- 13 Apr, 2022 16 commits
-
-
Lin Ma authored
Commit 3e3b5dfc ("NFC: reorder the logic in nfc_{un,}register_device") assumes the device_is_registered() in function nfc_dev_up() will help to check when the rfkill is unregistered. However, this check only take effect when device_del(&dev->dev) is done in nfc_unregister_device(). Hence, the rfkill object is still possible be dereferenced. The crash trace in latest kernel (5.18-rc2): [ 68.760105] ================================================================== [ 68.760330] BUG: KASAN: use-after-free in __lock_acquire+0x3ec1/0x6750 [ 68.760756] Read of size 8 at addr ffff888009c93018 by task fuzz/313 [ 68.760756] [ 68.760756] CPU: 0 PID: 313 Comm: fuzz Not tainted 5.18.0-rc2 #4 [ 68.760756] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 68.760756] Call Trace: [ 68.760756] <TASK> [ 68.760756] dump_stack_lvl+0x57/0x7d [ 68.760756] print_report.cold+0x5e/0x5db [ 68.760756] ? __lock_acquire+0x3ec1/0x6750 [ 68.760756] kasan_report+0xbe/0x1c0 [ 68.760756] ? __lock_acquire+0x3ec1/0x6750 [ 68.760756] __lock_acquire+0x3ec1/0x6750 [ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 68.760756] ? register_lock_class+0x18d0/0x18d0 [ 68.760756] lock_acquire+0x1ac/0x4f0 [ 68.760756] ? rfkill_blocked+0xe/0x60 [ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 68.760756] ? mutex_lock_io_nested+0x12c0/0x12c0 [ 68.760756] ? nla_get_range_signed+0x540/0x540 [ 68.760756] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 68.760756] _raw_spin_lock_irqsave+0x39/0x50 [ 68.760756] ? rfkill_blocked+0xe/0x60 [ 68.760756] rfkill_blocked+0xe/0x60 [ 68.760756] nfc_dev_up+0x84/0x260 [ 68.760756] nfc_genl_dev_up+0x90/0xe0 [ 68.760756] genl_family_rcv_msg_doit+0x1f4/0x2f0 [ 68.760756] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x230/0x230 [ 68.760756] ? security_capable+0x51/0x90 [ 68.760756] genl_rcv_msg+0x280/0x500 [ 68.760756] ? genl_get_cmd+0x3c0/0x3c0 [ 68.760756] ? lock_acquire+0x1ac/0x4f0 [ 68.760756] ? nfc_genl_dev_down+0xe0/0xe0 [ 68.760756] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 68.760756] netlink_rcv_skb+0x11b/0x340 [ 68.760756] ? genl_get_cmd+0x3c0/0x3c0 [ 68.760756] ? netlink_ack+0x9c0/0x9c0 [ 68.760756] ? netlink_deliver_tap+0x136/0xb00 [ 68.760756] genl_rcv+0x1f/0x30 [ 68.760756] netlink_unicast+0x430/0x710 [ 68.760756] ? memset+0x20/0x40 [ 68.760756] ? netlink_attachskb+0x740/0x740 [ 68.760756] ? __build_skb_around+0x1f4/0x2a0 [ 68.760756] netlink_sendmsg+0x75d/0xc00 [ 68.760756] ? netlink_unicast+0x710/0x710 [ 68.760756] ? netlink_unicast+0x710/0x710 [ 68.760756] sock_sendmsg+0xdf/0x110 [ 68.760756] __sys_sendto+0x19e/0x270 [ 68.760756] ? __ia32_sys_getpeername+0xa0/0xa0 [ 68.760756] ? fd_install+0x178/0x4c0 [ 68.760756] ? fd_install+0x195/0x4c0 [ 68.760756] ? kernel_fpu_begin_mask+0x1c0/0x1c0 [ 68.760756] __x64_sys_sendto+0xd8/0x1b0 [ 68.760756] ? lockdep_hardirqs_on+0xbf/0x130 [ 68.760756] ? syscall_enter_from_user_mode+0x1d/0x50 [ 68.760756] do_syscall_64+0x3b/0x90 [ 68.760756] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.760756] RIP: 0033:0x7f67fb50e6b3 ... [ 68.760756] RSP: 002b:00007f67fa91fe90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 68.760756] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67fb50e6b3 [ 68.760756] RDX: 000000000000001c RSI: 0000559354603090 RDI: 0000000000000003 [ 68.760756] RBP: 00007f67fa91ff00 R08: 00007f67fa91fedc R09: 000000000000000c [ 68.760756] R10: 0000000000000000 R11: 0000000000000293 R12: 00007ffe824d496e [ 68.760756] R13: 00007ffe824d496f R14: 00007f67fa120000 R15: 0000000000000003 [ 68.760756] </TASK> [ 68.760756] [ 68.760756] Allocated by task 279: [ 68.760756] kasan_save_stack+0x1e/0x40 [ 68.760756] __kasan_kmalloc+0x81/0xa0 [ 68.760756] rfkill_alloc+0x7f/0x280 [ 68.760756] nfc_register_device+0xa3/0x1a0 [ 68.760756] nci_register_device+0x77a/0xad0 [ 68.760756] nfcmrvl_nci_register_dev+0x20b/0x2c0 [ 68.760756] nfcmrvl_nci_uart_open+0xf2/0x1dd [ 68.760756] nci_uart_tty_ioctl+0x2c3/0x4a0 [ 