1. 23 Jun, 2024 8 commits
  2. 22 Jun, 2024 4 commits
  3. 21 Jun, 2024 17 commits
    • David S. Miller's avatar
      Merge branch 'mlxsw-fixes' · 8406b56a
      David S. Miller authored
      Petr Machata says:
      
      ====================
      mlxsw: Fixes
      
      This patchset fixes an issue with mlxsw driver initialization, and a
      memory corruption issue in shared buffer occupancy handling.
      
      v3:
      - Drop the core thermal fix, it's not relevant anymore.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8406b56a
    • Ido Schimmel's avatar
      mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems · c28947de
      Ido Schimmel authored
      The following two shared buffer operations make use of the Shared Buffer
      Status Register (SBSR):
      
       # devlink sb occupancy snapshot pci/0000:01:00.0
       # devlink sb occupancy clearmax pci/0000:01:00.0
      
      The register has two masks of 256 bits to denote on which ingress /
      egress ports the register should operate on. Spectrum-4 has more than
      256 ports, so the register was extended by cited commit with a new
      'port_page' field.
      
      However, when filling the register's payload, the driver specifies the
      ports as absolute numbers and not relative to the first port of the port
      page, resulting in memory corruptions [1].
      
      Fix by specifying the ports relative to the first port of the port page.
      
      [1]
      BUG: KASAN: slab-use-after-free in mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0
      Read of size 1 at addr ffff8881068cb00f by task devlink/1566
      [...]
      Call Trace:
       <TASK>
       dump_stack_lvl+0xc6/0x120
       print_report+0xce/0x670
       kasan_report+0xd7/0x110
       mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0
       mlxsw_devlink_sb_occ_snapshot+0x75/0xb0
       devlink_nl_sb_occ_snapshot_doit+0x1f9/0x2a0
       genl_family_rcv_msg_doit+0x20c/0x300
       genl_rcv_msg+0x567/0x800
       netlink_rcv_skb+0x170/0x450
       genl_rcv+0x2d/0x40
       netlink_unicast+0x547/0x830
       netlink_sendmsg+0x8d4/0xdb0
       __sys_sendto+0x49b/0x510
       __x64_sys_sendto+0xe5/0x1c0
       do_syscall_64+0xc1/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      [...]
      Allocated by task 1:
       kasan_save_stack+0x33/0x60
       kasan_save_track+0x14/0x30
       __kasan_kmalloc+0x8f/0xa0
       copy_verifier_state+0xbc2/0xfb0
       do_check_common+0x2c51/0xc7e0
       bpf_check+0x5107/0x9960
       bpf_prog_load+0xf0e/0x2690
       __sys_bpf+0x1a61/0x49d0
       __x64_sys_bpf+0x7d/0xc0
       do_syscall_64+0xc1/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      
      Freed by task 1:
       kasan_save_stack+0x33/0x60
       kasan_save_track+0x14/0x30
       kasan_save_free_info+0x3b/0x60
       poison_slab_object+0x109/0x170
       __kasan_slab_free+0x14/0x30
       kfree+0xca/0x2b0
       free_verifier_state+0xce/0x270
       do_check_common+0x4828/0xc7e0
       bpf_check+0x5107/0x9960
       bpf_prog_load+0xf0e/0x2690
       __sys_bpf+0x1a61/0x49d0
       __x64_sys_bpf+0x7d/0xc0
       do_syscall_64+0xc1/0x1d0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      
      Fixes: f8538aec ("mlxsw: Add support for more than 256 ports in SBSR register")
      Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Reviewed-by: default avatarPetr Machata <petrm@nvidia.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Signed-off-by: default avatarPetr Machata <petrm@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c28947de
    • Ido Schimmel's avatar
      mlxsw: pci: Fix driver initialization with Spectrum-4 · 0602697d
      Ido Schimmel authored
      Cited commit added support for a new reset flow ("all reset") which is
      deeper than the existing reset flow ("software reset") and allows the
      device's PCI firmware to be upgraded.
      
      In the new flow the driver first tells the firmware that "all reset" is
      required by issuing a new reset command (i.e., MRSR.command=6) and then
      triggers the reset by having the PCI core issue a secondary bus reset
      (SBR).
      
      However, due to a race condition in the device's firmware the device is
      not always able to recover from this reset, resulting in initialization
      failures [1].
      
      New firmware versions include a fix for the bug and advertise it using a
      new capability bit in the Management Capabilities Mask (MCAM) register.
      
      Avoid initialization failures by reading the new capability bit and
      triggering the new reset flow only if the bit is set. If the bit is not
      set, trigger a normal PCI hot reset by skipping the call to the
      Management Reset and Shutdown Register (MRSR).
      
      Normal PCI hot reset is weaker than "all reset", but it results in a
      fully operational driver and allows users to flash a new firmware, if
      they want to.
      
      [1]
      mlxsw_spectrum4 0000:01:00.0: not ready 1023ms after bus reset; waiting
      mlxsw_spectrum4 0000:01:00.0: not ready 2047ms after bus reset; waiting
      mlxsw_spectrum4 0000:01:00.0: not ready 4095ms after bus reset; waiting
      mlxsw_spectrum4 0000:01:00.0: not ready 8191ms after bus reset; waiting
      mlxsw_spectrum4 0000:01:00.0: not ready 16383ms after bus reset; waiting
      mlxsw_spectrum4 0000:01:00.0: not ready 32767ms after bus reset; waiting
      mlxsw_spectrum4 0000:01:00.0: not ready 65535ms after bus reset; giving up
      mlxsw_spectrum4 0000:01:00.0: PCI function reset failed with -25
      mlxsw_spectrum4 0000:01:00.0: cannot register bus device
      mlxsw_spectrum4: probe of 0000:01:00.0 failed with error -25
      
      Fixes: f257c73e ("mlxsw: pci: Add support for new reset flow")
      Reported-by: default avatarMaksym Yaremchuk <maksymy@nvidia.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Tested-by: default avatarMaksym Yaremchuk <maksymy@nvidia.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Signed-off-by: default avatarPetr Machata <petrm@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0602697d
    • Kuniyuki Iwashima's avatar
      selftest: af_unix: Add Kconfig file. · 11b006d6
      Kuniyuki Iwashima authored
      diag_uid selftest failed on NIPA where the received nlmsg_type is
      NLMSG_ERROR [0] because CONFIG_UNIX_DIAG is not set [1] by default
      and sock_diag_lock_handler() failed to load the module.
      
