0 PID: 512 Comm: ping Not tainted 6.9.0-08574-gcd29a4313a1b #25
[ 54.925290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 54.926401] Call Trace:
[ 54.926731] <IRQ>
[ 54.927009] dump_stack_lvl+0x2a/0x3b
[ 54.927478] kasan_report+0x84/0xa6
[ 54.927930] ? xfrmi_rcv_cb+0x2d/0x295
[ 54.928410] xfrmi_rcv_cb+0x2d/0x295
[ 54.928872] ? xfrm4_rcv_cb+0x3d/0x5e
[ 54.929354] xfrm4_rcv_cb+0x46/0x5e
[ 54.929804] xfrm_rcv_cb+0x7e/0xa1
[ 54.930240] xfrm_input+0x1b3a/0x1b96
[ 54.930715] ? xfrm_offload+0x41/0x41
[ 54.931182] ? raw_rcv+0x292/0x292
[ 54.931617] ? nf_conntrack_confirm+0xa2/0xa2
[ 54.932158] ? skb_sec_path+0xd/0x3f
[ 54.932610] ? xfrmi_input+0x90/0xce
[ 54.933066] xfrm4_esp_rcv+0x33/0x54
[ 54.933521] ip_protocol_deliver_rcu+0xd7/0x1b2
[ 54.934089] ip_local_deliver_finish+0x110/0x120
[ 54.934659] ? ip_protocol_deliver_rcu+0x1b2/0x1b2
[ 54.935248] NF_HOOK.constprop.0+0xf8/0x138
[ 54.935767] ? ip_sublist_rcv_finish+0x68/0x68
[ 54.936317] ? secure_tcpv6_ts_off+0x23/0x168
[ 54.936859] ? ip_protocol_deliver_rcu+0x1b2/0x1b2
[ 54.937454] ? __xfrm_policy_check2.constprop.0+0x18d/0x18d
[ 54.938135] NF_HOOK.constprop.0+0xf8/0x138
[ 54.938663] ? ip_sublist_rcv_finish+0x68/0x68
[ 54.939220] ? __xfrm_policy_check2.constprop.0+0x18d/0x18d
[ 54.939904] ? ip_local_deliver_finish+0x120/0x120
[ 54.940497] __netif_receive_skb_one_core+0xc9/0x107
[ 54.941121] ? __netif_receive_skb_list_core+0x1c2/0x1c2
[ 54.941771] ? blk_mq_start_stopped_hw_queues+0xc7/0xf9
[ 54.942413] ? blk_mq_start_stopped_hw_queue+0x38/0x38
[ 54.943044] ? virtqueue_get_buf_ctx+0x295/0x46b
[ 54.943618] process_backlog+0xb3/0x187
[ 54.944102] __napi_poll.constprop.0+0x57/0x1a7
[ 54.944669] net_rx_action+0x1cb/0x380
[ 54.945150] ? __napi_poll.constprop.0+0x1a7/0x1a7
[ 54.945744] ? vring_new_virtqueue+0x17a/0x17a
[ 54.946300] ? note_interrupt+0x2cd/0x367
[ 54.946805] handle_softirqs+0x13c/0x2c9
[ 54.947300] do_softirq+0x5f/0x7d
[ 54.947727] </IRQ>
[ 54.948014] <TASK>
[ 54.948300] __local_bh_enable_ip+0x48/0x62
[ 54.948832] __neigh_event_send+0x3fd/0x4ca
[ 54.949361] neigh_resolve_output+0x1e/0x210
[ 54.949896] ip_finish_output2+0x4bf/0x4f0
[ 54.950410] ? __ip_finish_output+0x171/0x1b8
[ 54.950956] ip_send_skb+0x25/0x57
[ 54.951390] raw_sendmsg+0xf95/0x10c0
[ 54.951850] ? check_new_pages+0x45/0x71
[ 54.952343] ? raw_hash_sk+0x21b/0x21b
[ 54.952815] ? kernel_init_pages+0x42/0x51
[ 54.953337] ? prep_new_page+0x44/0x51
[ 54.953811] ? get_page_from_freelist+0x72b/0x915
[ 54.954390] ? signal_pending_state+0x77/0x77
[ 54.954936] ? preempt_count_sub+0x14/0xb3
[ 54.955450] ? __might_resched+0x8a/0x240
[ 54.955951] ? __might_sleep+0x25/0xa0
[ 54.956424] ? first_zones_zonelist+0x2c/0x43
[ 54.956977] ? __rcu_read_lock+0x2d/0x3a
[ 54.957476] ? __pte_offset_map+0x32/0xa4
[ 54.957980] ? __might_resched+0x8a/0x240
[ 54.958483] ? __might_sleep+0x25/0xa0
[ 54.958963] ? inet_send_prepare+0x54/0x54
[ 54.959478] ? sock_sendmsg_nosec+0x42/0x6c
[ 54.960000] sock_sendmsg_nosec+0x42/0x6c
[ 54.960502] __sys_sendto+0x15d/0x1cc
[ 54.960966] ? __x64_sys_getpeername+0x44/0x44
[ 54.961522] ? __handle_mm_fault+0x679/0xae4
[ 54.962068] ? find_vma+0x6b/0x8b
[ 54.962497] ? find_vma_intersection+0x8a/0x8a
[ 54.963052] ? handle_mm_fault+0x38/0x154
[ 54.963556] ? handle_mm_fault+0xeb/0x154
[ 54.964059] ? preempt_latency_start+0x29/0x34
[ 54.964613] ? preempt_count_sub+0x14/0xb3
[ 54.965141] ? up_read+0x4b/0x5c
[ 54.965557] __x64_sys_sendto+0x76/0x82
[ 54.966041] do_syscall_64+0x69/0xd5
[ 54.966497] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 54.967119] RIP: 0033:0x7f2d2fec9a73
[ 54.967572] Code: 8b 15 a9 83 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 80 3d 71 0b 0d 00 00 41 89 ca 74 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 55 48 83 ec 30 44 89 4c 24
[ 54.969747] RSP: 002b:00007ffe85756418 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[ 54.970655] RAX: ffffffffffffffda RBX: 0000558bebad1340 RCX: 00007f2d2fec9a73
[ 54.971511] RDX: 0000000000000040 RSI: 0000558bebad73c0 RDI: 0000000000000003
[ 54.972366] RBP: 0000558bebad73c0 R08: 0000558bebad35c0 R09: 0000000000000010
[ 54.973234] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000040
[ 54.974091] R13: 00007ffe85757b00 R14: 0000001d00000001 R15: 0000558bebad4680
[ 54.974951] </TASK>
[ 54.975244] ==================================================================
[ 54.976133] Disabling lock debugging due to kernel taint
[ 54.976784] Oops: stack segment: 0000 [#1] PREEMPT DEBUG_PAGEALLOC KASAN
[ 54.977603] CPU: 0 PID: 512 Comm: ping Tainted: G B 6.9.0-08574-gcd29a4313a1b #25
[ 54.978654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 54.979750] RIP: 0010:xfrmi_rcv_cb+0x2d/0x295
[ 54.980293] Code: 00 00 41 57 41 56 41 89 f6 41 55 41 54 55 53 48 89 fb 51 85 f6 75 31 48 89 df e8 d7 e8 ff ff 48 89 c5 48 89 c7 e8 8b a4 4f ff <48> 8b 7d 00 48 89 ee e8 eb f3 ff ff 49 89 c5 b8 01 00 00 00 4d 85
[ 54.982462] RSP: 0018:ffffc90000007990 EFLAGS: 00010282
[ 54.983099] RAX: 0000000000000001 RBX: ffff8881126e9900 RCX: fffffbfff07b77cd
[ 54.983948] RDX: fffffbfff07b77cd RSI: fffffbfff07b77cd RDI: ffffffff83dbbe60
[ 54.984794] RBP: 6b6b6b6b00000000 R08: 0000000000000008 R09: 0000000000000001
[ 54.985647] R10: ffffffff83dbbe67 R11: fffffbfff07b77cc R12: 00000000ffffffff
[ 54.986512] R13: 00000000ffffffff R14: 00000000ffffffff R15: 0000000000000002
[ 54.987365] FS: 00007f2d2fc0dc40(0000) GS:ffffffff82eb2000(0000) knlGS:0000000000000000
[ 54.988329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 54.989026] CR2: 00007ffe85755ff8 CR3: 0000000109941000 CR4: 0000000000350ef0
[ 54.989897] Call Trace:
[ 54.990223] <IRQ>
[ 54.990500] ? __die_body+0x1a/0x56
[ 54.990950] ? die+0x30/0x49
[ 54.991326] ? do_trap+0x9b/0x132
[ 54.991751] ? do_error_trap+0x7d/0xaf
[ 54.992223] ? exc_stack_segment+0x35/0x45
[ 54.992734] ? asm_exc_stack_segment+0x22/0x30
[ 54.993294] ? xfrmi_rcv_cb+0x2d/0x295
[ 54.993764] ? xfrm4_rcv_cb+0x3d/0x5e
[ 54.994228] xfrm4_rcv_cb+0x46/0x5e
[ 54.994670] xfrm_rcv_cb+0x7e/0xa1
[ 54.995106] xfrm_input+0x1b3a/0x1b96
[ 54.995572] ? xfrm_offload+0x41/0x41
[ 54.996038] ? raw_rcv+0x292/0x292
[ 54.996472] ? nf_conntrack_confirm+0xa2/0xa2
[ 54.997011] ? skb_sec_path+0xd/0x3f
[ 54.997466] ? xfrmi_input+0x90/0xce
[ 54.997925] xfrm4_esp_rcv+0x33/0x54
[ 54.998378] ip_protocol_deliver_rcu+0xd7/0x1b2
[ 54.998944] ip_local_deliver_finish+0x110/0x120
[ 54.999520] ? ip_protocol_deliver_rcu+0x1b2/0x1b2
[ 55.000111] NF_HOOK.constprop.0+0xf8/0x138
[ 55.000630] ? ip_sublist_rcv_finish+0x68/0x68
[ 55.001195] ? secure_tcpv6_ts_off+0x23/0x168
[ 55.001743] ? ip_protocol_deliver_rcu+0x1b2/0x1b2
[ 55.002331] ? __xfrm_policy_check2.constprop.0+0x18d/0x18d
[ 55.003008] NF_HOOK.constprop.0+0xf8/0x138
[ 55.003527] ? ip_sublist_rcv_finish+0x68/0x68
[ 55.004078] ? __xfrm_policy_check2.constprop.0+0x18d/0x18d
[ 55.004755] ? ip_local_deliver_finish+0x120/0x120
[ 55.005351] __netif_receive_skb_one_core+0xc9/0x107
[ 55.005972] ? __netif_receive_skb_list_core+0x1c2/0x1c2
[ 55.006626] ? blk_mq_start_stopped_hw_queues+0xc7/0xf9
[ 55.007266] ? blk_mq_start_stopped_hw_queue+0x38/0x38
[ 55.007899] ? virtqueue_get_buf_ctx+0x295/0x46b
[ 55.008476] process_backlog+0xb3/0x187
[ 55.008961] __napi_poll.constprop.0+0x57/0x1a7
[ 55.009540] net_rx_action+0x1cb/0x380
[ 55.010020] ? __napi_poll.constprop.0+0x1a7/0x1a7
[ 55.010610] ? vring_new_virtqueue+0x17a/0x17a
[ 55.011173] ? note_interrupt+0x2cd/0x367
[ 55.011675] handle_softirqs+0x13c/0x2c9
[ 55.012169] do_softirq+0x5f/0x7d
[ 55.012597] </IRQ>
[ 55.012882] <TASK>
[ 55.013179] __local_bh_enable_ip+0x48/0x62
