1. 17 Mar, 2022 14 commits
    • Linus Torvalds's avatar
      Merge tag 'net-5.17-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 551acdc3
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from netfilter, ipsec, and wireless.
      
        A few last minute revert / disable and fix patches came down from our
        sub-trees. We're not waiting for any fixes at this point.
      
        Current release - regressions:
      
         - Revert "netfilter: nat: force port remap to prevent shadowing
           well-known ports", restore working conntrack on asymmetric paths
      
         - Revert "ath10k: drop beacon and probe response which leak from
           other channel", restore working AP and mesh mode on QCA9984
      
         - eth: intel: fix hang during reboot/shutdown
      
        Current release - new code bugs:
      
         - netfilter: nf_tables: disable register tracking, it needs more work
           to cover all corner cases
      
        Previous releases - regressions:
      
         - ipv6: fix skb_over_panic in __ip6_append_data when (admin-only)
           extension headers get specified
      
         - esp6: fix ESP over TCP/UDP, interpret ipv6_skip_exthdr's return
           value more selectively
      
         - bnx2x: fix driver load failure when FW not present in initrd
      
        Previous releases - always broken:
      
         - vsock: stop destroying unrelated sockets in nested virtualization
      
         - packet: fix slab-out-of-bounds access in packet_recvmsg()
      
        Misc:
      
         - add Paolo Abeni to networking maintainers!"
      
      * tag 'net-5.17-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (26 commits)
        iavf: Fix hang during reboot/shutdown
        net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload
        net: bcmgenet: skip invalid partial checksums
        bnx2x: fix built-in kernel driver load failure
        net: phy: mscc: Add MODULE_FIRMWARE macros
        net: dsa: Add missing of_node_put() in dsa_port_parse_of
        net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit()
        Revert "ath10k: drop beacon and probe response which leak from other channel"
        hv_netvsc: Add check for kvmalloc_array
        iavf: Fix double free in iavf_reset_task
        ice: destroy flow director filter mutex after releasing VSIs
        ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()
        Add Paolo Abeni to networking maintainers
        atm: eni: Add check for dma_map_single
        net/packet: fix slab-out-of-bounds access in packet_recvmsg()
        net: mdio: mscc-miim: fix duplicate debugfs entry
        net: phy: marvell: Fix invalid comparison in the resume and suspend functions
        esp6: fix check on ipv6_skip_exthdr's return value
        net: dsa: microchip: add spi_device_id tables
        netfilter: nf_tables: disable register tracking
        ...
      551acdc3
    • Linus Torvalds's avatar
      Merge tag 'acpi-5.17-rc9' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · c81801eb
      Linus Torvalds authored
      Pull ACPI fix from Rafael Wysocki:
       "Revert recent commit that caused multiple systems to misbehave due to
        firmware issues"
      
      * tag 'acpi-5.17-rc9' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        Revert "ACPI: scan: Do not add device IDs from _CID if _HID is not valid"
      c81801eb
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · 2ab99e54
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "Four patches.
      
        Subsystems affected by this patch series: mm/swap, kconfig, ocfs2, and
        selftests"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        selftests: vm: fix clang build error multiple output files
        ocfs2: fix crash when initialize filecheck kobj fails
        configs/debug: restore DEBUG_INFO=y for overriding
        mm: swap: get rid of livelock in swapin readahead
      2ab99e54
    • Yosry Ahmed's avatar
      selftests: vm: fix clang build error multiple output files · 1c4debc4
      Yosry Ahmed authored
      When building the vm selftests using clang, some errors are seen due to
      having headers in the compilation command:
      
        clang -Wall -I ../../../../usr/include  -no-pie    gup_test.c ../../../../mm/gup_test.h -lrt -lpthread -o .../tools/testing/selftests/vm/gup_test
        clang: error: cannot specify -o when generating multiple output files
        make[1]: *** [../lib.mk:146: .../tools/testing/selftests/vm/gup_test] Error 1
      
      Rework to add the header files to LOCAL_HDRS before including ../lib.mk,
      since the dependency is evaluated in '$(OUTPUT)/%:%.c $(LOCAL_HDRS)' in
      file lib.mk.
      