        # # Starting 2 tests from 2 test cases.
        # #  RUN           diag_uid.uid.1 ...
        # # diag_uid.c:159:1:Expected nlh->nlmsg_type (2) == SOCK_DIAG_BY_FAMILY (20)
        # # 1: Test terminated by assertion
        # #          FAIL  diag_uid.uid.1
        # not ok 1 diag_uid.uid.1
      
      Let's add all AF_UNIX Kconfig to the config file under af_unix dir
      so that NIPA consumes it.
      
      Fixes: ac011361 ("af_unix: Add test for sock_diag and UDIAG_SHOW_UID.")
      Link: https://netdev-3.bots.linux.dev/vmksft-net/results/644841/104-diag-uid/stdout [0]
      Link: https://netdev-3.bots.linux.dev/vmksft-net/results/644841/config [1]
      Reported-by: default avatarJakub Kicinski <kuba@kernel.org>
      Closes: https://lore.kernel.org/netdev/20240617073033.0cbb829d@kernel.org/Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      11b006d6
    • Shannon Nelson's avatar
      net: remove drivers@pensando.io from MAINTAINERS · 2490785e
      Shannon Nelson authored
      Our corporate overlords have been changing the domains around
      again and this mailing list has gone away.
      Signed-off-by: default avatarShannon Nelson <shannon.nelson@amd.com>
      Reviewed-by: default avatarMartin Habets <habetsm.xilinx@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2490785e
    • Eric Dumazet's avatar
      net: add softirq safety to netdev_rename_lock · 62e58ddb
      Eric Dumazet authored
      syzbot reported a lockdep violation involving bridge driver [1]
      
      Make sure netdev_rename_lock is softirq safe to fix this issue.
      
      [1]
      WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
      6.10.0-rc2-syzkaller-00249-gbe27b896 #0 Not tainted
         -----------------------------------------------------
      syz-executor.2/9449 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire:
       ffffffff8f5de668 (netdev_rename_lock.seqcount){+.+.}-{0:0}, at: rtnl_fill_ifinfo+0x38e/0x2270 net/core/rtnetlink.c:1839
      
      and this task is already holding:
       ffff888060c64cb8 (&br->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
       ffff888060c64cb8 (&br->lock){+.-.}-{2:2}, at: br_port_slave_changelink+0x3d/0x150 net/bridge/br_netlink.c:1212
      which would create a new lock dependency:
       (&br->lock){+.-.}-{2:2} -> (netdev_rename_lock.seqcount){+.+.}-{0:0}
      
      but this new dependency connects a SOFTIRQ-irq-safe lock:
       (&br->lock){+.-.}-{2:2}
      
      ... which became SOFTIRQ-irq-safe at:
         lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
         __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
         _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
         spin_lock include/linux/spinlock.h:351 [inline]
         br_forward_delay_timer_expired+0x50/0x440 net/bridge/br_stp_timer.c:86
         call_timer_fn+0x18e/0x650 kernel/time/timer.c:1792
         expire_timers kernel/time/timer.c:1843 [inline]
         __run_timers kernel/time/timer.c:2417 [inline]
         __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2428
         run_timer_base kernel/time/timer.c:2437 [inline]
         run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2447
         handle_softirqs+0x2c4/0x970 kernel/softirq.c:554
         __do_softirq kernel/softirq.c:588 [inline]
         invoke_softirq kernel/softirq.c:428 [inline]
         __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
         irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
         instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
         sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
         asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
         lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758
         fs_reclaim_acquire+0xaf/0x140 mm/page_alloc.c:3800
         might_alloc include/linux/sched/mm.h:334 [inline]
         slab_pre_alloc_hook mm/slub.c:3890 [inline]
         slab_alloc_node mm/slub.c:3980 [inline]
         kmalloc_trace_noprof+0x3d/0x2c0 mm/slub.c:4147
         kmalloc_noprof include/linux/slab.h:660 [inline]
         kzalloc_noprof include/linux/slab.h:778 [inline]
         class_dir_create_and_add drivers/base/core.c:3255 [inline]
         get_device_parent+0x2a7/0x410 drivers/base/core.c:3315
         device_add+0x325/0xbf0 drivers/base/core.c:3645
         netdev_register_kobject+0x17e/0x320 net/core/net-sysfs.c:2136
         register_netdevice+0x11d5/0x19e0 net/core/dev.c:10375
         nsim_init_netdevsim drivers/net/netdevsim/netdev.c:690 [inline]
         nsim_create+0x647/0x890 drivers/net/netdevsim/netdev.c:750
         __nsim_dev_port_add+0x6c0/0xae0 drivers/net/netdevsim/dev.c:1390
         nsim_dev_port_add_all drivers/net/netdevsim/dev.c:1446 [inline]
         nsim_dev_reload_create drivers/net/netdevsim/dev.c:1498 [inline]
         nsim_dev_reload_up+0x69b/0x8e0 drivers/net/netdevsim/dev.c:985
         devlink_reload+0x478/0x870 net/devlink/dev.c:474
         devlink_nl_reload_doit+0xbd6/0xe50 net/devlink/dev.c:586
         genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
         genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
         genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210
         netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2564
         genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
         netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
         netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361
         netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
         sock_sendmsg_nosec net/socket.c:730 [inline]
         __sock_sendmsg+0x221/0x270 net/socket.c:745
         ____sys_sendmsg+0x525/0x7d0 net/socket.c:2585
         ___sys_sendmsg net/socket.c:2639 [inline]
         __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2668
         do_syscall_x64 arch/x86/entry/common.c:52 [inline]
         do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
        entry_SYSCALL_64_after_hwframe+0x77/0x7f
      