[ 55.013704] __neigh_event_send+0x3fd/0x4ca
[ 55.014227] neigh_resolve_output+0x1e/0x210
[ 55.014761] ip_finish_output2+0x4bf/0x4f0
[ 55.015278] ? __ip_finish_output+0x171/0x1b8
[ 55.015823] ip_send_skb+0x25/0x57
[ 55.016261] raw_sendmsg+0xf95/0x10c0
[ 55.016729] ? check_new_pages+0x45/0x71
[ 55.017229] ? raw_hash_sk+0x21b/0x21b
[ 55.017708] ? kernel_init_pages+0x42/0x51
[ 55.018225] ? prep_new_page+0x44/0x51
[ 55.018704] ? get_page_from_freelist+0x72b/0x915
[ 55.019292] ? signal_pending_state+0x77/0x77
[ 55.019840] ? preempt_count_sub+0x14/0xb3
[ 55.020357] ? __might_resched+0x8a/0x240
[ 55.020860] ? __might_sleep+0x25/0xa0
[ 55.021345] ? first_zones_zonelist+0x2c/0x43
[ 55.021896] ? __rcu_read_lock+0x2d/0x3a
[ 55.022396] ? __pte_offset_map+0x32/0xa4
[ 55.022901] ? __might_resched+0x8a/0x240
[ 55.023404] ? __might_sleep+0x25/0xa0
[ 55.023879] ? inet_send_prepare+0x54/0x54
[ 55.024391] ? sock_sendmsg_nosec+0x42/0x6c
[ 55.024918] sock_sendmsg_nosec+0x42/0x6c
[ 55.025428] __sys_sendto+0x15d/0x1cc
[ 55.025892] ? __x64_sys_getpeername+0x44/0x44
[ 55.026441] ? __handle_mm_fault+0x679/0xae4
[ 55.026988] ? find_vma+0x6b/0x8b
[ 55.027414] ? find_vma_intersection+0x8a/0x8a
[ 55.027966] ? handle_mm_fault+0x38/0x154
[ 55.028470] ? handle_mm_fault+0xeb/0x154
[ 55.028972] ? preempt_latency_start+0x29/0x34
[ 55.029532] ? preempt_count_sub+0x14/0xb3
[ 55.030047] ? up_read+0x4b/0x5c
[ 55.030463] __x64_sys_sendto+0x76/0x82
[ 55.030949] do_syscall_64+0x69/0xd5
[ 55.031406] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 55.032028] RIP: 0033:0x7f2d2fec9a73
[ 55.032481] Code: 8b 15 a9 83 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 80 3d 71 0b 0d 00 00 41 89 ca 74 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 55 48 83 ec 30 44 89 4c 24
[ 55.034660] RSP: 002b:00007ffe85756418 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[ 55.035567] RAX: ffffffffffffffda RBX: 0000558bebad1340 RCX: 00007f2d2fec9a73
[ 55.036424] RDX: 0000000000000040 RSI: 0000558bebad73c0 RDI: 0000000000000003
[ 55.037293] RBP: 0000558bebad73c0 R08: 0000558bebad35c0 R09: 0000000000000010
[ 55.038153] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000040
[ 55.039012] R13: 00007ffe85757b00 R14: 0000001d00000001 R15: 0000558bebad4680
[ 55.039871] </TASK>
[ 55.040167] Modules linked in:
[ 55.040585] ---[ end trace 0000000000000000 ]---
[ 55.041164] RIP: 0010:xfrmi_rcv_cb+0x2d/0x295
[ 55.041714] Code: 00 00 41 57 41 56 41 89 f6 41 55 41 54 55 53 48 89 fb 51 85 f6 75 31 48 89 df e8 d7 e8 ff ff 48 89 c5 48 89 c7 e8 8b a4 4f ff <48> 8b 7d 00 48 89 ee e8 eb f3 ff ff 49 89 c5 b8 01 00 00 00 4d 85
[ 55.043889] RSP: 0018:ffffc90000007990 EFLAGS: 00010282
[ 55.044528] RAX: 0000000000000001 RBX: ffff8881126e9900 RCX: fffffbfff07b77cd
[ 55.045386] RDX: fffffbfff07b77cd RSI: fffffbfff07b77cd RDI: ffffffff83dbbe60
[ 55.046250] RBP: 6b6b6b6b00000000 R08: 0000000000000008 R09: 0000000000000001
[ 55.047104] R10: ffffffff83dbbe67 R11: fffffbfff07b77cc R12: 00000000ffffffff
[ 55.047960] R13: 00000000ffffffff R14: 00000000ffffffff R15: 0000000000000002
[ 55.048820] FS: 00007f2d2fc0dc40(0000) GS:ffffffff82eb2000(0000) knlGS:0000000000000000
[ 55.049805] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.050507] CR2: 00007ffe85755ff8 CR3: 0000000109941000 CR4: 0000000000350ef0
[ 55.051366] Kernel panic - not syncing: Fatal exception in interrupt
[ 55.052136] Kernel Offset: disabled
[ 55.052577] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
Fixes:
|
||
Hagar Hemdan
|
96f887a612 |
net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP
xmit() functions should consume skb or return error codes in error
paths.
When the configuration "CONFIG_INET_ESPINTCP" is not set, the
implementation of the function "esp_output_tail_tcp" violates this rule.
The function frees the skb and returns the error code.
This change removes the kfree_skb from both functions, for both
esp4 and esp6.
WARN_ON is added because esp_output_tail_tcp() should never be called if
CONFIG_INET_ESPINTCP is not set.
This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.
Fixes:
|
||
Souradeep Chakrabarti
|
9c91c7fadb |
net: mana: Fix the extra HZ in mana_hwc_send_request
Commit |
||
Horatiu Vultur
|
eda40be3a5 |
net: lan966x: Remove ptp traps in case the ptp is not enabled.
Lan966x is adding ptp traps to redirect the ptp frames to the CPU such
that the HW will not forward these frames anywhere. The issue is that in
case ptp is not enabled and the timestamping source is et to
HWTSTAMP_SOURCE_NETDEV then these traps would not be removed on the
error path.
Fix this by removing the traps in this case as they are not needed.
Fixes:
|
||
Aaron Conole
|
30a92c9e3d |
openvswitch: Set the skbuff pkt_type for proper pmtud support.
Open vSwitch is originally intended to switch at layer 2, only dealing with
Ethernet frames. With the introduction of l3 tunnels support, it crossed
into the realm of needing to care a bit about some routing details when
making forwarding decisions. If an oversized packet would need to be
fragmented during this forwarding decision, there is a chance for pmtu
to get involved and generate a routing exception. This is gated by the
skbuff->pkt_type field.
When a flow is already loaded into the openvswitch module this field is
set up and transitioned properly as a packet moves from one port to
another. In the case that a packet execute is invoked after a flow is
newly installed this field is not properly initialized. This causes the
pmtud mechanism to omit sending the required exception messages across
the tunnel boundary and a second attempt needs to be made to make sure
that the routing exception is properly setup. To fix this, we set the
outgoing packet's pkt_type to PACKET_OUTGOING, since it can only get
to the openvswitch module via a port device or packet command.
Even for bridge ports as users, the pkt_type needs to be reset when
doing the transmit as the packet is truly outgoing and routing needs
to get involved post packet transformations, in the case of
VXLAN/GENEVE/udp-tunnel packets. In general, the pkt_type on output
gets ignored, since we go straight to the driver, but in the case of
tunnel ports they go through IP routing layer.
This issue is periodically encountered in complex setups, such as large
openshift deployments, where multiple sets of tunnel traversal occurs.
A way to recreate this is with the ovn-heater project that can setup
a networking environment which mimics such large deployments. We need
larger environments for this because we need to ensure that flow
misses occur. In these environment, without this patch, we can see:
./ovn_cluster.sh start
podman exec ovn-chassis-1 ip r a 170.168.0.5/32 dev eth1 mtu 1200
podman exec ovn-chassis-1 ip netns exec sw01p1 ip r flush cache
podman exec ovn-chassis-1 ip netns exec sw01p1 \
ping 21.0.0.3 -M do -s 1300 -c2
PING 21.0.0.3 (21.0.0.3) 1300(1328) bytes of data.
From 21.0.0.3 icmp_seq=2 Frag needed and DF set (mtu = 1142)
--- 21.0.0.3 ping statistics ---
...
Using tcpdump, we can also see the expected ICMP FRAG_NEEDED message is not
sent into the server.
With this patch, setting the pkt_type, we see the following:
podman exec ovn-chassis-1 ip netns exec sw01p1 \
ping 21.0.0.3 -M do -s 1300 -c2
PING 21.0.0.3 (21.0.0.3) 1300(1328) bytes of data.
From 21.0.0.3 icmp_seq=1 Frag needed and DF set (mtu = 1222)
ping: local error: message too long, mtu=1222
--- 21.0.0.3 ping statistics ---
...
In this case, the first ping request receives the FRAG_NEEDED message and
a local routing exception is created.
