1. 22 Aug, 2024 3 commits
  2. 21 Aug, 2024 16 commits
  3. 20 Aug, 2024 13 commits
    • Joseph Huang's avatar
      net: dsa: mv88e6xxx: Fix out-of-bound access · 528876d8
      Joseph Huang authored
      If an ATU violation was caused by a CPU Load operation, the SPID could
      be larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).
      
      Fixes: 75c05a74 ("net: dsa: mv88e6xxx: Fix counting of ATU violations")
      Signed-off-by: default avatarJoseph Huang <Joseph.Huang@garmin.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Link: https://patch.msgid.link/20240819235251.1331763-1-Joseph.Huang@garmin.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      528876d8
    • Martin Whitaker's avatar
      net: dsa: microchip: fix PTP config failure when using multiple ports · 6efea513
      Martin Whitaker authored
      When performing the port_hwtstamp_set operation, ptp_schedule_worker()
      will be called if hardware timestamoing is enabled on any of the ports.
      When using multiple ports for PTP, port_hwtstamp_set is executed for
      each port. When called for the first time ptp_schedule_worker() returns
      0. On subsequent calls it returns 1, indicating the worker is already
      scheduled. Currently the ksz driver treats 1 as an error and fails to
      complete the port_hwtstamp_set operation, thus leaving the timestamping
      configuration for those ports unchanged.
      
      This patch fixes this by ignoring the ptp_schedule_worker() return
      value.
      
      Cc: stable@vger.kernel.org
      Link: https://lore.kernel.org/7aae307a-35ca-4209-a850-7b2749d40f90@martin-whitaker.me.uk
      Fixes: bb01ad30 ("net: dsa: microchip: ptp: manipulating absolute time using ptp hw clock")
      Signed-off-by: default avatarMartin Whitaker <foss@martin-whitaker.me.uk>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Acked-by: default avatarArun Ramadoss <arun.ramadoss@microchip.com>
      Link: https://patch.msgid.link/20240817094141.3332-1-foss@martin-whitaker.me.ukSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      6efea513
    • Paolo Abeni's avatar
      igb: cope with large MAX_SKB_FRAGS · 8aba27c4
      Paolo Abeni authored
      Sabrina reports that the igb driver does not cope well with large
      MAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload
      corruption on TX.
      
      An easy reproducer is to run ssh to connect to the machine.  With
      MAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails.  This has
      been reported originally in
      https://bugzilla.redhat.com/show_bug.cgi?id=2265320
      
      The root cause of the issue is that the driver does not take into
      account properly the (possibly large) shared info size when selecting
      the ring layout, and will try to fit two packets inside the same 4K
      page even when the 1st fraglist will trump over the 2nd head.
      
      Address the issue by checking if 2K buffers are insufficient.
      
      Fixes: 3948b059 ("net: introduce a config option to tweak MAX_SKB_FRAGS")
      Reported-by: default avatarJan Tluka <jtluka@redhat.com>
      Reported-by: default avatarJirka Hladky <jhladky@redhat.com>
      Reported-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Tested-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Tested-by: default avatarCorinna Vinschen <vinschen@redhat.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarCorinna Vinschen <vinschen@redhat.com>
      Link: https://patch.msgid.link/20240816152034.1453285-1-vinschen@redhat.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      8aba27c4
    • Nikolay Kuratov's avatar
      cxgb4: add forgotten u64 ivlan cast before shift · 80a1e7b8
      Nikolay Kuratov authored
      It is done everywhere in cxgb4 code, e.g. in is_filter_exact_match()
      There is no reason it should not be done here
      
      Found by Linux Verification Center (linuxtesting.org) with SVACE
      Signed-off-by: default avatarNikolay Kuratov <kniv@yandex-team.ru>
      Cc: stable@vger.kernel.org
      Fixes: 12b276fb ("cxgb4: add support to create hash filters")
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Reviewed-by: default avatarJacob Keller <jacob.e.keller@intel.com>
      Link: https://patch.msgid.link/20240819075408.92378-1-kniv@yandex-team.ruSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      80a1e7b8
    • Dan Carpenter's avatar
      dpaa2-switch: Fix error checking in dpaa2_switch_seed_bp() · c50e7475
      Dan Carpenter authored
      The dpaa2_switch_add_bufs() function returns the number of bufs that it
      was able to add.  It returns BUFS_PER_CMD (7) for complete success or a
      smaller number if there are not enough pages available.  However, the
      error checking is looking at the total number of bufs instead of the
      number which were added on this iteration.  Thus the error checking
      only works correctly for the first iteration through the loop and
      subsequent iterations are always counted as a success.
      