      to a SOFTIRQ-irq-unsafe lock:
       (netdev_rename_lock.seqcount){+.+.}-{0:0}
      
      ... which became SOFTIRQ-irq-unsafe at:
      ...
         lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
         do_write_seqcount_begin_nested include/linux/seqlock.h:469 [inline]
         do_write_seqcount_begin include/linux/seqlock.h:495 [inline]
         write_seqlock include/linux/seqlock.h:823 [inline]
         dev_change_name+0x184/0x920 net/core/dev.c:1229
         do_setlink+0xa4b/0x41f0 net/core/rtnetlink.c:2880
         __rtnl_newlink net/core/rtnetlink.c:3696 [inline]
         rtnl_newlink+0x180b/0x20a0 net/core/rtnetlink.c:3743
         rtnetlink_rcv_msg+0x89b/0x1180 net/core/rtnetlink.c:6635
         netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2564
         netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
         netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361
         netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
         sock_sendmsg_nosec net/socket.c:730 [inline]
         __sock_sendmsg+0x221/0x270 net/socket.c:745
         __sys_sendto+0x3a4/0x4f0 net/socket.c:2192
         __do_sys_sendto net/socket.c:2204 [inline]
         __se_sys_sendto net/socket.c:2200 [inline]
         __x64_sys_sendto+0xde/0x100 net/socket.c:2200
         do_syscall_x64 arch/x86/entry/common.c:52 [inline]
         do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
        entry_SYSCALL_64_after_hwframe+0x77/0x7f
      
      other info that might help us debug this:
      
       Possible interrupt unsafe locking scenario:
      
             CPU0                    CPU1
             ----                    ----
        lock(netdev_rename_lock.seqcount);
                                     local_irq_disable();
                                     lock(&br->lock);
                                     lock(netdev_rename_lock.seqcount);
        <Interrupt>
          lock(&br->lock);
      
       *** DEADLOCK ***
      
      3 locks held by syz-executor.2/9449:
        #0: ffffffff8f5e7448 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:79 [inline]
        #0: ffffffff8f5e7448 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 net/core/rtnetlink.c:6632
        #1: ffff888060c64cb8 (&br->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
        #1: ffff888060c64cb8 (&br->lock){+.-.}-{2:2}, at: br_port_slave_changelink+0x3d/0x150 net/bridge/br_netlink.c:1212
        #2: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
        #2: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
        #2: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: team_change_rx_flags+0x29/0x330 drivers/net/team/team_core.c:1767
      
      the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
      -> (&br->lock){+.-.}-{2:2} {
         HARDIRQ-ON-W at:
                           lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
                           __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
                           _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
                           spin_lock_bh include/linux/spinlock.h:356 [inline]
                           br_add_if+0xb34/0xef0 net/bridge/br_if.c:682
                           do_set_master net/core/rtnetlink.c:2701 [inline]
                           do_setlink+0xe70/0x41f0 net/core/rtnetlink.c:2907
                           __rtnl_newlink net/core/rtnetlink.c:3696 [inline]
                           rtnl_newlink+0x180b/0x20a0 net/core/rtnetlink.c:3743
                           rtnetlink_rcv_msg+0x89b/0x1180 net/core/rtnetlink.c:6635
                           netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2564
                           netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
                           netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361
                           netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
                           sock_sendmsg_nosec net/socket.c:730 [inline]
                           __sock_sendmsg+0x221/0x270 net/socket.c:745
                           __sys_sendto+0x3a4/0x4f0 net/socket.c:2192
                           __do_sys_sendto net/socket.c:2204 [inline]
                           __se_sys_sendto net/socket.c:2200 [inline]
                           __x64_sys_sendto+0xde/0x100 net/socket.c:2200
                           do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                           do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                          entry_SYSCALL_64_after_hwframe+0x77/0x7f
         IN-SOFTIRQ-W at:
                           lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
                           __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
                           _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
                           spin_lock include/linux/spinlock.h:351 [inline]
                           br_forward_delay_timer_expired+0x50/0x440 net/bridge/br_stp_timer.c:86
                           call_timer_fn+0x18e/0x650 kernel/time/timer.c:1792
                           expire_timers kernel/time/timer.c:1843 [inline]
                           __run_timers kernel/time/timer.c:2417 [inline]
                           __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2428
                           run_timer_base kernel/time/timer.c:2437 [inline]
                           run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2447
                           handle_softirqs+0x2c4/0x970 kernel/softirq.c:554
                           __do_softirq kernel/softirq.c:588 [inline]
                           invoke_softirq kernel/softirq.c:428 [inline]
                           __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
                           irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
                           instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
                           sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
                           asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
                           lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758
                           fs_reclaim_acquire+0xaf/0x140 mm/page_alloc.c:3800
                           might_alloc include/linux/sched/mm.h:334 [inline]
                           slab_pre_alloc_hook mm/slub.c:3890 [inline]
                           slab_alloc_node mm/slub.c:3980 [inline]
                           kmalloc_trace_noprof+0x3d/0x2c0 mm/slub.c:4147
                           kmalloc_noprof include/linux/slab.h:660 [inline]
                           kzalloc_noprof include/linux/slab.h:778 [inline]
                           class_dir_create_and_add drivers/base/core.c:3255 [inline]
                           get_device_parent+0x2a7/0x410 drivers/base/core.c:3315
                           device_add+0x325/0xbf0 drivers/base/core.c:3645
                           netdev_register_kobject+0x17e/0x320 net/core/net-sysfs.c:2136
                           register_netdevice+0x11d5/0x19e0 net/core/dev.c:10375
                           nsim_init_netdevsim drivers/net/netdevsim/netdev.c:690 [inline]
                           nsim_create+0x647/0x890 drivers/net/netdevsim/netdev.c:750
                           __nsim_dev_port_add+0x6c0/0xae0 drivers/net/netdevsim/dev.c:1390
                           nsim_dev_port_add_all drivers/net/netdevsim/dev.c:1446 [inline]
                           nsim_dev_reload_create drivers/net/netdevsim/dev.c:1498 [inline]
                           nsim_dev_reload_up+0x69b/0x8e0 drivers/net/netdevsim/dev.c:985
                           devlink_reload+0x478/0x870 net/devlink/dev.c:474
                           devlink_nl_reload_doit+0xbd6/0xe50 net/devlink/dev.c:586
                           genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
                           genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
                           genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210
                           netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2564
                           genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
                           netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
                           netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361
                           netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
                           sock_sendmsg_nosec net/socket.c:730 [inline]
                           __sock_sendmsg+0x221/0x270 net/socket.c:745
                           ____sys_sendmsg+0x525/0x7d0 net/socket.c:2585
                           ___sys_sendmsg net/socket.c:2639 [inline]
                           __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2668
                           do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                           do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                          entry_SYSCALL_64_after_hwframe+0x77/0x7f
         INITIAL USE at:
                          lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
                          __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
                          _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
                          spin_lock_bh include/linux/spinlock.h:356 [inline]
                          br_add_if+0xb34/0xef0 net/bridge/br_if.c:682
                          do_set_master net/core/rtnetlink.c:2701 [inline]
                          do_setlink+0xe70/0x41f0 net/core/rtnetlink.c:2907
                          __rtnl_newlink net/core/rtnetlink.c:3696 [inline]
                          rtnl_newlink+0x180b/0x20a0 net/core/rtnetlink.c:3743
                          rtnetlink_rcv_msg+0x89b/0x1180 net/core/rtnetlink.c:6635
                          netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2564
                          netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
                          netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361
                          netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
                          sock_sendmsg_nosec net/socket.c:730 [inline]
                          __sock_sendmsg+0x221/0x270 net/socket.c:745
                          __sys_sendto+0x3a4/0x4f0 net/socket.c:2192
                          __do_sys_sendto net/socket.c:2204 [inline]
                          __se_sys_sendto net/socket.c:2200 [inline]
                          __x64_sys_sendto+0xde/0x100 net/socket.c:2200
                          do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                          do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
       }
       ... key      at: [<ffffffff94b9a1a0>] br_dev_setup.__key+0x0/0x20
      