Tested-by: Jaime Caamano <jcaamano@redhat.com>
Reported-at: https://issues.redhat.com/browse/FDP-164
Fixes:
|
||
Paolo Abeni
|
580acf6cd8 |
Merge branch 'af_unix-fix-gc-and-improve-selftest'
Michal Luczaj says: ==================== af_unix: Fix GC and improve selftest Series deals with AF_UNIX garbage collector mishandling some in-flight graph cycles. Embryos carrying OOB packets with SCM_RIGHTS cause issues. Patch 1/2 fixes the memory leak. Patch 2/2 tweaks the selftest for a better OOB coverage. v3: - Patch 1/2: correct the commit message (Kuniyuki) v2: https://lore.kernel.org/netdev/20240516145457.1206847-1-mhal@rbox.co/ - Patch 1/2: remove WARN_ON_ONCE() (Kuniyuki) - Combine both patches into a series (Kuniyuki) v1: https://lore.kernel.org/netdev/20240516103049.1132040-1-mhal@rbox.co/ ==================== Link: https://lore.kernel.org/r/20240517093138.1436323-1-mhal@rbox.co Signed-off-by: Paolo Abeni <pabeni@redhat.com> |
||
Kuniyuki Iwashima
|
e060e433e5 |
selftest: af_unix: Make SCM_RIGHTS into OOB data.
scm_rights.c covers various test cases for inflight file descriptors and garbage collector for AF_UNIX sockets. Currently, SCM_RIGHTS messages are sent with 3-bytes string, and it's not good for MSG_OOB cases, as SCM_RIGTS cmsg goes with the first 2-bytes, which is non-OOB data. Let's send SCM_RIGHTS messages with 1-byte character to pack SCM_RIGHTS into OOB data. Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> Signed-off-by: Michal Luczaj <mhal@rbox.co> Signed-off-by: Paolo Abeni <pabeni@redhat.com> |
||
Michal Luczaj
|
041933a1ec |
af_unix: Fix garbage collection of embryos carrying OOB with SCM_RIGHTS
GC attempts to explicitly drop oob_skb's reference before purging the hit
list.
The problem is with embryos: kfree_skb(u->oob_skb) is never called on an
embryo socket.
The python script below [0] sends a listener's fd to its embryo as OOB
data. While GC does collect the embryo's queue, it fails to drop the OOB
skb's refcount. The skb which was in embryo's receive queue stays as
unix_sk(sk)->oob_skb and keeps the listener's refcount [1].
Tell GC to dispose embryo's oob_skb.
[0]:
from array import array
from socket import *
addr = '\x00unix-oob'
lis = socket(AF_UNIX, SOCK_STREAM)
lis.bind(addr)
lis.listen(1)
s = socket(AF_UNIX, SOCK_STREAM)
s.connect(addr)
scm = (SOL_SOCKET, SCM_RIGHTS, array('i', [lis.fileno()]))
s.sendmsg([b'x'], [scm], MSG_OOB)
lis.close()
[1]
$ grep unix-oob /proc/net/unix
$ ./unix-oob.py
$ grep unix-oob /proc/net/unix
0000000000000000: 00000002 00000000 00000000 0001 02 0 @unix-oob
0000000000000000: 00000002 00000000 00010000 0001 01 6072 @unix-oob
Fixes:
|
||
Kuniyuki Iwashima
|
3ebc46ca86 |
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
In dctcp_update_alpha(), we use a module parameter dctcp_shift_g
as follows:
alpha -= min_not_zero(alpha, alpha >> dctcp_shift_g);
...
delivered_ce <<= (10 - dctcp_shift_g);
It seems syzkaller started fuzzing module parameters and triggered
shift-out-of-bounds [0] by setting 100 to dctcp_shift_g:
memcpy((void*)0x20000080,
"/sys/module/tcp_dctcp/parameters/dctcp_shift_g\000", 47);
res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000080ul,
/*flags=*/2ul, /*mode=*/0ul);
memcpy((void*)0x20000000, "100\000", 4);
syscall(__NR_write, /*fd=*/r[0], /*val=*/0x20000000ul, /*len=*/4ul);
Let's limit the max value of dctcp_shift_g by param_set_uint_minmax().
With this patch:
# echo 10 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g
# cat /sys/module/tcp_dctcp/parameters/dctcp_shift_g
10
# echo 11 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g
-bash: echo: write error: Invalid argument
[0]:
UBSAN: shift-out-of-bounds in net/ipv4/tcp_dctcp.c:143:12
shift exponent 100 is too large for 32-bit type 'u32' (aka 'unsigned int')
CPU: 0 PID: 8083 Comm: syz-executor345 Not tainted 6.9.0-05151-g1b294a1f3561 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x201/0x300 lib/dump_stack.c:114
ubsan_epilogue lib/ubsan.c:231 [inline]
__ubsan_handle_shift_out_of_bounds+0x346/0x3a0 lib/ubsan.c:468
dctcp_update_alpha+0x540/0x570 net/ipv4/tcp_dctcp.c:143
tcp_in_ack_event net/ipv4/tcp_input.c:3802 [inline]
tcp_ack+0x17b1/0x3bc0 net/ipv4/tcp_input.c:3948
tcp_rcv_state_process+0x57a/0x2290 net/ipv4/tcp_input.c:6711
tcp_v4_do_rcv+0x764/0xc40 net/ipv4/tcp_ipv4.c:1937
sk_backlog_rcv include/net/sock.h:1106 [inline]
__release_sock+0x20f/0x350 net/core/sock.c:2983
release_sock+0x61/0x1f0 net/core/sock.c:3549
mptcp_subflow_shutdown+0x3d0/0x620 net/mptcp/protocol.c:2907
mptcp_check_send_data_fin+0x225/0x410 net/mptcp/protocol.c:2976
__mptcp_close+0x238/0xad0 net/mptcp/protocol.c:3072
mptcp_close+0x2a/0x1a0 net/mptcp/protocol.c:3127
inet_release+0x190/0x1f0 net/ipv4/af_inet.c:437
__sock_release net/socket.c:659 [inline]
sock_close+0xc0/0x240 net/socket.c:1421
__fput+0x41b/0x890 fs/file_table.c:422
task_work_run+0x23b/0x300 kernel/task_work.c:180
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0x9c8/0x2540 kernel/exit.c:878
do_group_exit+0x201/0x2b0 kernel/exit.c:1027
__do_sys_exit_group kernel/exit.c:1038 [inline]
__se_sys_exit_group kernel/exit.c:1036 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xe4/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x67/0x6f
RIP: 0033:0x7f6c2b5005b6
Code: Unable to access opcode bytes at 0x7f6c2b50058c.
RSP: 002b:00007ffe883eb948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f6c2b5862f0 RCX: 00007f6c2b5005b6
RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
RBP: 0000000000000001 R08: 00000000000000e7 R09: ffffffffffffffc0
R10: 0000000000000006 R11: 0000000000000246 R12: 00007f6c2b5862f0
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
</TASK>
Reported-by: syzkaller <syzkaller@googlegroups.com>
Reported-by: Yue Sun <samsun1006219@gmail.com>
Reported-by: xingwei lee <xrivendell7@gmail.com>
Closes: https://lore.kernel.org/netdev/CAEkJfYNJM=cw-8x7_Vmj1J6uYVCWMbbvD=EFmDPVBGpTsqOxEA@mail.gmail.com/
Fixes:
|
||
Hangbin Liu
|
ea63ac1429 |
selftests/net: use tc rule to filter the na packet
Test arp_ndisc_untracked_subnets use tcpdump to filter the unsolicited
and untracked na messages. It set -e before calling tcpdump. But if
tcpdump filters 0 packet, it will return none zero, and cause the script
to exit.
Instead of using slow tcpdump to capture packets, let's using tc rule
to filter out the na message.
At the same time, fix function setup_v6 which only needs one parameter.
Move all the related helpers from forwarding lib.sh to net lib.sh.
Fixes:
|
||
Hangbin Liu
|
efb9f4f19f |
ipv6: sr: fix memleak in seg6_hmac_init_algo
seg6_hmac_init_algo returns without cleaning up the previous allocations
if one fails, so it's going to leak all that memory and the crypto tfms.
Update seg6_hmac_exit to only free the memory when allocated, so we can
reuse the code directly.
Fixes:
|
||
Kuniyuki Iwashima
|
9841991a44 |
af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
Billy Jheng Bing-Jhong reported a race between __unix_gc() and
queue_oob().
__unix_gc() tries to garbage-collect close()d inflight sockets,
and then if the socket has MSG_OOB in unix_sk(sk)->oob_skb, GC
will drop the reference and set NULL to it locklessly.
However, the peer socket still can send MSG_OOB message and
queue_oob() can update unix_sk(sk)->oob_skb concurrently, leading
NULL pointer dereference. [0]
To fix the issue, let's update unix_sk(sk)->oob_skb under the
sk_receive_queue's lock and take it everywhere we touch oob_skb.
Note that we defer kfree_skb() in manage_oob() to silence lockdep
false-positive (See [1]).
[0]:
BUG: kernel NULL pointer dereference, address: 0000000000000008
PF: supervisor write access in kernel mode
PF: error_code(0x0002) - not-present page
PGD 8000000009f5e067 P4D 8000000009f5e067 PUD 9f5d067 PMD 0
Oops: 0002 [#1] PREEMPT SMP PTI
CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc5-00191-gd091e579b864 #110
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014
Workqueue: events delayed_fput
RIP: 0010:skb_dequeue (./include/linux/skbuff.h:2386 ./include/linux/skbuff.h:2402 net/core/skbuff.c:3847)
Code: 39 e3 74 3e 8b 43 10 48 89 ef 83 e8 01 89 43 10 49 8b 44 24 08 49 c7 44 24 08 00 00 00 00 49 8b 14 24 49 c7 04 24 00 00 00 00 <48> 89 42 08 48 89 10 e8 e7 c5 42 00 4c 89 e0 5b 5d 41 5c c3 cc cc
RSP: 0018:ffffc900001bfd48 EFLAGS: 00000002
RAX: 0000000000000000 RBX: ffff8880088f5ae8 RCX: 00000000361289f9
RDX: 0000000000000000 RSI: 0000000000000206 RDI: ffff8880088f5b00
RBP: ffff8880088f5b00 R08: 0000000000080000 R09: 0000000000000001
R10: 0000000000000003 R11: 0000000000000001 R12: ffff8880056b6a00
R13: ffff8880088f5280 R14: 0000000000000001 R15: ffff8880088f5a80
FS: 0000000000000000(0000) GS:ffff88807dd80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 0000000006314000 CR4: 00000000007506f0
PKRU: 55555554
Call Trace:
<TASK>
unix_release_sock (net/unix/af_unix.c:654)
unix_release (net/unix/af_unix.c:1050)
__sock_release (net/socket.c:660)
sock_close (net/socket.c:1423)
__fput (fs/file_table.c:423)
delayed_fput (fs/file_table.c:444 (discriminator 3))
process_one_work (kernel/workqueue.c:3259)
worker_thread (kernel/workqueue.c:3329 kernel/workqueue.c:3416)
kthread (kernel/kthread.c:388)
ret_from_fork (arch/x86/kernel/process.c:153)
ret_from_fork_asm (arch/x86/entry/entry_64.S:257)
</TASK>
Modules linked in:
CR2: 0000000000000008
Link: https://lore.kernel.org/netdev/a00d3993-c461-43f2-be6d-07259c98509a@rbox.co/ [1]
Fixes:
|
||
Heiner Kallweit
|
eabb8a9be1 |
Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already"
This reverts commit |
||
Ryosuke Yasuoka
|
e4a87abf58 |
nfc: nci: Fix uninit-value in nci_rx_work
syzbot reported the following uninit-value access issue [1]
nci_rx_work() parses received packet from ndev->rx_q. It should be
validated header size, payload size and total packet size before
processing the packet. If an invalid packet is detected, it should be
silently discarded.