      Link: https://lkml.kernel.org/r/20220304000645.1888133-1-yosryahmed@google.comSigned-off-by: default avatarYosry Ahmed <yosryahmed@google.com>
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Nathan Chancellor <nathan@kernel.org>
      Cc: Nick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1c4debc4
    • Joseph Qi's avatar
      ocfs2: fix crash when initialize filecheck kobj fails · 7b0b1332
      Joseph Qi authored
      Once s_root is set, genric_shutdown_super() will be called if
      fill_super() fails.  That means, we will call ocfs2_dismount_volume()
      twice in such case, which can lead to kernel crash.
      
      Fix this issue by initializing filecheck kobj before setting s_root.
      
      Link: https://lkml.kernel.org/r/20220310081930.86305-1-joseph.qi@linux.alibaba.com
      Fixes: 5f483c4a ("ocfs2: add kobject for online file check")
      Signed-off-by: default avatarJoseph Qi <joseph.qi@linux.alibaba.com>
      Cc: Mark Fasheh <mark@fasheh.com>
      Cc: Joel Becker <jlbec@evilplan.org>
      Cc: Junxiao Bi <junxiao.bi@oracle.com>
      Cc: Changwei Ge <gechangwei@live.cn>
      Cc: Gang He <ghe@suse.com>
      Cc: Jun Piao <piaojun@huawei.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7b0b1332
    • Qian Cai's avatar
      configs/debug: restore DEBUG_INFO=y for overriding · 8208257d
      Qian Cai authored
      Previously, I failed to realize that Kees' patch [1] has not been merged
      into the mainline yet, and dropped DEBUG_INFO=y too eagerly from the
      mainline.  As the results, "make debug.config" won't be able to flip
      DEBUG_INFO=n from the existing .config.  This should close the gaps of a
      few weeks before Kees' patch is there, and work regardless of their
      merging status anyway.
      
      Link: https://lore.kernel.org/all/20220125075126.891825-1-keescook@chromium.org/ [1]
      Link: https://lkml.kernel.org/r/20220308153524.8618-1-quic_qiancai@quicinc.comSigned-off-by: default avatarQian Cai <quic_qiancai@quicinc.com>
      Reported-by: default avatarDaniel Thompson <daniel.thompson@linaro.org>
      Reviewed-by: default avatarDaniel Thompson <daniel.thompson@linaro.org>
      Cc: Kees Cook <keescook@chromium.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8208257d
    • Guo Ziliang's avatar
      mm: swap: get rid of livelock in swapin readahead · 029c4628
      Guo Ziliang authored
      In our testing, a livelock task was found.  Through sysrq printing, same
      stack was found every time, as follows:
      
        __swap_duplicate+0x58/0x1a0
        swapcache_prepare+0x24/0x30
        __read_swap_cache_async+0xac/0x220
        read_swap_cache_async+0x58/0xa0
        swapin_readahead+0x24c/0x628
        do_swap_page+0x374/0x8a0
        __handle_mm_fault+0x598/0xd60
        handle_mm_fault+0x114/0x200
        do_page_fault+0x148/0x4d0
        do_translation_fault+0xb0/0xd4
        do_mem_abort+0x50/0xb0
      
      The reason for the livelock is that swapcache_prepare() always returns
      EEXIST, indicating that SWAP_HAS_CACHE has not been cleared, so that it
      cannot jump out of the loop.  We suspect that the task that clears the
      SWAP_HAS_CACHE flag never gets a chance to run.  We try to lower the
      priority of the task stuck in a livelock so that the task that clears
      the SWAP_HAS_CACHE flag will run.  The results show that the system
      returns to normal after the priority is lowered.
      
      In our testing, multiple real-time tasks are bound to the same core, and
      the task in the livelock is the highest priority task of the core, so
      the livelocked task cannot be preempted.
      
      Although cond_resched() is used by __read_swap_cache_async, it is an
      empty function in the preemptive system and cannot achieve the purpose
      of releasing the CPU.  A high-priority task cannot release the CPU
      unless preempted by a higher-priority task.  But when this task is
      already the highest priority task on this core, other tasks will not be
      able to be scheduled.  So we think we should replace cond_resched() with
      schedule_timeout_uninterruptible(1), schedule_timeout_interruptible will
      call set_current_state first to set the task state, so the task will be
      removed from the running queue, so as to achieve the purpose of giving
      up the CPU and prevent it from running in kernel mode for too long.
      