      the dependencies between the lock to be acquired
       and SOFTIRQ-irq-unsafe lock:
      -> (netdev_rename_lock.seqcount){+.+.}-{0:0} {
         HARDIRQ-ON-W at:
                           lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
                           do_write_seqcount_begin_nested include/linux/seqlock.h:469 [inline]
                           do_write_seqcount_begin include/linux/seqlock.h:495 [inline]
                           write_seqlock include/linux/seqlock.h:823 [inline]
                           dev_change_name+0x184/0x920 net/core/dev.c:1229
                           do_setlink+0xa4b/0x41f0 net/core/rtnetlink.c:2880
                           __rtnl_newlink net/core/rtnetlink.c:3696 [inline]
                           rtnl_newlink+0x180b/0x20a0 net/core/rtnetlink.c:3743
                           rtnetlink_rcv_msg+0x89b/0x1180 net/core/rtnetlink.c:6635
                           netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2564
                           netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
                           netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361
                           netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
                           sock_sendmsg_nosec net/socket.c:730 [inline]
                           __sock_sendmsg+0x221/0x270 net/socket.c:745
                           __sys_sendto+0x3a4/0x4f0 net/socket.c:2192
                           __do_sys_sendto net/socket.c:2204 [inline]
                           __se_sys_sendto net/socket.c:2200 [inline]
                           __x64_sys_sendto+0xde/0x100 net/socket.c:2200
                           do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                           do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                          entry_SYSCALL_64_after_hwframe+0x77/0x7f
         SOFTIRQ-ON-W at:
                           lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
                           do_write_seqcount_begin_nested include/linux/seqlock.h:469 [inline]
                           do_write_seqcount_begin include/linux/seqlock.h:495 [inline]
                           write_seqlock include/linux/seqlock.h:823 [inline]
                           dev_change_name+0x184/0x920 net/core/dev.c:1229
                           do_setlink+0xa4b/0x41f0 net/core/rtnetlink.c:2880
                           __rtnl_newlink net/core/rtnetlink.c:3696 [inline]
                           rtnl_newlink+0x180b/0x20a0 net/core/rtnetlink.c:3743
                           rtnetlink_rcv_msg+0x89b/0x1180 net/core/rtnetlink.c:6635
                           netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2564
                           netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
                           netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361
                           netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
                           sock_sendmsg_nosec net/socket.c:730 [inline]
                           __sock_sendmsg+0x221/0x270 net/socket.c:745
                           __sys_sendto+0x3a4/0x4f0 net/socket.c:2192
                           __do_sys_sendto net/socket.c:2204 [inline]
                           __se_sys_sendto net/socket.c:2200 [inline]
                           __x64_sys_sendto+0xde/0x100 net/socket.c:2200
                           do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                           do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                          entry_SYSCALL_64_after_hwframe+0x77/0x7f
         INITIAL USE at:
                          lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
                          do_write_seqcount_begin_nested include/linux/seqlock.h:469 [inline]
                          do_write_seqcount_begin include/linux/seqlock.h:495 [inline]
                          write_seqlock include/linux/seqlock.h:823 [inline]
                          dev_change_name+0x184/0x920 net/core/dev.c:1229
                          do_setlink+0xa4b/0x41f0 net/core/rtnetlink.c:2880
                          __rtnl_newlink net/core/rtnetlink.c:3696 [inline]
                          rtnl_newlink+0x180b/0x20a0 net/core/rtnetlink.c:3743
                          rtnetlink_rcv_msg+0x89b/0x1180 net/core/rtnetlink.c:6635
                          netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2564
                          netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
                          netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361
                          netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
                          sock_sendmsg_nosec net/socket.c:730 [inline]
                          __sock_sendmsg+0x221/0x270 net/socket.c:745
                          __sys_sendto+0x3a4/0x4f0 net/socket.c:2192
                          __do_sys_sendto net/socket.c:2204 [inline]
                          __se_sys_sendto net/socket.c:2200 [inline]
                          __x64_sys_sendto+0xde/0x100 net/socket.c:2200
                          do_syscall_x64 arch/x86/entry/common.c:52 [inline]
                          do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
         INITIAL READ USE at:
                               lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
                               seqcount_lockdep_reader_access include/linux/seqlock.h:72 [inline]
                               read_seqbegin include/linux/seqlock.h:772 [inline]
                               netdev_copy_name+0x168/0x2c0 net/core/dev.c:949
                               rtnl_fill_ifinfo+0x38e/0x2270 net/core/rtnetlink.c:1839
                               rtmsg_ifinfo_build_skb+0x18a/0x260 net/core/rtnetlink.c:4073
                               rtmsg_ifinfo_event net/core/rtnetlink.c:4107 [inline]
                               rtmsg_ifinfo+0x91/0x1b0 net/core/rtnetlink.c:4116
                               register_netdevice+0x1665/0x19e0 net/core/dev.c:10422
                               register_netdev+0x3b/0x50 net/core/dev.c:10512
                               loopback_net_init+0x73/0x150 drivers/net/loopback.c:217
                               ops_init+0x359/0x610 net/core/net_namespace.c:139
                               __register_pernet_operations net/core/net_namespace.c:1247 [inline]
                               register_pernet_operations+0x2cb/0x660 net/core/net_namespace.c:1320
                               register_pernet_device+0x33/0x80 net/core/net_namespace.c:1407
                               net_dev_init+0xfcd/0x10d0 net/core/dev.c:11956
                               do_one_initcall+0x248/0x880 init/main.c:1267
                               do_initcall_level+0x157/0x210 init/main.c:1329
                               do_initcalls+0x3f/0x80 init/main.c:1345
                               kernel_init_freeable+0x435/0x5d0 init/main.c:1578
                               kernel_init+0x1d/0x2b0 init/main.c:1467
                               ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
                               ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
       }
       ... key      at: [<ffffffff8f5de668>] netdev_rename_lock+0x8/0xa0
       ... acquired at:
          lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
          seqcount_lockdep_reader_access include/linux/seqlock.h:72 [inline]
          read_seqbegin include/linux/seqlock.h:772 [inline]
          netdev_copy_name+0x168/0x2c0 net/core/dev.c:949
          rtnl_fill_ifinfo+0x38e/0x2270 net/core/rtnetlink.c:1839
          rtmsg_ifinfo_build_skb+0x18a/0x260 net/core/rtnetlink.c:4073
          rtmsg_ifinfo_event net/core/rtnetlink.c:4107 [inline]
          rtmsg_ifinfo+0x91/0x1b0 net/core/rtnetlink.c:4116
          __dev_notify_flags+0xf7/0x400 net/core/dev.c:8816
          __dev_set_promiscuity+0x152/0x5a0 net/core/dev.c:8588
          dev_set_promiscuity+0x51/0xe0 net/core/dev.c:8608
          team_change_rx_flags+0x203/0x330 drivers/net/team/team_core.c:1771
          dev_change_rx_flags net/core/dev.c:8541 [inline]
          __dev_set_promiscuity+0x406/0x5a0 net/core/dev.c:8585
          dev_set_promiscuity+0x51/0xe0 net/core/dev.c:8608
          br_port_clear_promisc net/bridge/br_if.c:135 [inline]
          br_manage_promisc+0x505/0x590 net/bridge/br_if.c:172
          nbp_update_port_count net/bridge/br_if.c:242 [inline]
          br_port_flags_change+0x161/0x1f0 net/bridge/br_if.c:761
          br_setport+0xcb5/0x16d0 net/bridge/br_netlink.c:1000
          br_port_slave_changelink+0x135/0x150 net/bridge/br_netlink.c:1213
          __rtnl_newlink net/core/rtnetlink.c:3689 [inline]
          rtnl_newlink+0x169f/0x20a0 net/core/rtnetlink.c:3743
          rtnetlink_rcv_msg+0x89b/0x1180 net/core/rtnetlink.c:6635
          netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2564
          netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
          netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361
          netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
          sock_sendmsg_nosec net/socket.c:730 [inline]
          __sock_sendmsg+0x221/0x270 net/socket.c:745
          ____sys_sendmsg+0x525/0x7d0 net/socket.c:2585
          ___sys_sendmsg net/socket.c:2639 [inline]
          __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2668
          do_syscall_x64 arch/x86/entry/common.c:52 [inline]
          do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
         entry_SYSCALL_64_after_hwframe+0x77/0x7f
      