      Fix this by checking only the bufs added in the current iteration.
      
      Fixes: 0b1b7137 ("staging: dpaa2-switch: handle Rx path on control interface")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Reviewed-by: default avatarIoana Ciornei <ioana.ciornei@nxp.com>
      Tested-by: default avatarIoana Ciornei <ioana.ciornei@nxp.com>
      Link: https://patch.msgid.link/eec27f30-b43f-42b6-b8ee-04a6f83423b6@stanley.mountainSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      c50e7475
    • Paolo Abeni's avatar
      Merge branch 'bonding-fix-xfrm-offload-bugs' · 7565c39d
      Paolo Abeni authored
      Nikolay Aleksandrov says:
      
      ====================
      bonding: fix xfrm offload bugs
      
      I noticed these problems while reviewing a bond xfrm patch recently.
      The fixes are straight-forward, please review carefully the last one
      because it has side-effects. This set has passed bond's selftests
      and my custom bond stress tests which crash without these fixes.
      
      Note the first patch is not critical, but it simplifies the next fix.
      ====================
      
      Link: https://patch.msgid.link/20240816114813.326645-1-razor@blackwall.orgSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      7565c39d
    • Nikolay Aleksandrov's avatar
      bonding: fix xfrm state handling when clearing active slave · c4c5c5d2
      Nikolay Aleksandrov authored
      If the active slave is cleared manually the xfrm state is not flushed.
      This leads to xfrm add/del imbalance and adding the same state multiple
      times. For example when the device cannot handle anymore states we get:
       [ 1169.884811] bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
      because it's filled with the same state after multiple active slave
      clearings. This change also has a few nice side effects: user-space
      gets a notification for the change, the old device gets its mac address
      and promisc/mcast adjusted properly.
      
      Fixes: 18cb261a ("bonding: support hardware encryption offload to slaves")
      Signed-off-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
      Reviewed-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      c4c5c5d2
    • Nikolay Aleksandrov's avatar
      bonding: fix xfrm real_dev null pointer dereference · f8cde980
      Nikolay Aleksandrov authored
      We shouldn't set real_dev to NULL because packets can be in transit and
      xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume
      real_dev is set.
      
       Example trace:
       kernel: BUG: unable to handle page fault for address: 0000000000001030
       kernel: bond0: (slave eni0np1): making interface the new active one
       kernel: #PF: supervisor write access in kernel mode
       kernel: #PF: error_code(0x0002) - not-present page
       kernel: PGD 0 P4D 0
       kernel: Oops: 0002 [#1] PREEMPT SMP
       kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12
       kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014
       kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]
       kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
       kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f
       kernel: bond0: (slave eni0np1): making interface the new active one
       kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246
       kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
       kernel:
       kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60
       kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00
       kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014
       kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000
       kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000
       kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000
       kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0
       kernel: bond0: (slave eni0np1): making interface the new active one
       kernel: Call Trace:
       kernel:  <TASK>
       kernel:  ? __die+0x1f/0x60
       kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
       kernel:  ? page_fault_oops+0x142/0x4c0
       kernel:  ? do_user_addr_fault+0x65/0x670
       kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50
       kernel: bond0: (slave eni0np1): making interface the new active one
       kernel:  ? exc_page_fault+0x7b/0x180
       kernel:  ? asm_exc_page_fault+0x22/0x30
       kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]
       kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
       kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]
       kernel: bond0: (slave eni0np1): making interface the new active one
       kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]
       kernel:  xfrm_output+0x61/0x3b0
       kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
       kernel:  ip_push_pending_frames+0x56/0x80
      
      Fixes: 18cb261a ("bonding: support hardware encryption offload to slaves")
      Signed-off-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
      Reviewed-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      f8cde980
    • Nikolay Aleksandrov's avatar
      bonding: fix null pointer deref in bond_ipsec_offload_ok · 95c90e4a
      Nikolay Aleksandrov authored
      We must check if there is an active slave before dereferencing the pointer.
      