Fixes:
|
||
Taehee Yoo
|
cc563e7498 |
selftests: net: kill smcrouted in the cleanup logic in amt.sh
The amt.sh requires smcrouted for multicasting routing.
So, it starts smcrouted before forwarding tests.
It must be stopped after all tests, but it isn't.
To fix this issue, it kills smcrouted in the cleanup logic.
Fixes:
|
||
Andrea Mayer
|
5447f9708d |
ipv6: sr: fix missing sk_buff release in seg6_input_core
The seg6_input() function is responsible for adding the SRH into a packet, delegating the operation to the seg6_input_core(). This function uses the skb_cow_head() to ensure that there is sufficient headroom in the sk_buff for accommodating the link-layer header. In the event that the skb_cow_header() function fails, the seg6_input_core() catches the error but it does not release the sk_buff, which will result in a memory leak. This issue was introduced in commit |
||
Florian Fainelli
|
b1fa60ec25 |
net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled
Stephen reported that he was unable to get the dsa_loop driver to get
probed, and the reason ended up being because he had CONFIG_FIXED_PHY=y
in his kernel configuration. As Masahiro explained it:
"obj-m += dsa/" means everything under dsa/ must be modular.
If there is a built-in object under dsa/ with CONFIG_NET_DSA=m,
you cannot do "obj-$(CONFIG_NET_DSA) += dsa/".
You need to change it back to "obj-y += dsa/".
This was the case here whereby CONFIG_NET_DSA=m, and so the
obj-$(CONFIG_FIXED_PHY) += dsa_loop_bdinfo.o rule is not executed and
the DSA loop mdio_board info structure is not registered with the
kernel, and eventually the device is simply not found.
To preserve the intention of the original commit of limiting the amount
of folder descending, conditionally descend into drivers/net/dsa when
CONFIG_NET_DSA is enabled.
Fixes:
|
||
Linus Torvalds
|
4b377b4868 |
kprobe/ftrace: fix build error due to bad function definition
Commit |
||
Linus Torvalds
|
f08a1e912d |
Including fix from Andrii for the issue mentioned in our net-next PR,
the rest is unremarkable. Current release - regressions: - virtio_net: fix missed error path rtnl_unlock after control queue locking rework Current release - new code bugs: - bpf: fix KASAN slab-out-of-bounds in percpu_array_map_gen_lookup, caused by missing nested map handling - drv: dsa: correct initialization order for KSZ88x3 ports Previous releases - regressions: - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() fix performance regression - ipv6: fix route deleting failure when metric equals 0, don't assume 0 means not set / default in this case Previous releases - always broken: - bridge: couple of syzbot-driven fixes Signed-off-by: Jakub Kicinski <kuba@kernel.org> -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE6jPA+I1ugmIBA4hXMUZtbf5SIrsFAmZHtJQACgkQMUZtbf5S Irsfyw//ZhCFzvXKLENNalHHMXwq7DsuXe6KWlljEOzLHH0/9QqqNC9ggYKRI5OE unB//YC3sqtAUczQnED+UOh553Pu4Kvq9334LTX5m4HJQTYLLq1aGM/UZplsBTHx 3MsXUApYFth8pqCZvIcKOZcOddeViBfzEQ9jEAsgIyaqFy3XaiH4Zf6pJAAMyUbE 19CRiK/1TYNrX01XPOeV/9vYGj9rzepo6S5zpHKsWsFZArCcRPBsea/KWYYfLjW7 ExA2Cb+eUnPkNL4bTeH6dwgQGVL8Jo/OsKmsa/tdQffnj1pshdePXtP3TBEynMJF jSSwwUMq56yE+uok4karE3wIhciUEYvTwfgt5FErYVqfqDiX1+7AZGtdZVDX/mgH F0etKHDhX9F1zxHVMFwOMA4rLN6cvfpe7Pg+dt4B9E0o18SyNekOM1Ngdu/1ALtd QV41JFHweHInDRrMLdj4aWW4EYPR5SUuvg66Pec4T7x5hAAapzIJySS+RIydC+ND guPztYxO5cn5Q7kug1FyUBSXUXZxuCNRACb6zD4/4wbVRZhz7l3OTcd13QADCiwv Tr61r2bS1Bp/HZ3iIHBY85JnKMvpdwNXN2SPsYQQwVrv9FLj9iskH9kjwqVDG4ja W3ivZZM+CcZbnB81JynK7Ge54PT+SiPy3Nw4RIVxFl1QlzXC21E= =7eys -----END PGP SIGNATURE----- Merge tag 'net-6.10-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net Pull networking fixes from Jakub Kicinski: "Current release - regressions: - virtio_net: fix missed error path rtnl_unlock after control queue locking rework Current release - new code bugs: - bpf: fix KASAN slab-out-of-bounds in percpu_array_map_gen_lookup, caused by missing nested map handling - drv: dsa: correct initialization order for KSZ88x3 ports Previous releases - regressions: - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() fix performance regression - ipv6: fix route deleting failure when metric equals 0, don't assume 0 means not set / default in this case Previous releases - always broken: - bridge: couple of syzbot-driven fixes" * tag 'net-6.10-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (30 commits) selftests: net: local_termination: annotate the expected failures net: dsa: microchip: Correct initialization order for KSZ88x3 ports MAINTAINERS: net: Update reviewers for TI's Ethernet drivers dt-bindings: net: ti: Update maintainers list l2tp: fix ICMP error handling for UDP-encap sockets net: txgbe: fix to control VLAN strip net: wangxun: match VLAN CTAG and STAG features net: wangxun: fix to change Rx features af_packet: do not call packet_read_pending() from tpacket_destruct_skb() virtio_net: Fix missed rtnl_unlock netrom: fix possible dead-lock in nr_rt_ioctl() idpf: don't skip over ethtool tcp-data-split setting dt-bindings: net: qcom: ethernet: Allow dma-coherent bonding: fix oops during rmmod net/ipv6: Fix route deleting failure when metric equals 0 selftests/net: reduce xfrm_policy test time selftests/bpf: Adjust btf_dump test to reflect recent change in file_operations selftests/bpf: Adjust test_access_variable_array after a kernel function name change selftests/net/lib: no need to record ns name if it already exist net: qrtr: ns: Fix module refcnt ... |
||
Linus Torvalds
|
26aa834ff2 |
Specific for timerlat:
- Improves the output of timerlat top by adding a missing \n, and by avoiding printing color-formatting characters where they are translated to regular characters. - Improves timerlat auto-analysis output by replacing '\t' with spaces to avoid copy-and-paste issues when reporting problems. - For timerlat, make the user-space (-u) option the default, as it is the most complete test. Add a -k option to use the in-kernel workload. - On timerlat top and hist, add a summary with the overall results. For instance, the minimum value for all CPUs, the overall average and the maximum value from all CPUs. - timerlat hist was printing initial values (i.e., 0 as max, and ~0 as min) if the trace stopped before the first Ret-User event. This problem was fixed by printing the " - " no value string to the output if that was the case. For all RTLA tools: - Add a --warm-up <seconds> option, allowing the workload to run for <seconds> before starting to collect results. - Add a --trace-buffer-size option, allowing the user to set the tracing buffer size for -t option. This option is mainly useful for reducing the trace file. Now rtla depends on libtracefs >= 1.6. - Fix the -t [trace_file] parsing, now it does not require the '=' before the option parameter, and better handles the multiple ways a user can pass the trace_file.txt -----BEGIN PGP SIGNATURE----- iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZkeciRQccm9zdGVkdEBn b29kbWlzLm9yZwAKCRAp5XQQmuv6qs71AQC48M82m9LPGVt1gg8f3NoChIuo4908 fr+SXq2+Va+18gEAoYJ5G0JuAb7FkHtvpPGB5yQYArTSYJ5LiHrjSXNG1w8= =ZrJJ -----END PGP SIGNATURE----- Merge tag 'trace-tools-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace Pull tracing tool updates from Steven Rostedt: "Specific for timerlat: - Improve the output of timerlat top by adding a missing \n, and by avoiding printing color-formatting characters where they are translated to regular characters. - Improve timerlat auto-analysis output by replacing '\t' with spaces to avoid copy-and-paste issues when reporting problems. - Make the user-space (-u) option the default, as it is the most complete test. Add a -k option to use the in-kernel workload. - On timerlat top and hist, add a summary with the overall results. For instance, the minimum value for all CPUs, the overall average and the maximum value from all CPUs. - timerlat hist was printing initial values (i.e., 0 as max, and ~0 as min) if the trace stopped before the first Ret-User event. This problem was fixed by printing the " - " no value string to the output if that was the case. For all RTLA tools: - Add a --warm-up <seconds> option, allowing the workload to run for <seconds> before starting to collect results. - Add a --trace-buffer-size option, allowing the user to set the tracing buffer size for -t option. This option is mainly useful for reducing the trace file. Now rtla depends on libtracefs >= 1.6. - Fix the -t [trace_file] parsing, now it does not require the '=' before the option parameter, and better handles the multiple ways a user can pass the trace_file.txt" * tag 'trace-tools-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: rtla: Documentation: Fix -t, --trace rtla: Fix -t\--trace[=file] rtla/timerlat: Fix histogram report when a cpu count is 0 rtla: Add --trace-buffer-size option rtla/timerlat: Make user-space threads the default rtla: Add the --warm-up option rtla/timerlat: Add a summary for hist mode rtla/timerlat: Add a summary for top mode rtla/timerlat: Use pretty formatting only on interactive tty rtla/auto-analysis: Replace \t with spaces rtla/timerlat: Simplify "no value" printing on top |
||
Linus Torvalds
|
fa3889d970 |
user-event updates for v6.10:
- Minor update to the user_events interface The ABI of creating a user event states that the fields are separated by semicolons, and spaces should be ignored. But the parsing expected at least one space to be there (which was incorrect). Fix the reading of the string to handle fields separated by semicolons but no space between them. This does extend the API sightly as now "field;field" will now be parsed and not cause an error. But it should not cause any regressions as no logic should expect it to fail. Note, that the logic that parses the event fields to create the trace_event works with no spaces after the semi-colon. It is the logic that tests against existing events that is inconsistent. This causes registering an event without using spaces to succeed if it doesn't exist, but makes the same call that tries to register to the same event, but doesn't use spaces, fail. -----BEGIN PGP SIGNATURE----- iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZkZN1hQccm9zdGVkdEBn b29kbWlzLm9yZwAKCRAp5XQQmuv6qvCXAQDO8b2GeCuAMa2SW7PMFdpB2Tc2F5v4 WPBEKaLb0TU+7AEAwR0rCm22p9rpke754lcpZDz7xJNcyiyMkyXeJWCauQA= =PYwP -----END PGP SIGNATURE----- Merge tag 'trace-user-events-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace Pull tracing user-event updates from Steven Rostedt: - Minor update to the user_events interface The ABI of creating a user event states that the fields are separated by semicolons, and spaces should be ignored. But the parsing expected at least one space to be there (which was incorrect). Fix the reading of the string to handle fields separated by semicolons but no space between them. This does extend the API sightly as now "field;field" will now be parsed and not cause an error. But it should not cause any regressions as no logic should expect it to fail. Note, that the logic that parses the event fields to create the trace_event works with no spaces after the semi-colon. It is the logic that tests against existing events that is inconsistent. This causes registering an event without using spaces to succeed if it doesn't exist, but makes the same call that tries to register to the same event, but doesn't use spaces, fail. * tag 'trace-user-events-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: selftests/user_events: Add non-spacing separator check tracing/user_events: Fix non-spaced field matching |
||
Linus Torvalds
|
53683e4080 |
tracing ring buffer updates for v6.10:
- Add ring_buffer memory mappings The tracing ring buffer was created based on being mostly used with the splice system call. It is broken up into page ordered sub-buffers and the reader swaps a new sub-buffer with an existing sub-buffer that's part of the write buffer. It then has total access to the swapped out sub-buffer and can do copyless movements of the memory into other mediums (file system, network, etc). The buffer is great for passing around the ring buffer contents in the kernel, but is not so good for when the consumer is the user space task itself. A new interface is added that allows user space to memory map the ring buffer. It will get all the write sub-buffers as well as reader sub-buffer (that is not written to). It can send an ioctl to change which sub-buffer is the new reader sub-buffer. The ring buffer is read only to user space. It only needs to call the ioctl when it is finished with a sub-buffer and needs a new sub-buffer that the writer will not write over. A self test program was also created for testing and can be used as an example for the interface to user space. The libtracefs (external to the kernel) also has code that interacts with this, although it is disabled until the interface is in a official release. It can be enabled by compiling the library with a special flag. This was used for testing applications that perform better with the buffer being mapped. Memory mapped buffers have limitations. The main one is that it can not be used with the snapshot logic. If the buffer is mapped, snapshots will be disabled. If any logic is set to trigger snapshots on a buffer, that buffer will not be allowed to be mapped. -----BEGIN PGP SIGNATURE----- iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZkYzDRQccm9zdGVkdEBn b29kbWlzLm9yZwAKCRAp5XQQmuv6qttNAQCj3I0OpeI1vms85ShIa7Eha2qes5uC Yml2fnapkmRSwAEAp5UTGxtDctycWOk9B9PA7/oJmLgATaQwRKoEeTUwfAA= =TyEB -----END PGP SIGNATURE----- Merge tag 'trace-ringbuffer-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace Pull tracing ring buffer updates from Steven Rostedt: "Add ring_buffer memory mappings. The tracing ring buffer was created based on being mostly used with the splice system call. It is broken up into page ordered sub-buffers and the reader swaps a new sub-buffer with an existing sub-buffer that's part of the write buffer. It then has total access to the swapped out sub-buffer and can do copyless movements of the memory into other mediums (file system, network, etc). The buffer is great for passing around the ring buffer contents in the kernel, but is not so good for when the consumer is the user space task itself. A new interface is added that allows user space to memory map the ring buffer. It will get all the write sub-buffers as well as reader sub-buffer (that is not written to). It can send an ioctl to change which sub-buffer is the new reader sub-buffer. The ring buffer is read only to user space. It only needs to call the ioctl when it is finished with a sub-buffer and needs a new sub-buffer that the writer will not write over. A self test program was also created for testing and can be used as an example for the interface to user space. The libtracefs (external to the kernel) also has code that interacts with this, although it is disabled until the interface is in a official release. It can be enabled by compiling the library with a special flag. This was used for testing applications that perform better with the buffer being mapped. Memory mapped buffers have limitations. The main one is that it can not be used with the snapshot logic. If the buffer is mapped, snapshots will be disabled. If any logic is set to trigger snapshots on a buffer, that buffer will not be allowed to be mapped" * tag 'trace-ringbuffer-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: ring-buffer: Add cast to unsigned long addr passed to virt_to_page() ring-buffer: Have mmapped ring buffer keep track of missed events ring-buffer/selftest: Add ring-buffer mapping test Documentation: tracing: Add ring-buffer mapping tracing: Allow user-space mapping of the ring-buffer ring-buffer: Introducing ring-buffer mapping functions ring-buffer: Allocate sub-buffers with __GFP_COMP |
||
Linus Torvalds
|
594d28157f |
tracing cleanups for v6.10:
- Removed unused ftrace_direct_funcs variables - Fix a possible NULL pointer dereference race in eventfs - Update do_div() usage in trace event benchmark test - Speedup direct function registration with asynchronous RCU callback. The synchronization was done in the registration code and this caused delays when registering direct callbacks. Move the freeing to a call_rcu() that will prevent delaying of the registering. - Replace simple_strtoul() usage with kstrtoul() -----BEGIN PGP SIGNATURE----- iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZkYrphQccm9zdGVkdEBn b29kbWlzLm9yZwAKCRAp5XQQmuv6qnNbAP0TCG5dLbHlcUtXFCG3AdOufOteyJZ4 efbRjFq0QY/RvQD7Bh1BNLSBsG0ptKPC7ch377A55xsgxZTr0mEarVTOQwg= =GKXv -----END PGP SIGNATURE----- Merge tag 'trace-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace Pull tracing updates from Steven Rostedt: - Remove unused ftrace_direct_funcs variables - Fix a possible NULL pointer dereference race in eventfs - Update do_div() usage in trace event benchmark test - Speedup direct function registration with asynchronous RCU callback. The synchronization was done in the registration code and this caused delays when registering direct callbacks. Move the freeing to a call_rcu() that will prevent delaying of the registering. - Replace simple_strtoul() usage with kstrtoul() * tag 'trace-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: eventfs: Fix a possible null pointer dereference in eventfs_find_events() ftrace: Fix possible use-after-free issue in ftrace_location() ftrace: Remove unused global 'ftrace_direct_func_count' ftrace: Remove unused list 'ftrace_direct_funcs' tracing: Improve benchmark test performance by using do_div() ftrace: Use asynchronous grace period for register_ftrace_direct() ftrace: Replaces simple_strtoul in ftrace |
||
Linus Torvalds
|
70a663205d |
Probes updates for v6.10:
- tracing/probes: Adding new pseudo-types %pd and %pD support for dumping dentry name from 'struct dentry *' and file name from 'struct file *'. - uprobes: Some performance optimizations have been done. . Speed up the BPF uprobe event by delaying the fetching of the uprobe event arguments that are not used in BPF. . Avoid locking by speculatively checking whether uprobe event is valid. . Reduce lock contention by using read/write_lock instead of spinlock for uprobe list operation. This improved BPF uprobe benchmark result 43% on average. - rethook: Removes non-fatal warning messages when tracing stack from BPF and skip rcu_is_watching() validation in rethook if possible. - objpool: Optimizing objpool (which is used by kretprobes and fprobe as rethook backend storage) by inlining functions and avoid caching nr_cpu_ids because it is a const value. - fprobe: Add entry/exit callbacks types (code cleanup) - kprobes: Check ftrace was killed in kprobes if it uses ftrace. -----BEGIN PGP SIGNATURE----- iQFPBAABCgA5FiEEh7BulGwFlgAOi5DV2/sHvwUrPxsFAmZFUxsbHG1hc2FtaS5o aXJhbWF0c3VAZ21haWwuY29tAAoJENv7B78FKz8b+fIH/A96/SeC5WRLhXmHfTCM IvKUea2n0b0oV/2pVfHqfkCBTICuUZ97Opd9VH9jLtjBOTh0fUOGZ2DNVGdSYfWm IIkS5dhuZxHXrSHEVYykwLHI3AOL7Q6Ny9EmOg1CNMidUkPMNtBvppsBYPlFU/B/ qQJAvOdkVOnNITCaas0+MNgepoVVKdJzdNQ1I4WrGyG8isCZBaCYKo2QcGyheCNN y8NXvnVHgmgHQ8nTaeE5AawclFzFnhwHfPQPe1kiyGrx15b8K+VYmaZxPKv33A1a KT3TKJ1Ep7s7iWFh2iPVJzIwOXCmSnvNTKfNx/MDuKtO7UVfFwytoMEaekbmv3bG VqM= =n/mW -----END PGP SIGNATURE----- Merge tag 'probes-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace Pull probes updates from Masami Hiramatsu: - tracing/probes: Add new pseudo-types %pd and %pD support for dumping dentry name from 'struct dentry *' and file name from 'struct file *' - uprobes performance optimizations: - Speed up the BPF uprobe event by delaying the fetching of the uprobe event arguments that are not used in BPF - Avoid locking by speculatively checking whether uprobe event is valid - Reduce lock contention by using read/write_lock instead of spinlock for uprobe list operation. This improved BPF uprobe benchmark result 43% on average - rethook: Remove non-fatal warning messages when tracing stack from BPF and skip rcu_is_watching() validation in rethook if possible - objpool: Optimize objpool (which is used by kretprobes and fprobe as rethook backend storage) by inlining functions and avoid caching nr_cpu_ids because it is a const value - fprobe: Add entry/exit callbacks types (code cleanup) - kprobes: Check ftrace was killed in kprobes if it uses ftrace * tag 'probes-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: kprobe/ftrace: bail out if ftrace was killed selftests/ftrace: Fix required features for VFS type test case objpool: cache nr_possible_cpus() and avoid caching nr_cpu_ids objpool: enable inlining objpool_push() and objpool_pop() operations rethook: honor CONFIG_FTRACE_VALIDATE_RCU_IS_WATCHING in rethook_try_get() ftrace: make extra rcu_is_watching() validation check optional uprobes: reduce contention on uprobes_tree access rethook: Remove warning messages printed for finding return address of a frame. fprobe: Add entry/exit callbacks types selftests/ftrace: add fprobe test cases for VFS type "%pd" and "%pD" selftests/ftrace: add kprobe test cases for VFS type "%pd" and "%pD" Documentation: tracing: add new type '%pd' and '%pD' for kprobe tracing/probes: support '%pD' type for print struct file's name tracing/probes: support '%pd' type for print struct dentry's name uprobes: add speculative lockless system-wide uprobe filter check uprobes: prepare uprobe args buffer lazily uprobes: encapsulate preparation of uprobe args buffer |