      stack backtrace:
      CPU: 0 PID: 9449 Comm: syz-executor.2 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b896 #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
      Call Trace:
       <TASK>
        __dump_stack lib/dump_stack.c:88 [inline]
        dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
        print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline]
        check_irq_usage kernel/locking/lockdep.c:2865 [inline]
        check_prev_add kernel/locking/lockdep.c:3138 [inline]
        check_prevs_add kernel/locking/lockdep.c:3253 [inline]
        validate_chain+0x4de0/0x5900 kernel/locking/lockdep.c:3869
        __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
        seqcount_lockdep_reader_access include/linux/seqlock.h:72 [inline]
        read_seqbegin include/linux/seqlock.h:772 [inline]
        netdev_copy_name+0x168/0x2c0 net/core/dev.c:949
        rtnl_fill_ifinfo+0x38e/0x2270 net/core/rtnetlink.c:1839
        rtmsg_ifinfo_build_skb+0x18a/0x260 net/core/rtnetlink.c:4073
        rtmsg_ifinfo_event net/core/rtnetlink.c:4107 [inline]
        rtmsg_ifinfo+0x91/0x1b0 net/core/rtnetlink.c:4116
        __dev_notify_flags+0xf7/0x400 net/core/dev.c:8816
        __dev_set_promiscuity+0x152/0x5a0 net/core/dev.c:8588
        dev_set_promiscuity+0x51/0xe0 net/core/dev.c:8608
        team_change_rx_flags+0x203/0x330 drivers/net/team/team_core.c:1771
        dev_change_rx_flags net/core/dev.c:8541 [inline]
        __dev_set_promiscuity+0x406/0x5a0 net/core/dev.c:8585
        dev_set_promiscuity+0x51/0xe0 net/core/dev.c:8608
        br_port_clear_promisc net/bridge/br_if.c:135 [inline]
        br_manage_promisc+0x505/0x590 net/bridge/br_if.c:172
        nbp_update_port_count net/bridge/br_if.c:242 [inline]
        br_port_flags_change+0x161/0x1f0 net/bridge/br_if.c:761
        br_setport+0xcb5/0x16d0 net/bridge/br_netlink.c:1000
        br_port_slave_changelink+0x135/0x150 net/bridge/br_netlink.c:1213
        __rtnl_newlink net/core/rtnetlink.c:3689 [inline]
        rtnl_newlink+0x169f/0x20a0 net/core/rtnetlink.c:3743
        rtnetlink_rcv_msg+0x89b/0x1180 net/core/rtnetlink.c:6635
        netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2564
        netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
        netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361
        netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905
        sock_sendmsg_nosec net/socket.c:730 [inline]
        __sock_sendmsg+0x221/0x270 net/socket.c:745
        ____sys_sendmsg+0x525/0x7d0 net/socket.c:2585
        ___sys_sendmsg net/socket.c:2639 [inline]
        __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2668
        do_syscall_x64 arch/x86/entry/common.c:52 [inline]
        do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      RIP: 0033:0x7f3b3047cf29
      Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
      RSP: 002b:00007f3b311740c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
      RAX: ffffffffffffffda RBX: 00007f3b305b4050 RCX: 00007f3b3047cf29
      RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000008
      RBP: 00007f3b304ec074 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
      R13: 000000000000006e R14: 00007f3b305b4050 R15: 00007ffca2f3dc68
       </TASK>
      