68.760756] tty_ioctl+0x764/0x1310 [ 68.760756] __x64_sys_ioctl+0x122/0x190 [ 68.760756] do_syscall_64+0x3b/0x90 [ 68.760756] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 68.760756] [ 68.760756] Freed by task 314: [ 68.760756] kasan_save_stack+0x1e/0x40 [ 68.760756] kasan_set_track+0x21/0x30 [ 68.760756] kasan_set_free_info+0x20/0x30 [ 68.760756] __kasan_slab_free+0x108/0x170 [ 68.760756] kfree+0xb0/0x330 [ 68.760756] device_release+0x96/0x200 [ 68.760756] kobject_put+0xf9/0x1d0 [ 68.760756] nfc_unregister_device+0x77/0x190 [ 68.760756] nfcmrvl_nci_unregister_dev+0x88/0xd0 [ 68.760756] nci_uart_tty_close+0xdf/0x180 [ 68.760756] tty_ldisc_kill+0x73/0x110 [ 68.760756] tty_ldisc_hangup+0x281/0x5b0 [ 68.760756] __tty_hangup.part.0+0x431/0x890 [ 68.760756] tty_release+0x3a8/0xc80 [ 68.760756] __fput+0x1f0/0x8c0 [ 68.760756] task_work_run+0xc9/0x170 [ 68.760756] exit_to_user_mode_prepare+0x194/0x1a0 [ 68.760756] syscall_exit_to_user_mode+0x19/0x50 [ 68.760756] do_syscall_64+0x48/0x90 [ 68.760756] entry_SYSCALL_64_after_hwframe+0x44/0xae This patch just add the null out of dev->rfkill to make sure such dereference cannot happen. This is safe since the device_lock() already protect the check/write from data race. Fixes: 3e3b5dfc ("NFC: reorder the logic in nfc_{un,}register_device") Signed-off-by:
Lin Ma <linma@zju.edu.cn> Reviewed-by:
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Guo Zhengkui authored
Address the following coccicheck warning: net/ipv6/exthdrs.c:620:44-45: WARNING opportunity for swap() by using swap() for the swapping of variable values and drop the tmp (`addr`) variable that is not needed any more. Signed-off-by:
Guo Zhengkui <guozhengkui@vivo.com> Signed-off-by:
-
Alaa Mohamed authored
Add boilerplate test loop in test to run all tests in fib_rule_tests.sh Signed-off-by:
Alaa Mohamed <eng.alaamohamedsoliman.am@gmail.com> Signed-off-by:
-
Lorenzo Bianconi authored
Rely on standard cci-control-port property to identify CCI port reference. Update mt7622 dts binding. Signed-off-by:
Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queueDavid S. Miller authored
Tony Nguyen says: ==================== 40GbE Intel Wired LAN Driver Updates 2022-04-12 This series contains updates to i40e and ice drivers. Joe Damato adds TSO support for MPLS packets on i40e and ice drivers. He also adds tracking and reporting of tx_stopped statistic for i40e. Nabil S. Alramli adds reporting of tx_restart to ethtool for i40e. Mateusz adds new device id support for i40e. ==================== Signed-off-by: -
David S. Miller authored
Jakub Kicinski says: ==================== tls: rx: random refactoring part 3 TLS Rx refactoring. Part 3 of 3. This set is mostly around rx_list and async processing. The last two patches are minor optimizations. A couple of features to follow. ==================== Signed-off-by: -
Jakub Kicinski authored
TLS 1.3 and ChaChaPoly don't carry IV in the packet. The code before this change would copy out iv_size worth of whatever followed the TLS header in the packet and then for TLS 1.3 | ChaCha overwrite that with the sequence number. Waste of cycles especially with TLS 1.2 being close to dead and TLS 1.3 being the common case. Signed-off-by:
Jakub Kicinski <kuba@kernel.org> Signed-off-by:
-
Jakub Kicinski authored
IVs are 8 or 16 bytes, no point reading out the exact value for quantities this small. Signed-off-by:
-
Jakub Kicinski authored
Propagating EINPROGRESS thru multiple layers of functions is error prone. Use darg->async as an in/out argument, like we use darg->zc today. On input it tells the code if async is allowed, on output if it took place. Signed-off-by:
-
Jakub Kicinski authored
async crypto handler will report the socket error no need to report it again. We can, however, let the data we already copied be reported to user space but we need to make sure the error will be reported next time around. Signed-off-by:
-
Jakub Kicinski authored