      Fixes: 18cb261a ("bonding: support hardware encryption offload to slaves")
      Signed-off-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
      Reviewed-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      95c90e4a
    • Nikolay Aleksandrov's avatar
      bonding: fix bond_ipsec_offload_ok return type · fc59b9a5
      Nikolay Aleksandrov authored
      Fix the return type which should be bool.
      
      Fixes: 955b785e ("bonding: fix suspicious RCU usage in bond_ipsec_offload_ok()")
      Signed-off-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
      Reviewed-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      fc59b9a5
    • Thomas Bogendoerfer's avatar
      ip6_tunnel: Fix broken GRO · 4b3e33fc
      Thomas Bogendoerfer authored
      GRO code checks for matching layer 2 headers to see, if packet belongs
      to the same flow and because ip6 tunnel set dev->hard_header_len
      this check fails in cases, where it shouldn't. To fix this don't
      set hard_header_len, but use needed_headroom like ipv4/ip_tunnel.c
      does.
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarThomas Bogendoerfer <tbogendoerfer@suse.de>
      Link: https://patch.msgid.link/20240815151419.109864-1-tbogendoerfer@suse.deSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      4b3e33fc
    • Kuniyuki Iwashima's avatar
      kcm: Serialise kcm_sendmsg() for the same socket. · 807067bf
      Kuniyuki Iwashima authored
      syzkaller reported UAF in kcm_release(). [0]
      
      The scenario is
      
        1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb.
      
        2. Thread A resumes building skb from kcm->seq_skb but is blocked
           by sk_stream_wait_memory()
      
        3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb
           and puts the skb to the write queue
      
        4. Thread A faces an error and finally frees skb that is already in the
           write queue
      
        5. kcm_release() does double-free the skb in the write queue
      
      When a thread is building a MSG_MORE skb, another thread must not touch it.
      
      Let's add a per-sk mutex and serialise kcm_sendmsg().
      
      [0]:
      BUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]
      BUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]
      BUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]
      BUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]
      BUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691
      Read of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167
      
      CPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G    B              6.8.0-rc5-syzkaller-g9abbc24128bc #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
      Call trace:
       dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291
       show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298
       __dump_stack lib/dump_stack.c:88 [inline]
       dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
       print_address_description mm/kasan/report.c:377 [inline]
       print_report+0x178/0x518 mm/kasan/report.c:488
       kasan_report+0xd8/0x138 mm/kasan/report.c:601
       __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381
       __skb_unlink include/linux/skbuff.h:2366 [inline]
       __skb_dequeue include/linux/skbuff.h:2385 [inline]
       __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]
       __skb_queue_purge include/linux/skbuff.h:3181 [inline]
       kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691
       __sock_release net/socket.c:659 [inline]
       sock_close+0xa4/0x1e8 net/socket.c:1421
       __fput+0x30c/0x738 fs/file_table.c:376
       ____fput+0x20/0x30 fs/file_table.c:404
       task_work_run+0x230/0x2e0 kernel/task_work.c:180
       exit_task_work include/linux/task_work.h:38 [inline]
       do_exit+0x618/0x1f64 kernel/exit.c:871
       do_group_exit+0x194/0x22c kernel/exit.c:1020
       get_signal+0x1500/0x15ec kernel/signal.c:2893
       do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249
       do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148
       exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
       exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
       el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713
       el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
      