      Fixes: 0840556e ("net: Protect dev->name by seqlock.")
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Kuniyuki Iwashima <kuniyu@amazon.com>
      Reviewed-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      62e58ddb
    • Taehee Yoo's avatar
      ionic: fix kernel panic due to multi-buffer handling · e3f02f32
      Taehee Yoo authored
      Currently, the ionic_run_xdp() doesn't handle multi-buffer packets
      properly for XDP_TX and XDP_REDIRECT.
      When a jumbo frame is received, the ionic_run_xdp() first makes xdp
      frame with all necessary pages in the rx descriptor.
      And if the action is either XDP_TX or XDP_REDIRECT, it should unmap
      dma-mapping and reset page pointer to NULL for all pages, not only the
      first page.
      But it doesn't for SG pages. So, SG pages unexpectedly will be reused.
      It eventually causes kernel panic.
      
      Oops: general protection fault, probably for non-canonical address 0x504f4e4dbebc64ff: 0000 [#1] PREEMPT SMP NOPTI
      CPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.10.0-rc3+ #25
      RIP: 0010:xdp_return_frame+0x42/0x90
      Code: 01 75 12 5b 4c 89 e6 5d 31 c9 41 5c 31 d2 41 5d e9 73 fd ff ff 44 8b 6b 20 0f b7 43 0a 49 81 ed 68 01 00 00 49 29 c5 49 01 fd <41> 80 7d0
      RSP: 0018:ffff99d00122ce08 EFLAGS: 00010202
      RAX: 0000000000005453 RBX: ffff8d325f904000 RCX: 0000000000000001
      RDX: 00000000670e1000 RSI: 000000011f90d000 RDI: 504f4e4d4c4b4a49
      RBP: ffff99d003907740 R08: 0000000000000000 R09: 0000000000000000
      R10: 000000011f90d000 R11: 0000000000000000 R12: ffff8d325f904010
      R13: 504f4e4dbebc64fd R14: ffff8d3242b070c8 R15: ffff99d0039077c0
      FS:  0000000000000000(0000) GS:ffff8d399f780000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007f41f6c85e38 CR3: 000000037ac30000 CR4: 00000000007506f0
      PKRU: 55555554
      Call Trace:
       <IRQ>
       ? die_addr+0x33/0x90
       ? exc_general_protection+0x251/0x2f0
       ? asm_exc_general_protection+0x22/0x30
       ? xdp_return_frame+0x42/0x90
       ionic_tx_clean+0x211/0x280 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]
       ionic_tx_cq_service+0xd3/0x210 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]
       ionic_txrx_napi+0x41/0x1b0 [ionic 15881354510e6a9c655c59c54812b319ed2cd015]
       __napi_poll.constprop.0+0x29/0x1b0
       net_rx_action+0x2c4/0x350
       handle_softirqs+0xf4/0x320
       irq_exit_rcu+0x78/0xa0
       common_interrupt+0x77/0x90
      