      (akpm: ugly hack becomes uglier.  But it fixes the issue in a
      backportable-to-stable fashion while we hopefully work on something
      better)
      
      Link: https://lkml.kernel.org/r/20220221111749.1928222-1-cgel.zte@gmail.comSigned-off-by: default avatarGuo Ziliang <guo.ziliang@zte.com.cn>
      Reported-by: default avatarZeal Robot <zealci@zte.com.cn>
      Reviewed-by: default avatarRan Xiaokai <ran.xiaokai@zte.com.cn>
      Reviewed-by: default avatarJiang Xuexin <jiang.xuexin@zte.com.cn>
      Reviewed-by: default avatarYang Yang <yang.yang29@zte.com.cn>
      Acked-by: default avatarHugh Dickins <hughd@google.com>
      Cc: Naoya Horiguchi <naoya.horiguchi@nec.com>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Cc: Roger Quadros <rogerq@kernel.org>
      Cc: Ziliang Guo <guo.ziliang@zte.com.cn>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      029c4628
    • Ivan Vecera's avatar
      iavf: Fix hang during reboot/shutdown · b04683ff
      Ivan Vecera authored
      Recent commit 97457801 ("iavf: Add waiting so the port is
      initialized in remove") adds a wait-loop at the beginning of
      iavf_remove() to ensure that port initialization is finished
      prior unregistering net device. This causes a regression
      in reboot/shutdown scenario because in this case callback
      iavf_shutdown() is called and this callback detaches the device,
      makes it down if it is running and sets its state to __IAVF_REMOVE.
      Later shutdown callback of associated PF driver (e.g. ice_shutdown)
      is called. That callback calls among other things sriov_disable()
      that calls indirectly iavf_remove() (see stack trace below).
      As the adapter state is already __IAVF_REMOVE then the mentioned
      loop is end-less and shutdown process hangs.
      
      The patch fixes this by checking adapter's state at the beginning
      of iavf_remove() and skips the rest of the function if the adapter
      is already in remove state (shutdown is in progress).
      
      Reproducer:
      1. Create VF on PF driven by ice or i40e driver
      2. Ensure that the VF is bound to iavf driver
      3. Reboot
      
      [52625.981294] sysrq: SysRq : Show Blocked State
      [52625.988377] task:reboot          state:D stack:    0 pid:17359 ppid:     1 f2
      [52625.996732] Call Trace:
      [52625.999187]  __schedule+0x2d1/0x830
      [52626.007400]  schedule+0x35/0xa0
      [52626.010545]  schedule_hrtimeout_range_clock+0x83/0x100
      [52626.020046]  usleep_range+0x5b/0x80
      [52626.023540]  iavf_remove+0x63/0x5b0 [iavf]
      [52626.027645]  pci_device_remove+0x3b/0xc0
      [52626.031572]  device_release_driver_internal+0x103/0x1f0
      [52626.036805]  pci_stop_bus_device+0x72/0xa0
      [52626.040904]  pci_stop_and_remove_bus_device+0xe/0x20
      [52626.045870]  pci_iov_remove_virtfn+0xba/0x120
      [52626.050232]  sriov_disable+0x2f/0xe0
      [52626.053813]  ice_free_vfs+0x7c/0x340 [ice]
      [52626.057946]  ice_remove+0x220/0x240 [ice]
      [52626.061967]  ice_shutdown+0x16/0x50 [ice]
      [52626.065987]  pci_device_shutdown+0x34/0x60
      [52626.070086]  device_shutdown+0x165/0x1c5
      [52626.074011]  kernel_restart+0xe/0x30
      [52626.077593]  __do_sys_reboot+0x1d2/0x210
      [52626.093815]  do_syscall_64+0x5b/0x1a0
      [52626.097483]  entry_SYSCALL_64_after_hwframe+0x65/0xca
      
      Fixes: 97457801 ("iavf: Add waiting so the port is initialized in remove")
      Signed-off-by: default avatarIvan Vecera <ivecera@redhat.com>
      Link: https://lore.kernel.org/r/20220317104524.2802848-1-ivecera@redhat.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      b04683ff
    • Vladimir Oltean's avatar
      net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload · 8e0341ae
      Vladimir Oltean authored
      ACL rules can be offloaded to VCAP IS2 either through chain 0, or, since
      the blamed commit, through a chain index whose number encodes a specific
      PAG (Policy Action Group) and lookup number.
      