||
Linus Torvalds
|
e9d6825180 |
Bootconfig updates for v6.10:
- Do not put unneeded quotes on the extra command line items which was inserted from the bootconfig. - Remove redundant spaces from the extra command line. -----BEGIN PGP SIGNATURE----- iQFPBAABCgA5FiEEh7BulGwFlgAOi5DV2/sHvwUrPxsFAmZGkuobHG1hc2FtaS5o aXJhbWF0c3VAZ21haWwuY29tAAoJENv7B78FKz8bVEsH/iMoyjutOElICR0gapcR i2fd+iDlIzTgHhVSGt8qkQAdclNt/9P2xSfnvk9Z2SImZBlx6oGwVi32fRxky7R2 vZ+vPX1WDMwxHbZl+CCwGhJJQ6n5d1u0rtgY2g4h18Er1vMK8Vo+1T3SCkEOqtxs J4vfeYo9EOgdx2BA/De5GwpNrowrmdPn0TqSmjZlB7BqY8UY4a4x3Y2CeS8n5n2C hnfkQ0kwbvNtsOEmRKeF9OROpBVVmlTExi8KzaH7shhCHbhIZD9froo2ZwSaCS8L 79+mDkyt3YcQKarVNKnH7wa0WvCEZYgVH+oZ6uUDhsP1m+L+d3BdNbDEEUPUpnjB VnY= =e4Ys -----END PGP SIGNATURE----- Merge tag 'bootconfig-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace Pull bootconfig updates from Masami Hiramatsu: - Do not put unneeded quotes on the extra command line items which was inserted from the bootconfig. - Remove redundant spaces from the extra command line. * tag 'bootconfig-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: init/main.c: Minor cleanup for the setup_command_line() function init/main.c: Remove redundant space from saved_command_line bootconfig: do not put quotes on cmdline items unless necessary |
||
Linus Torvalds
|
91b6163be4 |
sysctl changes for v6.10-rc1
Summary * Removed sentinel elements from ctl_table structs in kernel/* Removing sentinels in ctl_table arrays reduces the build time size and runtime memory consumed by ~64 bytes per array. Removals for net/, io_uring/, mm/, ipc/ and security/ are set to go into mainline through their respective subsystems making the next release the most likely place where the final series that removes the check for proc_name == NULL will land. This PR adds to removals already in arch/, drivers/ and fs/. * Adjusted ctl_table definitions and references to allow constification Adjustments: - Removing unused ctl_table function arguments - Moving non-const elements from ctl_table to ctl_table_header - Making ctl_table pointers const in ctl_table_root structure Making the static ctl_table structs const will increase safety by keeping the pointers to proc_handler functions in .rodata. Though no ctl_tables where made const in this PR, the ground work for making that possible has started with these changes sent by Thomas Weißschuh. Testing * These changes went into linux-next after v6.9-rc4; giving it a good month of testing. -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEErkcJVyXmMSXOyyeQupfNUreWQU8FAmZFvBMACgkQupfNUreW QU/eGAv9EWeiXKxr3EVSMAsb9MWbJq7C99I/pd5hMf+qH4PgJpKDH7w/sb2e8h8+ unGiW83ikgrtph7OS4/xM3Y9r3Nvzd6C/OztqgMnNKeRFdMgP7wu9HaSNs05ordb CqJdhvL93quc5HxrGTS9sdLK/wLJWOHwuWMXhX4qS44JNxTdPV2q10Rb7DZyHZ6O C9qp61L2Q2CrnOBKIx8MoeCh20ynJQAo3b0pTN63ZYF4D0vqCcnYNNTPkge4ID8/ ULJoP5hAQY0vJ4g4fC4Gmooa5GECpm8MfZUf3SdgPyauqM/sm3dVdsLXAWD4Phcp TsG2a/5KMYwnLHrUGwDW7bFfEemRU88h0Iam56+SKMl1kMlEpWaLL9ApQXoHFayG e10izS+i/nlQiqYIHtuczCoTimT4/LGnonCLcdA//C3XzBT5MnOd7xsjuaQSpFWl /CV9SZa4ABwzX7u2jty8ik90iihLCFQyKj1d9m1mDVbgb6r3iUOxVuHBgMtY7MF7 eyaEmV7l =/rQW -----END PGP SIGNATURE----- Merge tag 'sysctl-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl Pull sysctl updates from Joel Granados: - Remove sentinel elements from ctl_table structs in kernel/* Removing sentinels in ctl_table arrays reduces the build time size and runtime memory consumed by ~64 bytes per array. Removals for net/, io_uring/, mm/, ipc/ and security/ are set to go into mainline through their respective subsystems making the next release the most likely place where the final series that removes the check for proc_name == NULL will land. This adds to removals already in arch/, drivers/ and fs/. - Adjust ctl_table definitions and references to allow constification - Remove unused ctl_table function arguments - Move non-const elements from ctl_table to ctl_table_header - Make ctl_table pointers const in ctl_table_root structure Making the static ctl_table structs const will increase safety by keeping the pointers to proc_handler functions in .rodata. Though no ctl_tables where made const in this PR, the ground work for making that possible has started with these changes sent by Thomas Weißschuh. * tag 'sysctl-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl: sysctl: drop now unnecessary out-of-bounds check sysctl: move sysctl type to ctl_table_header sysctl: drop sysctl_is_perm_empty_ctl_table sysctl: treewide: constify argument ctl_table_root::permissions(table) sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table) bpf: Remove the now superfluous sentinel elements from ctl_table array delayacct: Remove the now superfluous sentinel elements from ctl_table array kprobes: Remove the now superfluous sentinel elements from ctl_table array printk: Remove the now superfluous sentinel elements from ctl_table array scheduler: Remove the now superfluous sentinel elements from ctl_table array seccomp: Remove the now superfluous sentinel elements from ctl_table array timekeeping: Remove the now superfluous sentinel elements from ctl_table array ftrace: Remove the now superfluous sentinel elements from ctl_table array umh: Remove the now superfluous sentinel elements from ctl_table array kernel misc: Remove the now superfluous sentinel elements from ctl_table array |
||
Linus Torvalds
|
06f054b1fe |
Devicetree for v6.10:
DT Bindings: - Convert samsung,exynos5-dp, atmel,lcdc, aspeed,ast2400-wdt bindings to schemas - Add bindings for Allwinner H616 NMI controller, Renesas r8a779g0 irqc, Renesas R-Car V4M TMU and CMT timers, Freescale S32G3 linflexuart, and Mediatek MT7988 XHCI - Add 'reg' constraints on DSI and SPI display panels - More dropping of unnecessary quotes in schemas - Use full paths rather than relative paths in schema $refs - Drop redundant storing of phandle for reserved memory DT Core: - Use scope based cleanups for kfree() and of_node_put() - Track interrupt-map and power-supplies for fw_devlink - Add buffer overflow check in of_modalias() - Add and use __of_prop_free() helper for freeing struct property -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEktVUI4SxYhzZyEuo+vtdtY28YcMFAmZGQGQACgkQ+vtdtY28 YcNUcg/7BqmWMNSPCqExiR/Vj9jGjpbZlXH5I8w2vvSpcDbeWgAAXxSLnPJvdM3n tqDFec+4ieHAqerd0T3DAjauK1EIsC/+DiBO1JIgb6yhLkTcr+X5MYH7U5/WmQe/ +3baDokNXhqWQnas8YMNFzJqTJNFkUijS2QgwiL4Ypz2e64mctPjoSQKOtkQA8iZ jfh/r2w0wIeous00Kf07REC6oL5Svzrx2Cg9geiFVIk9Puyk6esr/H1a4jyLbAvc F3znSY21x5vqMGX3F0z8Mp5/aYpuvGkrXkzbOv8+OEP0ipJCwHA0BuK7pYe6narj Ys0SygCrEC2VoWv2PypEN7xSj4/9TVt5gIWK9Lxf/fJLeuTVDr+9qhv4WvuYyDdG kI09PlkG5bovpLAZi/YqulcRGEOPuJIQ+GST9Rf+0fFuAeCbxQmhq7BWmaSedUm2 lt0F5NofGTuTXAEMrwlu7FrfPZrVXLFczpsvG8dunR1iGYJm5QvIaJoqnFoQjUa6 1Vi4cK7VNRGhOYx/3uBzF8lB+CN5MqKyMUCc4hcR4f4Ut4/uPg4HjgxJUWo9aY76 VyryxNEV0K9idUMmW+dGEtbmXWc8ukbz2OOAPlKYobbmIOQpQZcMIizq7ilanZmZ DNRhcqvoAwb7+zGaJ1DWFy/14/09JNBuC+mZUNjvxzb3fhcvjqE= =tslW -----END PGP SIGNATURE----- Merge tag 'devicetree-for-6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull devicetree updates from Rob Herring: "DT Bindings: - Convert samsung,exynos5-dp, atmel,lcdc, aspeed,ast2400-wdt bindings to schemas - Add bindings for Allwinner H616 NMI controller, Renesas r8a779g0 irqc, Renesas R-Car V4M TMU and CMT timers, Freescale S32G3 linflexuart, and Mediatek MT7988 XHCI - Add 'reg' constraints on DSI and SPI display panels - More dropping of unnecessary quotes in schemas - Use full paths rather than relative paths in schema $refs - Drop redundant storing of phandle for reserved memory DT Core: - Use scope based cleanups for kfree() and of_node_put() - Track interrupt-map and power-supplies for fw_devlink - Add buffer overflow check in of_modalias() - Add and use __of_prop_free() helper for freeing struct property" * tag 'devicetree-for-6.10' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: (25 commits) of: property: Add fw_devlink support for interrupt-map property dt-bindings: display: panel: constrain 'reg' in DSI panels dt-bindings: display: panel: constrain 'reg' in SPI panels dt-bindings: display: samsung,ams495qa01: add missing SPI properties ref dt-bindings: Use full path to other schemas dt-bindings: PCI: qcom,pcie-sm8350: Drop redundant 'oneOf' sub-schema of: module: add buffer overflow check in of_modalias() dt-bindings: PCI: microchip: increase number of items in ranges property dt-bindings: Drop unnecessary quotes on keys dt-bindings: interrupt-controller: mediatek,mt6577-sysirq: Drop unnecessary quotes of: property: Use scope based cleanup on port_node of: reserved_mem: Remove the use of phandle from the reserved_mem APIs of: property: fw_devlink: Add support for "power-supplies" binding dt-bindings: watchdog: aspeed,ast2400-wdt: Convert to DT schema dt-bindings: irq: sun7i-nmi: Add binding for the H616 NMI controller dt-bindings: interrupt-controller: renesas,irqc: Add r8a779g0 support dt-bindings: timer: renesas,tmu: Add R-Car V4M support dt-bindings: timer: renesas,cmt: Add R-Car V4M support of: Use scope based of_node_put() cleanups of: Use scope based kfree() cleanups ... |
||
Jakub Kicinski
|
fe56d6e4a9 |
selftests: net: local_termination: annotate the expected failures
Vladimir said when adding this test:
The bridge driver fares particularly badly [...] mainly because
it does not implement IFF_UNICAST_FLT.