      Allocated by task 6166:
       kasan_save_stack mm/kasan/common.c:47 [inline]
       kasan_save_track+0x40/0x78 mm/kasan/common.c:68
       kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626
       unpoison_slab_object mm/kasan/common.c:314 [inline]
       __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340
       kasan_slab_alloc include/linux/kasan.h:201 [inline]
       slab_post_alloc_hook mm/slub.c:3813 [inline]
       slab_alloc_node mm/slub.c:3860 [inline]
       kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903
       __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641
       alloc_skb include/linux/skbuff.h:1296 [inline]
       kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783
       sock_sendmsg_nosec net/socket.c:730 [inline]
       __sock_sendmsg net/socket.c:745 [inline]
       sock_sendmsg+0x220/0x2c0 net/socket.c:768
       splice_to_socket+0x7cc/0xd58 fs/splice.c:889
       do_splice_from fs/splice.c:941 [inline]
       direct_splice_actor+0xec/0x1d8 fs/splice.c:1164
       splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108
       do_splice_direct_actor fs/splice.c:1207 [inline]
       do_splice_direct+0x1e4/0x304 fs/splice.c:1233
       do_sendfile+0x460/0xb3c fs/read_write.c:1295
       __do_sys_sendfile64 fs/read_write.c:1362 [inline]
       __se_sys_sendfile64 fs/read_write.c:1348 [inline]
       __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1348
       __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
       invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
       el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
       do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
       el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
       el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
      
      Freed by task 6167:
       kasan_save_stack mm/kasan/common.c:47 [inline]
       kasan_save_track+0x40/0x78 mm/kasan/common.c:68
       kasan_save_free_info+0x5c/0x74 mm/kasan/generic.c:640
       poison_slab_object+0x124/0x18c mm/kasan/common.c:241
       __kasan_slab_free+0x3c/0x78 mm/kasan/common.c:257
       kasan_slab_free include/linux/kasan.h:184 [inline]
       slab_free_hook mm/slub.c:2121 [inline]
       slab_free mm/slub.c:4299 [inline]
       kmem_cache_free+0x15c/0x3d4 mm/slub.c:4363
       kfree_skbmem+0x10c/0x19c
       __kfree_skb net/core/skbuff.c:1109 [inline]
       kfree_skb_reason+0x240/0x6f4 net/core/skbuff.c:1144
       kfree_skb include/linux/skbuff.h:1244 [inline]
       kcm_release+0x104/0x4c8 net/kcm/kcmsock.c:1685
       __sock_release net/socket.c:659 [inline]
       sock_close+0xa4/0x1e8 net/socket.c:1421
       __fput+0x30c/0x738 fs/file_table.c:376
       ____fput+0x20/0x30 fs/file_table.c:404
       task_work_run+0x230/0x2e0 kernel/task_work.c:180
       exit_task_work include/linux/task_work.h:38 [inline]
       do_exit+0x618/0x1f64 kernel/exit.c:871
       do_group_exit+0x194/0x22c kernel/exit.c:1020
       get_signal+0x1500/0x15ec kernel/signal.c:2893
       do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249
       do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148
       exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
       exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
       el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713
       el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
       el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
      
      The buggy address belongs to the object at ffff0000ced0fc80
       which belongs to the cache skbuff_head_cache of size 240
      The buggy address is located 0 bytes inside of
       freed 240-byte region [ffff0000ced0fc80, ffff0000ced0fd70)
      
      The buggy address belongs to the physical page:
      page:00000000d35f4ae4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ed0f
      flags: 0x5ffc00000000800(slab|node=0|zone=2|lastcpupid=0x7ff)
      page_type: 0xffffffff()
      raw: 05ffc00000000800 ffff0000c1cbf640 fffffdffc3423100 dead000000000004
      raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
       ffff0000ced0fb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
       ffff0000ced0fc00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
      >ffff0000ced0fc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                         ^
       ffff0000ced0fd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
       ffff0000ced0fd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
      
      Fixes: ab7ac4eb ("kcm: Kernel Connection Multiplexor module")
      Reported-by: syzbot+b72d86aa5df17ce74c60@syzkaller.appspotmail.com
      Closes: https://syzkaller.appspot.com/bug?extid=b72d86aa5df17ce74c60
      Tested-by: syzbot+b72d86aa5df17ce74c60@syzkaller.appspotmail.com
      Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Link: https://patch.msgid.link/20240815220437.69511-1-kuniyu@amazon.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      807067bf
    • Jeremy Kerr's avatar
      net: mctp: test: Use correct skb for route input check · ce335db0
      Jeremy Kerr authored
      In the MCTP route input test, we're routing one skb, then (when delivery
      is expected) checking the resulting routed skb.
      