      The chain number is translated through ocelot_chain_to_pag() into a PAG,
      and through ocelot_chain_to_lookup() into a lookup number.
      
      The problem with the blamed commit is that the above 2 functions don't
      have special treatment for chain 0. So ocelot_chain_to_pag(0) returns
      filter->pag = 224, which is in fact -32, but the "pag" field is an u8.
      
      So we end up programming the hardware with VCAP IS2 entries having a PAG
      of 224. But the way in which the PAG works is that it defines a subset
      of VCAP IS2 filters which should match on a packet. The default PAG is
      0, and previous VCAP IS1 rules (which we offload using 'goto') can
      modify it. So basically, we are installing filters with a PAG on which
      no packet will ever match. This is the hardware equivalent of adding
      filters to a chain which has no 'goto' to it.
      
      Restore the previous functionality by making ACL filters offloaded to
      chain 0 go to PAG 0 and lookup number 0. The choice of PAG is clearly
      correct, but the choice of lookup number isn't "as before" (which was to
      leave the lookup a "don't care"). However, lookup 0 should be fine,
      since even though there are ACL actions (policers) which have a
      requirement to be used in a specific lookup, that lookup is 0.
      
      Fixes: 226e9cd8 ("net: mscc: ocelot: only install TCAM entries into a specific lookup and PAG")
      Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
      Link: https://lore.kernel.org/r/20220316192117.2568261-1-vladimir.oltean@nxp.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      8e0341ae
    • Doug Berger's avatar
      net: bcmgenet: skip invalid partial checksums · 0f643c88
      Doug Berger authored
      The RXCHK block will return a partial checksum of 0 if it encounters
      a problem while receiving a packet. Since a 1's complement sum can
      only produce this result if no bits are set in the received data
      stream it is fair to treat it as an invalid partial checksum and
      not pass it up the stack.
      
      Fixes: 81015539 ("net: bcmgenet: use CHECKSUM_COMPLETE for NETIF_F_RXCSUM")
      Signed-off-by: default avatarDoug Berger <opendmb@gmail.com>
      Acked-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Link: https://lore.kernel.org/r/20220317012812.1313196-1-opendmb@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      0f643c88
    • Manish Chopra's avatar
      bnx2x: fix built-in kernel driver load failure · 424e7834
      Manish Chopra authored
      Commit b7a49f73 ("bnx2x: Utilize firmware 7.13.21.0")
      added request_firmware() logic in probe() which caused
      load failure when firmware file is not present in initrd (below),
      as access to firmware file is not feasible during probe.
      
        Direct firmware load for bnx2x/bnx2x-e2-7.13.15.0.fw failed with error -2
        Direct firmware load for bnx2x/bnx2x-e2-7.13.21.0.fw failed with error -2
      
      This patch fixes this issue by -
      
      1. Removing request_firmware() logic from the probe()
         such that .ndo_open() handle it as it used to handle
         it earlier
      
      2. Given request_firmware() is removed from probe(), so
         driver has to relax FW version comparisons a bit against
         the already loaded FW version (by some other PFs of same
         adapter) to allow different compatible/close enough FWs with which
         multiple PFs may run with (in different environments), as the
         given PF who is in probe flow has no idea now with which firmware
         file version it is going to initialize the device in ndo_open()
      
      Link: https://lore.kernel.org/all/46f2d9d9-ae7f-b332-ddeb-b59802be2bab@molgen.mpg.de/Reported-by: default avatarPaul Menzel <pmenzel@molgen.mpg.de>
      Tested-by: default avatarPaul Menzel <pmenzel@molgen.mpg.de>
      Fixes: b7a49f73 ("bnx2x: Utilize firmware 7.13.21.0")
      Signed-off-by: default avatarManish Chopra <manishc@marvell.com>
      Signed-off-by: default avatarAriel Elior <aelior@marvell.com>
      Link: https://lore.kernel.org/r/20220316214613.6884-1-manishc@marvell.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      424e7834
    • Juerg Haefliger's avatar
      net: phy: mscc: Add MODULE_FIRMWARE macros · f1858c27
      Juerg Haefliger authored
      The driver requires firmware so define MODULE_FIRMWARE so that modinfo
      provides the details.
      