      Fixes: 5377805d ("ionic: implement xdp frags support")
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Reviewed-by: default avatarShannon Nelson <shannon.nelson@amd.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e3f02f32
    • Kory Maincent's avatar
      net: pse-pd: Kconfig: Fix missing firmware loader config select · 7eadf500
      Kory Maincent authored
      Selecting FW_UPLOAD is not sufficient as it allows the firmware loader
      API to be built as a module alongside the pd692x0 driver built as builtin.
      Add select FW_LOADER to fix this issue.
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Closes: https://lore.kernel.org/oe-kbuild-all/202406200632.hSChnX0g-lkp@intel.com/
      Fixes: 9a993845 ("net: pse-pd: Add PD692x0 PSE controller driver")
      Signed-off-by: default avatarKory Maincent <kory.maincent@bootlin.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7eadf500
    • Hangbin Liu's avatar
      bonding: fix incorrect software timestamping report · a95b031c
      Hangbin Liu authored
      The __ethtool_get_ts_info function returns directly if the device has a
      get_ts_info() method. For bonding with an active slave, this works correctly
      as we simply return the real device's timestamping information. However,
      when there is no active slave, we only check the slave's TX software
      timestamp information. We still need to set the phc index and RX timestamp
      information manually. Otherwise, the result will be look like:
      
        Time stamping parameters for bond0:
        Capabilities:
                software-transmit
        PTP Hardware Clock: 0
        Hardware Transmit Timestamp Modes: none
        Hardware Receive Filter Modes: none
      
      This issue does not affect VLAN or MACVLAN devices, as they only have one
      downlink and can directly use the downlink's timestamping information.
      
      Fixes: b8768dc4 ("net: ethtool: Refactor identical get_ts_info implementations.")
      Reported-by: default avatarLiang Li <liali@redhat.com>
      Closes: https://issues.redhat.com/browse/RHEL-42409Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Acked-by: default avatarKory Maincent <kory.maincent@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a95b031c
    • Aryan Srivastava's avatar
      net: mvpp2: fill-in dev_port attribute · 00418d55
      Aryan Srivastava authored
      Fill this in so user-space can identify multiple ports on the same CP
      unit.
      Signed-off-by: default avatarAryan Srivastava <aryan.srivastava@alliedtelesis.co.nz>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      00418d55
    • Xin Long's avatar
      openvswitch: get related ct labels from its master if it is not confirmed · a23ac973
      Xin Long authored
      Ilya found a failure in running check-kernel tests with at_groups=144
      (144: conntrack - FTP SNAT orig tuple) in OVS repo. After his further
      investigation, the root cause is that the labels sent to userspace
      for related ct are incorrect.
      
      The labels for unconfirmed related ct should use its master's labels.
      However, the changes made in commit 8c8b7332 ("openvswitch: set
      IPS_CONFIRMED in tmpl status only when commit is set in conntrack")
      led to getting labels from this related ct.
      
      So fix it in ovs_ct_get_labels() by changing to copy labels from its
      master ct if it is a unconfirmed related ct. Note that there is no
      fix needed for ct->mark, as it was already copied from its master
      ct for related ct in init_conntrack().
      
      Fixes: 8c8b7332 ("openvswitch: set IPS_CONFIRMED in tmpl status only when commit is set in conntrack")
      Reported-by: default avatarIlya Maximets <i.maximets@ovn.org>
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Reviewed-by: default avatarIlya Maximets <i.maximets@ovn.org>
      Tested-by: default avatarIlya Maximets <i.maximets@ovn.org>
      Reviewed-by: default avatarAaron Conole <aconole@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a23ac973
    • Vitor Soares's avatar
      can: mcp251xfd: fix infinite loop when xmit fails · d8fb63e4
      Vitor Soares authored
      When the mcp251xfd_start_xmit() function fails, the driver stops
      processing messages, and the interrupt routine does not return,
      running indefinitely even after killing the running application.
      
      Error messages:
      [  441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16
      [  441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3).
      ... and repeat forever.
      
      The issue can be triggered when multiple devices share the same SPI
      interface. And there is concurrent access to the bus.
      
      The problem occurs because tx_ring->head increments even if
      mcp251xfd_start_xmit() fails. Consequently, the driver skips one TX
      package while still expecting a response in
      mcp251xfd_handle_tefif_one().
      
      Resolve the issue by starting a workqueue to write the tx obj
      synchronously if err = -EBUSY. In case of another error, decrement
      tx_ring->head, remove skb from the echo stack, and drop the message.
      
      Fixes: 55e5b97f ("can: mcp25xxfd: add driver for Microchip MCP25xxFD SPI CAN")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarVitor Soares <vitor.soares@toradex.com>
      Link: https://lore.kernel.org/all/20240517134355.770777-1-ivitro@gmail.com
      [mkl: use more imperative wording in patch description]
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      d8fb63e4
    • Chen Ni's avatar
      can: kvaser_usb: fix return value for hif_usb_send_regout · 0d34d816
      Chen Ni authored
      As the potential failure of usb_submit_urb(), it should be better to
      return the err variable to catch the error.
      Signed-off-by: default avatarChen Ni <nichen@iscas.ac.cn>
      Link: https://lore.kernel.org/all/20240521041020.1519416-1-nichen@iscas.ac.cnSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      0d34d816
    • Oleksij Rempel's avatar
      net: can: j1939: recover socket queue on CAN bus error during BAM transmission · 9ad1da14
      Oleksij Rempel authored
      Addresses an issue where a CAN bus error during a BAM transmission
      could stall the socket queue, preventing further transmissions even
      after the bus error is resolved. The fix activates the next queued
      session after the error recovery, allowing communication to continue.
      