process_rx_list() only fails if it can't copy data to user space. There is no point recording the error onto sk->sk_err or giving up on the data which was read partially. Treat the return value like a normal socket partial read. Signed-off-by:
-
Jakub Kicinski authored
If crypto didn't always invoke our callback for async we'd not be clearing skb->sk and would crash in the skb core when freeing it. This if must be dead code. Signed-off-by:
-
Jakub Kicinski authored
Async crypto never worked with TLS 1.3 and was explicitly disabled in commit 8497ded2 ("net/tls: Disable async decrytion for tls1.3"). There's no need for us to handle TLS 1.3 padding in the async cb. Signed-off-by:
-
Jakub Kicinski authored
Move counting TlsDecryptErrors to tls_do_decryption() where differences between sync and async crypto are reconciled. No functional changes, this code just always gave me a pause. Signed-off-by:
-
Jakub Kicinski authored
The code is identical, we can save a few LoC. Signed-off-by:
-
Jakub Kicinski authored
rx_list is protected by the socket lock, no need to take the built-in spin lock on accesses. Signed-off-by:
-
- 12 Apr, 2022 24 commits
-
-
Lv Ruyi authored
platform_get_irq() return negative value on failure, so null check of return value is incorrect. Fix it by comparing whether it is less than zero. Fixes: 9055a2f5 ("ixp4xx_eth: make ptp support a platform driver") Reported-by:
Zeal Robot <zealci@zte.com.cn> Signed-off-by:
Lv Ruyi <lv.ruyi@zte.com.cn> Reviewed-by:
Linus Walleij <linus.walleij@linaro.org> Link: https://lore.kernel.org/r/20220412085126.2532924-1-lv.ruyi@zte.com.cnSigned-off-by:
-
Minghao Chi authored
Using pm_runtime_resume_and_get() to replace pm_runtime_get_sync and pm_runtime_put_noidle. This change is just to simplify the code, no actual functional changes. Reported-by:
Minghao Chi <chi.minghao@zte.com.cn> Reviewed-by:
Grygorii Strashko <grygorii.strashko@ti.com> Link: https://lore.kernel.org/r/20220412082847.2532584-1-chi.minghao@zte.com.cnSigned-off-by:
-
Coco Li authored
XRFM is no longer needed for configuring FOU tunnels (CONFIG_NET_FOU_IP_TUNNELS), remove from Kconfig. Also remove the xrfm.h dependency in fou.c. It was added in '23461551 ("fou: Support for foo-over-udp RX path")' for depencies of udp_del_offload and udp_offloads, which were removed in 'd92283e3 ("fou: change to use UDP socket GRO")'. Built and installed kernel and setup GUE/FOU tunnels. Signed-off-by:
Coco Li <lixiaoyan@google.com> Link: https://lore.kernel.org/r/20220411213717.3688789-1-lixiaoyan@google.comSigned-off-by:
-
Mateusz Palczewski authored
Add support for Ethernet Connection X722 for 10GbE SFP+ cards. Make possible for the driver to bind to the card. Signed-off-by:
Przemyslaw Patynowski <przemyslawx.patynowski@intel.com> Signed-off-by:
Mateusz Palczewski <mateusz.palczewski@intel.com> Tested-by: Gurucharan <gurucharanx.g@intel.com> (A Contingent worker at Intel) Signed-off-by:
Tony Nguyen <anthony.l.nguyen@intel.com>
-
Nabil S. Alramli authored
Add vsi.tx_restart to the i40e driver ethtool statistics Signed-off-by:
Nabil S. Alramli <dev@nalramli.com> Tested-by: Gurucharan <gurucharanx.g@intel.com> (A Contingent worker at Intel) Signed-off-by:
-
Joe Damato authored
Track TX queue stop events and export the new stat with ethtool. Signed-off-by:
Joe Damato <jdamato@fastly.com> Tested-by: Gurucharan <gurucharanx.g@intel.com> (A Contingent worker at Intel) Signed-off-by:
-
Joe Damato authored
Attempt to add mpls+tso support. I don't have ice hardware available to test myself, but I just implemented this feature in i40e and thought it might be useful to implement for ice while this is fresh in my brain. Hoping some one at intel will be able to test this on my behalf. Signed-off-by:
-
Jakub Kicinski authored
Ido Schimmel says: ==================== mlxsw: Extend device registers for line cards support This patch set prepares mlxsw for line cards support by extending device registers with a slot index, which allows accessing components found on a line card at a given slot. Currently, only slot index 0 (main board) is used. No user visible changes that I am aware of. ==================== Link: https://lore.kernel.org/r/20220411144657.2655752-1-idosch@nvidia.comSigned-off-by:
-
Vadim Pasternak authored
Add new field 'max_modules_per_slot' to provide maximum number of modules that can be connected per slot. This field will always be zero, if 'slot_index' in query request is set to non-zero value, otherwise value in this field will provide maximum modules number, which can be equipped on device inserted at any slot. Signed-off-by:
Vadim Pasternak <vadimp@nvidia.com> Signed-off-by:
Ido Schimmel <idosch@nvidia.com> Signed-off-by:
-
Vadim Pasternak authored
Pass the slot index down to PMAOS pack helper alongside with the module. Signed-off-by:
Jiri Pirko <jiri@nvidia.com> Signed-off-by:
-
Vadim Pasternak authored
Extend MGPIR (Management General Peripheral Information Register) with new fields specifying the slot number and number of the slots available on system. The purpose of these fields is: - to support access to MPGIR register on modular system for getting the number of cages, equipped on the line card, inserted at specified slot. In case slot number is set zero, MGPIR will provide the information for the main board. For Top of the Rack (non-modular) system it will provide the same as before. - to provide the number of slots supported by system. This data is relevant only in case slot number is set zero. Signed-off-by:
-
Vadim Pasternak authored
Extend PMMP (Port Module Memory Map Properties Register) with new field specifying the slot number. The purpose of this field is to enable overriding the cable/module memory map advertisement. For non-modular systems the 'module' number uniquely identifies the transceiver location. For modular systems the transceivers are identified by two indexes: - 'slot_index', specifying the slot number, where line card is located; - 'module', specifying cage transceiver within the line card. Signed-off-by:
-
Vadim Pasternak authored
Extend MCION (Management Cable IO and Notifications Register) with new field specifying the slot number. The purpose of this field is to support access to MCION register for query cage transceiver on modular system. For non-modular systems the 'module' number uniquely identifies the transceiver location. For modular systems the transceivers are identified by two indexes: - 'slot_index', specifying the slot number, where line card is located; - 'module', specifying cage transceiver within the line card. Signed-off-by:
-
Vadim Pasternak authored
Extend MCIA (Management Cable Info Access Register) with new field specifying the slot number. The purpose of this field is to support access to MCIA register for reading cage cable information on modular system. For non-modular systems the 'module' number uniquely identifies the transceiver location. For modular systems the transceivers are identified by two indexes: - 'slot_index', specifying the slot number, where line card is located; - 'module', specifying cage transceiver within the line card. Signed-off-by:
-
Vadim Pasternak authored
Extend MTBR (Management Temperature Bulk Register) with new field specifying the slot number. The purpose of this field is to support access to MTBR register for reading temperature sensors on modular system. For non-modular systems the 'sensor_index' uniquely identifies the cage sensors. For modular systems the sensors are identified by two indexes: - 'slot_index', specifying the slot number, where line card is located; - 'sensor_index', specifying cage sensor within the line card. Signed-off-by:
-
Vadim Pasternak authored
Extend MTMP (Management Temperature Register) with new field specifying the slot index. The purpose of this field is to support access to MTMP register for reading temperature sensors on modular systems. For non-modular systems the 'sensor_index' uniquely identifies the cage sensors, while 'slot_index' is always 0. For modular systems the sensors are identified by: - 'slot_index', specifying the slot index, where line card is located; - 'sensor_index', specifying cage sensor within the line card. Signed-off-by:
-
Joe Damato authored
This change adds support for TSO of MPLS packets. In my tests with tcpdump it seems to work. Note this test setup has a 9000 byte MTU: MPLS (label 100, exp 0, [S], ttl 64) IP srcip.50086 > dstip.1234: Flags [P.], seq 593345:644401, ack 0, win 420, options [nop,nop,TS val 45022534 ecr 1722291395], length 51056 IP dstip.1234 > srcip.50086: Flags [.], ack 593345, win 122, options [nop,nop,TS val 1722291395 ecr 45022534], length 0 IP dstip.1234 > srcip.50086: Flags [.], ack 602289, win 105, options [nop,nop,TS val 1722291395 ecr 45022534], length 0 IP dstip.1234 > srcip.50086: Flags [.], ack 620177, win 71, options [nop,nop,TS val 1722291395 ecr 45022534], length 0 MPLS (label 100, exp 0, [S], ttl 64) IP srcip.50086 > dstip.1234: Flags [P.], seq 644401:655953, ack 0, win 420, options [nop,nop,TS val 45022534 ecr 1722291395], length 11552 IP dstip.1234 > srcip.50086: Flags [.], ack 638065, win 37, options [nop,nop,TS val 1722291395 ecr 45022534], length 0 IP dstip.1234 > srcip.50086: Flags [.], ack 644401, win 25, options [nop,nop,TS val 1722291395 ecr 45022534], length 0 IP dstip.1234 > srcip.50086: Flags [.], ack 653345, win 8, options [nop,nop,TS val 1722291395 ecr 45022534], length 0 IP dstip.1234 > srcip.50086: Flags [.], ack 655953, win 3, options [nop,nop,TS val 1722291395 ecr 45022534], length 0 Signed-off-by:
Mike Gallo <mgallo@fastly.com> Signed-off-by:
-
Lorenzo Bianconi authored
Add missing recycle stats to page_pool_put_page_bulk routine. Reviewed-by:
Ilias Apalodimas <ilias.apalodimas@linaro.org> Link: https://lore.kernel.org/r/3712178b51c007cfaed910ea80e68f00c916b1fa.1649685634.git.lorenzo@kernel.orgSigned-off-by:
Paolo Abeni <pabeni@redhat.com>
-
Oliver Hartkopp authored
The internal recvmsg() functions have two parameters 'flags' and 'noblock' that were merged inside skb_recv_datagram(). As a follow up patch to commit f4b41f06 ("net: remove noblock parameter from skb_recv_datagram()") this patch removes the separate 'noblock' parameter for recvmsg(). Analogue to the referenced patch for skb_recv_datagram() the 'flags' and 'noblock' parameters are unnecessarily split up with e.g. err = sk->sk_prot->recvmsg(sk, msg, size, flags & MSG_DONTWAIT, flags & ~MSG_DONTWAIT, &addr_len); or in err = INDIRECT_CALL_2(sk->sk_prot->recvmsg, tcp_recvmsg, udp_recvmsg, sk, msg, size, flags & MSG_DONTWAIT, flags & ~MSG_DONTWAIT, &addr_len); instead of simply using only flags all the time and check for MSG_DONTWAIT where needed (to preserve for the formerly separated no(n)block condition). Signed-off-by:
Oliver Hartkopp <socketcan@hartkopp.net> Link: https://lore.kernel.org/r/20220411124955.154876-1-socketcan@hartkopp.netSigned-off-by:
-
Daniele Palmas authored
Add the following Telit FN980 composition: 0x1057: tty, adb, rmnet, tty, tty, tty, tty, tty Signed-off-by:
Daniele Palmas <dnlplm@gmail.com> Acked-by:
Bjørn Mork <bjorn@mork.no> Link: https://lore.kernel.org/r/20220411135943.4067264-1-dnlplm@gmail.comSigned-off-by:
-
Paolo Abeni authored
Martin Habets says: ==================== sfc: Remove some global definitions These are some small cleanups to remove definitions that need not be defined in .h files. ==================== Link: https://lore.kernel.org/r/164967635861.17602.16525009567130361754.stgit@palantir17.mph.netSigned-off-by:
-
Martin Habets authored
The strings are only used in efx_common.c so the definitions can be static in there. Signed-off-by:
Martin Habets <habetsm.xilinx@gmail.com> Signed-off-by:
-
Martin Habets authored
It is defined both in efx.h and tx_common.h. Remove the definition in efx.h. Signed-off-by:
-
Martin Habets authored
This means we can remove them from efx_channel.h and avoid naming conflicts later. efx_channel_dummy_op_void() cannot be static as it is used in ef100_nic.c. Signed-off-by:
-
