1. 20 May, 2022 3 commits
  2. 19 May, 2022 30 commits
  3. 18 May, 2022 7 commits
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · db1fd3fc
      Linus Torvalds authored
      Pull mlx5 fix from Michael Tsirkin:
       "One last minute fixup
      
        The patch has been on list for a while but as it was posted as part of
        a thread it was missed"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        vdpa/mlx5: Use consistent RQT size
      db1fd3fc
    • Al Viro's avatar
      Fix double fget() in vhost_net_set_backend() · fb4554c2
      Al Viro authored
      Descriptor table is a shared resource; two fget() on the same descriptor
      may return different struct file references.  get_tap_ptr_ring() is
      called after we'd found (and pinned) the socket we'll be using and it
      tries to find the private tun/tap data structures associated with it.
      Redoing the lookup by the same file descriptor we'd used to get the
      socket is racy - we need to same struct file.
      
      Thanks to Jason for spotting a braino in the original variant of patch -
      I'd missed the use of fd == -1 for disabling backend, and in that case
      we can end up with sock == NULL and sock != oldsock.
      
      Cc: stable@kernel.org
      Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Signed-off-by: default avatarJason Wang <jasowang@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      fb4554c2
    • Eli Cohen's avatar
      vdpa/mlx5: Use consistent RQT size · acde3929
      Eli Cohen authored
      The current code evaluates RQT size based on the configured number of
      virtqueues. This can raise an issue in the following scenario:
      
      Assume MQ was negotiated.
      1. mlx5_vdpa_set_map() gets called.
      2. handle_ctrl_mq() is called setting cur_num_vqs to some value, lower
         than the configured max VQs.
      3. A second set_map gets called, but now a smaller number of VQs is used
         to evaluate the size of the RQT.
      4. handle_ctrl_mq() is called with a value larger than what the RQT can
         hold. This will emit errors and the driver state is compromised.
      
      To fix this, we use a new field in struct mlx5_vdpa_net to hold the
      required number of entries in the RQT. This value is evaluated in
      mlx5_vdpa_set_driver_features() where we have the negotiated features
      all set up.
      
      In addition to that, we take into consideration the max capability of RQT
      entries early when the device is added so we don't need to take consider
      it when creating the RQT.
      
      Last, we remove the use of mlx5_vdpa_max_qps() which just returns the
      max_vas / 2 and make the code clearer.
      
      Fixes: 52893733 ("vdpa/mlx5: Add multiqueue support")
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      Signed-off-by: default avatarEli Cohen <elic@nvidia.com>
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      acde3929
    • Linus Torvalds's avatar
      Merge tag 'sound-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · ef130216
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A collection of last-minute HD- an USB-audio quirks in addition to a
        fix for the legacy ISA wavefront driver.
      
        All look small and easy"
      
      * tag 'sound-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: usb-audio: Restore Rane SL-1 quirk
        ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine
        ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
        ALSA: hda/realtek: Add quirk for the Framework Laptop
        ALSA: wavefront: Proper check of get_user() error
        ALSA: hda/realtek: Add quirk for Dell Latitude 7520
        ALSA: hda - fix unused Realtek function when PM is not enabled
        ALSA: usb-audio: Don't get sample rate for MCT Trigger 5 USB-to-HDMI
      ef130216
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables: disable expression reduction infra · 9e539c5b
      Pablo Neira Ayuso authored
      Either userspace or kernelspace need to pre-fetch keys inconditionally
      before comparisons for this to work. Otherwise, register tracking data
      is misleading and it might result in reducing expressions which are not
      yet registers.
      
      First expression is also guaranteed to be evaluated always, however,
      certain expressions break before writing data to registers, before
      comparing the data, leaving the register in undetermined state.
      
      This patch disables this infrastructure by now.
      
      Fixes: b2d30654 ("netfilter: nf_tables: do not reduce read-only expressions")
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      9e539c5b
    • Ritaro Takenaka's avatar
      netfilter: flowtable: move dst_check to packet path · 2738d9d9
      Ritaro Takenaka authored
      Fixes sporadic IPv6 packet loss when flow offloading is enabled.
      
      IPv6 route GC and flowtable GC are not synchronized.
      When dst_cache becomes stale and a packet passes through the flow before
      the flowtable GC teardowns it, the packet can be dropped.
      So, it is necessary to check dst every time in packet path.
      
      Fixes: 227e1e4d ("netfilter: nf_flowtable: skip device lookup from interface index")
      Signed-off-by: default avatarRitaro Takenaka <ritarot634@gmail.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      2738d9d9
    • Pablo Neira Ayuso's avatar
      netfilter: flowtable: fix TCP flow teardown · e5eaac2b
      Pablo Neira Ayuso authored
      This patch addresses three possible problems:
      
      1. ct gc may race to undo the timeout adjustment of the packet path, leaving
         the conntrack entry in place with the internal offload timeout (one day).
      
      2. ct gc removes the ct because the IPS_OFFLOAD_BIT is not set and the CLOSE
         timeout is reached before the flow offload del.
      
      3. tcp ct is always set to ESTABLISHED with a very long timeout
         in flow offload teardown/delete even though the state might be already
         CLOSED. Also as a remark we cannot assume that the FIN or RST packet
         is hitting flow table teardown as the packet might get bumped to the
         slow path in nftables.
      
      This patch resets IPS_OFFLOAD_BIT from flow_offload_teardown(), so
      conntrack handles the tcp rst/fin packet which triggers the CLOSE/FIN
      state transition.
      
      Moreover, teturn the connection's ownership to conntrack upon teardown
      by clearing the offload flag and fixing the established timeout value.
      The flow table GC thread will asynchonrnously free the flow table and
      hardware offload entries.
      
      Before this patch, the IPS_OFFLOAD_BIT remained set for expired flows on
      which is also misleading since the flow is back to classic conntrack
      path.
      
      If nf_ct_delete() removes the entry from the conntrack table, then it
      calls nf_ct_put() which decrements the refcnt. This is not a problem
      because the flowtable holds a reference to the conntrack object from
      flow_offload_alloc() path which is released via flow_offload_free().
      
      This patch also updates nft_flow_offload to skip packets in SYN_RECV
      state. Since we might miss or bump packets to slow path, we do not know
      what will happen there while we are still in SYN_RECV, this patch
      postpones offload up to the next packet which also aligns to the
      existing behaviour in tc-ct.
      
      flow_offload_teardown() does not reset the existing tcp state from
      flow_offload_fixup_tcp() to ESTABLISHED anymore, packets bump to slow
      path might have already update the state to CLOSE/FIN.
      
      Joint work with Oz and Sven.
      
      Fixes: 1e5b2471 ("netfilter: nf_flow_table: teardown flow timeout race")
      Signed-off-by: default avatarOz Shlomo <ozsh@nvidia.com>
      Signed-off-by: default avatarSven Auhagen <sven.auhagen@voleatech.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      e5eaac2b