See commit
|
||
Oleksij Rempel
|
f0fa841164 |
net: dsa: microchip: Correct initialization order for KSZ88x3 ports
Adjust the initialization sequence of KSZ88x3 switches to enable
802.1p priority control on Port 2 before configuring Port 1. This
change ensures the apptrust functionality on Port 1 operates
correctly, as it depends on the priority settings of Port 2. The
prior initialization sequence incorrectly configured Port 1 first,
which could lead to functional discrepancies.
Fixes:
|
||
Ravi Gunasekaran
|
31279b0cb4 |
MAINTAINERS: net: Update reviewers for TI's Ethernet drivers
Remove myself as reviewer for TI's ethernet drivers Signed-off-by: Ravi Gunasekaran <r-gunasekaran@ti.com> Reviewed-by: Roger Quadros <rogerq@kernel.org> Link: https://lore.kernel.org/r/20240516082545.6412-1-r-gunasekaran@ti.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
Ravi Gunasekaran
|
ce08eeb59d |
dt-bindings: net: ti: Update maintainers list
Update the list with the current maintainers of TI's CPSW ethernet peripheral. Signed-off-by: Ravi Gunasekaran <r-gunasekaran@ti.com> Acked-by: Conor Dooley <conor.dooley@microchip.com> Acked-by: Roger Quadros <rogerq@kernel.org> Link: https://lore.kernel.org/r/20240516054932.27597-1-r-gunasekaran@ti.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
Tom Parkin
|
6e828dc60e |
l2tp: fix ICMP error handling for UDP-encap sockets
Since commit |
||
Linus Torvalds
|
7ee332c9f1 |
parisc architecture fixes and updates for kernel v6.10-rc1:
- Define sigset_t in parisc uapi header to fix build of util-linux - Define HAVE_ARCH_HUGETLB_UNMAPPED_AREA to avoid compiler warning - Drop unused 'exc_reg' struct in math-emu code -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZkejxgAKCRD3ErUQojoP Xx3cAPsHMREFiLRWEEkLeiwO9ZZRqrem2CCLX1jpq0S5lQPJeQD5Ad/GNI4nJlO3 JiN91zktmT+b5AWgs3Dq7j6VR5jogAA= =WLoj -----END PGP SIGNATURE----- Merge tag 'parisc-for-6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc updates from Helge Deller: - define sigset_t in parisc uapi header to fix build of util-linux - define HAVE_ARCH_HUGETLB_UNMAPPED_AREA to avoid compiler warning - drop unused 'exc_reg' struct in math-emu code * tag 'parisc-for-6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Define HAVE_ARCH_HUGETLB_UNMAPPED_AREA parisc/math-emu: Remove unused struct 'exc_reg' parisc: Define sigset_t in parisc uapi header |
||
Linus Torvalds
|
ff2632d7d0 |
powerpc updates for 6.10
- Enable BPF Kernel Functions (kfuncs) in the powerpc BPF JIT. - Allow per-process DEXCR (Dynamic Execution Control Register) settings via prctl, notably NPHIE which controls hashst/hashchk for ROP protection. - Install powerpc selftests in sub-directories. Note this changes the way run_kselftest.sh needs to be invoked for powerpc selftests. - Change fadump (Firmware Assisted Dump) to better handle memory add/remove. - Add support for passing additional parameters to the fadump kernel. - Add support for updating the kdump image on CPU/memory add/remove events. - Other small features, cleanups and fixes. Thanks to: Andrew Donnellan, Andy Shevchenko, Aneesh Kumar K.V, Arnd Bergmann, Benjamin Gray, Bjorn Helgaas, Christian Zigotzky, Christophe Jaillet, Christophe Leroy, Colin Ian King, Cédric Le Goater, Dr. David Alan Gilbert, Erhard Furtner, Frank Li, GUO Zihua, Ganesh Goudar, Geoff Levand, Ghanshyam Agrawal, Greg Kurz, Hari Bathini, Joel Stanley, Justin Stitt, Kunwu Chan, Li Yang, Lidong Zhong, Madhavan Srinivasan, Mahesh Salgaonkar, Masahiro Yamada, Matthias Schiffer, Naresh Kamboju, Nathan Chancellor, Nathan Lynch, Naveen N Rao, Nicholas Miehlbradt, Ran Wang, Randy Dunlap, Ritesh Harjani, Sachin Sant, Shirisha Ganta, Shrikanth Hegde, Sourabh Jain, Stephen Rothwell, sundar, Thorsten Blum, Vaibhav Jain, Xiaowei Bao, Yang Li, Zhao Chenhui. -----BEGIN PGP SIGNATURE----- iQJHBAABCAAxFiEEJFGtCPCthwEv2Y/bUevqPMjhpYAFAmZHLtwTHG1wZUBlbGxl cm1hbi5pZC5hdQAKCRBR6+o8yOGlgCGdD/0cqQkYl6+E0/K68Y7jnAWF+l0LNFlm /4jZ+zKXPiPhSdaQq4xo2ZjEooUPsm3c+AHidmrAtOMBULvv4pyciu61hrVu4Y2b aAudkBMUc+i/Lfaz7fq1KnN4LDFVm7xZZ+i/ju9tOBLMpOZ3YZ+YoOGA6nqsshJF XuB5h0T+H55he1wBpvyyrsUUyss53Mp3IsajxdwBOsUDDp0fSAg8SLEyhoiK3BsQ EjEa6iEqJSBheqFEXPvqsMuqM3k51CHe/pCOMODjo7P+u/MNrClZUscZKXGB5xq9 Bu3SPxIYfRmU4XE53517faElEPmlxSBrjQGCD1EGEVXGsjn6r7TD6R5voow3SoUq CLTy90KNNrS1cIqeomu6bJ/anzYrViqTdekImA7Vb+Ol8f+uT9l+l1D75eYOKPQ3 N0AHoa4rnWIb5kjCAjHaZ54O+B2q2tPlQqFUmt+BrvZyKS13zjE36stnArxP3MPC Xw6y3huX3AkZiJ4mQYRiBn//xGOLwrRCd/EoTDnoe08yq0Hoor6qIm4uEy2Nu3Kf 0mBsEOxMsmQd6NEq43B/sFgVbbxKhAyxfZ9gHqxDQZcgoxXcMesyj/n4+jM5sRYK zmavLlykM2Tjlh1evs8+e0mCEwDjDn2GRlqstJQTrmnGhbMKi3jvw9I7gGtZVqbS kAflTXzsIXvxBA== =GoCV -----END PGP SIGNATURE----- Merge tag 'powerpc-6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc updates from Michael Ellerman: - Enable BPF Kernel Functions (kfuncs) in the powerpc BPF JIT. - Allow per-process DEXCR (Dynamic Execution Control Register) settings via prctl, notably NPHIE which controls hashst/hashchk for ROP protection. - Install powerpc selftests in sub-directories. Note this changes the way run_kselftest.sh needs to be invoked for powerpc selftests. - Change fadump (Firmware Assisted Dump) to better handle memory add/remove. - Add support for passing additional parameters to the fadump kernel. - Add support for updating the kdump image on CPU/memory add/remove events. - Other small features, cleanups and fixes. Thanks to Andrew Donnellan, Andy Shevchenko, Aneesh Kumar K.V, Arnd Bergmann, Benjamin Gray, Bjorn Helgaas, Christian Zigotzky, Christophe Jaillet, Christophe Leroy, Colin Ian King, Cédric Le Goater, Dr. David Alan Gilbert, Erhard Furtner, Frank Li, GUO Zihua, Ganesh Goudar, Geoff Levand, Ghanshyam Agrawal, Greg Kurz, Hari Bathini, Joel Stanley, Justin Stitt, Kunwu Chan, Li Yang, Lidong Zhong, Madhavan Srinivasan, Mahesh Salgaonkar, Masahiro Yamada, Matthias Schiffer, Naresh Kamboju, Nathan Chancellor, Nathan Lynch, Naveen N Rao, Nicholas Miehlbradt, Ran Wang, Randy Dunlap, Ritesh Harjani, Sachin Sant, Shirisha Ganta, Shrikanth Hegde, Sourabh Jain, Stephen Rothwell, sundar, Thorsten Blum, Vaibhav Jain, Xiaowei Bao, Yang Li, and Zhao Chenhui. * tag 'powerpc-6.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (85 commits) powerpc/fadump: Fix section mismatch warning powerpc/85xx: fix compile error without CONFIG_CRASH_DUMP powerpc/fadump: update documentation about bootargs_append powerpc/fadump: pass additional parameters when fadump is active powerpc/fadump: setup additional parameters for dump capture kernel powerpc/pseries/fadump: add support for multiple boot memory regions selftests/powerpc/dexcr: Fix spelling mistake "predicition" -> "prediction" KVM: PPC: Book3S HV nestedv2: Fix an error handling path in gs_msg_ops_kvmhv_nestedv2_config_fill_info() KVM: PPC: Fix documentation for ppc mmu caps KVM: PPC: code cleanup for kvmppc_book3s_irqprio_deliver KVM: PPC: Book3S HV nestedv2: Cancel pending DEC exception powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" powerpc/code-patching: Use dedicated memory routines for patching powerpc/code-patching: Test patch_instructions() during boot powerpc64/kasan: Pass virtual addresses to kasan_init_phys_region() powerpc: rename SPRN_HID2 define to SPRN_HID2_750FX powerpc: Fix typos powerpc/eeh: Fix spelling of the word "auxillary" and update comment macintosh/ams: Fix unused variable warning powerpc/Makefile: Remove bits related to the previous use of -mcmodel=large ... |
||
Linus Torvalds
|
4853f1f6ac |
ARM development updates for v6.10-rc1