      However, we're currently checking the original skb length, rather than
      the routed skb. Check the routed skb instead; the original will have
      been freed at this point.
      
      Fixes: 8892c049 ("mctp: Add route input to socket tests")
      Reported-by: default avatarDan Carpenter <dan.carpenter@linaro.org>
      Closes: https://lore.kernel.org/kernel-janitors/4ad204f0-94cf-46c5-bdab-49592addf315@kili.mountain/Signed-off-by: default avatarJeremy Kerr <jk@codeconstruct.com.au>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Link: https://patch.msgid.link/20240816-mctp-kunit-skb-fix-v1-1-3c367ac89c27@codeconstruct.com.auSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      ce335db0
  4. 19 Aug, 2024 4 commits
  5. 17 Aug, 2024 2 commits
  6. 16 Aug, 2024 2 commits
    • Jakub Kicinski's avatar
      Merge branch 'mlx5-misc-fixes-2024-08-15' · 0373d712
      Jakub Kicinski authored
      Tariq Toukan says:
      
      ====================
      mlx5 misc fixes 2024-08-15
      
      This patchset provides misc bug fixes from the team to the mlx5 driver.
      ====================
      
      Link: https://patch.msgid.link/20240815071611.2211873-1-tariqt@nvidia.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      0373d712
    • Patrisious Haddad's avatar
      net/mlx5: Fix IPsec RoCE MPV trace call · 607e1df7
      Patrisious Haddad authored
      Prevent the call trace below from happening, by not allowing IPsec
      creation over a slave, if master device doesn't support IPsec.
      
      WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94
      Modules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec
       ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]
      CPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2
      Hardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021
      Workqueue: events xfrm_state_gc_task
      RIP: 0010:down_read+0x75/0x94
      Code: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 <0f> 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0
      RSP: 0018:ffffb26387773da8 EFLAGS: 00010282
      RAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001
      RDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000
      RBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540
      R13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905
      FS:  0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0
      Call Trace:
       <TASK>
       ? show_trace_log_lvl+0x1d6/0x2f9
       ? show_trace_log_lvl+0x1d6/0x2f9
       ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]
       ? down_read+0x75/0x94
       ? __warn+0x80/0x113
       ? down_read+0x75/0x94
       ? report_bug+0xa4/0x11d
       ? handle_bug+0x35/0x8b
       ? exc_invalid_op+0x14/0x75
       ? asm_exc_invalid_op+0x16/0x1b
       ? down_read+0x75/0x94
       ? down_read+0xe/0x94
       mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]
       mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]
       tx_destroy+0x1b/0xc0 [mlx5_core]
       tx_ft_put+0x53/0xc0 [mlx5_core]
       mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]
       ___xfrm_state_destroy+0x10f/0x1a2
       xfrm_state_gc_task+0x81/0xa9
       process_one_work+0x1f1/0x3c6
       worker_thread+0x53/0x3e4
       ? process_one_work.cold+0x46/0x3c
       kthread+0x127/0x144
       ? set_kthread_struct+0x60/0x52
       ret_from_fork+0x22/0x2d
       </TASK>
      ---[ end trace 5ef7896144d398e1 ]---
      
      Fixes: dfbd229a ("net/mlx5: Configure IPsec steering for egress RoCEv2 MPV traffic")
      Reviewed-by: default avatarLeon Romanovsky <leonro@nvidia.com>
      Signed-off-by: default avatarPatrisious Haddad <phaddad@nvidia.com>
      Signed-off-by: default avatarTariq Toukan <tariqt@nvidia.com>
      Link: https://patch.msgid.link/20240815071611.2211873-5-tariqt@nvidia.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      607e1df7