      Fixes: fa164e40 ("net: phy: mscc: split the driver into separate files")
      Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
      Link: https://lore.kernel.org/r/20220316151835.88765-1-juergh@canonical.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      f1858c27
    • Miaoqian Lin's avatar
      net: dsa: Add missing of_node_put() in dsa_port_parse_of · cb0b430b
      Miaoqian Lin authored
      The device_node pointer is returned by of_parse_phandle()  with refcount
      incremented. We should use of_node_put() on it when done.
      
      Fixes: 6d4e5c57 ("net: dsa: get port type at parse time")
      Signed-off-by: default avatarMiaoqian Lin <linmq006@gmail.com>
      Link: https://lore.kernel.org/r/20220316082602.10785-1-linmq006@gmail.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      cb0b430b
    • Nicolas Dichtel's avatar
      net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() · 4ee06de7
      Nicolas Dichtel authored
      This kind of interface doesn't have a mac header. This patch fixes
      bpf_redirect() to a PIM interface.
      
      Fixes: 27b29f63 ("bpf: add bpf_redirect() helper")
      Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      Link: https://lore.kernel.org/r/20220315092008.31423-1-nicolas.dichtel@6wind.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      4ee06de7
  2. 16 Mar, 2022 8 commits
  3. 15 Mar, 2022 8 commits
  4. 14 Mar, 2022 6 commits
    • Jakub Kicinski's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf · 15d70392
      Jakub Kicinski authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for net coming late
      in the 5.17-rc process:
      
      1) Revert port remap to mitigate shadowing service ports, this is causing
         problems in existing setups and this mitigation can be achieved with
         explicit ruleset, eg.
      
      	... tcp sport < 16386 tcp dport >= 32768 masquerade random
      
        This patches provided a built-in policy similar to the one described above.
      
      2) Disable register tracking infrastructure in nf_tables. Florian reported
         two issues:
      
         - Existing expressions with no implemented .reduce interface
           that causes data-store on register should cancel the tracking.
         - Register clobbering might be possible storing data on registers that
           are larger than 32-bits.
      
         This might lead to generating incorrect ruleset bytecode. These two
         issues are scheduled to be addressed in the next release cycle.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
        netfilter: nf_tables: disable register tracking
        Revert "netfilter: conntrack: tag conntracks picked up in local out hook"
        Revert "netfilter: nat: force port remap to prevent shadowing well-known ports"
      ====================
      
      Link: https://lore.kernel.org/r/20220312220315.64531-1-pablo@netfilter.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      15d70392
    • Kurt Cancemi's avatar
      net: phy: marvell: Fix invalid comparison in the resume and suspend functions · 837d9e49
      Kurt Cancemi authored
      This bug resulted in only the current mode being resumed and suspended when
      the PHY supported both fiber and copper modes and when the PHY only supported
      copper mode the fiber mode would incorrectly be attempted to be resumed and
      suspended.
      
      Fixes: 3758be3d ("Marvell phy: add functions to suspend and resume both interfaces: fiber and copper links.")
      Signed-off-by: default avatarKurt Cancemi <kurt@x64architecture.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Link: https://lore.kernel.org/r/20220312201512.326047-1-kurt@x64architecture.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      837d9e49
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 6665ca15
      Linus Torvalds authored
      Pull virtio fix from Michael Tsirkin:
       "A last minute regression fix.
      
        I thought we did a lot of testing, but a regression still managed to
        sneak in. The fix seems trivial"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        vhost: allow batching hint without size
      6665ca15
    • Sabrina Dubroca's avatar
      esp6: fix check on ipv6_skip_exthdr's return value · 4db4075f
      Sabrina Dubroca authored
      Commit 5f9c55c8 ("ipv6: check return value of ipv6_skip_exthdr")
      introduced an incorrect check, which leads to all ESP packets over
      either TCPv6 or UDPv6 encapsulation being dropped. In this particular
      case, offset is negative, since skb->data points to the ESP header in
      the following chain of headers, while skb->network_header points to
      the IPv6 header:
      
          IPv6 | ext | ... | ext | UDP | ESP | ...
      