- Updates to AMBA bus subsystem to drop .owner struct device_driver initialisations, moving that to code instead. - Add LPAE privileged-access-never support - Add support for Clang CFI - clkdev: report over-sized device or connection strings -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEuNNh8scc2k/wOAE+9OeQG+StrGQFAmZF8aoACgkQ9OeQG+St rGShNg//aShGJvs0ezHMt7j4MVrToGHgmpkryaMiYDPU6ud3xSM29sIMxtdEw6yR DGJp8Lcx2KsJU8HKwEzRl7dMr4Cx16bXj69lHNCmalOflTOPCDJuZZ87OUFD6fXh RNbDbEnPlp474E1f3rJB4WkB3UA+hUq/26Z8mpfbWLunVMUeCilgKiDFQzJMobMH smHx1TyBwTDPbY6jHqdiGEzSoLzvDdtSFyYz69aRy8rfUHXESVdvqkXWMf33Bf60 fONhK4O4ln8iaQT0MmbWbV4TGNeOzqeNC4M4U3bVAyrwW4naSRFnVQEVJdaAgM/P 6w5DLpStjef5YHpGbx3nodBb+xvi0Kb25vL/fvnsmVLqPV3Rsp8T3d1WQI8RWnJo GphHk2QmogdOFwoiyMLXv6JZrc796SogSQBlF5lj3LoR8RCjuYUMVOvikTqfF0BK gMbvtF4v3SwJoKitjbiRgkusPEmziooi7hTwluFuWNfmkc7dJKPkfMhC0RkvIn0J VpL17A3A35YBnpjTAxTMsAh4OsBRasvBK/4np8nizwre+K5pPuF0PV6rFhndD31h JKfkXgIziyVN5TVfoocM1kQqQmDjTkyOmehgZ0dYRORyGJMoDgy6LUucQRziLubm C5Od5hcPhHhN8lECBjMA9P+9m0S+PvK3vepefdNIpSMoQwxAMFQ= =t/xl -----END PGP SIGNATURE----- Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rmk/linux Pull ARM updates from Russell King: - Updates to AMBA bus subsystem to drop .owner struct device_driver initialisations, moving that to code instead. - Add LPAE privileged-access-never support - Add support for Clang CFI - clkdev: report over-sized device or connection strings * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rmk/linux: (36 commits) ARM: 9398/1: Fix userspace enter on LPAE with CC_OPTIMIZE_FOR_SIZE=y clkdev: report over-sized strings when creating clkdev entries ARM: 9393/1: mm: Use conditionals for CFI branches ARM: 9392/2: Support CLANG CFI ARM: 9391/2: hw_breakpoint: Handle CFI breakpoints ARM: 9390/2: lib: Annotate loop delay instructions for CFI ARM: 9389/2: mm: Define prototypes for all per-processor calls ARM: 9388/2: mm: Type-annotate all per-processor assembly routines ARM: 9387/2: mm: Rewrite cacheflush vtables in CFI safe C ARM: 9386/2: mm: Use symbol alias for cache functions ARM: 9385/2: mm: Type-annotate all cache assembly routines ARM: 9384/2: mm: Make tlbflush routines CFI safe ARM: 9382/1: ftrace: Define ftrace_stub_graph ARM: 9358/2: Implement PAN for LPAE by TTBR0 page table walks disablement ARM: 9357/2: Reduce the number of #ifdef CONFIG_CPU_SW_DOMAIN_PAN ARM: 9356/2: Move asm statements accessing TTBCR into C functions ARM: 9355/2: Add TTBCR_* definitions to pgtable-3level-hwdef.h ARM: 9379/1: coresight: tpda: drop owner assignment ARM: 9378/1: coresight: etm4x: drop owner assignment ARM: 9377/1: hwrng: nomadik: drop owner assignment ... |
||
David S. Miller
|
f6f25eebe0 |
Merge branch 'wangxun-fixes'
Jiawen Wu says: ==================== Wangxun fixes Fixed some bugs when using ethtool to operate network devices. v4 -> v5: - Simplify if...else... to fix features. v3 -> v4: - Require both ctag and stag to be enabled or disabled. v2 -> v3: - Drop the first patch. v1 -> v2: - Factor out the same code. - Remove statistics printing with more than 64 queues. - Detail the commit logs to describe issues. - Remove reset flag check in wx_update_stats(). - Change to set VLAN CTAG and STAG to be consistent. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> |
||
Jiawen Wu
|
1d3c641495 |
net: txgbe: fix to control VLAN strip
When VLAN tag strip is changed to enable or disable, the hardware requires
the Rx ring to be in a disabled state, otherwise the feature cannot be
changed.
Fixes:
|
||
Jiawen Wu
|
ac71ab7816 |
net: wangxun: match VLAN CTAG and STAG features
Hardware requires VLAN CTAG and STAG configuration always matches. And
whether VLAN CTAG or STAG changes, the configuration needs to be changed
as well.
Fixes:
|
||
Jiawen Wu
|
68067f065e |
net: wangxun: fix to change Rx features
Fix the issue where some Rx features cannot be changed.
When using ethtool -K to turn off rx offload, it returns error and
displays "Could not change any device features". And netdev->features
is not assigned a new value to actually configure the hardware.
Fixes:
|
||
Eric Dumazet
|
581073f626 |
af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
trafgen performance considerably sank on hosts with many cores after the blamed commit. packet_read_pending() is very expensive, and calling it in af_packet fast path defeats Daniel intent in commit |
||
Daniel Jurgens
|
fa033def41 |
virtio_net: Fix missed rtnl_unlock
The rtnl_lock would stay locked if allocating promisc_allmulti failed.
Also changed the allocation to GFP_KERNEL.
Fixes:
|
||
Eric Dumazet
|
e03e7f20eb |
netrom: fix possible dead-lock in nr_rt_ioctl()
syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]
Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)
[1]
WARNING: possible circular locking dependency detected
6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted
------------------------------------------------------
syz-executor350/5129 is trying to acquire lock:
ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]
ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]
ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
but task is already holding lock:
ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (nr_node_list_lock){+...}-{2:2}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
nr_remove_node net/netrom/nr_route.c:299 [inline]
nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355
nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683
sock_do_ioctl+0x158/0x460 net/socket.c:1222
sock_ioctl+0x629/0x8e0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&nr_node->node_lock){+...}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
nr_node_lock include/net/netrom.h:152 [inline]
nr_dec_obs net/netrom/nr_route.c:464 [inline]
nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
sock_do_ioctl+0x158/0x460 net/socket.c:1222
sock_ioctl+0x629/0x8e0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(nr_node_list_lock);
lock(&nr_node->node_lock);
lock(nr_node_list_lock);
lock(&nr_node->node_lock);
*** DEADLOCK ***
1 lock held by syz-executor350/5129:
#0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
#0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
stack backtrace:
CPU: 0 PID: 5129 Comm: syz-executor350 Not tainted 6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2187
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
nr_node_lock include/net/netrom.h:152 [inline]
nr_dec_obs net/netrom/nr_route.c:464 [inline]
nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
sock_do_ioctl+0x158/0x460 net/socket.c:1222
sock_ioctl+0x629/0x8e0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Fixes:
|
||
Michal Schmidt
|
67708158e7 |
idpf: don't skip over ethtool tcp-data-split setting
Disabling tcp-data-split on idpf silently fails:
# ethtool -G $NETDEV tcp-data-split off
# ethtool -g $NETDEV | grep 'TCP data split'
TCP data split: on
But it works if you also change 'tx' or 'rx':
# ethtool -G $NETDEV tcp-data-split off tx 256
# ethtool -g $NETDEV | grep 'TCP data split'
TCP data split: off
The bug is in idpf_set_ringparam, where it takes a shortcut out if the
TX and RX sizes are not changing. Fix it by checking also if the
tcp-data-split setting remains unchanged. Only then can the soft reset
be skipped.
Fixes:
|
||
Sagar Cheluvegowda
|
fe32622763 |
dt-bindings: net: qcom: ethernet: Allow dma-coherent
On SA8775P, Ethernet DMA controller is coherent with the CPU. allow specifying that. Signed-off-by: Sagar Cheluvegowda <quic_scheluve@quicinc.com> Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/20240514-mark_ethernet_devices_dma_coherent-v4-2-04e1198858c5@quicinc.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
Tony Battersby
|
a45835a0bb |
bonding: fix oops during rmmod
"rmmod bonding" causes an oops ever since commit |
||
xu xin
|
bb48727238 |
net/ipv6: Fix route deleting failure when metric equals 0
Problem ========= After commit |