      Fixes: 9d71dd0c ("can: add support of SAE J1939 protocol")
      Cc: stable@vger.kernel.org
      Reported-by: default avatarAlexander Hölzl <alexander.hoelzl@gmx.net>
      Tested-by: default avatarAlexander Hölzl <alexander.hoelzl@gmx.net>
      Signed-off-by: default avatarOleksij Rempel <o.rempel@pengutronix.de>
      Link: https://lore.kernel.org/all/20240528070648.1947203-1-o.rempel@pengutronix.de
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      9ad1da14
    • Shigeru Yoshida's avatar
      net: can: j1939: Initialize unused data in j1939_send_one() · b7cdf1dd
      Shigeru Yoshida authored
      syzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()
      creates full frame including unused data, but it doesn't initialize
      it. This causes the kernel-infoleak issue. Fix this by initializing
      unused data.
      
      [1]
      BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
      BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]
      BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]
      BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
      BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]
      BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185
       instrument_copy_to_user include/linux/instrumented.h:114 [inline]
       copy_to_user_iter lib/iov_iter.c:24 [inline]
       iterate_ubuf include/linux/iov_iter.h:29 [inline]
       iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
       iterate_and_advance include/linux/iov_iter.h:271 [inline]
       _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185
       copy_to_iter include/linux/uio.h:196 [inline]
       memcpy_to_msg include/linux/skbuff.h:4113 [inline]
       raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008
       sock_recvmsg_nosec net/socket.c:1046 [inline]
       sock_recvmsg+0x2c4/0x340 net/socket.c:1068
       ____sys_recvmsg+0x18a/0x620 net/socket.c:2803
       ___sys_recvmsg+0x223/0x840 net/socket.c:2845
       do_recvmmsg+0x4fc/0xfd0 net/socket.c:2939
       __sys_recvmmsg net/socket.c:3018 [inline]
       __do_sys_recvmmsg net/socket.c:3041 [inline]
       __se_sys_recvmmsg net/socket.c:3034 [inline]
       __x64_sys_recvmmsg+0x397/0x490 net/socket.c:3034
       x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      
      Uninit was created at:
       slab_post_alloc_hook mm/slub.c:3804 [inline]
       slab_alloc_node mm/slub.c:3845 [inline]
       kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888
       kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577
       __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668
       alloc_skb include/linux/skbuff.h:1313 [inline]
       alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504
       sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795
       sock_alloc_send_skb include/net/sock.h:1842 [inline]
       j1939_sk_alloc_skb net/can/j1939/socket.c:878 [inline]
       j1939_sk_send_loop net/can/j1939/socket.c:1142 [inline]
       j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277
       sock_sendmsg_nosec net/socket.c:730 [inline]
       __sock_sendmsg+0x30f/0x380 net/socket.c:745
       ____sys_sendmsg+0x877/0xb60 net/socket.c:2584
       ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
       __sys_sendmsg net/socket.c:2667 [inline]
       __do_sys_sendmsg net/socket.c:2676 [inline]
       __se_sys_sendmsg net/socket.c:2674 [inline]
       __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674
       x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      
      Bytes 12-15 of 16 are uninitialized
      Memory access of size 16 starts at ffff888120969690
      Data copied to user address 00000000200017c0
      
      CPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
      
      Fixes: 9d71dd0c ("can: add support of SAE J1939 protocol")
      Reported-and-tested-by: syzbot+5681e40d297b30f5b513@syzkaller.appspotmail.com
      Closes: https://syzkaller.appspot.com/bug?extid=5681e40d297b30f5b513Acked-by: default avatarOleksij Rempel <o.rempel@pengutronix.de>
      Signed-off-by: default avatarShigeru Yoshida <syoshida@redhat.com>
      Link: https://lore.kernel.org/all/20240517035953.2617090-1-syoshida@redhat.com
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      b7cdf1dd
    • Oleksij Rempel's avatar
      net: can: j1939: enhanced error handling for tightly received RTS messages in... · d3e2904f
      Oleksij Rempel authored
      net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new
      
      This patch enhances error handling in scenarios with RTS (Request to
      Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE
      backtraces with a new error handling method. This provides clearer error
      messages and allows for the early termination of problematic sessions.
      Previously, sessions were only released at the end of j1939_xtp_rx_rts().
      
      Potentially this could be reproduced with something like:
      testj1939 -r vcan0:0x80 &
      while true; do
      	# send first RTS
      	cansend vcan0 18EC8090#1014000303002301;
      	# send second RTS
      	cansend vcan0 18EC8090#1014000303002301;
      	# send abort
      	cansend vcan0 18EC8090#ff00000000002301;
      done
      
      Fixes: 9d71dd0c ("can: add support of SAE J1939 protocol")
      Reported-by: syzbot+daa36413a5cedf799ae4@syzkaller.appspotmail.com
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarOleksij Rempel <o.rempel@pengutronix.de>
      Link: https://lore.kernel.org/all/20231117124959.961171-1-o.rempel@pengutronix.deSigned-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      d3e2904f
    • Tristram Ha's avatar
      net: dsa: microchip: fix initial port flush problem · ad53f5f5
      Tristram Ha authored
      The very first flush in any port will flush all learned addresses in all
      ports.  This can be observed by unplugging the cable from one port while
      additional ports are connected and dumping the fdb entries.
      
      This problem is caused by the initially wrong value programmed to the
      REG_SW_LUE_CTRL_1 register.  Setting SW_FLUSH_STP_TABLE and
      SW_FLUSH_MSTP_TABLE bits does not have an immediate effect.  It is when
      ksz9477_flush_dyn_mac_table() is called then the SW_FLUSH_STP_TABLE bit
      takes effect and flushes all learned entries.  After that call both bits
      are reset and so the next port flush will not cause such problem again.
      
      Fixes: b987e98e ("dsa: add DSA switch driver for Microchip KSZ9477")
      Signed-off-by: default avatarTristram Ha <tristram.ha@microchip.com>
      Link: https://patch.msgid.link/1718756202-2731-1-git-send-email-Tristram.Ha@microchip.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      ad53f5f5
  4. 20 Jun, 2024 11 commits