      That doesn't seem to be a problem, especially considering that if we
      reach esp6_input_done2, we're guaranteed to have a full set of headers
      available (otherwise the packet would have been dropped earlier in the
      stack). However, it means that the return value will (intentionally)
      be negative. We can make the test more specific, as the expected
      return value of ipv6_skip_exthdr will be the (negated) size of either
      a UDP header, or a TCP header with possible options.
      
      In the future, we should probably either make ipv6_skip_exthdr
      explicitly accept negative offsets (and adjust its return value for
      error cases), or make ipv6_skip_exthdr only take non-negative
      offsets (and audit all callers).
      
      Fixes: 5f9c55c8 ("ipv6: check return value of ipv6_skip_exthdr")
      Reported-by: default avatarXiumei Mu <xmu@redhat.com>
      Signed-off-by: default avatarSabrina Dubroca <sd@queasysnail.net>
      Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      4db4075f
    • Claudiu Beznea's avatar
      net: dsa: microchip: add spi_device_id tables · e981bc74
      Claudiu Beznea authored
      Add spi_device_id tables to avoid logs like "SPI driver ksz9477-switch
      has no spi_device_id".
      Signed-off-by: default avatarClaudiu Beznea <claudiu.beznea@microchip.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e981bc74
    • Brian Masney's avatar
      crypto: qcom-rng - ensure buffer for generate is completely filled · a680b183
      Brian Masney authored
      The generate function in struct rng_alg expects that the destination
      buffer is completely filled if the function returns 0. qcom_rng_read()
      can run into a situation where the buffer is partially filled with
      randomness and the remaining part of the buffer is zeroed since
      qcom_rng_generate() doesn't check the return value. This issue can
      be reproduced by running the following from libkcapi:
      
          kcapi-rng -b 9000000 > OUTFILE
      
      The generated OUTFILE will have three huge sections that contain all
      zeros, and this is caused by the code where the test
      'val & PRNG_STATUS_DATA_AVAIL' fails.
      
      Let's fix this issue by ensuring that qcom_rng_read() always returns
      with a full buffer if the function returns success. Let's also have
      qcom_rng_generate() return the correct value.
      
      Here's some statistics from the ent project
      (https://www.fourmilab.ch/random/) that shows information about the
      quality of the generated numbers:
      
          $ ent -c qcom-random-before
          Value Char Occurrences Fraction
            0           606748   0.067416
            1            33104   0.003678
            2            33001   0.003667
          ...
          253   �        32883   0.003654
          254   �        33035   0.003671
          255   �        33239   0.003693
      
          Total:       9000000   1.000000
      
          Entropy = 7.811590 bits per byte.
      
          Optimum compression would reduce the size
          of this 9000000 byte file by 2 percent.
      
          Chi square distribution for 9000000 samples is 9329962.81, and
          randomly would exceed this value less than 0.01 percent of the
          times.
      
          Arithmetic mean value of data bytes is 119.3731 (127.5 = random).
          Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).
          Serial correlation coefficient is 0.159130 (totally uncorrelated =
          0.0).
      
      Without this patch, the results of the chi-square test is 0.01%, and
      the numbers are certainly not random according to ent's project page.
      The results improve with this patch:
      
          $ ent -c qcom-random-after
          Value Char Occurrences Fraction
            0            35432   0.003937
            1            35127   0.003903
            2            35424   0.003936
          ...
          253   �        35201   0.003911
          254   �        34835   0.003871
          255   �        35368   0.003930
      
          Total:       9000000   1.000000
      
          Entropy = 7.999979 bits per byte.
      
          Optimum compression would reduce the size
          of this 9000000 byte file by 0 percent.
      
          Chi square distribution for 9000000 samples is 258.77, and randomly
          would exceed this value 42.24 percent of the times.
      
          Arithmetic mean value of data bytes is 127.5006 (127.5 = random).
          Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).
          Serial correlation coefficient is 0.000468 (totally uncorrelated =
          0.0).
      
      This change was tested on a Nexus 5 phone (msm8974 SoC).
      Signed-off-by: default avatarBrian Masney <bmasney@redhat.com>
      Fixes: ceec5f5b ("crypto: qcom-rng - Add Qcom prng driver")
      Cc: stable@vger.kernel.org # 4.19+
      Reviewed-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
      Reviewed-by: default avatarAndrew Halaney <ahalaney@redhat.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      a680b183
  5. 13 Mar, 2022 2 commits
  6. 12 Mar, 2022 2 commits